Home | DF News | Web Links | Submit a Proposal | Issues | Press Releases | Subscribe | Login
Aug | July | June | May | April | March | Jan | Dec 09Welcome to the Digital Forensics Magazine Monthly Newsletter - June 2010
Last month has been another fast moving one in the field of digital forensics. We have some top items for this month:
- Some news items that caught our eye, including the 2010 Forensic 4Cast Awards in DC - voting now open!
- Suman Beros writes about a"New Role for Digital Forensic Experts"
- Chista M Miller continues her 5 Reasons for Digital Forensic Examiners to Use Content Marketing
- We have The 10 Minute Guide to Forensics and Virtualization by Andrew Hoog
- Lots more...
Ok, on with the newsletter and some great, new content...
1. In the news...
The 2010 Forensic 4cast Awards are now open for voting. The awards will take place in Washington DC on July 8th as part of the SANS Forensic Summit. In the inaugural year of the awards several people were honoured by their peers including Jamie Morris of Forensic Focus, Rob Lee of SANS, Harlan Carvey, and Brian Carrier.
Please take the time to register your vote here or go to http://forensic4cast.com/2010/06/16/forensic-4cast-awards-2010-voting-is-open/
While the Summit is open to registered parties only, the Forensic 4cast awards are open for all to attend at no cost. So if you’re in the DC area please come along.
Our friends at ElcomSoft have updated Elcomsoft iPhone Password Breaker with iOS4 Software support. Apple has changed the algorithm protecting encrypted backups for its iOS devices, making the backup process faster while strengthening the protection even further compared to prior releases. In addition, the encryption is now moved into the kernel of the new iOS. All of these made recovery attacks even harder. As rumored, Apple iOS 4 will be made available today on Apple official web site.
ElcomSoft iPhone Password Breaker released earlier this year is a GPU-accelerated password recovery tool to get access to encrypted backups of iPhone, iPod Touch and iPad. This product is designed for cyber forensics experts who need to gather evidenced from locked mobile devices.
You can check out the test version, available on the Elcomsoft website
Stroz Friedberg Promotes Seth Berman and Erin Nealy Cox To Executive Management
Stroz Friedberg, a world leader in digital forensics, electronic discovery, cyber-crime response, and investigations, is proud to announce the promotions of Seth P. Berman and Erin Nealy Cox to the position of Executive Managing Director and their appointment to the firm’s Executive Management Group, which sets strategy and policy for the firm.
“Our Executive Management Group is truly enhanced with the addition of these two dynamic industry leaders,” says Stroz Friedberg Co-President Eric Friedberg. “As our clients continue to turn to us with larger, more complex, and more global problems, we know that Seth and Erin will valuably assist us in scaling our infrastructure, solutions, and talent to meet our clients’ challenges.”
Mr. Berman and Ms. Nealy Cox have proven their ability to add value in this fashion. After the firm acquired London based Data Genetics International (“DGI”), the UK’s largest digital forensics firm, Mr. Berman oversaw the corporate integration process and now – with Julian Parker, the former CEO of DGI – leads Stroz Friedberg’s tremendous growth in the UK and on the European Continent. Although based in London, Mr. Berman also continues to provide stewardship to our Boston office, which he established in 2007. Mr. Berman is an expert in cybercrime investigations, data breach response, and cross-border data privacy. He lectures and publishes regularly in these areas. Prior to joining Stroz Friedberg, Mr. Berman served as a lead prosecutor in the U.S. Attorney’s Computer Crimes Unit for the District of Massachusetts.
Ms. Nealy Cox established the firm’s Dallas office in 2008 after leaving the Dallas U.S Attorney’s Office, where she had coordinated and prosecuted complex cybercrime cases as the Office’s Computer Hacking and Intellectual Property Coordinator. Since then, she has quickly risen to be recognized as a prominent Dallas business woman, as most recently recognized by the Dallas Business Journal which identified her among the 2010 Women in Business. Ms. Nealy Cox has helped major corporate clients in Texas and beyond solve their most serious data breach, computer security, P.C.I., and electronic discovery problems. Her firm-wide contributions have included overseeing all of Stroz Friedberg’s marketing and public relations functions.
