Digital Forensics

  • Most Topular Stories

  • Experts Question Legality of Use of Regin Malware by Intel Agencies Secure Hunter

    Secure Hunter Anti-Malware » Secure Hunter Blog
    shadmin
    26 Nov 2014 | 4:50 am
    Though security researchers involved in uncovering the attack have remained mum on the attribution of Regin, privacy experts say that if one of the intelligence agencies is involved, there’s no legal basis for the operation. Threatpost | The first stop for security news Secure Hunter Anti -Malware The post Experts Question Legality of Use of Regin Malware by Intel Agencies Secure Hunter appeared first on Secure Hunter Anti-Malware.
  • "Kerberos in the Crosshairs: Golden Tickets, Silver Tickets, MITM, and More"

    SANS Digital Forensics and Incident Response Blog
    Mike Pilkington
    23 Nov 2014 | 7:47 pm
    It's been a rough year for Microsoft's Kerberos implementation. The culmination was last week when Microsoft announced critical vulnerability MS14-068. In short, this vulnerability allows any authenticated user to elevate their privileges to domain admin rights. The issues discussed in this article are not directly related this bug. Instead we'll focus on design and implementation weaknesses that can be exploited under certain conditions. MS14-068 is an outright bug which should be patched immediately. If you haven't patched it yet, I suggest you skip this article for now and work that issue…
  • Magnet Forensics Releases Internet Evidence Finder v6.5

    Forensic Focus
    25 Nov 2014 | 2:24 am
    With the release of Internet Evidence Finder v6.5, Magnet Forensics adds support for Windows Phone, and introduces new triage features including live system artifact recovery capabilities. IEF is already capable of recovering evidence from native and third-party mobile applications found on Android and iOS smartphones. With IEF v6.5, investigators can now analyze a physical image of a Windows Phone acquired using JTAG and chip-off techniques. Now available as an optional module, Triage capabilities can be added-on to any license, giving an examiner the flexibility to bring their dongle into…
  • Response to "Can a CISO Serve Jail Time?"

    TaoSecurity
    Richard Bejtlich
    17 Nov 2014 | 8:30 am
    I just read a story titled Can a CISO Serve Jail Time? Having been Chief Security Officer (CSO) of Mandiant prior to the FireEye acquisition, I thought I would share my thoughts on this question.In brief, being a CISO or CSO is a tough job. Attempts to criminalize CSOs would destroy the profession.Security is one of the few roles where global, distributed opponents routinely conduct criminal acts against business operations. Depending on the enterprise, the offenders could be nation state adversaries largely beyond the reach of any party, to include the nation state hosting the…
  • Cybercrime research lab will call UAlbany home - Albany Times Union

    digital forensics - Google News
    26 Nov 2014 | 10:07 pm
    Albany Times UnionCybercrime research lab will call UAlbany homeAlbany Times UnionIt will be led by Sanjay Goel, an associate professor at the school who is in charge of the cybersecurity center and started a new undergraduate program in digital forensics that is one of the first of its kind in the nation. Goel says that a "paradigm The University at Albany to Host First Data Breach Research LaboratoryIT Business Netall 6 news articles »
  • add this feed to my.Alltop

    SANS Digital Forensics and Incident Response Blog

  • "Kerberos in the Crosshairs: Golden Tickets, Silver Tickets, MITM, and More"

    Mike Pilkington
    23 Nov 2014 | 7:47 pm
    It's been a rough year for Microsoft's Kerberos implementation. The culmination was last week when Microsoft announced critical vulnerability MS14-068. In short, this vulnerability allows any authenticated user to elevate their privileges to domain admin rights. The issues discussed in this article are not directly related this bug. Instead we'll focus on design and implementation weaknesses that can be exploited under certain conditions. MS14-068 is an outright bug which should be patched immediately. If you haven't patched it yet, I suggest you skip this article for now and work that issue…
  • "Protecting Privileged Domain Accounts: Restricted Admin and Protected Users"

    Mike Pilkington
    12 Nov 2014 | 7:51 pm
    It's been a while since I've written about this topic, and in that time, there have been some useful security updates provided by Microsoft, as well as some troubling developments with Microsoft's Kerberos implementation. In order to fully cover these topics, I'm going to split the discussion into two articles. This article will cover specific updates Microsoft has provided to help protect user credentials. I'll follow up next week to discuss the Kerberos issues in depth.As a quick reminder, the major takeaway from my previous articles on this subject are that we can successfully protect our…
  • "SANS DFIR Summit 2015 - Call For Papers"

    Rob Lee
    30 Oct 2014 | 7:31 pm
    Dates:Summit Dates: - July 7-8, 2015Post-Summit Training Course Dates: July 9-14, 2015Summit Venue:Hilton Austin500 East 4th StreetAustin, TX78701Phone: 512-482-8000 TheDigital Forensics and Incident Response Summit will once again be ...
  • "DFIRCON East Advanced Smartphone Forensics Challenge Winner Announced!"

