Live Hacking

Title: Live Hacking: The Ultimate Guide to Hacking Techniques and Countermeasures for Ethical Hackers & IT Security Experts

Author: Dr. Ali Jahangiri

Reviewer: John Forrester

Cover Image Live Hacking
Live Hacking


I’d never be so presumptuous as to label myself a hacker but I am an IT security guy so I know the subject matter pretty well. The allure of Dr. Jahangiri’s book was that it would educate me to think like a hacker, so helping me better understand how the bad guys operate and how they gain unauthorized access to our computer systems and networks. As Sun Tzu once wrote, “To know your enemy you must become your enemy.” So, I was really quite excited to get my hands on this book, especially after reading the back cover blurb on and seeing the rave review that a previous reader (or friend) had given it. However, when the package arrived (courtesy of DFM), I was really disappointed. It’s obviously self-published – no problem with that as long as it’s done well – and it shows. There are a bunch of grammatical and spelling errors in the text that really detract from the overall quality of the book and at 49.99UD$ I had serious reservations about ‘value for money’. If I wasn’t writing a review for DFM I’d have considered sending the book right back to where it came from any demanding a refund. However, I ploughed on regardless, and here’s what I found. Firstly, a criticism again on value is that the book is full of (and I mean packed tight with) screen grabs from websites where the page is so condensed that it’s virtually impossible to read or interpret the detail, so the impact of showing the reader the tool is completely lost with such bad reproduction. The first chapter on essential terminology is sparse and did not deliver the glossary I was hoping for, while chapter 2 on reconnaissance simply lists a plethora of websites that you might be able to glean some information about your target from (the bulk of this chapters content is screen grabs). Chapter 3 on Google hacking is ok for a stratospheric overview of a complex subject, but after reading an excellent treatment on exactly this subject just a few months ago (Google Hacking by Johnny Long; published by Syngress) this chapter left me somewhat flat. Chapters 4, 5 and 6 on scanning, enumeration and password cracking again were ok, not fantastic, just ok. What these chapters offer are simplistic, high-level overviews of three subjects that each deserve (and have already got) books in their own right – some at lower price points, I might add. Chapter 7 delivers a whopping 11 whole pages on Windows hacking. Now, I have some experience with penetration testers trying to hack into my systems and I’d guess they had more than 11 pages worth of experience at hand. Maybe I’m wrong, but I’d probably even take a bet on it. Uncommonly in this book, I was pleasantly surprised with chapter 8 on malware as the author covers a good range of nefarious technologies. Aside from an unnecessary abundance of full sized screen captures (yawn, I do go on) from Spytector (there are 8 back-to-back across just 5 pages) the author does a good job of providing an overview of the various forms of ‘bad code’ that can gain access to your systems and data. I was fairly unimpressed with the rest of the book, with the highlight being chapter 10’s treatment of a SQL injection attack – I’d always wondered how that works. So, with 185 pages of useful (?) content, many of which are crammed with illegible screen grabs, I was not impressed. Sorry, Dr. JahanGri, I’m sure you are a very clever man and very proficient in teaching this stuff to your students, but maybe you should consider looking for a professional publisher next time rather than the DIY option.



Digital Watermarking—A Specialized Form of Digital Steganography

In classifying digital watermarking programs as digital steganography applications, it is important to distinguish between watermarking programs that embed a visible watermark and those that embed an invisible watermark. Because the objective of steganography is to conceal the existence of information, a watermarking program that embeds a visible watermark in the carrier file could hardly be considered a steganography application. However, a watermarking program that leaves an invisible watermark in the carrier file should be properly classified as an application of digital steganography because the embedded watermark is imperceptible to the human senses.

Another characteristic of digital watermarking programs is robustness.