New Role for Digital Forensic Experts
By Suman Beros
The authors of "Mediated Investigative E-Discovery," an article published by the Federal Courts Law Review (April, 2010) (available at www.fclr.org), propose an innovative approach to e-discovery that would create a new role for digital forensics experts. The approach rests on the premise that e-discovery can be more efficient and effective when it is assisted by a neutral party trained and skilled both as a digital investigator and a mediator. In their new role as mediator-investigator, digital forensic experts search and retrieve relevant information from both parties’ custodians, facilitating production in response to discovery requests. When a dispute arises, the mediator-investigator is armed to assist in negotiating a solution because of her understanding of the strengths and weaknesses of both parties’ position acquired by direct involvement in the search for responsive information.
Mediated investigative e-discovery includes three necessary components:
(1) protecting and preserving the data;
(2) conducting the investigation; and
(3) mediating any disputes about production of the retrieved information.
In a typical case, the mediator-investigator obtains ESI from the custodians on which the parties have agreed during the meet and confer, establishes the chain of custody, forensically copies the ESI and places it in escrow. After consulting with the plaintiff to understand the substantive issues and the plaintiff’s theories of the case, the mediator-investigator performs an investigation of the defendant’s ESI based on the plaintiff’s claims and hypotheses. The mediator-investigator inspects the ESI and tests the discovery hypotheses using any and all appropriate methodologies and techniques.
The mediator-investigator then provides the retrieved information to the defendant’s counsel, who can agree to produce or withhold it based on the standard objections, including relevance, privilege, and attorney work-product. The investigative process is replicated on the plaintiff’s ESI on behalf of the defendant.
Once information is retrieved, negotiations between the parties, with the mediator-investigator operating in the more traditional role of mediator, may occur. The potential benefits – minimizing preservation issues, improving the effectiveness of discovery and reducing costs – are compelling reasons for litigants and their counsel to consider mediated investigative e-discovery.
Suman Beros is a Digital Forensics Instructor at CACI International, Inc.
suman.beros@comcast.net
Join in on LinkedIn
Digital Forensics Magazine, the leading resource for the IT Security practitioner and students, has established a LinkedIn group to help keep members of the digital forensics and security community involved and up-to-date with all forensics matters. We hope to establish a good network where we can encourage debate and keep members of the group informed of what's going on in the digital forensics arena. Join the DFM LinkedIn Group
By Christa M. Miller
For the May 2010 of Digital Forensics magazine's newsletter, I posted a short article about content marketing, the best way to share your expertise with clients and prospects alike. Here, I want to go into more detail about each of the five points I raised.
1) The people you serve come to trust you. Content shows the thinking that drives the service, the combination of knowledge and personality that sets you apart from competitors. These days, it's not just the product that's valuable enough anymore. Customers are cynical about being “sold to,” and in the event that your product doesn't quite meet expectations, it's important to provide value in different ways so that your customers will keep the faith that the next time around, you'll improve.
Of course, this begs the point that you know in advance what content your customers (and prospects) need. This kind of market research can come down to Internet polls, informal surveys or interviews, social media monitoring, and other means of information gathering. It can come from your most loyal customers – who are usually more familiar than anyone else with how your product or service solves their problems – and from your most coveted prospects, which may appreciate challenging you to help them. The best content is tailored to each group's specific needs.
2) Social media make it easy to share. Whether a slide or video presentation on SlideShare or Prezi, a white paper on Scribd or DocStoc, or customer success stories on YouTube or your blog, your content is now available to a wider community.
This can be very important when you're targeting different market segments. One of the most popular social sites for digital forensics examiners is Twitter, and to be part of this community is a good idea. But what if you're not selling directly to examiners? What if, instead, you're selling to law firms or banks or small businesses? You'd want to find the social sites they're on, become part of their communities too, rather than expect them to come to yours.
Content variety is also important from the standpoint of search engine optimization. YouTube is a particularly powerful SEO, so video content tagged with those all-important keywords, embedded on your website, can potentially accomplish two things: 1) drive traffic back to your site and 2) raise your site's search rankings.
Just make sure the keywords you choose are the ones your customers are actually using, or are likely to use. (Hint: if you're using Google Analytics to track site performance, take a look at the searched-on keywords that brought people there.)
3) You can highlight new or underrated aspects of what you are doing. This is the “marketing” side of content marketing – what services help your market, and why?
This goes hand in hand with #2 above, but also with #1, as it helps both existing clients and prospects get to know you better. However, be careful not to “sell,” but rather to educate, to show people how the products or services solve their problems both large and small. A case study about how data recovery helped a small business recover from a breach, or about how a customer got creative and figured out how to use your software in ways you never anticipated, does the “heavy lifting” in terms of showing – not just telling – about the relevance you have to the market.
