±User Info
Welcome Anonymous
Membership:
Latest: hapypapy
New Today: 10
New Yesterday: 3
Overall: 21757 People Online:
Members: 0
Visitors: 19 Bots: 4
Staff: 0
Staff Online:
No staff members are online!
±Follow Us
±Latest Jobs
±Latest Articles
· Interview with Noreen Tehrani, Applied Trauma Psychologist, NTA
· Digital Forensics and eDiscovery Employment – The State of the Market 2012
· Key Twitter and Facebook Metadata Fields Forensic Investigators Need to be Aware of
· 689 Published Cases Involving Social Media Evidence (with full case listing)
· Overcoming Potential Legal Challenges to the Authentication of Social Media Evidence
· Dealing with Data Encryption in Criminal Cases
· AccessData FTK 4.0: initial impressions
· Firefox Cache Format and Extraction
· Android Tracking – from a forensic point of view
±Downloads
1: Forensic Examination of Digital Evidence: A Guide for Law Enforcement (pdf)
2: ACPO Good Practice Guide for Computer based Electronic Evidence
3: Ancysoft Data Recovery Software
4: Electronic Crime Scene Investigation: A Guide for First Responders (pdf)
5: HELIX incident response CD
6: PDA Forensic Tools:An Overview and Analysis
7: Recover My Files
8: Autopsy Forensic Browser Version 2.03 (source code)
9: Handy Recovery
10: PC On/Off Time
Forensic Focus newsletter, July 2006
Back to top Back to main Skip to menuForensic Focus newsletter, July 2006
Forensic Focus newsletter, July 2006
__/ __/ __/ __/ __/ __/ __/ __/ __/ __/ __/ __/ __/
http://www.ForensicFocus.com
Welcome to the latest edition of the Forensic Focus newsletter!
In this issue:
1. News roundup
2. Dissecting NTFS Hidden Streams
3. Job hunting advice for UK computer forensics professionals
4. This month in the Forensic Focus forums
5. Useful resources
6. Submitting an article to Forensic Focus
1. News roundup
A selection of computer forensics news items hitting the headlines this month
MANDIANT has announced an upgrade to their popular MANDIANT Web Historian software. Web Historian assists users in reviewing websites (URLs) that are stored in the history files of the most commonly used browsers including: Microsoft's Internet Explorer, Mozilla, Firefox, Netscape, Opera and Safari...
http://www.forensicfocus.com/index.php?name=News&file=article&sid=526
FIVE THINGS UBS DID RIGHT, AND FIVE THINGS TO IMPROVE UPON
The government's forensics investigator spent more than three years pouring over UBS' records and analyzing its network. in preparation for the computer sabotage trial. Here are his top five lists for what the company did right after the attack, and what they could have done better before...
http://www.forensicfocus.com/index.php?name=News&file=article&sid=525
COPS AND ROBBERS FIND NEW USES FOR MOBILE PHONES
Mobile phones are changing the lives of both criminals and the investigators that hunt them, mobile phone security experts said at the Infosecurity conference held in New York on Wednesday. With constantly improving storage and processing power, a mobile phone is probably a much more powerful device than many realize, said James Steele, a computer forensics investigator with T-Mobile USA Inc...
http://www.forensicfocus.com/index.php?name=News&file=article&sid=524
E-CRIME CENTRE TO FIGHT CYBER-CRIMS IN NZ
New Zealand Police plan to set up a high-tech crime reporting centre, in partnership with other government agencies, such as CCIP (Centre for Critical Infrastructure Protection) and DIA (Department of Internal Affairs), says Maarten Kleintjes, head of the New Zealand Police Electronic Crime Laboratory...
http://www.forensicfocus.com/index.php?name=News&file=article&sid=523
AFS BECOMES AUTHORISED CCE TRAINING AND TESTING CENTRE
Australian Forensic Services (AFS) has recently obtained the exclusive rights to provide CCE training in Australia. The CCE certification is rapidly growing in size and recognition with over 400 Certified Computer Examiners worldwide and an additional 200 applicants currently in the CCE examination process...
