Digital Forensics Magazine July 2012 Newsletter
The Latest News and Offerings from the DFM Team

Is this email not displaying properly?
View it in your browser.

Welcome to the July edition of the Digital Forensics Magazine Newsletter. August is just around the corner and that means that Issue 12 is soon to be released!

In this months newsletter we bring you details of what's coming up in Issue 12, the latest news and an update from Guidance software.

Information Assurance Strategies Ltd

/In The News

ElcomSoft and Pico Computing Demonstrate World's Fastest Password Cracking Solution

ElcomSoft Co. Ltd. releases world's fastest password cracking solutions by supporting Pico's range of high-end hardware acceleration platforms. ElcomSoft is Pico FPGA-based hardware to greatly accelerate the recovery of passwords.

At this time, two products received the update: Elcomsoft Phone Password Breaker (http://www.elcomsoft.com/eppb.html) and Elcomsoft Wireless Security Auditor (http://www.elcomsoft.com/ewsa.html), enabling users to recover Wi-Fi WPA/WPA2 passwords as well as passwords protecting Apple and Blackberry offline backups faster than with the already supported clusters of high-end ATI and NVIDIA video accelerators. Pico support is planned for Elcomsoft Distributed Password Recovery.

Pico Computing manufactures a range of high-end hardware acceleration platforms, offering a computational equivalent of over 2,000 dual-core processors in a single 4U chassis. By supporting Pico hardware, ElcomSoft leaps forward in the performance race, delivering market's best speed of recovery for Apple and BlackBerry backups and WPA/WPA2 Wi-Fi passwords.

"ElcomSoft pioneered hardware acceleration in password recovery", says Andrey Belenko, ElcomSoft leading crypto analytic and the original inventor of GPU-accelerated password recovery. "Today, together with Pico Computing we're breaking a record in performance, offering faster recovery than anything else on the market."

Pico's FPGA boards set a new benchmark in forensic computational performance. Actual password recovery performance with Pico hardware exceeds that of every other acceleration solution supported by ElcomSoft.

"Pico FPGA-based hardware is used by many law enforcement and forensic organizations worldwide", says Vladimir Katalov, ElcomSoft CEO. "By supporting this platform, we're entering true supercomputer performance, delivering the world's fastest password recovery solution to the most demanding customers."

ElcomSoft products support a wide range of hardware acceleration platforms including Pico FPGA's, OpenCL compliant AMD video cards, Tableau TACC, NVIDIA CUDA hardware, conventional and enterprise-grade solutions including Tesla and Fermi.

Data Breaches at Yahoo, Formspring and Nvidia

t has been relatively quiet on the IT hacking front for the past month since LinkedIn and eHarmony were hacked and some 8 million user passwords taken. But things hotted up this past week, with several major hacks targeted at the social media site Formspring, search company Yahoo, and just announced today, hardware maker Nvidia.

On Monday, hackers posted password information on 420,000 Formspring accounts online, which caused it to reset the passwords for all 28 million users on Wednesday as a precaution. A story at the San Francisco Chronicle quotes the following from Formspring founder Ade Olonoh’s blog that, ”We found that someone had broken into one of our development servers and was able to use that access to extract account information from a production database."

The Formspring passwords taken were encrypted, and the company “salts” its password files, making it more difficult for them to be decrypted than in the LinkedIn and eHarmony cases. A story in Secure Computing magazine says that Formspring has taken additional steps to increase the strength of the password encryption technique it uses.

Read full article at iEEE Spectrum.

Fear of cyber crime stops EU citizens doing business on the web

Almost a third of European citizens lack confidence in using the internet for financial transactions.

A survey of 27,000 citizen across EU member states, commissioned by the European Commission (EC), reported that internet users are concerned about cyber security.

According to the study, 89% avoid disclosing personal information online and 74% agree that the risk of becoming a victim of cyber crime has increased in the past year.

Cecilia Malmström, EU commissioner for home affairs, said: "While ever more people are making the most out of the Internet and benefit from the digital economy, it is not surprising that security of personal information and online payments top the list of our concerns.”

The survey found that 12% of internet users across the EU have already experienced online fraud and 8% have fallen victim to identity theft.

However, 53% have not changed any of their online passwords during the past year.

Read on at Computer Weekly

/Announcement from Guidance Software

Tableau TD2

Tableau TD2 Duplicator: 2012 Forensic 4Cast Hardware Award Winner!


Do you need speed, flexibility, and ease of use? Our award winning TD2 Forensic Duplicator will not only image a drive at transfer rates approaching 9GB/min, but will also image two copies of that drive in the same time as one.

Better still, do you need that drive image in an .e01 file format, for dropping directly into Guidance Software’s award-winning EnCase Forensic software?

