Digital Forensics Magazine July 2013 Newsletter
The Latest News and Offerings from the DFM Team

Is this email not displaying properly?
View it in your browser.

Welcome to the July edition of the Digital Forensics Magazine Newsletter. Issue 16 is almost upon us and we are excited for our next release.

In this Newsletter, we bring you the latest news and all the details of what's in Issue 16 of Digital Forensics Magazine.

Champlain College Masters in Digital Forensics

/In The News

Announcing the SANS 2013 Digital Forensics and Incident Response Survey Results!

New technologies are challenging professionals in the areas of digital forensics and incident response, and policies and tools must catch up.

SANS announces the results of its first-ever survey on digital forensics and incident response, sponsored by Bit9, Cellebrite, FireEye and Guidance Software. The survey results were previewed at the SANS Digital Forensics and Incident Response Summit in Austin, TX, June 9 and the full results were released during a SANS Analyst Webcast on July 18 at 1 PM EDT.

In the survey, 54% of respondents indicated their digital forensic capabilities are reasonably effective. Although the majority of their investigations still take place on company-issued computers and laptops and internal networks and systems, participants also conduct forensic investigations on virtual and cloud-based systems and other unconventional endpoints. When it comes to investigating these new media types, participants are nearly equally divided among several challenges inherent to such investigations--including a lack of specialized tools, standards and training, and visibility into potential incidents.

"The landscape of digital forensics has changed dramatically over the last several years while in many cases our tools and techniques have lagged behind. This survey illustrates the technical and policy challenges faced with mobile and BYOD investigations, while highlighting the need for additional response and investigative capabilities. It also shows that overwhelmingly, respondents do not have SLAs with cloud providers that cover forensic investigations. The results of this survey should help organizations understand how they compare to others in industry and is a useful planning tool for those looking to increase their capabilities," says Jacob Williams, a forensics consultant and SANS co-instructor who is co-authoring the survey report.

The respondents for this survey were numerous and diverse, with more than half representing organizations of 2,000 employees or more. Smaller operations were also well represented; organizations with fewer than 500 employees comprised almost one-third of all responses. Respondents also came from a range of industries; the largest group (almost one-quarter of survey respondents) was government professionals. Education, financial, consultants in forensics and incident response, and technology were the next most represented industries, with approximately 10% of responses each.

"Digital investigations are rapidly assuming a larger role in our system of justice and in our greater society. This survey informs us that digital investigations are changing as technology changes. The experts and the authorities who conduct and rely upon digital investigations are scrambling to catch up. They need better tools, new practices, updated education and more savvy professional guidance," says Ben Wright, a SANS senior instructor and attorney who is also co-author of the survey report. "This survey demonstrates that investigators need to review policies and practices with knowledgeable legal counsel, to ensure that evidence is managed effectively and that investigations are not derailed by surprises such as privacy law."

New technologies bring complications as well as convenience, as Paul Henry, a SANS senior instructor who is also co-author of the report explained: "Although the community has long recognized the benefit of performing a physical analysis of a mobile device in recovering deleted data, device vendors are not making such analysis any easier by implementing mandatory encryption of storage media. In just one example, this caused a delay of several weeks while law enforcement waited for Apple to unlock and decrypt an iPhone; sometimes such requests take months. Meanwhile, forensics in the cloud requires an updated skill set--in many respects it can be more technically difficult, as traditional forensic procedures can potentially destroy the evidence you are trying to collect."

Those who registered for the July 18 webcast were given access to the full report developed by Jacob Williams, Paul Henry and Ben Wright.

During the webcast, attendees learned:

-- Who uses digital forensics
-- How and why investigations take place
-- The challenges of investigations at the cutting edge of technology.

DMU-Deloitte banner img

Through Google Glass -- Preparing Digital Forensics and Cyber Security Education

Google Glass, the voice-controlled glasses that act as a wearable computer, recently became available to a handful of initial testers. After participating in an application process and submitting a proposal on how I would use the product, I was selected as a Glass Explorer for Google. As an educator, I emphasized that Google Glass had tremendous educational value, and could be used to develop curricula for middle and high school students on cyber security and digital forensics. This would help contribute to Science Technology Engineering and Mathematics (STEM) education, and the technology would allow me to share my passion and empower others to choose an excellent career path. As a cyber security professional, I articulated excitement about how Google Glass can be utilized to change the face of digital forensics and how we keep our nation and various corporations secure.

I was lucky enough to be able to travel to New York to pick up my own Google Glass, specifically for the purpose of using it for forensics education at my employer, Champlain College in Burlington, Vermont. Google's latest development possesses the potential to change the way cyber security and forensics are taught at colleges around the country. It gives students like ours the potential to perform high-level technical research through a practical, hands-on approach, all while sharing and memorializing their work in a seamless manner. Through encouraging the development of more forensics-oriented niche programs at higher education institutions, future IT and security professionals will be better prepared to address advanced cyber security threats to both public and private institutions.

