Digital Forensics

  • Most Topular Stories

  • Free Webcasts Available to Become Certified as a Digital Forensics Expert

    Forensic Focus
    26 Jan 2015 | 5:44 am
    (ISC)2® offers the Certified Cyber Forensics Professional (CCFP), the only global cyber forensics credential that provides a comprehensive validation of a candidate’s knowledge and skills as a digital forensics expert. Free CCFP Webcasts are now available that provide insight into what candidates need to know before taking this exam. It includes a detailed overview of each domain, the value of certification, and how to study for the exam First introduced in 2013, CCFP provides the industry’s first global standard for assessing experienced digital forensics professionals’ mastery and…
  • The Next Version of testmyids.com

    TaoSecurity
    Richard Bejtlich
    24 Jan 2015 | 6:52 pm
    Longtime TaoSecurity Blog readers are likely to remember me mentioning www.testmyids.com. This is a Web site that returns nothing more thanuid=0(root) gid=0(root) groups=0(root)This content triggers a Snort intrusion detection system alert, due to the signaturealert ip any any -> any any (msg:"GPL ATTACK_RESPONSE id check returned root"; content:"uid=0|28|root|29|"; fast_pattern:only; classtype:bad-unknown; sid:2100498; rev:8;)You can see the Web page in Firefox, and the alert in Sguil, below.A visit to this Web site is a quick way to determine if your NSM sensor sees what you expect it to…
  • "What is New in Windows Application Execution?"

    SANS Digital Forensics and Incident Response Blog
    Chad Tilbury
    27 Jan 2015 | 9:06 pm
    One of the great pleasures of performing Windows forensics is there is no shortage of application execution artifacts. Application execution tells us what has run on a system and is often the pivot point that reveals important activity on the system. Why was FTP run on this workstation? Is it normal to see execution of winsvchost.exe? Why was a privacy cleaning tool used for the first time during the system owner's last week of work? While undoubtedly useful, our adversaries are more forensic-aware than ever and often take steps to eliminate application execution artifacts. At CrowdStrike we…
  • A Smattering of Links and Other Stuff

    Windows Incident Response
    Harlan Carvey
    9 Jan 2015 | 4:00 am
    RegistryWell, 2014 ended with just one submission for the WRA 2/e Contest.  That's unfortunate, but it doesn't alter my effort in updating the book in any way.  For me, this book will be something to look forward to in 2015, and something I'm pretty excited about, in part because I'll be presenting more information about the analysis processes I've been using, processes that have led to some pretty interesting findings regarding various incidents and malware.In other Registry news, Eric Zimmerman has created an offline Registry parser (in C#) and posted it to GitHub.
  • Thoughts from Senate Testimony

    TaoSecurity
    Richard Bejtlich
    29 Jan 2015 | 9:55 am
    Yesterday I testified to the Senate Homeland Security and Government Affairs committee at a hearing on Protecting America from Cyber Attacks: The Importance of Information Sharing. I'd like to share a few thoughts about the experience. You may find these comments helpful if you are asked to testify, or want to help someone testify, or want to influence the legislative process.This was my fifth appearance at a government hearing. In 2012 I apepared before the U.S.-China Economic and Security Review Commission, and in 2013 I appeared before the Senate Armed Services Committee,…
  • add this feed to my.Alltop

    SANS Digital Forensics and Incident Response Blog

  • "What is New in Windows Application Execution?"

    Chad Tilbury
    27 Jan 2015 | 9:06 pm
    One of the great pleasures of performing Windows forensics is there is no shortage of application execution artifacts. Application execution tells us what has run on a system and is often the pivot point that reveals important activity on the system. Why was FTP run on this workstation? Is it normal to see execution of winsvchost.exe? Why was a privacy cleaning tool used for the first time during the system owner's last week of work? While undoubtedly useful, our adversaries are more forensic-aware than ever and often take steps to eliminate application execution artifacts. At CrowdStrike we…
  • "Mastering Malware Analysis Skills - The Power of a Capture-the-Flag Tournament"

