Computer Forensics Archive

« Older Entries
Newer Entries »

Generating computer forensic supertimelines under Linux: A comprehensive guide for Windows-based disk images

Posted August 24, 2012 By

When the authors first published this paper, their intentions were to
develop a comprehensive guide to digital forensic timelines in order to
consolidate the many fragmented sources of information concerning this
topic.  What they discovered, however, was that quality references were
often challenging to find among various books, papers, periodicals,
filesystem specifications and source code.

While conducting their research, they found that practical tool-based
solutions existed for generating digital forensic timelines, though
they each had specific limitations.  Thus, efforts were undertaken by
the authors to provide an alternative timeline generation framework. 
Although some in the community had already proposed the use and
generation of supertimelines, all too often important data sources were
being left out.  In order to rectify this, it became necessary to couple
additional tools in order to provide maximum evidentiary extraction…

Read more

View full post on Forensic Focus Blog
http://www.GregoryDEvans.com, http://www.Locatepc.net, http://stolencomputeralert.com, http://computersecurityexpert.net, http://www.hackerforhireusa.com, http://www.GregoryDEvans.net, AmIHackerProof.com, http://ParentSecurityOnline.com, http://TheCyberWars.com, http://hiphopsecurity.com, http://HackerForHireinternational.com, http://www.computersecurityguru.com, http://computer-security-expert.com

Filed in Computer Forensics | Tagged: , , , , , , , , , ,

Webinar: Windows 8 Forensics – A First Look

Posted August 22, 2012 By

Take a first look at Windows 8 forensics in a webinar presented by Josh
Brunty, Assistant Professor of Digital Forensics at Marshall University.
Learn about the changes in Windows 8 which forensic examiners should be
aware of before this new OS is released to the public in October. After
the webinar Josh will be available in the Forensic Focus forums to
answer any questions.

Date: Wednesday, August 29 2012
Time: 11AM EDT US / 4PM BST UK / 15:00 GMT
Duration: 35 mins

Register today at http://forensicfocus.enterthemeeting.com/m/JXI8IWVX

Please share this invitation with any friends or colleagues who might also be interested, thank you.

View full post on Forensic Focus Blog
http://www.GregoryDEvans.com, http://www.Locatepc.net, http://stolencomputeralert.com, http://computersecurityexpert.net, http://www.hackerforhireusa.com, http://www.GregoryDEvans.net, AmIHackerProof.com, http://ParentSecurityOnline.com, http://TheCyberWars.com, http://hiphopsecurity.com, http://HackerForHireinternational.com, http://www.computersecurityguru.com, http://computer-security-expert.com

Filed in Computer Forensics | Tagged: , , , ,

Apple phones are AES-tough, says forensics expert

Posted August 17, 2012 By

Monday’s Technology Review
carries a glowing tribute to Apple iPhone security according to its
author, Simson Garfinkel, a contributing editor who works in computer
forensics and is highly regarded as a leader in digital forensics. He
says Apple has passed a threshold “Today the Apple iPhone 4S and iPad 3
are trustworthy mobile computing systems that can be used for mobile
payments, e-commerce, and the delivery of high-quality paid
programming,” thanks to Apple’s heavy investment in iPhone security.
That is where “threshold” comes in. Apple has crossed it. Even law
enforcement cannot perform forensic examinations of Apple devices seized
from criminals, he said…

Read more (Phys.org)

View full post on Forensic Focus Blog
http://www.GregoryDEvans.com, http://www.Locatepc.net, http://stolencomputeralert.com, http://computersecurityexpert.net, http://www.hackerforhireusa.com, http://www.GregoryDEvans.net, AmIHackerProof.com, http://ParentSecurityOnline.com, http://TheCyberWars.com, http://hiphopsecurity.com, http://HackerForHireinternational.com, http://www.computersecurityguru.com, http://computer-security-expert.com

Filed in Computer Forensics | Tagged: , , , , ,

Researchers Show How to Crack Android Encryption

Posted August 16, 2012 By

As forensic examiners, some of the last things we want to hear are
“encryption” and “enabled” in the same sentence, however that’s what has
been happening with the current line of Android devices. Starting with
Android 3.0, devices have been shipping with the ability for the user to
enable full device encryption. Fortunately for the forensic community,
there are individuals steadfast to find a way to break that encryption -
and have already proven how to do so. Two such researchers – Thomas
Cannon and Seyton Bradford – have demonstrated successful brute force
attacks against Android encryption. Thomas detailed their findings at
DEF CON 2012 in his presentation “Into the Droid – Gaining Access to User Data”

