Blog

In this version we have several data thefts/breaches, and Google talking about piracy. Several tools have been updated and some good reads along with a little levity and training/conferences as well as call for papers.

If you have an item you'd like to contribute to Digital Forensics Case Leads, please send it to caseleads@sans.org.

Tools:

• Autopsy 3 second beta - is now available. The new major feature is hash database support. There were many other behind the scene changes, including a new database design and other performance improvements. This is still a Windows-only release
• MFT_Cookie_Cutter -a simple application that tries to extract the embedded data held within Google Analytics Cookies. Showing Search terms used as well as dates of and the number of visits. Check out the other tools there as well.
• Harlan Carvey updated his maclookup.pl perl script which can be used for WiFi geolocation.
• ManyWindows Sysinternals tools have been updated check out their site for more details.

Good Reads:

• How to Build inexpensive cloud storage from 67 Terabytes to 135 Terabytes.
• Over at Dark Reading they talk about exchanging cyberattack intelligence
• At the Command Line Kung Fu blog they talk about Brute forcing.

News:

• Computer with information on four million patients stolen in California. The desktop computer that was stolen last month and was not encrypted contained personal information on more then four million patients dating back to 1995. Officials are stating that the data did not include any financial records, social security number or health plan identification numbers.
• Data breach hits Virginia Commonwealth University. Personal and confidential information for more the 176,00 current and former students and employees may have been stolen. The staff first discovered suspicious files on a server on October 24, 2011. After taking the server offline they found that an intruder had access to it for 56 minutes on October 19, 2011.
• Romanian Hacker Arrested for NASA Breach. Romanian police have arrested a 26-year-old hacker accused of infiltrating several NASA servers last year and tampering with data belonging to the U.S. space agency. Robert Butyka, who goes by the online name "Iceman," hacked into multiple NASA servers on Dec. 12, 2010, modified, damaged and restricted access to data. The security breach cost NASA about $500,000 in damages.
• Google argues against U.S. online Piracy bill. A U.S. House of Representatives bill would allow a private party to gostraight to a website's advertising and payment providers and request they sever ties. "A corporation, a copyright 'troll,' or anyone with an axe to grind could send a notice... withoutfirst involving law enforcement or triggering any judicial process," Google policy counsel told a House Judiciary Committee hearing.

Levity:

• Dilbert - Wally talks about goals, trust and invisibility.
• BOFH talks licensing and fishing and versioning.
• The Important Field.

Coming Events:

• SANS San Antonio 2011- San Antonio, TX - November 28th - December 5th, 2011
• SANS London 2011-London, United Kingdom - December 3rd - 12th, 2011
• SANS CDI 2011-Washington, DC - December 9th - 16th, 2011
• SANS Security East 2012-New Orleans, LA - January 17th - 26th, 2011
• Eighth Annual IFIP WG 11.9 International Conference on Digital Forensics-Pretoria, South Africa -January 3rd - 5th. 2012
• DoD Cyber Crime Conference 2012- Atlanta, Ga -January 20th - 27th, 2012
• SANS Monterey 2012-Monterey, California - January 30th - February 4th, 2012
• SANS Phoenix 2012-Phoenix, Arizona -February 13 - 18, 2012
• Healthcare Information and Management Systems Society Annual Conference- Las Vegas, Nevada - Feb. 20-24, 2012 at the Sands Expo Convention Center
• SANS Secure Singapore 2012-Singapore, Singapore -March 05 - 17, 2012
• 12th Annual CanSecWest Conference -Vancouver, British Columbia, Canada - March 9 - 11, 2011
• SANS 2012-Orlando, Florida -March 23 - 30, 2012
• Euro Forensic 2012 -Istanbul, Turkey - March 29 - 31, 2011

Call For Papers:

• 24th Annual FIRST Conference- Due Date - Dec 1st, 2011
• ACM Symposium on Information, Computer and Communications Security(ASIACCS) - Due Date - Dec 08, 2011
• 27th IFIP International Information Security and Privacy Conference - Due Date - Jan 10, 2012
• 2012 Conference on Digital Forensics, Security and Law - Due Date - Jan 31, 2012
• 14th Information Hiding Conference - Due Date - Feb 05, 2012
• 5th USENIX Workshop on Large-Scale Exploits and Emergent Threats(LEET '12) - Due Date - Feb 13, 2012
• ARES Conference - Due Date - Mar 01, 2012
• Symposium On Usable Privacy and Security - Due Date - Mar 09, 2012
• European Symposium on Research in Computer Security (ESORICS) 2012 - Due Date - Mar 31, 2012

Digital Forensics Case Leads is a (mostly) weekly publication of the week's news and events relating to digital forensics. If you have an item you'd like to share, please send it to caseleads@sans.org.

Digital Forensics Case Leads for 20111117 was compiled by Mark McKinnon GCFA, CCE is Principal of RedWolf Computer Forensics where he has written many tools that are used throughout the Computer Forensic Community. You can follow Mark on twitter @markmckinnon.