You are here: Home / Archives for forensics

Digital Forensics Go Mobile – SIGNAL Magazine

June 14, 2011 By Leave a Comment

Digital-data investigators have a new tool in their arsenals as they try to capture bad guys’ information before they can harm others. The device enables immediate, on-scene triage of devices, eliminating the need to send equipment back to a laboratory while saving precious time and resources.

Dell released its Mobile Digital Forensics solution to build upon its original Digital Forensics offering. As devices such as computers, smartphones and even gaming consoles with storage capabilities grow in popularity, they become increasingly critical sources of information. Joe Trickey, rugged and digital forensics brand manager at Dell, says the number and capacity of these platforms result in a digital tsunami. Investigators need methods to more quickly process the data they collect to counteract this overload. In some cases, faster evidence collection could enable catching criminals or stopping attacks.

Chris Townsend, rugged solutions manager at Dell, explains that the mobile solution was designed for the layperson, not forensics specialists, to use. It requires no specific skills to operate as it reviews content, finds fields and key words, and helps maintain security. The solution has applications in a range of areas including intelligence-community and defense operations. For example, a warfighter out on patrol could use the tool to collect information from a house and send the findings back to experts to identify actionable intelligence. The solution also can be configured to help private companies detect problems such as insider trading.

Law enforcement agencies also are major users of Digital Forensics and Mobile Digital Forensics. Trickey shares a story in which law enforcement officials were tracking a gang-related case and were able to collect information about a hit made in Las Vegas when the guilty party discussed the crime via a friend’s gaming station. One of the most common applications for the device is in cases of crimes against children such as kidnapping or exploitation.

via Digital Forensics Go Mobile – SIGNAL Magazine.

LinkedInPinterestEvernoteWordPressBlogger PostEmailShare
Filed Under: Tech Bytes Tagged With: , , , , , ,

Understanding Network Forensics Makes Your Security Smarter

June 3, 2011 By Leave a Comment

When I tell people I work in forensics they always mention CSI: Geeks in white lab coats standing over test tubes of blood, or slides of hair, running computer programs with GUIs that look more like Avatar than Windows 7, Ubuntu, or Mac OS.

Then I explain that it’s digital forensics—that I collect information in computer chips instead of tissue samples—and they get that look like I just let them down. OK, hard drives aren’t as cool as hand gun ballistics, I get that, but the process of data collection and case-building is remarkably similar whether the subject matter is Western Digital or Smith and Wesson.

Recently I wrote an article for Forensic Focus, a leading network forensic website, on open source toolkits for analysts. These are computer programs that help me do my job. As I mention in the article, it’s important to plan for digital-evidence-gathering when building security systems. In hundreds of cases, network forensics has stood up to legal scrutiny as primary evidence and has put more than one black hat in jail.

Network forensics as a security layer is like adding a close-circuit camera system to your regular home security. Your IT department has probably already installed the alarm—enabled a firewall, set alerts on suspicious activity—but a forensic appliance can record all data traffic, essentially saving a mirror image of who did what and where. The benefits of this data in the event of breach should be obvious.

via Understanding Network Forensics Makes Your Security Smarter.

LinkedInPinterestEvernoteWordPressBlogger PostEmailShare
Filed Under: Tech Bytes Tagged With: , , , ,

Digital Forensics and Osama Bin Laden | PRI’s The World: Science

May 10, 2011 By Leave a Comment

Last week’s Navy Seal raid on Osama Bin Laden’s hide-out in Pakistan resulted in more than just the death of the most wanted terrorist in the world. The Seal team also collected computer hard drives, disks and other digital material that contain, according to one Obama administration official, “a motherlode of intelligence.” That got us here at WTP wondering, though, about how digital forensics experts go about getting information off of hard drives, especially if that material has been deleted, or is encrypted. Luckily, the BBC’s Chris Vallance was wondering the same thing, and so he went along to get some answers from a British company called disklabs.

