TechVets Launch Digital Cyber Academy

It was a real privilege to be invited to be a panelist at the launch event of the TechVets (techvets.co) Digital Cyber Academy (https://www.vetcyberacademy.com) held at Level 39 on Thursday the 8th March.

The TechVets event was the brainchild of four people (Mike Butcher MBE, Peter Connolly, Euan Crawford & Mark Milton) who deserve much praise for pulling it all together. I should add that the event was supported by Amazon, ORACLE, IBM, Google and many other names from the tech industry; however what was significant to me was the support provided by many SME organisations, many of which are run by or employ veterans. These SME’s do not have the large budgets to support such worthy initiatives, but felt that TechVets was important enough to get involved in and I applaud their commitment.

There were many messages from those who had already made the transition from Military to Civilian life, including yours truly, albeit it was sometime ago now that I made my transition into an industry that was in its infancy. The messages were quite clear and succinct, the skills that you learn and practice whilst in all aspects of the military are directly translatable to opportunities in the tech industry. By this I do not mean just the technical skills, but the more softer skills that are often missing from civilians as they have not had the need to use such skills. By way of example, skills such as how to assess a situation, make a plan and execute that plan, once the plan is executed to constantly monitor the execution and make changes as the situation dictates; these are directly related skills to managing incidents within the technology sector; in addition those who assess risk and options at a strategic level have skills that translate directly to Chief Risk Officers (CRO’s) in the corporate environment, I could go on but this would very soon become a job skills translation matrix, maybe something that might be useful but there are better people out there that could put such a matrix together than I. Taking a quick look at the career transition partnership (ctp) website (https://www.ctp.org.uk/) on the home page is a list of 6 transferable skills, namely;

Communication skills
Organisation and commitment
Problem solving and adaptability
Leadership and management skills
Health and safety, security awareness
Team working

This was the same list that I was given some 20 plus years ago. I am in no way saying that the career transition partnership is not good and that the process is flawed, far from it, I am sure that the process is well thought through with much help and good advice being provided. Where I think we may have to look deeper is at how the ‘skills and interest analysis’ for leaving servicemen and women is being carried out, and how the results might be mapped to the opportunities that are available in the growing technology sector, just making service leavers aware that these roles exist and that they are capable of doing them would be a start, lets be inclusive, not exclusive in the process.

It was clear to me during the TechVets launch event that when people were talking about Cyber Security they appeared to be focussing more on the service sector and how cyber security experts are utilised by the likes of IBM, ORACLE, SAP, KPMG, NCC Group etc. or one of the myriad of SME consultancy/service companies that are out there. The opportunities for our service leavers is much wider than just the service sector. The last major revolution was the Industrial Revolution and the mechanisation that resulted, the Digital Revolution has enabled business to take the next leap from mechanisation to automation with greater outcomes in terms of productivity and cost reduction. This move towards autonomy transcends all business sectors from the Built Environment, Manufacturing, Transport, Health etc. resulting in opportunities and skills shortages in all these sectors, if you add into this mix the integration of physical security technology (much utilised in the military) with the more traditional cyber security technology there lies an even greater number of opportunities for our service leavers.

It is at this point I guess I must address the topic of skills training. This is a complex and significant topic that I am not going to be able to do justice to here in this short note. The Worshipful Company of Information Technologists (WCIT – https://www.wcit.org.uk/) where I chair the Security Panel have been working for some time to get coherence around Cyber Security and Skills including the modern day apprenticeships in cyber security. In addition there is significant work going on with regard to getting coherence in Professionalising the Cyber Security Professional and the various certifications and awards that are out there. This is important for those going through career transition in knowing what is recognised and relevant to the particular technology security career path they wish to follow. If I was to provide some advice at this point, it would be to look at the professional bodies such as the IET, BCS, ICE, IISP etc., there are many others out there and it would take too long for me to list them all and no inference should be taken by exclusion. Clearly selecting the correct training course when spending your training budget during career transition is essential and this is possibly another area that might be reviewed with regard to career transition, to ensure that the appropriate courses for the various career opportunities are identified and accredited in some way. There is also the possibility of looking at ‘accreditation of prior learning’ where military courses are given credits towards attaining accredited training certifications and academic qualifications. What I do believe is that the Digital Cyber Academy is certainly a good starting point. As someone who did a Health & Safety course for his transition and subsequently did a part time MBA at the Open University to understand how to run a business, then studied a Masters Degree in Information Security at the age of 44; I can say that the resettlement course whilst useful and at times and sometimes relevant in my work, it was not directly relevant to my ultimate career path and I suspect that this may be the same for many others, when a clear course choice for the desired career path does not exist.

