Digital Forensics

  • Most Topular Stories

  • "DFIRCON East Advanced Smartphone Forensics Challenge Winner Announced!"

    SANS Digital Forensics and Incident Response Blog
    hmahalik
    8 Oct 2014 | 4:08 am
    Due to the vast amount of responses we got for our Smartphone Forensic Challenge, the winner was just determined. The rules states that the winner must answer 4 of the 6 questions correctly, and the lucky winner answered all 6 questions correctly. Shawna Denson, you are the lucky winner!!!!Thank you to everyone who submitted. FOR585 Advanced Smartphone Forensics is currently being held online virtual training via onDemand, at Network Security 2014 (Las Vegas), and
  • Stuff

    Windows Incident Response
    Harlan Carvey
    6 Oct 2014 | 6:17 am
    IRHere's a really good...no, I take that back...a great blog post by Sean Mason on "IR muscle memory".  Take the time to give it a read, it'll be worth it, for no other reason than because it's valuable advice.  Incident response cannot be something that you talk about once and never actually do; it needs to be part of muscle memory.  Can you detect an incident, and if so, how does your organization react?  Or, if you receive an external notification of a security incident, how does your organization respond?A couple of quotes from the blog post that I found interesting…
  • I am not suffering from blogger’s block.

    digfor
    30 Sep 2014 | 8:59 pm
    I post rarely on this blog, but not because I am suffering from blogger’s block; on the contrary, I have too many ideas and exciting things to share. Unlike writing about travel or weather however, digital forensic topics require more time to verify, test and research. Work eats up most of my time, so I have not much time left for blogging at the moment.Currently I am contributing to our Computer Forensic Company's blog, where you can always find fresh stuff under the NEWS section.Social Media has finally caught up with me as well, despite my resistance. I recently started using Google+ for…
  • POODLE Advisory

    Checkmate
    Alex Rajan
    20 Oct 2014 | 1:30 am
    What is POODLE? POODLE stands for Padding Oracle On Downgraded Legacy Encryption Vulnerability CVE: CVE-2014-3566 What is the attack? The attack occurs when an attacker is able to downgrade the client to use SSLv3. By simulating a failure during the negotiation process, an attacker can force a browser and a server to renegotiate using an Read More... The post POODLE Advisory appeared first on Checkmate.
  • Pro Hackers Petition White House For DMCA And Computer Crime Law Reform

    Forensic Focus
    16 Oct 2014 | 5:43 am
    Whitehat hackers have backed an ambitious White House petition, put together by a noted legal expert, calling for reform of both the Digital Millennium Copyright Act (DMCA) and the Computer Fraud and Abuse Act (CFAA). Their claim is that both statutes have stopped them doing their day job properly, preventing proper research into widely deployed and critical technologies. Rapid7 researcher Jay Radcliffe tells me he was deterred from thorough research into insulin pumps because he was afraid the manufacturers’ armies of lawyers might have sued him using the DMCA. Understandably, Radcliffe, a…
  • add this feed to my.Alltop

    SANS Digital Forensics and Incident Response Blog

  • "DFIRCON East Advanced Smartphone Forensics Challenge Winner Announced!"

    hmahalik
    8 Oct 2014 | 4:08 am
    Due to the vast amount of responses we got for our Smartphone Forensic Challenge, the winner was just determined. The rules states that the winner must answer 4 of the 6 questions correctly, and the lucky winner answered all 6 questions correctly. Shawna Denson, you are the lucky winner!!!!Thank you to everyone who submitted. FOR585 Advanced Smartphone Forensics is currently being held online virtual training via onDemand, at Network Security 2014 (Las Vegas), and
  • "Announcing the GIAC Network Forensic Analyst Certification - GNFA"

    SANS Institute
    6 Oct 2014 | 11:07 pm
    A new security certification focused on the challenging field of network forensicsBETHESDA, MD - October 7, 2014- Global Information Assurance Certification (GIAC) is pleased to announce a new forensics certification, the GIAC Network Forensic Analyst (GNFA). The GNFA validates that professionals who hold this credential are qualified to perform examinations employing network forensic artifact analysis and demonstrate an understanding of the fundamentals of network forensics, normal and abnormal conditions for common network protocols, the process and tools used to examine device and system…
  • "SANS Cyber Threat Intelligence Summit - Call For Papers Now Open"

