Advertisement
Computer Forensics
Subscribe to Computer Forensics

The Lead

Running Malware Analysis Apps as Docker Containers

December 18, 2014 11:22 am | by Lenny Zeltser | Blogs | Comments

A new REMnux project initiative provides Docker images of Linux applications useful for malware analysis, with the goal of making it easier for investigators start using malware forensics tools that otherwise might be awkward to set up.

FBI Uses Abandoned Code to Find Those Hiding behind Tor

December 17, 2014 10:47 am | by Kevin Poulsen, Wired | News | Comments

For more than a decade, a powerful app called Metasploit has been the most important tool in the...

Streamlining the Digital Forensic Workflow: Part 3

December 17, 2014 8:49 am | by John J. Barbara | Articles | Comments

Depending upon the nature of investigations, timely forensic examinations normally can expedite...

Police Departments Join Forces, Bring Tech Analysis In-house

December 16, 2014 11:50 am | by Jessie Van Berkel, Star Tribune | News | Comments

Dakota county is creating the first local Electronic Crimes Task Force based in Minnesota. Ten...

View Sample

SUBSCRIBE TO FREE DFI News EMAIL NEWSLETTER

Google has blacklisted more than 11,000 domains involved in the latest malware campaign from SoakSoak.ru. But, the impact is apparently much larger: it seems to be affecting most hosts across the WordPress hosting spectrum, according to researchers.

Wordpress Sites Serving SoakSoak

December 16, 2014 11:34 am | by Tara Seals, Infosecurity Magazine | News | Comments

Google has blacklisted more than 11,000 domains involved in the latest malware campaign from SoakSoak.ru. But, the impact is apparently much larger: it seems to be affecting most hosts across the WordPress hosting spectrum, according to researchers.

Criminal hackers are actively exploiting the critical shellshock vulnerability to install a self-replicating backdoor on a popular line of storage systems, researchers have warned.

Worm Exploits Shellshock to Take Over Network Storage Systems

December 16, 2014 11:20 am | by Dan Goodin, Ars Technica | News | Comments

Criminal hackers are actively exploiting the critical shellshock vulnerability to install a self-replicating backdoor on a popular line of storage systems, researchers have warned.                   

This is the conclusion of our discusion with Jake Williams, Instructor at SANS Institute. We've discused North Korea's involvement, or lack of involvement, in the Sony breach, but who else might have been involved? And what is Sony doing to find out? Also

Some DFIR for Sony Cybersecurity

December 16, 2014 9:56 am | by Ernie Austin, Newsletter Editor | SANS Institute | Articles | Comments

This is the conclusion of our discussion with Jake Williams, Instructor at SANS Institute. We've discused North Korea's involvement, or lack of involvement, in the Sony breach, but who else might have been involved? And what is Sony doing to find out? Also, Jake lets us know from a digital-forensic perpective what could be done in situtations like this in the future.

Advertisement
SiQuest was voted "Industry Innovator 2014" by SC Magazine under the category of Analysis and Testing for the evaluation and performance of their new Internet Examiner® Toolkit forensic software.

SiQuest Voted Industry Innovator 2014

December 15, 2014 11:27 am | SiQuest Corporation | News | Comments

SiQuest was voted "Industry Innovator 2014" by SC Magazine under the category of Analysis and Testing for the evaluation and performance of their new Internet Examiner® Toolkit forensic software.               

Researchers from Universidad Carlos III de Madrid (UC3M) and the Universidad de Málaga (UMA) have collaborated with the consulting and technology company Indra on the development of a new advanced simulator of training in cybersecurity, a system that teac

New Simulator Provides Training in Cybersecurity

December 15, 2014 11:01 am | by Carlos III University of Madrid | News | Comments

Researchers from Universidad Carlos III de Madrid (UC3M) and the Universidad de Málaga (UMA) have collaborated with the consulting and technology company Indra on the development of a new advanced simulator of training in cybersecurity, a system that teaches users how to carry out computer forensics, prevent cyber attacks and learn techniques of cyber defense.

The Sony breach has given a great deal of attention on North Korea. Whether the   insular country was guilty of the attack or not, our continuing discusion with   SANS Instructor, Jake Williams, touched on its capabilities.

Questioning North Korean Sony Breach Involvement

December 15, 2014 10:29 am | by Ernie Austin, Newsletter Editor | SANS Institute | Articles | Comments

The Sony breach has given a great deal of attention to North Korea. Regardless of whether the insular country had a part in the attack or not, our continuing discussion with SANS Instructor, Jake Williams, touched on its capabilities.     

