Blogs
SUBSCRIBE TO FREE
DFI News EMAIL NEWSLETTER
DHS: Border Device Search Policy Does Not Violate Fourth Amendment
February 12, 2013 10:59 am | CommentsThe Department of Homeland Security’s Office for Civil Rights and Civil Liberties (CLCR) has determined that the DHS’s warrantless, and often suspicion-less, search and seizure of electronics devices at U.S. borders does not violate the Fourth Amendment protection against unreasonable search or seizure. by Brian Donohue...
Jake Williams' Tips on Malware Analysis and Reverse-engineering - Part 2
February 12, 2013 10:54 am | CommentsI spoke with Jake Williams, an incident responder extraordinaire, who teaches SANS' FOR610: Reverse-Engineering Malware course. In the second part of the interview, Jake shared advice on acting upon the findings produced by the malware analyst. He also clarified the role of indicators of compromise (IOCs) in the incident response effort. (See Part 1 if you missed it.) ...
MFT vs Super Timeline
February 11, 2013 11:08 am | CommentsNow, Tom requested some posting about Super Timeline as he learned about it in FOR508. Well I actually covered Super Timeline back in 2011, but while I read my old posts a new idea came to me. The last time I did full on disk acquisition was maybe 6 months ago. Its an issue now with disk sizes becoming quite massive in size. Obviously though, having a disk image has its advantages. You can extract any and all files, and of course ... ti...
The End Game
February 11, 2013 10:51 am | CommentsLast week, I posted about some of the reconnaissance tools that attackers are using against E-Commerce sites, then about what some of the evidence looks like in the logs. Now I want to go over what they are doing with their ill-gotten access. Attackers aren't just in it for the fun anymore. While we still see our share of political defacement's and attacks that are pulled off just to prove a point, most of the cases that forensics firms...
New Cybersecurity Bills to be Introduced to the House & Senate
February 7, 2013 7:00 pm | CommentsRep. Mike Rogers (R-Mich.), the chair of the US House Intelligence Committee, intends to reintroduce H.R. 3523, the Cyber Intelligence Sharing and Protection Act ("CISPA"), which would provide for the sharing of certain cyber threat intelligence and cyber threat information between the intelligence community and cybersecurity entities. Although this initiative has apparently not yet been reported in the news, I was given the privilege t...
Does the IRS Really Know Who You are?
February 7, 2013 7:00 pm | CommentsThe IRS touts electronic filing as the safest way to file tax returns, but it is impossible to say just how safe it is. There are hints in a recent report from the Treasury Department’s Inspector General for Tax Administration that online filing might be making things safer, but the title of the report highlights the broader problem: “There are Billions of Dollars in Undetected Tax Refunds Resulting from Identity Theft.&rdq...
Crooks Net Millions in Coordinated ATM Heists
February 6, 2013 7:00 pm | CommentsOrganized cyber criminals stole almost $11 million in two highly coordinated ATM heists in the final days of 2012, KrebsOnSecurity has learned. The events prompted Visa to warn U.S. payment card issuers to be on high-alert for additional ATM cash-out fraud schemes in the New Year. According to sources in the financial industry and in law enforcement, the thieves first struck on Christmas Eve 2012. Using a small number of re-loadable pre...
Evaluating Potentially Malicious URLs - Part 3
February 6, 2013 7:00 pm | CommentsThis is the final part of a three part series covering how to handle potentially malicious URLs and IPs. In Part 1, Deobfuscating Potentially Malicious URLs, we laid the groundwork by covering policy, unshortening and deobfuscation. In Part 2 of the series, Attributing Potentially Malicious URLs we continued with WHOIS, geoIP, and IP to URL. Finally, in Part 3 of this series (Evaluating Potentially Malicious URLs) we'll will finish up w...
FBI Again Warns Law Firms about the Threat from Hackers
February 5, 2013 7:00 pm | CommentsThe FBI began warning law firms that they were being targeted by hackers back in 2009. That warning was repeated at LegalTech last week by the FBI's Mary Galligan, the special agent in charge of cyber and special operations for the FBI's New York Office. As Law Technology News reported, Galligan was blunt, saying, "We have hundreds of law firms that we see increasingly being targeted by hackers." The word "hundreds" should give law firm...
eDiscovery Evolutionary Scale
February 5, 2013 7:00 pm | CommentsIn 2012 Elluma Discovery interviewed litigators at many law firms throughout Los Angeles, Calif., ranging in size from 2 to over 1,000 attorneys. I have always suspected that there is a veritable smorgasbord of approaches to dealing with discovery, but I wanted to get some real-life data. You see, working at an electronic discovery services provider I process and analyze evidence ranging from paper, to native files to cell phones and in...
Jake Williams' Tips on Malware Analysis and Reverse-engineering
February 4, 2013 7:00 pm | CommentsI had the pleasure of speaking with Jake Williams, an incident responder extraordinaire, who teaches SANS' FOR610: Reverse-Engineering Malware course. In this interview, Jake discussed his perspectives on getting into digital forensics, crafting a strong malware analysis reports and making use of the analyst's findings. by Lenny Zeltser ...
Keeping Our Users Secure
February 4, 2013 7:00 pm | CommentsAs you may have read, there’s been a recent uptick in large-scale security attacks aimed at U.S. technology and media companies. Within the last two weeks, The New York Times and The Wall Street Journal have chronicled breaches of their systems, and Apple and Mozilla have turned off Java by default in their browsers. This week, we detected unusual access patterns that led to us identifying unauthorized access attempts to Twitter u...
Apple Hates Forensicators
February 3, 2013 7:00 pm | CommentsNot really, but some days it sure seems like it. We currently have a project where everyone in the case uses Apple computers. These computers are nice, no question. They are beautiful machines and scream quality. I love Apple products, make no mistake, but I’m now getting to the point where my frustration is boiling over. iMacs are interesting. We made the universal decision not to attempt drive removal because it is simply a nigh...
Kudos to Google for Enhancing its Transparency Reports
February 3, 2013 7:00 pm | CommentsI applauded Twitter for its Transparency Reports and now I offer the same applause to Google, which released its Transparency Report for the second half of 2012. For the first time, Google broke down the kind of legal requests as well — more applause for taking that step....
Attributing Potentially Malicious URLs
February 1, 2013 10:44 am | CommentsThis is the second part of a three part series covering how to handle potentially malicious URLs and IP addresses without getting burned by directly communicating with them. We'll cover various online resources and let you know which ones are our favorites and a little context around why we like them. In Part 1, Deobfuscating Potentially Malicious URLs, we laid the groundwork by covering policy, unshortening and deobfuscation. In Part 2...
