Category Archives: Announcements

UK Government Issues Cyber Security Professionalism Consultation Document

Posted on by

Dateline – 19th July 2018

As part of its National Cyber Security Strategy published in 2016, the Department for Culture Media and Sport today published its Consultation Document on creating the environment to develop the cyber security profession in the UK. In recognising that the UK has some of the best Cyber Security Professionals in the world the UK Government also recognises that “the need to further develop the right skills, capabilities and professionalism to meet our national needs across the whole economy is increasingly important” and that the “consultation sets out bold and ambitious proposals to implement that. It includes a clear definition of objectives for the profession to achieve and proposes the creation of a new UK Cyber Security Council to coordinate delivery”. The consultation aims are to:

* Summarise the Government’s understanding of the challenges facing the development of the cyber security profession;
* Seek views on objectives for the profession to deliver by 2021 and beyond; and
* Seek views on the creation of a new UK Cyber Security Council to help deliver those objectives.

The consultation period ends on the 31st August 2018 and therefore only provides a short period for the responses to be submitted. Responses may be submitted via an Online Portal by both organisations and individuals.

The current UK cyber security organisations were quick to recognise, that if left alone to plan and decide the future for the profession the outcome may not be desirable to their various members, a single governing body would not be suitable for all the various professional roles that are related to the cyber security profession. A collaborative ‘Cyber Security Alliance’ was therefore formed that includes many of the leading organisations such as the BCS, IET, IAAC, ISSP, to name but a few, of what has become a growing alliance. The ‘Cyber Security Alliance’ issued its own press release regarding the consultation process and its support to the National Cyber Security Strategy.

The aim of creating a Cyber Security Council is a bold move founded on previous experience of such organisations as the ‘General Medical Council’, ‘The Science Council’ and the ‘Engineering Council’. Some of these organisations were created by statute, however this is not the plan for the Cyber Security Council. Yet in this single point is the greatest danger to the future of establishing such a council. The council has to be all things to all the current organisations and potential new alliance members, with no single organisation taking a lead role, for to do so would potentially collapse the Alliance and ultimately the very idea of a Council. For this to work the cyber security council will need to be established from the ground up, be non profit for the benefit of its member organisations and have a plan to become self sufficient in the near future.

This is important for the future of the cyber security profession here in the UK and urge all to respond to the consultation to ensure that the widest possible participation is achieved.

(90)

Share

Digital Forensics Specialist (Video)

Posted on by

Digital Forensic Specialist (Video)

SALARY – Circa £37,305 plus £3,406 location allowance

You will receive £37,305 the band minimum. Progress to the band maximum of £41,811 will be via incremental progression. 
LOCATION –   London, SE1

The Digital, Cyber and Communications (DCC) department is undergoing significant changes. It’s all to improve the way we deliver digital forensics services to the MPS and the Criminal Justice System. We’re aiming to offer three different levels of service. As part of this, we’re introducing digital forensic kiosks into custody suites and opening small labs across London. This is a rare chance to be part of the Central Digital Forensics laboratory and help bring criminals to justice – all while developing a unique skill-set.

You’ll be crucial to our vision, as you’ll help us to enable complex investigations, and develop new tools to meet the needs of future technologies. An expert in your field, you’ll be a valuable member of the Forensic Video department, able to interpret digital forensic submissions and provide detailed reports. Confident in the recovery of deleted or corrupted video material, you’ll reverse engineer everything from CCTV recorders to phones – creating compilations for court presentation. With outstanding communication skills, you’ll also oversee a small team and provide peer reviews against ISO 17025 standards.

To join us, you need to be confident with all types of video technology and forensics techniques. With second-to-none expertise, you’ll have proven experience in presenting evidence, working on criminal investigations and attending court. And committed to constantly improving technical practices and procedures, you’ll be dedicated to keeping track of emerging trends.

To apply, please visit our website to download a role specific information pack and application form.

Completed applications must be returned by 17 March 2017.