At first glance, it would seem that the most logical and obvious way to increase storage capacity would be to add more platters to a hard drive. However, this raises a number of inherent problems, such as having to increase the size beyond the current for

More Bits about Areal Density

December 12, 2014 11:55 am | Articles | Comments

At first glance, it would seem that the most logical and obvious way to increase storage capacity would be to add more platters to a hard drive. However, this raises a number of inherent problems, such as having to increase the size beyond the current form factors (3.5”, 2.5”, etc.), escalating the cost per hard drive, having to have more read/write heads per hard drive, and so forth.

The UK Government is launching a Child Abuse Image Database. It is a landmark project for law enforcement. Never before has UK law enforcement had such a sophisticated method of sharing and matching critical case data, logging visual evidence and analyzin

UK Launching Child Abuse Image Database

December 12, 2014 11:05 am | News | Comments

The UK Government is launching a Child Abuse Image Database. It is a landmark project for law enforcement. Never before has UK law enforcement had such a sophisticated method of sharing and matching critical case data, logging visual evidence and analyzing digital media.

Advertisement
In an attempt to understand what has happened during the breach of Sony   Picture's computers, DFI News has contacted SANS Institute's DFIR team. In an   email interview, Jake Williams, an Instructor at SANS, provides his insights into the complex digital

The Damage and the Malware at Sony

December 12, 2014 10:30 am | by Ernie Austin, Newsletter Editor | SANS Institute | Articles | Comments

In an attempt to understand what has happened during the breach of Sony Picture's computers, DFI News has contacted SANS Institute's DFIR team. In an email interview, Jake Williams, an Instructor at SANS, provides his insights into the complex digital forensic story unfolding at Sony.

Two new surveys show how easy enterprises make it for attackers to steal vast quantities of data with just a few successful breaches of employee machines: Employees typically are given far more access to sensitive data than they need to get their jobs don

Employees Still Get More Access than They Need

December 10, 2014 11:13 am | by Ericka Chickowski | Blogs | Comments

Two new surveys show how easy enterprises make it for attackers to steal vast quantities of data with just a few successful breaches of employee machines: Employees typically are given far more access to sensitive data than they need to get their jobs done, and enterprises don't do enough to track access behavior.

The popular file-sharing service Pirate Bay was taken down following a raid in Sweden by police who seized servers and computers.

Pirate Bay Taken Down Again

December 10, 2014 10:44 am | by Kim Zetter, Wired | News | Comments

The popular file-sharing service Pirate Bay was taken down following a raid in Sweden by police who seized servers and computers.                                   

The spies had come without warning. They plied their craft silently, stealing secrets from the world’s most powerful military. They were at work for months before anyone noticed their presence. And when American officials finally detected the thieves, the

Intelligence Mishap Turns Government and Private Companies into Cyberwarfare Partners

December 9, 2014 12:49 pm | by Shane Harris, PRI | News | Comments

The spies had come without warning. They plied their craft silently, stealing secrets from the world’s most powerful military. They were at work for months before anyone noticed their presence. And when American officials finally detected the thieves, they saw that it was too late. The damage was done.

 To increase hard drive storage capacity, manufacturers have been able to decrease the size of magnetic grains which comprise data bits. This allows for a greater number of bits of data to be recorded. However, the grains are so small that they can potent

Hard Drives 'Spin' into the Future

December 5, 2014 9:14 am | Articles | Comments

To increase hard drive storage capacity, manufacturers have been able to decrease the size of magnetic grains which comprise data bits. This allows for a greater number of bits of data to be recorded. However, the grains are so small that they can potentially interfere with each other. This diminishes their ability to maintain assigned magnetic orientations and data would become corrupted, leading to an unreliable and unusable hard drive.

Advertisement
A Turlock, California man who was the subject of a Homeland Security investigation involving a child pornography ring will be spending the next three decades behind bars.

Child Pornographer Gets 30-year Sentence

December 4, 2014 12:47 pm | by Sabra Stafford, Turlock Journal | News | Comments

A Turlock, California man who was the subject of a Homeland Security investigation involving a child pornography ring will be spending the next three decades behind bars.                       

The theft of trade secrets in U.S. businesses is increasing rapidly and is expected to double within the next decade, according to a recent report. These incidents and other suspicious behavior are the catalyst for lengthy, expensive forensic investigatio

Digital Forensics Can Use Facebook to Solve Cases

December 4, 2014 9:44 am | by Brett Harrison and Chad McDonnell, Baseline | News | Comments

The theft of trade secrets in U.S. businesses is increasing rapidly and is expected to double within the next decade, according to a recent report. These incidents and other suspicious behavior are the catalyst for lengthy, expensive forensic investigations. Digital forensic investigators will seek evidence from a wide array of devices and data sources, including mobile devices.

