±Forensic Focus Partners
New Today: 0
New Yesterday: 2
±Forensic Focus Partner Links
· SQLite Database Forensics – ‘Sleep Cycle’ Case Study
· Data Recovery As A Medium For Email Forensics
· Carving out the Difference between Computer Forensics and E-Discovery
· Forensic Analysis of SQLite Databases: Free Lists, Write Ahead Log, Unallocated Space and Carving
· How Secure Is Your Password? A Friendly Advice from a Company That Breaks Passwords
· Using SQL as a date/time conversion tool
· Forensics and Bitcoin
· Investigation and Intelligence Framework (IIF) – an evidence extraction model for investigation
· Extracting data from dump of mobile devices running Android operating system
7Safe UK Security Breach Investigations Report 2010
The UK Security Breach Investigations Report, supported by high profile organisations SOCA (Serious Organised Crime Agency) and the Metropolitan Police’s Police Central e-Crime Unit, is available in digital format free of charge from www.7Safe.com Breach Report
7Safe is a leading Computer Security and Forensics consulting firm offering a diverse portfolio of services in the fields of computer forensics, Incident Response, penetration testing, PCI DSS compliance and audit, eDiscovery / eDisclosure, and IT security training & certification.
To find out more, please visit 7Safe
- Mogyin what makes for fascinating reading.
It does make for some fascinating reading, thanks.
However, and with all due respect for the Authors, I can find in the report conclusions very little beyond the "normal common sense" that any IT managing a site/web resource managing sensible data should already have of should have been thought the very first day of the "basic course" he should have attended (I am talking about the twelve requirements).
I am a bit perplexed by the contents of page 20.
I have the impression that most people will simply look at the very nice chart stating that 36% of attacks came from Vietnam and 29% from U.S.A. and, completely avoiding reading the actual text, from which it is clear the absolute lack of connection between the pie and the actual origin of the attacks, draw "false" conclusions.
Since 62 is already a very small sample to draw statistical data from, and the number of cases where an actual trackback was performed (the exact number of which is not specified, but that is clearly a very small sub-set of the 62 cases total), I don't think that the data so well rendered graphically is anywhere near an actual representation of the provenance of the attacks.
Maybe the disclaimer about the chart only representing (mostly) just last "hop" should be given more evidence, to avoid "speed readers" get the "wrong" idea (that most the "bad" guys are either in the US or in Vietnam instead of the only conclusions one can draw, which is IMHO that - for reasons unknown - servers or PC's in U.S.A. and Vietnam appear like more easily accessible/exploitable).
- Senior Member