Admin – Page 2

Altium releases its TASKING ARM Cortex-M Embedded Development Tools for the Mac

Posted on 2 October 2014 by Admin

Sydney, Australia – 2 October 2014 – Altium Limited, a global leader in Smart System Design Automation, 3D PCB design (Altium Designer) and embedded software development (TASKING) announces the release of its TASKING VX-toolset for ARM Cortex-M for Apple Mac computers running OS X.

Traditionally embedded software development tools have been available exclusively for the Windows operating system and Altium has a long history in providing its TASKING cross compilers and debuggers for running on Windows, including its TASKING VX-toolset for ARM Cortex-M. With ARM Cortex-M based microcontrollers becoming popular in broad market consumer applications, especially with wearable electronics and electronic systems that can be controlled from the iPhone, it is apparent that embedded software engineers want to use the Mac as their development platform.

To serve this development community, Altium has developed a native OS X port of release v5.1r1 of its TASKING VX-toolset for ARM Cortex-M, bringing its C compiler suite with Eclipse based IDE and debugger to Mac computers.

“Given the growing popularity of Mac OS X and the development of ARM Cortex-M based embedded applications connecting to applications on the iPhone and iPad platforms, we’re excited to offer our TASKING Embedded Development Tools to Mac users,” said Harm-Andre Verhoef, Product Manager TASKING. “Altium’s product offering will empower embedded ARM based developments and provide Mac users with the tools to bring their embedded applications to life.”

Previously, embedded-application developers that preferred Mac computers relied on virtual machines hosting the Windows operating system within OS X in order to run an embedded cross compiler. This led to an inefficient workflow and a variety of challenges, including problems connecting a debug probe reliably to the debugger running inside the virtual machine. The native port to OS X of the TASKING compiler breaks down the barriers for developing embedded applications for Mac users, while allowing them to work efficiently in their platform of choice. Cooperation with STMicroelectronics made it possible to offer in-circuit debug capabilities with the Eclipse integrated TASKING debugger, using the USB port on the Mac to connect to the ST-LINK/V2 debug probe.

TASKING’s Viper compiler technology used in the ARM compiler ensures platform compatibility for developers on OS X and their colleagues using Windows, allowing for easy migration and collaboration. The Viper technology has an industry proven reputation of generating highly efficient and robust code for automotive applications like power train, body control, chassis control and safety critical applications, benefiting developments for broad market and industrial applications.

Key features of the TASKING VX-toolset for ARM Cortex-M for Mac OS X include:

Eclipse based IDE with integrated compiler and debugger
Highly efficient code generation, allowing for fast and compact applications
Support for a wide range of Cortex-M based microcontrollers from different vendors, such as STMicroelectronics, Freescale, Infineon Technologies, Silicon Labs, Spansion, Atmel and Texas Instruments
Integrated code analyzers for:
- MISRA-C:1998, C:2004 and C:2012 guideline
- CERT C secure coding standard
Fast and easy application development through TASKING’s award winning Software Platform technology, bringing:
- an industry standard RTOS
- a wide range of ready to use middleware components, such as support for CAN, USB, I2C, TCP/IP, HTTP(S), Bluetooth, file systems, graphical user interface, and touch panel control
Eclipse integrated Pin Mapper for assigning signals to microcontroller pins
In-circuit debug and programming support through ST-LINK/V2 probe (including on-board probes on starter-kits from STMicroelectronics)
Native support for 64-bit Intel-based Macs with Mac OS X

Developers using OS X that require certification of their embedded application for functional safety standards such as IEC 61508 and ISO 26262, benefit from TASKING’s ISO 26262 Support Program for its new ARM toolset on OS X. A manufacturer of an electronic (sub) system is responsible for obtaining certification credit and as part of the process has to assess the required level of confidence in the utilized software tools. Altium supports this through the availability of a Compiler Qualification Kit as well as optional Compiler Qualification Services.