    SANS Institute
    1 Oct 2014 | 1:56 am
    SANS Cyber Threat Intelligence Summit Call For Papers 2015.Send your submissions to CTISummit@sans.org by 5 pm EST on Friday, October 24, 2014 with the subject"SANS CTI Summit CFP 2015."Dates: Summit Dates: February 2 & 3, 2015Pre?Summit Course Dates: February 4?9, 2015Location:Washington, DC Our 3rd annual Cyber Threat Intelligence (CTI) Summit will once again be held in Washington DC.Summit Co-Chairs:Mike Cloppert and Rick HollandThe goal of this summit will be to equip attendees with knowledge on the tools, methodologies and processes they need to move forward…
  • "TorrentLocker Unlocked"

    sansforensics
    8 Sep 2014 | 9:57 pm
    Guest submission byTaneli Kaivola, Patrik Nisn and Antti Nuopponen of NIXUTorrentLocker is a new breed of ransomware that has been spreading lately. Like CryptoLocker and CryptoWall it encrypts files on a victim's machine and then demands ransom. The victim has to pay to get the decryption software that can decrypt the files.On a recent incident response case we came across a malware program that had all the known characteristics of TorrentLocker. We started to analyze the malware to see if there was a way to get the files decrypted without paying the ransom. It is well known that some…
  • "Super Sunday Funday Forensic Challenge"

    SANS Institute
    4 Sep 2014 | 1:40 am
    The Challenge: Starting September 4, 2014 on the Hacking Exposed Computer Forensics Blog the first forensicimage will be available for download. Your goal is to solve the questionwith the first forensic image and email it to dcowen@g-cpartners.com.The Challenge:The first forensic image is available for download. Your goal is to solve the question with the first forensic image located at:https://mega.co.nz/#!qoxgGYCY!1jM32pncF0wE-TROhaXFI07hZbu5AfZ1BJE-p8tm1moand email the answer to the following questionsto:dcowen@g-cpartners.com.What was used to wipe this drive?What special options were…
 
  • add this feed to my.Alltop

    Windows Incident Response

  • Stuff

    Harlan Carvey
    6 Oct 2014 | 6:17 am
    IRHere's a really good...no, I take that back...a great blog post by Sean Mason on "IR muscle memory".  Take the time to give it a read, it'll be worth it, for no other reason than because it's valuable advice.  Incident response cannot be something that you talk about once and never actually do; it needs to be part of muscle memory.  Can you detect an incident, and if so, how does your organization react?  Or, if you receive an external notification of a security incident, how does your organization respond?A couple of quotes from the blog post that I found interesting…
  • Windows Phone 8 and RegRipper

    Harlan Carvey
    7 Sep 2014 | 1:23 pm
    Last week, Cindy Murphy (@cindymurph) sent me some Registry hive files...from a Windows Phone 8.  This was pretty fascinating, and fortunate, because I'd never seen a Windows phone, and had no idea if it had a Registry.  Well, thanks to Cindy, I now know that it does!Looking at the hive files was pretty fascinating.  The first thing I did was open one of the smaller hive files in UltraEdit, and I could clearly see that it followed the basic structure of a Registry hive file (see chapter 2 of Windows Registry Forensics).  Next, I opened one of the hives in a viewer, and saw…
  • What Does That Look Like, Pt II

    Harlan Carvey
    4 Sep 2014 | 5:57 pm
    In my last post, I talked about sharing what things "look like" on a system, and as something of a follow up to that post, this article was published on the Dell SecureWorks blog, illustrating indicators of the use of lateral movement via the 'at.exe' command.  I wanted to take a moment to provide some additional insight into that post, with a view towards potentially-available indicators that did not make it into the article, simply because I felt that they didn't fit with the focus of the article.TerminologySome definitions before moving on...I'm providing these as living,…
  • What does that "look like"?

