Digital Forensics Magazine March 2012 Newsletter
The Latest News and Offerings from the DFM Team

Is this email not displaying properly?
View it in your browser.

Welcome to the April edition of the Digital Forensics Magazine Newsletter. We are currently in the build up to Issue 11, which is set to be another fantastic read!

This month, we bring you the latest news from the industry, details of a brand new career opportunity, how you can get involved in contributing to the Magazine, and a preview of what's to come in Issue 11, due out 1st May.

Champlain Advert

/In The News

DHS, Navy to hack into gaming systems

The U.S. federal government wants to obtain the capability to hack into video game consoles, all in the name of thwarting terrorism and pedophiles.

Obscure Technologies, a small San Francisco-based company that performs computer forensics, has received a $177,000 contract from the Department of Homeland Security and the U.S. Navy to create software that can penetrate the Microsoft Xbox 360, the Sony PlayStation 3, the Nintendo Wii and other game systems.

The contract is part of the "Gaming Systems Monitoring and Analysis Project" that began in 2008 when law enforcement discovered pedophiles used video game consoles to find victims.

The contract was signed by the Naval Postgraduate School, but the tools will be delivered to Homeland Security.

Read the full story at Press TV.

Expert in digital forensics testifies in fraud trial.

An expert in digital computer forensics gave evidence today (April 12th) at the trial of alleged fraudsters Kyril Burrows and Delcina Bean-Burrows.

Their Supreme Court trial started on February 22 and has been delayed several times.

Paul Weall told the jury he found various documents on a desktop computer belonging to Mr Burrows and Mrs Bean-Burrows.

He took the jury through invoices he found and compared them to prosecution exhibits side by side.

One invoice referred to Simmons Maintenance and was compared against a prosecution exhibit with the same information.

Mr Weall said: “The dates were different, the hours were different.

“The way the box was laid out and the names were exactly the same.”

Read the full story at BDA Sun.

Move Over SOPA: Why CISPA Has Privacy Activists Up in Arms

The Cyber Intelligence Sharing and Protection Act is worse for civil liberties than SOPA and PIPA, according to opponents, who face an uphill battle against this widely-supported bill.

CISPA aims to give the U.S. government options and resources to ensure the security of networks against attacks and enforce copyright and patents, and will allow companies to benefit from the National Security Administration's cybercrime-fighting tools. The NSA in turn could ask companies for user data to boost its surveillance system.

The bill, due for a House vote in two weeks, boasts support from hundreds of telecommunications, financial and technology companies like Google and Facebook.

Corporations stand to benefit from CISPA, since it would preclude them from lawsuits over security breaches as long as they had previously cooperated with the NSA.

Read the full story at Mobiledia.

/Career Opportunity

Cyber Crime Specialist with HMRC (UK only) - Closing date: 20th April 2012

Cyber Crime Specialist (2 posts)
National: £57,573
London: £63,463
Fixed-term appointment for 2 years
Flexible UK locations

A newly-created HMRC specialist cyber crime team will protect the exchequer from attempted fraud by cyber criminals who are using increasingly sophisticated ways to target HMRC's repayment systems. They will build on HMRC's existing cyber counter-fraud capability and existing investigation and intelligence work and are a key element of HMRCs Cyber Crime and Security Strategy. Join our new Cyber Crime Team, and you will play a critical role in protecting your own, and everyone else's information.

We'll look to you to provide technical expertise and consultancy on the impact of cyber crime on our systems, providing authoritative advice to regime owners and system designers. An excellent communicator, you'll develop and maintain strong relationships with government and industry bodies to enhance our electronic fraud prevention and criminal investigation capabilities. You'll also take the technical lead in complex criminal investigations, supporting investigative teams by identifying and securing digital evidence from internal and external computer networks - evidence to be used in criminal and civil proceedings.

You'll come to us with a proven track record of conducting cyber crime or digital forensics examinations in a commercial or criminal justice capacity. Able to explain technical information effectively to the wider population as well as our national and international partners, you will have a mix of law enforcement and Information Security experience.

You might currently be working for the police or a similar law enforcement agency, or in a consultancy or in-house role. It's likely you'll have a postgraduate-level qualification in cyber crime forensics, digital forensics or information security and you'll definitely have a sound understanding of computer network infrastructure. A full driving licence would be desirable.

HMRC plays a vital role in the economic wellbeing of the nation by assessing and collecting tax revenues, and administering benefits and credits to support families and workers. Protecting these revenues has never been more important.

This is a reserved post, open to UK nationals only. For full details on nationality requirements, please refer to

For full information and to apply, please click here. Closing date - 20th April 2012

HMRC advert

/From the DFM Team

Get Involved!

Do you have an interesting and informative article that you think our readers would like to read?

Whether you are a researcher, student, academic or practitioner in Digtial Forensics, we would love to hear about your work. One of the key aims of Digital Forensics Magazine is to bridge the gap between the researcher and the practitioner. Whether its a case study, piece of cutting edge research or a new forensic tool or technique, you can guarantee that your fellow Digital Forensic peers will want to hear about it.