http://www.forensicfocus.com/index.php?name=News&file=article&sid=522
FORENSIC TOOLS 2006
Managing security incidents is essentially a problem of forensics. Peter Stephenson tests three broad groups of products that will enable organisations of all sizes to respond effectively to network attacks. In this group test, we decided to break the mold. Rather than limit ourselves to one type of forensic tool, we approached the challenge of incident response...
http://www.forensicfocus.com/index.php?name=News&file=article&sid=520
BELGIAN COMPUTER CRIME RISES BY 45PC
The federal computer crime unit registered a 45 percent increase in the amount of internet-based crimes last year compared with 2004. A large majority of the crimes involved fraud, news agency Belga reported on Tuesday...
http://www.forensicfocus.com/index.php?name=News&file=article&sid=519
ENFORCING COMPUTER CRIME LAWS: UK MUST LEARN FROM JAPAN
The number of people arrested in Japan for attacking computers with spyware has doubled over the past four years, the FT reported yesterday. According to a report published by the Japanese government, a total of 116 people were arrested in 2005 for illegally trying to gain access to information stored on PCs...
http://www.forensicfocus.com/index.php?name=News&file=article&sid=518
INVESTIGATOR SIFTS THROUGH DIGITAL EVIDENCE TO PUT CRIMINALS BEHIND BARS
Decades ago, criminals seemed to only have weapons such as guns or knives at their disposal, but now, many work with a keyboard and mouse — and their work can be just as harmful or deadly. That's when officers like West Virginia State Police Cpl. D.C. Eldridge come on the job...
http://www.forensicfocus.com/index.php?name=News&file=article&sid=517
POLICE EXPERT ADMITS MOBILE PHONE FORENSICS BARRIER
A police digital forensics expert has admitted that some mobile phones are impenetrable to software used by police in forensic examinations. The revelation follows a paper by a Cambridge researcher which originally made the claim. "There are some phones that are not supported by any tools," said Kevin Mansell, a hi-tech crime trainer for Centrex, the police training authority. Amongst other disciplines, Mansell trains officers in retrieving data from mobile phones. "But it's important to remember that data on phones can always be retrieved manually, just as you would navigate through your own phone..."
http://www.forensicfocus.com/index.php?name=News&file=article&sid=516
SECURING THE SECURITY CAMERAS
You can do so many marvellous things these days with digital cameras, it's a wonder anybody bothers with analogue hardware any more. Why would you want to spend hours wading through old video tapes, to find the exact moment when Suspect A secretes Exhibit B on their person, when you could find the same evidence, with an infinitely higher quality image, in seconds, if everything was stored digitally?
http://www.forensicfocus.com/index.php?name=News&file=article&sid=515
COMPUTER CRIME-FIGHTER CHARGED WITH COMPUTER CRIME
He was one of the first deputies assigned to the Monroe County computer-crime unit. Now he's accused of a computer crime himself. Forty-four-year-old Investigator Michael Hildreth is accused of eavesdropping on next-door neighbor James Missel and changing information on Missel's computer last year...
http://www.forensicfocus.com/index.php?name=News&file=article&sid=514
Want to comment on any of the issues raised above? Please use the Forensic Focus forums at http://www.forensicfocus.com/computer-forensics-forums
2. Dissecting NTFS Hidden Streams
by Chetan Gupta
NII Consulting, Mumbai
www.niiconsulting.com
Cyber Forensics is all about finding data where it is not supposed to exist. It is about keeping the mind open, thinking like the evil attacker and following the trails taking into account any potential source of evidence. After the analyst has created the disk image of the suspect disk, he needs to analyze the file system for any signs of compromise. The most popular file systems encountered by the analysts are FAT, NTFS, UFS, EXT, and CDFS. Most of the workstations use Microsoft Windows as their preferred Operating System and use NTFS as the file system of choice. I am not going to go into the details of this robust and secure file system but I would be talking about a particular feature of this file system which was designed to offer compatibility with Macintosh Hierarchical File System (HFS) and store additional data called metadata for a file. This feature is known as ALTERNATE DATA STREAMS (ADS)...