He
discusses that the encryption uses standard Linux dm-crypt,
incorporated in Android devices running version 3.0 and newer, and uses
the same password to encrypt and decrypt data as is used to unlock or
log in to the device. So while the encryption is generally considered
strong, users default to using short or easy-to-type passwords and pins
to protect their device and enable the encryption…

Read more

View full post on Forensic Focus Blog
http://www.GregoryDEvans.com, http://www.Locatepc.net, http://stolencomputeralert.com, http://computersecurityexpert.net, http://www.hackerforhireusa.com, http://www.GregoryDEvans.net, AmIHackerProof.com, http://ParentSecurityOnline.com, http://TheCyberWars.com, http://hiphopsecurity.com, http://HackerForHireinternational.com, http://www.computersecurityguru.com, http://computer-security-expert.com

Filed in Computer Forensics | Tagged: , , , ,

Forensic Examination of FrostWire version 5

Posted August 11, 2012 By

As digital forensic practitioners, we are faced regularly with users
utilizing the internet to swop and download copyrighted and contraband
material. Peer to peer (P2P) applications are commonly used for this
purpose, and like any software application, they are ever changing and
ever evolving. This paper will discuss how the P2P software application,
FrostWire v.5, functions and what artifacts can be found and examined
for forensic purposes. The software application mentioned is one of the
more popular P2P applications…

Read more

View full post on Forensic Focus Blog
http://www.GregoryDEvans.com, http://www.Locatepc.net, http://stolencomputeralert.com, http://computersecurityexpert.net, http://www.hackerforhireusa.com, http://www.GregoryDEvans.net, AmIHackerProof.com, http://ParentSecurityOnline.com, http://TheCyberWars.com, http://hiphopsecurity.com, http://HackerForHireinternational.com, http://www.computersecurityguru.com, http://computer-security-expert.com

Filed in Computer Forensics | Tagged: , , ,

Book Review: Mastering Windows Network Forensics & Investigations

Posted August 1, 2012 By

by Chad Tilbury

Mastering Windows Network Forensics and Investigations fills
an interesting niche not well addressed in the pantheon of digital
forensics resources.  The material is well suited for beginning and
intermediate forensic examiners looking to better understand network
artifacts and go beyond single-system forensics.  I highly recommend it
for system administrators looking for a different perspective on network
security or those interested in designing networks to be
forensics-friendly.  That said, the topics covered do not fit within the
classical definition of network forensics.  A more apt title might be Mastering Incident Response Forensics and Investigations.

This is the first book I have read in the Sybex Mastering series, and
I was impressed with the writing, research, and editing.  The authors
blended dense material with relevant examples and insightful and
engaging text boxes.  Some of my favorite “side” topics were:

  • “Cross-platform Forensic Artifacts”
  • “Registry Research”, illustrating the use of Procmon for application footprinting
  • “Time is of the Essence”, explaining fast forensics using event logs and the registry

The book begins with four chapters familiarizing the reader with Windows
networking.  While this may slow down those hungry for forensics
topics, they are replete with information.  Windows domains, hacking
methodology, and Windows credentials are all described in these early
chapters.  Amazingly, this is the first forensics book I have read
containing a discussion of the NTDS.DIT Active Directory database file,
perhaps the most dangerous file in the enterprise.  While there were
probably too many pages spent on password sniffing and cracking, I
recognize it is beneficial to understand the risks and I commend the
authors for also mentioning pass the hash and token stealing attacks. 
It would have been valuable to see these same attacks identified later
in the book via Windows registry and log artifacts…

Read more

View full post on Forensic Focus Blog
http://www.GregoryDEvans.com, http://www.Locatepc.net, http://stolencomputeralert.com, http://computersecurityexpert.net, http://www.hackerforhireusa.com, http://www.GregoryDEvans.net, AmIHackerProof.com, http://ParentSecurityOnline.com, http://TheCyberWars.com, http://hiphopsecurity.com, http://HackerForHireinternational.com, http://www.computersecurityguru.com, http://computer-security-expert.com

Filed in Computer Forensics | Tagged: , , , , , ,

Introduction to Penetration Testing – Part 3a – Active Reconnaissance

Posted July 26, 2012 By

by Si Biles, Thinking Security

Apologies in advance, this is a bit of a connective blog entry – this
is a big topic, and it needs some scene setting, basic understanding
and several weeks worth to get the most out of it.