Please note we are only able to review the first 50 applications received.

We view diversity as fundamental to our success. To tackle today’s complex policing challenges, we need a workforce made up from all of London’s communities. Applications from across the community are therefore essential.

www.metpolicecareers.co.uk

(185)

Share

A Gathering of Big Data & Smart Cities Experts in Singapore

Posted on by

SINGAPORE,  – Experts from the Big Data & Smart Cities related industries have recently gathered at Marriott Singapore Tang Plaza for the BIGIT Technology Singapore 2016 featuring the 3rd Big Data & Smart Cities World Show conference. The two-day conference, sponsored by HPE (Platinum Sponsor), Cloudera, Marklogic and Talend (Gold Sponsors), saw a gathering of about 100 attendees from local and overseas including Singapore, Malaysia, USA, Spain, China, Korea, Saudi Arabia, Australia, India and the Philippines with the same objective and mission – to gain comprehensive learning experience related to Smart Cities and build interactive network with global ICT leaders.

This 3rd Big Data & Smart Cities World Show with the theme, “Shaping the Future with Big Data and the Internet of Things towards Building a Smart City” highlighted significant key areas of Big Data and Internet of Things (IoT) in changing businesses and people’s lives in line with the implementation of Smart Cities. With a total of 23 Speakers from various fields, 14 case studies and 4 panel discussions shared during the conference, attendees also had the chance to learn and explore the latest technologies used to build smart cities with the implementation of big data analytics and IoT. Our attendee summed up the event with the feedback: “Thanks a lot for getting me an opportunity to witness the future. I thoroughly enjoyed the event and have gained lot of insights.”

Olygen, the event organiser will also be kicking off its third event this year, known as BIGIT Technology Malaysia 2016, which will feature two concurrent conferences: the 4th Big Data World Show and Data Security World Show and the BIGIT Exhibition on 19th and 20th September at KLCC Convention Centre, KL Malaysia. Co-organised by Multimedia Development Corporation (MDeC) – Malaysia’s government agency leading the national Big Data Analytics initiative, the event will be the Anchor Event of the Big Data Week Asia 2016. To find out more about BIGIT Technology Malaysia, please visit: http://bigittechnology.com/malaysia2016.

For more information, please contact:

Chia Li, Teh
Tel          : +603 – 2261 4227
Email     : enquiry@bigittechnology.com

BIGIT_MY Web Banner 300x200

 

(129)

Share

Cellebrite UFED 4.0 Offers New Time-Saving Workflow Capabilities

Posted on by

Cellebrite, leading developer and provider of mobile data forensic solutions, released the latest version of its leading mobile forensics solution – UFED 4.0. The new version offers features that improve investigative workflows and save time in both lab and field environments.

Inefficiencies such as extra layers of work process and lack of access to a full range of forensic tools often hinder efforts to obtain evidence and intelligence from mobile devices. UFED 4.0 aims to address some of these key challenges by enabling simple and effective language translation, faster and more powerful data carving, and integration of screen captures into forensic reports.

Key features of Cellebrite’s UFED 4.0 include:

  1. Efficient, Powerful Language Translation – An offline translation solution on UFED Physical/Logical Analyzer 4.0 that accurately translates both short and long words. It helps to reduce challenges associated with foreign language translation, including the need to rely on another person, or to copy/paste into an online tool. The UFED translation engine currently supports 13 languages, including English. Five of the 13 are offered free of charge with a UFED license.
  2. Updated Carving Process Enhanced automated carving from Android devices’ unallocated space offers access to much more—in some cases, double or triple the amount—of deleted data than previously allowed. While manual data carving is still an important part of the forensic validation processes, UFED 4.0 redesigned the automatic data carving functionality to present more precise deleted data by dramatically reducing false positive and duplicate results.
  3. HTML Report Viewing on UFED Touch – UFED Touch now offers the option to view an HTML report that includes general device Information and the logical extraction data on the touch screen.
  4. Web History and Web Bookmark Capabilities – Newly included for logical extractions, and therefore viewable with UFED Touch, are web history and web bookmarks. From iOS devices, the new UFED 4.0 feature extends logical extraction and preview capabilities to app data.
  5. New UFED Camera Function – A new manual evidence collection feature, UFED Camera, allows users to collect evidence by taking pictures or videos of a device’s screen. The ability to take screenshots can be important in the field, helping to substantiate documentation of what law enforcement or investigators saw on the device during an initial scroll-through. In the lab, taking screenshots can help you to validate device extraction results – to show that the evidence in an extraction file existed on the evidence device.
  6. Enhanced Dashboard and User Experience – Users can perform multiple extractions on one device without having to return to the home screen. This means that they can obtain additional logical, physical, file system, or camera capture extractions as soon as one type of extraction is complete.

