dfm covers
 
 

In This Issue

Written by DFM Team


Issue 13 - Out now!

Here's a quick review of some of the main articles within Issue 13


Issue 13 of Digital Forensics Magazine brings new techniques and ideas to the industry. Subscribe today to ensure you get digital access, or if you want, subscribe to the print edition. Find out more at our subscriptions pages.

Here's just a few of the fantastic articles inside Issue 13...


Digital Forensics & The Fraud Triangle
This feature article is all about how many forensic software applications predict fraud and corruption using heuristics based on the Fraud Triangle. This article will discuss some of the pitfalls of these algorithms, and what forensic software applications can do to improve accuracy.

A conviction for violating the Foreign Corrupt Practices Act (FCPA) carries severe consequences. Corporations as well as their offi cers, directors, stockholders and employees may be fi ned and imprisoned up to five years. In addition, convicted fi rms and associated stakeholders may be barred from doing business with the U.S. Federal Government. (United States Department of Justice) In the U.S. the FCPA bans bribing a government offi cial to influence any act or decision, and includes bribing an official of a foreign government.


Cracking MS-CHAP2 - How Secure is Your VPN?
MS-CHAP2 is network authentication protocol, designed by Microsoft way back in the days of NT 4.0. In fact, it is still happily working away in the background of some well-known systems such as PPTP VPN’s and WPA2 Enterprise based networks using radius for authentication. It’s been long standing knowledge the protocol has a number of fl aws, however said fl aws were often overlooked and made to appear slightly irrelevant if your password was complex enough; until a few months back when one researcher set out to change that, during this article we will be taking a closer look at some of the key fi ndings presented at this year’s BlackHat conference around the subject of cracking CHAP2 once and for all.


Cloud-Based Honeypots
Introducing honeypots as a tool for the forensic practitioner’s toolbox showing how to deploy a simple cloud-based honeypot and our results after one month.

Honeypots are generally regarded as a tool of the security practitioner and researcher but they also offer advantages that forensic practitioners will find valuable. A honeypot is a system designed to attr act adversaries and monitor interactions. Honeypots have no legitimate use and so inter actions are considered illegitimate. Interactions include keystrokes, network activity and more. They are a useful way to learn about adversaries by offering a view of their motiv es, tools, techniques and operational capability. By luring in adversaries they also deflect attacks from production infrastructure and give insight to attacks that might be used against these systems.


First Responders CSIRT & Forensics
With the signifi cant growth and trending of computer crime, along with the associated actors of Hacking, Hacktivism, Serious & Organised Crime attacks, and the risk posed by casual hackers, the potential for any organisation, located within any sector, be it Commercial or Government, encountering some form of attack is highly likely.

critical factor to surviving any manifestation of direct or indirect threat, or attack is to have established processes and procedures in place, accommodating robust, structured responses to any such actual or inferred event, thus introducing the necessity of the First Responder CSIRT & Forensics.


Creating A Virtual Forensics Lab
This article provides a practical guide for how virtualization, combined with centralized storage and a few unique products, can be used to build a lower cost and scalable digital forensics lab.

irtualization has been used for quite some time in the field of digital forensics. Its primary application has been to “virtually boot” forensic images in order to access and analyse data that cannot be viewed otherwise (short of booting the original hard drive or a clone of it). For example, if an original suspect drive is in an encrypted format that is unreadable by common forensic tools such as EnCase or FTK, virtually booting the image potentially allows the examiner to view the contents of the suspect drive by inputting an encryption password or by decrypting the data using the encryption program that was installed by the suspect. Virtually booting a hard drive image also allows an examiner to gather information about the functionality of specifi c programs that can be diffi cult to do via dead-box analysis, especially if the programs are uncommon.



Plus all the regular features, news, Robservations, our legal section and Apple Autopsy...


Login to read online or Subscribe today!



 
 

Submit an Article

Call for Articles

We are keen to publish new articles from all aspects of digital forensics. Click to contact us with your completed article or article ideas.

Featured Book

Cyber Attack, Cyber Crime, Cyber Warfare - Cyber Complacency

Mark Osbourne's latest book covers all things Cyber. All proceeds from the book go to charity.

Meet the Authors

Andrew Harbison

Andrew Harbison is a Director and IT Forensics Lead at Grant Thornton

 

Coming up in the Next issue of Digital Forensics Magazine

Coming up in Issue 20 on sale from August 2014:


Big Data
Andrew Pimlott and his team at EY take a look at Big Bata risk, the creation of compliance data analytics dashboards, predictability fraud models that help predict fraud, cybercrime analytics and financial services analytics. Read More »

Programming the Wetware
Continuing on from the first part of his article Keith Scott suggests how certain aspects of human psychology and behaviour may offer ways to influence a user’s actions in the information realm. Read More »

Subscribe today


Dental Biometrics
Aqsa Ajaz takes a look at Dental biometrics and investigates how it is is used in forensic odontology to identify individuals based on their dental characteristics. Read More »

Every Issue
Plus the usual Competition, Book Reviews, 360, IRQ, Legal

Click here to read more about the next issue