Digital Forensics Magazine October 2012 Newsletter
The Latest News and Offerings from the DFM Team

Is this email not displaying properly?
View it in your browser.

Welcome to the October edition of the Digital Forensics Magazine Newsletter. The release of Issue 13 is almost upon us and, as usual, it is packed full of different features.

In this months newsletter we bring you the latest news from the Digital Forensics world, and what's coming up in Issue 13.

Information Assurance Strategies Ltd

/In The News

UK’s First Academic Research Institute to investigate the “Science of Cyber Security”

The Institute, which is funded by a £3.8 million grant, is part of a cross-government commitment towards increasing the nation’s academic capability in all fields of Cyber Security. Its research will ultimately make it easier for businesses, individuals and government to take informed decisions about how to implement better cyber protection measures and safely benefit from the huge opportunities offered in Cyber Space.

Established by GCHQ, in partnership with the Research Councils’ Global Uncertainties Programme (RCUK), (led by the Engineering and Physical Sciences Research Council (EPSRC)), and the Department for Business Innovation and Skills (BIS), the Research Institute is a virtual organisation involving seven universities. It will allow leading academics in the field of Cyber Security including social scientists, mathematicians and computer scientists from across the UK to work together.

It will also connect them with the collective expertise of industry security experts and international researchers in the field to tackle some of the UK’s toughest challenges in Cyber Security, in both the public and private sectors.

Francis Maude, Minister for Cyber Security said "The UK is one of the most secure places in the world to do business - already 8% of our GDP is generated from the cyber world and that trend is set to grow. But we are not complacent. Through the National Cyber Security Programme we are putting serious investment into the best UK expertise to lead thought in the science of cyber. The UK's first academic Research Institute will strengthen capability in a strategically important area, keeping the UK at the forefront of international research in the field."

Congratulating the successful teams, David Willetts, Minister for Universities and Science, said: "Britain has one of the largest online economies in the world and a growing cyber security sector, and we need to ensure this success continues. This new Research Institute will draw on the leading expertise in our universities from both technological and behavioural disciplines to address key challenges. It will help businesses, government and individuals to better protect themselves from cyber threats so they can make the most of the opportunities the internet presents."

CyberMD advert

China’s Cyber-Attack Fears to Spark Massive Defense Spending

China’s concerns over the safety of its power infrastructure will result in astronomical security spending over the next decade, states the latest report by international business analysts GlobalData.

The new paper* says that China’s cyber security market will expand remarkably in the coming years, from a valuation of $1.8 billion in 2011 to $50 billion by 2020, representing a dramatic compound annual growth rate (CAGR) increase of 44.7%.

The study describes the country’s cyber security market as an ‘anomaly’, due to the scale of expenditure when compared with that of other regions - Europe and North America combined are predicted to spend a comparatively modest $16 billion during the same period.

The Asian giant has a strained relationship with a number of nations in relation to cyber security, with the US in particular often accusing Chinese hackers of attempting to breach their power systems, although this has never been confirmed by Chinese government. Such accusations may have fostered an environment of mistrust in which the Chinese authorities expect retaliatory cyber-attacks on their own power infrastructure.

However, as GlobalData explains, for a country experiencing rapid urbanization and undertaking smart grid construction on a vast geographical scale, the cost of protecting all available access points will be huge. The smart grid building phase is expected to be complete by 2015, at which point tens of thousands of homes will be securely connected at an approximate cost of $1,000 per household.

The Stuxnet computer worm, discovered in 2010, was a major example of the vulnerability of power grids to malicious cyber-attack. The worm focused on five Iran-based organizations and was believed by many to be a deliberate attempt to disrupt the Iranian nuclear power program.

New version of DIGIPASS for Mobile combines excellent user convenience with enhanced security

VASCO Data Security International, Inc., a leading software security company specializing in strong authentication products and services, launches today a new version of DIGIPASS for Mobile. DIGIPASS for Mobile 4.0 offers an enhanced user experience through the use of QR codes and more enhanced provisioning and deployment options. With the launch of DIGIPASS for Mobile 4.0 VASCO reinforces its commitment in providing banks and enterprises with innovative security solutions that gain a widespread high end-user acceptance.

DIGIPASS for Mobile 4.0 provides two-factor authentication with one-time passwords and e-signature functionality to address security risks associated with online and mobile applications. New is that the application is bound to device-dependent components and linked to the user with a PIN code, preventing the application from being duplicated on another phone or mobile device. The new version also offers enhanced provisioning and even provides provisioning options for software DIGIPASS using HSM server side implementation. Furthermore, the application supports eight different crypto-applications, allowing an extended use in different settings such as IVR, online connections, signatures, offline transactions etc.

Deployment options have been extended in this version. Besides the traditional online or off-line deployment modes, DIGIPASS for Mobile 4.0 offers a third option using QR codes. The DIGIPASS application can now be activated in an instant without any additional manual input by just capturing the QR code. Customers willing to outsource the provisioning can make use of VASCO's operated DIGIPASS as a Service Provisioning Service.

The application is fully customizable based on customers' individual requirements and comes with a complete set of tools allowing customers to publish their own company branded application on common application stores.