A watermark is considered to be fragile if the mark is not detectable after even the slightest transformation of the carrier file. For example, resizing an image file could destroy a fragile watermark. On the other hand, a watermark is considered to be robust if the mark is detectable after certain transformations are performed on the carrier file. Thus, digital watermarking programs that embed robust imperceptible watermarks must be properly classified as digital steganography applications. Another aspect of digital watermarking programs is the size of the payload that can be embedded in the carrier file. The payload size of a digital watermarking program will be much more restricted than the payload size of other digital steganography applications.Many steganography applications can accommodate multi-megabyte payloads. However, a digital watermarking program may only embed a few bytes or a few hundred bytes. The quantity of information that can be embedded in a carrier file is not a good criterion for determining whether or not an application should be considered a steganography application. It is not difficult to imagine scenarios where a single word or number could have a much larger meaning. Therefore, even though digital watermarking programs have restricted payload capability, the programs that employ techniques to embed robust and imperceptible watermarks must be classified as digital steganography applications It is important to note that some steganography investigation datasets do not include any digital watermarking programs because the dataset creators do not consider any digital watermarking programs to be steganography applications even if the program embeds a robust imperceptible watermark. Therefore, digital forensics examiners must be careful when determining which steganography data set to use because selecting the wrong one could result in failure to detect certain digital watermarking programs that may have been used to hide information of evidentiary value in a criminal investigation.

At Backbone Security, we include digital watermarking programs that embed a robust and imperceptible watermark in our Steganography Application Fingerprint Database (SAFDB). Because the watermark embedded by these programs is not detectable by the Human Visual System, it meets our criterion for classification as a digital steganography application.

SAFDB is maintained in our Steganography Analysis and Research Center (SARC) and is the world’s largest hash set exclusive to digital steganography applications.

Jim Wingate is Director of the Steganography Analysis and Research Center and Vice President of Backbone Security and welcomes your views on the proper classification of digital steganography applications.



Malware Forensics: Investigating and Analyzing Malicious Code

Title: Malware Forensics: Investigating and Analyzing Malicious Code

Authors: James M. Aquilina, Eoghan Casey, Cameron H. Malin

Publisher: Syngress

Reviewer: Tony Campbell

Cover for Malware Forensics
Malware Forensics


It has seemed for some time to me that publisher, Syngress, has the Digital Forensics book market almost exclusively to itself. After reading Malware Foresnics, my mind had not been changed one iota. This book, although published in June 2008, is by far the most comprehensive introduction to the inner workings of malware that I’ve come across. Understanding malware is a really complicated subject, for sure, covering a broad spectrum of illicit software types, but there is no doubt that the combined efforts of James Aquilina, Eoghan Casey, and Cameron Malin delivers a fantastic result. Quite often I personally struggle with reading heavyweight textbooks cover to cover, often with these books ending up on my bookshelf as unread references just in case I will need them in the future. However, I did read this one, cover to cover, and have come out the other side of that experience a better man. The authors go into the low-level details of both Windows and Linux malware and decompose the inner working of each type of illicit software to a fundamental degree of understanding that is consumable by programmers and non-programmers (like me). Another great feature of this book is that the authors do not hold back on their use of Windows and Linux tools, taking the reader through the processes involved analyzing real examples of malware in both operating system environments. I would recommend this book to anyone who has an interest in understanding malware and certainly recommend it to anyone who has a need to understand the context of malware in computer forensics. It is very apparent from the style of delivery and especially after re-reading the introductory section on the context of forensics that the authors are very focused on the evidentiary weight of their malware analysis. I applaud them for these efforts and highly recommend this book as not just being for malware geeks, but really important for anyone trying to understand the nature of malicious code and how it can adversely affect your forensic investigation. At 592 pages, this book is a true heavyweight contender and is truly the best value for money I’ve found on this subject. Well done, Syngress and well done autors for Winner of Best Book Bejtlich read in 2008.