    Anuj Soni
    18 Jan 2015 | 10:28 pm
    Here at SANS, we've worked hard to deliver a Reverse Engineering Malware course packed with technical knowledge, hands-on exercises, and our insights from years of experience. Just as attackers and their tools continue to evolve, so has this course to arm participants with relevant skills they can apply immediately. As both an instructor and a practitioner, I believe the most significant addition to this course is a Capture-the-Flag Tournament. I'd like to share why I think this new content is an amazing opportunity for students to develop their malware analysis skills.In my experience,…
  • "Examining Shellcode in a Debugger through Control of the Instruction Pointer"

    Adam Kramer
    29 Dec 2014 | 5:37 pm
    During the examination of malicious files, you might encounter shellcode that will be critical to your understanding of the adversary's intentions or capabilities. One way to examine this malicious code is to execute it using a debugger after setting up the runtime environment to allow the shellcode to achieve its full potential. In such circumstances, it's helpful to take control of the instruction pointer to direct the debugger towards the code you wish to examine.The modern computer has been designed to make life easy for the standard user. It is actually quite difficult to say to the…
  • "Analyzing Shellcode Extracted from Malicious RTF Documents"

    Adam Kramer
    22 Dec 2014 | 7:32 pm
    During the analysis of malicious documents designed to exploit vulnerabilities in the programs which load them (thereby allowing the running of arbitrary code), it is often desirable to review any identified shellcode in a debugger. This allows an increased level of control and flexibility during the discovery of it's capabilities and how it implements the payload of the attack.MalHost-Setup, part of the OfficeMalScanner suite allows the analyst to generate an executable which runs the shellcode embedded in malicious documents. To use this tool, we first need to determine the offset within…
  • "Was DPRK behind the Sony hack?"

    jacobwilliams
    18 Dec 2014 | 1:51 am
    UPDATE:While this post was embargoed, various news outlets have claimed that sources in the US Government are confirming North Korea's involvement in the Sony hack. I don't have the intelligence they have access to and North Korea has already denied participation in the hack publicly. If North Korea was behind the attack, then it heralds a new era in state sponsored hacking - one in which nations attempt not only to steal secrets from other government and commercial interests, but also attempt to extort money directly from the victims. Regardless of the outcome, I'd like to share my thought…
 
  • add this feed to my.Alltop

    Windows Incident Response

  • A Smattering of Links and Other Stuff

    Harlan Carvey
    9 Jan 2015 | 4:00 am
    RegistryWell, 2014 ended with just one submission for the WRA 2/e Contest.  That's unfortunate, but it doesn't alter my effort in updating the book in any way.  For me, this book will be something to look forward to in 2015, and something I'm pretty excited about, in part because I'll be presenting more information about the analysis processes I've been using, processes that have led to some pretty interesting findings regarding various incidents and malware.In other Registry news, Eric Zimmerman has created an offline Registry parser (in C#) and posted it to GitHub.
  • What It Looks Like: Disassembling A Malicious Document

    Harlan Carvey
    5 Jan 2015 | 5:37 am
    I recently analyzed a malicious document, by opening it on a virtual machine; this was intended to simulate a user opening the document, and the purpose was to determine and document artifacts associated with the system being infected.  This dynamic analysis was based on the original analysis posted by Ronnie from PhishMe.com, using a copy of the document that Ronnie graciously provided.After I had completed the previous analysis, I wanted to take a closer look at the document itself, so I disassembled the document into it's component parts.  After doing so, I looked around on the…
  • What It Looks Like: Malware Infection via a Weaponized Document

    Harlan Carvey
    30 Dec 2014 | 5:59 am
    Okay...I lied.  This is my last blog post of 2014.A couple of weeks ago, Ronnie posted regarding some analysis of a weaponized document to the PhishMe.com blog.  There is some interesting information in the post, but I commented on Twitter that there was very little post-mortem analysis. In response, Ronnie sent me a copy of the document.  So, I dusted off a Windows 7 VM and took a shot at infecting it by opening the document.Analysis Platform32-bit Windows 7 Ultimate SP1, MS Office 2010, with Sysmon installed - VM running in Virtual Box.  As with previous dynamic analysis…
  • Final Post of 2014

