Tuesday, August 25, 2009

Weighing in on the CDFS

The Digital Forensics community has, up to this point, been somewhat fragmented. Because of this it has been difficult to advance the community as a whole. This is especially true in the development of qualification guidelines for examiners, and even more so in the areas of handling legislation that impacts our profession.

However there is hope on the horizon as it appears we may have finally reached critical mass.

Over at Rob Lee's blog, SANS Computer Forensics and E-Discovery, there is a press release announcing what I believe to be good news; The Council of Digital Forensic Specialists.

I am excited to see a united front of digital forensic examiners with aims at advancing the field. I am also hopeful for the future because this represents the first steps of digital forensics becoming a responsible self-governing body.

Wednesday, August 19, 2009

Expectation of privacy in the public realm?

Image representing Facebook as depicted in Cru...Image via CrunchBase
Many people, especially in the younger demographic, really have no idea of the possible repercussions of sharing the intimate details of their life on social networking sites like Facebook and Myspace. It seems like every week a case comes across my desk involving evidence from social networking sites.

The following is an except from New York Times online, from the article A Facebook Teaching Moment by Randy Cohen. It illustrates a real lack of discernment as students give full disclosure of deviant behavior on their Facebook page:

Image representing MySpace as depicted in Crun...Image via CrunchBase

"Strictly speaking, when these students gave her access to their Facebook pages, they waived their right to privacy. But that’s not how many kids see it. To them, Facebook and the like occupy some weird twilight zone between public and private information, rather like a diary left on the kitchen table. That a photo of drunken antics might thwart a chance at a job or a scholarship is not something all kids seriously consider. This teacher can get them to think about that."

 These days social media sites are a excellent source of easily gathered evidence. If you put information on social networking sites your expectations of privacy should be minimal at best, and it definitely could come back to haunt you.

Reblog this post [with Zemanta]

Monday, August 17, 2009

Q&A with Harlan Carvey

Image representing Windows as depicted in Crun...Image via CrunchBase

There is an interesting interview with Harlan Carvey, author of the blog Windows Incident Response and creator of Regripper over at Help Net Security.

The topic of discussion: Q&A Windows Forensics

It has alot of great information for people trying to get into the field and the future of Windows forensic analysis.

Oh, and if you are an examiner and haven't checked out his book, Windows Forensic Analysis yet I highly recommend doing so. Even if you have the 1st edition it is definitely worth it to go ahead and get the new 2nd edition.

Reblog this post [with Zemanta]

Thursday, August 13, 2009

More People Should Listen to Forensic4Cast

If you have not had a chance to listen to Forensic4Cast, the podcast, you are missing some funny stuff and some excellent guest interviews. Lee and Simon do a great job with the show and it is very enjoyable. They manage to bring some humor into the digital forensics field as well as covering serious topics quite well.

Some of their past interviewees have been Rob Lee of SANS, Lance Mueller, Scott Moulton, Harlan Carvey and Matt Shannon of F-Response.

I was interviewed on the latest episode, "Not Another Kitty Porn Joke!"

Lee Whitfield of Forensic4Cast will be my guest on Talk Forensics Radio, August 30th.
Reblog this post [with Zemanta]

Thursday, August 6, 2009

My Favorite Things

I think over time we all find things that we like. And when we like things, we tend to want to share them with others. Here are some of my favorite things. This is not intended to be all inclusive nor is any of it in any particular order.

Favorite Newsletter:
DFI News

Favorite Discussion Forums:
Forensic Focus

Favorite Podcast:
Forensic4Cast - Lee Whitfield
Talk Forensics- My show

Favorite Organizations:
National Association of Criminal Defense Lawyers
Fair Trial Initiative
Center for Death Penalty Litigation
American College of Forensic Examiners Institute
American Society of Digital Forensics and eDiscovery
SANS Institute
North Carolina Association of Private Investigators
Vidoc Society
Missing You Foundation
National Center for Missing and Exploited Children
Innocence Project
Help Find My Child

Favorite Forensics Tools:
Encase - Guidance Software
NetAnalysis - Digital Detective
Drive Prophet - Mark McKinnon
Helix - e-Fense
RegRipper - Harlan Carvey
Hardcopy III - Voom Technologies
Metadata Assistant - Payne Consulting
SecureView Forensic - Susteen
F-Response - Matt Shannon

Favorite Blogs and Bloggers:
Simple Justice - Scott Greenfield
Digfor - Andre Ross

I was going to list some of my favorite people, but I would probably leave someone out and offend them, so I will stop here.

Reblog this post [with Zemanta]

Fake Security Software Steals $34 Million Monthly

linkjacking + fake malware scanImage by World's Saddest Man via Flickr

Sadly, this is one of the better scams out there for parting inexperienced computer users from their money. I know people who have made this "purchase", only to find out when they called me that it is completely bogus.

This malware, that claims to be a legitimate anti-virus or anti-spyware application literally takes over the user's computer, making it impossible to use, with pop-ups occurring every few seconds warning of all the infections the rogue software has detected on the user's computer.

Depending on the particular infection, the solution is as simple as doing a windows restore to a time before you got the rogue ware, to some that are extremely difficult to remove.

One of the better tools for removing this type of spyware that I have found is SuperAntiSpyware Pro. It is available as a 30 day trial.

Here is the full article on this lucrative scam:

Fake Security Software Steals $34 Million Monthly -- InformationWeek: "Fake Security Software Steals $34 Million Monthly"
Reblog this post [with Zemanta]

Wednesday, August 5, 2009

Electronic Crime Scene Investigation: A Guide for First Responders, Second Edition

National Institute of Justice logoImage via Wikipedia
If you have not read this lately, and I mean in the last year or so, the National Institute of Justice has done an outstanding job in the second edition of their guide for first responders.

You can download the guide in PDF format here:

Electronic Crime Scene Investigation: A Guide for First Responders, Second Edition

Whether you are in law enforcement or not, it is a valuable resource and contains some very useful information. The second edition is far better than the original.

They also publish some other very useful guides and publications.

Forensic Examination of Digital Evidence: A Guide for Law Enforcement

Digital Evidence in the Courtroom: A Guide for Law Enforcement and Prosecutors

Reblog this post [with Zemanta]