As a last thought on the launch, I was very interested in a statement made by a member of the audience where he stated “I do not know how to be a civilian!”, this was followed up by a panel member who pointed out that the Military do look after our servicemen and women very well and that they are sheltered somewhat from life on the other side of the fence. Clearly if this is a widely held view by service leavers, then possibly the resettlement or career transition process needs to be reviewed as to the wider aspects of transition, not just the career path. To get a quick view for myself I went to the .GOV.UK website (https://www.gov.uk/guidance/information-for-service-leavers). Clearly much has moved on since my own transition in the early 90’s (yes I am that old), however I did feel that much of the focus was on career transition, not necessarily transition from military to civilian life.

So in short, I believe we still have much to do in order to maximise the ability of service leavers to move into the cyber security technology sector and help reduce the skills shortage that we are currently experiencing and will continue to have for some time. I therefore offer my congratulations again to those who have worked hard to established TechVets and get it to its launch position and wish all service leavers well in their transition. If I was to offer a note of caution it would be that the TechVets initiative needs to establish itself beyond the current goodwill with a governance structure and to ensure that they avoid becoming an organisation that just feeds the larger service companies.

(128)

Share

Digital Artifact Genome Project Survey

The term digital forensic artifact is one that is widely used in the digital forensic domain, however the term itself has never been truly defined. Generally, it has been used to describe potential digital evidence that could be found on a device such as e-mail messages, images, videos, chat logs, browsing history, hardware identifiers, etc. But again, no clear cut definition has been developed. Developing a clear cut meaning of what a digital forensic artifact is crucial in the development of our project, the Artifact Genome Project (AGP), and is the purpose for this survey.

AGP is a project that has received funding from Purdue’s VACCINE Center – (a US Department of Homeland Security Center of Excellence) to create a scientifically validated and organized repository of all digital forensic artifacts. This is of major interest to the cyber forensics community as it will provide a central hub where all known information regarding any digital artifact can be found and archived. For instance, if a practitioner were investigating an incident and discovered an artifact that they were unfamiliar with, they could query our database in search for it. This action would cause one of two responses; i) an entry for the artifact existed within AGP thereby allowing the practitioner to receive detailed information regarding the artifact including how to proceed with the investigation, or ii) an entry did not exist. Consequently the practitioner must investigate it themselves, but once fully inspected the practitioner may create an entry within AGP thus ensuring that if others were to come across this artifact they would know how to examine it.

This survey will help us develop categories and fields for digital forensic artifacts that will contribute to AGP’s ease-of-use as well as ensure that AGP provides as much correct and useful information as possible.

Survey link: http://studentvoice.com/uonh/agp

(1036)

Share

Cellebrite UFED 4.0 Offers New Time-Saving Workflow Capabilities

Cellebrite, leading developer and provider of mobile data forensic solutions, released the latest version of its leading mobile forensics solution – UFED 4.0. The new version offers features that improve investigative workflows and save time in both lab and field environments.

Inefficiencies such as extra layers of work process and lack of access to a full range of forensic tools often hinder efforts to obtain evidence and intelligence from mobile devices. UFED 4.0 aims to address some of these key challenges by enabling simple and effective language translation, faster and more powerful data carving, and integration of screen captures into forensic reports.

Key features of Cellebrite’s UFED 4.0 include:

  1. Efficient, Powerful Language Translation – An offline translation solution on UFED Physical/Logical Analyzer 4.0 that accurately translates both short and long words. It helps to reduce challenges associated with foreign language translation, including the need to rely on another person, or to copy/paste into an online tool. The UFED translation engine currently supports 13 languages, including English. Five of the 13 are offered free of charge with a UFED license.
  2. Updated Carving Process Enhanced automated carving from Android devices’ unallocated space offers access to much more—in some cases, double or triple the amount—of deleted data than previously allowed. While manual data carving is still an important part of the forensic validation processes, UFED 4.0 redesigned the automatic data carving functionality to present more precise deleted data by dramatically reducing false positive and duplicate results.
  3. HTML Report Viewing on UFED Touch – UFED Touch now offers the option to view an HTML report that includes general device Information and the logical extraction data on the touch screen.
  4. Web History and Web Bookmark Capabilities – Newly included for logical extractions, and therefore viewable with UFED Touch, are web history and web bookmarks. From iOS devices, the new UFED 4.0 feature extends logical extraction and preview capabilities to app data.
  5. New UFED Camera Function – A new manual evidence collection feature, UFED Camera, allows users to collect evidence by taking pictures or videos of a device’s screen. The ability to take screenshots can be important in the field, helping to substantiate documentation of what law enforcement or investigators saw on the device during an initial scroll-through. In the lab, taking screenshots can help you to validate device extraction results – to show that the evidence in an extraction file existed on the evidence device.
  6. Enhanced Dashboard and User Experience – Users can perform multiple extractions on one device without having to return to the home screen. This means that they can obtain additional logical, physical, file system, or camera capture extractions as soon as one type of extraction is complete.

For more details on these and other new and enhanced decoding and app support capabilities—including support for the new iPhone 6, iPhone 6 Plus and other Apple devices running iOS 8—take a look at the UFED 4.0 release notes at: http://releases.cellebrite.com/releases/ufed-release-notes-4-0.html.

(1147)

Share

Authors – Book Reviewers – Product Reviewers – Bloggers – Evangelists

Digital Forensics Magazine is always on the look out for new talent and content and as the number one magazine for all matters Digital Forensics we are looking to expand our list of contributors. If you feel that you have something to contribute to the magazine in one of the following categories, contact us via 360@digitalforensicsmagazine.com and join the ever-growing team of international contributors who are leading the discussions.

/Authors
If you have an idea for an article, which you would like to discuss, or if you want to become a regular contributor, we want to hear from you. The field of Digital Forensics is vast and with the ever-increasing use of technology in so many aspects of daily life, not previously envisaged, the need for the Digital Forensic investigator to go beyond the hard disk and the mobile phone requires new tools and techniques. If you are involved in Digital Forensics or related research, developing new tools to solve a particular problem (especially new technology), a learning experience from a case study or just want to share your ideas and thoughts we would like to hear from you. It does not matter if you have not written before; we will work with you to craft your idea into a publishable article using our team of experienced authors and editors. If this is you then email us at 360@digitalforensicsmagazine.com or submit your article idea via the website www.digitalforensicsmagazine.com

/Book Reviewers
As we see the increasing and innovative use of technology, the need to secure and investigate said technology is increasing. As a result we see an increasing number of books being published that require review and comment. Working with the leading publishers Digital Forensics Magazine obtains these books to allow us to review and comment on. These reviews are then covered in the magazine and carried on the DFM Blog. Once selected you will be sent a list of books available for review, you then choose a title that you like and we will send you the book. You read the book and then fill out a review form to be sent back to DFM. If you would like to become a book reviewer for Digital Forensics Magazine contact us at 360@digitalforensicsmagazine.com with a CV to demonstrate that you have the required knowledge and experience to be a book reviewer.

/Product Reviewers
Digital Forensics Magazine regularly carries articles on various supporting investigative technologies and we have a number of companies that have asked us if we would consider reviewing their products. This is not a rubber stamping exercise, this is an in-depth review looking at aspects such as ease of installation, ease of use, information gained, usefulness of the product, supporting documentation etc. etc. To become a product reviewer you will need to be a suitably qualified Digital Forensics Investigator who has knowledge of the disciplines in which the technology operates. If you would like to be a product reviewer contact us at 360@digitalforensicsmagazine.com with a CV and a statement of why you believe you have the credentials to become a product reviewer.

/Bloggers
The Digital Forensics Magazine blog is an outlet for news, commentary, ideas and even the occasional rant. We are looking for Digital Forensic researchers, investigators or even those with just an interest in the subject to join our growing band of regular contributors to the blog site to provide interesting and stimulating content. The content can be wacky as well as serious, however it must be related in some way to Digital Forensics and will be checked and edited prior to publication. If you would like to become a regular contributor to the digital forensics magazine blog then contact us at 360@digitalforensicsmagazine.com

/Evangelists
Digital Forensics Magazine is a global magazine printed in English and distributed to over 40 countries including those in South Africa, South America, Australasia, Eastern Europe as well as in the UK and USA. The cost of promotion to such a large audience in all of these geographical areas is beyond the budgets of the magazine, so we are on the look out for evangelists; those people who believe passionately about Digital Forensics and are active in their own communities. DFM Evangelists receive discount vouchers to pass onto their communities as well as having direct access to the marketing team at DFM who will help them promote Digital Forensics related conferences, events and activities in their region. If you are interested in becoming a Digital Forensics Magazine Evangelist contact us at 360@digitalforensicsmagazine.com.

