Fwd: Forensic Focus newsletter, November 2008
Bipin Gautam
From: newsl...@forensicfocus.com
Date: Sun, 30 Nov 2008 19:33:29 -0600
Subject: Forensic Focus newsletter, November 2008
To: bipin....@gmail.com
__/ __/ __/ __/ __/ __/ __/ __/ __/ __/ __/ __/ __/
Forensic Focus newsletter, November 2008
__/ __/ __/ __/ __/ __/ __/ __/ __/ __/ __/ __/ __/
Web: http://www.ForensicFocus.com
Blog: http://www.ForensicFocus.com/blog
Welcome to the latest edition of the Forensic Focus newsletter, please
consider forwarding to anyone interested in computer forensics. A link
from your website or blog to www.forensicfocus.com is always
appreciated and articles submitted for publication are encouraged.
In this issue:
1. News roundup
2. A Discussion of Virtual Machines Related to Forensics Analysis
3. Interview with Simon Biles, Thinking Security
4. This month in the Forensic Focus forums
5. Job vacancies
6. Useful resources
7. Submitting an article to Forensic Focus
**********************************************************
WRITE FOR FORENSIC FOCUS!
Make a real contribution to the computer forensics community by writing
an article or submitting a paper for the Forensic Focus site and newsletter...
http://www.forensicfocus.com/write-for-forensic-focus
**********************************************************
1. News roundup
A selection of computer forensics news items hitting the headlines this month
WHY EXAMINATION PROTOCOLS ARE PROBLEMATIC
Forensic examination lays bare a user's computer activity. Personal,
confidential and privileged communications, sexual misadventure,
financial and medical record keeping, proprietary business data and
other sensitive information are all exposed. In the
white-picket-fenced places where active data lives, you can tiptoe
around privileged and private information; but deleted data hails from
the wrong side of the digital tracks, where there are no names, no
addresses and no rules...
http://www.forensicfocus.com/index.php?name=News&file=article&sid=1032
PROOF: POP-UP TEACHER IS INNOCENT, DESPITE MISDEMEANOR PLEA
Accused of letting impressionable students see pornographic pictures
as she browsed the web in her classroom, former Connecticut school
teacher Julie Amero dodged felony charges last Friday by agreeing to
plead guilty to a single misdemeanor charge and surrendering her state
teaching credentials, according to the Hartford Courant. But if a
soon-to-be released forensic report about her hard drive is accurate,
Amero's guilty plea is hardly justice -- since the school computer had
adware, the anti-virus software on the computer had been discontinued,
and the technical testimony at her trial was amateurish and flawed...
http://www.forensicfocus.com/index.php?name=News&file=article&sid=1031
THE MOBILE DEVICE INVESTIGATOR'S TOOLBOX
These days, virtually every major criminal activity leaves evidence —
images, text messages, call records and more — on mobile devices. Yet
for the investigator who knows only the basics or less about how to
recover this evidence, building a strong case can be difficult —
especially after the evidence has been deleted. State or regional
digital forensics labs are frequently overworked and understaffed,
while many agencies lack the resources for the training and equipment
to support an in-house expert. A good compromise is to train
non-expert forensic analysts or investigators to recover essential
evidence. However, those who wish to take part in more complex mobile
forensics need to know first that mobile forensics is as complicated
as computer forensics — and has many of its own challenges...
http://www.forensicfocus.com/index.php?name=News&file=article&sid=1030
FIVE ESSENTIAL COMPUTER FORENSICS TOOLS
I recently had a look at the most recent CSI security survey. While a
lot of things have changed over the past year, one thing is definitely
consistent: attacks happen. At one point, attacks on companies were as
high as 70 percent (in 2000) but today we see that the reported amount
is down to as low as 43 percent. What is interesting is the fact that
the number that checked off the unknown box (that is, those that
aren't sure if they were compromised or not) increased to 13 percent.
