Friday, December 31, 2010

(Computer Security) New Year Resolutions

by Simon Biles

Simon Biles
About the Author

Simon Biles is a founder of Thinking Security Ltd., an Information Security and Risk Management consultancy firm based near Oxford in the UK.

The annual process of creating resolutions that we can break within a matter of minutes is a tradition to many of us – no new year would be complete without the heartfelt conviction that you will [delete as applicable] go to the gym/drink and/or smoke less/organise your garage etc. and that this will clearly make your life better, more complete and you will be “a better person”. I, for one, will be drinking less, going to the gym more and organising my garage – I know I will, because I’ve said I will on the first day of the New Year …

Aside from that though, here are some Information/Computer Security resolutions that you might like to give some thought to adding to your list. Like all good resolutions, these have value, but they are much more effective if you actually keep them up!

(1) Good for your security, and good for the environment – if you aren’t using the computer or router, switch it off or put it to sleep. It’s pretty challenging to break into a computer that is switched off, your carbon emissions go down and more importantly, if you are a climate change sceptic like me, so does your electricity bill. Unless your computer is performing an active task why leave it on? Boot times from sleep are negligible on modern systems, and if you really can’t spare 30 seconds to boot your computer – I think you might need to re-evaluate your life …

(2) We’re all guilty of this one, and I know so many security professionals that say the same, we reuse passwords – we have one or two _good_ passwords (complex 8 to 10 characters etc.) that we use for everything, making the assumption that, because it is a strong password that protects us. The trouble is that all websites aren’t created equal, just because we trust Amazon doesn’t mean that we should trust – yet we do. True, some of us are looking for the SSL certificates and the like, but to be honest – if they are then storing the password in plain text in a MySQL database that is accessible to the world and his dog then it makes no difference. As much as you can – don’t reuse passwords...


Thursday, December 23, 2010

Resurrecting Deadbeats

by Craig Ball

Craig Ball
About the Author

Craig Ball is a Texas lawyer who limits his practice to service as a court-appointed special master and consultant in computer forensics and electronic discovery.

An op-ed piece in the New York Times called Begging for Your Pay describes the humiliating ordeal of freelancers forced to hound clients to recover thousands of dollars of compensation. It brings to mind the occasional posts on computer forensics lists where our colleagues vent about unpaid invoices.

Sometimes, the unpaid forensic examiners wonder if they must throw good money after bad or whether they can refuse to appear at deposition or trial. Other times, the posts prompt discussion of recourse—lawyerly letters, withheld work product or lawsuits. More than anything, these list posters seek commiseration: reassurance that he or she is not the only knucklehead who let a deadbeat run up a big tab.

Sometimes, we are so anxious to get new business that we don’t protect ourselves against bad business. Bad business is worse than no business because bad business costs you money.

Any business that extends credit to its customers risks non-payment. We don’t think of computer forensics as a business that extends credit, but when you work without retainer or the retainer is used up, you’re financing your client’s investigation and must take steps to limit your credit risk.

In tough times, clients will impose on your goodwill to finance litigation. If you want to be their bank, be sure you’re adequately compensated and acting in compliance with credit regulations, then be prepared for default. A mechanic has a lien on the car being repaired, but you can’t sell client data to defray unpaid bills.

Here are some of the steps I take to insure prompt payment and guard against default...


Pre-Emptive Digital Forensics Research

by Chris Hargreaves

Chris Hargreaves
About the Author

Dr Chris Hargreaves is a lecturer at the Centre for Forensic Computing at Cranfield University in Shrivenham, UK.

In August 2010 it was announced that Google Wave would not be continuing as a stand-alone product, having been available to the general public for just 2-3 months. In that time period, it is unlikely that much research had begun into the digital artefacts left by Google Wave. However, if an investigation of a machine from that time-period required an examination of a suspect’s use of Google Wave, such research would need to be retrospectively carried out. This article discusses the advantages and disadvantages of pre-emptive and reactive digital forensics research.

Predicting the future is quite hard. This can be evidenced by the many quotes that are used as examples of failed predictions. Unfortunately the provenance of some of these quotes is questionable, but many are attributable:

“This ‘telephone’ has too many shortcomings to be seriously considered as a means of communication”, Western Union (1878)
“Heavier-than-air flying machines are impossible”, Lord Kelvin (1895)
“A rocket will never be able to leave the Earth’s atmosphere”, New York Times, (1936)
“I think there is a world market for about five computers", Thomas J. Watson (1943)
"Computers in the future may weigh no more than 1.5 tons", Popular Mechanics (1949)
“There is no reason anyone would want a computer in their home", Ken Olson (1977)
”640K ought to be enough for anybody”, Bill Gates (1981)

Despite the difficulty in predicting the success or failure of a particular technology, this is precisely what is required in order to conduct pre-emptive research in digital forensics. In this article, pre-emptive research refers to any research conducted that is not in response to a current investigation and is conducted in order to acquire some knowledge in advance of encountering a particular technology in a real investigation. Reactive research is the opposite, and is research that is conducted during an investigation in response to encountering some artefacts left by a suspect’s use of a particular technology...


Monday, December 06, 2010

Sample search warrants and affidavits

A number of sample search warrants and affidavits is now available at (many thanks to the Forensic Focus member who submitted them).

Please consider submitting similar sample documents for your own jurisdiction to act as examples for other investigators. Discussion of issues surrounding search warrants is encouraged and should be directed towards the forums.