Digital Forensics Magazine prides itself on not just being a magazine, but also for being a source of quality, valuable, and useful information for the Digital Forensics Profession. Our goal is to bridge the gap between the academic journal and the traditional magazine. We want to hear from you on what is good or bad as well as what you would like us to include so please provide your comments to us via 360@digitalforensicsmagazine.com and if you want to get involved in one of the activities outlined we would welcome you to the growing band of professionals who contribute to the growth of the magazine.

(3169)

Share

Digital Forensics Capability Analysis

The ICT KTN, on behalf of the Forensic Science Special Interest Group (FSSIG), is conducting a survey of the UK’s Digital Forensics Capability. This work is being managed by Angus Marshall, of n-gate ltd., to whom any initial queries should be directed. The project team also includes the CyberSecurity Centre at De Montfort University.

To download this survey please visit the following links:

Word format
PDF format

Background

Traditional Digital Forensics activities involve the recovery and investigation of material found in digital devices. Such data is at rest on static devices such as hard drives and in solid-state memory on camcorders, mobile phones, GPS navigation devices etc. The market for this activity was driven by Law Enforcement and other public sector organisations, hence it was necessary for all activities to be conducted in line with UK evidential criteria so that it was admissible in a court of law.

Our digital age has seen requirements evolve. With the ubiquitous use of email came a requirement for a new field of expertise – that known as “e-discovery”. E-discovery refers to discovery in civil litigation, which deals with the exchange of information in electronic format (electronically stored information or ESI). This data is subject to local rules and processes and is often reviewed for privilege and relevance before being turned over to opposing counsel, where the burden of proof rests on the balance of probability.

However our digital evolution has not remained static. The growth of cyberspace, the trend towards mobile devices (BYOD) and cloud services has seen data take on a far more transitory nature, and the physical location of data at rest can be difficult if not impossible to determine. Data is versioned, distributed and stored across differing networks, devices, borders and boundaries.

The traditional digital forensics practice of imaging and extracting information from disparate physical devices no longer suffices for incident investigation in cyberspace. There is an increasing requirement from businesses in the private sector, and emerging capabilities are required to keep pace so that these requirements can be met.

The team will produce a report detailing the current stakeholders, existing capabilities and challenges. This will enable the identification of areas in which there are capability gaps. Attention will then be paid to how these gaps may be reduced and any specific challenges which will need to be overcome in order to do so. Further, a glossary of terms of key digital forensics concepts with simple definitions will be produced to assist with knowledge transfer both within and outside of the FoSci community.

Your involvement

You can assist with this first stage of the survey by completing the attached questionnaire and returning it to DFCA@n-gate.net no later than Monday, 4th March please. All responses will be treated in strictest confidence and your answers will be anonymised before they are included in the report(s).

Digital Forensics Capability Analysis – Questionnaire

If you are willing to assist with this phase of the project, please complete and return to DFCA@n-gate.net by Monday 4th March 2013

1) What do you understand by the term “Digital Forensics”. (one or two sentence answer)

2) In which context do you use digital forensics (e.g. law enforcement, civil law, criminal law, private sector, internal investigation, information security)

3) What types of technology do you deal with in the context of digital forensics ?

4a) What is the single greatest DF challenge you, personally,  face in your everyday activities ?

4b) How do you think this challenge could be addressed ?

4c) What is the single greatest DF challenge that your organisation faces in its everyday activities ?

4d) How do you think this challenge could be addressed ?

5a ) What challenges do you think you will face in the near (1-2 years) and medium-term (2-5 years) future ?

5b) How do you think these challenges could be addressed ?

6) When you are looking for solution to digital forensics problems, who do you turn to for

a) off-the shelf solutions ?

b) bespoke solutions/product customisation ?

7) Who would you consider to be the key people or organisations relevant to your experience and usage of digital forensics ?

