On my to-do list for some time has been to add support back into the Tr3Secure collection script...
In his career-ending extramarital affair that came to light in 2012, General David...
This checklist can help you to build a penetration testing lab. To successfully set up your...
IBM has a new high-speed analysis and criminal investigation software that is designed to uncover hidden criminal threats buried deep inside massive volumes of disparate corporate data.
To help with the collection, management, protection and preservation of digital forensic evidence, the Federal Aviation Administration is turning to industry. In an Oct. 15 posting, the FAA said it's seeking a commercial off-the-shelf application that will create a remotely accessible depository where digital media analysts can store digital forensic evidence and distribute forensic workload among investigators.
The courts have generally accepted evidence collected from the Internet as long as its authenticity can be established. Commonly accepted digital forensic methodologies can all be used to identify a three-pronged approach to Internet forensics.
"Corey, at times our auditors find fraud and when they do sometimes they need help collecting and analyzing the data on the computers and network. Could you look into this digital forensic thing just in case if something comes up?" This simple request is what lead me into the digital forensic and incident response field. In this post I'm highlighting how this type of organization is applied to timeline analysis leveraging Plaso.
Matt DeHart, an American who believes the United States is pursuing sham child-porn charges against him as cover for a national security investigation, has been ordered deported from Canada. The 30-year-old faces up to 25 years in prison if convicted of child pornography charges in Tennessee.
NetClean has announced that it has successfully collaborated with its partners, Hubstream and L-3 ASA, to implement the first phase of the UK’s national Child Abuse Image Database (CAID). The CAID plays a key part in delivering on the UK government’s promise to create a central repository for consolidating data in cases of child sexual abuse material.
Addonics Technologies announced the Jupiter series of drive duplicators that, unlike traditional duplicators designed for a fixed number of targets, allow you to connect multiple units together. The Jasper Duplicator offers high performance 150 MB/sec copy speed depending on the read/write speed of the source and target media.
Businesses of all sizes seem to be moving at least some operations to the cloud. It’s only a matter of time before you get a phone call asking you to conduct some kind of cloud forensics and/or incident response.
A key factor in placing any person at the scene of a crime is obtaining evidence that can place an identified suspect as it relates to the scene of the crime. Previously discussed methods of physical surveillance and obtaining records are usually the best evidence of placing a suspect at a specific place and at a specific time, but as most investigations involve reacting to incidents, this may not be always possible.
It’s easy to see how forensics used during a cyberattack investigation are similar to those used in a physical crime scene.
In 2012 we published an article called “Why SSD Drives Destroy Court Evidence, and What Can Be Done About It,” back then SSD self-corrosion, TRIM, and garbage collection were little known and poorly understood phenomena. In 2014, the situation looks different. We now know things about SSD drives that allow forensic specialists to obtain information from them despite the obstacles.
Nearly every case Homeland Security Investigations (HSI) opens has some sort of digital evidence to be collected and analyzed. But the work can’t be done by just anyone. The data must be meticulously cared for by agents trained to preserve the integrity of the material, who can also combat suspects’ attempts to erase their digital dealings — even from afar.
Ever looked closely at a Google search URL and seen a weird "ei" parameter in there? While it doesn't seem to occur for every search, when it does, that "ei" parameter contains an encoded Unix UTC timestamp (and other things Google only knows). Interpreting this artifact can thus allow forensic analysts to date a particular search session.
A surprisingly powerful and less costly binary analysis technique, which does not require reverse engineering, is a review of the character strings contained in the executable. These strings might include, in an ATM machine, words like “Please enter your 4-digit PIN."
Malware is an important consideration for examiners working on traditional computer forensic cases. Malware can add complexity to a case, but in some instances, it actually can help investigators. Like any other piece of data, malware can be used as a clue within a forensic examination.
There is a misconception that having an IR plan will suffice and the statistics seem to indicate having a plan is on the rise. While having a plan is great, they are rarely more than just guidelines and are not the robust set of company specific procedures they should be, especially if you don’t have people practicing them day in and day out.
This new version of XORSearch integrates Frank Boldewin’s shellcode detector. In his Hack.lu 2009 presentation, Frank explains how he detects shellcode in Microsoft Office documents by searching for byte sequences often used in shellcode.
In this post I'm releasing an installation guide to build a custom ticketing system to track and document security incidents. The guide contains nothing groundbreaking; just instructions on how to install and configure Request Tracker in CentOS with a PostgreSQL database and Apache web server.
Nearly three-fourths of US Fortune 500 companies now have set up incident response plans and teams in preparation for cyberattacks, but only one-third of them consider their IR operations actually effective in the face of a data breach, according to a new study.
Dogs have been trained to pick up the scent for laptops, digital cameras and those easy-to-conceal USB drives. Devices such as these are often used to stash illegal materials like child pornography, which the FBI says is growing fast.
Viator, a tour-booking website used by TripAdvisor and others, has just notified 1.4 million customers that their data may have been compromised in a recent data breach. In all, 880,000 customers may have had their payment information compromised, while another 560,000 likely had their email address and encrypted Viator password leaked.
Often an examiner will analyze all the digital media only to determine that the probative data was limited to a browser’s history file, an e-mail, a document, the mobile devices’ logs, or an inappropriate graphic video or picture. Finding the critical probative data faster in a cost effective manner while reducing or eliminating case backlogs is going to require a more efficient methodology.
After a security incident is detected tremendous resources are spent in the forensic investigation trying to figure out what exactly happened and what data, if any, was compromised. If the forensic investigation doesn’t yield definitive results fairly quickly the organization is left with no choice but to assume the worst.
Because of the newness of network forensic activity, network examiners are often left to use existing and emerging tools that have not yet faced the challenge of being proven valid in court. In some respects, the presentation phase of a digital investigation is the most critical; regardless of what has been found, it is worthless if the information cannot be convincingly conveyed to a judge and jury.
Future data storage needs for businesses, corporations, and governments are going to far exceed the ability of current technology to provide those storage devices. Obviously, without major technological advancements, the cost of future data storage could be unprecedented. There are however, a number of technologies under development which may eventually be able to store vast amounts of information, far exceeding today’s devices.
- Page 1