    hmahalik
    8 Oct 2014 | 4:08 am
    Due to the vast amount of responses we got for our Smartphone Forensic Challenge, the winner was just determined. The rules states that the winner must answer 4 of the 6 questions correctly, and the lucky winner answered all 6 questions correctly. Shawna Denson, you are the lucky winner!!!!Thank you to everyone who submitted. FOR585 Advanced Smartphone Forensics is currently being held online virtual training via onDemand, at Network Security 2014 (Las Vegas), and
  • "Announcing the GIAC Network Forensic Analyst Certification - GNFA"

    SANS Institute
    6 Oct 2014 | 11:07 pm
    A new security certification focused on the challenging field of network forensicsBETHESDA, MD - October 7, 2014- Global Information Assurance Certification (GIAC) is pleased to announce a new forensics certification, the GIAC Network Forensic Analyst (GNFA). The GNFA validates that professionals who hold this credential are qualified to perform examinations employing network forensic artifact analysis and demonstrate an understanding of the fundamentals of network forensics, normal and abnormal conditions for common network protocols, the process and tools used to examine device and system…
 
  • add this feed to my.Alltop

    TaoSecurity

  • Response to "Can a CISO Serve Jail Time?"

    Richard Bejtlich
    17 Nov 2014 | 8:30 am
    I just read a story titled Can a CISO Serve Jail Time? Having been Chief Security Officer (CSO) of Mandiant prior to the FireEye acquisition, I thought I would share my thoughts on this question.In brief, being a CISO or CSO is a tough job. Attempts to criminalize CSOs would destroy the profession.Security is one of the few roles where global, distributed opponents routinely conduct criminal acts against business operations. Depending on the enterprise, the offenders could be nation state adversaries largely beyond the reach of any party, to include the nation state hosting the…
  • Thank You for the Review and Inclusion in Cybersecurity Canon

    Richard Bejtlich
    10 Nov 2014 | 2:27 pm
    I just read The Cybersecurity Canon: The Practice of Network Security Monitoring at the Palo Alto Networks blog. Rick Howard, their CSO, wrote the post, which marks the inclusion of my fourth book in Palo Alto's Cybersecurity Canon. According to the company's description, the Canon is:a list of must-read books where the content is timeless, genuinely represents an aspect of the community that is true and precise and that, if not read, leaves a hole in a cybersecurity professional’s education that will make the practitioner incomplete.The Canon candidates include both fiction and…
  • We Need More Than Penetration Testing

    Richard Bejtlich
    16 Sep 2014 | 9:47 am
    Last week I read an article titled  People too trusting when it comes to their cybersecurity, experts say by Roy Wenzl of The Wichita Eagle. The following caught my eye and prompted this post:[Connor] Brewer is a 19-year-old sophomore at Butler Community College, a self-described loner and tech geek...Today he’s what technologists call a white-hat hacker, hacking legally for companies that pay to find their own security holes. When Bill Young, Butler’s chief information security officer, went looking for a white-hat hacker, he hired Brewer, though Brewer has yet to complete…
  • A Brief History of Network Security Monitoring

    Richard Bejtlich
    16 Sep 2014 | 9:07 am
    Last week I was pleased to deliver the keynote at the first Security Onion Conference in Augusta, GA, organized and hosted by Doug Burks. This was probably my favorite security event of the year, attended by many fans of Security Onion and the network security monitoring (NSM) community.Doug asked me to present the history of NSM. To convey some of the milestones in the development of this operational methodology, I developed these slides (pdf). They are all images, screen captures, and the like, but I promised to post them. For example, the image at left is the first slide from a…
  • Bejtlich Teaching at Black Hat Trainings 8-9 Dec 2014

    Richard Bejtlich
    4 Sep 2014 | 8:41 am
    I'm pleased to announce that I will be teaching one class at Black Hat Trainings 2014 in Potomac, MD, near DC, on 8-9 December 2014. The class is Network Security Monitoring 101. I taught this class in Las Vegas in July 2013 and 2014, and Seattle in December 2013. I posted Feedback from Network Security Monitoring 101 Classes last year as a sample of the student commentary I received.This class is the perfect jumpstart for anyone who wants to begin a network security monitoring program at their organization. You may enter with no NSM knowledge, but when you leave…
  • add this feed to my.Alltop

    digital forensics - Google News

  • Cybercrime research lab will call UAlbany home - Albany Times Union

    26 Nov 2014 | 10:07 pm
    Albany Times UnionCybercrime research lab will call UAlbany homeAlbany Times UnionIt will be led by Sanjay Goel, an associate professor at the school who is in charge of the cybersecurity center and started a new undergraduate program in digital forensics that is one of the first of its kind in the nation. Goel says that a "paradigm The University at Albany to Host First Data Breach Research LaboratoryIT Business Netall 6 news articles »
  • Social media in digital forensics - IT-Online