This is still an overall lower figure if we were to assume that they
were compromised, but really, IT security professionals ought to be
aware if their organization is compromised or not...
http://www.forensicfocus.com/index.php?name=News&file=article&sid=1029
JUDGE: NO CRYPTOGRAPHIC HASH ANALYSIS WITHOUT WARRANT
In a case that could have important implications for law enforcement
investigations throughout the US, a federal judge has ruled that the
cryptographic fingerprinting of suspects' hard drives constitutes a
search for purposes of the Constitution...
http://www.forensicfocus.com/index.php?name=News&file=article&sid=1028
UK BUSINESSES LACK CONFIDENCE IN POLICE E-CRIME HANDLING
Businesses are not confident that the police have the necessary
resources or technical knowledge to deal with e-crime effectively, a
survey has found..."In our experience, few electronic crimes are taken
seriously by the police," said one respondent to the survey. "The
volume of phishing attacks and lack of law-enforcement capability
makes reporting all attacks unrealistic," said another. Over half of
companies (56.7 percent) felt e-crimes would not be investigated
properly if reported to police; while 30 percent believed there was
no-one they could report cybercrime to, despite the announcement in
October of the formation of the Police Central e-Crime Unit (PCeU) in
2009...
http://www.forensicfocus.com/index.php?name=News&file=article&sid=1027
POLICE ENLIST AI TO HELP TACKLE CRIME
Looking at how AI techniques can boost digital forensics, the UK
government-funded Cyber Security Knowledge Transfer Network (KTN) will
examine the potential use of AI in web counter-terrorism surveillance,
fighting internet fraud, masking identities online and data mining.
The KTN will consider how artificial neural networks can intelligently
pull together evidence from different online sources and databases,
and how particle swarm intelligence — inspired by the behaviour of
flocks of birds — could probe information shared by groups on social
networks...
http://www.forensicfocus.com/index.php?name=News&file=article&sid=1026
PASSWARE EXPOSES PRIVATE DATA INDEXED BY WINDOWS SEARCH
Search Index Examiner lists all the documents, emails, and
spreadsheets, as well as providing creation and modification dates,
author, recipients, summary content, and other information for each
item. The only data it needs from the target computer is a Windows
Search database. A quick scan of a Windows Search Database can find
documents relevant to a case, and even preview of files and items
which have been deleted, deliberately or not...
http://www.forensicfocus.com/index.php?name=News&file=article&sid=1025
"BREATH TESTS" FOR PCS HERALDS STOP AND SCAN
Technology that claims to pick up traces of illicit images on PCs has
attracted the interest of Australian cops. The software, developed in
an Australian University, might eventually be used to screen PCs
during border inspections. Compared to breath test tools used by the
police in a different context, the software - developed at Perth's
Edith Cowan University in association with local police from Western
Australia - is undergoing beta testing. Described as Simple Image
Preview Live Environment (SImPLE), the application is designed to be
easy to use by law enforcement officers, even those with few computer
skills...
http://www.forensicfocus.com/index.php?name=News&file=article&sid=1024
UNIVERSITY DEVELOPS DIGITAL FINGERPRINTING TECHNOLOGY
Security experts say an innovative technology, codenamed 'digital
DNA', offers a completely new perspective on tracking computer
activity. It is based on a novel collection and analysis technique
that identifies sequences in user access of data, leaving behind a
digital fingerprint which will help in digital forensic
investigations...
http://www.forensicfocus.com/index.php?name=News&file=article&sid=1023
OXYGEN FORENSIC SUITE 2 VERSION 1.4 RELEASED
Oxygen Software Company has announced the new v1.4 release of Oxygen
Forensic Suite 2. All registered customers may download the new
version immediately from their personal pages (using the link provided
in the registration confirmation message)...
http://www.forensicfocus.com/index.php?name=News&file=article&sid=1022
DIGITAL TECHNOLOGY FOOTPRINTS TRIP UP SUSPECTS
The man denied any wrongdoing, but Lakeland police had something on
him - his cell phone. Since the department founded its intelligence
unit in 2001, cell phones, computers, MP3 players, and many other
forms of digital technology have taken on new roles as gatherers of
digital evidence and become increasingly useful in police work
nationwide...