    Harlan Carvey
    21 Aug 2014 | 5:43 pm
    We've heard this question a lot, haven't we? I attended a conference about 2 1/2 years ago, and the agenda for that conference had about half a dozen or more presentations that contained "APT" in their title.  I attended several of them, and I have to say...I walked out of some of them.  However, hearing comments from other attendees, many folks felt exactly the same way; not only were they under-whelmed, but I heard several attendees express their disappointment with respect to the content of these presentations.  During one presentation, the speaker stated that the bad guys,…
  • Book Review: "The Art of Memory Forensics"

    Harlan Carvey
    30 Jul 2014 | 9:42 am
    I recently received a copy of The Art of Memory Forensics (thanks, Jamie!!), with a request that I write a review of the book.  Being a somewhat outspoken proponent of constructive and thoughtful feedback within the DFIR community, I agreed. This is the seminal resource/tome on memory analysis, brought to you by THE top minds in the field.  The book covers Windows, Linux, and Mac memory analysis, and as such must be part of every DFIR analyst's reading and reference list.  The book is 858 pages (not including the ToC, Introduction, and index), and is quite literally packed with…
  • add this feed to my.Alltop

    digfor

  • I am not suffering from blogger’s block.

    30 Sep 2014 | 8:59 pm
    I post rarely on this blog, but not because I am suffering from blogger’s block; on the contrary, I have too many ideas and exciting things to share. Unlike writing about travel or weather however, digital forensic topics require more time to verify, test and research. Work eats up most of my time, so I have not much time left for blogging at the moment.Currently I am contributing to our Computer Forensic Company's blog, where you can always find fresh stuff under the NEWS section.Social Media has finally caught up with me as well, despite my resistance. I recently started using Google+ for…
  • Disarming suspicious PDF files on Apple Mac

    20 May 2014 | 9:23 am
    You can't be too careful these days when browsing the Internet. I tend to read a lot of documents in PDF, often emailed to me as attachments or downloaded directly from the net. Even if the document comes from a trusted source, I tend to run in through Didier Stevens's pdfid tool with -d for disarm argument. pdfid.py script is written in Python and disables the automatic actions and scripts in PDF. You can read a brief explanation about how it works here.Most of the time I am online on my beloved MacBook Air. Running the script in command line in the middle of something can be…
  • Distributed Processing Notes

    9 May 2014 | 9:04 pm
    I tested distributed case processing and password cracking today by adding Amazon EC2 instances to the local processing resources. Purpose - tmp improve processing (& decryption) speed with security and budget in mind. I used Amazon "compute optimised" instances "c3.8xlarge", each with 32 Virtual CPU; 60GB RAM; 2 x 320 (SSD) and 10 Gigabit Network. "c3.8xlarge" instance costs around $3 USD per hour. My Internet link was a bottleneck, because it only supports 15.62 Mbps (15615 kbps). I used 'soon to be decommissioned' Free LogMeIN service, participating nodes were setup as…
  • InfoSec To-Do list

    5 May 2014 | 12:43 am
    Chief InfoSec Officer's (CISO) To-Do list as mentioned by E. Cole.
  • Windows Forensic Live CD

    20 Nov 2013 | 3:38 am
    Previously, making Windows based Forensic Live CD was not for everyone, mostly due to the amount of tinkering involved. WinXP and Win7 based Live CD's also have problems with writing a Windows drive signature to write-protected drives.Mini-WinFE project has changed this.  Creating a Forensic Live CD with Mini-WinFE is done in a few mouse-clicks. Windows 8 and 8.1 also appear not to write a drive signature to the wire-protected disk.From my experience Windows 8.1 Enterprise based Live CD has some issues when adding custom programs to it. The Win 8.1 Pro version works perfectly…
 
  • add this feed to my.Alltop

    Checkmate

  • POODLE Advisory

    Alex Rajan
    20 Oct 2014 | 1:30 am
    What is POODLE? POODLE stands for Padding Oracle On Downgraded Legacy Encryption Vulnerability CVE: CVE-2014-3566 What is the attack? The attack occurs when an attacker is able to downgrade the client to use SSLv3. By simulating a failure during the negotiation process, an attacker can force a browser and a server to renegotiate using an Read More... The post POODLE Advisory appeared first on Checkmate.
  • Mitigating the Remote Code Execution in Bash