We live in a connected world now – my other half was showing me a
washing machine with a WiFi connection and an associated iPhone App that
would allow you remote control of and reporting about your intimate
garments spin cycle ! I wonder if that is really necessary to be honest,
as even if it has finished, knowing that while I’m in the office and the washing machine is at home is a complete waste of electrons.

The network, and the connected nature of things is what allows us as
penetration testers to attempt to compromise the security of a company
without going anywhere near it. There are other aspects to full scale
penetration testing as I’ve alluded to before – with social engineering
and physical attack ( lock picking, not baseball bat ) parts of such a
scope – but a majority of the work is computer and network based.

To that end, a good understanding and working knowledge of networking
is pretty much a job pre-requisite. So, rather than giving you a lesson
myself, I’ll give you a quick and dirty set of online references – this
won’t make you an expert by any stretch of the imagination, but
hopefully it will get us through the rest of this section without too
much head scratching.1

I would apologise for the laziness on my part, however I subscribe to Larry Wall’s school
of thought that it is a virtue – if someone else has done it well
enough already, why spend time re-inventing the wheel. The corollary of
that is, if you find that there isn’t a good explanation of something in
that set that you’d like to understand better – add a comment on the
bottom of this post and we’ll bring it up to scratch ( perhaps both here
and at Wikipedia ;-) ).

So seing as you all now fully understand TCP/IP packet structure and know your URG from your SYN …

Read more

View full post on Forensic Focus Blog
http://www.GregoryDEvans.com, http://www.Locatepc.net, http://stolencomputeralert.com, http://computersecurityexpert.net, http://www.hackerforhireusa.com, http://www.GregoryDEvans.net, AmIHackerProof.com, http://ParentSecurityOnline.com, http://TheCyberWars.com, http://hiphopsecurity.com, http://HackerForHireinternational.com, http://www.computersecurityguru.com, http://computer-security-expert.com

Filed in Computer Forensics | Tagged: , , , , ,

Authenticating Internet Web Pages as Evidence: a New Approach

Posted July 24, 2012 By

By John Patzakis [1] and Brent Botta [2]

Previously, in Forensic Focus, we addressed the issue of evidentiary authentication of social media data (see previous entries here and here).
General Internet site data available through standard web browsing,
instead of social media data provided by APIs or user credentials,
presents slightly different but just as compelling challenges, which are
outlined below. To help address these unique challenges, we are
introducing and outlining a specified technical process to authenticate
collected “live” web pages for investigative and judicial purposes.[3]
We are not asserting that this process must be adopted as a universal
standard and recognize that there may be other valid means authenticate
website evidence. However, we believe that the technical protocols
outlined below can be a very effective means to properly authenticate
and verify evidence collected from websites while at the same time
facilitating an automated and scalable digital investigation workflow.

Legal Authentication Requirements

The Internet provides torrential amounts of evidence potentially
relevant to litigation matters, with courts routinely facing proffers of
data preserved from various websites. This evidence must be
authenticated in all cases, and the authentication standard is no
different for website data or chat room evidence than for any other.
Under US Federal Rule of Evidence 901(a), “The requirement of
authentication … is satisfied by evidence sufficient to support a
finding that the matter in question is what its proponent claims.”
United States v. Simpson, 152 F.3d 1241, 1249 (10th Cir. 1998).

Ideally, a proponent of the evidence can rely on uncontroverted
direct testimony from the creator of the web page in question. In many
cases, however, that option is not available. In such situations, the
testimony of the viewer/collector of the Internet evidence “in
combination with circumstantial indicia of authenticity
(such as the dates and web addresses), would support a finding” that
the website documents are what the proponent asserts. Perfect 10, Inc.
v. Cybernet Ventures, Inc. (C.D.Cal.2002) 213 F.Supp.2d 1146, 1154.
(emphasis added) (See also, Lorraine v. Markel American Insurance
Company, 241 F.R.D. 534, 546 (D.Md. May 4, 2007) (citing Perfect 10, and
referencing MD5 hash values as an additional element of potential
“circumstantial indicia” for authentication of electronic evidence)…

Read more

View full post on Forensic Focus Blog
http://www.GregoryDEvans.com, http://www.Locatepc.net, http://stolencomputeralert.com, http://computersecurityexpert.net, http://www.hackerforhireusa.com, http://www.GregoryDEvans.net, AmIHackerProof.com, http://ParentSecurityOnline.com, http://TheCyberWars.com, http://hiphopsecurity.com, http://HackerForHireinternational.com, http://www.computersecurityguru.com, http://computer-security-expert.com

Filed in Computer Forensics | Tagged: , , , ,

“Finding Evidence in an Online World” webinar recording and PDF now available

Posted July 19, 2012 By

A recording of this week’s webinar “Finding Evidence in an Online World -
Trends and Challenges in Digital Forensics” is now available here and on YouTube here.

