Month: June 2018

Miami Dade College (MDC), the institution of higher education with the largest undergraduate enrollment in the United States, and Cyberbit Ltd., a provider of cybersecurity simulation and IT/OT detection and response platforms, have collaborated to open the MDC Cyber Range training facility, a hands-on cybersecurity training center that will provide simulation training for cybersecurity professionals in protecting national assets and infrastructure against cyberattacks. Powered by the Cyberbit Range platform, this groundbreaking facility will be part of MDC’s new cybersecurity center.

“The MDC Cyber Range will be the most advanced cybersecurity training and education center in Florida. It will produce highly qualified graduates, who will fill critically needed cybersecurity positions, and will create more employment opportunities for MDC students”, said Antonio Delgado, Dean of Engineering, Technology and Design, at Miami Dade College. “The MDC Range will help organizations around South Florida ramp up their workforce skills and improve cyber resilience, by providing high-fidelity, hands-on training, powered by market leading Cyberbit technology.”

Training by simulation is proven to dramatically increase the skills of cybersecurity workforces and prepare them to meet the increasing complexity and volume of real-life cyber threats. With recent studies noting that a cyber-attack occurring around the globe every 39 seconds, MDC partnered with Cyberbit to help cybersecurity practitioners obtain the highest level of skills needed for careers in cybersecurity.

The MDC Cyber Range will support MDC’s important initiative to grow cybersecurity competency in Florida and help fill thousands of open cybersecurity positions in the region and nationwide. The college will expand cyber education available to students and prepare them for careers in one of the country’s fastest growing technical professions. In addition, the facility will offer hands-on training, certification and assessment for commercial and public-sector organizations in Florida.

“We are proud to partner with MDC to bring the Cyberbit Range to Florida.” said Adi Dar, CEO at Cyberbit. “The global demand for higher quality, hands-on training and certification for cybersecurity professionals is skyrocketing, driven by the cyber skill shortage and the increasingly challenging cybersecurity landscape. With its innovative, mission-oriented approach, MDC is on track to becoming Florida’s cybersecurity hub.”

Cyberbit Range is the most widely deployed cybersecurity training and simulation platform for higher education, service providers, governments and enterprises. The platform has already been selected by 15 cyber training facilities in the US, Europe, Asia and Australia, with new training centers continuously launched. In addition to simulating large-scale virtual networks and attacks based on real-world incidents, the platform can also pinpoint system vulnerabilities and help users develop countermeasures and improved protocols for dealing with cyber-attacks on critical network systems. As a result, cybersecurity practitioners benefit from receiving real-time training for threat detection and the response process, enabling them to dramatically improve the performance of all security and SOC teams.

The MDC Cyber Range is scheduled to open in the third quarter of 2018.

(55)

About MD5 LTD
MD5 Ltd are the manufacturers of the world-renowned software, Virtual Forensic Computing (VFC). We are a Digital Forensics and eDiscovery service provider and have worked closely with Law Enforcement and Government Agencies since inception.

Accounting software such as QuickBooks and Sage can be a very valuable source of evidence when investigating Fraud, internal business problems, staff investigations and IP theft.

Often with accounting programs such as this, a proprietary file format is used that can be difficult to view outside of the native application. The challenge for a forensic investigator is providing the information identified within the respective applications in a format that can be easily understood by everybody involved in a case.

When it comes to QuickBooks and Sage, investigators will have some success with tools such as EnCase and Nuix but providing that information to a client in a user-friendly format can often prove challenging. Virtual Forensic Computing (VFC) software, by MD5 can offer an alternative approach.

In this particular Fraud case, investigated by MD5, our analyst used VFC to create VM copies of a number of computer exhibits which were all running QuickBooks and which all contained QuickBooks application data. By doing this, the analyst was able to browse, identify and extract a significant volume of key evidence which directly related to the investigation, in a format that would otherwise have been unintelligible, without the need to run a separate instance of the accounting software.

This data was exported to Excel spreadsheets and extracted from the Virtual Machine environment then uploaded to our ‘eForensics’ online review platform for further investigation by the Police investigators.