Real Digital Forensics

Title: Real Digital Forensics: Computer Security and Incident Response

Authors: Keith J. Jones, Richard Bejtlich, Curtis W. Rose

Publisher: Addison-Wesley

ISBN-13: 978-0-321-24069-9

Reviewer: Chris Bilger

Real Digital Forensics Cover
Cover Image: Real Digital Forensics


Although “Real Digital Forensics: Computer Security and Incident Response” was published as long ago as 2005, it still provides a solid all-round introduction to IT forensics. (A new edition entitled “Real Digital Forensics 2” is planned for mid-2010). Weighing in at 688 pages, this book covers Windows, Unix and Linux and explains digital forensics from the perspectives of incident response and case law. It also discusses in depth a number of commercial and open source tools used to perform forensic analysis. The DVD which accompanies the book contains several sets of sample intrusion data generated by attacking live systems, and is extremely useful for practice forensic examinations.
The first section, Live Incident Response, shows how to carry out an incident response process on Windows and Unix platforms. It covers the types of information to collect from a machine, what to look for, and why this information is important in determining that an attacker has compromised a resource.
The next part, Network-Based Forensics, looks into the different kinds of data that can be collected on a network. It examines how to use each type of data in a forensic examination, and describes the tools used to capture different kinds of data. As before, specific details are given on analysing evidence on different operating systems.
The third part, Acquiring a Forensic Duplication, is devoted to creating a sound forensic image. It is important that suitable guidelines are followed so the process of creating an image will hold up in a court of law. This is done by following appropriate procedures and using write blocking tools. Detailed information is provided on creating images with commercial and open source products.
Part four, Forensic Analysis Techniques, is the longest section of the book. It covers a myriad of techniques that can be used to squeeze the last drop of useful information from data. The topics include:
* Recovering deleted files;
* Electronic discovery;
* Reconstructing web browsing and email activity;
* Windows registry reconstruction;
* Analysis of different forensic tools sets for Windows and Unix/Linux;
* Analysing unknown files.
These chapters provide the critical information that is needed for most forensic examinations.
Part five, Creating a Complete Forensic Toolkit, deals with tools for Windows and Unix/Linux and how to create a robust toolkit that will aid a forensic investigator during examinations. It shows how to make sure the tools that are used do not alter information on the host system. Additional information is given on how to make a bootable Linux distribution that includes the tools.
The sixth section, Mobile Forensics, discusses forensics as applied to mobile devices. It covers multiple tools that can be used for forensic analysis of a Personal Digital Assistant (PDA). Chapters are devoted to creating duplications of USB devices and compact flash cards and the analysis of these devices.
The last section of the book, Online-Based Forensics, looks into popular on-line email sites and how to track emails sent through these services. It also investigates ways to determine domain name ownership. There is an appendix that introduces the Perl scripting language, which can be useful for sorting through large amounts of data.
This book is easy to read and comprehend, and its authors have an abundance of experience in the field of forensics and incident response. Keith Jones has been an expert witness on several cases. Richard Bejtlich is Director of Incident Response at the General Electric Company and author of the TaoSecurity blog; he has written and contributed to a number of other books on IT security (Extrusion Detection: Security Monitoring for Internal Intrusions, The Tao of Network Security Monitoring: Beyond Intrusion Detection…) Curtis Rose has 18 years of experience in computer forensics and Information Security, and leads teams that conduct computer examinations.
The authors do a great job of stepping through each chapter and explaining techniques in a way that is easy to understand. The section of the book that helped me most professionally was section five, Creating a Complete Forensic Toolkit, which explains exactly how to create a bootable toolkit that will not alter data on the host system. On the whole, this book provides a consistent introduction to a wide array of IT forensics topics. One topic that feels incomplete, however – perhaps because of the book’s vintage – is Mobile Device Forensics. There is no information on mobile phones and MP3 players. That is an isolated shortcoming, however. The book introduces and discusses many of the tools that are widely used in the field, and its screenshots are helpful in illustrating sample output from tools. In my opinion “Real Digital Forensics: Computer Security and Incident Response” is a great resource for any forensic investigator.

Chris Bilger



An Enumeration Shall Be Made The Census

The United States Constitution authorized the federal government to conduct a decennial census. Article 1, Section 2, states that, “[An] Enumeration shall be made … within every … Term of ten Years, in such Manner as [Congress] shall by Law direct.” Twenty ten is, of course one of the decennial census years. With both mistrust of the powers of the federal government and fears of privacy violations, some people are refusing to return census forms, in violation of federal law. In response, the Census Bureau assures the population that census information is private, protected and secure. But is it?