For more details on these and other new and enhanced decoding and app support capabilities—including support for the new iPhone 6, iPhone 6 Plus and other Apple devices running iOS 8—take a look at the UFED 4.0 release notes at: http://releases.cellebrite.com/releases/ufed-release-notes-4-0.html.

(1169)

Share

Altium releases its TASKING ARM Cortex-M Embedded Development Tools for the Mac

Posted on by

Sydney, Australia – 2 October 2014 – Altium Limited, a global leader in Smart System Design Automation, 3D PCB design (Altium Designer) and embedded software development (TASKING) announces the release of its TASKING VX-toolset for ARM Cortex-M for Apple Mac computers running OS X.

web--PR_Image-_TASKING_MAC_Port_for_ARM_CompilerTraditionally embedded software development tools have been available exclusively for the Windows operating system and Altium has a long history in providing its TASKING cross compilers and debuggers for running on Windows, including its TASKING VX-toolset for ARM Cortex-M. With ARM Cortex-M based microcontrollers becoming popular in broad market consumer applications, especially with wearable electronics and electronic systems that can be controlled from the iPhone, it is apparent that embedded software engineers want to use the Mac as their development platform.

To serve this development community, Altium has developed a native OS X port of release v5.1r1 of its TASKING VX-toolset for ARM Cortex-M, bringing its C compiler suite with Eclipse based IDE and debugger to Mac computers.

“Given the growing popularity of Mac OS X and the development of ARM Cortex-M based embedded applications connecting to applications on the iPhone and iPad platforms, we’re excited to offer our TASKING Embedded Development Tools to Mac users,” said Harm-Andre Verhoef, Product Manager TASKING. “Altium’s product offering will empower embedded ARM based developments and provide Mac users with the tools to bring their embedded applications to life.”

Previously, embedded-application developers that preferred Mac computers relied on virtual machines hosting the Windows operating system within OS X in order to run an embedded cross compiler. This led to an inefficient workflow and a variety of challenges, including problems connecting a debug probe reliably to the debugger running inside the virtual machine. The native port to OS X of the TASKING compiler breaks down the barriers for developing embedded applications for Mac users, while allowing them to work efficiently in their platform of choice. Cooperation with STMicroelectronics made it possible to offer in-circuit debug capabilities with the Eclipse integrated TASKING debugger, using the USB port on the Mac to connect to the ST-LINK/V2 debug probe.

TASKING’s Viper compiler technology used in the ARM compiler ensures platform compatibility for developers on OS X and their colleagues using Windows, allowing for easy migration and collaboration. The Viper technology has an industry proven reputation of generating highly efficient and robust code for automotive applications like power train, body control, chassis control and safety critical applications, benefiting developments for broad market and industrial applications.

