Digital Forensics Magazine February 2013 Newsletter
The Latest News and Offerings from the DFM Team

Is this email not displaying properly?
View it in your browser.

Welcome to the February edition of the Digital Forensics Magazine Newsletter. This month saw the release of Issue 14, which is already generating lots of interest. Especially with Mark Osbornes article on GPU and CUDA Programming.

In this Newsletter, we bring you the latest news, information on events this year and all the details of what's in Issue 14 of Digital Forensics Magazine.

Information Assurance Strategies Ltd

/In The News

CyberPatriot Opens Pre-Registration for 2013-2014 Competition Season

Pre-registration is now open for CyberPatriot ‐ The National High School Cyber Defense Competition, allowing those interested in participating in the next season a head start in gathering information, saving dates and keeping up-to-date with news prior to the official registration period.

CyberPatriot, an education initiative established by the Air Force Association in 2008, is a one-of-a-kind cyber defense competition designed to inspire students to consider science, technology, engineering and mathematics (STEM) fields in their studies. The unique structure helps to prepare college- and career-ready students with not just technical skills, but also invaluable experience in teamwork, leadership, and critical-thinking. Competitors also gain great insights and technical expertise from industry leaders, including CyberPatriot's presenting sponsor, the Northrop Grumman Foundation.

CyberPatriot's extraordinary growth since its inception builds on the surging popularity of the competition and its timeliness in addressing the cybersecurity needs that today's society demands. It grew from only eight teams in one location in 2009 to more than 1,200 teams registered in 2012, competing from all 50 states, and U.S. Department of Defense dependent schools in Europe and the Pacific, as well as teams from Canada.

Pre-registration is available here.


CREST and IISP join forces to host new event for information security professionals

Following the growing success of its annual CRESTCon event over the last three years, CREST &hyphen: the professional body representing the ethical security testing and incident response industry ‐ is partnering with the IISP (Institute of Information Security Professionals) to host the first ever joint CRESTCon & IISP Congress. The event takes place on 20th March 2013 at the Royal College of Surgeons in London and will bring together leading technical, business and academic experts to address some of the most critical information security threats and challenges and to harness industry knowledge and experience.

Aimed primarily at security professionals and industry experts concerned with governance and risk and interested in best practice, tools and techniques, attendance is only open to members of IISP and CREST, and delegates from the wider information security community. For more information or to register go to

"The link between the technical and business-led IT security professionals to share knowledge and experiences has never been more important," said Ian Glover, President of CREST. "This event builds on the established relationship between CREST and IISP, most recently as part of the CESG Certified Professional scheme. It will give attendees the opportunity to network with over 200 industry peers, government agency representatives, senior CISOs and academics."

"By joining forces with CREST to host this event we are harnessing the synergy between our organisations and our common aim to further professionalise the industry," said Amanda Finch, General Manager at the IISP. No other event brings together business and technical professionals in information security to network, learn and share valuable experiences and knowledge."

The conference will have two speaker tracks and delegates will be free to move between the two streams: Stream 1 is aimed at security consultants, researchers and those on the front line ethically attacking and/or defending information systems; while Stream 2 is aimed at a wide cross-section of information security professionals, especially those involved in security management, risk and compliance and will include sessions on career development

Cyber Espionage Campaign Against the Uyghur Community, Targeting MacOSX Systems

A partnership between AlienVault and Kaspersky Labs have been very busy investigating a new strain of spearphishing media sent to the Uyghur community.

The Emails, in question, contained a Microsoft Office .doc file that aimed to exloit the Microsoft Office for Mac software. The exploit has been used before in other attacks investigated by AlienVault.

In his blog, Jaime Blasco, explains that "similar attacks have been reported against various ethnic groups like the Tibetan people and other NGOs and human rights organizations."

He further explained that research conducted by AlienVault has been used as a lure to target NGOs.

The filenames of the attachments used in the campaign all link to the Uyghur community and even try to decieve people into opening them using clever titles such as 'Uyghur Political Prisoner.doc'.

Jaime describes how one of the documents is actually amusing as it relates to the "Rise in possible State-Sponsored hacking".

Once the malware has infected the system, it attempts to write both the pslist and the backdoor under the LaunchAgents directory of the MacOSX filesystem, which is used to store configuration files defining the parameters of services that are run using launchd.

