Take part in our online satisfaction survey

Digital Forensics Magazine is running a satisfaction survey – we’d love to hear back from you all and gather your opinions on our magazine and sites. To take part in the survey simply visit http://www.surveymonkey.com/s/DFM-satisfaction-survey and complete the short survey.

All entries will eligible for a prize draw to win one of four subscriptions to the magazine for a year.

Many thanks in advance for your time.

The DFM Team

(510)

Share

Advertising opportunities within DFM

If you are interested in advertising in Digital Forensics Magazine or on our sites, please contact marketing@digitalforensicsmagazine for our latest rate card and a chance to explore opportunities where you can promote your services, college or brand in general.

We have a number of digital and print channels that can be used to reach a very desirable and segmented audience around the world.

(531)

Share

Student discount available until end of Feb

To help students make their money go further Digital Forensics Magazine has reinstated their 20% student discount for all those studying computer sciences or digital forensics. Offer applies to the digital version of the magazine subscription only.

From now until February 28th 2011 Digital Forensics Magazine is again offering students of digital forensics, computer sciences, or just those who are interested in this growing and fascinating discipline, 20% discount on the price of a digital subscription to their magazine.

In order to receive the discount code, please email marketing@digitalforensicsmagazine from a valid academic email account and the DFM team will send back a code to use during the subscription process that will give students 20% discount.

(480)

Share

Diary of a Student – Part 3 – 19th February 2011 – Businesses and Web Systems

Well it’s certainly been a busy few weeks starting the new semester and I thought it time to let you all know how things were going.

Following on from my previous post, I can tell you that the second part of my Fundamentals assessment went very well and I’m quite confident about the results. A few simple questions about Public and Private GPG keys and some bizarre plain text TCP communications made the test fairly enjoyable. Well, as enjoyable as any test can be I suppose.

All my coursework has been handed in for Semester 1 and I am pleased with the results that have been returned so far. I am on my way to getting those 3 letters after my name!

Semester 2 pretty much kicked off as soon as the assessments were all finished so there has not been much of a break but it has started with some highly interesting topics.

Secure Web Systems looks set to be particularly interesting. While it is slightly more security focused, it does involve learning some PHP and basic web development, which I enjoy a lot and have already dabbled in a little bit.

The culmination of this module shall bring the most terrifying assessment to date – a pen test. Thank goodness I bought those books on SQL and PHP! Hopefully, though, everything will go smoothly and I’ll come out the other side with some valuable knowledge.

Digital Evidence and Incident Response is following on from Forensic Tools and Techniques nicely, with some Virtual Machine Acquisitions and use of various Sysinternals tools. We are already learning much about CIRT and CSIRT teams, and how they operate which has been eye opening if I am honest. A bit more live Forensics is going to be thrown in along with Network Forensics, so all in all, it should be a fun module.

Advanced Topics in Forensics and Security is pretty much like Ronseal, it does exactly what it says on the tin. We will be looking at current research being conducted in both fields and will also receive some guest lectures from the Researchers involved.

By now I imagine you’re wondering why the title of this post is Businesses and Web Systems. Well, among the four modules of Semester 2 is “Professional Practice and Responsibilities”. Now, if you’re like me, then you will take one look at that title and think, “That sounds a bit strange for a Forensics course.” However, the first two lectures have probably been some of the most enjoyable so far.

The main premise of the module is to understand the fundamentals of a business, how IT operates within the business as a support or service function and how Digital Forensics and Security form part of this. In addition we are looking at the various roles that digital forensics and security have within the overall security operations and not just the post event analysis, lastly we will be putting all of this together to develop our own fake businesses and must apply the various laws and policies to make them successful.

In groups of four we will work over the semester building up our research into Business so that, when we face the dreaded DMU Dragons Den, we will be able to present to them, a company that has the beginnings of being highly successful and worth investing into. Who knows? Maybe our businesses will become real some day. The Presentation also assesses our business plans and our communicative skills so it should be a bit of fun.

I will keep you informed as to how our business, currently under the temporary name of Four Candles Forensics and Security Ltd, gets on.

That’s all for this post, really just an intro to the second Semester and what I will be getting up to. I’ll try not to leave it so long before the next post!

For now, I wish you all well.

(589)

Share

Volatility Developer Responds

In Issue 5 of Digital Forensics Magazine, Ron Tasker discussed the subject of Volatile RAM Analysis and the use of Volatility. This prompted a letter from Marc Remmert published in Issue 6 raising concerns about the limitations of Volatility and Windows XP.

Whilst Ron responded to these concerns (his comments can be found in 360 of issue 6) DFM approached AAron Walters who is the founder of Volatile Systems, LLC and the lead developer for the Volatility Project, for his comments on the article, the comments made by Marc and Ron’s response. Unfortunately they were not received in time to be included in Issue 6. In the interests of balance we agreed to include his comments in a blog.

“Let me begin by thanking Ron for the excellent article.  I think he did a very good job explaining the importance of memory analysis and the associated challenges and base that modern digital investigators face.

It is imperative for digital investigators to realize that we are facing an adaptive human adversary and thus we can’t afford to simply rely on the rules we once learned.  Not doing the right thing because it is complicated or new, is never a justification for complacency.  It seems hard to defend the antiquated statement that “powering off the system is good” when, comparatively, it destroys more artifacts within the perspective of entire digital crime scene (RAM, disk, etc) than running a tool that samples the state of physical memory.

In Ron’s response to the comment about his article he also raises some interesting points about Open Source forensics tools. The comment’s author states that Volatility 1.3 only supports Windows XP 32-bit memory samples and contends that this a big obstacle. While the comment’s author is correct with respect to 1.3, it seems interesting that they contend their only option is to buy expensive tools or hope Volatility is updated. As the leader of the Volatility Project, I always find these statements disheartening. I’m not sure why people feel the need to complain from the sidelines as opposed to actually getting involved and contributing to the community.  It is only then that they would come to appreciate the unique flexibility and modularity of The Volatility Framework, which has allowed it to support a variety of operating systems and hardware architectures (Windows, Linux, etc).

As Ron mentioned in his reference to Dr. Schatz’s work, there are many groups out there using Volatility to support other operating systems including Windows 7. I’m even aware of groups using Volatility to analyze cell phones. Thus, the “tool-users” can sit back and wait till 1.4 (http://code.google.com/p/volatility/) is released or they take the initiative to contribute. Regardless, if that contribution is writing an article (i.e. Ron Tasker) or helping test a new operating system (i.e. Dr. Schatz), all contributions help to move the community forward.”

AAron Walters

Founder, Volatile Systems, LLC

Lead Developer, The Volatility Project

You too can have your say by adding your comments here or writing directly to DFM via 360.

(949)

Share