Sincere thanks to Jad Saliba for agreeing to re-record the presentation
yesterday as a result of the audio issues we experienced during the live
version. Also, a number of people requested a PDF version of the slides
and Jad has kindly made that available here.

A free trial of IEF (the software used in the presentation) is available at http://www.jadsoftware.com/trial and for details of a 10% discount available until August 1st 2012 please contact sales@jadsoftware.com

View full post on Forensic Focus Blog
http://www.GregoryDEvans.com, http://www.Locatepc.net, http://stolencomputeralert.com, http://computersecurityexpert.net, http://www.hackerforhireusa.com, http://www.GregoryDEvans.net, AmIHackerProof.com, http://ParentSecurityOnline.com, http://TheCyberWars.com, http://hiphopsecurity.com, http://HackerForHireinternational.com, http://www.computersecurityguru.com, http://computer-security-expert.com

Filed in Computer Forensics | Tagged: , , , , , ,

Retrieving Digital Evidence: Methods, Techniques and Issues

Posted July 14, 2012 By

by Yuri Gubanov yug@belkasoft.com
Belkasoft Ltd. http://belkasoft.com

This article describes the various types of digital forensic evidence
available on users’ PC and laptop computers, and discusses methods of
retrieving such evidence.

A recent research conducted by Berkeley scientists concluded
that up to 93% of all information never leaves the digital domain. This
means that the majority of information is being created, modified and
consumed entirely in digital form. Most spreadsheets and databases never
make it on paper, and most digital snapshots never get printed. There
are many activities such as chats and social networking that are
specific to digital and are even unimaginable outside of the virtual
realm.

Most such activities leave definite traces, allowing investigators to
obtain essential evidence, solve criminal cases and prevent crimes. This
article discusses the many types of digital evidence produced by a
typical computer user, criminal or not, and demonstrates methods and
techniques available to extract that evidence out of the original PC and
into the hands of a forensic investigator…

Read more

View full post on Forensic Focus Blog
http://www.GregoryDEvans.com, http://www.Locatepc.net, http://stolencomputeralert.com, http://computersecurityexpert.net, http://www.hackerforhireusa.com, http://www.GregoryDEvans.net, AmIHackerProof.com, http://ParentSecurityOnline.com, http://TheCyberWars.com, http://hiphopsecurity.com, http://HackerForHireinternational.com, http://www.computersecurityguru.com, http://computer-security-expert.com

Filed in Computer Forensics | Tagged: , , , , ,

Parallels hard drive image converting for analysis

Posted July 13, 2012 By

The other day, talking to one of the analysts in Dallas, a question
emerged about analyzing Parallels’ virtual machine hard drives.  To my
surprise, I did not find many help on this issue on-line and did not
find tools that would interpret the file system in Parallels’ hard drive
images.  The simplest way I wanted to approach this issue is by
converting the hard drive image to something simpler like a dd image.  I
found a very nice article on how to convert to a plain hard drive image
using Parallels Image Tool that comes with Parallels Desktop( http://digfor.blogspot.com/2009/08/mounting-parallels-hdd-and-hds-files.html),
but I had no access to a Mac and wanted to see if there is a way to do
this on Windows.  There was VMware vCenter Converter ( free software – http://www.vmware.com/products/converter ), but it did not by giving a message the it could not recognized it.  I also found an interesting tool MakeVM – http://www.sysdevsoftware.com/soft/makevm.php
that looked very promising, but the demo version would not convert an
image size larger than 2GB.  So, I wanted to look further into other
options.  This article is about the findings of that “journey”.

