Last month has been another fast moving one in the field of digital forensics. We have some top items for this month:

1. Some news items that caught our eye, including a host of upcoming events and seminars including 10% saving for the SANS European Summit in September
2. DFM new contributor, Sean Morrisey writes about the iPhone forensics tool "Lantern"
3. Chista M Miller guides us through "Designing the Fit-for-Purpose Digital Forensics Curriculum"
4. A sneak look into what's coming in Issue 4
5. Competition winner, offers and lots more...

Ok, on with the newsletter...

1. In the news...

Cybercrime: one in 10 computers vulnerable to attack
Britain's Daily Telegraph reported that "Cybercriminals are increasingly focussing on money, a new report suggests, and improved organisation means that "toolkits" have been developed to methodically infect PCs so that illegally obtained information can be bought and sold.

In a survey by security firm AVG, 165 internet domains were found to have attacked 12 million visitors over the course of two months. More than 1.2 million computers were subsequently infected." Read the full article at www.telegraph.co.uk/technology/news/7904216/Cybercrime-one-in-10-computers-vulnerable-to-attack.html

University Offers New Cybersecurity Degrees
Addressing the growing need for hands-on cybersecurity professionals globally, the University of Maryland University College will offer a new online cybersecurity program this fall at both the bachelor's and master's degree levels. Read the full article at www.bankinfosecurity.com/articles.php?art_id=2772

Our friends at Elcomsoft relased a new tool to retrieve a variety of stored Internet and mail passwords this month: Elcomsoft Internet Password Breaker (EINPB).

EINPB supports all versions of Microsoft Outlook, Outlook Express, Windows Mail and Windows Live Mail, and retrieves the original plain-text passwords protecting access to mail accounts, POP3, IMAP, SMTP and NNTP news passwords, Microsoft Passport passwords stored by Windows Live Mail, user identity passwords, and passwords protecting PST files created by Microsoft Outlook up to version 2010. The program can be downloaded at www.elcomsoft.com/download/einpb.zip

SANS 2010 European Digital Forensics and Incident Response Summit is back!
Readers may remeber how the last SANS European Summit was cancelled due to volcanic ash disrupting travel across Equope. Well now it's back and you can join your peers in London September 8 – 9, 2010 for the first SANS European Digital Forensics and Incident Response Summit, and hear forensics experts help you get the most out of your Forensics and Incident Response strategies operations. And because we're helping promote the Summit, we are able to offer you the opportunity to attend the European Digital Summit at a 10% savings.

Full Summit and savings details can be viewed by following this link to the DFM site

Please join us for this innovative meeting on Forensics & Incident Response. There is simply no other place where you can learn - from those who have done it - what works to protect your organization's crown jewels – its data. See full details

Other conferences coming up include the Forensics Readiness Alert. Cases, Tools & Techniques: 2010 Digital Forensics International Conference being run a the AUT University Faculty of Business & Law Building in Auckland, New Zealand on September 6 & 7, 2010. Read more at the DFM site

New DFM recruit Sean Morrisey writes about the iPhone forensics tool Lantern
By Sean Morrisey

Lantern was conceived as an idea that a quality forensic tool could actually function as advertised and not have an expensive price tag. Most cell phone forensic tool developers are forced to mange the support for thousands of phones. This has become a two-part cause and effect. Cause, the forensic community is clamoring for more phones to cover and the effect is that the tool developer's support does not meet expectations. This has become the greatest problem within the space.

As with most other cell phone forensic developers, Law Enforcement and civilian examiners use these tools. The iPhone therefore presents one major challenge. Jailbreaking. Since it's legal for Law Enforcement to conduct examinations using jailbreak methods. It conversely is illegal for civilian examiners. Therefore all the commercial developers gather only logical data. Lantern was developed to legally extract information from the device and report it accurately.

Lantern entered the forensic market in January 2010 with the ability to show all the data from an Apple mobile device in a coherent manner. In areas that dealt with large amounts of textual data, such as SMS and the dynamic text dictionary, keyword searching was implemented. Sorting was also provided in all data panes. For those that wanted manual examination of the data such as third party applications, reconstruction of the file system was completed. As Lantern continued to develop, improvements were added but only if those additions worked. The quality of the tool supplants options. As a mobile forensic practitioner, and feedback from users, it became more important to add exporting to excel. The power of data manipulation in excel can greatly assist in an investigation. It also aids in unified reporting.

Apple recently launched the iPhone 4 and iOS4.Apple made significant changes, from the way data is extracted from the phone, changes to databases, and how other data is store. With these changes, Lantern needed to evolve with the iOS and the new devices. Future generations of Lantern will continue to have intuitive design and portability, which made Lantern popular. Lantern will parse more data so examiners can to delve into and pick apart the artifacts. One of those new options, which will be available, in the very near future is bookmarking. Lantern's method of bookmarking will be intuitive and unique. Katana Forensics will announce soon the release of Lantern 2.0, which will be a major revision of the tool and hopefully surpass expectations.

Sean Morrisey is the Managing Director of Katana Forensics

Join in on LinkedIn

Digital Forensics Magazine, the leading resource for the IT Security practitioner and students, has established a LinkedIn group to help keep members of the digital forensics and security community involved and up-to-date with all forensics matters. We hope to establish a good network where we can encourage debate and keep members of the group informed of what's going on in the digital forensics arena. Join the DFM LinkedIn Group

No one disputes the growing need for digital forensics experts and services. Cybercrimes and digital forensics topics appear daily in mainstream news, each highlighting a trend or single high-profile case in which digital forensics played a prominent role.

However, it is apparent that colleges and universities are focusing on the wrong thing: the popularity of digital forensics, rather than the need for it. This is evident in the way that many of them merely replace or adapt existing computer science courses.

To remain competitive in the long run – to continue to be able to profit from digital forensics curricula – academic institutions must be able to graduate properly educated and trained examiners. To do that, a digital forensics curriculum designer must answer a number of critical questions:

1) What should the degree include? What is the balance between theory and practise?
2) What is the scope?
3) What kinds of facilities and equipment are necessary?
4) Who should teach; should teachers be practitioners?
5) How to ensure graduates have the skills they need at the end of four years?
6) How to ensure consistency across institutions?

In the upcoming issue, academic professionals will be lending their experience to answer these questions..

Read more from Christa on our blog

We're very happy to bring readers the chance to get this new white paper, Cellular phone evidence: Data extraction and documentation by Det. Cindy Murphy. Developing process for the examination of cellular phone evidence.

Recently, digital forensic examiners have seen a remarkable increase in requests to examine data from cellular phones. The examination of cellular phones and the extraction of data from the same present challenges for forensic examiners:

• The numbers of phones examined over time using a variety of tools and techniques may make it difficult for an examiner to recall the examination of a particular cell phone.
• There is an immense variety of cellular phones on the market, encompassing a array of proprietary operating systems and embedded file systems, applications, services, and peripherals.
• Cellular phones are designed to communicate with the phone network and other networks via Bluetooth, infrared and wireless (WiFi) networking. To best preserve the data on the phone it is necessary to isolate the phone from surrounding networks, which may not always be possible.
• Cellular phones employ many internal, removable and online data storage capabilities. In most cases, it is necessary to apply more than one tool in order to extract and document the desired data from the cellular phone and its storage media. In certain cases, the tools used to process cellular phones may report conflicting or erroneous information, thus, it is critical to verify the accuracy of data from cellular phones.
• While the amount of data stored by phones is still small when compared to the storage capacity of computers, the storage capacity of these devices continues to grow.
• The types of data cellular phones contain and the way they are being used are constantly evolving. With the popularity of smart phones, it is no longer sufficient to document only the phonebook, call history, text messages, photos, calendar entries, notes and media storage areas. The data from an ever-growing number of installed applications should be documented as these applications contain a wealth of information such as passwords, GPS locations and browsing history.
• The reasons for the extraction of data from cellular phones may be as varied as the techniques used to process them. Cellular phone data is often desired for intelligence purposes and the ability to process phones in the field is attractive. Sometimes though, only certain data is needed. In other cases full extraction of the embedded file system and the physical memory is necessary for a full forensic examination and potential recovery of deleted data.

Because of the above factors, the development of guidelines and processes for the extraction and documentation of data from cellular phones is extremely important.

Subscribers can login and download Cindy's excellent white paper at the DFM website Downloads section. Cindy Murphy is a Detective with the City of Madison, WI Police Department and has been a Law Enforcement Officer since 1985. She is a certified forensic examiner (EnCE, CCFT-A, DFCP), and has been involved in computer forensics since 1999.

Save 15% on the price of annual subscriptions to Digital Forensics Magazine when you take a group subscription deal. Perfect for large teams spread around the country or world. Email us at enquiries@digitalforensicsmagazine.com for more details, or visit the site.

As part of the Training & Education theme for Issue 5, we're carrying out a global survey that asks digital forensic practitioners around the world to some questions to ascertain the level of qualifications held. 

A summary of the results will be released in forthcoming monthly newsletters, and the main findings will form the basis of an article in the main magazine published in November. (However our newsletter spies will get their hands on the goods before then).

So, if you haven't already, please take the survey right here on Survey Monkey

Coming up in in issue 4...

Coming up in in issue 4, out in August, Dr Barry Hood takes a look at operational forensics, especially in terms of modelling behaviour. We also do regular product reviews and comparisons; in this issue we look at mobile phone analyzer software. We lift the lid on polymorphic spyware with eminent forensic scientist Bill Dean, who analyzes this new breed of spyware and George Bailey examines the challenges and benefits of using netflow data in digital forensic investigations.

Don't miss out, get your subscription at www.digitalforensicsmagazine.com

The Digital Forensics Magazine is now part of the (ISC)² CPE attribution programme for CISSP members. This allows us to grantnew, valid, subscribers 5 CPE points towards their annual CISSP accreditation. This is a great way of earning additional CPE points and gain an extremely valuable tool for learning about digital forensics and keeping bang up-to-date with DF developments, news, product reviews and events. Subscribe today and enter your (ISC)² membership number and we'll take care of the rest. Check out the recent newsletter that (ISC)² sent out to their members for details on a subscription discount!

The editors would like to congratulate Tim Thorne from London who successfully answered the tricky question posed in Issue 3 of DFM. He'll be receiving a copy of each of three brand new Digital Forensics Books from Syngress. Titles include Virtulization and Forensics, Digital Triage Forensics, Digital Forensics for Network, Internet and Cloud Computing."

A delighted Tim, from the Metropolitan Police Service High Tech Crime Unit said, "Very much enjoyed Issue 3 of Digital Forensics Magazine .... some very interesting and relevant items for my work".

We'd love to hear back from our readers about any matters related to digital forensics (or anything else if you are so inclined). Feel free to drop us a line at 360@digitalforensicsmagazine.com about topics you would like to see us explore within Digital Forensics Magazine...and stay tuned for our first Digital Forensics Magazine survey, where we'll be uncovering the issues facing the industry today and in the future.

Coming up in next month's newsletter...what to expect in issue 5, more great offers for DFM readers, feedback from the events and lots more.

Don't forget to read about all the latest happenings at "DFM Towers" on our blog.

Ciao for now!