We’ve got a number of other interesting items on the Osama Bin Laden raid in this episode as well. We’ll tell you about the Pakistani IT professional who, unknowingly, live-tweeted the night-time assault on the bin Laden compound in Abbottabad. Also, we’ll talk with Scientific American editor Christine Gorman about the DNA testing and facial recognition methods that were probably used to positively identify Bin Laden after the raid. And finally, you’ll hear from Thomas Gillespie, a UCLA geographer who for the past few years has been trying to apply his methods for tracking fauna. Two years ago, Gillespie and his class on remote sensing predicted the kind of place Bin Laden was likely hiding. They didn’t pinpoint Abbottabad, but they came pretty close. Gillespie, by the way, is answering your questions right now over in our World Science Forum, so stop by and join the conversation.

Also in this episode, we’ll hear about the kinds of technologies that might replace black box cockpit voice and flight data recorders. And we’ll take a step back in time, about 70 years, and revisit the moment when the Royal Navy boarded U-Boat 110 and discovered the Enigma Machine. Come crack some code with us as we take you on a tour of a new exhibit at Britain’s former code-cracking headquarters, Bletchley Park.

via Digital Forensics and Osama Bin Laden | PRI’s The World: Science.

LinkedInPinterestEvernoteWordPressBlogger PostEmailShare
Filed Under: Tech Bytes Tagged With: , , ,

F-Response receives patent for Remote Forensics Innovation

March 14, 2011 By Leave a Comment

F-Response announced today award by the US Patent Office of a patent that covers the remote computer forensics technology that makes up the core of all F-Response software products.

The patent for invention number 7,899,882 is for a system and method for providing remote forensics capability. This system enables virtually any incident response, data recovery or forensics tool to be used over an IP network. It works by creating a network connection between the live subject machine and the examiner’s machine via raw (all sectors), physical, read-only access to the drives on the subject machine. Using F-Response, examiners can conduct analysis of a subject computer over an IP network using their tools of choice.

“Our patent makes claims using iSCSI technology specially modified to provide forensic grade write protection to remote computers.” said Matthew Shannon, Founder and Chief Software Architect, F-Response.

The patent covers the technology that makes up the core of all F-Response products (Field Kit, Consultant, Enterprise, and TACTICAL). F-Response has customers on nearly every continent and is available in four languages. F-Response software products support the collection of electronic evidence across over ten different operating environments and work seamlessly with a wide array of established computer forensics tools.

“This patent shows our commitment to what we call the Forensic Connectivity business, bringing you forensic access to remote machines simply, efficiently, and in a cost effective manner.” said Mr. Shannon.

via F-Response receives patent for Remote Forensics Innovation.

LinkedInPinterestEvernoteWordPressBlogger PostEmailShare
Filed Under: Tech Bytes Tagged With: , , , , , , , ,

Digital Forensics: What Footprints Do You Leave Online? | Forensic Science

February 10, 2011 By Leave a Comment

Because computers have become such an important aspect of our daily lives, almost every crime will likely have some electronic evidence. It is important for law enforcers to understand the benefits of electronic evidence, and to ensure that they handle digital evidence as carefully as physical evidence. Investigators may use digital forensics to show intent, cross-reference alibis or statements, or attribute data to a specific person. More difficult to follow than a “paper trail,” electronic records can still provide crucial information in criminal cases.

Past judicial interpretations of the Fourth Amendment have consistently sided with law enforcement in cases of warrantless searches of electronic information. The amendment states that, “the right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause…”. However, because of the high incidence of electronic crime, searching electronic information is not considered unreasonable, and searching for information that would have required a warrant in past years has become legally obtainable in the electronic age. Law enforcement is pursuing more aggressive tactics to protect citizens from online crime.