Parallels Workstation comes with a few command line tools for basic
drive manipulation like prl_disk_tool or prl_conver, but the best
converter, I found, is the latest Open Source project QEMU.
Qemu-1.0.1-windows.zip - http://lassauge.free.fr/qemu/

One of the utilities in QEMU is qemu-img where the help file reveals
the value of this simple utility, when it comes to converting image
types.  The latest version just added the parallels’ image format
support.  “Supported formats: blkdebug
blkverify bochs cloop cow dmg nbd parallels qcow qco w2 qed host_device
file raw sheepdog vdi vmdk vpc vvfat”
 
Step 1. I have downloaded Parallels Workstation trail version to
create a virtual machine for testing and to make sure my findings will
be applicable to the latest version of Parallels.

Parallels Workstation Build 6.0.13976
( Revision 769982; June 8, 2012 )

Step 2. Created a virtual machine ( Windows 2008 Server ) with a 20GB hard drive.
Step 3. Used qemu-img utility to convert the image into a raw image
qemu-img.exe convert -f parallels -O
raw “Windows Server
2008-0.hdd.copy.0.{5fbaabe3-6958-40ff-92a7-860e329aab41}.hds”
f:tempotput.dd
Step 4. Opened the image in FTK Imager to analyze the data

Parallels converted hard drive image in FTK Imager
Read more

View full post on Forensic Focus Blog
http://www.GregoryDEvans.com, http://www.Locatepc.net, http://stolencomputeralert.com, http://computersecurityexpert.net, http://www.hackerforhireusa.com, http://www.GregoryDEvans.net, AmIHackerProof.com, http://ParentSecurityOnline.com, http://TheCyberWars.com, http://hiphopsecurity.com, http://HackerForHireinternational.com, http://www.computersecurityguru.com, http://computer-security-expert.com

Filed in Computer Forensics | Tagged: , , , , ,

Introduction to Penetration Testing – Part 2 – The Discovery Phase – Passive Reconnaissance

Posted July 11, 2012 By

by Si Biles ( @si_biles ), consultant for Thinking Security

PenTest, like forensics, is almost as much an art as it is a science –
you can only be taught so far, technical techniques and tools are all
very well, but you really need a mind that can think sideways and
approach a task from as many angles as possible. The ex-LE forensicators
have this skill in spades – the data that is potentially available
during an investigation includes interviews, statements, crime scene
photos and all matter of collected evidence – in the commercial world
there is less available, but still I’m confident that you’ll all have
your sources. PenTest is much the same, the more that we can know about a
potential target before we even fire up NMap1, the further we will get.

The title of this segment is “Passive Reconnaissance” – that’s not to
say that you don’t have to do anything during this phase and that it
all comes to you – it’s about obtaining information which is already in
the public domain – not necessarily deliberately – and is related to the
target.2

There isn’t really anything, at this stage, that we aren’t interested in – collect all the information you can – we can whittle it down to pertinent facts as we go along3.

Right then – where to start ? Well, let’s start to build a picture of our target. Let’s have a look at their domain:

si$ whois google.co.uk
Domain name:
google.co.uk
Registrant:
Google Inc.
Registrant type:
Unknown
Registrant's address:
1600 Amphitheatre Parkway
Mountain View
CA
94043
United States
Registrar:
Markmonitor Inc. t/a Markmonitor [Tag = MARKMONITOR]
URL: http://www.markmonitor.com
Relevant dates:
Registered on: 14-Feb-1999
Expiry date: 14-Feb-2013
Last updated: 10-Feb-2011
Registration status:
Registered until expiry date.
Name servers:
ns1.google.com
ns2.google.com
ns3.google.com
ns4.google.com
WHOIS lookup made at 23:20:53 03-Jul-2012
--

Ok, so we have a home address for our company – this example isn’t
the most detailed, but you can often glean names, e-mail addresses and
phone numbers from a whois lookup. It’s good if you can get
an e-mail address – these will start to give you an idea of what the
common format is that is used within the company – e.g. first initial
last name (sbiles) or first name.last name (simon.biles) or if there is a
complicator (simon.biles100) [incidentally these are all real addresses
at various organisations I've worked at]. Remember this, it will come
in useful later.

If we have a look at the website of our target itself, it is most
likely that there will be good information there too – names, addresses,
phone-numbers and e-mails are all good. Also, look out for support
contact details, FTP site details and logins for example, social
networking links etc. All of this is grist to the mill – potential
routes of later attack, sources for social engineering, logins to
systems that will get you past the first line of defence. Take a note of
product names as well, these are often used as “guest” login details
for FTP sites too – “producttrial” as both the username and password for
example – for sales staff to use with customers. If you are planning a
social engineering phase, it can be beneficial  to take copies of
web-pages ( faking a login page ), logos ( faking business cards and
documents ) and other official looking documents and marketing material –
I personally dislike performing social engineering, it’s often the
easiest way to get into somewhere – if you are going to do it, make sure
that you agree with your client in advance that there will be no
repercussions for any member of staff that you succeed in manipulating,
and that anonymity will be preserved – it could be an unlucky ring of
the phone that costs someone their job otherwise.

