July 2010

Cell Phone Evidence Extraction

Posted on 24 July 2010 by RoyIsbell

Due to popular demand Detective Cindy Murphy has released her paper on a process for Cellular Evidence and Data Extraction. We at DFM are happy to help get this into the hands of Digital Forensic Investigators globally and whilst it has not been reviewed through our normal technical review process we are happy to help publicise this piece of much needed work. The article is available for download using the link below or subscribers to Digital Forensics Magazine can download the paper from the White Papers Downloads Section of the DFM Website.

Cindy Murphy is a Detective with the City of Madison, WI Police Department and has been a Law Enforcement Officer since 1985. She is a certified forensic examiner (EnCE, CCFT-A, DFCP), and has been involved in computer forensics since 1999. Det. Murphy has directly participated in the examination of hundreds of hard drives, cell phones, and other digital evidence pursuant to criminal investigations including homicides, missing persons, computer intrusions, sexual assaults, child pornography, financial crimes, and various other crimes. She has testified as a computer forensics expert in state and federal court on numerous occasions, using her knowledge and skills to assist in the successful investigation and prosecution of criminal cases involving digital evidence. She is also a part time digital forensics instructor at Madison Area Technical College, and is currently working on her MSc in Forensic Computing and Cyber Crime Investigation through University College in Dublin, Ireland.

Cell Phone Evidence Extraction Process Development 1.8
Mobile Device Forensic Process v3.0

(2532)

Thwarted Russian Spy Ring Communicated Using Steganography

Posted on 9 July 2010 by M Isbell

The FBI investigation that led to the arrest of 11 Russian spies discovered that their method of communication involved the art of hiding text files within images “Steganography”. More than 100 text files were discovered after officials conducted a search and found the 27-character password being used with the steganography program. The password was located on a piece of paper in a suspect’s home, a rookie mistake by anyone’s account.

John Pironti, president of IP Architects, in his comments to Computer World explained that “Humans don’t really do well remembering passwords beyond six characters, so they write them down someplace,” he says. The real mistake was thinking that the home was secure enough to leave the password lying around.”
Another error made by the spies is the use of a steganography program that is not commercially available.

This program was allegedly developed in Moscow, thus linking the ‘illegals’ to Russia and the suspected Sluzhba Vneshney Razvedki (SVR), the Russian Foreign Intelligence Agency. The program was apparently accessed by pressing ‘Ctrl + Alt + E’ and then inputting the 27-character password.

This major incident brings with it a new interest in Steganographic techniques and already unnamed US agencies are funding research in steganography detection techniques. Steganography itself has a rich background stemming all the way from Ancient Greece. It was also used during World War II in the form of invisible inks.

If you want to know more about Steganography, Jim Wingate gave an introduction to Steganography in Issue 3 of Digital Forensics Magazine and has a follow up article in the soon to be released, Issue 4.

(23633)

Call For The Government To Change Its Approach To Security

Posted on 6 July 2010 by Admin

Managing Director of BAE Systems-owned consultancy, Detica, Martin Sutherland, speaking at the Homeland and Border Security Conference in London, has called for the Government to change its approach to security.

The audience, which included the new Minister for Security, Paul Neville-Jones, listened as Martin Sutherland analysed how the current economic climate, along the imperative to meet new Government-imposed spending targets, presents extreme challenges when providing security and privacy, especially at a time when the threat level is as high as its ever been. He warned that the current approaches by authorities to strengthen security regimes, “have the potential to become increasingly invasive as organisations sift through ever greater quantities of data in the name of national security”.

Whilst his speech took a strategic look at security across government and how the vast quantities of ever-increasing data needs to be better managed and analysed, the underlying theme was about the technology that could be better utilised to provide the services required by the various government departments charged with the nations security.

His proposed approach initially did not appear to offer anything new; taking a risk based approach to security, automating processes and doing more with less, and using the systems we already have in more intelligent ways. In fact these tenets of security have been at the heart of the government’s security paradigm for many years, however, in the current climate raising and reinforcing these ideals is timely and will resonate with the new Government who need to improve security yet still reduce budgets.

Sutherland went on to suggest that, “Common tools and methods and shared processes across Government”, should address the situation, however, have we not heard this all this many times before? We’ve already seen some successes using these principles, such as with the DVLA integrating information across the Insurance Industry and the Department of Transport to provide information on to Law Enforcement. Nevertheless, these are miniscule gains when compared to the size and amount of data being processed across all Government departments responsible for the nations safety and security.

The real challenge is to change the way Government conducts cross-departmental procurement; budgets are allocated on a departmental basis with little incentive to reward collaboration and sharing. Maybe the new coalition Government will have the appetite to tackle this problem head on, a problem that has been around for a long time?

If we were cynical, we might speculate that this statement by Sutherland is nothing more than a precursor to Detica’s positioning themselves in the circle of trust with the new Cabinet in an attempt to advise on the formulation of the G-Cloud strategy. We’re sure they are not the only service provider looking at how they are going to maintain margin with an ever reducing budget. However, we are not cynical, and Sutherland raises some important issues that do need to be aired. This is certainly a topic that will be returned to over the coming months.

(510)

Digital Forensics Magazine Survey

Posted on 6 July 2010 by Admin

As part of the Training & Education theme for Issue 5 Digital Forensics Magazine is carrying out a global survey. The survey asks digital forensic practitioners around the world to complete the survey with a view to ascertain the level of qualifications held.

The survey investigates the thoughts of practitioners on what they believe are the core competencies required of a digital forensics practitioner. They are also asking what knowledge would be required if there were practitioners graded at basic, intermediate and advanced levels.

Tony Campbell, one of the DFM publishing team said, “By asking the practitioners opinions with regard to international standards on training we hope to inform the debate going on in a number of forums on this topic.

The survey will be open over the next 3 months and we are encouraging all parties with a vested interest in the subject to take the survey to help us all understand the current status of training and education in Digital Forensics and shape the future. This is your profession, help us inform and guide those that are setting standards and making decisions about our profession. “

Readers are urged to take the 3 minute survey today at http://www.surveymonkey.com/s/dfm to make sure their thoughts and opinions are captured.

A summary of the results will be released in forthcoming monthly newsletters available to Digital Forensics Magazine newsletter subscribers, and the main findings will form the basis of an article in the main magazine published later this year.

(619)