viaForensics » Computer Forensics Archives – viaForensics

Full disk encryption is too good, says US intelligence agency

lhaas — Tue, 29 Nov 2011 22:35:37 +0000

New study shows just how hard full disk encryption is to crack. Can it be too good?

You might be shocked to learn this, but when a quivering-lipped Chloe from 24 cracks the encryption on a terrorist’s hard drive in 30 seconds, the TV show is faking it. “So what? It’s just a TV show.” Well, yes, but it turns out that real federal intelligence agencies, like the FBI, CIA, and NSA, also have a problem cracking encrypted hard disks — and according to a new research paper, this is a serious risk to national security.

The study, titled “The growing impact of full disk encryption on digital forensics,” illustrates the difficulty that CSI teams have in obtaining enough digital data to build a solid case against criminals. According to the researchers, one of which is a member of US-CERT — the US government’s primary defense against internet and digital threats — there are three main problems with full disk encryption (FDE): First, evidence-gathering goons can turn off a computer (for transportation) without realizing it’s encrypted, and thus can’t get back at the data (unless the arrestee gives up his password, which he doesn’t have to do); second, if the analysis team doesn’t know that the disk is encrypted, it can waste hours trying to read something that’s ultimately unreadable; and finally, in the case of hardware-level disk encryption, tampering with the device can trigger self-destruction of the data.

via Full disk encryption is too good, says US intelligence agency | ExtremeTech.

A Geeks Guide to Digital Forensics – video now online

ahoog — Wed, 10 Aug 2011 22:12:02 +0000

The nice folks over at Google Chicago have posted my “A Geek’s Guide to Digital Forensics” (video | presentation) on their GoogleTechTalk channel. It was posted about a week ago and has had 1,079 views…which is impressive only because the thing weighs in at nearly 56 minutes. If you suffer through the whole thing, maybe leave a comment or click that little like button.

Installing open source forensic tools on Linux

ahoog — Tue, 02 Aug 2011 21:59:51 +0000

Earlier this year, we presented at a forensic meeting up in Chicago. The folks at the Naperville Police department were kind enough to host us. For those who were instated in the install commands (so you don’t have to type by hand), here they are:

Update your system

sudo apt-get update sudo apt-get upgrade -u

TSK

sudo apt-get install sleuthkit

Rifiuti

cd wget "http://downloads.sourceforge.net/project/odessa/Rifiuti/20040505_1/rifiuti_20040505_1.tar.gz?r=http%3A%2F%2Fsourceforge.net%2Fprojects%2Fodessa%2Ffiles%2FRifiuti%2F20040505_1%2F&ts=1296081318&use_mirror=iweb" -O rifiuti.tgz tar xzvf rifiuti.tgz cd rifiuti_20040505_1/src make install sudo mv ../bin/rifiuti /usr/local/bin

regripper

sudo apt-get install libparse-win32registry-perl p7zip-full cd wget http://viaforensics.com/files/regripper-linux.7z 7z x regripper-linux.7z

install log2timeline-perl

sudo add-apt-repository "deb http://log2timeline.net/pub/ maverick main" wget -q http://log2timeline.net/gpg.asc -O- | sudo apt-key add - sudo apt-get update sudo apt-get install log2timeline-perl

Android training utils

IBM speeds storage with flash: 10B files in 43 minutes

lhaas — Thu, 28 Jul 2011 16:21:44 +0000

With an eye toward helping tomorrow’s data-deluged organizations, IBM researchers have created a super-fast storage system capable of scanning in 10 billion files in 43 minutes.

This system handily bested their previous system, demonstrated at Supercomputing 2007, which scanned 1 billion files in three hours.

Key to the increased performance was the use of speedy flash memory to store the metadata that the storage system uses to locate requested information. Traditionally, metadata repositories reside on disk, access to which slows operations.

“If we have that data on very fast storage, then we can do those operations much more quickly,” said Bruce Hillsberg, director of storage systems at IBM Research Almaden, where the cluster was built. “Being able to use solid-state storage for metadata operations really allows us to do some of these management tasks more quickly than we could ever do if it was all on disk.”