/XBOX Generation Given Chance To Spy

Britain's intelligence agencies are to recruit apprentice cyber spies in an attempt to harness the talents of the "Xbox generation".

Up to 100 18-year-olds will be given the chance to train for a career in the secret services countering the threat of cyber warfare and internet criminals.

The scheme, announced by Foreign Secretary William Hague, is aimed predominantly at GCHQ - the electronic communications agency. However some recruits will go on to work in the other agencies - the Secret Intelligence Service, MI6, and the Security Service, MI5.

The move marks a break with past practice - when the agencies traditionally recruited mainly university graduates. Speaking at Bletchley Park - the home of Britain's Second World War codebreakers and the forerunner of GCHQ - Mr Hague said it was important to bring in the most talented people to secure the UK's cyber expertise for the future.

"It will be the young innovators of this generation who will help keep our country safe in years to come against threats which are every bit as serious as some of those confronted in the Second World War," he said.

"Today we are not at war, but I see evidence every day of deliberate, organised attacks against intellectual property and government networks in the United Kingdom from cyber criminals or foreign actors with the potential to undermine our security and economic competitiveness.

"This is one of the great challenges of our time, and we must confront it to ensure that Britain remains a world leader in cyber security and a pre-eminent safe space for e-commerce and intellectual property online."

Officials said the Single Intelligence Account apprenticeship scheme was aimed at tapping the skills of the "Xbox generation" who had grown up in the world of social media, global connectivity and interactive gaming.

Recruits will undergo a two year programme of training with a foundationdegree course in communications, security and engineering.

They will also study for a level 4 diploma in IT, software, web and telecommunications professional competence.

Mr Hague also used his visit to announce £480,000 in Foreign Office funding for the preservation of Bletchley Park, unlocking #5 million of heritage lottery funding.

/Forensics Euro Expo 2013

Forensics Europe Expo

The Inaugural Forensics Europe Expo will take place on 24th – 25th April 2013 in the Upper West Hall, Olympia, London.

The Event will bring together the widest range of Forensic suppliers, services, equipment and practitioners in the world. With a full Conference Programme, Workshops, Training Sessions, CPD certified content, Live demonstrations and Features, networking events and a wide range of exhibiting suppliers, Forensic Europe Expo will be the definitive place to source products and services, share best practice, network and learn.

A call for papers to participate in the Forensics Europe Expo conference has recently been launched which will cover Digital Investigations, Forensic Analysis, Scene of Crime Equipment & Services and Lab Equipment.

Interested parties should apply here.

Companies interested in exhibiting Forensics Europe Expo can enquire here.

Forensic professionals interested in attending the event can register for more information here.

Digital Forensics Magazine - Subscribe Now!

/Issue 13 of Digital Forensics Magazine Due Out November.

Continuing our aim of bringing you new and interesting articles from the world of Digital Forensics, Issue 13 is shaping up to be another good mix of research and practical advice, here is just a taste of some of the articles being looked at.

The team at DFM reserves the right to change the planned content of any issue, at any time.


Digital Forensics & The Fraud Triangle

Nicholas Miter looks at how many forensic software applications predict fraud and corruption using heuristics based on the Fraud Triangle. He discusses some of the pitfalls of these algorithms, and what forensic software applications can do to improve accuracy.

Cloud Based Honeypots

In this article, Andrew Nicholson introduces honeypots as a tool for the forensic practitioner’s toolbox showing how to deploy a simple cloud-based honeypot and his results after one month.

Cracking MS-CHAP2 - How Secure is Your VPN?

Andy Swift looks at the MS-CHAP2 network authentication protocol, designed by Microsoft way back in the days of NT 4.0, and still happily working away in the background of some well-known systems such as PPTP VPN's and WPA2 Enterprise based networks using radius for authentication. During this article Andy will be taking a closer look at some of the key findings presented at this years BlackHat conference around the subject of cracking CHAP2 once and for all.

First Responders CSIRT & Forensics

With the significant growth and trending of computer crime, along with the associated actors of Hacking, Hacktivism, Serious & Organised Crime attacks, and the risk posed by casual hackers, the potential for any organisation, located within any sector, be it Commercial or Government, encountering some form of attack is highly likely.

Underneath the Hood of Lit I View v5.0

Over the past five years, UBIC has developed an integrated technology platform for eDiscovery, Lit I View™, which it has updated periodically over the past 3 years since the first release. The document management system enables enterprises and global law firms to maintain proper documentation in areas like contracting, design and management of projects in preparation for dispute resolution, we took a look under the hood of the company and the technology.

Creating A Virtual Forensics Lab

In this article, Chris Tragaz provides a practical guide for how virtualization, combined with centralized storage and a few unique products, can be used to build a lower cost and scalable digital forensics lab.

Digital Forensics Magazine reserves the right to change the content of any Issue, at any time, without notice.

Digital Forensics Magazine and the DFM Logo are trademarks of TR Media Ltd.
TR Media Ltd, The Old Dairy, Brewer Street Dairy Business Park, Bletchingley, Surrey, RH1 4QP, UK