AlienVault and Kaspersky Labs were able to fully reverse engineer the malware and discover author names, the activities of the malware and even conducted some network analysis to map out the passive DNS data and link the emails back to two specific command and control domains ‐ and

Kaspersky Labs report on the attacks explain that the attackers aim to exploit the CVE-2009-0563 Microsoft Office vulnerability, a vulnerbaility known to be used prolifically by the famous "captain".

Kaspersky Labs have released advice on how to protect against these attacks, which can be found on their blog, here.

/Forensics Euro Expo 2013

Forensics Europe Expo

Digital Forensics Magazine is proud to be partnering with the Forensics Europe Expo, hosted in London, this April.

FREE Visitor Registration is now live for Forensics Europe Expo, 24‐25 April 2013, Olympia, London. This is a must attend event for any police or law enforcement professional involved in the forensic analysis of evidence and criminal prosecution.

The closure of the Forensic Science Service in March 2012 has forced the forensic landscape to evolve into an "Open Market."

There is now, more than ever, a need to understand new legislation, and the impact and future challenges it will have on the availability, procurement and supply of forensic analysis & products and the future challenges facing the market.

A free to attend exhibition with 70+ exhibitors and a product demonstration led workshop programme will run alongside dedicated 2-day Forensic Innovation and Digital Forensics conference streams. All Digital Forensic Magazine readers will receive a 20% discount off the conference by using code DISC20 at the registration checkout.

Digital Forensics Magazine - Subscribe Now!

/Issue 14 of Digital Forensics Magazine Out February 1st!

DFM Issue 14

Issue 14 was released at the beginning of this month and has generated a lot of buzz, especially about our feature article. The article comes from well known Forensic and Security pratitioner, Mark Osborne, and discusses GPU and CUDA.

The Criminal Connection

Yuval Ben-Moshe discusses how the use of mobile forensics can help combat the threat of organised crime. By exploring the way in which technology is advancing, we can predict how criminals will operate.

CUDA & GPU For Security and Forensics

Mark Osborned explores the opportunities that CUDA holds for revolutionizing information security. He explains how the use of GPU and CUDA could lead to a world of hardware assist security.

Fuzzing Risks for Rich HTML Applications

In this article Brian Cusak and Muteb Alqahtani describe how modern commerical web applications are vulnerable to attack via threat vectors that involve the use of fuzzing, especially where rich HTML is used, that operate much life a desktop operating system.

Blackberry File Deletion and Thumbnail Image Caches

BlackBerry devices are not typically welcome arrivals within a forensic lab; their robust security often making examination diffi cult. In this article Kevin Mansell looks at some interesting aspects of the FAT implementation used in BlackBerry devices, and how thumbnail caches can provide a valuable source of evidence.

Tarantula Uncovered

In the May/June 2012 issue of Digital Forensics, we discussed the inherent challenges posed by Chinese mobile device chipsets to forensic professionals. We also introduced Tarantula, an advanced mobile forensics system, including hardware and software, which is specifi cally designed to analyse devices with these chips. In this article, Kevin North takes a closer look at Tarantula and explain the analysis process. We will also present some features of Tarantula's latest release.

Fraud Prevention in Unified Communications

Michael Taylor observes how UC vulnerability loopholes need management strategies to minimise fraud and explains how Emerging Comprehensive Unified Communication Risk Management (CUCRM) solutions reduce UC fraud while maintaining realistic ownership costs.

Remote Data Collection

In this article using a particular case study Tom Turner looks at how a Remote Governance and Collections platform (RGC) was developed as a proof of concept and can be used to manage and forensically collect data, saving investigators (and their clients) both money and time.

Mobile Malware

An Ethical Hackers view on the dangers of mobile malware and how to stop it.

Plus all our usual features "Apple Autopsy", "360", "IRQ" and "Robservations" "Legal news and alerts".

Subscribe now to ensure you don't miss all these great articles.

Digital Forensics Magazine and the DFM Logo are trademarks of TR Media Ltd.
TR Media Ltd, The Old Dairy, Brewer Street Dairy Business Park, Bletchingley, Surrey, RH1 4QP, UK