The VX-toolset for ARM release v5.1 is available now on OS X Mavericks, and on OS X Yosemite once it is widely available. Pricing starts at USD 1,995 (€ 1,595) for the TASKING VX-toolset Standard Edition and USD 2,995 (€ 2,395) for the Premium Edition with the award winning Software Platform. Hardware debug support is available in the Professional and Premium Editions through the ST-LINK/V2 debug probe from STMicroelectronics.

(2187)

Offender profiling is taking a different shape, as investigators grapple with increasingly ‘social’ criminal activity

Posted on 23 June 2014 by Admin

Mobile forensics has changed the methodology when it comes to offender profiling. The frequent use of mobile devices has provided investigators with another source for profiling criminal suspects, as well as an insight into their habits and personalities.

This is not just because of the volume of user voice calls and SMS texts; the amount of rich data that can be extracted from Instant Messaging (IM) and social media applications gives forensic investigators the paint and brushes to develop a detailed picture of a suspect and a criminal case. A suspect’s social media personality can offer a more tailored overview of the character, his or her likes and dislikes and a reflection of ‘who’ they really are, beyond their alleged actions. A victim’s presence on social media can also be used to find a common link to possible suspects.

Recent research from Cellebrite found that 77 per cent of respondents believed that mobile apps were a critical data source in criminal investigations. While this clearly indicates that mobile apps offer a vital source of evidence, it’s not a suggestion that investigators should solely look at mobile-based apps when building the investigative picture – evidence should be extracted from all other items of phone-based data as well.

The widespread use of mobile apps makes them a critical data source for law enforcement, both in terms of evidence and investigative leads. The value to both prosecuting and defence counsels, in a court of law, makes the neglect of such data a potentially severe barrier to solving a case.

People now more frequently use mobile devices to access social media apps, rather than using a traditional PC or laptop. Moreover, social media data that is extracted from a suspect’s mobile device provides additional characteristics such as more accurate location-based data and time proximity to another event or situation. For example, by connecting to a specific Wi-Fi network investigators can establish presence in a certain place and at a certain time correlating it with another action, possibly, on social a network.

Criminals will use various communication channels in the course of their mobile activity. For example, a suspect could use an IM app to organise a meeting, but use SMS to contact the victim. Investigators must operate a flexible forensic practice when sourcing evidential data from mobile devices, because the various channels that criminals communicate through means that a one dimensional approach to forensic evidence gathering could lead to the omission of valuable data.

While data points such as SMS text messages and GPS locations may result in an immediate lead in a criminal case, the ‘online social identity’ of a suspect will allow investigators to delve into the personality of the suspect, which in turn could help build out the case.

This social data can be extracted through the social media apps that the suspect has downloaded on their device. Facebook posts, Tweets, ‘shares’ and ‘likes’ can all give critical information to investigators hoping to build the profile of a suspect.

A suspect’s social media identity goes beyond their ‘likes’ and ‘shares’ though; it can also include immediate locational data, such as a recent ‘check-in’ at a restaurant or a shop. Even if this locational data isn’t completely current, it will still help to paint the forensic picture of a suspect in terms of where they regularly go, who they meet with, and what they do when they’re there.

In court, social data retrieved from mobile apps is fast-becoming a major source of evidence in not only building up the profile of the suspect, but also in establishing or demolishing a witness’ credibility. While social or app-based data has become a crucial evidential component to an investigator’s case, it can also act as an important part of the prosecution or defence process in court.

Offender profiling is changing as people use more social applications to communicate with one another. This is providing investigators with another source of information to build up a complete profile of a suspected criminal, which in turn offers a more comprehensive picture of a suspect in a court of law.

The amount of data that is now being consumed and shared is opening up a number of different opportunities for mobile forensic investigators, who are in a constant battle to stay one step ahead of the increasingly connected criminal.

Yuval Ben-Moshe, senior forensics technical director at Cellebrite

(1000)

Waking Shark II & Barclays

Posted on 9 February 2014 by Admin

Last week, one agency was kind enough to print my controversial opinions on Waking Shark II, which were based on knowledge of standing deficiencies with the security cultures and infrastructures of banking. Many of which have been notified, but those in question have failed to act, or indeed acknowledge!