    24 Nov 2014 | 11:40 pm
    Social media in digital forensicsIT-OnlineSocial media has fundamentally changed the way information is shared and accessed. As a result, these channels are playing an increasingly important role in cyber forensic investigations. “Social media has become an extension of our everyday lives and
  • New Version of Computer Forensics Tool Registry Recon Released - IT News Online

    13 Nov 2014 | 11:32 am
    New Version of Computer Forensics Tool Registry Recon ReleasedIT News OnlineBOSTON, Nov. 13, 2014 /PRNewswire/ -- Arsenal Recon, (www.ArsenalRecon.com) providers of digital forensics solutions built by digital forensics experts, announce the release of Registry Recon version 2.1. Registry Recon is the only digital forensics and more »
  • Leading the Eyewitness: Digital Image Forensics in a Megapixel World - Scientific Computing

    12 Nov 2014 | 8:21 am
    Scientific ComputingLeading the Eyewitness: Digital Image Forensics in a Megapixel WorldScientific ComputingSpecific bits of a digital image file that have been replaced with the bits of a secret steganographic payload permit a covert agent to post top-secret documents on their Facebook wall by simply uploading what appear to be cute images of kittens on any
  • Yaniv Schiff Promoted to Director of Digital Forensics at Forensicon, Inc. - IT News Online

    11 Nov 2014 | 5:54 am
    Yaniv Schiff Promoted to Director of Digital Forensics at Forensicon, Inc.IT News OnlineCHICAGO, Nov. 11, 2014 /PRNewswire/ -- Forensicon, Inc., a Chicago-based digital forensics and eDiscovery firm, is pleased to announce the promotion of Yaniv Schiff from Senior Computer Forensics Examiner to Director of Digital Forensics. In Schiff's and more »
 
  • add this feed to my.Alltop

    Ex Forensis

  • Cell Phone Tracking via Call Detail Records

    17 Nov 2014 | 9:29 am
    We live in a world today where individuals’ movements and locations are being recorded in many different ways.  These movements and locations are commonly being used as evidence in civil, criminal and domestic litigation.  It is of paramount importance that anyone who is involved in litigation that uses cellular location evidence understands the appropriate and inappropriate use of this type of
  • Jodi Arias - Computer Evidence Destroyed by the Police?

    13 Nov 2014 | 5:22 am
    The defense in the Jodi Arias case has raised a significant issue of evidence tampering by the police in this case.  The motion alleges that evidence was purposely deleted from the victim's computer while it was in the custody of the police. You can read the full article here.
  • Are you really anonymous on the TOR network? Federal Cybersecurity Director Found Guilty on Child Porn Charges

    27 Aug 2014 | 10:13 am
    Federal Cybersecurity Director Found Guilty on Child Porn Charges BY KIM ZETTER WIRED MAGAINZE. "Tor is free software that lets users surf the web anonymously. Using the Tor browser, the traffic of users is encrypted and bounced through a network of computers hosted by volunteers around the world before it arrives at its destination, thus masking the IP address from which the visitor originates
  • Computer investigator pleads guilty to misrepresenting credentials

    7 Feb 2014 | 11:11 am
    http://www.concordmonitor.com/home/10505029-95/computer-investigator-pleads-guilty-to-misrepresenting-credentials " A Rye private investigator who has received $23,000 from the state since 2006 to do computer forensic investigations for indigent defendants pleaded guilty last week to misrepresenting some of her investigative certifications on her company’s website. Judith Gosselin, owner and
  • Anal probes? A new kind of abduction scenario that started with clinched butt cheeks.

    6 Nov 2013 | 6:56 am
    Forget about aliens and UFOs.  Instead of watching the sky, apparently we need to be watching the police. "The incident began January 2, 2013 after David Eckert finished shopping at the Wal-Mart in Deming.  According to a federal lawsuit, Eckert didn't make a complete stop at a stop sign coming out of the parking lot and was immediately stopped by law enforcement.     Eckert's attorney,
  • add this feed to my.Alltop

    Checkmate

  • The Lesser Known XE Attack

    Suleiman Farouk
    17 Nov 2014 | 11:37 pm
    The Meaning XE which stands for XML Entity is a standard for representing sets of data. Meanwhile, Entities are more like shortcuts to standard text or special characters e.g. wherever you see “X” replace it with “Y”. An entity can be declared either internal or external. An internal entity is defined in-line like a macro. Read More... The post The Lesser Known XE Attack appeared first on Checkmate.
  • Shellshock Exploitation: Using BeEF Framework