First off, I am not one of those paranoid people who believe that, in filling out the Census forms, black helicopters will swoop down and surround me. Nor do I believe that the government will use the Census forms for particularly nefarious purposes – unless you include federal funding as nefarious. Indeed, I filled out my form in about two minutes, and popped it into the mailbox with reckless abandon. Sure, the government used Census records during World War II to locate Japanese Americans for interment camps. Sure, General Sherman used Census records to identify population centers during his 1864 march to the sea. But this was under a different legal regime. Certainly the government couldn’t use these records again – or could they? The Government’s Promise The Census Bureau points out that individual census forms are protected by law. Title 13 United States Code Section 9 provides:

(a) Neither the Secretary, nor any other officer or employee of the Department of Commerce or bureau or agency thereof, or local government census liaison, may, except as provided in section 8 or 16 or chapter 10 of this title or section 210 of the Departments of Commerce, Justice, and State, the Judiciary, and Related Agencies Appropriations Act, 1998 or section 2(f) of the Census of Agriculture Act of 1997 – (1) use the information furnished under the provisions of this title for any purpose other than the statistical purposes for which it is supplied; or (2) make any publication whereby the data furnished by any particular establishment or individual under this title can be identified; or (3) permit anyone other than the sworn officers and employees of the Department or bureau or agency thereof to examine the individual reports. No department, bureau, agency, officer, or employee of the Government, except the Secretary in carrying out the purposes of this title, shall require, for any reason, copies of census reports which have been retained by any such establishment or individual. Copies of census reports which have been so retained shall be immune from legal process, and shall not, without the consent of the individual or establishment concerned, be admitted as evidence or used for any purpose in any action, suit, or other judicial or administrative proceeding.

(b) The provisions of subsection (a) of this section relating to the confidential treatment of data for particular individuals and establishments, shall not apply to the censuses of governments provided for by subchapter III of chapter 5 of this title, nor to interim current data provided for by subchapter IV of chapter 5 of this title as to the subjects covered by censuses of governments, with respect to any information obtained therefor that is compiled from, or customarily provided in, public records. Seems pretty simple. Census records may ONLY be used for statistical purpose, and individual records cannot be disclosed or subject to legal process. The IRS, CIA, NSA, FBI or other agencies theoretically cannot obtain individual census forms no matter how hard they try. Indeed, the Census Bureau had put up a privacy policy in its website which says:

• Private Information is Never Published It is against the law to disclose or publish any private information that identifies an individual or business such as: o No names o No addresses including GPS Coordinates o No Social Security Numbers o No telephone numbers

• We Collect Information to Produce Statistics We use your information to produce statistics. Your personal information cannot be used against you by any government agency or court.

• Sworn for Life to Protect Your Confidentiality Every person with access to your information is sworn for life to protect your confidentiality.

• Violating the Law is a Serious Crime If anyone violates this law, it is a federal crime; they will face severe penalties, including a federal prison sentence of up to five years, a fine of up to $250,000, or both.

The policy also notes that census workers are sworn to a strict oath which says: I will not disclose any information contained in the schedules, lists, or statements obtained for or prepared by the Census Bureau to any person or persons either during or after employment. The Bureau goes on to say

• We promise that every person with access to your information is sworn for life to protect your confidentiality.

• We promise that we will use every technology, statistical methodology, and physical security procedure at our disposal to protect your information.

Sounds pretty good. Your information is safe and secure, It will NEVER be disclosed. All technologies will be used to protect it. Census workers will NEVER disclose the information TO ANYONE. Unfortunately, every one of these statements is both false and misleading. Not in an “evil” or “black helicopter” way. But in the same way that companies who inelegantly draft privacy policies or statements frequently and unnecessarily promise much more than they intend to or can deliver. Writing Privacy Policies Part of my legal practice is to help companies draft both internal and external privacy policies. Internal privacy policies are designed to help companies protect data and set out the rules for when they can monitor employee’s e-mail, phone calls, twitter feeds and the like. External privacy policies relate to the kinds of information they may collect about clients or customers, third parties, business partners and the like, and how they will use and protect that information. In drafting such policies, I invariably advice companies to avoid declarative statements like “we will never use your information for ….”