    Rajesh Deo
    6 Oct 2014 | 3:28 am
    Introduction In the last post we saw how the recent bash vulnerability can be remotely exploited in a variety of ways. How do we defend against this? Below we discuss steps that will help your organization identify vulnerable components and initiate mitigation activities. Steps to identify, test and mitigate vulnerable systems   Make an inventory Read More... The post Mitigating the Remote Code Execution in Bash appeared first on Checkmate.
  • Bourne Again Shell (Bash) Remote Code Execution Vulnerability

    Rajesh Deo
    26 Sep 2014 | 2:35 am
    Introduction A remotely exploitable vulnerability was discovered by Stephane Chazelas of Akamai in the GNU Bash command shell. The vulnerability has been assigned the CVE identifier CVE-2014-6271. Exploitation of this vulnerability may allow a remote attacker to execute arbitrary code on an affected system. The issue affects all UNIX and UNIX-like systems such as Linux Read More... The post Bourne Again Shell (Bash) Remote Code Execution Vulnerability appeared first on Checkmate.
  • ATM Application Whitelisting Security Assessment

    Wasim Halani
    22 Sep 2014 | 1:10 am
    During a recent engagement, we were asked to test the security level of an application white-listing solution deployed on the Windows XP ATMs of one of the largest ATM manufacturers in the world. The reason such solutions are in vogue is that Windows XP is no longer supported by Microsoft and no security patches are Read More... The post ATM Application Whitelisting Security Assessment appeared first on Checkmate.
  • Metrics For Your Information Security Solutions

    K K Mookhey
    14 Sep 2014 | 8:58 am
    Recently, on one of the security mailing lists a query was posted as to what metrics should be produced from a Data Leakage Prevention Solution, an Intrusion Prevention System, and from the Firewalls being managed by the security team. Here’s the response I sent in which is being shared for a larger audience: Basically, what management Read More... The post Metrics For Your Information Security Solutions appeared first on Checkmate.
  • add this feed to my.Alltop

    Forensic Focus

  • Pro Hackers Petition White House For DMCA And Computer Crime Law Reform

    16 Oct 2014 | 5:43 am
    Whitehat hackers have backed an ambitious White House petition, put together by a noted legal expert, calling for reform of both the Digital Millennium Copyright Act (DMCA) and the Computer Fraud and Abuse Act (CFAA). Their claim is that both statutes have stopped them doing their day job properly, preventing proper research into widely deployed and critical technologies. Rapid7 researcher Jay Radcliffe tells me he was deterred from thorough research into insulin pumps because he was afraid the manufacturers’ armies of lawyers might have sued him using the DMCA. Understandably, Radcliffe, a…
  • Inside the Homeland Security Investigations Computer Forensics Lab

    13 Oct 2014 | 6:54 am
    Nearly every case Homeland Security Investigations (HSI) opens has some sort of digital evidence to be collected and analyzed. But the work can’t be done by just anyone. The data must be meticulously cared for by agents trained to preserve the integrity of the material, who can also combat suspects’ attempts to erase their digital dealings — even from afar. To address the need locally, HSI built a state-of-the-art computer forensics lab inside its Philadelphia offices to process the growing amount of evidence amassed from computers, smartphones and other mobile devices... Read More…
  • Devices being remotely wiped in police custody

    9 Oct 2014 | 6:11 am
    All the data on some of the tablets and phones seized as evidence is being wiped out, remotely, while they are in police custody, the BBC has learned. Cambridgeshire, Derbyshire, Nottingham and Durham police all told BBC News handsets had been remotely "wiped". And Dorset police said this had happened to six of the seized devices it had in custody, within one year. The technology used was designed to allow owners to remove sensitive data from their phones if they are stolen... Read More (BBC)
  • Can You Get That License Plate?