    Harlan Carvey
    29 Dec 2014 | 5:12 am
    As 2014 draws to a close, I thought I'd finish off the year with one last blog post.  In part, I'd like to thank some folks for their contributions over the past year, and to look forward to the coming year for what they (and others) may have in the coming year.I wanted to thank two people in particular for their contributions to the DFIR field during 2014.  Both have exemplified the best in information sharing, not just in providing technical content but also in providing content that pushes the field toward better analysis processes.Corey's most recent blog post continues his…
  • 10 Years of Blogging

    Harlan Carvey
    8 Dec 2014 | 3:23 am
    That's right...my first blog post was ten years ago today.  Wow. Over the passed ten years, some things have changed, and others haven't. As the year comes to a close, don't forget about the WRF 2/e Contest.
  • add this feed to my.Alltop

    TaoSecurity

  • Thoughts from Senate Testimony

    Richard Bejtlich
    29 Jan 2015 | 9:55 am
    Yesterday I testified to the Senate Homeland Security and Government Affairs committee at a hearing on Protecting America from Cyber Attacks: The Importance of Information Sharing. I'd like to share a few thoughts about the experience. You may find these comments helpful if you are asked to testify, or want to help someone testify, or want to influence the legislative process.This was my fifth appearance at a government hearing. In 2012 I apepared before the U.S.-China Economic and Security Review Commission, and in 2013 I appeared before the Senate Armed Services Committee,…
  • How to Answer the CEO and Board Attribution Question

    Richard Bejtlich
    27 Jan 2015 | 2:27 pm
    Elements of the Q Model of Attribution, by Thomas Rid and Ben BuchananEarlier today I Tweeted the following:If you think CEOs & boards don't care about #attribution, you aren't talking to them or working w/them. The 1st question they ask is "who?"I wrote this to convey the reality of incident response at the highest level of an organization. Those who run breached organizations want to know who is responsible for an intrusion.As I wrote in Five Reasons Attribution Matters, your perspective on attribution changes depending on your role in the organization.The question in the title of…
  • The Next Version of testmyids.com

    Richard Bejtlich
    24 Jan 2015 | 6:52 pm
    Longtime TaoSecurity Blog readers are likely to remember me mentioning www.testmyids.com. This is a Web site that returns nothing more thanuid=0(root) gid=0(root) groups=0(root)This content triggers a Snort intrusion detection system alert, due to the signaturealert ip any any -> any any (msg:"GPL ATTACK_RESPONSE id check returned root"; content:"uid=0|28|root|29|"; fast_pattern:only; classtype:bad-unknown; sid:2100498; rev:8;)You can see the Web page in Firefox, and the alert in Sguil, below.A visit to this Web site is a quick way to determine if your NSM sensor sees what you expect it to…
  • Is an Alert Review Time of Less than Five Hours Enough?

    Richard Bejtlich
    23 Jan 2015 | 4:45 pm
    This week, FireEye released a report titled The Numbers Game: How Many Alerts are too Many to Handle? FireEye hired IDC to survey "over 500 large enterprises in North America, Latin America, Europe, and Asia" and asked director-level and higher IT security practitioners a variety of questions about how they manage alerts from security tools. In my opinion, the following graphic was the most interesting:As you can see in the far right column, 75% of respondents report reviewing critical alerts in "less than 5 hours." I'm not sure if that is really "less than 6 hours," because the…
  • Try the Critical Stack Intel Client

    Richard Bejtlich
    23 Jan 2015 | 4:01 am
    You may have seen in my LinkedIn profile that I'm advising a security startup called Critical Stack. If you use Security Onion or run the Bro network security monitoring platform (NSM), you're ready to try the Critical Stack Intel Client.Bro is not strictly an intrusion detection system that generates alerts, like Snort. Rather, Bro generates a range of NSM data, including session data, transaction data, extracted content data, statistical data, and even alerts -- if you want them.Bro includes an intelligence framework that facilitates integrating various sources into Bro. These sources can…
 