The privacy policy is a statement of policy and intention. There are far too many possible unanticipated circumstances to make an irrevocable statement. Companies are acquired or aquire other companies. They go out of business or declare bankruptcy. Assets are transferred. Computer hardware or software is lost, stolen, transferred. Information assets are insourced, outsorced, or transferred to “the cloud.” New business models develop new potential uses for information – sometimes even to enhance the privacy of the data subject. New laws and regulations come into effect. Companies which currently operate in one country or one legal regime expand their operations into new regulatory environments. Fires, floods, hurricanes, acts of God and acts of war all can lead to circumstances where a promise, made with all good intentions, becomes obsolete or impractical. Thus, rather than saying, “we will never use your information for…” or “we will never disclose your information…”, I prefer more general statements of intent. “We collect and use your information for ### purposes…” The goal here is not to be “sneaky” or to mislead the data subject, but to fairly and accurately inform the data subject of your real intentions. With this in mind, let’s look at the Census Bureau’s promises.


Really? If you live in the DC area, take a trip down to the National Mall on 7th Street to the National Archives. You know, the building featured in National Treasure which holds the Declaration of Independence and the Constitution which authorizes the Census in the first place. They have a geneology department there that will help you use Census records dating back to 1930 to help locate relatives. While these records do not contain addresses or specific answers to census questions, they do contain names and cities and dates of residence – you know, the kind of information that the Census Bureau says it will NEVER disclose. Indeed, the Census Bureau proudly notes, “In keeping with the Census Bureau’s commitment to confidentiality, the Census Bureau information collected in the Decennial Census of Population and Housing on individuals does not become available to the public until after 72 years.” In other words, to protect your privacy they will disclose your information after 72 years. Not NEVER. But after threescore and a dozen years. So when the Census Bureau says “Private Information is NEVER Published” and includes in its definition of “Private Information” things like names (including surnames), it may simply be concluding that making the information available to the public is not a form of “publication” and therefore is exempt. In that case, they are being disingenuous. Moreover, the promise is simply unnecessary. The privacy policy, like the rest of the website, could have said that the information will become available after 72 years, but it did not. In addition, the promise of confidentiality is contingent upon the statute that protects confidentiality. As we have seen, Congress can alter the statute at any time, and has done so in the past.

While current law protects the information, Congress can remove the protection, or indeed REQUIRE the Census Bureau to produce information to federal agencies. This fact should be at least acknowledged in the privacy policy. Moreover, there are a host of circumstances where census information may have to be turned over to someone. For example, if a census worker was terminated for falsifying forms or for failing to turn them in, the contents of the forms submitted would be relevant in either a hearing before the Office of Personnel Management or in a criminal prosecution, and would be appropriately disclosed in such proceedings. If a respondent was prosecuted under Title 18 USC 1001 for filing a false statement in a census form, and claimed that they did not submit the form, they would be entitled to see the form to defend themselves in a criminal case despite the fact that the statute they are alleged to have violated is not part of Title 13, and the fact that, by their own admission, the form is not theirs. In an emergency situation, where it might be necessary to find out where a census worker is (or was) the completed forms may be necessary to be turned over to law enforcement – not for statistical purposes on the data subjects, but for other, perfectly reasonable purposes. This is why you DON’T make unequivocal statements in a privacy policy. The Oath Next comes the Census employee’s oath. Paraphrased it says, “I will not disclose any [census] information to any person or persons ….” Really? Strictly construed this prohibits the use and disclosure of census information for perfectly legal and appropriate purposes. While the law permits disclosure by census employees to, for example OTHER CENSUS EMPLOYEES or other authorized recipients, the OATH forbids this. The oath says that the information will not be disclosed TO ANY PERSON OR PERSONS. Thus, a census enumerator who accepts forms and takes them to the office and hands them to a supervisor is in direct violation of their oath. It’s a simple fix. Change the oath to reflect reality. Sworn for Life The next promise is that “every person with access to your information is sworn for life to protect your confidentiality.” Really?