http://www.forensicfocus.com/index.php?name=News&file=article&sid=1021
SANS ANNOUNCES NEW RESOURCES FOR COMPUTER FORENSICS
Forensics experts tend to work alone or in small groups and have few
ways of sharing the most important lessons they are learning. SANS is
trying to fill that gap in part because SANS trained many of the most
effective forensics analysts and feels a responsibility for keeping
their skills and knowledge up to date...
http://www.forensicfocus.com/index.php?name=News&file=article&sid=1020
SECURE HASH COMPETITION KICKS OFF
Dozens of amateur and professional cryptographers signed up last week
for the United States' first open competition to create a secure
algorithm for generating hashes -- the digital fingerprints widely
used in a variety of security functions. The contest, run by the
National Institute of Standards and Technology (NIST), seeks to find a
strong replacement for the current family of hash functions, some of
which have been shown to be cryptographically weaker than originally
thought. The agency expected at least 40 proposals to be submitted by
the Friday, Oct. 31 deadline...
http://www.forensicfocus.com/index.php?name=News&file=article&sid=1019
ACCESSDATA OFFER FOR GUIDANCE SOFTWARE ANNOUNCED, REJECTED
AccessData Corporation has announced that on October 6th it sent a
letter to Guidance Software expressing its interest in acquiring all
of the company's outstanding stock. On Friday October 31st, AccessData
reports that it received a reply from Guidance Software stating that
the offer had been rejected...
http://www.forensicfocus.com/index.php?name=News&file=article&sid=1018
COMPUTER CRIME SOARS IN UK
Computer related crimes have risen by almost 10 percent in the UK last
year alone, according to online identity firm, Garlick. The report
claims that over 3.5 million online crimes were committed in the UK in
2007 – most of which relate to fraud and abusive email. Without
harping on too much about the current economic situation, Tom Ilube of
Garlick says that he expects a rise in online financial crimes due to
these circumstances...
http://www.forensicfocus.com/index.php?name=News&file=article&sid=1017
LIBPFF (ALPHA) RELEASED FOR OPEN SOURCE PST AND OST FORENSICS
An alpha version of libpff for forensic investigators using open
source forensic tools has been released. Libpff is a library with
tools to read, extract and recover deleted e-mails. The file format on
the personal folder format can be found on the project website of
libpff. Libpff supports both 32-bit and 64 bit (pst) pff files, but is
still an alpha-release.
http://sourceforge.net/projects/libpff
Want to comment on any of the issues raised above? Please use the
Forensic Focus forums at
http://www.forensicfocus.com/computer-forensics-forums
**********************************************************
HAVE YOU JOINED OUR EMAIL DISCUSSION LIST?
The Forensic Focus email discussion group is a moderated,
spam free, computer forensics discussion list. Join us!
http://www.forensicfocus.com/computer-forensics-list
**********************************************************
2. A Discussion of Virtual Machines Related to Forensics Analysis
by Brett Shavers
Virtual machines are not new and have been in use for well over a half
century. The fundamental concept of a virtual machine revolves around
a software application that behaves as if it were its own computer.
The VM application ("guest") runs its own self-contained operating
system within the actual machine ("host"). This virtual operating
system can be of almost any variant of design. Perhaps put more
simply, it can be described as a virtual computer running inside a
physical computer.
One of the benefits of virtual machines is the ability for a virtual
machine to operate on nearly any underlying hardware and software
configuration. In this manner, there is an ease of flexibility of
sharing and duplication of virtual machines for many purposes, such as
software testing. Additionally, one host machine (the actual
computer) can run multiple guest machines (virtual machines) at the
same time...
Read more at http://www.forensicfocus.com/virtual-machines-forensics-analysis
**********************************************************
SUBSCRIBE TO OUR WEB FEEDS
News - http://feeds.feedburner.com/ForensicFocus
Forums - http://feeds.feedburner.com/ForensicFocusForums
Blog - http://feeds.feedburner.com/ForensicFocusBlog
**********************************************************
3. Interview with Simon Biles, Thinking Security
Simon Biles, together with his wife, runs an Information Security
Consultancy - Thinking Security - from near Oxford in the UK. He posts
as "Azrael" on the Forensic Focus forums.
Forensic Focus: Simon, can you tell us something about your background?