The recent Barclays breach is interesting, but I would add that this is only known as an insider blew the whistle, otherwise it would be unknown, and the subject public at large would have been none the wiser, and at risk. However, I am aware of many cases of such breaches which did not go public, one of which was the loss of 37,000 Barclays Client record’s, in clear (not encrypted) around 2007, which was not reported, notwithstanding the CISO, and all Executive IT Directors were aware, including one Main Board Member.

By main criticism and observation around Waking Shark II was its real value to serving security – if there were/are so many tolerated holes in place that support insecurity, then those in the security profession who support this situation, by association become part of the problem – in the name of security associations and bodies!

My conclusion is, we are not at a well trodden juncture of insecurity and public/business exposure which, in my opinion needs much more than to just pay lip service to the known, but which demands tangible action to secure the National and Global Economies.

We also need to be aware that the cultures which tolerated the unreported breach, have moved on, in some cases to the world of Outsourcing and Service Management (e.g. First Data), so sadly one may conclude that such attitudes for survival may have evolved into the unknown.

John Walker
SBLTD
www.sbltd.eu

Professor John Walker is a Visiting Professor at the School of Computing and Informatics, Nottingham Trent University (NTU), owner and CTO of SBLTD, a specialist Contracting/Consultancy in the arena of IT Security and Forensics, and Security Analytics, the Director of Cyber Research at the Ascot Barclay Group.

(1490)

Finding The Middle Ground

Posted on 11 August 2013 by Admin

Finding the middle ground: keeping the public safe, while respecting their privacy

When it comes to keeping the public safe, the Government and indeed the public need to find the middle ground to achieve the best results. The timeless debate over ‘privacy versus security’ has reared its head in recent weeks, with the Government planning on reintroducing the Data Communications Bill, in the wake of the horrific murder of Lee Rigby. This will require negotiation.

On the one hand, keeping the public safe is the most important role the police and the security services play but, on the other, the privacy of members of the public is one of the most paramount features of democratic life. The public must also realise that for law enforcement to do its job, there must be a degree of willingness from the public when it comes to the extraction and analysis of mobile data.

It’s no surprise that the Government is looking to reintroduce this piece of legislation. The dreadful events that unfolded in Woolwich show that terrorists have no respect for human life and play by no rules. Investigators need the most cutting-edge technology, to prevent such acts of criminality from reoccurring. But these tools may come at a risk.

Police and security services rely on the most up-to-date technology to prevent crime from happening, as well as helping to unravel a criminal case. The Data Communications Bill will enable this power, with investigators having the ability to analyse digital communications between criminals and criminal groups, but knowing how to handle this data is critical.

A balance must be struck; a middle ground must be found. The police and the security services must keep the public safe, but they must also respect their privacy. They essentially have a dual-role, in that they are the guardians of the public’s safety as well as their privacy.

There are specific tools available to investigators that solve this problem. Tools such as the UFED Link Analysis, from Cellebrite, ensure that criminals don’t get away with communicating via mobile devices. Finding multiple connections between criminals and criminal gangs, allows investigators to build a far broader picture of a case than is possible using the more conventional methods.

The underlying weakness of digitally-reliant criminals is that they use their mobiles so frequently. Investigators can expect to find a wealth of data on mobile devices. The true advantage of tools such as the UFED Link Analysis is the fact that they allow investigators to establish connections. In cases such as the murder of Lee Rigby, searching for connections and patterns may well be crucial in discovering whether the attack was part of a wider plot and whether there are groups that are behind the attack.

But it’s important that those that operate the forensic equipment, know exactly how it works and what the purpose of it is. Just as it would be futile for someone that isn’t trained in biological forensics to extract and analyse DNA to solve a case, the same is true of mobile forensics. Due to the sensitive nature of data extraction, investigators must be fully trained to operate this equipment and use it to its optimum potential.

There will always be a ‘trade-off’ when it comes to privacy and security. Although the forensic equipment that’s available to investigators is highly advanced, it does require the application of human rationale, when operating the equipment.

