Diary of a Student – Part 2 – 25th January 2011 – Assessment Time!

Apologies for my slightly late entry, my weekend was filled with coursework and Christmas 2 with my girlfriend’s family (don’t ask!).

The past week or so has not really been very exciting, mainly finishing coursework and revising for the exam that took place last Friday, I’ll get to that shortly.

Firstly, the coursework! That one word that every student runs in fear from. Luckily, it’s not been too bad this time around. I started last week finishing up a 5000-word essay on Computer Ethics that I quite enjoyed. It was interesting researching and learning the history of Computer Ethics and the various issues surrounding it over the last 60 years or so. Who’d have thought a Second World War Mathematics professor could have predicted the ethical issues of modern day technology? I am, of course, referring to Professor Norbert Wiener, who taught Maths and Engineering at MIT during the 1940’s. It was certainly some research well worth doing as it has helped me to understand more about the issues surrounding not only Computing, but Forensics and Computing too!

My other main focus last week was revising for my exam on C Programming and Operating Systems. Joy of joys. Now if there’s one thing I knew I would struggle with, it was going to be programming. After the mock, I had been seriously worrying about that part of the test and it was definitely the hardest part of the real exam. The 300-line program almost drove me to insanity but, with some perseverance (and a little bit of divine intervention, I think), I managed to figure out all but the last tweak that would enable the program to print out what I needed it to. The operating systems part of the test was much better, locating partitions and their block addresses and block sizes, finding partitions within an extended partition and working out how much unallocated space there was on the disk, a few simple commands in the terminal and I was there! (Hurrah..!)

I briefly mentioned, in my last post, a report about a malware sample that I had to statically and dynamically analyse and identify through various means of sandboxing. That piece of work is also now finished and I’m going to play around in Adobe Illustrator creating a nice fancy front cover for the report, because I’m sad like that.

Other than that and the exam, not much else to report, although there was a slight mishap with some lost Tools and Techniques Workbooks, which, as luck would have it, were lost in the post over Christmas thanks to all the wonderful snow. Luckily, I managed to redo them thanks to a last minute email from my tutor and once again enjoyed the tasks of password cracking and hiding techniques such as Steganography, Alternate Data Streams and Bit Shifting.

I may sound a bit weird to some but I am really enjoying all that I am learning on the course to date, which is kind of the point, I know. I think I always felt the subject was going to frazzle my brain completely, with me coming from a Science degree onto a Computing one. Luckily, the teaching has broken me in gently with only a few hiccups along the way. With that, I conclude this weeks (well, last weeks) student diary entry. I am still keen to hear what you all have to say on the ethical issues I mentioned last week; in fact, I am very keen to hear any thoughts on the subject so post away.

Next post I’ll let you know how my second Fundamentals of Forensics and Security exam has gone (Cryptography and Networking  – fun times!), for now I hope you have a very enjoyable week.



Perfect Storm for Cyber Attacks

World leaders have been told today that a coordinated cyber attack could have catastrophic consequences.

The report, released today, claims that we are fast approaching the time where cyber weaponry and cyber attacks is becoming ‘ubiquitous’.

While it is clear that singular attacks cause much damage and detrimental effect to systems, a coordinated series of events could have consequences, the likes of which have yet to be seen by the current society.

The report has been produced ‘on the heels’ of the attacks by the hackitivist group, Anonymous, who targeted companies such as Visa and Mastercard in protest to their repsonse to the controversial Wikileaks debacle.

Robert Chapman, CEO of Firebrand Training, says:
“We train professional Ethical Hackers to protect the nation’s IT systems. It is becoming more apparent that an Ethical Hacker’s job is beyond protecting their company’s interests. They are protecting the safety and financial interests of the whole nation.”

“The Government has clearly indicated that it intends to tackle the very-real threat of cyber attacks head-on. A key enabler for this is to introduce more Ethical Hackers. Surely we’d prefer an Ethical Hacker to find a vulnerability in our IT systems, before a terrorist does?”

“As the ‘Hacktivist’ group Anonymous has recently demonstrated, major corporations – such as MasterCard, Visa and Amazon – can very quickly be sabotaged. If an organisation isn’t protected in the first instance, it must act quickly to put things right – these kind of companies can lose thousands of pounds for every second that they are down”

“In today’s world of natural and terrorist disasters, we can’t afford for IT systems to fail. Imagine an incident, where the emergency services can’t be contacted, or safety processes can’t be initiated. It’s unthinkable.”