Simon Biles: Underneath it all I'm a UNIX SysAdmin to the core! I
started using Linux at University because I was too lazy to walk to
the CS or AI labs to work on the real UNIX machines (Suns and SGIs),
so I installed it on my own PC in halls, I then discovered that I
could do dial up and connect to the University network and it all grew
from there... I was very lucky to work part time in a local ISP
running Linux and Windows web and database servers, from there I did
more UNIX SysAdmining for a small software company that did high end
Computational Fluid Dynamics - this meant that I got to play with
multiprocessor Suns, HPs, IBMs, SGIs and Linux clusters as the only
UNIX person in the company! Owing to a merger though I was made
redundant, and decided it was a good time to strike out on my own - I
invested some of my redundancy money in training, and since then have
worked on security for The Institute of Cancer Research, JP Morgan
Chase, Cable and Wireless, Vodafone, The Science and Technology
Facilities Council and HM Revenue and Customs as well as a few other
smaller companies.
Forensic Focus: You've co-authored a couple of books ("The Snort
Cookbook" and "Hacking Exposed Linux") and written a number of papers
for Microsoft and others - how do you find the process of writing for
a technical audience and what do you make of the current crop of
computer forensics books?
Simon Biles: I enjoy writing - I wish I could write fiction, but I
don't have the imagination for it! Writing technical things is a good
compromise, I don't have to make anything up - just do some research -
but I get to put my own words to the meaning - hopefully making it
interesting, entertaining and educational along the way.
Funnily enough, I don't think I've really read that many current
forensic books - I had a look at the iPhone Forensics from O'Reilly
the other day, but without an iPhone to play with, it was a bit lost
on me! I'm big on the classics though - "File System Forensic
Analysis" by Brian Carrier, "Forensic Discovery" by Dan Farmer &
Wietse Venema, "Forensic Computing: A Practitioners Guide" by Tony
Sammes and Brian Jenkinson - and there is one that I think has massive
value to someone who came from a non-investigatory background -
"Principles and Practice of Criminalistics" by Keith Inman and Norah
Rudin - the trouble is that it is such a fast moving field, that books
tend to become dated rather quickly - these ones focus more on
attitude and fundamentals than the latest peer-to-peer, for that kind
of thing I find forums, blogs, wikis and scientific papers more
relevant in general...
Read more at http://www.forensicfocus.com/simon-biles-interview-271108
**********************************************************
COMPUTER FORENSICS BOOKS
A wide selection of computer forensics books
available from Amazon in the US and UK:
http://www.forensicfocus.com/computer-forensics-books-us
http://www.forensicfocus.com/computer-forensics-books-uk
**********************************************************
4. This month in the Forensic Focus forums
A selection of recent topics in the Forensic Focus forums
AccessData Have Made An Offer For Guidance
http://www.forensicfocus.com/index.php?name=Forums&file=viewtopic&t=3054
Decompressing Hibernation File
http://www.forensicfocus.com/index.php?name=Forums&file=viewtopic&t=3106
Mobile Forensics Beginner
http://www.forensicfocus.com/index.php?name=Forums&file=viewtopic&t=3136
Questions about GSM Analysis and software compatibility
http://www.forensicfocus.com/index.php?name=Forums&file=viewtopic&t=3131
Best Way to Dump the Registry Hives from a Live System
http://www.forensicfocus.com/index.php?name=Forums&file=viewtopic&t=3121
Query System Specs
http://www.forensicfocus.com/index.php?name=Forums&file=viewtopic&t=3088
UK universities with one year placement schemes
http://www.forensicfocus.com/index.php?name=Forums&file=viewtopic&t=3065
RAM Memory Dump
http://www.forensicfocus.com/index.php?name=Forums&file=viewtopic&t=3061
Linux imaging tool other than dd
http://www.forensicfocus.com/index.php?name=Forums&file=viewtopic&t=3070
Encase Symbol Help
http://www.forensicfocus.com/index.php?name=Forums&file=viewtopic&t=3122
**********************************************************
WRITE FOR FORENSIC FOCUS!