Key features of the TASKING VX-toolset for ARM Cortex-M for Mac OS X include:

  • Eclipse based IDE with integrated compiler and debugger
  • Highly efficient code generation, allowing for fast and compact applications
  • Support for a wide range of Cortex-M based microcontrollers from different vendors, such as STMicroelectronics, Freescale, Infineon Technologies, Silicon Labs, Spansion, Atmel and Texas Instruments
  • Integrated code analyzers for:
    • MISRA-C:1998, C:2004 and C:2012 guideline
    • CERT C secure coding standard
  • Fast and easy application development through TASKING’s award winning Software Platform technology, bringing:
    • an industry standard RTOS
    • a wide range of ready to use middleware components, such as support for CAN, USB, I2C, TCP/IP, HTTP(S), Bluetooth, file systems, graphical user interface, and touch panel control
  • Eclipse integrated Pin Mapper for assigning signals to microcontroller pins
  • In-circuit debug and programming support through ST-LINK/V2 probe (including on-board probes on starter-kits from STMicroelectronics)
  • Native support for 64-bit Intel-based Macs with Mac OS X

Developers using OS X that require certification of their embedded application for functional safety standards such as IEC 61508 and ISO 26262, benefit from TASKING’s ISO 26262 Support Program for its new ARM toolset on OS X. A manufacturer of an electronic (sub) system is responsible for obtaining certification credit and as part of the process has to assess the required level of confidence in the utilized software tools. Altium supports this through the availability of a Compiler Qualification Kit as well as optional Compiler Qualification Services.

The VX-toolset for ARM release v5.1 is available now on OS X Mavericks, and on OS X Yosemite once it is widely available. Pricing starts at USD 1,995 (€ 1,595) for the TASKING VX-toolset Standard Edition and USD 2,995 (€ 2,395) for the Premium Edition with the award winning Software Platform. Hardware debug support is available in the Professional and Premium Editions through the ST-LINK/V2 debug probe from STMicroelectronics.

(2185)

Share

Authors – Book Reviewers – Product Reviewers – Bloggers – Evangelists

Posted on by

Digital Forensics Magazine is always on the look out for new talent and content and as the number one magazine for all matters Digital Forensics we are looking to expand our list of contributors. If you feel that you have something to contribute to the magazine in one of the following categories, contact us via 360@digitalforensicsmagazine.com and join the ever-growing team of international contributors who are leading the discussions.

/Authors
If you have an idea for an article, which you would like to discuss, or if you want to become a regular contributor, we want to hear from you. The field of Digital Forensics is vast and with the ever-increasing use of technology in so many aspects of daily life, not previously envisaged, the need for the Digital Forensic investigator to go beyond the hard disk and the mobile phone requires new tools and techniques. If you are involved in Digital Forensics or related research, developing new tools to solve a particular problem (especially new technology), a learning experience from a case study or just want to share your ideas and thoughts we would like to hear from you. It does not matter if you have not written before; we will work with you to craft your idea into a publishable article using our team of experienced authors and editors. If this is you then email us at 360@digitalforensicsmagazine.com or submit your article idea via the website www.digitalforensicsmagazine.com

/Book Reviewers
As we see the increasing and innovative use of technology, the need to secure and investigate said technology is increasing. As a result we see an increasing number of books being published that require review and comment. Working with the leading publishers Digital Forensics Magazine obtains these books to allow us to review and comment on. These reviews are then covered in the magazine and carried on the DFM Blog. Once selected you will be sent a list of books available for review, you then choose a title that you like and we will send you the book. You read the book and then fill out a review form to be sent back to DFM. If you would like to become a book reviewer for Digital Forensics Magazine contact us at 360@digitalforensicsmagazine.com with a CV to demonstrate that you have the required knowledge and experience to be a book reviewer.

/Product Reviewers
Digital Forensics Magazine regularly carries articles on various supporting investigative technologies and we have a number of companies that have asked us if we would consider reviewing their products. This is not a rubber stamping exercise, this is an in-depth review looking at aspects such as ease of installation, ease of use, information gained, usefulness of the product, supporting documentation etc. etc. To become a product reviewer you will need to be a suitably qualified Digital Forensics Investigator who has knowledge of the disciplines in which the technology operates. If you would like to be a product reviewer contact us at 360@digitalforensicsmagazine.com with a CV and a statement of why you believe you have the credentials to become a product reviewer.