  • add this feed to my.Alltop

    digital forensics - Google News

  • Police Units Specialize in Forensics Reviews of Smartphones, Tablets - NBC4 Washington

    30 Jan 2015 | 1:33 am
    Police Units Specialize in Forensics Reviews of Smartphones, TabletsNBC4 WashingtonD.C.'s Department of Forensic Sciences has just opened a new “digital evidence unit” to clear a swelling backlog of requests for cellphone forensic analyses. The unit is run by Paul Reedy, a former computer forensics specialist for the Australian
  • Nutshell Studies: the extraordinary miniature crime scenes US police use to ... - Telegraph.co.uk

    30 Jan 2015 | 12:03 am
    Telegraph.co.ukNutshell Studies: the extraordinary miniature crime scenes US police use to Telegraph.co.ukSeventy years after they were first used – at Harvard University – and despite revolutionary developments in forensic medicine and the infinite graphic possibilities of digital technology, the Nutshells are still used for the same purpose. 'The
  • Judge: 'You will die in prison' - Times Daily

    29 Jan 2015 | 9:05 pm
    Times DailyJudge: 'You will die in prison'Times Daily4, 2013, after photos of the child were found on her computer. Department officials said Matthew Ayers was arrested a week later after a forensics expert found a sexually suggestive photo of Ayers, his wife and the girl on an electronic device taken and more »
  • OAS hails Jamaica's cyber security efforts - Jamaica Observer

    29 Jan 2015 | 9:00 pm
    Jamaica ObserverOAS hails Jamaica's cyber security effortsJamaica ObserverJamaica has joined countries such as Canada, Dominica, Panama, Paraguay and Uruguay, that have agreed to help digital citizens stay safer and more secure online. The launch of the strategy, jointly sponsored by the government and the OAS, comes quickly
  • They Know Computers But Not How to Help Your Case - JD Supra (press release)

    29 Jan 2015 | 11:30 am
    JD Supra (press release)They Know Computers But Not How to Help Your CaseJD Supra (press release)183145432 When corporate goes criminal, i.e., an investigation involving a corporation leads to a criminal case headed to trial, you often need computer forensic experts to testify about the evidence. Such experts know all about electronic devices and
  • add this feed to my.Alltop

    Forensic Focus

  • Estonia President wants China and Russia to help fight cyber-crime

    28 Jan 2015 | 1:47 am
    Speaking on the ‘Fighting Shadows' panel at the Davos convention in Switzerland on Saturday,Toomas Hendrik Ilves joined senior figures from Kaspersky, Microsoft and the United Nations in calling for improved cyber-crime policing, laws and collaboration – whilst also calling into question how – and if - countries can respond to cyber-attacks. Estonian websites were famously hit by distributed-denial-of-service (DDoS) attacks in 2007, which at the time was rumoured to be work of the Russian government. Subsequently, the country became one of the world's most advanced countries on…
  • Dealing With Records Found in SQLite Rollback Journals

    27 Jan 2015 | 3:16 am
    Sanderson Forensics was recently contacted by a customer at a police force with a question relating to deleted SQLite records that were found in a rollback journal. The requirement was to create a report(s) showing both the live records in the Kik database as well as the deleted records that were found by a filename search in the rollback journal. The article at the link below goes into a little detail of how the rollback journal works, some thoughts on recovering data from it and then details how the data was recovered from the rollback journal and then how we distinguished and created a…
  • Secure View 4 Almost Here - Free Upgrade To All Current Users And New Customers

    26 Jan 2015 | 8:26 am
    Susteen Inc. has announced that Secure View 4 will be a free upgrade to ALL active Secure View users. This will include all new customers up until the time Secure View 4 is launched. The current price for Secure View 3 stands at $2495. Although no current price for Secure View 4 has been listed, it is expected to start at $2995. This means that a new customer can still purchase Secure View at the current cost and get a free upgrade when Secure View 4 launches in late February 2015. Secure View 4 will include industry first ACCE (Advanced Cross Case Examination) analytics allowing users to…
  • Free Webcasts Available to Become Certified as a Digital Forensics Expert

