Advertisement
 
Computer Forensics
Subscribe to Computer Forensics

The Lead

Wherever I get vmdk files, I take a deep breath and wonder what issues might pop up with them. I recently received some vmkd files and when I viewed one of these in FTK Imager (and some other mainstream forensic tools), it showed up as the dreaded "unreco

Dealing With Compressed vmdk Files

May 5, 2015 12:27 pm | by Mari DeGrazia | Blogs | Comments

Wherever I get vmdk files, I take a deep breath and wonder what issues might pop up with them. I recently received some vmkd files and when I viewed one of these in FTK Imager (and some other mainstream forensic tools), it showed up as the dreaded "unrecognized file system."

Super Secretive Malware Wipes Hard Drive to Prevent Analysis

May 5, 2015 10:29 am | by Dan Goodin, Ars Technica | News | Comments

Researchers have uncovered new malware that takes extraordinary measures to evade detection and...

Dyre Malware Won't Play Nice in the Sandbox

May 4, 2015 1:08 pm | by Ernie Austin, Associate Editor | Articles | Comments

In early April, more than $1 million was stolen using the Dyre Wolf malware. Now, as reported by...

How Will the Cyber Gold Rush Pan Out for Cities and States?

May 4, 2015 12:17 pm | by Sara Sorcher, The Christian Science Monitor | News | Comments

While California’s Silicon Valley is the technology capital of America, cities and states across...

View Sample

SUBSCRIBE TO FREE Forensic Magazine EMAIL NEWSLETTER

UC Berkeley officials have announced that they are sending alert notices to current students and other individuals regarding a computer data breach that may have resulted in unauthorized access to their Social Security numbers or other personal informatio

UC Berkeley Campus Announces Data Breach

May 1, 2015 11:11 am | by Janet Gilmore, UC Berkeley | News | Comments

UC Berkeley officials have announced that they are sending alert notices to current students and other individuals regarding a computer data breach that may have resulted in unauthorized access to their Social Security numbers or other personal information.

On Thursday, it was reported that a new service that warns when Google account users' passwords are phished had been bypassed by a drop-dead simple exploit, just 24 hours after Google had rolled out the Chrome plugin. Within hours of publication, Google i

Google's New Version of Password Alert Blocking Bypass is Bypassed

May 1, 2015 10:49 am | by Dan Goodin, Ars Technica | News | Comments

On Thursday, it was reported that a new service that warns when Google account users' passwords are phished had been bypassed by a drop-dead simple exploit, just 24 hours after Google had rolled out the Chrome plugin. Within hours of publication, Google issued an update that blocked the exploit. Now the same researcher has figured out a way to block the new version, too.

The only thing worse than a data breach is not knowing how it happened. In order to prevent system failure, minimize the loss and prevent similar breaches, agencies need an incident response plan that includes forensic investigation.

Plan for the Next Breach With Incident Response Forensics

May 1, 2015 10:13 am | by (ISC)2 Government Advisory Council Executive Writers Bureau, Lou Magnotti | News | Comments

The only thing worse than a data breach is not knowing how it happened. In order to prevent system failure, minimize the loss and prevent similar breaches, agencies need an incident response plan that includes forensic investigation.

Advertisement
This paper examines the history, types and culture of Computer Security Incident Response Teams (CSIRTs). It is intended to provide a short history and overview of the culture of CSIRTs in order to help build a common understanding.

History and Functions of Computer Security Incident Response Teams

May 1, 2015 10:03 am | by Isabel Skierka, Mirko Hohmann, Robert Morgus and Tim Maurer, New America Foundation | News | Comments

This paper examines the history, types and culture of Computer Security Incident Response Teams (CSIRTs). It is intended to provide a short history and overview of the culture of CSIRTs in order to help build a common understanding.

Google has created a Chrome extension that warns users when they accidentally enter their Google password into a phishing page aimed at hijacking their account. The extension will also urge them to change their passwords.

Chrome Extension Gets Google Passwords Off the Hook

April 30, 2015 12:51 pm | by Ernie Austin, Newsletter Editor | News | Comments

Google has created a Chrome extension that warns users when they accidentally enter their Google password into a phishing page aimed at hijacking their account. The extension will also urge them to change their passwords.

The top cyber official for the Air Force says the service’s space and satellite networks are being constantly hacked by outside groups.

Cyber General: US Satellite Networks Hit by 'Millions' of Hacks

April 30, 2015 12:19 pm | by Martin Matishak, The Hill | News | Comments

The top cyber official for the Air Force says the service’s space and satellite networks are being constantly hacked by outside groups.

Usually when I create a timeline, it's because I have something specific that I'm looking for that can be shown through a timeline; in short, I won't create a timeline (even a micro-timeline) without a reason to do so.

Timeline Analysis Process

April 30, 2015 11:36 am | by Harlan Carvey | Blogs | Comments

Usually when I create a timeline, it's because I have something specific that I'm looking for that can be shown through a timeline; in short, I won't create a timeline (even a micro-timeline) without a reason to do so.

While college students are opening their minds, they are also opening themselves to dangerous attacks by hackers. Nine days before finals were to begin, Internet service at Rutgers University was disabled. Students couldn't go online to study, participate

Cyber Attacks at Colleges Impede Free Flow of Knowledge

April 30, 2015 11:19 am | by Ernie Austin, Associate Editor | Articles | Comments

While college students are opening their minds, they are also opening themselves to dangerous attacks by hackers. Nine days before finals were to begin, Internet service at Rutgers University was disabled. Students couldn't go online to study, participate in online classes or register for courses. This attack was the third at Rutger's since November.

Advertisement
A new report adds to the body of evidence, charging that the Russian military is waging a sustained cyber campaign against Ukrainian military and law enforcement agencies, and the purpose is to extract a steady stream of classified documents that can aid

To Aid Combat, Russia Wages Cyber War Against Ukraine, Says Report

April 29, 2015 11:12 am | by Aarti Shahani, NPR | News | Comments

A new report adds to the body of evidence, charging that the Russian military is waging a sustained cyber campaign against Ukrainian military and law enforcement agencies, and the purpose is to extract a steady stream of classified documents that can aid violence and on-the-ground combat.

Before purchasing any tool, users should thoroughly research those available and select the tool which provides the best functionality to meet their requirements. The listing of a particular tool or vendor is not to be construed as an endorsement of that

Data Sanitization: Part 2

April 28, 2015 4:40 pm | by John J. Barbara | Articles | Comments

Before purchasing any tool, users should thoroughly research those available and select the tool which provides the best functionality to meet their requirements.

A note of caution to anyone who works on the security team of a major automobile manufacturer: Don’t plan your summer vacation just yet. At the Black Hat and Defcon security conferences this August, security researchers have announced they plan to wireles

Researchers Plan to Demonstrate a Wireless Car Hack This Summer

April 28, 2015 12:27 pm | by Andy Greenberg, Wired | News | Comments

A note of caution to anyone who works on the security team of a major automobile manufacturer: Don’t plan your summer vacation just yet. At the Black Hat and Defcon security conferences this August, security researchers have announced they plan to wirelessly hack the digital network of a car or truck.

Some of President Barack Obama’s emails with White House staff were collected by Russian hackers in a breach last year, according to multiple published reports citing senior American officials.

Obama's Emails Collected by Russian Hackers, Reports Say

April 27, 2015 12:34 pm | by Seth Augenstein, Digital Reporter | Articles | Comments

Some of President Barack Obama’s emails with White House staff were collected by Russian hackers in a breach last year, according to multiple published reports citing senior American officials.

Incident response is frequently viewed as a reactive process. As soon as something bad happens that is when the incident response process is activated to respond to what occurred. This view is similar to insurance.

Making Incident Response a Security Program Enabler

April 27, 2015 11:27 am | by Corey Harrell | Blogs | Comments

Incident response is frequently viewed as a reactive process. As soon as something bad happens that is when the incident response process is activated to respond to what occurred. This view is similar to insurance. 

Advertisement
From a forensic perspective, the Recycle Bin can be a “gold mine” for gathering probative evidence which can be extremely valuable for investigative purposes. There are many forensic tools available that are designed to recover deleted files from the Recy

Data Sanitization: Part 1

April 24, 2015 4:45 pm | by John J. Barbara | Articles | Comments

From a forensic perspective, the Recycle Bin can be a “gold mine” for gathering probative evidence which can be extremely valuable for investigative purposes. There are many forensic tools available that are designed to recover deleted files from the Recycle Bin. Depending upon the length of time a file has been deleted, forensic tools can recover the entire file or parts of the file (if it was partially overwritten).

Unfortunately, many companies have entered the cloud without first checking the weather. Cloud services have skyrocketed primarily because they’re cheaper and more convenient than the alternative. What happens if the cloud gets stormy, you suffer a breach

Legal Issues with Cloud Forensics

April 23, 2015 5:15 pm | by David Wilson | Articles | Comments

Unfortunately, many companies have entered the cloud without first checking the weather. Cloud services have skyrocketed primarily because they’re cheaper and more convenient than the alternative. What happens if the cloud gets stormy, you suffer a breach, and you find yourself in the position of having to conduct digital forensics? What now?

CTI is the application of intelligence tactics to gain insights on adversarial actors and their tools, techniques, and procedures. However, one aspect that’s not frequently discussed is the use of counterintelligence tactics by both the defender and the a

The Rise of Counterintelligence in Malware Investigations

April 23, 2015 11:47 am | by John Bambenek, Dark Reading | News | Comments

CTI is the application of intelligence tactics to gain insights on adversarial actors and their tools, techniques, and procedures. However, one aspect that’s not frequently discussed is the use of counterintelligence tactics by both the defender and the adversary.

Hackers aren’t just getting more aggressive — take a look at what happened last winter to Sony — they’re also getting harder to track down.

Mandia: Identifying Hackers is Getting More Difficult

April 23, 2015 10:36 am | by Kurt Wagner, re/code | News | Comments

Hackers aren’t just getting more aggressive — take a look at what happened last winter to Sony — they’re also getting harder to track down.

While watching Haroon Meer's TROOPERS keynote, I was struck by the major, structural shortcomings in the InfoSec industry; and how little impact it really had on the world.

On the Relative Unimportance of InfoSec

April 22, 2015 12:11 pm | by Jacob Torrey | Blogs | Comments

While watching Haroon Meer's TROOPERS keynote, I was struck by the major, structural shortcomings in the InfoSec industry; and how little impact it really had on the world.

Today’s investigative teams are buried under a mountain of digital data that comes from an increasing number and variety of sources. As the quantity of potential evidence continues to grow, some might yearn for a simpler time before the latest advances in

Uncovering the Smoking Gun is a Team Effort

April 22, 2015 9:07 am | by Dr. Jim Kent | Articles | Comments

Today’s investigative teams are buried under a mountain of digital data that comes from an increasing number and variety of sources. As the quantity of potential evidence continues to grow, some might yearn for a simpler time before the latest advances in technology; especially since criminals have become quite efficient at using these tools to hide their crimes and evade detection and prosecution. 

Ernie Austin

Female Teachers Use Social Media to Lure Young Male Victims

April 21, 2015 2:04 pm | by Ernie Austin, Associate Editor | Blogs | Comments

It's been a long journey from Van Halen's "Hot for Teacher," released in 1984, to the recent Saturday Night Live skit about a teacher on trial for raping one of her male high school students.

United Airlines stopped a prominent security researcher from boarding a California-bound flight late Saturday, following a social media post by the researcher days earlier suggesting the airline's onboard systems could be hacked.

Researcher Denied Airline Flight After Tweet About Hacking

April 21, 2015 10:24 am | by Jack Gillum, Associated Press | News | Comments

United Airlines stopped a prominent security researcher from boarding a California-bound flight late Saturday, following a social media post by the researcher days earlier suggesting the airline's onboard systems could be hacked.

Hackers have managed to penetrate computer networks associated with the Israeli military in an espionage campaign that skillfully packages existing attack software with trick emails, according to security researchers at Blue Coat Systems Inc.

Israeli Military Networks Breached by Hackers

April 20, 2015 1:45 pm | by Joseph Menn, Reuters | News | Comments

Hackers have managed to penetrate computer networks associated with the Israeli military in an espionage campaign that skillfully packages existing attack software with trick emails, according to security researchers at Blue Coat Systems Inc.

An APT campaign has been detected that exploits zero-day vulnerabilities in Adobe Flash and Microsoft Windows. Adobe patched vulnerability CVE-2015-3043 previously, but the Windows vulnerability is new. Security firm FireEye says that the group resonsible

Two Vulnerabilities Exploited by Russian Hackers

April 20, 2015 1:02 pm | by Ernie Austin, Associate Editor | News | Comments

An APT campaign has been detected that exploits zero-day vulnerabilities in Adobe Flash and Microsoft Windows. Adobe patched vulnerability CVE-2015-3043 previously, but the Windows vulnerability is new. Security firm FireEye says that the group responsible for the attack is APT28. 

Mini, micro, and even nano-timelines can assist an analyst in answering questions and addressing analysis goals in an extremely timely and accurate manner.

Micro- & Mini-Timelines

April 20, 2015 10:02 am | by Harlan Carvey | Blogs | Comments

Mini, micro, and even nano-timelines can assist an analyst in answering questions and addressing analysis goals in an extremely timely and accurate manner.

The next generation of cyber attacks will be more sophisticated, more difficult to detect and more capable of wreaking untold damage on the nation’s computer systems.

Algorithmic Cyber Attacks are Coming

April 20, 2015 8:39 am | by University of Utah | News | Comments

The next generation of cyber attacks will be more sophisticated, more difficult to detect and more capable of wreaking untold damage on the nation’s computer systems.  

Advertisement
X
You may login with either your assigned username or your e-mail address.
The password field is case sensitive.
Loading