Advertisement
 
Computer Forensics
Subscribe to Computer Forensics

The Lead

The U.S. Army has released to open source an internal forensics analysis framework that the Army Research Lab has been using for some time.

Army Research Lab Releases Dshell Forensics Framework

January 30, 2015 11:50 am | by Dennis Fisher | Blogs | Comments

The U.S. Army has released to open source an internal forensics analysis framework that the Army Research Lab has been using for some time.                               

Linux Makers Try to Thwart 'Ghost' Cyber Bug

January 28, 2015 11:58 am | by Reuters | News | Comments

Red Hat Inc and other makers of the widely used Linux operating system for business computers...

White Hat Hackers Keep the Web Secure

January 28, 2015 11:08 am | by Stephanie Koons, Penn State | News | Comments

From the Heartbleed bug to the Target security breach, malicious hackers have proved to be...

Examining and Analyzing Large Crime Scene Data Sets

January 23, 2015 1:07 pm | Articles | Comments

Depending upon the nature of investigations, timely forensic examinations normally can expedite the...

View Sample

SUBSCRIBE TO FREE Forensic Magazine EMAIL NEWSLETTER

Chinese online censorship body the Cyberspace Administration of China (CAC) has hit back at claims made by activists this week that the authorities allowed a Man in the Middle (MITM) attack against Outlook users in the country.

China Hits Back at MITM Outlook Claims

January 23, 2015 12:51 pm | by Phil Muncaster, Infosecurity Magazine | News | Comments

Chinese online censorship body the Cyberspace Administration of China (CAC) has hit back at claims made by activists this week that the authorities allowed a Man in the Middle (MITM) attack against Outlook users in the country.       

Prolific researcher Kafeine today called for Windows users to disable Adobe Flash Player in the wake of his discovery of an exploit for a previously unknown Flash flaw being packaged with a notorious crimeware kit.

Adobe Investigating New Flash Zero-Day Spotted in Crimeware Kit

January 22, 2015 12:12 pm | by Kelly Jackson Higgins | Blogs | Comments

Prolific researcher Kafeine today called for Windows users to disable Adobe Flash Player in the wake of his discovery of an exploit for a previously unknown Flash flaw being packaged with a notorious crimeware kit.          

Silent Shield has released P2P Decryptor, its peer-to-peer decryption and reporting software. Training is also offered exclusively for law enforcement at no charge in Atlanta, Georgia, January 28, 2015.

Training Offered for Peer-to-Peer Decryption Software Release

January 20, 2015 11:58 am | by Ernie Austin, Associate Editor | Silent Shield, LLC | News | Comments

Silent Shield has released P2P Decryptor, its peer-to-peer decryption and reporting software. Training is also offered exclusively for law enforcement at no charge in Atlanta, Georgia, January 28, 2015.             

Advertisement
Police investigators working to identify victims, find criminals and bring cases to court have revealed that huge increases in the volume of visual evidence, data seized and sheer number of caseloads are the biggest challenges they are facing.

Huge Volume of Visual Evidence Puts Investigators under Pressure

January 15, 2015 12:42 pm | by NetClean | News | Comments

Police investigators working to identify victims, find criminals and bring cases to court have revealed that huge increases in the volume of visual evidence, data seized and sheer number of caseloads are the biggest challenges they are facing. 

Phonelog CDR Analysis

January 15, 2015 8:17 am | MediaClone, Inc. | Product Releases | Comments

Securcube’s Phonelog is an elaborate and intuitive solution for Call Detail Record analysis. Phone Log is equipped with cutting-edge technologies that perform quick, automated, and comprehensive data analyses and, among other functions, correlates phone numbers, tracks BTS cell traffic, accesses IMSI and IMEI logs. 

Recently, Johannes Ullrich, Chief Technology Officer of the SANS Internet Storm   Center spoke with Forensic Magazine about a case presented at 31C3 2014. He helps   us understand how this unusual email attack could be a nation-state-level   operation.

Off-the-shelf Nation-state Attacks

January 14, 2015 9:26 am | by Ernie Austin, Associate Editor | SANS Institute | Articles | Comments

Recently, Johannes Ullrich, Chief Technology Officer of the SANS Internet Storm Center spoke with Forensic Magazine about a case presented at 31C3 2014. He helps us understand how this unusual email attack could be a nation-state-level operation.

The newly-discovered "Skeleton Key" malware is able to circumvent authentication on Active Directory systems, according to Dell researchers.

'Skeleton Key' Malware Unlocks Corporate Networks

January 13, 2015 1:17 pm | by Charlie Osborne | Blogs | Comments

The newly-discovered "Skeleton Key" malware is able to circumvent authentication on Active Directory systems, according to Dell researchers.                               

Federal agencies are big users of antivirus software, and regardless of their technical competence, government security professionals still find themselves victims of malware. Unfortunately, simply installing antivirus technology does not protect today’s

Is antivirus software still relevant?

January 9, 2015 11:12 am | by (ISC)2 Government Advisory Board Executive Writers Bureau, Lou Magnotti | News | Comments

Federal agencies are big users of antivirus software, and regardless of their technical competence, government security professionals still find themselves victims of malware. Unfortunately, simply installing antivirus technology does not protect today’s endpoints.

Advertisement
If you’re sitting in a coffee shop, tapping away on your laptop, feeling safe from hackers because you didn’t connect to the shop’s wifi, think again. The bad guys may be able to see what you’re doing just by analyzing the low-power electronic signals you

Countering a New Class of Coffee Shop Hackers

January 9, 2015 10:32 am | by John Toon, Georgia Institute of Technology | News | Comments

If you’re sitting in a coffee shop, tapping away on your laptop, feeling safe from hackers because you didn’t connect to the shop’s wifi, think again. The bad guys may be able to see what you’re doing just by analyzing the low-power electronic signals your laptop emits even when it’s not connected to the Internet.

I sometimes get questions about showing attachments in Apple iDevice messaging databases. The questions, however, seem to come at a time when I don’t have any databases on hand to study the issue. Well, this week I stumbled on the chats.db during an exam

Getting Attached: Apple Messaging Attachments

January 8, 2015 12:00 pm | by Editor | Blogs | Comments

I sometimes get questions about showing attachments in Apple iDevice messaging databases. The questions, however, seem to come at a time when I don’t have any databases on hand to study the issue. Well, this week I stumbled on the chats.db during an exam of a MacBook Air.

French authorities continue to investigate the January 7 attack in Paris that claimed the lives of a dozen, including journalists and police officers. As they do so, experts with digital forensics and other information security skills will be crucial for

Paris Attacks: The Cyber Investigation

January 8, 2015 10:58 am | by Eric Chabrow and Mathew J. Schwartz, Gov Info Security | News | Comments

French authorities continue to investigate the January 7 attack in Paris that claimed the lives of a dozen, including journalists and police officers. As they do so, experts with digital forensics and other information security skills will be crucial for continuing to advance the investigation.

A UK consultant has demonstrated how a feature of the secure Web protocol HTTPS can be turned into a tracking feature that is, in the case of some browsers, ineradicable.

HTTPS Can be Set as a Super-cookie

January 7, 2015 12:36 pm | by Richard Chirgwin, The Register | News | Comments

A UK consultant has demonstrated how a feature of the secure Web protocol HTTPS can be turned into a tracking feature that is, in the case of some browsers, ineradicable.                       

From a historical perspective, mankind’s recording and storing of information has progressed from the crude writings, carvings and paintings found on rocks, in caves and on scrolls to today’s digitization of virtually everything imaginable. The invention

Data Storage Issues - Part 5

January 7, 2015 8:25 am | by John J. Barbara | Digital Forensics Consulting, LLC | Articles | Comments

From a historical perspective, mankind’s recording and storing of information has progressed from the crude writings, carvings and paintings found on rocks, in caves and on scrolls to today’s digitization of virtually everything imaginable. The invention of the computer has made this possible.

Advertisement
On Monday, a federal judge in Nebraska sentenced the former acting director of cybersecurity for the US Department of Health and Human Services to 25 years in prison on child porn charges.

Former US Cybersecurity Official Gets 25 Years for Child Porn Charges

January 6, 2015 9:58 am | by Cyrus Farivar, Ars Technica | News | Comments

On Monday, a federal judge in Nebraska sentenced the former acting director of cybersecurity for the US Department of Health and Human Services to 25 years in prison on child porn charges.                 

I recently analyzed a malicious document, by opening it on a virtual machine; this was intended to simulate a user opening the document, and the purpose was to determine and document artifacts associated with the system being infected.

What It Looks Like: Disassembling a Malicious Document

January 6, 2015 8:59 am | by Harlan Carvey | Blogs | Comments

I recently analyzed a malicious document, by opening it on a virtual machine; this was intended to simulate a user opening the document, and the purpose was to determine and document artifacts associated with the system being infected.    

In late November, a court case in Calgary, Canada, set an unusual record. Lawyers representing a personal trainer injured in an accident were the first to wield data from a wearable device in the courtroom. They planned to use the sluggish activity levels

You Could be Wearing Your Alibi Right Now

January 5, 2015 4:49 pm | by Aviva Rutkin, New Scientist | News | Comments

In late November, a court case in Calgary, Canada, set an unusual record. Lawyers representing a personal trainer injured in an accident were the first to wield data from a wearable device in the courtroom. They planned to use the sluggish activity levels recorded by their client's Fitbit fitness tracker to prove the lasting effect of her accident.

Change is one of the only constants in incident response. In time most things will change; technology, tools, processes, and techniques all eventually change. The change is not only limited to the things we rely on to be the last line of defense for our o

Triaging a System Infected with Poweliks

January 5, 2015 9:19 am | by Corey Harrell | Blogs | Comments

Change is one of the only constants in incident response. In time most things will change; technology, tools, processes, and techniques all eventually change. The change is not only limited to the things we rely on to be the last line of defense for our organizations and/or customers.

To Deschutes County Sheriff’s Sgt. Tom Nelson, Bend was primarily a prime fishing spot. It was 2002 and Nelson was planning to retire from the Portland Police Bureau after nearly 30 years of service. But then he was recruited by then-Sheriff Les Stiles to

Oregon Digital Forensics Lab Stretched

December 30, 2014 12:44 pm | by Claire Withycombe, The Bulletin | News | Comments

To Deschutes County Sheriff’s Sgt. Tom Nelson, Bend was primarily a prime fishing spot. It was 2002 and Nelson was planning to retire from the Portland Police Bureau after nearly 30 years of service. But then he was recruited by then-Sheriff Les Stiles to head a new computer forensics unit for the sheriff’s office.

Streamlining the Digital Forensic Workflow: Part 3

December 15, 2014 5:14 am | by John J. Barbara | Digital Forensics Consulting, LLC | Articles | Comments

Depending upon the nature of investigations, timely forensic examinations normally can expedite the apprehension of suspects. The use of a triage tool can identify the most likely evidentiary data sources. Ideally, the relevant evidence should then be seamlessly exported and analyzed in-depth by another comprehensive forensic tool which can provide indexing and detailed analysis. 

Cell Phone Background Image Leads to Suspect

November 20, 2014 4:38 am | by Associated Press | News | Comments

Police tracking down a suspected killer came across a telling piece of evidence that led to an arrest: A cellphone, logged into a man's Facebook account, with a news photo of the crime scene as the background screen.

It has now reached the point that it is no longer practical for an examiner to forensically analyze each and every piece of evidence. Depending upon the alleged crime, often the incriminating evidence can be found in an e-mail, a document, the browser his

Streamlining the Digital Forensic Workflow: Part 1

October 15, 2014 8:51 am | by John J. Barbara | Articles | Comments

It has now reached the point that it is no longer practical for an examiner to forensically analyze each and every piece of evidence. Depending upon the alleged crime, often the incriminating evidence can be found in an e-mail, a document, the browser history, an SMS, or some other source. This leads to the obvious conclusion that examiners are going to need a new approach to streamline their workflow.

When a woman's bullet-riddled body was found under the France Road overpass in Desire on the sweltering morning of July 29, New Orleans police initially had few clues with which to work.

Phone Evidence Illuminates Trail of Woman's Suspected Killer

October 9, 2014 1:28 pm | by Ken Daley, The Times-Picayune | News | Comments

When a woman's bullet-riddled body was found under the France Road overpass in Desire on the sweltering morning of July 29, New Orleans police initially had few clues with which to work.                  

Forensic inspectors are hunting video evidence on wireless phones that police seized in the investigation of two Destrehan High School teachers who are accused of engaging in group sex with one of their English students, authorities say.

Phones Examined for Video Evidence in Teacher Sex Case

October 7, 2014 2:31 pm | by Brett Duke, The Picayune Times | News | Comments

Forensic inspectors are hunting video evidence on wireless phones that police seized in the investigation of two Destrehan High School teachers who are accused of engaging in group sex with one of their English students, authorities say.   

Streamlining the Digital Forensic Workflow: Part 2

September 30, 2014 5:18 pm | by John J. Barbara | Digital Forensics Consulting, LLC | Articles | Comments

Often an examiner will analyze all the digital media only to determine that the probative data was limited to a browser’s history file, an e-mail, a document, the mobile devices’ logs, or an inappropriate graphic video or picture. Finding the critical probative data faster in a cost effective manner while reducing or eliminating case backlogs is going to require a more efficient methodology.

Civil Air Patrol officials say cell phone forensics have helped authorities narrow the search area for a missing small airplane which hasn't been seen since leaving the Headland airport in Henry County, Alabama.

Cell Phone Forensics Helps Narrow Search for Missing Plane

September 19, 2014 1:12 pm | by Matt Elofson, Dothan Eagle | News | Comments

Civil Air Patrol officials say cell phone forensics have helped authorities narrow the search area for a missing small airplane which hasn't been seen since leaving the Headland airport in Henry County, Alabama.           

Advertisement
X
You may login with either your assigned username or your e-mail address.
The password field is case sensitive.
Loading