    26 Jan 2015 | 5:44 am
    (ISC)2® offers the Certified Cyber Forensics Professional (CCFP), the only global cyber forensics credential that provides a comprehensive validation of a candidate’s knowledge and skills as a digital forensics expert. Free CCFP Webcasts are now available that provide insight into what candidates need to know before taking this exam. It includes a detailed overview of each domain, the value of certification, and how to study for the exam First introduced in 2013, CCFP provides the industry’s first global standard for assessing experienced digital forensics professionals’ mastery and…
  • Magnet Forensics presents: IEF User Summit @ Techno Security

    26 Jan 2015 | 2:42 am
    Registration Opening Soon! Join us for Magnet Forensics’ first-ever IEF User Summit at the 2015 Techno Security & Forensics Investigations Conference. Internet Evidence Finder users, and digital forensics professionals considering adding IEF to their toolkit, will learn how to use the software to its full potential to overcome key challenges in computer and mobile forensics. The program will include a mix of lectures and lab sessions led by Jad Saliba and Magnet Forensics’ team of digital forensics experts. If you’re attending Techno Security, extend your stay and join us for this…
 
  • add this feed to my.Alltop

    (ISC)2 Blog

  • Maintaining the Relevancy of (ISC)² Certifications: CISSP and SSCP Credential Enhancements

    David Shearer
    15 Jan 2015 | 6:00 am
    Over our 26-year history, (ISC)² has earned a reputation for providing gold standard information security credentials. Maintaining the relevancy of those credentials amidst the changes in technology and the evolving threat landscape occurring in this industry is a core strategy upon which this organization was built. As a result of a rigorous, methodical process that (ISC)² follows to routinely update its credential exams, I’m pleased to announce that enhancements will be made to both the Certified Information Systems Security Professional (CISSP) and Systems Security Certified…
  • Comments from (ISC)² Leadership on Obama's Call for 30-Day Breach Notification Policy for Hacked Companies

    (ISC)² Management
    14 Jan 2015 | 10:01 am
    This proposal is a good start, but as always, the devil is in the details. Implementing this legislation would require both planning and the right people in place to execute. First, we need to consider how the term “breach” is defined – i.e., what would need to happen to require notification?  If breached data is encrypted, would that require notification? Note that most states currently have some form of encryption exemption in their data breach laws. Second, the notification should be submitted in such a way so that the information is useful and doesn’t result in a backlog…
  • CPE Policy Changes for (ISC)² Members Start This Month

    (ISC)² Management
    8 Jan 2015 | 9:04 am
    Beginning this month, (ISC)² has a new annual continuing professional education (CPE) policy, which requires members to earn an equal number of CPEs each year within a three-year certification renewal period. This policy was updated to help our members remain current on their CPEs on an annual basis, therefore, making the comprehensive three-year certification renewal process easier for them to manage. We have experienced situations where many members found themselves significantly lacking CPEs during the last year of their cycles. The new policy will apply to all new certification cycles…
  • New (ISC)² Executive Director Introduction: Building on Our Successes & Striving for Excellence

    David Shearer
    5 Jan 2015 | 6:00 am
    I’m pleased to start off 2015 as the new (ISC)² executive director. As someone who has been entrusted with information security responsibilities throughout my career, I welcome the opportunity to speak out about the challenges we face on behalf of those working to keep our cyber world safe. During my past two years as COO at (ISC)², I’ve seen the organization make positive strides toward establishing a member focus; however, this is a sustained commitment with more work to be done. I want to build on the momentum of our successes while continuing to evaluate areas that we need to…
  • 2015 Cybersecurity Predictions: Bolstering Budgets and Growing and Crumbling Technologies

    Hord Tipton
    11 Dec 2014 | 8:02 am
    As security professionals, we look back at 2014 with a sense of frustration that we are facing major security breaches in the news daily. This year has been our most challenging yet. The world is now well aware that no single industry is immune to cybersecurity attacks – from retailers to financial institutions to hospitals and governments. In fact, PricewaterhouseCoopers’s 2015 The Global State of Information Security Survey found that the total number of security incidents detected by respondents climbed to 42.8 million this year, an increase of 48% over 2013. Next year will certainly…
  • add this feed to my.Alltop