Safeguarding the privacy and the security of the public is a dual-role that really goes hand-in-hand. Although negotiation will be an integral part of the legislation, when it’s debated in Parliament, it’s important to realise that, with the correct technology and know-how, investigators can hope to fulfil their dual-role to the highest level.
Yuval Ben Moshe
Yuval Ben-Moshe, senior forensics technical director at Cellebrite

(2497)

Mobile Device Forensic Process v3.0

Posted on 10 August 2013 by Admin

Cindy Murphy has updated her paper on a process for Mobile Device Evidence and Data Extraction. We at DFM are happy to help get this into the hands of Digital Forensic Investigators globally and whilst it has not been reviewed through our normal technical review process we are happy to help publicise this piece of much needed work. The article is available for download using the link below or subscribers to Digital Forensics Magazine can download the paper from the White Papers Downloads Section of the DFM Website.

Cindy Murphy is a Detective with the City of Madison, WI Police Department and has been a Law Enforcement Officer since 1985. She is a certified forensic examiner (EnCE, CCFT-A, DFCP), and has been involved in computer forensics since 1999. Det. Murphy has directly participated in the examination of hundreds of hard drives, cell phones, and other digital evidence pursuant to criminal investigations including homicides, missing persons, computer intrusions, sexual assaults, child pornography, financial crimes, and various other crimes. She has testified as a computer forensics expert in state and federal court on numerous occasions, using her knowledge and skills to assist in the successful investigation and prosecution of criminal cases involving digital evidence. She is also a part time digital forensics instructor at Madison Area Technical College, and is currently working on her MSc in Forensic Computing and Cyber Crime Investigation through University College in Dublin, Ireland.

Mobile Device Forensic Process v3.0

(2937)

Freezing Android Phones Just Won’t Break The Ice With Forensic Investigators

Posted on 20 March 2013 by Admin

Leading and available mobile forensics tools already have similar capabilities, enabling law enforcement to effectively obtain admissible evidences from mobile devices. Mobile forensics has evolved at an exponential rate over the last decade or so. The rise of the Smartphone has meant it’s had to. Forensic investigations can rely on taking fingerprints or finding DNA samples on a car seat, as well as data from digital devices, such as mobile phones.

With the correct software, operated by a trained investigator, mobile data can be extracted and analysed very quickly. It’s vital that this process isn’t a lengthy one, as investigators can sometimes be operating in life or death situations. A single device that has both the capability to extract as well as analyse mobile data is far more efficient and accurate than freezing the phone first and then processing the data in a separate computer.

The data that’s stored on a user’s mobile phone such as sent messages, browsed websites and recent calls can help investigators build a fairly accurate picture of a case. Devices such as the UFED device from Cellebrite, can not only retrieve this data but can also salvage data that’s been deleted by the user.

This can be critical to an investigation. Criminals could be mistaken for thinking that by deleting sensitive data they are removing it from the reach of the investigator.

Although digital technology has made criminal coordination easier, it has also made criminals more vulnerable to being caught. Before the age of the mobile phone, criminals would communicate via a landline telephone and, before that, through a telegram or a written letter. These methods of communication could be easily erased to avoid discovery.

Research into data extraction and analysis methods for the latest technology is of vital importance to law enforcement agencies. But, people should be aware of the technology that’s out there and at the disposal of investigators.

People should also be aware that due to the critical nature of digital forensics, taking a ‘DIY approach’ to data extraction is not the way forward. Investigators must use technology for accuracy’s sake, in addition to the fact that it saves a considerable amount of time.

Yuval Ben-Moshe, senior forensics technical director at Cellebrite

(2394)

Protect Your Business From State-Sponsored Attacks

Posted on 28 February 2013 by Admin

It has taken some time but we finally have succumbed to the delights of a certain kitchen utensil. Years of resisting George, John, and the seductive talents of Penelope, had left me more determined than ever to resist at all costs. The result; a plethora of appliances – eight at last count – to produce the perfect cup of coffee at the right moment, cluttering kitchen surfaces and cupboards, and never quite getting it right. After all, each appliance needs and produces its own unique type of coffee. And it’s difficult, when you’re the only serious coffee drinker, to convince ‘management’ at home that such a thing as a CCM (Centralized Coffee Management) system is essential.

