Hackers are exploiting the vulnerabilities of PDFs. And these PDFs are not caught by virus scanners. A company may be infected with multiple viruses every week and have no means of protection. More effort needs to be made by companies to protect themselves against these kinds of attacks.

In the first quarter of 2009, malicious PDF files made up 56% of all exploits tracked by ScanSafe. That figure climbed above 60% in the second quarter, over 70% in the third and finished at 80% in the fourth quarter.”

PDF exploits are usually the first ones attempted by attackers,” said Mary Landesman, a ScanSafe senior security researcher, referring to the multi-exploit hammering that hackers typically give visitors to malicious Web sites. “Attackers are choosing PDFs for a reason. It’s not random. They’re establishing a preference for Reader exploits.”

via Rogue PDFs account for 80% of all exploits, says researcher.

Interesting behind-the-scenes look at Western Digital — a leader in the data storage and hard drive industry.

When you buy a car, you look under the hood. Given the critical importance of hard disk storage in all of our lives, we thought you might want a peek under that hood, too. Now that Western Digital is in the business of breaking new capacity records the latest Caviar Green was the first drive to hit 2TB, for example, we jumped at the chance to take a first-ever, unrestricted tour of its California R&D facilities. This is the place where magnetic technology of the 1950s meets the nano- and quantum-level technologies of the current decade.

via Great Mysteries To Be Revealed… – Picture Story – Tom’s Hardware.

Yet more evidence that the forensics community needs to be focusing on mobile devices. Join viaForensics’ Open Source Android Forensics project.

Computer scientists at Rutgers University this week are demonstrating ways that rootkits can attack new generations of smart mobile phones.

The researchers… are showing how a rootkit could cause a smartphone to eavesdrop on a meeting, track its owner’s travels, or rapidly drain its battery to render the phone useless — all without the user’s knowledge.

“Smartphones are essentially becoming regular computers,” says Vinod Ganapathy, assistant professor of computer science in Rutger’s; School of Arts and Sciences. “They run the same class of operating systems as desktop and laptop computers, so they are just as vulnerable to attack by [malware].”

via Researchers: Rootkits Work Nicely On Smartphones, Thank You – wireless security/Security – DarkReading.

Application security may still have a ways to go, but Open Source is showing promise…

Despite the relatively gloomy picture of developers still missing the mark initially on security, there were some bright spots in the report: Open-source software isn’t as risky as you’d think, and financial services organizations and government agencies tend to have more secure applications from the get-go; more than half of their apps passed as acceptable in the first submission to testing, according to Veracode’s report.

“The conventional wisdom is that open source is risky. But open source was no worse than commercial software upon first submission. That’s encouraging,” Oberg says. And it was the quickest to remediate any flaws: “It took about 30 days to remediate open-source software, and much longer for commercial and internal projects,” he says.

via State Of Application Security: Nearly 60 Percent Of Apps Fail First Security Test – DarkReading.

A recent article on Law.com (part one of a seven part series) discusses the importance of legal holds for the preservation of electronically stored information (ESI) and other documents.

Why are courts placing so much emphasis on this ministerial step in preservation of issuing a written litigation hold? It appears that patience is running thin for lost ESI in federal court. More importantly, ignorance of litigation hold requirements is no excuse. Also, the days of he-said-she-said litigation hold arguments are numbered. Courts want to see a transparent and credible process by simply looking at a few documents such as the written hold notice, distribution list, follow-up interview reports or logs, as examples.

As articulated by Judge Scheindlin in Pension Committee v. Banc of America, courts definitely do not want to wade through stacks of motions papers and days of hearings to determine if preservation efforts were sufficient to prevent the destruction of ESI and other documents. As a result, it is imperative for an organization to have in place a litigation hold policy and adequate procedures necessary to avoid going down the litigation “detour” of discovery sanctions motions.

via Law.com – Step 1 for Legal Holds: Trigger Events.

Mobile phones these days are essentially computers and are increasingly a magnet for criminal activity. Corporations and individuals need take seriously the threat against these devices. And e-forensic investigators need to learn new techniques and devise tools to combat this threat. (Hint: Take a look at viaForensics’ work on iPhone and Android forensics).

The increasing use of mobile devices for banking, money transfer, and payment is increasing the risk that criminals will target these devices for financial gain.

More banks are providing customers with the ability to access their accounts using mobile devices. In a number of cases, criminals have gained access to bank accounts by tricking cell phone providers into issuing SIM cards associated with the customer’s account…

In addition, fraudulent mobile banking applications have emerged for Android devices that attempt to steal personal financial information…

These risks will continue to grow in the coming years as more mobile devices are used to execute financial transactions…

via Identity Theft Coming to a Mobile Device Near You.

FOR IMMEDIATE RELEASE

Contact:
Andrew Hoog
Chief Investigative Officer
viaForensics
Phone: +1 312-283-0551
http://viaforensics.com/contact-us

viaForensics announces release of Open Source Android Forensics application

viaForensics has released a beta version of its Open Source Android Forensics application supporting all Android devices.

Chicago, Feb 25, 2010 – viaForensics, a computer and mobile forensics firm, has released a beta version of its Open Source Android Forensics application, which allows forensics examiners to export data from an Android device for use by law enforcement and forensic investigators.

The beta version of the application, developed under the direction of lead architect Derek Guardiola, can be downloaded to an Android device enabling examiners to then export data, including browser history, call logs, contact methods, organizations, people and short message service (text messages), to a CSV file on an SD Card.

The development of this application on an open source platform, viaForensics believes, will support the further development of an unparalleled Android Forensics application which can be used free of charge. Developers can easily create plug-ins which will extract additional data from Android devices. Developers interested in participating in the application can contact viaForensics. The project source code and apk files can be downloaded from Google Code: http://code.google.com/p/android-forensics/

As the foremost experts in Android Forensics, viaForensics has developed techniques and training programs preparing law enforcement and forensic providers with the resources to successfully investigate Android devices. viaForensics is also in development on a complimentary reporting application for the extracted data. For more information, visit the viaForensics web page on Android Forensics.

About viaForensics

viaForensics is an innovative computer/mobile forensic and e-discovery firm focusing on providing proactive services to corporations, law enforcement and law firms. Andrew Hoog is a computer scientist, computer/forensics researcher and Chief Investigative Officer at viaForensics.

###

I’m very happy to announce the beta release of our open source Android Forensics application.

Overview

The application was written for the 1.5 API which allows it to run on all Android devices.  The initial application exports the following data to a CSV file on the SD Card:

• Browser history
• Call logs
• Contact Methods (email, phones, etc.)
• Organizations (companies that contacts are in)
• People (the individual people)
• SMS

The apk file is less than 20 KB and installed the application only 44 KB on the phone.  The forensics examiner would replace the user’s SD Card with their own (and presumably image the original for forensic analysis) and the results from the application would be saved for further analysis.

Open source

We are confident this application will grow in significance and capabilities.  Already there is significant interest from the community for further development.  By deigning an extensible framework, developers can easily create plugins which will extract additional data form the device.  We believe the open source philosophy will support the development of an unparalleled Android Forensics application which can be used free of charge.

viaForensics

viaForensics has sponsored this important application.  As the foremost experts in Android Forensics, our techniques and training programs prepare law enforcement and forensic providers with the resources to successfully investigation Android devices.   On supported phones, our techniques provide a full “dd image” of key partitions providing a vast recovery of data (including deleted data and versioning of files).  We are also developing a complimentary reporting application for the extracted data and pricing will be announced soon.

How you can help

If you are interested in participating in the application, please Contact Us.  The project source code and apk files can be downloaded from Google Code:

http://code.google.com/p/android-forensics/

Special Thanks

Finally, we want to thank our lead architect and developer on this project Derek Guardiola.  Many a late night (early morning) has been spent preparing for this initial release.  His work has been instrumental in providing this important application to the forensic community.

We hope to hear from you!

This is an interesting and evolving area.  Many of these devices run embedded OS with flash memory so traditional forensic techniques do not work.  However, the Android platform (and other mobile platforms) have similar characteristics and thus the R&D in those areas can be applied to embedded devices.    Moral of the story: if it has data storage or network activity, you’ll find a forensic geek poking around somewhere close by (hint: contact us if you want to discuss):

Attacks against the power grid are likely to rise and intensify during the next 12 months as smart grid research and pilot projects advance, according to utility security experts and a recently published report that analyzes threats to critical infrastructure.

The so-called Project Grey Goose Report on Critical Infrastructure points to state and/or non-state sponsored hackers from the Russian Federation of Independent States, Turkey, and China as the main threats to targeting and hacking into energy providers and other critical infrastructure networks.

via Spike In Power Grid Attacks Likely In Next 12 Months – DarkReading.

FOR IMMEDIATE RELEASE

Contact:
Andrew Hoog
Chief Investigative Officer
viaForensics
Phone: +1 312-283-0551
http://viaforensics.com/contact-us

The CIO of viaForensics, Andrew Hoog, has been invited to speak at the International Conference on Cyber Security 2010 presented by the Federal Bureau of Investigation and Fordham University in New York City this August.

Chicago, Feb 24, 2010 –  viaForensics’ CIO Andrew Hoog will offer a training course on Android forensics at the upcoming Interational Conference on Cyber Security (ICCS 1020), held August 2-5, 2010, in New York City. The conference, hosted jointly by the Federal Bureau of Investigation and Fordham University, brings together law enforcement officials, industry professionals and academic experts to discuss emerging worldwide cyber threats.

In 2009, the conference hosted more than 500 professionals representing 40 counties. Attendees were an International mix of law enforcement agents and prosecutors, cyber-security researchers, members of academia and business and government leaders.

This year the conference will feature 50 lectures covering three broad areas: Emerging Technologies, Operations and Enforcement, and Real Life Experiences. In addition to the lectures, panel discussions, sponsors’ presentations, exhibitions and networking opportunities, ICCS will present two unique events – a Law Enforcement Workshop and the Cyber Security Tutorial – featuring experts presenting both technical and non-technical sessions.

viaForensics’ training, presented by CIO Andrew Hoog, provides examiners with six separate techniques to acquire data from an Android device. The course explains the techniques and analysis tools needed to effectively investigate an Android phone. The full course outline  is provided on the viaForensics website. The training will be offered on the first day of the conference, August 2nd.

Andrew Hoog has authored a groundbreaking white paper on iPhone forensics and is currently authoring a book on Android forensics. Hoog also maintains the Android Forensics Wiki (AFWiki).

About viaForensics

viaForensics is an innovative computer/mobile forensic and e-discovery firm focusing on providing proactive services to corporations, law enforcement and law firms. Andrew Hoog is a computer scientist, computer/forensics researcher and Chief Investigative Officer at viaForensics.

###