    8 Oct 2014 | 6:13 am
    We find ourselves analyzing new surveillance videos almost every day, and in most cases we can either solve the problem very quickly or understand (even quicker) that there is no information to recover in the video. In special cases though, where something very specific and strange happened, or the problem is very complex, it can take a lot of time. As always… Pareto principle: you solve 80% of the cases in 20% of the time, and, well, 20% of the cases takes 80% of the time. In our own work, the right numbers are probably 95% to 5%, but the idea still holds. We can estimate whether an image…
  • How to Recover Deleted Data with Oxygen Forensic SQLite Viewer

    8 Oct 2014 | 2:19 am
    Oxygen Forensics has released a stand-alone Oxygen Forensic SQLite Viewer, enabling forensic experts to view and export information stored by system and third-party mobile applications. The tool enables access to deleted SQLite records, and lays out the content of SQLite databases in a human-readable view. Oxygen Forensic SQLite Viewer offers investigators a lighter, simpler and less expensive alternative to fully-featured forensic suites, enabling fast and easy SQLite viewing experience with no learning curve.
 
  • add this feed to my.Alltop

    (ISC)2 Blog

  • JP Morgan attack highlights how basic failures in software expose major banks to amateur hackers

    (ISC)² Management
    8 Oct 2014 | 8:40 am
    “The revelation that hackers were able to use widely-known vulnerabilities to burrow deep inside JP Morgan’s computer systems-compromising some 76 million household accounts and 7 million small firms- shows that software with very basic flaws is still in widespread use at corporations, providing an easy route for experienced and amateur hackers. What is even more disturbing is that, with so many basic flaws in commonly-used software, this attack may just be a ‘reconnaissance mission’ to prepare the ground for much worse future attacks. We now know the hackers gained a comprehensive…
  • Shellshock Bug Comments from (ISC)² Leadership

    (ISC)² Management
    26 Sep 2014 | 1:17 pm
    “Shellshock will be a test of business resolve to prioritise security. So much of the data breaches that make headlines today can be traced to old or known vulnerabilities that have not been addressed. Now that shell shock has been revealed, and the door has been thrown open, it will be interesting to see if companies take action. It is clear that the potential exposure is significant. Linux underpins the majority of webservers, network routers and Apple’s MAC PCs running OS X. It is not clear, however, whether there has been any loss through successful exploitation of the flaw. I fear…
  • eBay Breach Comments from (ISC)² Leadership

    (ISC)² Management
    24 Sep 2014 | 8:13 am
    XSS – or cross site scripting— is a prolific vulnerability and has been on the Open Web Application Security Project’s ‘Top 10 most exploited vulnerabilities’ for at least five years now. The threat is very common and incredibly easy for users to fall victim to. In the OWASP’s words, we can’t afford to tolerate relatively simple security issues like this, especially for a company as massive as eBay.  Fortunately the methods and remedies to reduce the threat of XSS are well-known and are readily available. Unfortunately, the development community are not recognising the…
  • Moving Beyond the Dangerous Denial Phase as Individuals and Organizations

    David Shearer
    10 Sep 2014 | 7:59 am
    I spent 25 years in the Washington, DC area, and during that time I became a National Public Radio junkie. I guess I still am. I recently listened to a report on a comprehensive study about how people in the workplace react to the news about a coworker that’s been diagnosed with breast cancer.[i] The results of the study shocked me. The worse the diagnoses and the closer employees physically worked to the diagnosed coworker, the less likely those working in close proximity were to seek cancer screening. Similarly, as the conversation about the complexities, costs, and potential breaches is…
  • Home Depot Breach Comments from (ISC)² Leadership

    (ISC)² Management
    3 Sep 2014 | 12:14 pm
    Consumers with a Home Depot credit account should log in to their account, change their password, and check the “Account Activity” section for any suspicious transactions. They should also verify that their account communication preferences (email address, cell phone number for SMS, etc.) are on file and accurate. Home Depot and other online retailers should augment their alerting service by adding an option to notify users every time a transaction is made on their account. This would help consumers learn about fraudulent charges quicker, while also saving retailers the hassle of…
  • add this feed to my.Alltop

    viaForensics

  • Hundreds of thousands of Android devices at risk to default browser vulnerability

    KevinS
    3 Oct 2014 | 11:28 am
    A recently disclosed same-origin policy (SOP) bypass flaw in the Android browser enables attackers to direct a user to a malicious page. That page runs JavaScript that allows them to read data from web pages the user has left open in other browsers. Hundreds of thousands of affected users “It’s a major issue,” Ted Eull, our VP of mobile security services told CSO Online. “Because the browser was included by default on many devices pre-KitKat (version 4.4), there are potentially hundreds of thousands of affected users.” The vulnerability affects many Android users…
  • Tips for Small Businesses to Protect Against a Data Breach