Where next ? Google. Google is your friend – it is one of the most
amazing tools available, not only having a huge index of things that are
current, but also cached copies of things that might not be so current.
Googling well is a skill, not unlike that of writing search queries for
Forensic searches – just Google is a lot faster than EnCase or FTK over
a much bigger data set…

Read more

View full post on Forensic Focus Blog
http://www.GregoryDEvans.com, http://www.Locatepc.net, http://stolencomputeralert.com, http://computersecurityexpert.net, http://www.hackerforhireusa.com, http://www.GregoryDEvans.net, AmIHackerProof.com, http://ParentSecurityOnline.com, http://TheCyberWars.com, http://hiphopsecurity.com, http://HackerForHireinternational.com, http://www.computersecurityguru.com, http://computer-security-expert.com

Filed in Computer Forensics | Tagged: , , , , , , ,

Interview with John H. Riley, Bloomsburg University of Pennsylvania

Posted July 5, 2012 By

John, can you tell us something about your background and why you decided to teach digital forensics?

First, thanks for the opportunity to discuss our program. We’re really
proud of what we’ve accomplished here and believe we’re contributing to
the digital forensics community. I started as a mathematician (Ph.D.,
University of Connecticut, 1980) and then began to teach computer
science as well as mathematics in the 1980s. I wrote two programming
textbooks (Pascal, for the old timers). About six or seven years ago, my
department was investigating majors that would be good for students. We
decided upon computer forensics. It is an interesting, useful field of
study that has worked really well for us and our students.

On the
intellectual side, I find the whole issue of what information can be
found and how it can be used to build a story quite fascinating. “Story”
here means a narrative that shows what happened, in a rigorous sense (a
la a mathematician’s proof). As a professor, it’s really fun to work
with digital forensics students. Our curriculum has a lot of hands on
work so we see our students really digging into things. The ultimate
reward is seeing them graduate and begin work. I must note that I’ve had
really great colleagues, particularly Scott Inch, to work with. I also
am grateful to the larger forensics community for their help.

What digital forensic courses are currently offered by Bloomsburg University?

Introduction to Digital Forensics, File Systems 1 and 2, Digital
Forensics Software, Advanced Topics in Digital Forensics, Small Devices
Forensics, UNIX/Linux for Digital Forensics.

Tell us more about course structure and
content. What core knowledge and key skills should students gain by the
end of their studies?

The first five courses listed above (along with some computer science
and other courses) form the backbone of our major. They cover the
artifacts that can be found on a computer (and how they come to be), how
the artifacts can be extracted in a forensically sound manner and how
they can be linked together and presented or reported. As an example,
students know why a deleted file may or may not be able to be recovered,
how to use a tool like EnCase or FTK (or even a hex editor) to recover
it, how it might be related to a link file or a registry entry, how to
ensure its integrity after extraction using a hash function and how to
include it in a report. We stress the importance of knowing how the
computer is organizing files and generating artifacts so that what a
tool produces is understood. Our graduates are prepared to defend their
results. We also put this work in context. It’s not just finding a
deleted file, it’s finding evidence which may change a person’s life. So
beyond knowledge and skills, we foster a sense of responsibility and
integrity…

Read more at http://www.forensicfocus.com/c/aid=46/interviews/2012/john-h-riley-bloomsburg-university-of-pennsylvania/

View full post on Forensic Focus Blog
http://www.GregoryDEvans.com, http://www.Locatepc.net, http://stolencomputeralert.com, http://computersecurityexpert.net, http://www.hackerforhireusa.com, http://www.GregoryDEvans.net, AmIHackerProof.com, http://ParentSecurityOnline.com, http://TheCyberWars.com, http://hiphopsecurity.com, http://HackerForHireinternational.com, http://www.computersecurityguru.com, http://computer-security-expert.com

Filed in Computer Forensics | Tagged: , , , , ,

An Introduction to Penetration Testing – Part 1

Posted June 29, 2012 By

by Si Biles

In an earlier article, many moons ago (Sorry Jamie !), I stated my
opinion that Forensics and Security were opposite sides of the same
coin. I’ve felt very strongly that my skills as a Security Consultant
have only been strengthened and expanded by the experiences I’ve gained
with Forensics, both as part of the Forensic Focus community (again,
apologies for my absence) and as part of my MSc (an ongoing epic
spanning two Universities and many years).