8) What other innovations, relating to technology, services or any other issues affecting digital forensics, do you think would be beneficial ?

9) May we contact you again for more information ?

(If “Yes”, please also provide your name and a contact phone number or email)

 

SIG Forensic Science

Forensic Science Special Interest Group

For more information about the FSSIG, and to get involved in the community, please see https://connect.innovateuk.org/web/forensics

(%count%)

(11635)

Share

Call for Forensic Practitioners to Beta Test new Tool

CCL-Forensics based in the UK are offering Digital Forensics Practitioners the opportunity to take part in the final beta test which is now underway, any interested practitioners wishing to be involved should register at www.ccl-forensics.com/pip.

Researchers at CCL-Forensics have developed an innovative application for presenting the data held in XML format – a common data storage format, found on a wide range of digital devices and platforms including PCs, phones and SatNavs. The development in complex data interpretation is set to significantly speed up digital forensic investigations by enhancing the presentation of evidence from a range of commonly used devices.

Although XML is a text-based format, it’s not user-friendly in its raw format, meaning digital investigators often have to manually manipulate large amounts of data to locate evidence relevant to their enquiry.  XML files can contain, for example, internet history, web searches, SatNav recent locations, social networking history – and more.

CCL-Forensics has developed “PIP” to eradicate this problem.  PIP is a software tool which parses data from XML files, using the XPath query language and presents the investigator with a results in a user-friendly, easy-to-interpret form.  This saves a considerable amount of time, and means costs to investigators are kept to a minimum.

In addition, PIP natively supports AppleTM’s property list (“plist”) file format, both in their XML and binary forms.

“An XML file shown both in its raw form and when presented using PIP”

A regularly updated library of XPath queries is included within PIP and CCL-Forensics is constantly researching opportunities for new additions to the library, however, for the advanced practitioner, PIP allows bespoke queries to be written for new data types which may be uncovered during the course of an investigation.

The team behind PIP also recognised the need for investigators to process a number of similar files simultaneously, and therefore developed a batch processing capability.

PIP was created in response to demand from Law Enforcement Agencies to streamline the presentation from the increasingly complex range of digital devices – for little additional cost to the taxpayer.

Alex Caithness, the developer of PIP says “One of the biggest frustrations of any digital examiner is the fact that their tools extract data which they have to manually interpret to turn into a reportable format. PIP is designed to eradicate this problem for XML and plist files.

These files are used in many different devices and applications – the iPhone to name just one.  Investigators are seeing a great deal more of these devices, and without a tool like PIP, they may spending time manually processing them.

This is doubly unfortunate, because they have already carried out the first step – by extracting the data.  They just now need to interpret it.  PIP does this effortlessly.”

PIP is a constantly evolving tool and the developers would welcome suggestions for future functionality.  For more information, please contact Marketing Manager Andy Holmes on +44 1789 2621200 or email aholmes@ccl-forensics.com.

 

(1857)

Share

I’m about to enrol on a forensics degree at university, can you give me any hints/tips on how to be successful in forensic IT?

The above question was sent to Digital Forensics Magazine and we thought it warranted a thoughtful answer so we asked Dr. Richard Howley who is the MSc Forensic Computing and MSc Computer Security Course Leader De Montfort University his views.

The suggestions below focus on the early part of your career, i.e., your degree and entry into the profession. Others may contribute suggestions regarding being successful as you join the profession.

1.    Get your degree from an established, respected and well connected institution. Ask your university who they work with, what visiting lectures did they have last year, what national and international initiatives are they involved in? Research into who these people are, what their organisations do and what the initiatives are. Building up your knowledge of the UK and USA forensic IT landscape is important.

2.    Get qualified. The importance of training and qualifications in this business is well known and documented. Academic awards are highly prized as is evidenced by the popularity of MScs amongst members of the profession.

3.    Get connected. Register with as many forensic IT professional bodies, forums and blogs as you can manage and monitor their work.