Make a real contribution to the computer forensics community by writing
an article or submitting a paper for the Forensic Focus site and newsletter...
http://www.forensicfocus.com/write-for-forensic-focus
**********************************************************
5. Job vacancies
A selection of vacancies posted to the Job Vacancies forum this month,
a full listing can be found at
http://www.forensicfocus.com/computer-forensics-jobs
Forensics Analyst III - Alexandria, VA
http://www.forensicfocus.com/index.php?name=Forums&file=viewtopic&t=3100
CF Analyst: outstanding training and development - London
http://www.forensicfocus.com/index.php?name=Forums&file=viewtopic&t=3120
Data Collections and ESI Specialist job posting - NYC
http://www.forensicfocus.com/index.php?name=Forums&file=viewtopic&t=3063
Computer & Mobile Phone Forensics Roles - Midlands UK
http://www.forensicfocus.com/index.php?name=Forums&file=viewtopic&t=3108
Junior Computer Forensic Consultant-London
http://www.forensicfocus.com/index.php?name=Forums&file=viewtopic&t=2836
**********************************************************
EXCHANGE LINKS WITH FORENSIC FOCUS
Do you run a computer forensics or security website/blog?
Exchange links with Forensic Focus today
http://www.forensicfocus.com/links
**********************************************************
6. Useful resources
A monthly guide to the best computer forensics resources on the web
Mailing lists
http://www.forensicfocus.com/computer-forensics-list
http://www.securityfocus.com/archive/104 (Forensics list)
http://groups.yahoo.com/group/linux_forensics/
http://groups.yahoo.com/group/COMPUTER_FORENSICS/
http://groups.yahoo.com/group/ComputerForensicJobs/
http://groups.yahoo.com/group/cftt/
http://groups.yahoo.com/group/CCIFTraining/
https://lists.sourceforge.net/lists/listinfo/sleuthkit-users
Blogs
http://www.forensicfocus.com/computer-forensics-blog
http://www.forensicblog.org
http://forensicir.blogspot.com
http://windowsir.blogspot.com
http://computer.forensikblog.de/en/
http://blogs.ittoolbox.com/security/investigator/
http://cfed-ttf.blogspot.com
http://pc-eye.blogspot.com
http://forensicpagefile.blogspot.com
http://www.forensickb.com
http://www.computerforensicsblog.com
http://trewmte.blogspot.com
Podcasts
http://cyberspeak.libsyn.com
http://www.whitfields.org/4cast
Wikis
http://www.forensicswiki.org
http://www.forensicwiki.com
Web sites
http://www.e-evidence.info/
http://www.tucofs.com/tucofs.htm
http://forensic.to/links/pages/Forensic_Sciences/Field_of_expertise/Computer_Investigation/
http://www.computerforensicsworld.com
Publications
http://www.ijde.org
http://www.compseconline.com/digitalinvestigation/
Please contact us through http://www.forensicfocus.com/contact with
suggestions for (non-commercial) additions to this section.
7. Submitting an article to Forensic Focus
If you would like to write an article for either the Forensic Focus
newsletter or website please send a short proposal through
http://www.forensicfocus.com/contact for review, thank you.
Until next month!
Kind regards,
Jamie
--
Jamie Morris
Forensic Focus
Web: http://www.ForensicFocus.com
Blog: http://www.ForensicFocus.com/blog
LinkedIn: http://www.linkedin.com/in/jamiemorris
NEWSLETTER INFORMATION
FEEDBACK
Feedback is welcome and may be sent through
http://www.forensicfocus.com/contact (do NOT reply to this message, it
is sent from an unattended mailbox and will not be read)
TELL A FRIEND
Please feel free to forward this newsletter! Alternatively use the
form at http://www.forensicfocus.com/tell-a-friend to tell a friend
about Forensic Focus.
TO SUBSCRIBE: If someone has forwarded this newsletter to you and you
wish to receive future issues just sign up here:
http://www.forensicfocus.com/computer-forensics-newsletter
Your details will NEVER be shared with any 3rd party.
Copyright(c) Forensic Focus 2008
--
x-no-archive: yes
---
I'm your best best friend.
Usually I like it when you contradict me, it might help me learn. Just
don't be so angry.