    Nilesh Sapariya
    28 Oct 2014 | 3:14 am
    In a previous article, we have described the Shellshock vulnerability and in this article we show how to exploit this vulnerability using the BeEF Framework. However, here’s a quick and dirty way to check if you’re vulnerable or not: Type this command:env x='() { :;}; echo vulnerable’ bash -c “echo this is a test” Note: Read More... The post Shellshock Exploitation: Using BeEF Framework appeared first on Checkmate.
  • POODLE Advisory

    Alex Rajan
    20 Oct 2014 | 1:30 am
    What is POODLE? POODLE stands for Padding Oracle On Downgraded Legacy Encryption Vulnerability CVE: CVE-2014-3566 What is the attack? The attack occurs when an attacker is able to downgrade the client to use SSLv3. By simulating a failure during the negotiation process, an attacker can force a browser and a server to renegotiate using an Read More... The post POODLE Advisory appeared first on Checkmate.
  • Mitigating the Remote Code Execution in Bash

    Rajesh Deo
    6 Oct 2014 | 3:28 am
    Introduction In the last post we saw how the recent bash vulnerability can be remotely exploited in a variety of ways. How do we defend against this? Below we discuss steps that will help your organization identify vulnerable components and initiate mitigation activities. Steps to identify, test and mitigate vulnerable systems   Make an inventory Read More... The post Mitigating the Remote Code Execution in Bash appeared first on Checkmate.
  • Bourne Again Shell (Bash) Remote Code Execution Vulnerability

    Rajesh Deo
    26 Sep 2014 | 2:35 am
    Introduction A remotely exploitable vulnerability was discovered by Stephane Chazelas of Akamai in the GNU Bash command shell. The vulnerability has been assigned the CVE identifier CVE-2014-6271. Exploitation of this vulnerability may allow a remote attacker to execute arbitrary code on an affected system. The issue affects all UNIX and UNIX-like systems such as Linux Read More... The post Bourne Again Shell (Bash) Remote Code Execution Vulnerability appeared first on Checkmate.
 
  • add this feed to my.Alltop

    Forensic Focus

  • Magnet Forensics IEF Essentials Training Review

    27 Nov 2014 | 2:09 am
    On the 14th-17th of October 2014, Magnet Forensics ran its first remote training course on the essential knowledge required to properly use Internet Evidence Finder, Magnet's flagship software solution. The course was set up with the aim of aiding digital forensics investigators who are completely new to IEF, or investigators who are not used to working with digital forensics solutions but require their use on certain cases. Rob Maddox, Magnet's Director of Global Training, put the course together and described how it was developed: “We designed the 3-day IEF Essentials course for new and…
  • Rob Maddox, Director of Global Training, Magnet Forensics

    25 Nov 2014 | 6:02 am
    Rob, please tell us about your role as Director of Global Training at Magnet Forensics. My role as the Director of Global Training for Magnet Forensics encompasses several unique yet interconnected responsibilities, which include training development and delivery; business development; de facto sales and marketing representation; and product development. First and foremost, I have been responsible for developing the new 3-day IEF Essentials course. I basically spent the first two months in my new position locked in my office, surviving on energy drinks and microwave meals, while working on…
  • Magnet Forensics Releases Internet Evidence Finder v6.5

    25 Nov 2014 | 2:24 am
    With the release of Internet Evidence Finder v6.5, Magnet Forensics adds support for Windows Phone, and introduces new triage features including live system artifact recovery capabilities. IEF is already capable of recovering evidence from native and third-party mobile applications found on Android and iOS smartphones. With IEF v6.5, investigators can now analyze a physical image of a Windows Phone acquired using JTAG and chip-off techniques. Now available as an optional module, Triage capabilities can be added-on to any license, giving an examiner the flexibility to bring their dongle into…
  • Proposed UK law aims to identify suspects by IP address

    24 Nov 2014 | 5:35 am
    A law forcing firms to hand details to police identifying who was using a computer or mobile phone at a given time is to be outlined by Theresa May. The home secretary said the measure would improve national security. As part of the Counter-Terrorism and Security Bill, providers would have to retain data linking devices to users. But campaigners warned it could see the revival of the so-called "snoopers' charter" - a previous attempt to bring in wide-ranging web monitoring powers... Read More (BBC)
  • Discover Evidence on PCs and Mobile Devices with Belkasoft Evidence Center 2015

    20 Nov 2014 | 2:26 am
    Belkasoft have released a major update to their flagship forensic tool, Belkasoft Evidence Center. With the version 7.0, Evidence Center becomes a true all-in-one forensic solution, reliably analyzing evidence from all imaginable sources. Evidence Center is well known for its ability to easily find and analyze 500+ types of evidence (such as documents, emails, chats, system and registry files, etc.). What makes this new release different is the ability not just to analyze supported apps and formats, but also to perform low-level investigations of any piece of evidence on a suspect’s device…
  • add this feed to my.Alltop

    (ISC)2 Blog

  • Why Vote?