The field of incident response, forensics, and malware analysis is full of   thrilling hunts and exciting investigations where you have an opportunity to   aggressively pursue the activities of adversaries. While technical acumen   certainly supports thes

How to Track Your Malware Analysis Findings

December 2, 2014 11:30 am | by Anuj Soni | Blogs | Comments

The field of incident response, forensics, and malware analysis is full of thrilling hunts and exciting investigations where you have an opportunity to aggressively pursue the activities of adversaries. While technical acumen certainly supports these efforts, a truly successful execution requires both a well-crafted process and detailed documentation of the journey through that process. 

UAlbany to Host Data Breach Research Laboratory

November 26, 2014 8:35 am | News | Comments

The University at Albany School of Business has been selected to host a research laboratory designed to improve exploration into cyber security and incident response. Computer forensic leader, The ARC Group of New York (ARC), has donated software and services valued at more than a half million dollars to support this critical endeavor.

Device Seizure v6.8 and P2 Commander v3.7

November 24, 2014 4:21 am | Paraben Corporation | Product Releases | Comments

Paraben has announced the release of Device Seizure v6.8 and P2 Commander v3.7. Here is what is new with these flagship tools at Paraben. Paraben is planning new releases in January 2015 for DS 7 and P2C 4 with completely new interfaces and an exciting list of new features.  

When compared to a typical hard drive, SSDs are totally different in design and functionality which leads to some difficult issues to deal with pertaining to their forensic analysis.

Solid State/Hard Drive Differences

November 21, 2014 9:16 am | Articles | Comments

When compared to a typical hard drive, SSDs are totally different in design and functionality which leads to some difficult issues to deal with pertaining to their forensic analysis.                   

As digital devices continue to proliferate, digital storage capacities are approximately doubling every two years. The sheer amount of digital media being submitted for forensic analysis is overwhelming.

Growth of Digital Forensic Workflow

November 14, 2014 12:05 pm | Articles | Comments

As digital devices continue to proliferate, digital storage capacities are approximately doubling every two years. The sheer amount of digital media being submitted for forensic analysis is overwhelming.             

PFIC 2014 - A Great Exchange of Ideas

November 13, 2014 10:16 am | by Chet Hosmer | Blogs | Comments

Once again the Paraben team has put together just the right Forensic Innovation Environment with a perfect backdrop. The conference provides a brainshare and the perfect mix of lectures, trainings, and lab sessions that truly generate a spirit of collaboration and innovation that is forging new partnerships. 

Most stories about child pornography focus on high-profile offenders such as priests and college professors or on attempts by victims to recover damages from offenders. Fewer stories focus on the people who voluntarily enter this world to catch the offend

Pa AG's Agents Wage Battle against Child Pornographers

November 12, 2014 10:34 am | by Brian Bowling, TribLive | News | Comments

Most stories about child pornography focus on high-profile offenders such as priests and college professors or on attempts by victims to recover damages from offenders. Fewer stories focus on the people who voluntarily enter this world to catch the offenders and save some of the victims. 

Security is a combination of protection, detection, and response. It's taken the industry a long time to get to this point, though. The 1990s was the era of protection. Our industry was full of products that would protect your computers and network. By 20

The Future of Incident Response

November 12, 2014 9:19 am | by Bruce Schneier | Blogs | Comments

Security is a combination of protection, detection, and response. It's taken the industry a long time to get to this point, though. The 1990s was the era of protection. Our industry was full of products that would protect your computers and network. By 2000, we realized that detection needed to be formalized as well, and the industry was full of detection products and services. This decade is one of response.

There are few things more frustrating to users than using a tool which doesn't support (or may even be at odds with) their processes. Tools should be designed to support our workflows, and the more often we perform a workflow, the more important it is tha

Triage Any Alert with These Five Weird Questions!

November 6, 2014 9:58 am | by David Bianco | Blogs | Comments

There are few things more frustrating to users than using a tool which doesn't support (or may even be at odds with) their processes. Tools should be designed to support our workflows, and the more often we perform a workflow, the more important it is that our tools support it.

 The alert fired and the end point needs to be triaged but what options do you have. Do you spend the time to physically track down the end point, remove the hard drive, image the drive, and then start your analysis. How much time and resources would be s

Triaging with Tr3Secure Script's NTFS Artifacts Only Option

November 6, 2014 9:49 am | by Corey Harrell | Blogs | Comments

The alert fired and the end point needs to be triaged but what options do you have. Do you spend the time to physically track down the end point, remove the hard drive, image the drive, and then start your analysis. How much time and resources would be spent approaching triage in this manner? 

X
You may login with either your assigned username or your e-mail address.
The password field is case sensitive.
Loading