And the story is similar with encryption keys and certificates. Look around any mid to large size organisation and you will find SSL, SSH and Symmetric keys and digital certificates scattered around – and each type will also have several variants. Then there are all the different “utensils” which use the keys, from applications to a myriad of appliances, as well as a host of built-in ‘tools’ to manage each variety. The result is more management systems than the average household’s coffee machines.

Today SSL and SSH keys and certificates are found littered across virtually all systems, applications and end-user computing devices. In most cases no one knows who caused the ever-proliferating and expanding landscape of encryption “litter,” and since these keys and certificates are used to protect critical systems and sensitive data, ineffective and siloed management means that organisations are increasingly susceptible to failed audits, security risks, unexpected systems outages, compromises to systems applications and most importantly, critical data. Of course, each of these comes with its own costly financial and reputational consequences.

The Dark Side

And just as I’m told that there’s a dark side to my caffeine addiction, there is a definite dark side to the unmanaged and unquantified encryption keys and certificates that we’ve become so dependent on—which now act as the infrastructure backbone of all online trust and security. Today as never before, everyone from governments to private individuals is under attack. The use of malware for criminal, ideological and political aims is growing at an alarming rate. Stuxnet opened Pandora’s Box when the use of valid, stolen SSL certificates as a means to authenticate the malware and allow it to remain hidden and undetected became common knowledge. Since then there has been an explosion of malware using digitally signed certificates.

Can we defend ourselves against state-sponsored attacks?

Today we are faced with cyber-attacks on a scale never imagined, and the question that has to be asked is whether or not there is anything we can do to protect our infrastructure, enterprises and ourselves.

But I believe the reality is that we are responsible in large part for the ease with which cyber-terrorists, regardless of their ideology or motivation, are attacking us. In effect, we are supplying the weapons that are being used against us. The collective failure of enterprises to protect keys and certificates is resulting in these very keys and certificates being used against us.

The Flame attack for example, which masqueraded as a Windows update, was successful because of Microsoft’s continued use of MD5 algorithms, years after they themselves had identified that they were compromised. A surprisingly small amount of money needed to be spent to create a duplicate certificate. Shaboom, which attacked Aramco and RasGas, leveraged a certificate stolen from a company called Eldos, and issued by Globalsign. The fact that it was issued by Globalsign is not the problem; the problem is that the key and certificate were reportedly stolen from Eldos. And it goes on and on. Cyber-Terrorists are literally helping themselves to keys and certificates from global business because they know that no one manages them. When organisations don’t ensure proper controls over trust, business stops. End of story.

So the first step in defending ourselves is to protect our key and certificate arsenal. Having effective management so that access to any key or certificate is controlled is a first step in ensuring that you don’t become the next unsuspecting collaborator. And that management has to be unbiased, universal and independent if it’s going to work—not caring who issues the encryption or in what departmental silos it resides (one cannot be both the issuer and manager of encryption simultaneously—too many inerrant conflicts of interest). No one wants to have their name associated with a cyber-attack that at the very least results in significant financial loss for the victim, but even more seriously results in the loss of life.

Secondly, enterprises are not responding to the attacks. There is massive investment in perimeter security but when we are told repeatedly that the threat is as much from within as outside, we need to act.

Can we still protect critical infrastructure from attack in the digital age?

If malware is the Cyber-terrorist weapon of the 21^st century, then organisations need to reduce the risk as much as possible. At last count there are in excess of 1500 Trusted Third Parties who issue certificates globally. Many of these are in every system in the infrastructure, and the result is that if a system trusts the issuer, it will by default trust the “messenger”, in this case malware.

So like your firewall in the 20th Century, which you used to reduce the access points through your perimeter, effective management of trusted issuers and instruments similarly reduces your risk of malware infection. If a system doesn’t know the issuer, it’s not going to trust the messenger. So although you can never completely remove the risk because you have to trust some people, you will significantly reduce the number of possible attacks. But this requires the determination of an organisation to take steps to protect itself. The management of trust stores in every system becomes an absolute necessity in the fight against cyber-terrorism, regardless of what group, enterprise, or nation state is behind it

According to US Defence Secretary Leon Panetta, the Pentagon and American intelligence agencies are seeing an increase in cyber threats that could have devastating consequences if they aren’t stopped. “A cyber-attack perpetrated by nation states or violent extremist groups could be as destructive as the terrorist attack of 9/11. Such a destructive cyber terrorist attack could paralyse the nation.”