Imagine you are an incident responder or law enforcement professional who normally responds to serious network breaches on large corporate networks or performs search warrants. Would it not be amazing to be able to document what is going on in the heat of the moment? Having been involved in many such network security incidents and search warrants, and looking back at the documentation process, I realize how Google Glass could help one quickly memorialize details of an event without needing to pull out a separate camera or special equipment.

Read on at The Huffington Post.

Car key immobiliser hack revelations blocked by UK court

A High Court judge has blocked three security researchers from publishing details of how to crack a car immobilisation system.

German car maker Volkswagen and French defence group Thales obtained the interim ruling after arguing that the information could be used by criminals.

The technology is used by several car manufacturers.

The academics had planned to present the information at a conference in August.

The three researchers are Flavio Garcia, a computer science lecturer at the University of Birmingham, and Baris Ege and Roel Verdult, security researchers at Radboud University Nijmegen in the Netherlands.

"The University of Birmingham is disappointed with the judgement which did not uphold the defence of academic freedom and public interest, but respects the decision," said a spokeswoman.

"It has decided to defer publication of the academic paper in any form while additional technical and legal advice is obtained given the continuing litigation. The university is therefore unable to comment further at this stage."

Radboud University Nijmegen said it found the ban "incomprehensible".

"The publication in no way describes how to easily steal a car, as additional and different information is needed for this to be possible," said a spokeswoman.

"The researchers informed the chipmaker nine months before the intended publication - November 2012 - so that measures could be taken. The Dutch government considers six months to be a reasonable notification period for responsible disclosure. The researchers have insisted from the start that the chipmaker inform its own clients."

Neither VW nor Thales was able to provide comment.

The ruling was issued on 25 June, but the case only gained public attention following an article in the Guardian.

Read on at BBC Technology News.

Digital Forensics Magazine - Subscribe Now!

/Issue 16 of Digital Forensics Magazine Out 01/08/13!

DFM Issue 16

Issue 16 is due out on the 1st August. This issue focuses on Malware, Google Earth Forensics and the second part of our Google Desktop feature from Issue 15.



Five Tips for Using Google Earth in Forensic Cases

Major commercial mobile forensic tools on the market have evolved to obtain, report, and export geo-location data from devices. However, no matter what the format the geo-location data is exported to, the major tools have little or no way of shaping the data in a way meaningful to investigators, lawyers, jurors or judges. There is a solution to making the data more compelling in court, it is freely available and the forensic utilities ready offer an export option to its native format. That solution is Google Earth. Michael Harrington seeks to give investigators and forensic examiners five useful tips they can immediately put into practice with geo-location data they have exported from their tool of choice in the Google Earth format.



Google Desktop Forensics Part 2

Digital forensic examiners may examine Google Desktop artifacts during an investigation. In the second part of her article, Jenn Byrne looks in detail at examining Google Desktop. In the previous article we looked at Google Desktop, how it works and how to do searches. In this article we continue the analysis of Google Desktop.


Social Networking Steganography Opportunities

Social networking sites are the new Wild West of hidden communications. Brian Cusack and Aimie Chee investigate. Hidden messaging is an ancient art that has received a mega boost in the digital age. The ability for anyone to use the Online communication channels to send messages is as easy as sending an email and the rich multimedia opportunities of social networking are not much more difficult.

Utilising Reputation Data to Increase Network Security

Every day hundreds of new malware samples are discovered and the antivirus detection rate for each varies. It's highly unlikely that recently discovered samples achieve a 100% detection rate. The problem facing AV vendors is an intraceable one: there are simply too many ways that authors of malware can package their code to evade detection. AV products need to be augmented by other tools and techniques to provide greater assurance, as Will Alexander explains.

iPhone Back-Up files.

A viable source of evidence and a gateway for exploitation, explains Kate Wright. The forensic industry faces a never-ending battle against technology, attemtping to innovate and maintain modern platforms that are capable of forensically examining a diverse array of media, whilst it proceeds to evolve at an alarming pace. Mobile forensics is a rapidly evolving field within digital forensics, each year featuring new developments of not only physical devices, but also operating systems and applications.


Plus all our usual features "Apple Autopsy", "360", "IRQ" and "Robservations" "Legal news and alerts".

Subscribe now to ensure you don't miss all these great articles.

Digital Forensics Magazine and the DFM Logo are trademarks of TR Media Ltd.
TR Media Ltd, The Old Dairy, Brewer Street Dairy Business Park, Bletchingley, Surrey, RH1 4QP, UK