It is becoming clear that the risks of such attacks are increasing and a coordinated attack will probably become innevitable.



Diary of a Student – Part 1 – 15th January 2011 – Of Ethics and Exams

Welcome to the first entry in my ‘Diary of a Student’ covering my exploits through the next 8 months whilst I study to earn a Masters of Science degree in Forensic Computing.

To bring you up to date, I have been studying the MSc programme since September of last year after completing a BSc in Forensic Science in May. It has certainly been an eye opener from learning basic programming in C to reverse engineering malware samples. The first semester has already taught me much about the forensic process and the science behind computers.

The most enjoyable module to date, albeit a difficult one, has certainly been Live Forensics and Reversing, giving me a basic understanding of assembler language and live forensic techniques. I am currently finishing my final piece of coursework for the module, which involved the forensic analysis of a malware sample, both static and dynamic. Creating my own sandbox and following the processes and actions of the malware, I have managed to discover the nature of the malware and identify it. All that’s left is to finish my investigative report!

First week back at University following the 3-week Christmas vacation and, it’s assessment time! Much of the week occupied by Mock Exams, Coursework and, a full Investigation of a USB device using whichever tools I care to choose, I chose EnCase 6.17 and FTK.

Wednesday – Great fun, best part of the week! A session on Computer Law and Ethics, we discussed the various ethical theories and practices behind computing and forensic computing (all the way from Weiner to the Universities very own ethical researcher, Professor Stahl). Proceeded to have our own debate on issues surrounding Forensic Computing, great discussion around:

  • Would Forensics benefit from a Licensing body and how would this affect the current processes and procedures?
  • Wikileaks – Julian Assange – villain or victim?
  • The ethics of RIPA .

Debate lasted well over 90 minutes and, as I was thinking of ideas for my first blog posting, I thought it would be good to get all who read this to put forward a short statement of their thoughts and feelings on the aforementioned topics.

Next week, it’s more exams and hand-ins (joy of joys); I’ll let you know how it goes.



A View from the Canadian Rockies or What Not to Present as Evidence of Online Paedophilia: R. v. Morelli, 2010 SCC 8, [2010] 1 S.C.R. 253

Don’t like what you see, tempted to jump to an ‘obvious’ conclusion-then don’t. Mr Urbain Morelli, an enthusiast of adult and child pornography, was at home when the computer technician came a calling. The technician noticed a webcam plugged into a VCR and pointed toward the man’s three-year-old daughter who was playing with toys nearby in a play pen. There were several links to adult and child pornography sites in the taskbar’s ‘favorites’ list of Mr. Morelli’s computer. When the technician returned the toys had been put away, the webcam was pointed in a different direction, the hard drive reformatted and the offending icons removed. The technician reported his concerns to a social worker, who told the Royal Canadian Mounted Police and a search warrant was issued. Appealing in the Canadian Supreme Court Mr. Morelli maintained his rights were violated when police searched his computer.  Finding in his favor the Supreme Court noted that the technician saw suspicious links but had not seen pornographic images of children on the computer. In addition information used to obtain the warrant failed to mention that the child was fully clothed, there had been no signs of physical abuse evident to the technician and that there was only one living area in the home.  All in all the court found that a selective presentation of facts portrayed a less objective and more villainous picture than would have been the case had all the material information been presented.  The court heard it was plausible to suppose Mr. Morelli was using his VCR and webcam to videotape his daughter at play for posterity’s sake, not for purposes connected with child pornography. The suspiciously labeled links in were insufficient to characterize a person as an habitual child pornography offender. Since the majority of pornographic material observed was adult this suggested that the accused did not have a pronounced interest in child pornography.



What on Earth Next: Malta Gets a Prosecuted Pirate and the Right to a Lawyer

2010 saw momentous legal upheaval in Malta. A judgment by a Maltese Magistrates’ Court on 30 September 2010 for the first time there convicted a seller of computer hardware with distributing pirated Microsoft software. The guilty party received a large fine and two years probation. Computer hardware and other related apparatus seized by the Police during their investigations was confiscated. The Business Software Alliance (BSA), global representative of the software industry, welcomed the judgment as ‘a very important step in the fight against software copyright theft’ in Malta. The judgement is ‘proof that Malta is making great efforts to combat the escalating problem of piracy on the island’ according to Georg Herrnleben, BSA Director. In 2010, too, suspects in Malta were granted the marvellous novelty of a lawyer during police questioning. The right, long common to most in the civilised world, had for years languished in the Criminal Code articles 355AT, 355AU, 255AZ and sub-articles 2, 3 and 4 of article 355AX of article 74. What with all that and the emergence of a prosecuted pirate the island’s reputation as a Mecca for digital forensics experts may be about to take wing.