4.    Ask your university to provide you with some suggested preparatory materials and or activities. At De Montfort University we hope that you are already hungry for knowledge and motivated enough to seek it out; we expect you to be pushing us to provide you with work you can be doing before joining us. A list of technical skills that new entrants to our courses can develop prior to starting is provided at: http://www.cse.dmu.ac.uk/~rgh/MSc_FC_MSc_CS_FAQs.htm#q16

5.    If your university doesn’t provide pre-course guidance then  consider the following:

  • There are many very good text books on this subject and many come with an extensive set of investigative exercises. They take you through the process of ‘static’ PC based forensics very well. All the software, cases and evidence files you need are usually included on a DVD –a great resource. For recommendations email me.
  • Seek to understand ‘live’ forensics including malware analysis, reversing, live network forensics, memory forensics and virtualisation. Many good online and text based resources exist to support your study of these topics.
  • Other emerging concerns that you should seek information about include small scale mobile devices, e-discovery and massive data sets, the ‘cloud’, etc.
  • Mobile phone forensics is very popular and worth looking into – partly because some of the major software companies provide free trial versions of their software with online tutorials.

6.    Linking academic and professional practise include issues such as continued professional development, research design and implementation and report writing.

  • Your degree is the first step in a process of life-long learning; forensic IT never stands still and as such the learning you undertake prior to starting and during your degree will provide you with independent study skills that will serve you well throughout your entire career.
  • Whilst your course and profession may appear predominantly technical never underestimate the importance of the social, ethical and legal context of your work. You will cover this at university and your knowledge and consideration of it should be updated and applied throughout your career.
  • When you start work in the field you will quickly discover that the text books don’t have all the answers. You will need to identify and research new solutions to novel situations. This will involve designing experiments and implementing them to explore and inform your evidential hypothesis – this classic academic/research process has huge relevance to your later professional practise, so don’t underestimate it and take every opportunity to practice and develop these skills whilst at university and after.
  • Writing essays or reports and giving presentations at university are not just academic exercises. It is direct training in skills that the forensic IT professional needs. You must be able to write concisely, persuasively, accurately, with precision and in an evidenced based manner. The same is true of public speaking and presentation, i.e., giving evidence. The more frightening you find the prospect of public speaking – the more you must do it! Start in a gentle way; asking questions in class or contributing to discussions is a first step in public speaking, so do try and take part. Take every opportunity to develop and practice these skills – we can all improve no matter how experienced we are.

7.    Finally, in the profession you will be expected to know multiple operating systems (Windows and Linux extensively), file systems, hardware, connection protocols, cables, devices, etc. So get an old machine or two, a screwdriver, a bunch of operating systems and play (carefully!) – and learn!

It’s a great profession – good luck on your degree course and in the profession that follows.

Dr. Richard Howley
MSc Forensic Computing and MSc Computer Security Course Leader
De Montfort University

(86086)

Share

Volatility Developer Responds

In Issue 5 of Digital Forensics Magazine, Ron Tasker discussed the subject of Volatile RAM Analysis and the use of Volatility. This prompted a letter from Marc Remmert published in Issue 6 raising concerns about the limitations of Volatility and Windows XP.

Whilst Ron responded to these concerns (his comments can be found in 360 of issue 6) DFM approached AAron Walters who is the founder of Volatile Systems, LLC and the lead developer for the Volatility Project, for his comments on the article, the comments made by Marc and Ron’s response. Unfortunately they were not received in time to be included in Issue 6. In the interests of balance we agreed to include his comments in a blog.

“Let me begin by thanking Ron for the excellent article.  I think he did a very good job explaining the importance of memory analysis and the associated challenges and base that modern digital investigators face.

It is imperative for digital investigators to realize that we are facing an adaptive human adversary and thus we can’t afford to simply rely on the rules we once learned.  Not doing the right thing because it is complicated or new, is never a justification for complacency.  It seems hard to defend the antiquated statement that “powering off the system is good” when, comparatively, it destroys more artifacts within the perspective of entire digital crime scene (RAM, disk, etc) than running a tool that samples the state of physical memory.

In Ron’s response to the comment about his article he also raises some interesting points about Open Source forensics tools. The comment’s author states that Volatility 1.3 only supports Windows XP 32-bit memory samples and contends that this a big obstacle. While the comment’s author is correct with respect to 1.3, it seems interesting that they contend their only option is to buy expensive tools or hope Volatility is updated. As the leader of the Volatility Project, I always find these statements disheartening. I’m not sure why people feel the need to complain from the sidelines as opposed to actually getting involved and contributing to the community.  It is only then that they would come to appreciate the unique flexibility and modularity of The Volatility Framework, which has allowed it to support a variety of operating systems and hardware architectures (Windows, Linux, etc).