Here follows a breakdown of the case and the steps the analyst took to accomplish this:

Phase 1 (VFC – preliminary steps)

This case involved multiple computers and servers, all of which were running QuickBooks. After taking forensic images of the devices, I generated them all as Virtual Machines, using VFC.

The process for each VM involved mounting the E01 forensic image as ‘Physical Only’ and ‘Block Device / Writable’ using FTK Imager. From this mounted image, VFC was used to generate a Virtual Machine and the VM was then launched using VMware Workstation.

The system booted to the login page and a password was requested. With no password provided as part of the examination paperwork I utilised VFC’s password bypass feature. This routine allowed me to log in as the user of the system. After doing some initial inspections of the device I turned to the QuickBooks data that had been identified earlier in the examination.

Phase 2 (VFC – specific application)

1. I launched QuickBooks and noted that 3 Projects were listed in the Recently Opened Files section of the software. After browsing the application’s dashboard, I launched one of the data files listed as ‘recently opened’.

2. This opened up a QuickBooks data file that contained a lot of information that ranged from Contacts, Payments, Stock History and Transactions to Members of Staff. Each section contained information that was relevant to the enquiry.

3. From within the Virtual Machine, I then browsed through the various sections of the data file and examined the data stored within. Of particular note was the Transaction page; this page contained thousands of entries that painted a picture of who the company had dealt with, when that business had been done and what was involved as part of each transaction.

4. QuickBooks, Sage and other database programs allow their users to export data as Comma Separated Values (.CSV files) or Excel spreadsheets (.XLS or .XLSX) to allow data to be used outside of the applications. Utilising this feature within the VM environment, I exported the data from the Transaction page as a spreadsheet. I repeated this process for each page that contained information of note.

5. VMware contains a suite of Tools which can be installed onto a VM to give additional functionality, such as copying files from the VM environment to the host computer. I installed VMware Tools and ‘dragged and dropped’ the relevant spreadsheets to my own physical system.

6. By the end of the process I had a range of spreadsheets that helped to portray exactly what the business had been doing over an extended period of time. At this stage I provided a copy of the spreadsheets to our client.

Phase 3 (eForensics)

7. The client for this examination was using our online review platform to review documents and emails that were stored on the devices submitted for examination. Online Review is offered as part of MD5’s eForensics solution and allows our clients to review data online at any time of day, from anywhere in the world. After consultation with the client it was agreed that the spreadsheets containing the QuickBooks data would be uploaded to the online review platform along with the other documents that were extracted. This allowed the client to utilise keyword searching and date criteria as part of the Online Review process to really narrow down the data that was stored within the spreadsheets.

(81)

Project VIC, a coalition of law enforcement and private sector partners that champions a transformation in the approach to child exploitation investigations, announced that it is partnering with ForceForge.org to launch VIClabs™.

Created by members of the Interpol Technical Working Group, ForceForge.org is a community of developers in law enforcement working to track child sexual exploitation materials online.

Combining the efforts of Project VIC and ForceForge through VIClabs will expand the reach of an international network of investigators, developers, non-profit organizations and private sector partners who have come together to combat child exploitation on a global scale.

“Forming a partnership between ForceForge and Project VIC is a natural relationship,” said Arnold Guerin, RCMP representative and Chair to the Technical Working Group.   “Creating an innovation lab to incubate collaborative solutions will lead to positive outcomes for children worldwide, as well as improved processes for law enforcement.”

Peter Pilley Co-Founder of Forceforge, commented that “Project VIC has made outstanding strides in working with the world’s leading providers of computer forensics software, while ForceForge has aligned top law enforcement developers in creating solutions such as machine learning, an international whitelist of hashes, and big data analysis to combat CSEM offenses.”

“Technology is moving fast, and ForceForge and the Interpol DevOps group have a track record of innovation and collaboration that is unique,” said Richard W. Brown, Director of Project VIC. “We will use our designated workspaces to incubate programs, create hack-a-thons, and review solutions. Ultimately, this will help us to deconflict on initiatives internationally and avoid duplication. ForceForge, DevOps and Project Vic are a community of highly-skilled members working together to quickly respond to new threats facing law enforcement. By combining our expertise and launching VIClabs, we can ensure that investigators worldwide—including in developing countries—will have access to the tools needed to combat child sexual exploitation.”

(46)