    KevinS
    29 Sep 2014 | 9:54 am
    Protecting Your Business From a Data Breach There have been a number of successful data breaches levied against large businesses recently. These companies include Home Depot, Target, UPS, Michaels, and others. Many smaller businesses are at serious risk as well. Companies that take credit cards as payment – and most today do – are targets for hackers that want a traditionally less secure, and therefore easier, target. Most smaller businesses don’t have the capital to put into computer and mobile security as larger organizations do, putting them at an even greater risk for…
  • viaTalks en español con Pau Oliva: demostración de análisis de aplicaciones móviles utilizando viaLab

    Linnea
    17 Sep 2014 | 1:14 pm
    El jueves 18 de septiembre nuestro ingeniero de seguridad móvil Pau Oliva (@pof) dará una viaTalks a las 11 de la mañana CDT donde se discutirá viaLab y dará una demostración. Regístrese El programa Él describirá viaLab y sus usos. Así, mostrará cómo se puede usar viaLab para analizar una aplicación móvil. Hablará sobre las opciones y explicará y los resultados de un análisis forense con viaLab. Para ver toda la demostración, no dude en inscribirse a esta viaTalks. Si tiene alguna pregunta o comentario para Pau, por favor hágalo a través de un comentario en este blog o a…
  • viaForensics one of “next 10 emerging growth companies”

    Linnea
    15 Sep 2014 | 9:28 am
    “From World Business Chicago: The Oak Park, Ill. company offers a suite of mobile device security products that provide BYOD and mobile app security as well as Android forensics.” -September 11, 2014Read the full article
  • Corporate Wellness Recommends viaProtect to Secure Health Data

    Linnea
    15 Sep 2014 | 9:27 am
    “All it takes is one unsecured Angry Birds knock-off to put your entire enterprise at risk… Whatever your employees can access from their tablet or smartphone [is] also potentially accessible to hackers.”-July 10, 2014 Read the full article
  • add this feed to my.Alltop

    Crime Museum » Blog

  • Pro Se: Representing Yourself in Court

    crimemuseum
    24 Sep 2014 | 5:00 am
    Pro Se is a legal term that comes from Latin, meaning ‘for oneself’. It essentially means that you are representing yourself in court by choice without the help of an attorney. In the United States’ legal system, every individual is guaranteed, by the sixth amendment, the right to an appointed counsel, and also the right to represent him or herself in court. People may choose to represent themselves in court for a variety of reasons, including: avoiding the expense of hiring a lawyer, for smaller cases, the matter is often simple enough that the individual can take care of it them…
  • Profiles in Crime: Rayful Edmond

    crimemuseum
    22 Aug 2014 | 5:05 pm
    Rayful Edmond: The profile of a Kingpin. Called the John Gotti of Washington, D.C., notorious gangster Rayful Edmond terrorized and awed the Washington metropolitan area in the mid to late 1980’s with his tight control of the crack cocaine trade and accompanying lavish spending sprees. Known for dropping several thousand dollars a night at clubs, Edmond supposedly spent over $400,000 at a single store in the Georgetown neighborhood, whose owner was, coincidentally, convicted of money laundering soon after. Partially thanks to Edmond’s reign as drug lord, Washington, D.C. became known as…
  • 9 Early Warning Signs for Serial Killers

    crimemuseum
    23 Jun 2014 | 3:07 am
    9 Early Warning Signs for Serial Killers. Worried that antisocial kid in school might grow up to be a cold-blooded murderer? Here’s 9 early warning signs for serial killers. Remember, however, these traits and signs are just a guideline. Think twice before crying “serial killer” on your weird neighbor. Ed Gein circa 1957 1. Antisocial Behavior Psychopaths have a strong tendency towards antisocial behavior, so watch for extremely antisocial children. That being said, some children develop more slowly, and this is not a definitive sign. Pay attention if a child regresses from being…
  • Murder?