The question is: when will start to see individuals and organisations being held culpable for these attacks? In the Cyber-Terrorism war, it is a big business selling valid SSL certificates, whether stolen, lost or sold, to “terrorists” – and it is likely to play a significant be a part of a major incident, and ignorance will not be a defence!

So my advice is, as George Orwell wrote in “1984” – “If you want to keep a secret, you must also hide it from yourself.”

Calum MacLeod has over 30 years of expertise in secure networking technologies, and is responsible for developing Venafi’s business across Europe as well as lecturing and writing on IT security.

www.venafi.com

(2031)

Cellebrite’s Panel of Leading Industry Experts Identify Mobile Forensics Trends for 2013

Posted on 23 January 2013 by Admin

Petah Tikva, Israel, January 23, 2013 – As 2013 gets underway, Cellebrite, the leading provider of mobile forensic and mobile data transfer solutions, has announced a list of top trends in mobile forensics that will shape the year ahead.

To gather this list, Cellebrite interviewed a number of prominent experts from law enforcement, corporations and universities, as well as industry analysts, familiar with mobile forensics, information security and e-discovery and the most advanced mobile forensic products available today. They highlighted the following nine trends as the most critical for investigative and legal professionals to prepare for the upcoming year:

1. BYOD impacts the forensics industry. While “Bring Your Own Device” (BYOD) seemed to infiltrate the enterprise in 2012, the mobile forensics industry will confront the impact of this growing trend in the year ahead. BYOD adoption across the enterprise means that forensics professionals will encounter a greater number of compromised phones. According to John Carney, Chief Technology Officer, Carney Forensics, “For e-discovery experts, BYOD will mean contending with more devices that contain both personal and corporate evidence as well as an increase in legal challenges related to device access and privacy during corporate investigations.”

2. Critical data: there’s an app for that. According to a 2012 Nielsen report, the average smartphone user has approximately 41 apps installed on a single device. “Whether it’s mobile messaging, personal navigation, social media or improving productivity – apps are going to dominate smartphones and tablets in 2013,” said Carney. “The ability to extract critical data stored in apps will become the new measuring stick by which investigators gauge the superiority of mobile forensics tools.”

3. Smarter phones mean tougher encryption. “Expect to see more encryption of data on smartphones to protect personal privacy and corporate data, which will make forensic examination more challenging,” said Eoghan Casey, founding partner at CASEITE. Password technology, too, has advanced; pattern-screen locks have hindered forensic data extraction efforts. In 2013, look for mobile forensics tools to continue to find ways to bypass a greater number of passwords and device locks, as well as address advanced encryption technology.

4. Investigators can’t put all their eggs into one mobile operating system. Though Android took 75 per cent of the market in Q3 of 2012, for mobile forensics professionals, market share isn’t everything. As Paul Henry, security and forensics analyst, vNet Security, noted, “While Android is the predominant operating system, the bulk of the bandwidth is still taking place on Apple devices, making them critical to many investigations.” In addition, despite BlackBerry’s decline in recent years, Carney said: “Their popularity for over a decade will make them an important legacy device pertinent to investigations for years to come.”

5. Windows 8 is the wildcard. Notwithstanding all the attention garnered by Android and Apple, the real wildcard for 2013 will be the rise of Microsoft in the mobile device market. While questions remain regarding how prevalent Microsoft devices will become, Cellebrite’s panel of experts predicts that the need for mobile forensic tools providing support for Windows 8 will increase in the New Year.

6. Mobile devices advance as witnesses. Look for mobile devices and the data they contain to take centre stage in both civil and criminal investigations in the year ahead. “Civil litigators are discovering that mobile device evidence is just as important as digital documents and email evidence,” said Carney. According to Heather Mahalik, mobile forensics technical lead at Basis Technology, “Now, more than ever before, e-discovery experts need comprehensive training in order to ensure the proper extraction of all relevant data from mobile devices.”