/Bloggers
The Digital Forensics Magazine blog is an outlet for news, commentary, ideas and even the occasional rant. We are looking for Digital Forensic researchers, investigators or even those with just an interest in the subject to join our growing band of regular contributors to the blog site to provide interesting and stimulating content. The content can be wacky as well as serious, however it must be related in some way to Digital Forensics and will be checked and edited prior to publication. If you would like to become a regular contributor to the digital forensics magazine blog then contact us at 360@digitalforensicsmagazine.com

/Evangelists
Digital Forensics Magazine is a global magazine printed in English and distributed to over 40 countries including those in South Africa, South America, Australasia, Eastern Europe as well as in the UK and USA. The cost of promotion to such a large audience in all of these geographical areas is beyond the budgets of the magazine, so we are on the look out for evangelists; those people who believe passionately about Digital Forensics and are active in their own communities. DFM Evangelists receive discount vouchers to pass onto their communities as well as having direct access to the marketing team at DFM who will help them promote Digital Forensics related conferences, events and activities in their region. If you are interested in becoming a Digital Forensics Magazine Evangelist contact us at 360@digitalforensicsmagazine.com.

Digital Forensics Magazine prides itself on not just being a magazine, but also for being a source of quality, valuable, and useful information for the Digital Forensics Profession. Our goal is to bridge the gap between the academic journal and the traditional magazine. We want to hear from you on what is good or bad as well as what you would like us to include so please provide your comments to us via 360@digitalforensicsmagazine.com and if you want to get involved in one of the activities outlined we would welcome you to the growing band of professionals who contribute to the growth of the magazine.

(3174)

Share

Mobile Device Forensic Process v3.0

Posted on by

Cindy Murphy has updated her paper on a process for Mobile Device Evidence and Data Extraction. We at DFM are happy to help get this into the hands of Digital Forensic Investigators globally and whilst it has not been reviewed through our normal technical review process we are happy to help publicise this piece of much needed work. The article is available for download using the link below or subscribers to Digital Forensics Magazine can download the paper from the White Papers Downloads Section of the DFM Website.

Cindy Murphy is a Detective with the City of Madison, WI Police Department and has been a Law Enforcement Officer since 1985. She is a certified forensic examiner (EnCE, CCFT-A, DFCP), and has been involved in computer forensics since 1999. Det. Murphy has directly participated in the examination of hundreds of hard drives, cell phones, and other digital evidence pursuant to criminal investigations including homicides, missing persons, computer intrusions, sexual assaults, child pornography, financial crimes, and various other crimes. She has testified as a computer forensics expert in state and federal court on numerous occasions, using her knowledge and skills to assist in the successful investigation and prosecution of criminal cases involving digital evidence. She is also a part time digital forensics instructor at Madison Area Technical College, and is currently working on her MSc in Forensic Computing and Cyber Crime Investigation through University College in Dublin, Ireland.

Mobile Device Forensic Process v3.0

(2934)

Share

Digital Forensics Capability Analysis

Posted on by

The ICT KTN, on behalf of the Forensic Science Special Interest Group (FSSIG), is conducting a survey of the UK’s Digital Forensics Capability. This work is being managed by Angus Marshall, of n-gate ltd., to whom any initial queries should be directed. The project team also includes the CyberSecurity Centre at De Montfort University.

To download this survey please visit the following links:

Word format
PDF format

Background

Traditional Digital Forensics activities involve the recovery and investigation of material found in digital devices. Such data is at rest on static devices such as hard drives and in solid-state memory on camcorders, mobile phones, GPS navigation devices etc. The market for this activity was driven by Law Enforcement and other public sector organisations, hence it was necessary for all activities to be conducted in line with UK evidential criteria so that it was admissible in a court of law.