    wilson.dejesus
    23 Jun 2014 | 3:00 am
    Murder? Sir William Blackstone, an 18th century English judge, is known for writing Commentaries on the Laws of England. This work was the original foundation for legal education in America and dominated the common law legal system for centuries. Blackstone broke the definition of murder down into five elements: 1. Unlawful 2. killing 3. of a human 4. by another human 5. with malice aforethought. The law was designed to define the various degrees and circumstances of murder in order to provide and achieve justice for all. Even though Blackstone did his best to dissect and define murder, in…
  • Do You Have Your Father’s Nose?

    crimemuseum
    20 May 2014 | 2:44 am
    Do you have your father’s nose? There are 29 bones (hyoid included) in the human skull, and for many years anthropologists have been using markers from this area of the body to determine sex, age, race, and to make personal identifications. However, forensic anthropology is a science that is greatly affected by changes and new developments in social morays and folkways. Simply put, what was once socially unacceptable often becomes acceptable, and even encouraged, with time. This fact is abundantly clear when one thinks about the checkered history of the United States. While being a…
 
  • add this feed to my.Alltop

    DFI News All

  • Forensics in the Amazon Cloud

    eaustin
    17 Oct 2014 | 7:19 am
    Businesses of all sizes seem to be moving at least some operations to the cloud. It’s only a matter of time before you get a phone call asking you to conduct some kind of cloud forensics and/or incident response.   Why wait for that phone call before you start diving into the “know how” of conducting it. I figured why not explore a few common scenarios over a series of blog posts and take a look at some of the tools and techniques we as analysts can do to make it easier on ourselves when we receive that phone call.  Read more about Forensics in the Amazon CloudComments
  • Binder Could Blow Apart Android Security

    eaustin
    17 Oct 2014 | 7:03 am
    Security researchers have warned of a serious security flaw in Android which could potentially leave every device open to attack.Read more about Binder Could Blow Apart Android SecurityComments
  • Beware Ebola-themed Phishing, Malware and Hoaxes

    eaustin
    17 Oct 2014 | 6:53 am
    US-CERT released an advisory warning users about email scams and cyber campaigns using the Ebola virus disease as a theme.Read more about Beware Ebola-themed Phishing, Malware and HoaxesComments
  • Malvertising Targets US Military Firms

    eaustin
    17 Oct 2014 | 6:42 am
    A surge in malware disguised as online advertisements aimed at unsuspecting web users has hit major U.S. military contractors in the past few weeks, marking a dangerous twist on a decade-old scourge for advertisers, security researchers say.  Read more about Malvertising Targets US Military Firms Comments
  • FBI Director Warns Cellphone Encryption Will Harm Investigation

    eaustin
    17 Oct 2014 | 6:12 am
    Read more about FBI Director Warns Cellphone Encryption Will Harm InvestigationComments
  • add this feed to my.Alltop

    Secure Hunter Anti-Malware » Secure Hunter Blog

  • APTs Target Victims with Precision, Ephemeral Malvertising Secure Hunter

    shadmin
    18 Oct 2014 | 5:51 am
    A new precisely targeted and fleeting form of malvertising is being deployed by APT groups to target organizations in the U.S. defense industrial base. Threatpost | The first stop for security news Secure Hunter Anti -Malware The post APTs Target Victims with Precision, Ephemeral Malvertising Secure Hunter appeared first on Secure Hunter Anti-Malware.
  • Microsoft Changing Detection of Adware and Browser Modifiers Secure Hunter

    shadmin
    17 Oct 2014 | 5:51 pm
    One of the not-so-great side effects of the transition to virtually everything being done in the Web browser now is that advertisers, attackers and scammers constantly are trying to get their code to run in users’ browsers, any way they can. A lot of this is done through extensions and browser objects, some of which […] Threatpost | The first stop for security news Secure Hunter Anti -Malware The post Microsoft Changing Detection of Adware and Browser Modifiers Secure Hunter appeared first on Secure Hunter Anti-Malware.
  • Staying in control of your browser: New detection changes