    (ISC)² Management
    25 Nov 2014 | 5:11 pm
    Your vote counts.  How (ISC)² members drive the direction of the organization.   In a recent election, the outcome was determined by a mere seven votes. If you think your vote doesn’t matter, think again. You have five days left to participate in the (ISC)² Board of Directors elections, and with less than a week, we’d like to remind you why your vote counts, and why your voice is vital.   What does your current Board of Directors think about elections? “The nomination and election process is one of the most significant tasks we have each year,” notes board member…
  • US Postal Service Breach Comments from (ISC)² Leadership

    (ISC)² Management
    10 Nov 2014 | 1:58 pm
    “Unfortunately, this breach is just the latest in a series of incidents that have targeted the US government.  It seems this particular incident revealed information on individuals that could lead to targeted spear-phishing attacks towards USPS employees.  All of us need to be aware of potential phishing schemes, but in this particular case, USPS employees should be on the lookout for any suspicious email that would serve as a mechanism to extract additional information such as USPS intellectual property, credit card information and other types of sensitive data.”-Dan Waddell,…
  • Protecting the Integrity of (ISC)² Certifications

    (ISC)² Management
    5 Nov 2014 | 1:35 pm
    There are recent reports of widespread cheating on certification exams in China, South Korea, and a few other countries.  As a CISSP-ISSEP and CAP, nothing is more important to me professionally or personally than my (ISC)² credentials.  I am proud of the credentials that I worked very hard to achieve.  And, I stand with more than 100,000 others worldwide who are certified by (ISC)² and recognize that certification is a privilege that must be legitimately earned and maintained.       During (ISC)²’s 25 year history, candidates and members…
  • (ISC)² Application Security Advisory Council Releases Set of Tips for More Secure Software

    (ISC)² Management
    31 Oct 2014 | 11:17 am
    To celebrate the 11th annual National Cyber Security Awareness Month (NCSAM), (ISC)² has released its fifth and final set of tips by its Application Security Advisory Council: tips for more secure software. “Make sure your business functionality maps to a security plan (i.e., security is built-in, not bolted-on). Design your software with the future in mind, not just of the now (i.e., it is adaptable to talent-, technological- and threat- changes). Don’t develop your software if your modus operandi is, ‘You start coding, I will go find out what they want.’ This is not agile…
  • (ISC)² Releases Set of Cybersecurity Tips for CEOs

    (ISC)² Management
    30 Oct 2014 | 9:34 am
    To celebrate the 11th annual National Cyber Security Awareness Month (NCSAM), (ISC)² has released its fourth set of tips by security experts: cybersecurity tips for Chief Executive Officers (CEOs). “Two-factor authentication (something you have, know, or are) has become very important for system access. Passwords alone just do not cut it anymore. This is extremely important as we see the rapid rise in financial transactions, particularly on mobile devices. Ask your bank if two-factor authentication is available and if not, get another bank that does. Credit card companies and online…
  • add this feed to my.Alltop

    UNIX System Administration: Solaris, AIX, HP-UX, Tru64, BSD.

  • Microsoft released .NET Core as open source. Find out what's inside!

    cmihai
    13 Nov 2014 | 2:38 am
    Microsoft announced that .NET Core will be open source, including the runtime and the framework libraries.There are several open source Microsoft .NET projects on GitHub and CodePlex:.NET Core 5 (corefx) - foundational libraries that make up the .NET Core development stack;.NET Core 5 buildtools - Build tools that are necessary for building the .NET Core project;.NET Compiler Platform (Roslyn) - open-source C# and Visual Basic compilers with rich code analysis APIs;EntityFramework - Microsoft's recommended data access technology for new applications in .NET;ASP.NET vNext Home - The Home…
  • Set up a highly available firewall and load balancer in the IBM cloud

    cmihai
    20 Feb 2013 | 8:04 pm
    http://www.ibm.com/developerworks/cloud/library/cl-setupfirewalloncloud/index.htmlSummary:  Set up a highly available (Virtual Router Redundancy Protocol) firewall and load balancer (Linux Virtual Server IP Virtual Server) using Keepalived for Linux and the IBM SmartCloud Enterprise virtual IP and anti-collocation features.
  • QEMU and kpartx to perform bare metal recovery or forensics on cloud instances

    cmihai
    19 Oct 2012 | 2:09 pm
    Using qemu or kpartx to perform "bare metal" instance recovery or forensics on KVM cloud instances:Use QEMU on IBM SmartCloud Enterprise to recover images after system disasters
  • HP to Contribute webOS to Open Source