    DFI News All

  • Digital Forensics Can Use Facebook to Solve Cases

    eaustin
    2 Jan 2015 | 7:27 am
    The theft of trade secrets in U.S.Read more about Digital Forensics Can Use Facebook to Solve CasesComments
  • Low-risk 'Worm' Removed at Hacked South Korea Nuclear Operator

    eaustin
    2 Jan 2015 | 7:20 am
    South Korean authorities have found evidence that a low-risk computer "worm" had been removed from devices connected to some nuclear plant control systems, but no harmful virus was found in reactor controls threatened by a hacker.   Korea Hydro & Nuclear Power Co Ltd said it would beef up cybersecurity by hiring more IT security experts and forming an oversight committee, as it came in for fresh criticism from lawmakers following recent hacks against its headquarters.  Read more about Low-risk 'Worm' Removed at Hacked South Korea Nuclear OperatorComments
  • GCHQ's 'Spook First' Program to Train Britain's Most Talented Tech Entrepreneurs

    eaustin
    2 Jan 2015 | 7:13 am
    Read more about GCHQ's 'Spook First' Program to Train Britain's Most Talented Tech EntrepreneursComments
  • Ex-employees, Lizard Squad May Have Aided Sony Hack

    eaustin
    2 Jan 2015 | 7:02 am
    All sorts of theories about who really made off with terabytes of Sony Pictures Entertainment’s corporate data and then set off malware erasing the company’s hard drives have emerged in the wake of Sony’s release of The Interview. While the FBI is insistent that the responsibility for the Sony breach and cyberdefenstration restRead more about Ex-employees, Lizard Squad May Have Aided Sony HackComments
  • Over 80 Percent of Dark-Web Visits Relate to Pedophilia

    eaustin
    2 Jan 2015 | 6:53 am
    The mysterious corner of the Internet known as the Dark Web is designed to defy all attempts to identify its inhabitants. But one group of researchers has attempted to shed new light on what those users are doing under the cover of anonymity.Read more about Over 80 Percent of Dark-Web Visits Relate to PedophiliaComments
  • add this feed to my.Alltop

    Secure Hunter Anti-Malware » Secure Hunter Blog

  • ZeroAccess Botnet Returns, Resumes Click-Fraud Activity Secure Hunter

    shadmin
    29 Jan 2015 | 4:51 pm
    Long thought dead, the peer-to-peer (P2P) ZeroAccess botnet has resurfaced and as of just a few weeks ago, has returned to propagating click-fraud scams. Threatpost | The first stop for security news Secure Hunter Anti -Malware The post ZeroAccess Botnet Returns, Resumes Click-Fraud Activity Secure Hunter appeared first on Secure Hunter Anti-Malware.
  • Of Ghost glibc Vulnerability Patching and Exploits Secure Hunter

    shadmin
    28 Jan 2015 | 4:53 pm
    Experts urge system administrators to patch the Ghost vulnerability in glibc immediately, but counter that as well that exploiting the bug may be challenging. Threatpost | The first stop for security news Secure Hunter Anti -Malware The post Of Ghost glibc Vulnerability Patching and Exploits Secure Hunter appeared first on Secure Hunter Anti-Malware.
  • Analysis of Flash Zero Day Shows Layers of Obfuscation Secure Hunter

    shadmin
    27 Jan 2015 | 4:53 pm
    The Flash zero day that made its way into the Angler exploit kit was wrapped in multiple layers of obfuscation and has the ability to inject its malicious payload straight into users’ browsers. In the last week, since the news broke of the Adobe Flash zero-day flaw appearing in the Angler kit, security researchers have […] Threatpost | The first stop for security news Secure Hunter Anti -Malware The post Analysis of Flash Zero Day Shows Layers of Obfuscation Secure Hunter appeared first on Secure Hunter Anti-Malware.
  • Researchers Link Regin to Malware Disclosed in Recent Snowden Documents Secure Hunter