    shadmin
    17 Oct 2014 | 2:09 pm
    This week we made some important changes to how we detect browser modifiers and adware. These changes are designed to better protect your browsing experience. We have already blogged about the changes to the behaviors we detect as adware. I will explain the changes to our browser modifier detections below. Our objective criteria has all the details about how and why we detect unwanted software. Unacceptable behaviors There are two new browser modifier behaviors that we detect: Bypassing consent dialogs from browsers that ask you if you want to install browser toolbars/extensions/add-ons.
  • Close means close: New adware detection criteria

    shadmin
    16 Oct 2014 | 8:01 pm
    In April we introduced the rules that software developers should follow when creating advertisements to avoid being detected by Microsoft security products as adware. These rules are designed to keep our customers in control of their Internet browsing experience. Since then, we have had great success working with some companies through our developer contact process. At the same time we have started to see other advertising programs trying to bend and even circumvent our rules. These advertisements produce a negative Windows experience and we have decided that it is time to add some new rules…
  • Recognizing Evasive Behaviors Seen as Key to Detecting Advanced Malware Secure Hunter

    shadmin
    16 Oct 2014 | 5:51 pm
    Academic Giovanni Vigna of UCSB has been studying techniques used by malware writers to evade analysis, and urges detection tools to develop an understanding of evasive behavior. Threatpost | The first stop for security news Secure Hunter Anti -Malware The post Recognizing Evasive Behaviors Seen as Key to Detecting Advanced Malware Secure Hunter appeared first on Secure Hunter Anti-Malware.
  • add this feed to my.Alltop

    Elvidence | Computer Forensics

  • Demystifying the eDiscovery Process

    admin
    16 Oct 2014 | 6:46 am
    As a society our increased reliance on computers, smartphones and other electronic gadgets means that more and more of our information is stored in digital form. From a lawyer’s point of view this electronically stored information (ESI) presents a number of challenges in terms of capturing and preserving material relevant to a particular case. What is ESI? Put simply, any device containing electronic storage can be a source of ESI. These can be company servers, desktop or laptop PCs and workstations used by employees, as well as mobile devices such as smartphones and tablets. ESI isn’t…
  • Elvidence Extends Market-leading eDiscovery Platform to the Web

    admin
    8 Oct 2014 | 4:22 pm
    PRESS RELEASE | SYDNEY, NSW (October 9, 2014) — Elvidence , a national forensic technology provider today announced a new secure, web-based eDiscovery offering designed to provide investigators, law firms, small and medium sized businesses (SMBs), with a fast, easy-to-use and cost-effective way to gather and analyse digital evidence. Elvidence can handle the entire eDiscovery lifecycle from processing and early case assessment through to analysis, review and production. All of this is delivered as a secure, web-based software as a service (SaaS) offering. The applications of this service…
  • Dealing With Data Breaches – Why Having a Plan May not be Enough

    admin
    5 Oct 2014 | 11:35 pm
    Data security breaches and hacking seem to make the news on a depressingly regular basis these days. This type of incident can cost a company dear both financially and in terms of the damage caused to its reputation. It’s crucial therefore that any response is effective and timely in order to first contain and then mitigate the effects of a breach or attack. This means having a plan in place to deal with security issues, but planning isn’t always enough. Take the case of retailer Target in the US, it had a security team and then latest tools in place but still managed to get caught out.
  • Data Loss Prevention with eDiscovery

    admin
    3 Oct 2014 | 2:31 am
    Information security is no laughing matter. Several recent incidents clearly demonstrate the damage that an information security breach can cause to a company’s brand and reputation. This article discusses the application of eDiscovery and Computer Forensics methods to help lessen the risk of your data falling into the wrong hands. To address this issue correctly, we must first distinguish the differences between Data Loss Prevention and Data Leak Prevention (DLP). Data loss occurs when data is leaked and falls into the hands of another party (such as a hacker or your competition). On the…
  • Encryption: Protecting the Information

    admin
    23 Sep 2014 | 11:01 am
    We have all heard of encryption, but what does this term actually signify? To answer this question, we must first delve into the definition of encryption and appreciate the ways in which it operates. At Elvidence, we often have to deal with encryption so we think that it is important to clear up a few main points. When we investigate a system, we often find that data has been compromised because of buggy software, a weak password or through another channel. Or, during the Investigation we need to “crack” the encryption used by another party to gain access to certain information.
 
Log in