Then look no further than the Tableau TD2, Guidance Software's second-generation forensic duplicator. TD2 gives you the option to make 1:2 “twin” copies of suspect drives, with zero performance penalty. In the field, or in the lab, TD2 can copy, verify, format, wipe, hash (MD5 or SHA-1), unlock an HPA or remove a DCO. With optional Protocol Modules, TD2 can image from IDE, SATA, SAS, SCSI and USB2.0 suspect drives (no laptop required).

TD2 isn’t just compact, rugged and feature-rich; its easily upgradable firmware allows you to future-proof your forensic investigations. Coming soon, TD2 will support ExFAT drive volumes, for the newest 3TB & 4TB drives (and, TD2 is field-upgradable to EnCase v7’s .ex01, supporting 256-bit AES encryption).

Available now! For more information, please visit: www.tableau.com/TD2/where2buy.php

/From the DFM Team

Get Involved!

Do you have an interesting and informative article that you think our readers would like to read?

Whether you are a researcher, student, academic or practitioner in Digtial Forensics, we would love to hear about your work. One of the key aims of Digital Forensics Magazine is to bridge the gap between the researcher and the practitioner. Whether its a case study, piece of cutting edge research or a new forensic tool or technique, you can guarantee that your fellow Digital Forensic peers will want to hear about it.

If you would like to submit an article to DFM, send us an email with the 250-word abstract, or visit our submissions page.

Bloggers Wanted!

Are you currently conducting an interesting piece of research?

Do you regularly review new forensic tools and technologies?

If so, then you are just the person we need!

We are currently recruiting a new team of Bloggers to enrich the Digital Forensic Magazine Blog.

If you would like to be considered as a contributor to the Blog, please email us with your name, your blog topic title and a 100-word abstract. We will then contact you if we like the sound of your submission!

Digital Forensics Magazine - Subscribe Now!

/Issue 12 of Digital Forensics Magazine Out Soon!!!

DFM Issue 12

Issue 12 is due out at the beginning of August and yet again it is packed full of interesting articles and news from the Digital Forensics industry. This issues feature article comes from Thijs Bosschert, who tells us all about reverse engineering of PERL2EXE back to PERL.



First Responders & Forensic Capabilities

John Walker investigates why we must look to first response and digital forensics to protect and defend our enterprise and global operations. This article reviews the practicalities of defending against Cyber Evasions, and Invasions and considers where operational and professional responsibilities lie.


Reverse engineering Perl2Exe back to Perl

Perl2Exe is a program that converts Perl source code to standalone Windows executable files, which hide the Perl code. When a forensic investigator encounters a Perl2Exe program (for example malware) it can take a lot of effort to analyse these files. Thijs Bosschert describes a new and easy to follow approach to recover the full Perl source code from these Perl2Exe executable files, making the analysis of these files much easier.

Mobile Devices & Public Space

In this article Andy Swift looks at the numerous impacts of mobile devices being used in public airspace and the workplace respectively, with a focus on their exploitability and common issues associated with these technologies, the article includes research undertaken from recent experiments over the past few months.

What's So Ethical About Hacking?

In this article David Hewitt looks at the definition 'ethical hacking' and discusses whether it is appropriate or confusing; in addition he reviews the history of pen testing / hacking and what it's place is in industry today

Covert Channels Part II

Stealing information, command and control servers talking to bots and battle damage assessment are all uses for covert channels. In the second of this series of articles our own news editor Matthew Isbell takes a look at covert channels and tests their suitability for use.

Video Identification

The proliferation of video material that can be downloaded from the Internet has resulted in child abuse and terrorism cases becoming even more complex and time-consuming to investigate. Dr Richard Leary, MBE, a former West Midlands Police officer and one of the original Directors who set up the Jill Dando Institute looks at the current challenges faced by investigators and introduces VIdentifier the efficient and easy-to-use video identification system.

Circumventing SMS Based Two Factor Authentication

Malware is impacting the security and integrity of the World Wide Web especially for banks and financial institutions. In this article Aditya K Sood and Richard J Enbody detail and investigation into a new exploitation technique used by malware to circumvent “SMS Based 2 Factor Authentication”.

Testing Tool Capability for Social Network Forensics

Social Networking Services have become the people Internet service of choice building relationship networks with personalised meanings. This presents challenges for the Digital Forensics Examiner especially with extraction tool capabilities differing markedly when extracting evidence from Social Networking Sites. In this article Jung Son and Brian Cusack tests some of the tools.


Plus all our usual features "Apple Autopsy", "360", "IRQ" and "Robservations" "Legal news and alerts".

Subscribe now to ensure you don't miss all these great articles.

Digital Forensics Magazine and the DFM Logo are trademarks of TR Media Ltd.
TR Media Ltd, The Old Dairy, Brewer Street Dairy Business Park, Bletchingley, Surrey, RH1 4QP, UK