Friday, October 18, 2013

ForGe – Computer Forensic Test Image Generator

by Hannu Visti

Creating test material for computer forensic teaching or tool testing purposes has been a known problem. I encountered the issue in my studies of Computer Forensics at the University of Westminster. We were assigned a task to compare computer forensic tools and report results. Having already analysed test images by Brian Carrier (http://dftt.sourceforge.net) over and over again, I found myself creating images manually, which appears to be the best and only way of doing this. One of my lecturers, Sean Tohill, confirmed this is indeed the case and a test image generator is long overdue.

The need for such a tool is twofold. In educational setting, the problem of plagiarism can be mitigated by giving each student an individual image to analyse. In application quality testing, one of the tests should be to feed several similar but not identical images to the forensic tool, and compare results, which should be identical...


http://articles.forensicfocus.com/2013/10/18/forge-computer-forensic-test-image-generator/

Wednesday, October 09, 2013

Interview with Carole Phillips, Trustee, BulliesOut

Carole Phillips
Carole, you're currently a trustee for BulliesOut. How did you become involved with the charity?

I first heard of BulliesOut through being involved in the charity Children in Wales and contacted the CEO, Linda James, via LinkedIn. We met as I was interested in what the charity did and what involvement the charity had with schools and other professionals working with young people. I was impressed with the dedication of Linda and her desire to get the message out there to young people that no-one has to put up with bullying. The charity looks at all aspects of bullying, working with the bully as well as the victim and also the bystanders who have a crucial role to play. BulliesOut operates in other countries as well as the UK but it was encouraging to learn that it is a Wales based charity and one that is well respected. I was asked to become a Trustee, and although I was not sure what being a Trustee involved, I was happy to join the team. I promote the charity as much as I can with other professionals and young people and although my time is limited due to working full-time and my University studies, I do what I can.

There has been increased coverage of cyber bullying in the media recently. How large a problem is cyber bullying? Is it really growing as fast as the media seem to suggest?

When the tragic deaths of young people such as Hannah Smith and Daniel Perry hit the headlines, the spotlight is rightly focused on social networking sites and how bad they are and what can be done to prevent further deaths. Because of the publicity, it appears that all of a sudden social media has become a problem, yet the truth is that concerns about young people inappropriately using social networking sites have never gone away. Schools can vouch for this in the increased number of incidents they deal with; almost always at the centre of bullying incidents is a social network site or messaging service such as Ask.fm. As was the case in the summer with Ask.fm, there was a public outcry to get the site closed down, but this is not the answer. Whilst publicity about messaging services pushes for stricter monitoring and moderation and to take more responsibility for the care of its primarily young users, educating young people about their behaviour online is vital in driving home the message about safer use...

http://www.forensicfocus.com/c/aid=67/interviews/2013/carole-phillips-trustee-bulliesout/

Interview with John Huperetes, Senior Forensics Instructor

John Huperetes is a sub-contractor to the US Department of Defense and any views herein do not represent those of his contractor or of the DoD.

John, please tell us about your current role.

I am contracted to be "senior forensics instructor" and assist in developing and delivering cyber investigation training courses for DoD organizations, Defense Criminal Investigative Organizations (DCIO), military counterintelligence agencies, and law enforcement organizations.

This gives me the opportunity to review and sometimes experiment with bleeding edge digital forensics, and transfer the acquired knowledge to others.

I started off tinkering with electronics at a very early age. I was much better at shredding electronics than putting them back together. I moved to programming, first for processors, memory and controllers, thereafter databases and finally networks. A few consulting stints and I shifted to security permanently.

Incident response in security naturally pushes into forensics. A few more permanent and consulting jobs, and about a decade ago I took a job with a large financial firm working on forensics.

I got a call from a contractor for my current job, and that is how I ended up here.

What is the most challenging thing about your job? What do you find the most enjoyable?

The most challenging part of my job is always having an open mind toward new techniques and ideas. It is not just a time consuming but also an exhausting process. It is not unusual in our field to learn something, just to later discover that there are caveats galore! I enjoy the camaraderie of the experts, instructors and students, and the new discoveries I get to make...

http://www.forensicfocus.com/c/aid=66/interviews/2013/john-huperetes-senior-forensics-instructor/

Interview with Benjamin Fung, Associate Professor, McGill University

Dr Benjamin Fung
Benjamin, you're an Associate Professor of Information Studies at McGill University - can you tell us more about the role and how you entered academia?

Certainly. As you say, I am currently an Associate Professor of Information Studies at McGill University and previously was an Associate Professor of Information Systems Engineering at Concordia University. I am particularly interested in developing new, scalable data mining methods for privacy protection and crime investigation.

In 2003, after working in the software industry for four years, I noticed there was a need for scalable data mining methods. As a result, I resigned from my job at SAP Business Objects and studied a Ph.D. in computing science, specializing in data mining, at Simon Fraser University. Recently, there is a hot research topic called "big data", but data miners have been working on "big data" for more than 20 years already.

Your research focuses on designing intelligent systems for the purpose of crime investigation. How did you become interested in these topics?

After joining the Computer Security team at Concordia in 2007, I had a lot of opportunities to interact with different law enforcement units in Canada. In the meetings, I found that there is a big gap between the state-of-the-art data mining methods in the literature and the current software tools used by law enforcement officers. A lot of important evidence can be collected from the suspects' digital devices, from laptops to smart phones. The challenge is how to efficiently retrieve the relevant information from such a large volume of (unstructured) textual data...

http://www.forensicfocus.com/c/aid=64/interviews/2013/benjamin-fung-associate-professor-mcgill-university/

Forensic Focus Forum Round-Up

How much does having a disability affect working in forensics? Chime in on the forum.

Are Facebook private messages retrievable?

Forum members discuss the best way to clean flash drives.

To triage or not to triage? That is the question.

Convicted murderer Bradley Cooper has been granted a retrial following accusations of a judge holding back testimony concerning Google maps.

Forum members discuss verification of ATA to USB bridges on hard drives of more than 2TB.

Interview with Jacopo (forum member 'jaclaz')

Jacopo, you’re an active member of the Forensic Focus forums. How did you become interested in digital forensics?

My interests are oriented towards OS booting, filesystems and data recovery. These fields are of course closely linked to digital forensics.

I was one of those kids that disassembled things to see what was inside them and understand how they worked (and I even managed to reassemble a few items properly!) Computers have been a hobby since the time I built (some of the readers may be old enough to remember the good ol'times) my first computer, a Sinclair ZX-80, and more generally I have been always interested in any kind of technology. If the term had been already invented at the time I could have easily been defined as a "geek".

Then, in my professional life, I had a few occasions to find what I call "the IT wall". At least here in Italy in the years when computers entered the corporate world there was an abundance of a particular kind of IT guy, that took advantage of the fact that no one else was familiar with the way computers worked and either provided answers like "it is not possible" or "you can't do that", or "well, we will need to hire a professional programmer and it will take 6 months to have that". Due to some peculiarities of my character, "it is impossible" or "you can't do that" are like magic words to induce me to prove that it is actually possible and that I can do it (or at least find the actual reason why something is impossible). On a couple of occasions it happened that everything that was needed to create a Work Progress Report was somehow stuck in a corrupt hard disk or in a program database that went astray. Due to Murphy's Law these events normally happened on Saturdays or during the holiday periods, and something needed to be done, and quickly, and most probably with the help of some luck and ingenuity, I was able to recover the hard disk contents or rebuild the broken database, etc. This made me take an interest in the field, and since then I studied a bit more in this niche...

http://www.forensicfocus.com/c/aid=65/interviews/2013/jacopo-forum-member-jaclaz/