Our digital age has seen requirements evolve. With the ubiquitous use of email came a requirement for a new field of expertise – that known as “e-discovery”. E-discovery refers to discovery in civil litigation, which deals with the exchange of information in electronic format (electronically stored information or ESI). This data is subject to local rules and processes and is often reviewed for privilege and relevance before being turned over to opposing counsel, where the burden of proof rests on the balance of probability.

However our digital evolution has not remained static. The growth of cyberspace, the trend towards mobile devices (BYOD) and cloud services has seen data take on a far more transitory nature, and the physical location of data at rest can be difficult if not impossible to determine. Data is versioned, distributed and stored across differing networks, devices, borders and boundaries.

The traditional digital forensics practice of imaging and extracting information from disparate physical devices no longer suffices for incident investigation in cyberspace. There is an increasing requirement from businesses in the private sector, and emerging capabilities are required to keep pace so that these requirements can be met.

The team will produce a report detailing the current stakeholders, existing capabilities and challenges. This will enable the identification of areas in which there are capability gaps. Attention will then be paid to how these gaps may be reduced and any specific challenges which will need to be overcome in order to do so. Further, a glossary of terms of key digital forensics concepts with simple definitions will be produced to assist with knowledge transfer both within and outside of the FoSci community.

Your involvement

You can assist with this first stage of the survey by completing the attached questionnaire and returning it to DFCA@n-gate.net no later than Monday, 4th March please. All responses will be treated in strictest confidence and your answers will be anonymised before they are included in the report(s).

Digital Forensics Capability Analysis – Questionnaire

If you are willing to assist with this phase of the project, please complete and return to DFCA@n-gate.net by Monday 4th March 2013

1) What do you understand by the term “Digital Forensics”. (one or two sentence answer)

2) In which context do you use digital forensics (e.g. law enforcement, civil law, criminal law, private sector, internal investigation, information security)

3) What types of technology do you deal with in the context of digital forensics ?

4a) What is the single greatest DF challenge you, personally,  face in your everyday activities ?

4b) How do you think this challenge could be addressed ?

4c) What is the single greatest DF challenge that your organisation faces in its everyday activities ?

4d) How do you think this challenge could be addressed ?

5a ) What challenges do you think you will face in the near (1-2 years) and medium-term (2-5 years) future ?

5b) How do you think these challenges could be addressed ?

6) When you are looking for solution to digital forensics problems, who do you turn to for

a) off-the shelf solutions ?

b) bespoke solutions/product customisation ?

7) Who would you consider to be the key people or organisations relevant to your experience and usage of digital forensics ?

8) What other innovations, relating to technology, services or any other issues affecting digital forensics, do you think would be beneficial ?

9) May we contact you again for more information ?

(If “Yes”, please also provide your name and a contact phone number or email)

 

SIG Forensic Science

Forensic Science Special Interest Group

For more information about the FSSIG, and to get involved in the community, please see https://connect.innovateuk.org/web/forensics

(%count%)

(11655)

Share

Cellebrite’s Panel of Leading Industry Experts Identify Mobile Forensics Trends for 2013

Posted on by

Petah Tikva, Israel, January 23, 2013 – As 2013 gets underway, Cellebrite, the leading provider of mobile forensic and mobile data transfer solutions, has announced a list of top trends in mobile forensics that will shape the year ahead.

To gather this list, Cellebrite interviewed a number of prominent experts from law enforcement, corporations and universities, as well as industry analysts, familiar with mobile forensics, information security and e-discovery and the most advanced mobile forensic products available today. They highlighted the following nine trends as the most critical for investigative and legal professionals to prepare for the upcoming year:

1. BYOD impacts the forensics industry. While “Bring Your Own Device” (BYOD) seemed to infiltrate the enterprise in 2012, the mobile forensics industry will confront the impact of this growing trend in the year ahead. BYOD adoption across the enterprise means that forensics professionals will encounter a greater number of compromised phones. According to John Carney, Chief Technology Officer, Carney Forensics, “For e-discovery experts, BYOD will mean contending with more devices that contain both personal and corporate evidence as well as an increase in legal challenges related to device access and privacy during corporate investigations.”