Read more at http://www.forensicfocus.com/dissecting-ntfs-hidden-streams
3. Job hunting advice for UK computer forensics professionals
by David Sullivan
David@appointments-uk.co.uk
www.appointments.co.uk
A number of the posts on Forensic Focus relate to job opportunities and as a recruiter operating in this field, it is fascinating to see just how quickly the sector is developing and the opportunities this creates for people who make the best decisions. The correct decision now will transform your future, but does that necessarily mean making a move from where you are at the moment? Many CF people I have spoken with have found that looking at the opportunities available has helped motivate them more in their current role as it has made them realise that what they have got is in fact very valuable and that the grass isn't actually greener elsewhere...
Read more at http://www.forensicfocus.com/computer-forensics-jobs-uk
4. This month in the Forensic Focus forums
A selection of recent topics in the Forensic Focus forums
Who would you like to see interviewed?
http://www.forensicfocus.com/index.php?name=Forums&file=viewtopic&t=1015
What is your most common image acquisition setup?
http://www.forensicfocus.com/index.php?name=Forums&file=viewtopic&t=1024
Full Disk Encryption
http://www.forensicfocus.com/index.php?name=Forums&file=viewtopic&t=1048
Email Extraction from raw data
http://www.forensicfocus.com/index.php?name=Forums&file=viewtopic&t=1029
Google Toolbar Forensics/Reversing
http://www.forensicfocus.com/index.php?name=Forums&file=viewtopic&t=1023
FTK Crashing?
http://www.forensicfocus.com/index.php?name=Forums&file=viewtopic&t=1033
How to discern USB device in HELIX ?
http://www.forensicfocus.com/index.php?name=Forums&file=viewtopic&t=1026
5.25" floppy drives
http://www.forensicfocus.com/index.php?name=Forums&file=viewtopic&t=1054
Corporate investigations
http://www.forensicfocus.com/index.php?name=Forums&file=viewtopic&t=1038
Startup Advice
http://www.forensicfocus.com/index.php?name=Forums&file=viewtopic&t=983
5. Useful resources
A monthly guide to the best computer forensics resources on the web
Mailing lists
http://www.forensicfocus.com/computer-forensics-list
http://www.securityfocus.com/archive/104 (Forensics list)
http://groups.yahoo.com/group/linux_forensics/
http://groups.yahoo.com/group/COMPUTER_FORENSICS/
http://groups.yahoo.com/group/computerinvestigators/
http://groups.yahoo.com/group/ComputerForensicJobs/
http://groups.yahoo.com/group/cftt/
http://groups.yahoo.com/group/CCIFTraining/
https://lists.sourceforge.net/lists/listinfo/sleuthkit-users
Blogs
http://windowsir.blogspot.com/
http://computer.forensikblog.de/en/
Podcasts
http://cyberspeak.libsyn.com/
Wikis
http://www.forensicswiki.org
http://www.forensicwiki.com
Web sites
http://www.e-evidence.info/
http://www.tucofs.com/tucofs.htm
http://forensic.to/links/pages/Forensic_Sciences/Field_of_expertise/Computer_Investigation/
http://www.computerforensicsworld.com/
Publications
http://www.ijde.org/
http://www.compseconline.com/digitalinvestigation/
Please contact us through http://www.forensicfocus.com/contact with suggestions for (non-commercial) additions to this section.
6. Submitting an article to Forensic Focus
If you would like to write an article for either the Forensic Focus newsletter or website please send a short proposal through http://www.forensicfocus.com/contact for review. I'm afraid we can't offer any kind of financial reward but you would of course be able to include your contact details (business or personal) should you wish. I look forward to hearing from you.
Until next month!
Kind regards,
Jamie
NEWSLETTER INFORMATION
TELL A FRIEND
Please feel free to forward this newsletter! Alternatively use the form at http://www.forensicfocus.com/tell-a-friend to tell a friend about Forensic Focus.
TO SUBSCRIBE: If someone has forwarded this newsletter to you and you wish to receive future issues just sign up here:
http://www.forensicfocus.com/computer-forensics-newsletter
Your details will NEVER be shared with any 3rd party.
TO UNSUBSCRIBE: If you wish to cancel your subscription please login to your account and change your preferences.
ARCHIVES
Previous newsletters are archived online and can be found at http://www.forensicfocus.com/computer-forensics-newsletter
Copyright(c) Forensic Focus 2006