Sean Morrissey’s new book on iOS4 Forensics is brilliant.
iOS Forensic Analysis provides an in-depth look at investigative processes for the iPhone, iPod Touch, and iPad devices. The methods and procedures outlined in the book can be taken into any courtroom. With iOS information never published before and data sets that are new and evolving, this book gives the examiner and investigator the knowledge to complete a full device examination that will be credible and accepted in the forensic community.
What you’ll learn
* How to respond to security incidents involving iOS devices
* How to acquire and analyze data on iOS devices such as iPhone and iPad
* How to analyze media exploitation on iOS devices
Who this book is for
Computer forensic professionals, law enforcement, attorneys, security professionals, those who are curious about such things, and educators. This book can also be employed by law enforcement training academies, universities, as well as computer forensic, information security, and e-discovery communities.
Pete Membrey, an author for Digital Forensics Magazine describes how to recover all your lost critical data should you ever have to reinstall an Operating system or reformat your hard drive.
Here’s a little snippet:
It happens to all of us – sooner or later we lose data. Sometimes it’s important, others not, but rest assured it will happen. Even the most careful of us who take backups with something akin to religious fervor occasionally make mistakes. And so it was that I got a phone call from a very upset young lady who had just lost six months worth of work.
Her company had decided to refresh her PC and told her to drag and drop everything of importance on to the network share. This she did, but was unaware that some of the items had not been copied and were in fact just shortcuts. The weird thing though (or maybe not, I’m not a Windows expert) is that whilst some Excel files copied perfectly fine, one or two copied as shortcuts – and those of course were the important ones. After the copy had been made, the PC was whisked away, formatted and given to another colleague. A few hours later my friend discovered that her spreadsheet was no more and meanwhile her colleague was busy working away on her new machine.
So we have a spreadsheet on a machine that has been formatted, has had Windows reinstalled and is currently in use. The chances of recovering the data weren’t all that great but the work was sufficiently important that it was worth a try. I told her the first thing to do was get hold of the original PC, turn it off and make sure no one goes near it. Most operating systems continue to write data to the disk even if they’re otherwise idle. This is actually a good thing as it tends to make the machine more responsive – but that last thing I wanted was for the part of the disk containing the spreadsheet to get over written.
You can read on at Pete’s blog.
Today, virtually every area of life depends on a cyber infrastructure that is vulnerable to attack. According to a recent report by the Center for Strategic & International Studies, sensitive U.S. military and civilian networks have been “deeply penetrated, multiple times, by other nation-states,” and hackers employed by terrorist and criminal organizations are a constant and serious menace. In an August 2010 survey by Symantec, of 1580 private businesses in industries such as energy, banking, health care, and other areas of critical infrastructure, more than half reported politically motivated cyber attacks, averaging 10 attacks in the past 5 years.
Computer security experts say the United States faces a radical shortage of highly skilled cybersecurity professionals who can prevent and combat such attacks. One federal official has estimated that there are only 1000 cybersecurity experts in the United States who have the deep technical knowledge required to safeguard national security; tens of thousands are needed, he believes.
Read on at Science Careers (05/12/10)
Here is the team at Firebrand Training raising money for ‘Movember’. We were pleased to hear that they successfuly raised a considerable amount of money for charity.
James Lapwood said,
“We raised more than £1,500 – and managed to grow some ridiculous facial hair in the process. I can’t bring myself to shave my Mo off this cold December morning!”
A new zero-day exploit in Microsoft Windows was disclosed today. The exploit allows an application to elevate privilege to “system,” and in Vista and Windows 7 also bypass User Account Control (UAC). The flaw was posted briefly on a programming education site and has since been removed.
The exploit takes advantage of a bug in win32k.sys, which is part of the Windows kernel. The flaw is related to the way in which a certain registry key is interpreted and enables an attacker to impersonate the system account, which has nearly unlimited access to all components of the Windows system. The registry key in question is under the full control of non-privileged users.
The flaw appears to affect all versions of Windows back to at least Windows XP, including the latest Windows 2008 R2 and Windows 7 systems. On its own, this bug does not allow remote code execution (RCE), but does enable non-administrator accounts to execute code as if they were an administrator.
Read on at Naked Security (01/12/10).