IT managers and their staffs now have the Windows Security Log Encyclopedia, a new Windows tool for monitoring, intrusion detection and for carrying out computer forensics. The new tool covers all nine audit categories of Windows Server 2003 and illuminates the subtle, yet critical, differences between Windows Server 2003, 2000, and XP regarding security events. It documents each security event in the Windows OS, complete with analysis and commentary. This tool is freely available online at

http://www.ultimatewindowssecurity.com/encyclopedia.html

“Whenever you delete a file, you’re really not deleting the file,” said Georges Stokes, system administrator for Air Armament Center plans and programs office. “The data is still technically there.” The information that people attempt to delete from their computers varies from user to user said Special Agent Robert Renko, Defense Computer Forensics Laboratory director of operations…

More (Air Force Link)

The Indian Society of Criminology (ISC) in coordination with Valliant CISSTech is to offer certificate courses on Cyber Forensics and Penetration Testing. Announcing this at a press meet in Chennai yesterday, R Thilagaraj, secretary, ISC and head of the department of Criminology, University of Madras, said the course was being introduced with a view to meeting the shortage of trained and validated professionals who would help fight cyber crimes and assist in assessing and validating the security architecture of users of networked information system. He added that the programme was designed to meet Indian market needs…

More (News Today)

A University of California researcher, Tadayoshi Kohno, says he has found a way to identify computer hardware remotely, a technique that could potentially unmask anonymous Web surfers by bypassing some common security techniques. In his paper Kohno mentioned possible forensics applications, saying that investigators could use his techniques “to argue whether a given laptop was connected to the Internet from a given access location.”

More (News.com)

As an IT professional and working network administrator, you may find yourself called upon to testify as a victim or witness (i.e., a representative of a company whose network is victimized) in a computer-related crime. Another possibility is that you might someday want to use your technical expertise to become a professional expert witness in computer-related cases. In this article, we examine the basics of testifying in either capacity in a case involving computer crimes, and how you can move into the lucrative field of computer forensics, on either a full- or part-time basis…

More (WindowsSecurity.com)

In criminal investigations, forensic evidence is often used to prove that a person was at a particular place at a certain time, or even to show an irrefutable connection with a crime that has been committed. In the world of IT, network forensics can be used to identify how communications assets are being affected by data theft committed by internal sources, to track security exploits, and to spot violations of corporate security policies…

More (IT-Analysis.com)

Computer criminals could be working next to you every day, yet be stealing from your business. A survey carried out on 201 companies by the National High Tech Crime Unit, found that the impact of hi-tech crime in 2003 reached an estimated £195 million. Acts of data theft and sabotage were usually found to be internally originated. More worryingly, over one third of fraud acts involved company employees…

More (Bios)

John Mallery says his current job as a computer forensic expert has some parallels to his former calling as a comedian, juggler and knife thrower. “I’ve thrown knives around my wife. If I’m not in shape and I don’t practice, I put her at risk,” he said. “If I’m a forensic examiner and I don’t keep up with my skills, bad guys get away.”

More (CNN)

UK Police want a new body to be set up to investigate internet child pornography. It comes as new figures show arrests and convictions for downloading such images have quadrupled in two years. Home Office figures, revealed by children’s charity NCH, showed 2,234 people were charged or cautioned in 2003, compared with 549 in 2001. The BBC has learned the proposed unit – dubbed the UK Internet Safety Centre – would be staffed by police, charity workers and computer experts.

More (BBC)

For some University of Florida (UF) researchers, CSI means “Computer Scam Investigators.” The team is armed with a new tool – so-called “process forensics” – that combines intrusion detection with digital fingerprinting to nab wily hackers…

More (Sci-Tech Today)

When it comes to computer crimes, especially against children, those in law enforcement should not be trying to do more with less. But that is exactly what the Maine Computer Crimes Task Force is doing these days, according to Col. Craig A. Poulin, chief of the state police. The state is now taking small steps toward correcting a bad decision from last summer that reduced the task force’s already minuscule staff…

More (Kennebec Journal)

Neil Barrett gives some insight into how IT workers can help law enforcement and expert witnesses like himself when prosecuting cybercriminals.

My day job is a rather unusual one; I’m a computer expert witness, principally in criminal prosecutions and primarily for the police. I help to identify, preserve, analyse and – perhaps most importantly – present computer-derived evidence. My job is to make sure the jury – usually complete computer novices – have the best possible chance of understanding and appreciating the nature of the technology and arguments involved. It’s a fascinating, challenging, frustrating and deeply rewarding occupation…

More (Silicon)

Computer forensics have played a lead role in fraud investigations for some time. In the coming year, look for the emergence of real-time, diagnostic software that will enable corporations to detect “red flags” of potential accounting fraud or other types of financial misconduct.

More (Sarbanes-Oxley)

At the RSA Conference on Thursday Ronald Plesco, counsel to the National Cyber-Forensics and Training Alliance, a computer forensics organization established by the FBI and private industry, pointed to the trend in recent years of spammers building networks of compromised computers to launder their fraudulent e-mail offerings. Tim Rosenberg, a research professor at the George Washington University, warned of “multinational groups of hackers backed by organized crime” and showing the sophistication of prohibition-era mobsters…

More (Security Focus)

An investigation into the disposal of computer equipment has uncovered psychological reports on school-children, confidential company data and even details of an illicit affair on hard drives that should have been wiped clean. Universities, schools and global businesses are routinely breaking the Data Protection Act by disposing of computers without removing personal data, researchers found. The Computer Forensics team at the University of Glamorgan examined over 100 hard drives at the behest of investigative journalist, Peter Warren. Some of the drives were bought from eBay, others from computer fairs and traders. Only two contained no recoverable data at all, and one of those was brand new…

More (The Register)

The FBI calls them Regional Computer Forensics Laboratories, or RCFLs. Their specialty? The cyber equivalent of dusting for fingerprints: finding evidence of criminal and terrorist activity on PCs, laptops, cell phones, digital cameras, MP3 players, PDAs, DVD recorders, and other electronic devices. Evidence that generates leads, solves cases, and helps establish guilt or innocence in a court of law. The concept was born in the 1990s, with the spike in criminal cases involving digital evidence. “Why don’t we pool our expertise and establish regional labs that can handle everyone’s needs for cyber forensics?” the law enforcement community asked. Congress helped supply the funds, and the first RCFL was launched in 1999…

More (LinuxElectrons)