    cmihai
    11 Dec 2011 | 7:24 am
    Looks like after killing their TouchPad tablet, HP open sources WebOS:http://www.hp.com/hpinfo/newsroom/press/2011/111209xa.html?mtxs=rss-corp-newshttp://developer.palm.com/blog/2011/12/open-source/I wonder.. https://github.com/hpwebosMight mean the TouchPad will make a comback. We'll see.
  • Review: 1Q84

    cmihai
    11 Dec 2011 | 4:26 am
    1Q84 by Haruki Murakami My rating: 5 of 5 stars I can't quite put my finger on it, but this books keeps reminding me of things I've forgotten or ignored.I must say I've enjoyed Book 3 the most.Well, that's it. For now at least - I'm out of Murakami :-(. View all my reviews
 
  • add this feed to my.Alltop

    viaForensics

  • Fox Business: viaProtect is “democratizing mobile security”

    Linnea
    21 Nov 2014 | 12:42 pm
    “We’re focusing a lot of effort on democratizing mobile security… We’re making it accessible in real time on [user’s] device(s) so they know exactly what to do.” -CEO Andrew Hoog, Fox Business, November 21, 2014 Read the full article
  • Extract More Data & Targeted Data Faster and with viaExtract 2.7

    Linnea
    21 Nov 2014 | 10:25 am
    viaExtract, our forensic software, now includes Android 5.0 logical and backup support, support for new apps including Google+ and Yahoo mail, AF logical extractions, and much more. Download the Community Edition Android 5.0 Logical/Backup Suppport Support for the latest version of Android. viaExtract 2.7 provides support for the latest version of android with AFLogical and ADB backup extractions. More third party app support Retrieve data from even more apps. Now, you have access to data from Google+, Outlook.com and Yahoo Mail, in addition to the other apps made accessible on previous…
  • viaLab 3.2 New Features: SSL scans, AddJavaScriptInterface check, and more

    Kevin Swartz
    18 Nov 2014 | 3:32 pm
    viaLab, the mobile app security assessment suite developed by viaForensics, now includes SSL scans, forensic tab enhancements, AddJavaScriptCheck … and much more. Combined with other automated app security testing features available in viaLab, you can now greatly reduce the time required to discover vulnerabilities and sensitive data leaks during application development. New automated tests AddJavascriptInterface Check (Static Analysis Additional Test — Android) Check for vulnerabilities to the AddJavascriptInterface issue. You can now check embedded WebViews for potential…
  • Chee-Young Kim: Co-founding a Startup

    Linnea
    17 Nov 2014 | 2:19 pm
    Chee-Young Kim has the air of a seasoned entrepreneur, but in reality her role as co-founder of a startup is relatively new. In fact, she spent the bulk of her career working at a Fortune 500 company. So how did she conceive of and successfully navigate the path to becoming co-founder of a startup? I sat down with her last week to talk about what has contributed to or inhibited her success along the way. Linnea Madsen: Your role at viaForensics makes you an anomaly in a couple of different ways. First of all, you’re a female leader in the tech industry, which is rare. But also,…
  • Enhancing, never replacing: Automated testing in a manual world

    Andrew Hoog
    5 Nov 2014 | 2:11 pm
    We’re always looking for feedback from customers and customers to-be. It helps us refine our products in order to meet real world needs in mobile security technology. It also helps us educate our users when they might have concerns or misconceptions about how our technology works and what it can help them accomplish. Recently, we’ve had a few people voice similar questions about viaLab and its scalability, and figured this would be a good place to address some of those queries. Automation and Hands On Testing viaLab was created as a mobile application security assessment suite…
  • add this feed to my.Alltop

    Forensics from the sausage factory

  • Imaging drives protected with Apple FileVault2 encryption

    10 Nov 2014 | 3:28 am
    Recognising FileVault2 encryptionApple FileVault 2 facilitates full disk encryption and requires OS X Lion or later and OS X Recovery installed on the start up drive. It is easy to detect. In the screenshot in Figure 1 File Vault 2 is activated on the Macintosh HD volume. Note that Encase indicates that all clusters on this volume are unallocated. The other partitions visible are the EFI partition and the Recovery partition. Figure 1 Any Mac using FileVault2 uses the GPT partitioning scheme. In GPT LBA0 contains a protective MBR, LBA1 contains the primary GPT header and LBA2 contains the…
  • Mac OS X "Set date and time automatically"

