DFM Newsletter December 2009


Home \| DF News \| Web Links \| Submit a Proposal \| Issues \| Press Releases \| Subscribe \| Login
Aug \| July \| June \| May \| April \| March \| Jan \| Dec 09
Digital Forensics Magazine is out now...what are you waiting for?

Welcome to the Digital Forensics Magazine Monthly Newsletter - December 2009 The last month has been an exciting one in the field of digital forensics. As well as our magazine launch, we've seen... COFEE leaks all over the web! In Early November, Microsofts brand new law enforcement tool was leaked onto the internet. The long sought-after forensics tool, COFEE, which stands for Computer Online Forensics Evidence Extractor, was leaked onto software download sites such as the Pirate Bay for anyone to download and use. The tool is useless to most people as it is a forensic tool, however, Microsoft has been extremely busy trying to ‘kill’ all the download links. Read more... For those who have the shakes over COFEE, there is a tool to help, DECAF DECAF is a “counter intelligence tool specifically created around the obstruction of the well known Microsoft product COFEE used by law enforcement around the world.” It provides real-time monitoring for COFEE signatures on USB devices and running applications. Upon finding the presence of COFEE, DECAF performs numerous user-defined processes; including COFEE log clearing, ejecting USB devices, drive-by dropper, and an extensive list of Lockdown Mode settings.. Read more... PGP whole disk encryption approved for MoD / Armed Forces usage After several months of tests, PGP Corporation has announced that its Whole Disk Encryption (WDE) technology has been approved for use by the Ministry of Defence and British Armed Forces. According to the IT security vendor, the Whole Disk Encryption approval was granted by the INFOSEC Product Co-operation Group (DIPCOG) and comes just a few months after PGP's Whole Disk Encryption products received baseline approval under the CESG Assisted Products Service (CAPS), allowing usage by the UK government and its agencies. Read more... (ISC)2 EMEA director warns about DIY cloud computing According to John Colley, despite the fact that security professionals are getting to grips with new technologies, companies are set to stumble into new areas for putting data at risk with the do-it-yourself (DIY) accessibility of cloud computing. Coupled with a recovering economy, the (ISC)2 director warns about companies moving into new IT initiatives such as cloud computing before they can be properly resourced. "After the cut-backs in 2009, most businesses will be eager to re-engage business initiatives. They should beware of rushing in without giving proper consideration to the security requirements however especially since security teams and projects have been pared back to minimum requirements it will take time to build them back up", he said. Colley added that, adding to this dynamic is the concern that cloud computing will make it very easy for people to get around the internal limitations of their IT department. Read more... F-Response TACTICAL released! The F-Respone product line enables forensic investigators and incident responders to mount hard drives from suspect systems in a read-only manner. It includes support for numerous operating systems, including Windows, Linux, Mac OS X, HP-UX, AIX, and Solaris. Under Windows, physical memory can be mounted and analyzed. What makes TACTICAL groundbreaking is not amazing technical advancements in the product itself, but its ease of use. Essentially, it will enable just about anyone to use the product with little effort, yet yielding powerful results. All of the software and licensing is prepackaged in a pair of USB flash drives labeled Examiner and Subject. Unlike the Consultant and Enterprise Editions, there is no need to run a license management server. To use it, you plug the Subject USB drive into the machine you want to examine and run the TACTICAL Subject software. Read more...
	Print Version Now Available Yes folks, Digital Forensics Magazine is now available in print. By popular demand we've committed to paper and a subscription is now available in this format (you also get the Digital Edition included in the price of a print sub). If you subscribe today, we'll also send you a free paper version of Issue 1. The team was absolutly blown away by the response to our first issue and the sheer volume of requests for a paper version has forced this to market sooner than any of us had planned. Visit here to find out how to subscribe to the print or online version of DFM.
Issue 2 of Digital Forensics Magazine...out on Feb 1st, 2010 A new bigger version of Digital Forensics Magazine will be out in February, so don't forget to subscribe to make sure you don't miss out on the great features and articles that we've brought together. Below, we've pulled together some highlights of what's in store for our readers next year. In the mean time, have a great holidays and we'll be back with more in the new year.
	Are all Forensics Labs Created Equal? James Cardin writes a fascinating article in our second issue about how all digital forensics labs are not equal. Hardware, software, and training varies from lab to lab according to its mission - and that of the organization to which it's attached. "A Forensic Lab by Any Other Name" will compare and contrast labs run by federal law enforcement agencies, regional task forces, military investigations, private investigators, and corporate specialists. Find out what James has to say in Issue 2 of DFM
A subscription to Digital Forensics Magazine - a great gift for the holiday season Stuck for a gift for the holidays? Looking for that little stocking-filler? Why not get a subscription to Digital Forensics Magazine? For less than the price of your typical professional quarterly you can make sure you're not missing a trick in the world of digital forenics,either online or in print. Find out more about our subscriptions rates - a great gift for loved ones.
	20% discount on Oxygen Suite 2 when you sign up for Digital Forensics Magazine We've teamed up with Oxygen Software to bring you a really special offer. Inside Issue 1 of Digital Forensics Magazine, you'll find a coupon that entitles you to a fantastic 20% discount off a variety of Oxygens products. Find out how to get your discount. Hurry, as the offer ends Jan 1st 2010.

Digital Forensics Magazine

Keeping you in the know. Here's just a few more of the great things coming up in Issue 2, bigger and better and out in February 2010.

Wireless Network Forensics

802.11-based wireless networking has significantly altered the networking means and topology for cities, offices, homes and coffee shops over the last five years. It has revolutionised computer networking and automation and added a social aspect to personal computing.

Similarly, a second generation of wireless devices has extended what was once a computer-to-computer protocol into the area of embedded functional devices. Accompanying this widespread usage is the presence of crime; the more popular technology, the more opportunity exists for its misuse.

The feature in issue 2 studies the 802.11-based wireless networking environment from a forensic computing perspective. It seeks to understand the current state of wireless misuse: present misuses; potential forms of misuse involving 802.11-based wireless networks; and current tools and techniques used in its identification, containment and analysis.

The article highlights the lack of current tools and procedures for forensic computing investigations that are able to effectively handle the presence of wireless devices and networks, and that there are forms of misuse that may escape detection by forensic investigation teams.

Wi-Fi Network Signals as a Source of Digital Evidence: Wireless Network Forensics are explored and explained by B. Turnbull and J. Slay, Member, IEEE, in issue 2 of DFM.

Analysis of Information Remaining on USB Storage Devices

The use of the USB storage device has largely replaced the floppy disk and to some extent the CD, the DVD and the external hard disk. Their robustness, size and weight make them easy to transport, but also to lose or misplace. They are inexpensive and are often given away as promotional items by organisations. Over the last few years there has been a dramatic increase in the storage capacity of these devices and the larger capacity and continued low cost has vastly increased the potential uses of the devices and also the volumes and types of data that they may contain.

We feature research that has been carried out on the information that remains on the USB storage devices and to determine the level of damage that could potentially be caused if that information fell into the wrong hands.

Win a Digital Dictaphone in Issue 2

Our friends at Sony have kindly offered up a state-of-the-art digital recorder for us to give away in issue two's competition.

The Sony Digital Recorder (Windows and Mac compatible) has mp3 stereo recording and playback, as well as advanced dictation features like Digital Pitch Control and Voice Operated Recording, Make sure to get your copy of issue two in order to enter our prize competition.

We take a look at Android

For a long time digital forensics has mainly focused on the computer side of the forensics industry with mobile phones being more of a secondary industry. This is due to the mobile phones lack of abilities unlike the modern day handsets that are starting to adopt computer elements i.e. iPhone, Android and Windows Mobile based handsets.

For anyone entering the mobile arena in forensics today would find an array of knowledge and solutions available in mobile phone forensics to be far less than the computing equivalent.

Find out more about Android...

In the UK, restrictions include Law Enforcement Only events and Law Enforcement solutions regardless there are legitimate firms who do work for Law Enforcement who would benefit from the same solutions as well as the off the shelf solutions from MicroSystemation, CelleBrite and Oxygen.

In issue 2 of Digital Forensics Magazine, we explore the latest mobile forensics software and let you know what we find.

It's in the Faraday Bag

The ‘Faraday bag’ is intended to shield a mobile phone to prevent unwanted applications being invoked remotely, such as wiping the memory. It is, therefore, of interest to the police and security forces. The key to the quality of the bag is the quality of the shielding.

Tests are currently underway in De Montfort University to provide an indication of the quality of this shielding. The approach used is the Electronic and Electrical Engineering’s (E3) Mode Stirred Reverberation Chamber. The reverberation chamber is a conducting room that isolates the contained volume from the external electromagnetic environment.

The device under test – in this case the bag with an enclosed receiving antenna – is placed in the chamber and illuminated by an antenna with a mechanical ‘paddle wheel’ stirrer rotating to move the electromagnetic hotspots round in the room to ensure that the device under test is illuminated by a worst case field strength from all directions and all angles of incidence over one rotation of the stirrer. The results of the tests will be reported in a subsequent issue of Digital Forensics Magazine.

Investigation Case Study

We follow an real-life investigation from P3 Strategic involving an institution of higher education. In this particular case, the primary web portal for the university was compromised and several pages were defaced. The investigation scope included the web portal server and its backend database server.

Save10% with an Annual Subscription

A 4-issue subscription gives you access to Issue 1 free of charge, then 4 subsequent, consecutive issues of Digital Forensics Magazine for only £54.

Sign up for the annual subscription and you'll be saving 10% on the cover price of each individual issue. If you'd like a printed copy of the magazine then you can contact us directly and we'll arrange this for you as soon as we can. More>>

Finally we'd like to take the chance to wish all our readers Season's Greetings and hope you all have happy holidays.

See you in 2010 with the next issue in February.

The DFM Team

This email was brought to you by Digital Forensics Magazine - Supporting the Professional Computer Security Industry

Welcome to the Digital Forensics Magazine Monthly Newsletter - December 2009

Print Version Now Available

Issue 2 of Digital Forensics Magazine...out on Feb 1st, 2010

Are all Forensics Labs Created Equal?

A subscription to Digital Forensics Magazine - a great gift for the holiday season

20% discount on Oxygen Suite 2 when you sign up for Digital Forensics Magazine

We've teamed up with Oxygen Software to bring you a really special offer. Inside Issue 1 of Digital Forensics Magazine, you'll find a coupon that entitles you to a fantastic 20% discount off a variety of Oxygens products. Find out how to get your discount. Hurry, as the offer ends Jan 1st 2010.

Digital Forensics Magazine

Keeping you in the know. Here's just a few more of the great things coming up in Issue 2, bigger and better and out in February 2010.

We've teamed up with Oxygen Software to bring you a really special offer. Inside Issue 1 of Digital Forensics Magazine, you'll find a coupon that entitles you to a fantastic 20% discount off a variety of Oxygens products. Find out how to get your discount. Hurry, as the offer ends Jan 1st 2010.