Amazing 1/2 Price C|HFI Course

Hi everyone,

I’ve just heard from Firebrand Training that they are happy to extend an offer of a reduced-rate Forensics Training courses to our readers if they call now and book the C|HFI course and C|EH together. These are EC-Council courses all provide you with the ability to get certified in your profession. This is a great offer and we are really pleased to be able to offer it to you.

Remember, when you phone, tell them you got the offer from Digital Forensics Magazine.

From Firebrand Training

Firebrand Training is offering half price EC-Council Computer Hacking Forensics Investigator (C|HFI) certification, if you book the Certified Ethical Hacker (C|EH) course at the same time. Call us on 080 80 800 888 and join the Digital Forensics community!”

The links to the the two courses:

CEH – http://www.firebrandtraining.co.uk/courses/ec_council/ceh/hacking.asp
CHFI – http://www.firebrandtraining.co.uk/uk/forensics.asp




Get Involved


As we continue to strive to bring you the latest happenings in the world of digital forensics, we are on the look out for anyone who has a story to tell or something to share that would benefit the wider profession.

If you are:

  • researching a particular aspect of digital forensics
  • have developed a new tool that you would like to share
  • been involved in a case that has raised specific issues

then we want to hear from you.

If you have already written an article that has not been published or even one that has been published with a limited distribution and would like a wider audience, we are happy to discuss its suitability for any of our publications:

  • Magazine
  • Web White Paper
  • Newsletter


If you want a slightly less formal outlet than the web site or magazine, but still have something to say, we still want to hear from you for the DFM Blog and/or newsletter, if you:

  • have an opinion on a recent news item
  • a short story to impart
  • need an outlet for your frustration

We are looking to identify a number of you who would like to be regular contributors to the Blog or maybe provide less formal articles for the newsletters.

Technical Tools / Application Developers

Have you created a tool or application that you would like to share with others? If so, then contact us immediately.

Many practitioners develop their own tools and applications to deal with specific situations that arise. Rest assured that you would not be the only one who will meet that situation. So if you are prepared to share your tools with others, we have established a tools download section on the DFM website.

All tools will come with the normal safety warnings regarding their use, and using our outlet will get you feedback from your peers.

Technical Reviewers

Do you have the time and ability to technically review an article or tool/application? Then we want to hear from you.

At DFM we are always on the look out for people who are willing to carry out technical reviews of articles or tools/applications. We already have a waiting list of vendors who would like us to provide a technical review of their products, if you would like to join our team of technical reviewers; then contact us now.

Technical reviews will be published on the website and on occasion in the magazine, with the review fully attributed to the reviewers, if they so wish. You must not be a competitor or employee of the vendor who is supplying the technology for review, and you must have the skills and facilities to carry out any review. This is ideal for Universities or who have access to labs or those who have their own lab.


If you would like to get involved in any way, then drop us a line.

Send an email to acquisitions@digitalforensicmagazine.com providing a short biography and what aspect of DFM you would like to get involved with. We will then send you further details on how to proceed, in the area you have chosen.

Join the virtual team here at DFM and “Get Involved”



Reviewer’s copy of iOS Forensics

I received my reviewer’s copy of the iOS Forensics book today from Apress (thanks for the freebie, guys) and it really is a spectacular job. Apress is a great publisher and the layout, cover and attention to detail with Sean’s manuscript is second to none. I hope you feel it worth it to buy this book for your forensics collection as Sean put a mammoth effort into it – I can attest to every late night, ounce of blood and sweat and headache this tome caused – however, the result is… well, view for yourself.



Book Details

iOS Forensic Analysis: for iPhone, iPad and iPod Touch book cover

  • By Sean Morrissey
  • ISBN13: 9781430233428
  • ISBN10: 1430233427
  • 372 pp.
  • Pub Date: 2010-12-21
  • eBook Price: $41.99