future challenges a...
 
Notifications
Clear all

future challenges and trends  

Page 2 / 2
  RSS
keen
 keen
(@keen)
New Member

Hey Neddy,

thanks for the link to the Digital Forensics site. looks like lots of information there. Is "digital forensics" a new or separate field from straight up computer forensics? is it wireless forensics?

ReplyQuote
Posted : 03/04/2006 7:50 pm
neddy
(@neddy)
Active Member

Im not sure keen, I have noticed a trend as of late to refer to computer forensics as digital forensics, I guess this new term covers all digital forensic devices from pda's to mobiles to pc's. You say tomatoe I say tomatoe etc. I dont believe the term 'digital forensics' is restriced to wireless applications.

ReplyQuote
Posted : 03/04/2006 9:57 pm
OldDawg
(@olddawg)
Active Member

Up until two weeks ago I was reading a book called, "Real Digital Forensics" (until I lost it or somebody stole it). It was computer forensics and not some specialized part of CF.

ReplyQuote
Posted : 04/04/2006 3:53 am
AwesomeMachine
(@awesomemachine)
New Member

Putting a certain person at the keyboard, at a certain time, after the fact will be the biggest challenge. Second to that is going to be criminals developing skills to use someone elses computer to do their dirty work, store contraband, store records, create mayhem. Every Windows computer can be uniquely identified by the MD5 hash sums of the photos in "My Photos", the serial numbers of the chassis components, the file hal.dll, and a host of other criteria. I'm very surprised no one has written a program to easily hijack a computer on a residential internet connection.

WinHex has a facility to coherently read NTUSER.DAT, which, in reality, is part of the MS Windows registry. Regedit does not allow viewing this file, which is full of juicy data. I don't know how much black box work has been done with WinHex, so I don't how reliable it would be as testimony.

ReplyQuote
Posted : 06/04/2006 1:05 pm
keydet89
(@keydet89)
Community Legend

AwesomeMachine,

Interesting post.

"Putting a certain person at the keyboard, at a certain time, after the fact will be the biggest challenge."

It already is. This is something LEOs and forensic analysts try to do all the time. However, without some sort of visual evidence, it's nearly impossible to do.

"Second to that is going to be criminals developing skills to use someone elses computer to do their dirty work, store contraband, store records, create mayhem."

Again…we're already there. We've been there for a long time. In fact, it's no longer really even an issue of a criminal developing the skills, but of a newbie getting his hands on a worm/Trojan creation toolkit and accessing someone else's computer with NO skills.

"I'm very surprised no one has written a program to easily hijack a computer on a residential internet connection."

Been around for a long time. In my book, I mentioned an autorooter. Add to that bots and worms…

"Regedit does not allow viewing this file…"

Really? So, when I opend up the RegEdit and look at the HKEY_CURRENT_USER hive, what am I looking at?

Hint I'm looking at the content of the NTUSER.DAT file for that account.

Harlan

ReplyQuote
Posted : 06/04/2006 5:02 pm
debaser_
(@debaser_)
Active Member

Putting a certain person at the keyboard, at a certain time, after the fact will be the biggest challenge. Second to that is going to be criminals developing skills to use someone elses computer to do their dirty work, store contraband, store records, create mayhem. Every Windows computer can be uniquely identified by the MD5 hash sums of the photos in "My Photos", the serial numbers of the chassis components, the file hal.dll, and a host of other criteria. I'm very surprised no one has written a program to easily hijack a computer on a residential internet connection.

WinHex has a facility to coherently read NTUSER.DAT, which, in reality, is part of the MS Windows registry. Regedit does not allow viewing this file, which is full of juicy data. I don't know how much black box work has been done with WinHex, so I don't how reliable it would be as testimony.

Are the md5 hashes salted with a value unique to that particular machine or something? Is there any papers written on these types of things on the net? Id like to read up on it.

ReplyQuote
Posted : 06/04/2006 7:56 pm
MrMan
(@mrman)
New Member

Data mining with lots of text, data, databases.

Proper training / lack of experts.

ReplyQuote
Posted : 25/04/2006 9:23 am
keydet89
(@keydet89)
Community Legend

MrMan…

I don't necessarily think that there is a lack of "experts", as there are people out there that know this stuff. IMHO, it's a lack of awareness due to constraints such as time, money, etc…pretty much any resource.

Volume has always been a problem…which is why things like the Windows Registry aren't delved into more deeply.

ReplyQuote
Posted : 25/04/2006 7:29 pm
azrael
(@azrael)
Senior Member

http//www.cyberforensics.purdue.edu/docs/Lockheed.ppt

For reference this link has changed with a rearrangement of the Purdue website, you can still find the document though …

http//cyberforensics.purdue.edu/DNN/Research/Presentations/tabid/54/Default.aspx

Seems to be the current link …

ReplyQuote
Posted : 23/01/2007 6:10 pm
Page 2 / 2
Share: