Advertisement
 
Computer Forensics
Subscribe to Computer Forensics

The Lead

The computer server that transmitted and received Hillary Clinton's emails — on a private account she used exclusively for official business when she was secretary of state — traced back to an Internet service registered to her family's home in Chappaqua,

Clinton Ran Homebrew Computer System for Official Emails

March 4, 2015 12:40 pm | by Jack Gillum and Ted Bridis, Associated Press | News | Comments

The computer server that transmitted and received Hillary Clinton's emails — on a private account she used exclusively for official business when she was secretary of state — traced back to an Internet service registered to her family's home in Chappaqua, New York, according to Internet records reviewed by The Associated Press.

What You Need to Know About Nation-State Hacked Hard Drives

March 3, 2015 10:13 am | by Kelly Jackson Higgins, Dark Reading | News | Comments

The nation-state Equation Group compromise of most popular hard drives won't be a widespread...

How do you 'do' analysis?

March 2, 2015 1:50 pm | by Harlan Carvey | Blogs | Comments

This post is about employing various data sources and analysis techniques, and pivoting in order...

Webnic Registrar Blamed for Hijack of Lenovo, Google Domains

February 27, 2015 9:05 am | by Brian Krebs | Blogs | Comments

Recently, attackers allegedly associated with the fame-seeking group Lizard Squad briefly...

View Sample

SUBSCRIBE TO FREE Forensic Magazine EMAIL NEWSLETTER

Hackers have been stealing the secret algorithms and tactics used by hedge funds and high-frequency trading firms, according to two security companies.

Hackers Steal Trading Algorithms

February 27, 2015 8:23 am | by Mathew J. Schwartz, Gov Info Security | News | Comments

Hackers have been stealing the secret algorithms and tactics used by hedge funds and high-frequency trading firms, according to two security companies.

A team of computer scientists have devised as way to lift the veil of anonymity protecting cyber criminals by turning their malicious code against them.

Dusting for Cyber Fingerprints: Coding Style Identifies Anonymous Programmers

February 27, 2015 8:23 am | by Rachel Greenstadt, Drexel University | News | Comments

A team of computer scientists have devised as way to lift the veil of anonymity protecting cyber criminals by turning their malicious code against them.

Belkasoft has entered a strategic partnership with Passware, a leading provider of password recovery and e-Discovery software for Federal and State agencies, Fortune 500 corporations, law enforcement, military organizations, help desk personnel, business

Belkasoft Partners With Passware

February 26, 2015 8:20 am | Belkasoft, Passware, Inc. | News | Comments

Belkasoft has entered a strategic partnership with Passware, a leading provider of password recovery and e-Discovery software for Federal and State agencies, Fortune 500 corporations, law enforcement, military organizations, help desk personnel, business and private consumers. 

Advertisement
A trio of researchers from Microsoft and University of Erlangen-Nuremberg have created Kizzle, a compiler for generating signatures for detecting exploit kits delivering JavaScript to browsers.

Researchers Create Automated Signature Compiler for Exploit Detection

February 25, 2015 9:07 am | by Zeljka Zorz, Help Net Security | News | Comments

A trio of researchers from Microsoft and University of Erlangen-Nuremberg have created Kizzle, a compiler for generating signatures for detecting exploit kits delivering JavaScript to browsers.

When Kaspersky Lab revealed that it had uncovered a sophisticated piece of malware designed to plant malicious code inside the firmware of computers, it should have surprised no one.

Why Firmware is So Vulnerable to Hacking

February 24, 2015 1:30 pm | by Kim Zetter, Wired | News | Comments

When Kaspersky Lab revealed that it had uncovered a sophisticated piece of malware designed to plant malicious code inside the firmware of computers, it should have surprised no one.

Washington, D.C.-based R&K Cyber Solutions LLC has licensed Hyperion, a cyber security technology from the Department of Energy's Oak Ridge National Laboratory that can quickly recognize malicious software even if the specific program has not been previou

Cybersecurity Service Licenses ORNL Malware Detection Technology

February 24, 2015 12:58 pm | by Oak Ridge National Laboratory | News | Comments

Washington, D.C.-based R&K Cyber Solutions LLC has licensed Hyperion, a cyber security technology from the Department of Energy's Oak Ridge National Laboratory that can quickly recognize malicious software even if the specific program has not been previously identified as a threat.

We are bored with e-discovery. It hasn’t gone away, as some foolishly imagined it might. Most have endured rather than embraced e-discovery. The level of discourse about sources and process isn’t much higher than it was a decade ago despite the ascendency

Ennui: Have We Grown Weary of e-Discovery?

February 24, 2015 12:41 pm | by Craig Ball | Blogs | Comments

We are bored with e-discovery. It hasn’t gone away, as some foolishly imagined it might. Most have endured rather than embraced e-discovery. The level of discourse about sources and process isn’t much higher than it was a decade ago despite the ascendency of social networking, cloud computing and mobile devices.

China's Lenovo Group Ltd, the world's largest PC maker, had pre-installed a virus-like software on laptops that makes the devices more vulnerable to hacking, cybersecurity experts say.

Lenovo to Stop Pre-Installing Controversial Software

February 19, 2015 11:57 am | by Paul Carsten, Reuters | News | Comments

China's Lenovo Group Ltd, the world's largest PC maker, had pre-installed a virus-like software on laptops that makes the devices more vulnerable to hacking, cybersecurity experts say.

Advertisement
After listening to colleagues for years and exploring it further, Jonathan Grier saw how pressing the need was for technology like his. Although the NIJ was the organization that bridged the gap between idea and practical application for his technology, i

The Possible Put Into Digital Forensic Practice With Grier Technology

February 18, 2015 12:44 pm | by Ernie Austin, Associate Editor | Articles | Comments

After listening to colleagues for years and exploring it further, Jonathan Grier saw how pressing the need was for technology like his. Although the NIJ was the organization that bridged the gap between idea and practical application for his technology, it was another agency that saw its possibility.

Depending upon the nature of investigations, timely forensic examinations normally can expedite the apprehension of suspects. The use of a triage tool can identify the most likely evidentiary data sources. Ideally, the relevant evidence should then be sea

Streamlining the Digital Forensic Workflow: Part 3

February 17, 2015 1:12 pm | by John J. Barbara | Digital Forensics Consulting, LLC | Articles | Comments

Depending upon the nature of investigations, timely forensic examinations normally can expedite the apprehension of suspects. The use of a triage tool can identify the most likely evidentiary data sources. Ideally, the relevant evidence should then be seamlessly exported and analyzed in-depth by another comprehensive forensic tool which can provide indexing and detailed analysis.

Unraveling a mystery that eluded the researchers analyzing the highly advanced Equation Group the world learned about Monday, password crackers have deciphered a cryptographic hash buried in one of the hacking crew's exploits. It's Arabic for "unregistere

Password Cracking Experts Decipher Equation Group Crypto Hash

February 17, 2015 12:39 pm | by Dan Goodin, Ars Technica | News | Comments

Unraveling a mystery that eluded the researchers analyzing the highly advanced Equation Group the world learned about recently, password crackers have deciphered a cryptographic hash buried in one of the hacking crew's exploits. It's Arabic for "unregistered."

Microsoft recently released an update (KB 3004375) that allows certain versions the Windows OS to record command line options, if Process Tracking is enabled, in the Windows Event Log. Microsoft also recently upgraded Sysmon to version 2.0, with some inte

IR Tools

February 13, 2015 2:53 pm | by Harlan Carvey | Blogs | Comments

Microsoft recently released an update (KB 3004375) that allows certain versions the Windows OS to record command line options, if Process Tracking is enabled, in the Windows Event Log. Microsoft also recently upgraded Sysmon to version 2.0, with some interesting new capabilities.

Emoji are the language of our online era. They convey things mere words often cannot. We send emoji to improve upon, even expand, our words and bring emotion—affection, frustration, love, anger—to the conversation. Now, like the tweets, posts, and texts t

Emojis Used in Court

February 13, 2015 10:51 am | by Julia Greenberg, Wired | News | Comments

Emoji are the language of our online era. They convey things mere words often cannot. We send emoji to improve upon, even expand, our words and bring emotion—affection, frustration, love, anger—to the conversation. Now, like the tweets, posts, and texts that are a crucial part of the way we communicate today, emoji are, finally, getting their due in court.

Advertisement
A recent Duo Tech Talk featured Ivan Leichtling of Yelp, the company behind the website and mobile app that publishes crowd-sourced reviews about local businesses. Ivan lead a talk at Duo on OSXCollector, an open source forensic evidence collection and an

OSXCollector - Automated Forensic Evidence Collection & Analysis for OS X

February 12, 2015 12:08 pm | by Thu Pham | Blogs | Comments

A recent Duo Tech Talk featured Ivan Leichtling of Yelp, the company behind the website and mobile app that publishes crowd-sourced reviews about local businesses. Ivan lead a talk at Duo on OSXCollector, an open source forensic evidence collection and analysis toolkit for OS X developed in-house at Yelp. 

In the second part of our discussion about the benefits of government contracts to digital forensic investigation, Forensic Magazine talks to Jonathn Grier, principle of Grier Forensics. Grier's sifting technology speeds the investigation of computer hard

Grier Forensics Sifts Through the Data

February 11, 2015 12:31 pm | by Ernie Austin, Associate Editor | Articles | Comments

In the second part of our discussion about the benefits of government contracts to digital forensic investigation, Forensic Magazine talks to Jonathan Grier, principle of Grier Forensics. Grier's sifting technology speeds the investigation of computer hard drives by pinpointing usable data — the data important to a case. In this part, we find out from Jonathan Grier how this technology works.

Process hollowing (a.k.a. process replacement) is a technique malware uses to overwrite a running process with a malicious code. To me it's the technical equivalent of those alien body snatchers. This post explores process hollowing techniques using the C

Process Hollowing Meets Cuckoo Sandbox

February 9, 2015 1:51 pm | by Corey Harrell | Blogs | Comments

Process hollowing (a.k.a. process replacement) is a technique malware uses to overwrite a running process with a malicious code. To me it's the technical equivalent of those alien body snatchers. This post explores process hollowing techniques using the Cuckoo Sandbox.

