±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 1 Overall: 32925
New Yesterday: 2 Visitors: 159

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

RSS Feed Widget

±Latest Webinars

Page 285

New versions of TSK and Autopsy now available

Saturday, April 09, 2005 (11:33:18)
New versions of both tools are available. Both have minor bug fixes from the new 2.00 TSK features. There is one bug that impacts split image users, so everyone should upgrade TSK. Autopsy also has a new feature that shows the thumbnail of a picture when it is selected in File Mode (patch by Guy Voncken).

TSK 2.01
MD5: e84ed011e7b999abc08174e239ecb474
http://www.sleuthkit.org/sleuthkit/

Autopsy 2.05
MD5: adfbb31ce665cc8efdbf8711bbd97483
http://www.sleuthkit.org/autopsy/

To catch a (digital) thief?

Friday, April 08, 2005 (13:04:50)
Those investigating crime have long understood the value of evidence. In its most literal sense, evidence is "that which demonstrates that a fact is so". By acquiring evidence we build a picture of what happened, how it came to be and, hopefully, who did it. The digital world is no different to the physical world in that every event leaves a trace. This digital evidence can be gathered and pieced together to help develop our understanding of the what, how and who of an incident. Over time, this process has come to be referred to as Computer Forensics...

More (SC Magazine)

Web Browser Forensics, Part 1

Wednesday, April 06, 2005 (17:12:22)
Electronic evidence has often shaped the outcome of high-profile civil law suits and criminal investigations ranging from theft of intellectual property and insider trading that violates SEC regulations to proving employee misconduct resulting in termination of employment under unfavorable circumstances. Critical electronic evidence is often found in the suspect's web browsing history in the form of received emails, sites visited and attempted Internet searches. This two-part article presents the techniques and tools commonly used by computer forensics experts to uncover such evidence, through a fictitious investigation that closely mimics real-world scenarios...

More (SecurityFocus)

Hi-tech crime costs UK plc £2.4bn

Wednesday, April 06, 2005 (12:14:53)
According to a survey for the National Hi-Tech Crime Unit (NHTCU), almost nine out of 10 firms suffered some kind of IT-based crime last year. A major risk was action taken by disgruntled employees, often working with crooks on the outside. Two-thirds of the firms surveyed said they feared that business would be disrupted, not only by the crime but also by the investigation...

More (BBC)

Step-by-Step Incident Response

Tuesday, April 05, 2005 (16:35:53)
When a critical enterprise server is breached, a well thought-out incident response plan will help you contain damage, speed up service restoration, and collect forensic information. If you have reason to believe that a system has been compromised, either by an Intrusion Detection alert or by suspicious activity, the first thing to do is isolate the system before it can do damage. It is most likely dangerous to log into the system and try to do a normal shutdown—the shutdown procedure could have been booby-trapped to cause the system to self-destruct. Likewise, rebooting the system is risky – again, a booby trap could have been inserted. Even logging into the system is unsafe, as trusted programs could have been replaced with malicious Trojans. In fact, a compromised system is never what it seems—a skilled attacker will hide his malware and create the illusion that all is as it should be, when the reality is that the machine is actually a zombie. A compromised machine cannot be trusted at all...

More (Network Computing)

Another Look at Log Files

Monday, April 04, 2005 (12:04:25)
Marcus Ranum architected the first commercial firewall in 1990. He founded Network Flight Recorder Security, the company responsible for the first network forensics tool. And last summer at the Usenix conference, during a course he was teaching on log file analysis, he said that if nobody is ever going to look at your log files, then you might as well not bother keeping any logs at all...

More (csoonline.com)

RCFL network plans expansion in 2005

Sunday, April 03, 2005 (12:13:47)
WASHINGTON, D.C.- The FBI is poised to expand the country's premier computer forensics laboratory network starting in May, according to Assistant Director Kerry E. Haynes, Operational Technology Division. Additional Regional Computer Forensic Laboratories (RCFLs) are scheduled to open in Portland, Oregon; Salt Lake City, Utah; Buffalo, New York, and; Denver, Colorado by early summer. Two additional RCFLs are preparing to start operations by year's end in the cities of Dayton, Ohio and Philadelphia, Pennsylvania. Currently, seven RCFLs are available to over 1,000 law enforcement agencies across six states. RCFLs assist any law enforcement agency in their region in cases involving digital evidence, including: terrorism; cyber crime; white collar crime; identity theft; and violent crimes...

More (FBI Press Room)

UK centre to tackle net paedophiles planned

Friday, April 01, 2005 (21:10:48)
A unit to protect children in the UK from internet paedophiles is being set up by the Home Office. About 100 staff, including police and child welfare experts will join the Centre for Child Protection on the Internet next April. The centre will take on work being done by the National Crime Squad and will target those who distribute CP images or "groom" children for abuse. It will be open 24 hours a day so people can report suspicious activity. Government funding for the centre's work taken over from the hi-tech crime unit of the NCS will remain the same - about £6m a year. But a Home Office spokesman said industry partners were likely to provide an extra £1m in technological support and seconded workers' salaries...

More (BBC)

Court helps Ryanair trace staff pilots who criticised on-line

Friday, April 01, 2005 (15:55:51)
An Irish judge has awarded Ryanair an injunction to prevent the destruction of web site user data in a court battle over the identities of its pilots who criticised the airline's working practices in an on-line forum for Ryanair pilots, according to The Guardian...

More (Out-Law.com)

Microsoft fighting cybercrime

Friday, April 01, 2005 (12:55:46)
Microsoft is developing analytical tools to help international law enforcement agencies track and fight cybercrime. Microsoft unveiled the tools development program at the kickoff on Wednesday of three days of technical training for Australian law enforcement agencies. The Forensic Computing and Computer Investigations Workshops are designed to help investigators fight crimes such phishing, online child exploitation and money laundering...

More (Computer Crime Research Center)