This may come as bad news for digital criminals, and maybe even to radical proponents of civil liberties, but ultimately, the safety of private information is very important to most Americans. The law enforcement community is making good use of digital forensics as a revolutionary means in crime prevention and prosecution, and is beginning to catch up to the rapidly evolving cyber-criminals. Electronic evidence has become more important than physical evidence and has altered the very principles of crime scene investigation. Similarly, everyday citizens should become more careful with their sensitive information, and regularly check bank statements, credit card statements, or other activity in order to prevent identity theft and digital theft.

via Digital Forensics: What Footprints Do You Leave Online? | Forensic Science.

LinkedInPinterestEvernoteWordPressBlogger PostEmailShare
Filed Under: Tech Bytes Tagged With: , , , , , , ,

What is Digital Forensics? AskBobBrankin.com

January 14, 2011 By Leave a Comment

Digital forensics – “computer forensics” in older terminology – is the discovery, recovery, and investigation of digital information. You will usually hear the term “digital forensics” in connection with the investigation of a crime. But it also applies to recovery of an accidentally deleted file, or a forgotten password. You might be surprised to learn what kinds of information can be discovered through digital forensics…

Digital Forensics and Evidence Discovery

Digital forensics, in the legal world, takes one of three forms. Forensic analysis involves recovery of evidence in order to support a legal hypothesis in criminal court. Detecting deleted files and undeleting them would be an example. “eDiscovery” is often used in civil litigation to compel one party to turn over copies of digital information believed to be in its possession. Freedom of Information Act demands made to government agencies can also be considered eDiscovery. “Intrusion investigation” delves into the nature, extent, and modus operandi of unauthorized network intrusions – the geeky equivalent of a burglary investigation.

In digital forensics’ early days, most investigations were “live forensics.” That means investigators directly manipulated a hard drive, for example, to discover what was on it and recover deleted data. But tampering directly with evidence in live forensics poses the risk of altering the evidence, making it vulnerable to defense challenges. Nowadays, special software tools such as SafeBack and DIBS preserve the original evidence while making backup copies for forensic examination. These tools document the backup and tinkering done on data to preserve the “chain of evidence” required by courts.

via What is Digital Forensics?.

LinkedInPinterestEvernoteWordPressBlogger PostEmailShare
Filed Under: Tech Bytes Tagged With: , , , , , , ,

BBC News – Google’s UK Street View wi-fi data ‘deleted’

December 20, 2010 By Leave a Comment

The UK Information Commissioner’s Office (ICO), which has been criticised for not taking a more hardline stance against Google, confirmed the deletion.

The first batch of wi-fi data, which included snippets of e-mails, URLs and passwords, was deleted in November.

But legal wrangles in other countries meant that the remaining data, all of which the firm said was collected in error, took more time to erase.

“We can confirm that the UK data has now been deleted, and that this has been independently certified,” said Google.

The deletion was carried out by US forensics firm Stroz Friedberg.

via BBC News – Google’s UK Street View wi-fi data ‘deleted’.

LinkedInPinterestEvernoteWordPressBlogger PostEmailShare
Filed Under: Tech Bytes Tagged With: , , , , , , , ,

The Impact of the Cloud on Digital Forensics – Part 1 | Eclipse Developer’s Journal

November 30, 2010 By Leave a Comment

For a larger enterprise with say multiple and/or international locations, a private cloud infrastructure can provide an added cost benefit that whilst not as cheap as a public cloud offering, would offset that cost variance in terms of the risk profile of systems being moved into a private cloud e.g. critical databases, transactional and/or processing systems as well as potential compliance concerns.

If however an enterprise chooses to utilize a public cloud offering there will be the added complications for information security, in terms of procedural and legal standpoints. This leads us to the point that, with a public cloud system; we no longer have the traditional defined security perimeter.

This new cloud security perimeter can now be any place on any device where people will access an enterprise provided network, resources and systems.

With regard to digital forensics and the e-discovery process, this new cloud security perimeter stemming from the trend with which data is now accessed via the internet, housed and consumed on multiple systems and devices internationally, will pose some serious challenges(legally and technically) with the potential to complicate a security investigation. e.g. defining incident response, access rules and policies governing  access as well as  support processes.