7. The regulatory and legislative landscape remains uncertain. “Lawmakers and judges are looking at cell phones much more critically than they did computers,” said Gary Kessler, associate professor, Embry-Riddle Aeronautical University and a member of the ICAC North Florida Task Force. “However, because few understand the nature of the technology, they are erring greatly on the side of caution. This speaks to the need for greater education regarding the scope and possibilities of mobile forensics and what it means for privacy and pre-trial discovery.”

8. Mobile malware’s incidence will rise. In 2013, look for malware on smartphone platforms and tablets to increase exponentially, particularly on Android devices. According to Cindy Murphy, detective, computer crimes/computer forensics, Madison Wisconsin Police Department, “The intended uses of mobile malware will be very similar to non-mobile malware – steal money, steal information and invade privacy. For law enforcement and forensics professionals, mobile malware means dealing with potentially compromised devices that may help perpetrators cover their tracks, making it increasingly difficult for investigators to meet the threshold of reasonable doubt.”

9. Data breaches via mobile will rise. “Mobile forensics vendors should resolve to provide stronger capabilities for enterprise wide smartphone investigations to support the investigation of data breaches targeting smartphones and the needs of e-discovery,” said Casey. Malware together with large-scale targeted intrusions into smartphones (targeting sensitive data) will raise enterprises’ risks for data destruction, denial of service, data theft and espionage.

“From the increasing use of mobile evidence to challenges stemming from the rise in tougher encryption methods, there are a number of areas that will demand the attention of mobile forensics professionals in the year ahead,” said Ron Serber, Cellebrite co-CEO. “As the industry continues to evolve, it will be critical for the law enforcement community, as well as the enterprise, to invest in proper training and ensure that their budgets allow them to meet the growing demand for comprehensive device analysis and data extraction.”

Cellebrite’s UFED provides cutting-edge solutions for physical, logical and file system extraction of data and passwords from thousands of legacy and feature phones, smartphones, portable GPS devices, and tablets with ground-breaking physical extraction capabilities for the world’s most popular platforms – BlackBerry®, iOS, Android, Nokia, Windows Mobile, Symbian and Palm and more. The extraction of vital evidentiary data includes call logs, phonebook, text messages (SMS), pictures, videos, audio files, ESN IMEI, ICCID and IMSI information and more.

Cellebrite’s panel of experts included:
· Eoghan Casey, Founding Partner, CASEITE
· John Carney, Chief Technology Officer, Carney Forensics; Attorney at Law, Carney Law Office
· Paul Henry, Leading Security and Forensics Analyst, Principle at vNet Security; Vice President at Florida Association of Computer Crime Investigators; SANS Senior Instructor
· Gary Kessler, Associate Professor, Embry-Riddle Aeronautical University; ICAC Northern Florida Task Force
· Heather Mahalik, Mobile Forensics Technical Lead, Basis Technology; SANS Certified Instructor
· Cindy Murphy, Detective Computer Crimes/Computer Forensics, Madison Wisconsin Police Department
· Ron Serber, co-CEO, Cellebrite

http://www.cellebrite.com/collateral/WhitePaper_MF_2013_Trends.pdf

(3107)

Big Brother Forensics: Device Tracking Using Browser-Based Artifacts (Part 1)

Posted on 9 April 2012 by Admin

[Author’s Note: Geo-location artifacts have been a frequent focus of my research, and I am amazed at how quickly they are permeating operating systems, applications and file formats.In the fall of 2011 I had the pleasure of writing an article for Digital Forensics Magazine focused on browser-based geo artifacts, where much of this series was originally published.]

One of the more revolutionary forensic artifacts to emerge in recent years is geo-location data. Geo-location gives us an accurate means to identify the physical location of an item on Earth. It is now possible to determine where in the world a laptop or mobile phone has been, solely using host-based forensics. In a world of increasingly mobile devices, geo-artifacts can provide a crucial extra dimension to our investigations. With it, we now have the potential to answer who, what, when, why,and where.