4) You can highlight problems your community or target market is facing. What do you get the most calls about? What kinds of cases do you most frequently work on, involving what types of technology?
As with #3, here it's important to educate. Without giving up clients' or citizens' identities, you can talk in general terms about an interesting question involving employees' personal digital devices in the workplace, or trends you see among victims of a certain type of crime (for example, identity theft), or even little known, but important facts about investigations, security, and so forth.
5) An ounce of prevention... show people how to protect themselves, and they'll call you just when they really need you. That saves time and money, along with your staff's brainpower, for true challenges!
Back to #1 and trust building. It's easy to get frustrated with victims. “Don't they know better?” you might complain after your password-integrity training falls on deaf ears, or the media has been covering identity theft extensively, yet you still get calls from people with drained bank accounts or maxed-out credit cards.
People hear and process information differently, so use your cases (where feasible) to improve your training. Use a series of short blogs or video entries to focus in on specific aspects of password integrity, or target identity theft education to small groups in your community – teenagers, seniors, parents, and business owners.
Talk to them using language and concepts they understand, and they'll not only remember the information, but you'll be the one they call when their best efforts fail.
Content marketing is well worth the time and effort put into it. If you know your subject and can present it for average people to understand, you'll build loyalty for the long term. Do create a schedule for regular content production, do know who in your organization is most capable of producing the highest quality content, and do integrate the content into your other marketing efforts.
By Andrew Hoog
While virtualization is a key technology in the infrastructure of many enterprises, it is essential in the operation of a digital forensic organization. Virtualization can be used in number ways, include:
- Return analyst workstation to validated state for each investigation
- Data recovery by attaching dd image of a drive as a secondary drive on a VM and running recovery software
- Booting a dd image (similar to liveview)
- Application and system profiling/footprinting essentially to the scientific method
- Develop virtual appliances for specific functions (i.e. Android forensics appliance)
And these are just a few examples. I’m sure many of you have additional uses you can share.
Follow this link to read the rest of this article at http://digitalforensicsmagazine.com/blogs/?p=63
Save 15% on the price of annual subscriptions to Digital Forensics Magazine when you take a group subscription deal. Perfect for large teams spread around the country or world. Email us at enquiries@digitalforensicsmagazine.com for more details, or visit the site.
This page has raised a few eyebrows in it's time because it details products that could thwart a forensic investigation. The information isn't provided to assist anyone in avoiding prosecution, but to help forensic tool developers build better products and to assist forensic investigators in understanding what they may be up against. Before publishing this page advice was sought from the UK National High Tech Crime Unit (NHTCU), They felt that many of the rogues who may benefit from the products on this page were already aware of them.
http://www.networkintrusion.co.uk/index.php/products/Forensic-Solutions/Anti-Forensic-Tools.html
Calling Out Around the World
We're looking for people who are willing to be advocates of Digital Forensics Magazine in different countries all around the world. We know that Digital Forensics is a global concern, and one of the fastest growing, so we're looking for 'Ambassadors' to help us spread the word of DFM. We can set up a number of deals, advertising opportunities and subscription discounts to offer your colleagues, peers and students. If you're interested in taking part and helping us to spread the word, please register your interest via email at marketing@digitalforensicsmagazine.com
The Digital Forensics Magazine is now part of the (ISC)2 CPE attribution programme for CISSP members. This allows us to grantnew, valid, subscribers 5 CPE points towards their annual CISSP accreditation. This is a great way of earning additional CPE points and gain an extremely valuable tool for learning about digital forensics and keeping bang up-to-date with DF developments, news, product reviews and events. Subscribe today and enter your (ISC)2 membership number and we'll take care of the rest. Check out the recent newsletter that (ISC)2 sent out to their members for details on a subscription discount!
In Issue 3, out now, get the chance to win three brand new Digital Forensics Books from Syngress. Titles include Virtulization and Forensics, Digital Triage Forensics, Digital Forensics for Network, Internet and Cloud Computing. Details on p36 of Issue 3, out now.
We'd love to hear back from our readers about any matters related to digital forensics (or anything else if you are so inclined). Feel free to drop us a line at 360@digitalforensicsmagazine.com about topics you would like to see us explore within Digital Forensics Magazine...and stay tuned for our first Digital Forensics Magazine survey, where we'll be uncovering the issues facing the industry today and in the future.
Coming up in next month's newsletter...more great offers for DFM readers, feedback from the events and lots more.
Don't forget to read about all the latest happenings at "DFM Towers" on our blog.
Ciao for now!
C'mon England!