Computer forensics experts are skilled in various techniques used to recover and analyze data for use in a legal investigation. They have the ability to dig deeper and provide more than the average IT technician. When you are in need of a [...]]]>

How to find a verify a computer forensic expert
by Lee Haas

Life is about to become more difficult for countries trying to censor access to foreign websites. A system dubbed Collage will allow users in these countries to download stories from blocked sites while visiting [...]]]>

Good news for opponents of censorship. But embedding data in sites such as Flickr could also make it challenging for forensics.

Life is about to become more difficult for countries trying to censor access to foreign websites. A system dubbed Collage will allow users in these countries to download stories from blocked sites while visiting seemingly uncontroversial sites such as Flickr.

Collage relies on a well-established technique known as digital steganography, in which an image file is changed to encode the hidden message without obviously affecting the appearance of the image. A prototype version is due to be unveiled on Friday, 13 August.

via Hiding files in Flickr pics will fool web censors – tech – 09 August 2010 – New Scientist.

Beyond Reactive: Leverage Forensics to Increase Security and Auditability:

As network environments get larger, faster, and more complex, they become more difficult to secure. With numerous applications, users, and systems interacting, and a staggering [...]]]>

The St. Louis chapter of ISACA will present on proactive forensics during its 2010-2011 kick-off meeting on September 15th. Click below for details.

Beyond Reactive: Leverage Forensics to Increase Security and Auditability:

As network environments get larger, faster, and more complex, they become more difficult to secure. With numerous applications, users, and systems interacting, and a staggering array of increasingly complex threats, the number of events to monitor can be overwhelming.

Traditional IT security has largely failed to protect corporations, government and individuals. Typical firewall/anti-virus combinations are reactive and frequently circumvented, and provide little mitigation in the case of data breaches. The problem is apparent with numerous high-profile breaches getting headlines in the last several years DoD, PCI, HIPAA.

This session will focus on the use of proactive forensics and how an organization can audit live systems in real time. Proactive forensics provides advanced capabilities to protect internal & external systems at a very low level and is undetectable to attackers. Benefits discussed will include

• file system monitoring

• live memory capture

• user activity monitoring

• application-aware event monitoring, and

• malware detection

Additionally, we will discuss how this information can be combined with automated differential reporting and how to develop a user-friendly dashboard.

via Beyond Reactive: Leverage Forensics to Increase Security and Auditability – Event Summary | Online Registration by Cvent.

Organized cyber-criminals and malicious insiders were responsible for most corporate data breaches in 2009, [...]]]>

Companies need to protect themselves both inside and out. According to a report by Verizon and the Secret Service, summarized in the article below, while external parties still pose the largest threat, 48 percent of security breaches originated from within the organization.

Organized cyber-criminals and malicious insiders were responsible for most corporate data breaches in 2009, and used tactics like credential abuse, hacking and sophisticated social engineering to get away with their heists, according to a new report by Verizon and the Secret Service.

In a first-of-its-kind collaboration, Verizon and the Secret Service confirmed 141 breach cases in 2009 that resulted in 143 million compromised records. With the addition of three years of Secret Service data, Verizon has now documented more than 900 data breaches over the last six years involving 900 million individual records.

“The chance to study a larger set of breaches is certainly something that we enjoyed,” said Wade Baker, director of research intelligence at Verizon Business. ”

Adding the Secret Service data contributed to give us a more accurate picture.

“The additional information revealed a much higher number of inside breaches than previous reports had shown, with 48 percent of breaches originating from inside a business or organization. However, external parties still posed a larger threat, having been involved in 70 percent of all cases 27 percent of the cases studied were plotted by a combination of agents, which accounts for overlaps.

via Study finds more data breaches are inside jobs – SFGate.

viaForensics has developed tools and services to help organizations protect themselves from both internal and external threats. But organizations needs to start taking actions proactively rather than waiting until the breach occurs.

Passwords with fewer than 12 characters can be quickly brute-force decoded using a PC graphics processing unit (GPU) that costs just a few hundred dollars, according to researchers at the Georgia Institute of Technology.

Article: Passwords Quickly Hacked With PC Graphics Cards – InformationWeek

Organizations are getting hit by at least one successful attack per week, and the annualized cost to their bottom lines from the attacks ranged from $1 million to $53 million per year, according to a newly published benchmark study [...]]]>

Data breaches are costing companies millions each year, according to the studies cited in the following article.

Organizations are getting hit by at least one successful attack per week, and the annualized cost to their bottom lines from the attacks ranged from $1 million to $53 million per year, according to a newly published benchmark study of 45 U.S. organizations hit by data breaches.

The independent Ponemon Institute's “The First Annual Cost of Cyber Crime Study” (PDF), which was sponsored by ArcSight, showed a median cost of $3.8 million for an attack per year, a price tag that includes everything from detection, investigation, containment, and recovery to any post-response operations. “Information theft was still the highest consequence — the type of information [stolen] ranged from a data breach of people's [information] to intellectual property and source code,” says Larry Ponemon, CEO of the Ponemon Institute. “We found that detection and discovery are the most expensive [elements].”

And a separate report called “The Leaking Vault” (PDF) released today by the Digital Forensics Association found that among the 2,807 publicly disclosed data breaches worldwide during the past five years, the cost to the victim firms as well as those whose information was exposed came to whopping $139 billion.

The article goes on to say:

“It seemed that the majority of the 45 organizations were random and haphazard in their approach” to the problem, Ponemon says. “They didn’t have the right tools or technologies, and they didn’t know what kinds of threats there were and that the actual attacks were happening” until afterward. One finding in the report gave a nod to SEIM tools: Organizations with a SIEM solution incurred 24 percent less costs of the breach than those that did not.

This point illustrates the need for organizations to take a more proactive approach to their data security. Tools (such as liveForensics) can help organizations monitor and stay one step ahead of security issues. A small investment up front could save a fortune down the road.

via One Breach = $1 Million To $53 Million In Damages Per Year, Report Says – DarkReading.

What is your view on the convergence of computing devices such as PC’s & Mobile phones, the wider integration of IP devices and the possible implications for the Digital Forensic Investigator?

I believe convergence of the computer, phone [...]]]>

viaForensics CIO, Andrew Hoog, has been profiled in Digital Forensics Magazine‘s feature “Meet the Professionals.” Here’s a brief excerpt:

What is your view on the convergence of computing devices such as PC’s & Mobile phones, the wider integration of IP devices and the possible implications for the Digital Forensic Investigator?

I believe convergence of the computer, phone and other devices will have a significant impact on digital forensics. One issue, which we must grapple and ultimately deal with, is that typically mobile phones (or any device without a traditional hard drive) cannot be imaged with a write blocker. This inevitably leads to a bit of a “religious war” in the forensics community over what is forensically sound. I think common sense will play a large role in ultimately putting this issue to rest. Convergence also means significantly more R&D, not just the latest OS from Microsoft but new file systems (take YAFFS2 found in Android devices), new types of flash/ssd memory and much more.

A great example for this convergence impacting companies today is the use of smart phones to circumvent IT security. When I present to corporations, I will typically use my Android phone to connect to the Internet. Usually during the presentation, the security folks will tell us that their systems are secure and they have little to worry about. I then hold up my phone and inform them that I completely circumvented all of the IT security controls with my phone… the tone of the conversation typically changes quite quickly.

While some cyber criminals handcraft their own attack tools, many others take advantage of the so-called malware kits that are widely available online.

These programs bundle into one convenient package everything the budding cyber [...]]]>

This sounds like some kind of double agent thing. “These vulnerabilities would allow security researchers to ‘hack the web hackers,’” says Mr. Oudot.

While some cyber criminals handcraft their own attack tools, many others take advantage of the so-called malware kits that are widely available online.

These programs bundle into one convenient package everything the budding cyber criminal needs to get started.

French computer security researcher Laurent Oudot from Tehtri Security has analysed the inner workings of many of these malware kits to see how secure they are.

Mr Oudot found that that many of the kits, which have names such as Neon, Eleonore and Sniper, sport significant loopholes that are relatively easy to exploit.

via BBC News – Fighting back against web attacks.

The FBI failed to break the encryption code of hard drives seized by federal police at the apartment of banker Daniel Dantas, in Rio de Janeiro, during Operation Satyagraha. The operation began in July 2008. According to a report published on Friday (25) by the newspaper Folha de S. Paulo, after [...]]]>

Anyone up for a challenge?

The FBI failed to break the encryption code of hard drives seized by federal police at the apartment of banker Daniel Dantas, in Rio de Janeiro, during Operation Satyagraha. The operation began in July 2008. According to a report published on Friday (25) by the newspaper Folha de S. Paulo, after a year of unsuccessful attempts, the U.S. federal police returned the equipment to Brazil in April.

According to the report, the fed only requested help from USA in early 2009, after experts from the National Institute of Criminology (INC) failed to decode the passwords on the hard drives. The government has no legal instrument to compel the manufacturer of the American encryption system or Dantas to give the access codes.

via G1 – Not even FBI was able to decrypt files of Daniel Dantas – notícias em English.