As Ron mentioned in his reference to Dr. Schatz’s work, there are many groups out there using Volatility to support other operating systems including Windows 7. I’m even aware of groups using Volatility to analyze cell phones. Thus, the “tool-users” can sit back and wait till 1.4 (http://code.google.com/p/volatility/) is released or they take the initiative to contribute. Regardless, if that contribution is writing an article (i.e. Ron Tasker) or helping test a new operating system (i.e. Dr. Schatz), all contributions help to move the community forward.”

AAron Walters

Founder, Volatile Systems, LLC

Lead Developer, The Volatility Project

You too can have your say by adding your comments here or writing directly to DFM via 360.

(941)

Share

Get Involved

Authors

As we continue to strive to bring you the latest happenings in the world of digital forensics, we are on the look out for anyone who has a story to tell or something to share that would benefit the wider profession.

If you are:

  • researching a particular aspect of digital forensics
  • have developed a new tool that you would like to share
  • been involved in a case that has raised specific issues

then we want to hear from you.

If you have already written an article that has not been published or even one that has been published with a limited distribution and would like a wider audience, we are happy to discuss its suitability for any of our publications:

  • Magazine
  • Web White Paper
  • Newsletter

Bloggers

If you want a slightly less formal outlet than the web site or magazine, but still have something to say, we still want to hear from you for the DFM Blog and/or newsletter, if you:

  • have an opinion on a recent news item
  • a short story to impart
  • need an outlet for your frustration

We are looking to identify a number of you who would like to be regular contributors to the Blog or maybe provide less formal articles for the newsletters.

Technical Tools / Application Developers

Have you created a tool or application that you would like to share with others? If so, then contact us immediately.

Many practitioners develop their own tools and applications to deal with specific situations that arise. Rest assured that you would not be the only one who will meet that situation. So if you are prepared to share your tools with others, we have established a tools download section on the DFM website.

All tools will come with the normal safety warnings regarding their use, and using our outlet will get you feedback from your peers.

Technical Reviewers

Do you have the time and ability to technically review an article or tool/application? Then we want to hear from you.

At DFM we are always on the look out for people who are willing to carry out technical reviews of articles or tools/applications. We already have a waiting list of vendors who would like us to provide a technical review of their products, if you would like to join our team of technical reviewers; then contact us now.

Technical reviews will be published on the website and on occasion in the magazine, with the review fully attributed to the reviewers, if they so wish. You must not be a competitor or employee of the vendor who is supplying the technology for review, and you must have the skills and facilities to carry out any review. This is ideal for Universities or who have access to labs or those who have their own lab.

DO YOU WANT TO GET INVOLVED?

If you would like to get involved in any way, then drop us a line.

Send an email to acquisitions@digitalforensicmagazine.com providing a short biography and what aspect of DFM you would like to get involved with. We will then send you further details on how to proceed, in the area you have chosen.

Join the virtual team here at DFM and “Get Involved”

(579)

Share

Cell Phone Evidence Extraction

Due to popular demand Detective Cindy Murphy has released her paper on a process for Cellular Evidence and Data Extraction. We at DFM are happy to help get this into the hands of Digital Forensic Investigators globally and whilst it has not been reviewed through our normal technical review process we are happy to help publicise this piece of much needed work. The article is available for download using the link below or subscribers to Digital Forensics Magazine can download the paper from the White Papers Downloads Section of the DFM Website.

Cindy Murphy is a Detective with the City of Madison, WI Police Department and has been a Law Enforcement Officer since 1985. She is a certified forensic examiner (EnCE, CCFT-A, DFCP), and has been involved in computer forensics since 1999. Det. Murphy has directly participated in the examination of hundreds of hard drives, cell phones, and other digital evidence pursuant to criminal investigations including homicides, missing persons, computer intrusions, sexual assaults, child pornography, financial crimes, and various other crimes. She has testified as a computer forensics expert in state and federal court on numerous occasions, using her knowledge and skills to assist in the successful investigation and prosecution of criminal cases involving digital evidence. She is also a part time digital forensics instructor at Madison Area Technical College, and is currently working on her MSc in Forensic Computing and Cyber Crime Investigation through University College in Dublin, Ireland.

Cell Phone Evidence Extraction Process Development 1.8
Mobile Device Forensic Process v3.0

(2508)

Share