Blogs
SUBSCRIBE TO FREE
DFI News EMAIL NEWSLETTER
Conceived in Haste, India's Internet Law Now Targeted for Change
November 26, 2012 7:00 pm | CommentsBy Niharika Mandhana Civil rights activists, free speech advocates, lawyers and politicians have spoken out in recent days against India’s controversial Internet laws, after two women were arrested in Mumbai for criticizing in a Facebook post the city’s shutdown after the Hindu leader Bal K. Thackeray’s death last week. A particular target for criticism is Section 66A of the Information Technology Act, an amendment add...
Exchange 2013 Enhanced Email Retention, Archiving, Legal Hold and eDiscovery
November 26, 2012 7:00 pm | CommentsIn this day and age, email is more than just messages, calendars and contacts for organizations, they also need the ability to address legal requirements around message retention (both keeping content or automatically deleting content by policy) along with the ability to do eDiscovery search of content throughout the enterprise as well as put content on Legal Hold. While much of this was included in Exchange 2010, what Microsoft did fo...
Memory
November 26, 2012 4:24 am | CommentsMemory forensics! It is scary how much information we can get from memory. If there is one thing you should grab from an image, it's the memory (in my opinion!). I am going to use Volatility—its free, open source, and pretty kickass. That is not to say there are no other memory forensics tools out there, this is just the one I am most comfortable with....
Skyping with The Confrontation Clause
November 26, 2012 3:57 am | CommentsFew cases have the intersection of the Confrontation Clause, witness unavailability, chain of custody, and Skype. Williams v State is one such unpublished opinion from the Indiana Court of Appeals. While this Court did not outright hold Skype was acceptable for a remote deposition, there are well-established remote deposition companies whose services provide security, reliability and a synced-video transcript. Such an embrace of Skype i...
Mac Forensics: Viewing, Understanding, Deconstructing and Creating .plist Files
November 20, 2012 7:00 pm | CommentsIn part one of this blog series we covered the many ways a Mac forensic examiner may view .plist files using both Apple and third-party tools. Part two seeks to improve .plist file knowledge and discusses how to deconstruct a .plist file in order to include the most important objects in an examiner report. Converting a Binary .plist File to .xml As we mentioned in part one of this blog, to date, a .plist file is either a plain text .xm...
Torture, Public Authority and the Pass Phrase
November 20, 2012 7:00 pm | CommentsAfter pleading guilty to one count of conspiracy, five counts of damage to computer systems, four counts of wire fraud, five counts of access device fraud, and four counts of aggravated identity theft and being sentenced to 20 years in prison, Albert Gonzalez "moved for habeas corpus." Gonzalez v. U.S., 2012 WL 5471799 (U.S. District Court for the District of Massachusetts 2012)....
Attack on US Grid Would be Worse than Hurricane Sandy
November 19, 2012 7:00 pm | CommentsLate to the party, but still talking sense. In a report written in 2007 but only now released, the National Research Council — an independent organization that advises the US government on science and technology policy — warns that the national power grid is inherently vulnerable to terrorist attack. Such an attack could cause more damage than hurricane Sandy, say the authors, "blacking out large regions of the country for w...
Validation and MDF Tools
November 19, 2012 7:00 pm | CommentsAt every speaking event I make sure to let the attendees know that there is not a one tool solution when it comes to MDF (mobile device forensics). I always add, “if a company says they are the only solution do not buy from them”. This is true for two reasons, one they do not know what they are selling and two, they do not know the complexities to mobile device collection and analysis. The focus tends to be just on stamping ...
Highlighter Super Users Series: Post 1
November 18, 2012 7:00 pm | CommentsThe Highlighter Super Users series is a little something I’ve put together to reach out to the Highlighter community. As a user of this freeware tool from Mandiant, I want you to know there are many users out there who can help you get through your log analysis paralysis. This series is meant to highlight (see what I did there?) how some users have solved a various range of problems using Highlighter. These interviews will provide...
Malware Forensics Field Guide for Windows
November 18, 2012 7:00 pm | CommentsI don't write many book reviews because I don't feel like I'm very good at doing them. However, I've been fortunate to read some very good books lately and wanted to tell you about them. First, I posted my review of Practical Packet Analysis a few days ago and now I want to tell you about another excellent book: Malware Forensics Field Guide for Windows Systems....
Judges Who Do Their Own Internet Research: Shark-infested Waters
November 15, 2012 7:00 pm | CommentsThe Summer/Fall issue of the ABA's Litigation magazine contained a fascinating article entitled "The Lure of the Internet and the Limits on Judicial Fact Research." I watch for stories like this at the behest of our friend D.C. Superior Court Judge Herbert Dixon so I can forward them along, and he can add them to his formidable lecture repertoire....
Planned Cyberattacks on US Banks on Hold
November 15, 2012 7:00 pm | CommentsUpwards of 30 major U.S. banks and financial institutions have been given a reprieve. The hacker behind a coordinated attack against giants such as Bank of America, Chase, Citibank, PNC, Wells Fargo and nearly two dozen other banks has called off the operation after media reports surfaced a month ago exposing the planned attacks....
Infamous Hacker Heading Chinese Antivirus Firm?
November 14, 2012 7:00 pm | CommentsWhat does a young Chinese hacker do once he’s achieved legendary status for developing Microsoft Office zero-day exploits and using them to hoover up piles of sensitive data from U.S. Defense Department contractors? Would you believe: Start an antivirus firm? That appears to be what’s happened at Anvisoft, a Chinese antivirus startup that is being somewhat cagey about its origins and leadership. ...
APTish Attack via Metasploit
November 14, 2012 7:00 pm | CommentsI was reading one of Mandiant's M-Trends papers on Advanced Persistent Threats (APT) the other day and decided I wanted to try and duplicate some of the methods outlined in their exploitation cycle discussed in the paper. I say, APT "ish" because I don't find this method to be advanced. It also does not use any stealthy/sophisticated malware like we have seen in some high profile APT style attacks. It does; however, cover all the high p...
Carder Christopher Schroebel Gets Seven Years
November 13, 2012 7:00 pm | Comments21 years old and thinking about Cybercrime as a career choice? Think again. Seattle-based U.S. Attorney Jenny Durkan told a press conference back on June 11, 2012 "People think that cybercriminals cannot be found or apprehended. Today we know that's not true. You cannot hide in cyberspace. We will find you. We will charge you. We will extradite you and we will prosecute you." (see: MSNBC: Feds Arrest Alleged Credit Card Fraud Kin...