The trend towards mobile computing is unmistakable, with laptop computers outselling desktops for several years. Forrester Research estimates tablets, netbooks, and laptops to be 73% of computer sales in 2011. While an increasing number of smartphones contain Global Positioning System (GPS) radios, the technology has been slower to be adapted to mobile computers. However, devices can be geo-located and store location artifacts even if they do not contain a GPS capability. In fact, in urban locales and particularly indoors, GPS can be highly unreliable. Technologies like WiFi network positioning and cell tower triangulation often augment or replace GPS. If a device is connected to the Internet and has access to GPS, a cellular modem, or a wireless network card, geo-location data in some form is likely already being generated and stored. This capability has sparked a creative gold rush, with an ever-increasing number of software applications racing to become “location aware”. At stake is a slice of the $billion mobile marketing industry. Envision walking by a restaurant and being alerted to a half price lunch special via your mobile device; or arriving at a conference and immediately pinpointing the bars and restaurants where your contacts are located. These applications exist and digital forensic examiners can use the data generated to pinpoint the location of a device at a specific time.

This is an update to an article previously published in Digital Forensics Magazine and is posted on and cross posted from the Authors blog by agreement. You can read the rest of the 1st installment here:

(900)

Book Review – XBOX 360 Forensics

Posted on 8 January 2012 by Admin

Rating ****

XBOX 360 Forensics offers a fairly in-depth introduction into the world of Games Console Forensics and the tools and techniques required to carry out investigations into Next-Generation Games Consoles.

As popular gaming platforms become more and more sophisticated, using their own operating systems and accessing the Internet for various types of transactions, the potential for illegal and malicious activity is dramatically increasing.

Bolt starts the book with a detailed description of the XBOX 360 system, the setup process and how to sign up, and connect to, the social aspects of the XBOX 360 gaming experience: XBOX Live. It is this social outlet that is the main cause of concern for the population with news reports about paedophilia and child abuse stemming from meetings organised using the mail and chat functions inbuilt into the online portal.

Bolt does not provide much information on other crimes that can be committed using the console such as malicious activity as the result of installing a secondary operating system (for example, Linux), but the emphasis of the malicious potential is made quite clear and the need for a set method of investigating consoles is prominent.

With very little documentation on the investigation of consoles available to the investigator, Bolt has provided the perfect starter guide for forensic investigation all the way from acquisition through to analysis. Rather than just provide the tools and techniques, however, Bolt takes the reader along the journey of investigation and provides a very detailed walkthrough of the baseline contents of the XBOX 360 Hard Drive, explaining the various different file types (such as PIRS, LIVE and CON files) and sector locations of valuable information.

The guide describes the use of only a few tools but within this provides an in-depth and efficient investigation method to analyse the Hard Disk Drive. The tool that takes the spotlight in the investigation, Xplorer 360, is not strictly a Forensic tool but more of a console management tool used to connect the XBOX 360 to a Computer via the network and interact with it. it is interesting that this piece of software should provide a solution to the investigator to find artifacts previously unfound by the standard Forensic tools such as Guidance Software’s EnCase and AccessData’s Forensic Toolkit Imager. A criticism of the guide is that its main focus is on the Hard Disk Drive, which, while holding some of the user information and game saves, does not contain information of the operating system or memory stack. Bolt mentions that this information is held within specific hardware inside the console itself and it would seem prudent to provide methods to investigate these artifacts, especially when the need for Live Analysis is increasing.

Summary

The book does seem quite basic throughout, providing technical details that most investigators would probably be able to figure out for themselves, however, it is an easy read and one that would prove interesting to most who do not know much about the investigation of games consoles.

Willem Knot

Book Title: XBOX 360 Forensics

Book Subtitle: A Digital Forensic Guide to Examining Artifacts

Author(s): Steven Bolt (Samuel Liles – Technical Editor)

Publisher: Syngress/Elsevier

Date of Publishing: 7th February 2011

ISBN-13: 978-1597496230

Price: £36.99 (UK), $59.95 (USA)

(1689)