It is often the case that the spur to innovation in America takes the form of a government solicitation. As an instrument of the people, the government gives power to the those that develop ideas and tools that benifit everyone. Forensic tools are no exce

Government Contract to Grier Forensics Speeds-Up Digital Investigation

February 9, 2015 11:54 am | by Ernie Austin, Associate Editor | Articles | Comments

It is often the case that the spur to innovation in America takes the form of a government solicitation. As an instrument of the people, the government gives power to the those that develop ideas and tools that benefit everyone. Forensic tools are no exception. To this end, Forensic Magazine spoke with Martin Novak, Program Manager at NIJ, and Jonathan Grier, principle of Grier Forensics, about Grier's recent contract award.

Another day, another data breach, and another round of calls for companies to encrypt their databases. Cryptography is a powerful tool, but in cases like this one it's not going to help. If your OS is secure, you don't need the crypto; if it's not, the cr

Encryption Won't Protect What's Not Secure

February 6, 2015 11:15 am | by Steven M. Bellovin, Collumbia University | News | Comments

Another day, another data breach, and another round of calls for companies to encrypt their databases. Cryptography is a powerful tool, but in cases like this one it's not going to help. If your OS is secure, you don't need the crypto; if it's not, the crypto won't protect your data.

The man who built the free email encryption software used by whistleblower Edward Snowden, as well as hundreds of thousands of journalists, dissidents and security-minded people around the world, is running out of money to keep his project alive.

The World's Email Encryption Software Relies on One Guy, Who is Going Broke

February 6, 2015 8:20 am | by Julia Angwin, ProPublica | News | Comments

The man who built the free email encryption software used by whistleblower Edward Snowden, as well as hundreds of thousands of journalists, dissidents and security-minded people around the world, is running out of money to keep his project alive.

An extensive and sophisticated cyber espionage operation targeting mainly Western military, government, defense industry firms, and the media, now has a new weapon: a spyware app for Apple iPhones and iPads.

Apple iOS Now Targeted in Massive Cyber Espionage Campaign

February 4, 2015 12:14 pm | by Kelly Jackson Higgins, Dark Reading | News | Comments

An extensive and sophisticated cyber espionage operation targeting mainly Western military, government, defense industry firms, and the media, now has a new weapon: a spyware app for Apple iPhones and iPads.            

Overall, cookies are a satisfactory way to handle tracking online. They're simple,   reliable, useful, proven, easy to understand, easy for vendors to implement, and   easy for users to control. And that's exactly why people who are really serious   about

How HSTS 'Supercookies' Make You Choose between Privacy or Security

February 2, 2015 2:53 pm | by Mark Stockley | Blogs | Comments

Overall, cookies are a satisfactory way to handle tracking online. They're simple, reliable, useful, proven, easy to understand, easy for vendors to implement, and easy for users to control. And that's exactly why people who are really serious about tracking you online don't rely on cookies.

The U.S. Army has released to open source an internal forensics analysis framework that the Army Research Lab has been using for some time.

Army Research Lab Releases Dshell Forensics Framework

January 30, 2015 11:50 am | by Dennis Fisher | Blogs | Comments

The U.S. Army has released to open source an internal forensics analysis framework that the Army Research Lab has been using for some time.                               

Red Hat Inc and other makers of the widely used Linux operating system for business computers updated their software on Tuesday to thwart a serious new cyber threat they warned could allow hackers to gain remote control of their systems.

Linux Makers Try to Thwart 'Ghost' Cyber Bug

January 28, 2015 11:58 am | by Reuters | News | Comments

Red Hat Inc and other makers of the widely used Linux operating system for business computers updated their software on Tuesday to thwart a serious new cyber threat they warned could allow hackers to gain remote control of their systems.   

From the Heartbleed bug to the Target security breach, malicious hackers have proved to be detrimental to companies’ financial assets and reputations. To combat these malevolent attackers, or “black hats,” a community of benign hackers, “white hats,” has

White Hat Hackers Keep the Web Secure

January 28, 2015 11:08 am | by Stephanie Koons, Penn State | News | Comments

From the Heartbleed bug to the Target security breach, malicious hackers have proved to be detrimental to companies’ financial assets and reputations. To combat these malevolent attackers, or “black hats,” a community of benign hackers, “white hats,” has been making significant contributions to cybersecurity by detecting vulnerabilities in companies’ software systems and websites and communicating their findings. 

Depending upon the nature of investigations, timely forensic examinations normally can expedite the apprehension of suspects. Conversely, delayed results can lead to suspects remaining free for extended periods of time, thereby allowing them to potentiall

Examining and Analyzing Large Crime Scene Data Sets

January 23, 2015 1:07 pm | Articles | Comments

Depending upon the nature of investigations, timely forensic examinations normally can expedite the apprehension of suspects. Conversely, delayed results can lead to suspects remaining free for extended periods of time, thereby allowing them to potentially commit other crimes.

Advertisement
X
You may login with either your assigned username or your e-mail address.
The password field is case sensitive.
Loading