Traditional network forensics  metrics will not give a complete picture of what can occur within the cloud computing environment; for instance there could be limitations in terms of focus only on data going  into and out from  systems which an enterprise has access to, and as we know this generally stops at the gateway into the cloud.

In terms of network forensics, packet capture and analysis is important; with the cloud ecosystem there is the real possibility of an increase in the vast amount of data that may need to be processed. This will only increase the workload on the digital investigator who will most likely have more than a plate full of hex patterns, network metadata and logs to analyze., as is the case with a traditional system analysis.

This increased volume can severely cripple an investigation; more so if a forensic investigator does not completely understand the cloud ecosystem’s architecture, its complex linkages that bridge cloud services and an enterprise’s systems in addition to how these systems impact an enterprise in terms of potential ingress points that can lead to systems compromise.

via The Impact of the Cloud on Digital Forensics – Part 1 | Eclipse Developer’s Journal.

LinkedInPinterestEvernoteWordPressBlogger PostEmailShare
Filed Under: Tech Bytes Tagged With: , , , , ,

Updated iPhone Forensics white paper released – viaForensics «viaForensics

November 17, 2010 By Leave a Comment

viaForensics has released an updated version of its free white paper on iPhone Forensics. The paper reviews specific software and techniques that analysts and investigators can use to recover the vast amount of information stored on Apple’s iPhones.

In addition to reviewing forensic tools, the iPhone forensics white paper takes readers through a forensic analysis with each tool and reports on the installation, acquisition, reporting and accuracy of the tool.

The use of mobile forensics to uncover data has become increasingly important in corporate investigations, civil disputes and criminal cases. During a typical iPhone investigation, viaForensics has recovered more than 60,000 files, including text messages, contacts, GPS locations, website history, online banking credentials and Facebook images. This type of data has been used by law enforcement, federal agencies and corporations in investigations and criminal and civil cases.

The white paper is available at http://viaforensics.com/education/white-papers/iphone-forensics/. Registration for future updates is available and will also provide information on an upcoming white paper on Android Forensics.

via Updated iPhone Forensics white paper released – viaForensics «viaForensics.

LinkedInPinterestEvernoteWordPressBlogger PostEmailShare
Filed Under: Tech Bytes Tagged With: , , , , , , , , ,

Use Of Backup Tapes In Computer Forensics | Analogue and Digital

November 10, 2010 By Leave a Comment

Data in local systems comes and goes and can often be replaced, especially where this is the intention of the business or person being investigated. Back up data information provides a snap-shot of a system or systems and therefore provides a historical record. Therefore if there is an attempt to remove information from a local system and that information was previously stored on a back up system then that information will be able to be recovered within the backup data tape.

Those who specialize in this form of investigation will work back through the backup data tapes and can therefore gain a greater insight into any system abuse or illegal behavior that may have taken place. Unless the person who is attempting to erase information has a great knowledge of the system and erasure techniques then the information that is being sought, if it in fact exists, should be located within the backup infrastructure.

Those conducting the investigation of the data must have knowledge of the backup infrastructure itself. There is likely to be a significant amount of information stored within backup tapes so knowledge of how to process this information to reduce the search time requirements is a key factor. This is especially important relating to cost factors as well as man-power and time to conduct any investigation or audit.

As an example, if there are 3000 tapes that require 3 hours each to read completely and you could use 10 systems with 80% operating time this would mean the required time to read the 3000 tapes would be approximately 50 days. This does not take into account the requirement to actually analyze and organize the data itself.

via Use Of Backup Tapes In Computer Forensics | Analogue and Digital.

LinkedInPinterestEvernoteWordPressBlogger PostEmailShare
Filed Under: Tech Bytes Tagged With: , , , , , ,
« Older Posts
Newer Posts »