If you would like to submit an article to DFM, send us an email with the 250-word abstract, or visit our submissions page.

Do you want to be a Book Reviewer?

Do you enjoy reading Digital Forensics books?

If so, then you are just the person we need!

We are currently looking for Book Reviewers who will read through and rate a variety of Digital Forensic books. Reviews that we receive will be posted to our blog, and may even be published in the Magazine itself.

If you would like to be considered as a book reviewer, please email us with your name, address, experience level and a list of topics/types of book you would like to review. We will then contact you when a book fitting these requirements is ready for review!

/Coming up In Issue 11

Issue 11 of Digital Forensics Magazine is due to be released 1st May. To whet your appetites, here's a sneak preview of the main articles:

Chinese Cell Phone & Digital Forensics

The explosion onto the world market place of “Shanzhai” (pirated goods) of Chinese cell phones presents some interesting challenges for the future of Mobile Phone Forensics.

In this article Reed Snyder takes a look at how in 2011 over 800 million mobile phones were manufactured in China and how the development of Systems on a Chip (SoC) for wireless communication devices has revolutionised the design and manufacturing process for mobile devices.

All is not doom and gloom however, International mobile forensic tool companies are working on technologies to address the growing problem and Reed identifies how the leading providers are facing up to the challenge.

Stochastic Forensics

How do you carry out a digital forensic investigation when no artifacts exist?

When faced with this problem and his clients rising panic about a potential insider data theft; Jim Grier had to think outside of the box to prove or disprove forensically that the data had been stolen. Using the actual case study (names changed) Jim explains how he developed an approach he now calls “stochastic forensics”.

Researching, testing and proving his theories and ideas to achieve forensically sound results whilst at the same time working alongside the company lawyers to prove the overall case as any good investigator does, this story has a successful conclusion. Has Jim developed an approach that helps solve the insider data theft problem, read and decide for yourselves.

Let Me In - A guide for Incident Responders who are confronted with a locked system

Glen Edwards takes a look at how the incident response community can overcome situations where locked systems are encountered. He looks at the various techniques available and provides a brief technical overview of what each technique involvesGlen Edwards has produced a very useful guide for Incidents Responders to follow to avoid an investigation being delayed or at worst stopped. The techniques in this article also include how to access a live system by the use of a FireWire port or other expansion slot.

By providing a list of useful resources such as Kon-boot, ophcrack, backtrack and FTWAutopawn, to name but a few along with guidance on how to use them the investigator should never be confounded by a locked system again.

WPS Insecurities & False Prophets - A look at the security of WiFi Protected Setup (WPS)

In 2007 the WiFi Alliance created a standard that allowed a simple step-by-step configuration process for the home user that is enabled by default. With the proliferation of WiFi devices in the home, facilitated by the ISP's as part of their standard Internet connection package.

In this article Andy Swift looks at the WPS facility and analyses the vulnerability it presents. Using practical brute force techniques along with identifying some of the tools that have been produced to exploit the vulnerability. Andy goes on to give a brief tutorial that can be tried yourself using Backtrack and a WPS enabled WiFi Router.

Visualising Photographic Image Metadata for Effective Data Mining

Dealing with large quantities of forensically acquired data, especially images, identifying relationships and linking with open and closed source intelligence can be daunting.

In this article Ollie Whitehouse explains how they dealt with this problem. By looking at the formats of the metadata available as well as the actual metadata that can be recovered they developed a capability to automatically graph and visualise the relationships.

As a result the image transforms when run were able to identify those images that were; taken on the same date, location, with the same device and within a defined period. This research is now going a stage further to integrate it with an existing forensics solution.

Techniques for Forensic Examination of BotNets

Just how do you research and investigate a BotNet?

After establishing a honeypot outside of the lab firewall and letting it run for 11 days; Brian Cusack & Junewon Park found that they had recorded 140,000 exploitation attempts, repelled 3,227 attacks and collected 1,466 malware samples & 110 unique binaries. Having collected such a wealth of information came the task of how to analyse and investigate what they had collected; this article is their story of the investigation process and what they found.

Research & Analysis of bot binaries is a costly business, fraught with risk. Realising this Brian and Junewon established a process that kept cost and risk to a minimum, whilst maximising the efficiencies of the investigation. A must read article if you are considering a honeynet as part of your overall security monitoring operations.

Plus all our usual features "Apple Autopsy", "360", "IRQ" and "Robservations" "Legal news and alerts".

Subscribe now to ensure you don't miss all these great articles.

The contents of any Issue are subject to change at any time up to Publication

Digital Forensics Magazine and the DFM Logo are trademarks of TR Media Ltd.
TR Media Ltd, The Old Dairy, Brewer Street Dairy Business Park, Bletchingley, Surrey, RH1 4QP, UK