IBM foresees that its customers will be grappling with a lot more information in the years to come.

via IBM speeds storage with flash: 10B files in 43 minutes

Was Casey Anthony prosecuted with inaccurate data?

lhaas — Wed, 20 Jul 2011 15:05:52 +0000

Ripped from the headlines: a real life example of the use of computer forensics and why experts matter.

A former Canadian police sergeant who specializes in computer forensic analysis, Mr. Bradley said he first became suspicious of the data after he testified on June 8. He said he had been called to testify by the prosecution about his CacheBack software. Instead, he was asked repeatedly about the Sheriff’s Office report detailing the 84 search hits on “chloroform,” which he had not seen.

“I had translated the data into something meaningful for the police,” he said. “Then I turned it over to them. The No. 1 principle for them is to validate the data, and they had the tools and resources to do it. They chose not to.”

Soon after giving testimony, Mr. Bradley learned during the defense portion of the case that the police had written a first report in August 2008 detailing Ms. Anthony’s history of Internet searches. That report used NetAnalysis, a different software.

Despite his appearance as a witness, Mr. Bradley said he was never told about that first report either by the police, with whom he had been in contact, or the prosecution.

Of the search results in both reports relating to chloroform, only one hit was found for sci-spot.com. That site was visited once, according to NetAnalysis, and visited 84 times, according to the CacheBack analysis.

Concerned that the analysis using CacheBack could be wrong and that a woman’s life might be at stake, Mr. Bradley went back to the drawing board and redesigned a portion of his software to get a more accurate picture.

He found both reports were inaccurate (although NetAnalysis came up with the correct result), in part because it appears both types of software had failed to fully decode the entire file, due to its complexity. His more thorough analysis showed that the Web site sci-spot.com was visited only once — not 84 times.

Mr. Bradley, fearing that jurors were being given false information based on his data, contacted the police and the prosecution the weekend of June 25. He asked Sergeant Stenger about the discrepancy, and the sergeant said he was aware of it, Mr. Bradley said. He waited to see if prosecutors would correct the record. They did not.

“They needed to get that right,” Mr. Bradley said.

via Was Casey Anthony prosecuted with inaccurate data?

Computerworld: IBM announces computer memory breakthrough

lhaas — Wed, 06 Jul 2011 15:49:11 +0000

IBM Thursday announced a breakthrough in computer memory technology, which may lead to the development of solid-state chips that can store as much data as NAND flash technology but with 100 times the performance and vastly greater lifespan.

Currently, NAND flash memory products, such as SSDs, have write rates as high as 2Gbit/sec.

IBM said it has produced phase-change memory (PCM) chips that can store two bits of data per cell without data corruption problems, something that has plagued PCM development from the start.

via IBM announces computer memory breakthrough

Google Tech Talk – Geeks Guide to Digital Forensics – June 2011

ahoog — Thu, 16 Jun 2011 22:41:15 +0000

Our presentation, “A Geeks Guide to Digital Forensics”, was a lot of fun today at Google Chicago. The presentation was video taped by Google ~~and we will update this post once it has been uploaded~~ and posted on the Google Tech Talk YouTube channel.

Browse the slide images in the gallery below. A PDF version is available; make sure you are registered on the site and then use this link: PDF Download.

viaForensics-Google-Tech-Talk-Slide (1)

viaForensics-Google-Tech-Talk-Slide (2)

viaForensics-Google-Tech-Talk-Slide (3)

viaForensics-Google-Tech-Talk-Slide (4)

viaForensics-Google-Tech-Talk-Slide (5)

viaForensics-Google-Tech-Talk-Slide (6)

viaForensics-Google-Tech-Talk-Slide (7)

viaForensics-Google-Tech-Talk-Slide (8)

viaForensics-Google-Tech-Talk-Slide (9)

viaForensics-Google-Tech-Talk-Slide (10)

viaForensics-Google-Tech-Talk-Slide (11)

viaForensics-Google-Tech-Talk-Slide (12)

viaForensics-Google-Tech-Talk-Slide (13)

viaForensics-Google-Tech-Talk-Slide (14)

viaForensics-Google-Tech-Talk-Slide (15)

viaForensics-Google-Tech-Talk-Slide (16)

viaForensics-Google-Tech-Talk-Slide (17)

viaForensics-Google-Tech-Talk-Slide (18)

viaForensics-Google-Tech-Talk-Slide (19)

viaForensics-Google-Tech-Talk-Slide (20)

viaForensics-Google-Tech-Talk-Slide (21)

viaForensics-Google-Tech-Talk-Slide (22)

viaForensics-Google-Tech-Talk-Slide (23)

viaForensics-Google-Tech-Talk-Slide (24)

viaForensics-Google-Tech-Talk-Slide (25)

viaForensics-Google-Tech-Talk-Slide (26)

