As digital devices continue to proliferate, digital storage capacities are approximately...
Once again the Paraben team has put together just the right Forensic Innovation Environment with...
Most stories about child pornography focus on high-profile offenders such as priests and...
Security is a combination of protection, detection, and response. It's taken the industry a long time to get to this point, though. The 1990s was the era of protection. Our industry was full of products that would protect your computers and network. By 2000, we realized that detection needed to be formalized as well, and the industry was full of detection products and services. This decade is one of response.
There are few things more frustrating to users than using a tool which doesn't support (or may even be at odds with) their processes. Tools should be designed to support our workflows, and the more often we perform a workflow, the more important it is that our tools support it.
The alert fired and the end point needs to be triaged but what options do you have. Do you spend the time to physically track down the end point, remove the hard drive, image the drive, and then start your analysis. How much time and resources would be spent approaching triage in this manner?
Future data storage needs for businesses, corporations, and governments are going to far exceed the ability of current technology to provide those storage devices. Obviously, without major technological advancements, the cost of future data storage could be unprecedented. There are however, a number of technologies under development which may eventually be able to store vast amounts of information, far exceeding today’s devices.
Email infidelity is a challenge amongst the investigators to resolve cyber crime cases. Forging the sender’s address, also known as email spoofing is one of the illegitimate ways to diverge the investigation process.
IBM has developed new high-speed analysis and criminal investigation software that is designed to uncover hidden criminal threats buried deep inside massive volumes of disparate corporate data.
On my to-do list for some time has been to add support back into the Tr3Secure collection script to obtain the NTFS Change Journal ($UsnJrnl). This is a quick post about this functionality being added back to the collection script.
In his career-ending extramarital affair that came to light in 2012, General David Petraeus used a stealthy technique to communicate with his lover Paula Broadwell: the pair left messages for each other in the drafts folder of a shared Gmail account. Now hackers have learned the same trick.
This checklist can help you to build a penetration testing lab. To successfully set up your lab will require attention to detail, redundancy, and a littel bit of paranoia.
IBM has a new high-speed analysis and criminal investigation software that is designed to uncover hidden criminal threats buried deep inside massive volumes of disparate corporate data.
To help with the collection, management, protection and preservation of digital forensic evidence, the Federal Aviation Administration is turning to industry. In an Oct. 15 posting, the FAA said it's seeking a commercial off-the-shelf application that will create a remotely accessible depository where digital media analysts can store digital forensic evidence and distribute forensic workload among investigators.
The courts have generally accepted evidence collected from the Internet as long as its authenticity can be established. Commonly accepted digital forensic methodologies can all be used to identify a three-pronged approach to Internet forensics.
"Corey, at times our auditors find fraud and when they do sometimes they need help collecting and analyzing the data on the computers and network. Could you look into this digital forensic thing just in case if something comes up?" This simple request is what lead me into the digital forensic and incident response field. In this post I'm highlighting how this type of organization is applied to timeline analysis leveraging Plaso.
Matt DeHart, an American who believes the United States is pursuing sham child-porn charges against him as cover for a national security investigation, has been ordered deported from Canada. The 30-year-old faces up to 25 years in prison if convicted of child pornography charges in Tennessee.
NetClean has announced that it has successfully collaborated with its partners, Hubstream and L-3 ASA, to implement the first phase of the UK’s national Child Abuse Image Database (CAID). The CAID plays a key part in delivering on the UK government’s promise to create a central repository for consolidating data in cases of child sexual abuse material.
Addonics Technologies announced the Jupiter series of drive duplicators that, unlike traditional duplicators designed for a fixed number of targets, allow you to connect multiple units together. The Jasper Duplicator offers high performance 150 MB/sec copy speed depending on the read/write speed of the source and target media.
Businesses of all sizes seem to be moving at least some operations to the cloud. It’s only a matter of time before you get a phone call asking you to conduct some kind of cloud forensics and/or incident response.
A key factor in placing any person at the scene of a crime is obtaining evidence that can place an identified suspect as it relates to the scene of the crime. Previously discussed methods of physical surveillance and obtaining records are usually the best evidence of placing a suspect at a specific place and at a specific time, but as most investigations involve reacting to incidents, this may not be always possible.
It’s easy to see how forensics used during a cyberattack investigation are similar to those used in a physical crime scene.
In 2012 we published an article called “Why SSD Drives Destroy Court Evidence, and What Can Be Done About It,” back then SSD self-corrosion, TRIM, and garbage collection were little known and poorly understood phenomena. In 2014, the situation looks different. We now know things about SSD drives that allow forensic specialists to obtain information from them despite the obstacles.
Nearly every case Homeland Security Investigations (HSI) opens has some sort of digital evidence to be collected and analyzed. But the work can’t be done by just anyone. The data must be meticulously cared for by agents trained to preserve the integrity of the material, who can also combat suspects’ attempts to erase their digital dealings — even from afar.
Ever looked closely at a Google search URL and seen a weird "ei" parameter in there? While it doesn't seem to occur for every search, when it does, that "ei" parameter contains an encoded Unix UTC timestamp (and other things Google only knows). Interpreting this artifact can thus allow forensic analysts to date a particular search session.
A surprisingly powerful and less costly binary analysis technique, which does not require reverse engineering, is a review of the character strings contained in the executable. These strings might include, in an ATM machine, words like “Please enter your 4-digit PIN."
Malware is an important consideration for examiners working on traditional computer forensic cases. Malware can add complexity to a case, but in some instances, it actually can help investigators. Like any other piece of data, malware can be used as a clue within a forensic examination.
There is a misconception that having an IR plan will suffice and the statistics seem to indicate having a plan is on the rise. While having a plan is great, they are rarely more than just guidelines and are not the robust set of company specific procedures they should be, especially if you don’t have people practicing them day in and day out.
- Page 1