2. Critical data: there’s an app for that. According to a 2012 Nielsen report, the average smartphone user has approximately 41 apps installed on a single device. “Whether it’s mobile messaging, personal navigation, social media or improving productivity – apps are going to dominate smartphones and tablets in 2013,” said Carney. “The ability to extract critical data stored in apps will become the new measuring stick by which investigators gauge the superiority of mobile forensics tools.”

3. Smarter phones mean tougher encryption. “Expect to see more encryption of data on smartphones to protect personal privacy and corporate data, which will make forensic examination more challenging,” said Eoghan Casey, founding partner at CASEITE. Password technology, too, has advanced; pattern-screen locks have hindered forensic data extraction efforts. In 2013, look for mobile forensics tools to continue to find ways to bypass a greater number of passwords and device locks, as well as address advanced encryption technology.

4. Investigators can’t put all their eggs into one mobile operating system. Though Android took 75 per cent of the market in Q3 of 2012, for mobile forensics professionals, market share isn’t everything. As Paul Henry, security and forensics analyst, vNet Security, noted, “While Android is the predominant operating system, the bulk of the bandwidth is still taking place on Apple devices, making them critical to many investigations.” In addition, despite BlackBerry’s decline in recent years, Carney said: “Their popularity for over a decade will make them an important legacy device pertinent to investigations for years to come.”

5. Windows 8 is the wildcard. Notwithstanding all the attention garnered by Android and Apple, the real wildcard for 2013 will be the rise of Microsoft in the mobile device market. While questions remain regarding how prevalent Microsoft devices will become, Cellebrite’s panel of experts predicts that the need for mobile forensic tools providing support for Windows 8 will increase in the New Year.

6. Mobile devices advance as witnesses. Look for mobile devices and the data they contain to take centre stage in both civil and criminal investigations in the year ahead. “Civil litigators are discovering that mobile device evidence is just as important as digital documents and email evidence,” said Carney. According to Heather Mahalik, mobile forensics technical lead at Basis Technology, “Now, more than ever before, e-discovery experts need comprehensive training in order to ensure the proper extraction of all relevant data from mobile devices.”

7. The regulatory and legislative landscape remains uncertain. “Lawmakers and judges are looking at cell phones much more critically than they did computers,” said Gary Kessler, associate professor, Embry-Riddle Aeronautical University and a member of the ICAC North Florida Task Force. “However, because few understand the nature of the technology, they are erring greatly on the side of caution. This speaks to the need for greater education regarding the scope and possibilities of mobile forensics and what it means for privacy and pre-trial discovery.”

8. Mobile malware’s incidence will rise. In 2013, look for malware on smartphone platforms and tablets to increase exponentially, particularly on Android devices. According to Cindy Murphy, detective, computer crimes/computer forensics, Madison Wisconsin Police Department, “The intended uses of mobile malware will be very similar to non-mobile malware – steal money, steal information and invade privacy. For law enforcement and forensics professionals, mobile malware means dealing with potentially compromised devices that may help perpetrators cover their tracks, making it increasingly difficult for investigators to meet the threshold of reasonable doubt.”

9. Data breaches via mobile will rise. “Mobile forensics vendors should resolve to provide stronger capabilities for enterprise wide smartphone investigations to support the investigation of data breaches targeting smartphones and the needs of e-discovery,” said Casey. Malware together with large-scale targeted intrusions into smartphones (targeting sensitive data) will raise enterprises’ risks for data destruction, denial of service, data theft and espionage.

“From the increasing use of mobile evidence to challenges stemming from the rise in tougher encryption methods, there are a number of areas that will demand the attention of mobile forensics professionals in the year ahead,” said Ron Serber, Cellebrite co-CEO. “As the industry continues to evolve, it will be critical for the law enforcement community, as well as the enterprise, to invest in proper training and ensure that their budgets allow them to meet the growing demand for comprehensive device analysis and data extraction.”