This now implies that every postal worker (who carries the letters), every government contractor, every records storage facility worker, every data storage or ISP that has access to the information has taken such an oath. Every single one. Oh, and lets not forget all the people who have access to the information after 72 years. They too have to take that oath – for life. One problem here lies with the definition of the term “access” to your information. Does this mean “authorized access?” Does this include physical access? Does it include the ability to see information contained in the forms? Without defining the terms, the oath requirement is meaningless. Every Technology Finally and most disturbingly is the promise that the Census Bureau “will use every technology, statistical methodology, and physical security procedure at our disposal to protect your information.” Really? The budget for the Census Bureau for 2010 is estimated at $7.4 billion. That puts and awful lot of technology “at their disposal.” Moreover, as time goes on, more technology will become “at their disposal.” And they promised to use EVERY technology – not just the good ones, or the effective ones or the reasonable ones. They COULD technologically shoot all census forms off to the Moon for protection. In theory. It’s a silly silly promise which is wholly unnecessary. All that people would ask is that the Census Bureau use appropriate technologies to protect the data, and reexamine these technologies in light of changes in the threat environment and capabilities. But they have promised to use EVERY technology. So does a respondent have any recourse when the government breaches each and every one of these promises –which in invariably will? Probably not.

You see, while the promises are intended to induce you to fill out the census forms, and if used in a consumer context would constitute “unfair and deceptive trade practices” a resondent is not entitled to rely upon these promises since they are legally mandated to complete the form irrespective of the promises of privacy. Thus, the privacy promises are doubly silly. And that I promise you.

M D Rasch



iPhone Forensics

Book Title: iPhone Forensics
Subtitle: Recovering Evidence, Personal Data & Corporate Assets
Author: Jonathan Zdziarski
Publisher: O’Reilly
Date of Publication: 17 September 2008
Price: £30.99 (UK), $39.99 (USA)
ISBN: 978-0-596-15358-8

Reviewer: Tony Campbell

Cover of iPhone Forensics
Cover image: iPhone Forensics from O'Reilly


I love my iPhone and so should you (he says in a monotone, robotic voice). But, the real question is, am I just another Apple fanboy, brainwashed by Steve Jobs’ celebrity industry presence and marketing genius? Or have I really made a buying decision based on the facts? It’s true that the iPhone is probably the sexiest piece of kit in this arm of the Milky Way, but is there something lurking under the glitzy hood, that could rise up and bite us in the proverbial “you know what”?
Whether you are an individual or an organisation (and on whatever side of the law you happen to operate), you’ll need to know exactly how much risk you are taking when you do business on your iPhone. How secure is your data and, forensically, how many of your daily activities, transactions and communications are accountable in the eyes of the law?

So, how do you dig into Apple’s prizewinning marrow while donning the cap of the forensics investigator? That’s the easy part: pick up a copy of Jonathan Zdziarski’s iPhone Forensics, published by O’Reilly Media, and you’ll see exactly what’s going on beneath the glossy veneer. This book is a great technical companion for computer forensics guys who have a need (or a calling) to dig into the iPhone platform. True, it’s a very short book with a high price point (just 113 pages of technical content for £30.99), so the real proposition is pitched in terms of technical punch rather than kilograms of rainforest.

The foreword, written by the enigmatic John T Draper (Cap’n Crunch), sets the scene for the rest of the book, showing that it’s fairly easy for investigators to get a bucket load of valuable data from the iPhone as long as they know where to look. Zdziarski kicks off with a great introductory chapter that takes us through the rules of evidence collection and good forensic practice, before launching into the technical chapters. Even if it is aimed primarily at the newbie investigator, this introduction gives the book a nice, well-rounded feel.

Chapters 2 and 3 cover the basics of understanding the iPhone architecture and how to gain access to the underlying system. These chapters are invaluable and written in an easy to follow style, but quickly get you to the stage where you are looking at the iPhone device with its pants pulled well and truly down. Zdziarski then spends the next three chapters focusing on the forensic recovery of data, and analysing a whole bunch of interesting tools, such as Foremost and Scalpel. He then launches into e-discovery where he details techniques for finding evidence inside iPhone database files (SQLite) and XML property lists (these contain items such as cookies, account details, and Safari browsing history).