    9 Apr 2014 | 9:51 am
    Just as I've found the time to write up a blog post along comes an appropriate time related subject.Recently I examined an Apple iMac running Mountain Lion.  I was only given access to an image. This presented a problem because the matter under investigation relied on accurate time stamps and I had no system clock to check. I knew that by default Apple OS X (Snow Leopard through to Mavericks for certain and probably earlier versions) will Set date and time automatically whilst connected to the internet (to allow a connection to a network time server using Network Time Protocol [ntp] ) as…
  • Apple Safari update and fsCachedData

    10 Dec 2013 | 3:41 am
    Recently I have had cause to look again at how the Apple Safari web browser stores cache. Surprisingly much of what I wrote concerning Safari back in 2010 still holds true.  The introduction of OSX Lion brought some changes in that a new table cfurl_cache_receiver_data was created within the SQLite cache.db database and used to store the cached item as a binary large object in the receiver_data field.   Previously this field was within the cfurl_cache_blob_data table.I have now looked at Safari version 7 running in OSX Mavericks and found that not all cached data…
  • Location Data within JPGs

    4 Mar 2013 | 11:15 am
    We have become accustomed to fact that many of our digital photographs have location data embedded within them, populated with a GPS receiver. This data is often utilized by the modern photo management programs such as iPhoto and could conceivably have some evidential value at some point.  So where is it stored? You are probably thinking, like I was, that it was sat along with all that other Exif data, is possibly in plain text and that it would be easy to locate and retrieve.  In fact there is a little more to it.In Figure 1 we can see the first…
  • Windows Live Messenger – MessengerCache folder

    15 May 2012 | 4:36 am
    A recent case was unusual because most of the ipoc were located by the police examiner in a folder entitled MessengerCache at the path C:\Users\<user_name>\AppData\Local\Temp\MessengerCache. My mission was to have a closer look at how this folder is utilised by the program Windows Live Messenger.  The folder is a hidden folder and is used for various purposes by WLM.  I found that the folder can be used to store the user tile (this may be an icon or a thumbnail photograph or graphic) and theme picture of a remote contact. Of course the remote user (who could be anywhere in the…
  • add this feed to my.Alltop

    DFI News All

  • Internet Evidence Finder v6.5

    rwaters
    26 Nov 2014 | 5:40 am
    With the release of Internet Evidence Finder v6.5, Magnet Forensics adds support for Windows Phone, and introduces new triage features including live system artifact recovery capabilities.Read more about Internet Evidence Finder v6.5Comments
  • UAlbany to Host Data Breach Research Laboratory

    rwaters
    26 Nov 2014 | 5:35 am
    The University at Albany School of Business has been selected to host a research laboratory designed to improve exploration into cyber security and incident response.Read more about UAlbany to Host Data Breach Research LaboratoryComments
  • Why it Took Years to Discover Regin

    rwaters
    26 Nov 2014 | 5:25 am
    After Symantec published its report on the Regin super-spyware, there were many questions raised. Who coded it? What can it do? And – above all – why did it take so long for security vendors to notice it? Regin is a sophisticated piece of software. It can be customized for particular missions by inserting into its framework plugins that provide individual bits of functionality. If a copy is captured, only parts of the malware are revealed rather than its full capabilities.Read more about Why it Took Years to Discover ReginComments
  • Hacking Down for the Holidays

    rwaters
    26 Nov 2014 | 5:19 am
    The holiday sales season and the online crush that accompanies it might seem a natural field day for hackers looking to attack the small and midsize retailers who depend on these sales to bump them into the black. Surprisingly, it's not. An analysis by IBM finds that cyberattacks don't peak during November and December. That's good, because security and IT staff are slammed as they are just making sure nothing breaks during the crucial sales season.Read more about Hacking Down for the HolidaysComments
  • Ethical Decision Making

    rwaters
    26 Nov 2014 | 5:13 am
    Read more about Ethical Decision MakingComments
 
  • add this feed to my.Alltop

    Secure Hunter Anti-Malware » Secure Hunter Blog

  • Experts Question Legality of Use of Regin Malware by Intel Agencies Secure Hunter

    shadmin
    26 Nov 2014 | 4:50 am
    Though security researchers involved in uncovering the attack have remained mum on the attribution of Regin, privacy experts say that if one of the intelligence agencies is involved, there’s no legal basis for the operation. Threatpost | The first stop for security news Secure Hunter Anti -Malware The post Experts Question Legality of Use of Regin Malware by Intel Agencies Secure Hunter appeared first on Secure Hunter Anti-Malware.
  • Sony Pictures Dealing With Apparent Network Compromise Secure Hunter

    shadmin
    25 Nov 2014 | 4:50 pm
    Sony Pictures Entertainment is still in the process of trying to recover from an apparent compromise of some of the company’s computer systems. The attack first came to light on Monday, and the extent of the incident is still emerging. The compromise appears to affect just the networks at SPE, a division of Sony. Reports […] Threatpost | The first stop for security news Secure Hunter Anti -Malware The post Sony Pictures Dealing With Apparent Network Compromise Secure Hunter appeared first on Secure Hunter Anti-Malware.
  • Regin Cyberespionage Platform Also Spies on GSM Networks Secure Hunter