Cellebrite’s UFED provides cutting-edge solutions for physical, logical and file system extraction of data and passwords from thousands of legacy and feature phones, smartphones, portable GPS devices, and tablets with ground-breaking physical extraction capabilities for the world’s most popular platforms – BlackBerry®, iOS, Android, Nokia, Windows Mobile, Symbian and Palm and more. The extraction of vital evidentiary data includes call logs, phonebook, text messages (SMS), pictures, videos, audio files, ESN IMEI, ICCID and IMSI information and more.

Cellebrite’s panel of experts included:
· Eoghan Casey, Founding Partner, CASEITE
· John Carney, Chief Technology Officer, Carney Forensics; Attorney at Law, Carney Law Office
· Paul Henry, Leading Security and Forensics Analyst, Principle at vNet Security; Vice President at Florida Association of Computer Crime Investigators; SANS Senior Instructor
· Gary Kessler, Associate Professor, Embry-Riddle Aeronautical University; ICAC Northern Florida Task Force
· Heather Mahalik, Mobile Forensics Technical Lead, Basis Technology; SANS Certified Instructor
· Cindy Murphy, Detective Computer Crimes/Computer Forensics, Madison Wisconsin Police Department
· Ron Serber, co-CEO, Cellebrite

http://www.cellebrite.com/collateral/WhitePaper_MF_2013_Trends.pdf

cellebrite-logo

(3095)

Share

Call for Forensic Practitioners to Beta Test new Tool

Posted on by

CCL-Forensics based in the UK are offering Digital Forensics Practitioners the opportunity to take part in the final beta test which is now underway, any interested practitioners wishing to be involved should register at www.ccl-forensics.com/pip.

Researchers at CCL-Forensics have developed an innovative application for presenting the data held in XML format – a common data storage format, found on a wide range of digital devices and platforms including PCs, phones and SatNavs. The development in complex data interpretation is set to significantly speed up digital forensic investigations by enhancing the presentation of evidence from a range of commonly used devices.

Although XML is a text-based format, it’s not user-friendly in its raw format, meaning digital investigators often have to manually manipulate large amounts of data to locate evidence relevant to their enquiry.  XML files can contain, for example, internet history, web searches, SatNav recent locations, social networking history – and more.

CCL-Forensics has developed “PIP” to eradicate this problem.  PIP is a software tool which parses data from XML files, using the XPath query language and presents the investigator with a results in a user-friendly, easy-to-interpret form.  This saves a considerable amount of time, and means costs to investigators are kept to a minimum.

In addition, PIP natively supports AppleTM’s property list (“plist”) file format, both in their XML and binary forms.

“An XML file shown both in its raw form and when presented using PIP”

A regularly updated library of XPath queries is included within PIP and CCL-Forensics is constantly researching opportunities for new additions to the library, however, for the advanced practitioner, PIP allows bespoke queries to be written for new data types which may be uncovered during the course of an investigation.

The team behind PIP also recognised the need for investigators to process a number of similar files simultaneously, and therefore developed a batch processing capability.

PIP was created in response to demand from Law Enforcement Agencies to streamline the presentation from the increasingly complex range of digital devices – for little additional cost to the taxpayer.

Alex Caithness, the developer of PIP says “One of the biggest frustrations of any digital examiner is the fact that their tools extract data which they have to manually interpret to turn into a reportable format. PIP is designed to eradicate this problem for XML and plist files.

These files are used in many different devices and applications – the iPhone to name just one.  Investigators are seeing a great deal more of these devices, and without a tool like PIP, they may spending time manually processing them.

This is doubly unfortunate, because they have already carried out the first step – by extracting the data.  They just now need to interpret it.  PIP does this effortlessly.”

PIP is a constantly evolving tool and the developers would welcome suggestions for future functionality.  For more information, please contact Marketing Manager Andy Holmes on +44 1789 2621200 or email aholmes@ccl-forensics.com.

 

(1865)

Share