Summary

This talk will provide a technical introduction to digital forensics geared towards fellow geeks who think tinkering with data in hex is fun and interesting. The talk will provide a brief background on forensics and important concepts including acquisition and verification techniques. Forensic analysis, the really fun stuff, will be covered in detail including specific a walkthough on how to carve YAFFS2 timestamps from a nandump of an Android device. Finally, we will cover the emerging intersection of digital forensics and traditional security, specifically mobile app security and continuous forensic monitoring of key systems.

Outline

A Geeks Guide to Digital Forensics
or: How I learned to stop worrying and love the hex editor
Qualifications
What is Digital Forensics?
• Branch of forensic science – uses scientific method

• The preservation, recovery, analysis and reporting of digital artifacts including information stored on:
– Computer/laptop systems (hard drives)
– Storage media (USBs, CDs, DVDs, cameras, etc.)
– Mobile phones
– Electronic documents

• Typically used reactively, move toward proactive
– Reactive: court cases, incident response
– Proactive: mobile app security audits, continuous forensic monitoring
Storage Devices
There are 3 main types of storage devices used today:

• Hard-disk drive (HDD) – Contains a spinning magnetic drive used to store non-volatile data.
• Solid-state drive (SSD) – Contains internal microchips for the purpose of storing non-volatile data.
• NAND Flash memory
• Typically found in smart phones, USB thumb drivers and other portable devices
• Not removable like typical HDD or SSD
• Very unique characteristics from standard HDD (limited writes/erase)
• In constant state of change (FTL)

Acquisition strategies
Forensics Analysts can acquire/receive data 3 different ways

• Backup Files
– Backup files are provided from the “custodian”. This could include backup software from corporations, PST file, iTunes backup, etc.
• Logical Acquisition
– A copy of the file system is created (i.e. tar.gz of / or recursive copy that preserves date/time)
• Physical Acquisition
– Creates an exact digital replica of the storage medium
– Can recover deleted data
– This process requires specialized analysis tools and techniques
– Drive management firmware may still affect acquisition (FTL, bad blocks, etc.)

Image Verification
• Hash value – A calculated hex signature based on a set of data.
– A hash value can be used to verify forensic image integrity. One slight change in source will cause “avalanche” effect in hash value
– In order to prove that two data sets are identical, their hash values must match.
– In some instances, hash values are not stable (NAND Flash) so a hash of the data as it’s extracted is taken but won’t necessarily match if source is imaged again

• Common hash techniques
– md5 (128-bit value)
– sha256 (256-bit value)

• md5 of “Andrew Hoog” = 9bdbad9aecd74fce6e6bb48ee18100b8

How to acquire a forensic image
• If possible, connect drive to a physical write blocker
– This prevents any writes to the drive
– There are software techniques but not as effective
– Generally, impossible with NAND Flash devices

• Forensically acquire device with software
– Open source: dd, dcfldd and dc3dd (we use the later)
– Free: FTK Imager and many others
– Commercial: FTK, EnCase, etc.

• Perform verification of source and image with hash signature and record in Chain of Custody
Example imaging with dc3dd
• Department of Defense’s Cyber Crime Center dc3dd
– Patched version of GNU dd
– includes a number of features useful for forensics
– Free and open source
• Command:
– dc3dd if= of=drive001.dc3dd verb=on hash=sha256 hlog=drive001.hashlog log=drive001.log rec=off
– rec=off determines how to handle I/O errors (recover=off)
– Full details: http://dc3dd.sourceforge.net/
• ./configure; make; sudo make install
Handling failing drives
• May run into drive issues, have to decide how to handle
– Stop on error
– Continue, fill with NULLs (0×00)
– Skip (would result in smaller dd image, not recommended)

• Example of errors:

• Potential workaround
– GNU ddresuce – very powerful alternative, install from source
– Will rescue blocks, read drive backwards, restart where last left off
– http://www.gnu.org/software/ddrescue/ddrescue.html

“Typical” forensic analysis steps
• Create timeline of events
• File system modified, accessed, changed and created
• Metadata from files (images, documents, flash cookies, etc)
• Mount dd image read-only
• Generate list of all files (allocated and deleted)
• Analyze key files
• Windows: Registry, LNK files, user profile, web history, etc.
• Linux: Bash history, .recently-used.xbel, gvfs-metadata, etc.
• Recover deleted files
• File carving (handles unallocated)
• Search files, dd image, etc.
• Many specialized techniques

Analyzing forensic image (F/OSS)
• The Sleuth Kit by Brian Carrier
– Brain author of excellent book File System Forensics Analysis (FSFA)
– Actively maintained, just released 3.2.2 (06/13/2011)
– Supports NTFS, FAT, UFS 1, UFS 2, EXT2FS, EXT3FS, and ISO 9660
– http://sleuthkit.org/
• Programs to start with:
– mmls – Media Management ls, generally partition info:
TSK – File system info
• fsstat – File system information:
TSK – listing (all) files
• fls – Forensic list
– Power utility which can list allocated/deleted files
– Provides offset so recovery is possible
– Build MACB for timeline analysis
– fls -z CST6CDT -s 0 -m ‘/’ -f ext3 -r -o 63 -i raw file.dd > body
mactime – make body file human friendly
• mactime -b body -z CST6CDT -d > timeline.csv
– Takes body file and turns into CSV or other format
Mount dd image read-only
• Determine file system offset in dd image:

• Mount FAT16 (and many others f/s) partition read only:

• Perform additional analysis on files

Log2timeline
• Kristinn Gudjonsson developed this software
– Written in Perl (trying to convince him to move to Python)
– Extracts timeline artifacts from many file types including
• Evt/extx, registry, $MFT, prefetch, browser history, etc. (46 and climbing)
– 10+ export formats
– http://log2timeline.net/

• timescanner -d ~/mnt/sdcard -z CST6CDT -w body.ts

• If you output in body format, can combine with TSK’s fls output and generate full timeline of file system and file metadata

Regripper
• Harlan Carvey developed this software
– Written in Perl
– Windows is primary platform, there is a Linux port
– Parses Windows registry files
• Support hives: NTUSER.dat, system, software, sam, security, etc.
– http://regripper.wordpress.com/regripper/

Scalpel
• Download scalpel src at:
• wget http://www.digitalforensicssolutions.com/Scalpel/scalpel-2.0.tar.gz
• Compile
– tar xzvf scalpel-2.0.tar.gz
– cd scalpel-2.0/
– ./configure; make
– sudo cp scalpel /usr/local/bin
• Run scalpel
$ scalpel -c scalpel.conf ~/Desktop/image.dd
$ scalpel -c android-scalpel.conf ~/Desktop/android-image.nanddump
• Examine data in “scalpel-output” directory
Android Flash Memory
• Android devices use a raw flash device, and therefore need a Flash Transition Layer (FTL)
– FTL provides basic block interface to developers
– Handles wear leveling, bad block management, metadata, etc.

• FTL is provided by Memory Technology Device (MTD)
– MTD is open source
– Newer Android devices are moving to eMMC where FTL controller is embedded with the memory (similar to thumb drives and SSD)

• MTD divides memory into blocks, each of which is 128K with a 64 byte Out-of-Band (OOB) area
– OOB houses YAFFS2 tags, meta data, bad blocks and ECC
YAFFS2 – Block/Chunk/OOB diagram
Android Forensics
• Logical recovery can be achieved through Content Providers
– We’ve developed free tool for law enforcement: AFLogical
– Commercial: viaExtract – http://viaforensics.com/products/viaextract/

• Beyond CPros
– To extract more data, we first need to escalate privileges on the device.
• This presentation is not intended to cover these techniques (a.k.a. get a Google Dev phone or go read XDA)

• Logical Acquisition
– With escalated privileges, we can simply connect to the device using the Android Debug Bridge (adb) and execute an adb pull command on the files that we wish to acquire. (i.e. /data/data)
Android Forensics – Physical acquisition
• Physical Acquisition
– Android dd image
• The dd utility on Android devices is only capable of reading the non-OOB data from the YAFFS2 MTD partition

– Full NAND image
• Includes OOB
• We use an in-house developed nanddump utility capable of reading and extracting all data from the YAFFS2 partition (and dealing with bad blocks)
• Allows an examiner to take full advantage of the YAFFS2 features, primarily artifacts from being a log-structure file system

YAFFS2 Timeline
nanddump -c /dev/mtd0ro | grep -v “00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00″ | grep -v “ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff” | less

0×00006800: 10 00 00 00 10 10 00 00 ff ff 66 96 c6 56 13 e2 |……….file1.|
0×00006810: 47 87 47 00 00 00 00 00 00 00 00 00 00 00 00 00 |txt………….|
0×00006900: 00 00 00 00 00 00 00 00 00 00 ff ff ff 18 00 00 |…………….|
0×00006910: d6 00 00 00 57 00 00 00 63 99 d5 d4 d7 99 d5 d4 |m…u…6.]M}.]M|
0×00006920: 42 a9 d5 d4 51 00 00 00 ff ff ff ff ff ff ff ff |$.]M…………|
0x000069c0: ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00 |…………….|
0x000069e0: ff ff ff ff ff ff ff ff 00 00 00 00 ff ff ff ff |…………….|
0x000069f0: ff ff ff ff ff ff ff ff 00 00 00 00 00 00 00 00 |…………….|
OOB Data: ff ff 10 01 00 00 20 10 00 01 10 10 00 08 51 00 |…………….|
OOB Data: 00 00 51 af e2 e2 10 00 00 00 ef ff ff ff ff ff |…………….|
OOB Data: ff ff ff ff ff ff ff ff ff 00 3c ff 3c ff ff ff |…………….|
OOB Data: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff |…………….|

• Number as written to NAND flash: 63 99 d5 d4 (0x6399d5d4)
• Converted from little endian to big endian: 4d 5d 99 36 (0x4d5d9936 which is the hex read from right to left)
• Converting 0x4d5d9936 (hex) to base 10 is 1297979702
• Unix time stamp 1297979702 in human date time format is Thu Feb 17 15:55:02 CST 2011 (date -d @1297979702)
YAFFS2 Timeline
• Using this information, we can isolate a number of important artifacts
– atime (accessed time) for a directory along with mtime and ctime
– Object ID to the directory within the OOB
– Object ID for files and cross-reference to make sure it is consistent with debug data.

• Additional analysis would allow us to create the MAC times for each file and directory on the NAND.

• It is also possible to gather additional meta data information from ObjectHeaders found on the NAND.
Proactive forensics
• Forensics has typically been used reactively

• By moving forensic techniques into proactive security services, excellent results are achieved

– appWatchdog: basic security testing for mobile apps
• http://viaforensics.com/appwatchdog/
– Mobile app security: see online presentation
• http://viaforensics.com/computer-forensics/mobile-app-security-presentation-andrew-hoog.html
– liveForensics: continuous forensic monitoring of key assets
• http://viaforensics.com/services/security/liveforensics/
Contact viaForensics
Andrew Hoog
Chief Investigative Officer
ahoog@viaforensics.com

http://viaforensics.com

Main Office:
1000 Lake St, Suite 203
Oak Park, IL 60301
Tel: 312-878-1100 | Fax: 312-268-7281

Google Tech Talk – A Geeks Guide to Digital Forensics

ahoog — Tue, 14 Jun 2011 15:41:14 +0000

Update 1: I gave the talk today. Click here to view the presentation and more info about the talk.

I’m going to give a Tech Talk at Google Chicago this Thursday (06/16/2011):

A Geeks Guide to Digital Forensics

This talk will provide a technical introduction to digital forensics geared towards fellow geeks who think tinkering with data in hex is fun and interesting. The talk will provide a brief background on forensics and important concepts including acquisition and verification techniques. Forensic analysis, the really fun stuff, will be covered in detail including specific a walkthough on how to carve YAFFS2 timestamps from a nandump of an Android device. Finally, we will cover the emerging intersection of digital forensics and traditional security, specifically mobile app security and continuous forensic monitoring of key systems.

I’m pretty sure it’s not open to the public however the good folks over at Google Chicago have offered to tape the talk and put it on their Tech Talk YouTube channel. Once we have a URL, we’ll post it out there for anyone interested.

Computer Forensics testimony in high-profile murder trial

Ted E — Wed, 08 Jun 2011 17:50:03 +0000

Although such testimony is commonplace these days since so much is done online, it still amazes me that people search for keywords related to a crime on their computers. Don’t they watch CSI?

Someone conducted keyword searches on “chloroform” using a desktop computer located in the home Casey Anthony shared with her parents, a computer examiner testified Wednesday in Anthony’s capital murder trial.

The searches were found in the “deleted” or “unallocated space” portion of the computer’s hard drive, Detective Sandra Osborne of the Orange County Sheriff’s Office testified, meaning they had been deleted.

From CNN: ‘Chloroform’ searched on Anthony computer, examiner testifies

Mobile App Security Presentation – Andrew Hoog

Ted E — Tue, 07 Jun 2011 23:06:41 +0000

This presentation was delivered in June 2011 at the 5th Annual Mobile Banking & Emerging Applications Summit in New Orleans.

Browse the slide images in the gallery below. A PDF version is available; make sure you are registered on the site and then use this link: PDF Download.

mobile-app-security-2011-06-slide (1)

mobile-app-security-2011-06-slide (2)

mobile-app-security-2011-06-slide (3)

mobile-app-security-2011-06-slide (4)

mobile-app-security-2011-06-slide (5)

mobile-app-security-2011-06-slide (6)

mobile-app-security-2011-06-slide (7)

mobile-app-security-2011-06-slide (8)

mobile-app-security-2011-06-slide (9)

mobile-app-security-2011-06-slide (10)

mobile-app-security-2011-06-slide (11)

mobile-app-security-2011-06-slide (12)

mobile-app-security-2011-06-slide (13)

mobile-app-security-2011-06-slide (14)

OUTLINE

Mobile App Security
How To Make Mobile Financial Services Secure
Qualifications – Andrew Hoog
Device growth
Mobile devices, sticking around
• 74.6M people in the US owned smartphones (Apr 2011)
• 13 percent increase from preceding 3 months
• 400,000 Android devices daily
• 200,000M iOS devices sold
• Powerful: lagging laptops by only 2-3 years
• Frequent new innovations
o NFC
o UI

App growth
Consumers love apps

• iPhone: just passed 14 billionth app download
• Android: 3 billion Android apps installed (4/14/2011)
• Functionality of apps significantly enhancing device
• App stores (03/2011)
o Apple: ~425k
o Android: ~250k
o RIM: ~20k
o WinMo: ~9k

What’s different about mobile?
Key security challenges for mobile devices
• Flash memory
• Device is constantly connected to the Internet
• Combines highly sensitive personal and corporate data, making perfect device to target
• Operating system is in constant state of flux
• Race to the next feature
• Security is an afterthought (corporate user/pass example)
• Traditional security techniques useful but more advanced ones are needed to secure mobile
• The FI is the developer

appWatchdog
Quick forensic examination of devices, lowest hanging fruit (10%)

appWatchdog – Study of 1st 100 apps
Release study of first 100 mobile apps reviewed

• 7 month period between Nov 2010 and June 2011
• 100 mobile apps reviewed
• Overall findings
• 17% Pass
• 44% Warn
• 39% Fail
• Financial app fared better
• 44% Pass
• 31% Warn
• 25% Fail

* appWatchdog only uses about 5% of our appSecure techniques

Mobile app security – examples
Mobile app security philosophy
Integrate security from design phase
Maintain traditional security controls
As we do in Chicago – Test early and often
Thoughtful questions for dev team
What if development team says, “We’re on it”

• How do you ensure and validate that no sensitive data is
stored on the mobile device?
• What steps do you take to validate that SSL and
authentication implementation are secure against MITM
exploits?
• What is in your code when it gets released to the public?
• How do you ensure that host validation works, to
protect clients from phishing via host spoofing?
• How much time is spent security regression testing
applications, compared to functional testing?
Contact Us
Andrew Hoog, CIO
Presentation: http://viaforensics.com/education/articles/
FS Roundtable, June 13th, 2PM EST

http://viaforensics.com

Main Office:
1000 Lake St, Suite 203
Oak Park, IL 60301
Tel: 312-878-1100 | Fax: 312-268-7281