Technical support system for DFM readers

Hi Everyone,

This is just a short note to tell anyone who is a subscriber to DFM (or even if you just want to get in touch this way) that we have now introduced a very good support solution on our website to track customer support tickets. If you have a problem from now on and need technical support, or any other kind of support from the DFM team, please click on the Support menu item on the left hand side of the screen and follow the simple ticket submission process.

This new system will stop you having to send all your queries to the editorial@ address which often gets swamped by all sorts of interesting news and reviews. What we want to ensure is that we deliver impeccable service to our valued readers, so by using this ticketing system we should be able to get your inquiry right to the desk of the most relevant person in the shortest possible time.

As you might have seen by now, the DFM team is totally committed to giving you the best possible service we can offer and as such we always welcome (in fact we actively encourage) feedback on this or any other aspect of DFM. Please write to our 360 email address if you want to get your comments heard by the editorial team.

And finally, Issue 5 is really shaping up to be a fantastic issue with all sorts of really cool articles to get your forensic juices (eugh!) flowing. Also, as this is our birthday issue (yes, that’s right folks, we’re 1 in November), we have a really special set of prizes for our traditional DFM competition: we are giving away a veritable library of technical security and forensics books, along with licenses for forensics tools, a portable media player etc. So, all that remains for me to say is, until the next time,




Scientists ‘hack’ quantum cryptography

Computer Scientists from Norway have perfected a method of attacking quantum cryptography systems using lasers allowing them to listen to communications while being completely undetected.

Quantum cryptography is most commonly used to securely transfer keys and was considered to be un-hackable, as any attempt to attack the system and measure quantum data will disturb it. The system then detects this, ensuring the communications remain secure.

The team of scientists from three academic institutions in Norway developed a technique that remotely controls the photon detector. In effect, the use of the laser blinds the photon detector. Using a stronger pulse of lasers, data can then be transmitted without detection as the pulse is not a quantum process.

A report, published by the scientists, explains how, theoretically, anyone could implement the attack by using ‘off-the-shelf’ components.

Various quantum cryptography developers have been made aware of the vulnerability and ID Quantique have corroborated with the researchers to make an undisclosed countermeasure.



New Technology reveals Mobile Phone’s hidden history

Mobile phones hold a phenomenal amount of important forensic information that can often be vital to an investigation. Until now, much of this evidence has been unobtainable to the forensic investigator.

CCL-Forensics, based in Warwickshire, have developed a new toolkit that will not only reveal a mobile phones hidden cache, and thus the browser history, but also analyses and interprets the information.

Andrew Krauze, MD of CCL-Forensics Ltd, spoke exclusively to Digital Forensics Magazine, stating that,

“It is vital that the digital forensics industry keeps pace with the phenomenal technical advancements in the mobile phone industry.  This technique is one of the many developments we are investing in, as the world of mobile phone forensics becomes much more demanding.  People are not just using phones to call and text – so we work with investigators to look beyond that.”

Krauze further emphasised the importance of his companies’ new tool by saying,

“As the industry heads towards a much more regulated environment, it is crucial that investigators have maximum confidence in their suppliers that they can extract more data from more devices in the shortest possible time.  This means costs are kept to a minimum and detection rates are as high as possible.”

While many similar tools already exist to extract these files, none of them make the information available to the investigator. CCL’s new Mobile Web Cache Toolkit (MWCT) allows their in-house investigators to extract vital information about the usage of the phone and enhances the basic information already obtained.

David Lattimore, Total Quality Manager of CCL explained how,

Sometimes the evidence you need is right under your nose.  This technique takes data, which is likely to be extracted using forensic tools and presents it in an easily viewable form.  Without the technique, the investigators could be missing out on data, despite the fact that they’ve already extracted it from the device.”

The MWCT looks to revolutionise the analysis of Mobile Phones and has the potential to be extremely beneficial to digital investigations.



Lawyers losing cases while struggling with large quantities of Digital Evidence

In today’s modern age, digitally stored evidence is of the highest importance when it comes to legal processes. A survey published by Symantec Corp has shown that many legal companies spanning the EMEA (Europe, Middle East and Asia) region are losing cases, due to the fact that they cannot manage the immense amounts of evidence that is stored on digital media.

Over half of the responses to the survey showed that the problem was identifying and recovering the evidence and that this had caused delays and sanctions as well as the previously mentioned ‘lost’ cases.

Whilst highlighting that many cases are being lost, the report does show that the ability to identify, collect and process the digital evidence from within millions of different pieces of electronic information has had an encouraging effect on many cases.

Joel Tobias, MD of global forensic services firm CY4OR, ( stated that –

“It comes as no surprise that lawyers are facing penalties and losing cases after falling down at the challenge of processing digital information. This is a serious problem for legal professionals as 98 per cent of those surveyed said that the digital evidence identified during e-disclosure was vital to the success of legal matters.”

Joel went on to say how “Digital information needs to be handled with care and all electronic data should be treated as evidence. We’ve seen examples of firms that have used internal IT personnel to gather data for e-disclosure, when they have no understanding of digital forensics. Both areas of expertise rely on the controlled investigation of electronic data and as such are inextricably linked. The legal profession needs to be aware of this synergy, to avoid fines and lost cases. Professionals who are involved in e-disclosure should have a sound understanding of digital forensics and vice versa, to ensure a just and consistent approach.”

It is clear that there is a need for organisations to ensure that they are “Forensically Ready” and have staff trained to gather data in a way that is forensically sound.

The survey was conducted in August 2010, throughout the EMEA region and involved an estimated 5000 lawyers.



PeerLab Reviewed!

On behalf of DFM, Afentis Forensics have completed our second product review, this time of PeerLab, a windows based piece of software designed by Alexander Kuiper (Kuiper Forensics) to search for and detect any Peer to Peer applications, web-disks and UseNet-clients on local hard drives.

“In this authors opinion this is a nice little application, with some useful and time-saving features.”

The reviewer makes a point of demonstrating how easy to install and use this small application is, however, the reporting system is described as being very basic and lacking in certain details. Afentis also say that the method in which these reports are saved could cause problems in court when printed.
The full review can be found in the Product Review section of the DFM website.



Accent Office Password Recovery v4.0 Review

“It happens to us all at some point – we decide to put a password on a file, either for opening, or for modifying and as time goes by we just simply forget the password.”

The first of DFM’s new product reviews is now available for download. In this first review Andrew Edney tests the capabilities of Accent Softwares Office Password Recovery version 4.

After testing the software, Andrew Edney suggests that it is very quick to set up and easy to use but may require the user to change their equipment configuration when used with a GPU.

Edney rates the software at 4/5.

To read the full review, visit the Product Review section on the DFM website.