    shadmin
    27 Jan 2015 | 4:52 am
    Kaspersky Lab has found shared code and functionality between the Regin malware platform and a keylogger described in recently disclosed Snowden documents. Threatpost | The first stop for security news Secure Hunter Anti -Malware The post Researchers Link Regin to Malware Disclosed in Recent Snowden Documents Secure Hunter appeared first on Secure Hunter Anti-Malware.
  • Threatpost News Wrap, January 23, 2015 Secure Hunter

    shadmin
    23 Jan 2015 | 4:52 pm
    Dennis Fisher and Mike Mimoso talk about all of the zero days that were dropped this week on Adobe and Apple, the Oracle backdoor drama and the upcoming Kaspersky Security Analyst Summit in Cancun. Then, Dennis calls Brian Donohue to talk about the wonders of the Blackhat movie and Brian’s dog makes a special appearance, too! Threatpost | The first stop for security news Secure Hunter Anti -Malware The post Threatpost News Wrap, January 23, 2015 Secure Hunter appeared first on Secure Hunter Anti-Malware.
 
  • add this feed to my.Alltop

    Elvidence | Computer Forensics

  • The Information Security Challenges We’ll Face in 2015

    admin
    9 Jan 2015 | 8:42 pm
    Last year saw a number of high profile information security incidents. These ranged from targeted attacks on particular businesses, such as Sony, to vulnerabilities like Heartbleed that had the potential to affect a large part of the web. It would be naïve to think that we won’t see similar incidents in 2015. But what are the areas where we’re likely to see information security making the news this year? Insider Threats Whist there’s a popular image of hackers remotely attacking computer systems, often threats to businesses come from insiders who already have legitimate access to…
  • Computer Forensics and eDiscovery, Are They the Same Thing?

    admin
    5 Dec 2014 | 7:21 pm
    As businesses and individuals store more and more of their data in electronic format, whether on computers, mobile devices or in the cloud, the ability to extract and present that information in legal proceedings and disputes becomes more crucial. Most people would see this as Computer Forensics or eDiscovery, and indeed the terms are often used to mean the same thing. But the two aren’t quite the same and it’s important to understand why that’s so. The Main Differences In truth, the processes involved are very similar. Both involve the identification, preservation, collecting,…
  • How to avoid falling victim to BadUSB

    admin
    22 Nov 2014 | 9:34 pm
    One of the information security weaknesses that’s hit the news recently is the ‘BadUSB’ vulnerability. First revealed by researchers last summer, BadUSB allows the controller chips in USB devices to be reprogrammed so that they behave in a malicious way. There are a number of manufacturers of these chips which are used in flash drives and a wide range of other USB devices including external storage, printers and cameras. Depending on who made the chips some can be reprogrammed, some can’t and some only in a particular set of circumstances. The problem is that makers of end-user…
  • Computer Forensic Investigator = Protecting Your Business

    admin
    1 Nov 2014 | 5:56 am
    Computer forensics is usually something that is associated with legal proceedings, yet it has other uses too. As businesses come to rely more and more on data, the ability to have a detailed analysis of the contents of a PC carried out via computer forensic investigator can be extremely useful. It can help identify internal issues such as who is accessing data or using systems for personal tasks, it can show where leaks have taken place and it can help pinpoint factors to improve the security of your data. Spotting Internal Threats Data is a valuable commodity for most businesses today and…
  • When is an Expert Opinion Allowed in Law?

    admin
    23 Oct 2014 | 9:39 pm
    There’s an old joke which says that the definition of ‘expert’ is derived from ‘ex’ – meaning a has been, and ‘spurt’ – meaning a drip under pressure. In the legal world though defining an expert is rather more serious. Similarly an opinion, in most cases, is simply whatever an individual thinks. However, the law likes to deal with facts which means that opinion can be something of a dirty word. Expert opinions are a different matter and are often called on when legal matters deal with specialist areas. Let’s take a more detailed look at when an expert opinion is…
Log in