Chapter 6 ties the iPhone forensic investigation to the desktop PC, describing tools and techniques for pairing evidence between the two platforms. Finally, Chapter 7 cuts to the chase and explains in terms of specific kinds of investigation (and real-life cases) which information is the most useful, and how it would be presented in court.

This book is an excellent resource for any computer forensics investigator. I recommend buying it, and also registering on O’Reilly’s website for their up-to-date iPhone Forensics Data Recovery Training and listening to some of the webcasts by Jonathan Zdziarski himself. For more information on these resources, see .



iPad fix issued for Wi-Fi

So, after the rush on Monday morning to get my iPad ordered for review at the end of the month, I’ve been promised by Apple that it will be with me no later than the 28th May. Fantastic!I also ordered one of those funky leather cases so that it matches my Amazon Kindle – is that sad?

Nevertheless, I really hope that my new gizmo will be fully updated with all the patches that seem to be dripping out of Cupertino, especially the latest wi-fi issue that sounds very like the same problem I get from time to time on my iPhone.

An artcile in today’s Telegraph discusses the wi-fi issue in some more depth:

We are currently getting content together for our May 2010 newsletter for DFM, and have got 2 great articles lined up for that. Also, I found out just today that the print run is now firmly underway so they should be in the post within 10 days (thanks goodness). Thanks to all our print subscribers for being so patient with us while we have been fixing this little issue.

Anyway, as always, comments to and thanks for listening.



Criminals Pose as Police Forensics Officers

Get your Free tests for CISSP prep at


Criminals posed as police forensics officers in order to rob a jewelry store in Lincon, UK. Basically, wearing boiler suits, headgear and being a bit dusty, the police forensics logo did the trick. They escaped with £80,000’s worth of jewels in their “police issue” green Vauxhall Astra, later found on fire in a nearby estate. The boiler suits and face masks did a great job of protecting the robbers’ identities, as you can see from the CCTV footage on the BBC website:



Another Murder Linked to Facebook – Should We / Can We Do Something


This is the second case that I am aware off that involved using Facebook to develop a relationship that ended up in the murder of a young female. The first case, which was in the UK ( and discussed by John Ollson in issue 3 of DFM relates to the use of Facebook by a known sex offender. Whilst the second case ( took place in Sydney, Australia and concerns a young lady who went to meet someone after being promised a job working with Animals.

You cannot help consider if this is just the tip of the iceberg and that many more inappropriate contacts are happening everyday but go unreported, is it Facebook and the online social networking phenomena that is to blame? or is it the fact that Facebook was used that makes it newsworthy and gets it reported?

Is it possible to draw some parallels with the online dating agencies? Now I can accept that there are a lot more barriers and checks in place in establishing that the person who you are going to meet is someone real who is looking for a relationship; however just as it is easy to be invisible on Facebook until the day you meet so to is it possible on a dating site. How many times have you heard that a false photograph has been used? I also wonder if or how many murders have been committed following a meeting via an online dating agency, but because it is accepted that these sites exist and are mainly for adults that they do not get reported in the same way that murders that have a Facebook connection do, especially where children are involved.

For the online digital investigator of such crimes, as with most crimes of this nature the investigation is post event and entails looking at the computers and mobile phones of the victim and possibly the accused. In issue 1 of DFM we had an article written by Jeff Bryner who developed a tool for Facebook Memory Forensics (, so we have post event tools, but how do we get proactive, is it purely down to awareness and simple precautions by users of the social networks or do those who provide the facility have a responsibility to police the online service; even if it were feasible the ethics and scale would make the task almost impossible.

So what do we do, wait until enough crimes have been reported that the message finally gets through to users of the service, increase third party awareness campaigns or challenge Facebook to provide an online induction training session that has to be gone through before access is granted (a bit late for that I think).

One thing is certain; I do not think that this is the last incident that will be reported.