    shadmin
    25 Nov 2014 | 4:51 am
    Kaspersky Lab researchers have learned that the Regin cyberespionage platform also targets GSM telecommunications networks. Threatpost | The first stop for security news Secure Hunter Anti -Malware The post Regin Cyberespionage Platform Also Spies on GSM Networks Secure Hunter appeared first on Secure Hunter Anti-Malware.
  • Costin Raiu on the Regin APT Malware Secure Hunter

    shadmin
    24 Nov 2014 | 4:51 pm
    Denis Fisher talks with Costin Raiu of the Kaspersky Lab GReAT Team about the discovery of the Regin APT malware, the threat’s targets and tactics, its ability to compromise GSM base stations and its other capabilities. Threatpost | The first stop for security news Secure Hunter Anti -Malware The post Costin Raiu on the Regin APT Malware Secure Hunter appeared first on Secure Hunter Anti-Malware.
  • Angler Exploit Kit Adds New Flash Exploit for CVE-2014-8440 Secure Hunter

    shadmin
    21 Nov 2014 | 4:51 pm
    Exploit kit authors are nothing if not opportunistic, and they know a prime opportunity when they see one. Adobe Flash bugs fit that description nicely, and the people behind the Angler exploit kit already are exploiting one of the Flash bugs patched last week in the kit’s arsenal. This is a common tactic for exploit […] Threatpost | The first stop for security news Secure Hunter Anti -Malware The post Angler Exploit Kit Adds New Flash Exploit for CVE-2014-8440 Secure Hunter appeared first on Secure Hunter Anti-Malware.
  • add this feed to my.Alltop

    Elvidence | Computer Forensics

  • How to avoid falling victim to BadUSB

    admin
    22 Nov 2014 | 9:34 pm
    One of the information security weaknesses that’s hit the news recently is the ‘BadUSB’ vulnerability. First revealed by researchers last summer, BadUSB allows the controller chips in USB devices to be reprogrammed so that they behave in a malicious way. There are a number of manufacturers of these chips which are used in flash drives and a wide range of other USB devices including external storage, printers and cameras. Depending on who made the chips some can be reprogrammed, some can’t and some only in a particular set of circumstances. The problem is that makers of end-user…
  • Computer Forensic Investigator = Protecting Your Business

    admin
    1 Nov 2014 | 5:56 am
    Computer forensics is usually something that is associated with legal proceedings, yet it has other uses too. As businesses come to rely more and more on data, the ability to have a detailed analysis of the contents of a PC carried out via computer forensic investigator can be extremely useful. It can help identify internal issues such as who is accessing data or using systems for personal tasks, it can show where leaks have taken place and it can help pinpoint factors to improve the security of your data. Spotting Internal Threats Data is a valuable commodity for most businesses today and…
  • When is an Expert Opinion Allowed in Law?

    admin
    23 Oct 2014 | 9:39 pm
    There’s an old joke which says that the definition of ‘expert’ is derived from ‘ex’ – meaning a has been, and ‘spurt’ – meaning a drip under pressure. In the legal world though defining an expert is rather more serious. Similarly an opinion, in most cases, is simply whatever an individual thinks. However, the law likes to deal with facts which means that opinion can be something of a dirty word. Expert opinions are a different matter and are often called on when legal matters deal with specialist areas. Let’s take a more detailed look at when an expert opinion is…
  • Demystifying the eDiscovery Process

    admin
    16 Oct 2014 | 6:46 am
    As a society our increased reliance on computers, smartphones and other electronic gadgets means that more and more of our information is stored in digital form. From a lawyer’s point of view this electronically stored information (ESI) presents a number of challenges in terms of capturing and preserving material relevant to a particular case. What is ESI? Put simply, any device containing electronic storage can be a source of ESI. These can be company servers, desktop or laptop PCs and workstations used by employees, as well as mobile devices such as smartphones and tablets. ESI isn’t…
  • Elvidence Extends Market-leading eDiscovery Platform to the Web

    admin
    8 Oct 2014 | 4:22 pm
    PRESS RELEASE | SYDNEY, NSW (October 9, 2014) — Elvidence , a national forensic technology provider today announced a new secure, web-based eDiscovery offering designed to provide investigators, law firms, small and medium sized businesses (SMBs), with a fast, easy-to-use and cost-effective way to gather and analyse digital evidence. Elvidence can handle the entire eDiscovery lifecycle from processing and early case assessment through to analysis, review and production. All of this is delivered as a secure, web-based software as a service (SaaS) offering. The applications of this service…
Log in