There is a particular area of Security work that I think mirrors the
skill set of Forensics more closely than others – and that is
Penetration Testing. PenTest is probably the most bleeding edge,
exciting and intellectually challenging thing in the InfoSec field – no
matter how much I try, I struggle to get as excited about writing an
“Acceptable Use Policy” as I do given free rein to attempt a “capture
the flag” task on a corporate network. (That’s not to say that AUPs
don’t have their own excitements … nah, I’m kidding, but they are
important – like eating your vegetables…) – at the same time though, the
same measured and methodical approaches and investigative skills that
apply in Forensics, apply in PenTest.

Over the next few articles ( I don’t know how many yet, I’ve not
written them – but I’m aiming to get an update to you fortnightly ) I’d
like to take you through a high level PenTest methodology, showing you
some of the tools and toys that you can play with along the way, at the
end of it all, my intent is to run a competition (with a small prize for
the winner – something like an iPod Nano perhaps?) of a live machine (
or machines … ) connected to the internet that you can all have a pop at
– rules and scoring criteria yet to be determined – and will have to
write a short report on. ( Not that report writing will phase a single
Forensicator! )

In any case, let’s start with outlining the basic methodology –
remember, like Forensics, many parts of a PenTest methodology are
iterative, as you learn more in one phase, you may want to return to an
earlier phase and see what further advances you can make with your
new-found knowledge.

Read more

View full post on Forensic Focus Blog
http://www.GregoryDEvans.com, http://www.Locatepc.net, http://stolencomputeralert.com, http://computersecurityexpert.net, http://www.hackerforhireusa.com, http://www.GregoryDEvans.net, AmIHackerProof.com, http://ParentSecurityOnline.com, http://TheCyberWars.com, http://hiphopsecurity.com, http://HackerForHireinternational.com, http://www.computersecurityguru.com, http://computer-security-expert.com

Filed in Computer Forensics | Tagged: , , ,

What is “good enough” information security?

Posted June 22, 2012 By

by Simon Biles

I have, occasionally in the past, mentored people in (on?)
Information Security – once for money (this is not a revenue stream that
I’ve mastered by any stretch of the imagination!), but more often than
not, informally and infrequently. What there is in common with most
people who are keen, but still a bit wet behind the ears, is an
idealistic world view where Information Security, as a totality, can be
obtained. It sometimes seems a bit like kicking a puppy to have to break
it to people that, irregardless of how long, how much money and how
much technology you throw at something, it will still have
vulnerabilities and risks. Even the proverbial “unplug it, stick it in a
safe and throw away the key” is still vulnerable. I’ve seen “Oceans 11″
– I know what can happen to a safe.

The reality is what we do for a living is to make security “good
enough” – we are risk managers, risk mitigators, risk avoidance and risk
acceptance professionals. We know what can happen, and then we decide
if spending £x on it is worth it. Where we go wrong, inevitably, is that
we sometimes have absolutely no idea about the value of the
asset that we are protecting. How can you determine if a countermeasure
or control is appropriate if you don’t know this figure? The real
problem is that very often the business has no real idea either…

Read more

What is “good enough” information security?, security, Computer Forensics, Enough, good, Information
What is “good enough” information security?, security, Computer Forensics, Enough, good, Information What is “good enough” information security?, security, Computer Forensics, Enough, good, Information What is “good enough” information security?, security, Computer Forensics, Enough, good, Information What is “good enough” information security?, security, Computer Forensics, Enough, good, Information What is “good enough” information security?, security, Computer Forensics, Enough, good, Information What is “good enough” information security?, security, Computer Forensics, Enough, good, Information What is “good enough” information security?, security, Computer Forensics, Enough, good, Information What is “good enough” information security?, security, Computer Forensics, Enough, good, Information What is “good enough” information security?, security, Computer Forensics, Enough, good, Information

View full post on Forensic Focus Blog

Filed in Computer Forensics | Tagged: , , ,
« Older Entries
Newer Entries »

Join the mailing list

Check your email and confirm the subscription