Blog

Case Leads is loaded for bear this week, after a week's break. Here is some of what you will find:

* Are you ready for "The New Forensics"? If not, you might be left in the dust at trial. * What if the good guys adopted the organizing techniques of Anonymous? That's the goal behind The CyberMilita. * Forensics goes mainstream: A great essay on how one attacker invaded the lives of young women. * No freakin' way - Bill Gates gets behind open source. * The FBI warns about attacks against US Law firms. * New ways to get cryto keys from Macs and many types of smartphones

If you have an item you'd like to contribute to Digital Forensics CaseLeads, please send it to caseleads@sans.org.

Good Reads/Listens:

• 'A new forensics': adapting to changing digital crimes, a good essay on keeping current. "In the world of proof and evidence, tried-and-tested technologies and procedures are hard-earned and valued. ...[W]e're now seeing the emergence of 'a new forensics': a discipline that's reinventing itself year-by-year, but that remains rooted in stable scientific principles."
• Most people we meet outside of work really don't know what we mean if we say we "work in Digital Forensics." Here is an excellent ABC News story that answer that, and a good reference article to send to anyone that wants to know: Digital Detectives Dig Through Data Deluge
• What if forensicators and cybercrime fighters could use the techniques of Anonymous to fight cyber crime? That's the idea behind the new group, The CyberMilitia.M1ster_E a spokesperson for CyberMilitia was interviewed about this effort on CyberJungleRadio. The interview with M1ster_E begins at about 16min into the program.
• Why malware, keylogging, webcams and young women don't mix: The Hacker (sic) is Watching, from GQ magazine.
• Meet Bill Gates, the Man Who Changed Open Source Software [!?]. Read The Wired Story.

• Anti, Anti Mac Forensics: Forensics firm Passware Kit 11.3 extracts Mac OS X FileVault whole disk encryption keys, keychain passwords, and decrypts hashed passwords with Rainbow Tables. They are also warning Mac users to vulnerabilities of Mac encryption solutions. Read the company release.
• SubRosaSoft.com Inc. announced the availability of a new version of their computer forensic suite, MacForensicsLab 4.0. The company says the new version brings a "streamlined interface" and other improvements to make examinations "quicker and more accurate than ever before." Read more on their dedicated Mac forensics store/site.
• A common computer crimes defense is "a virus did it." Many times, it makes sense to scan images for malware. Here is a helpful guide: How to Scan for Viruses in Windows Using a Linux Live CD/USB
  
• For those using a Linux desktop distro in the field on their work laptop: Barry is an Open Source application that allow one to tether a Blackberry for internet access.

• China-Based Hackers Target Law Firms to Get Secret Deal Data "...the FBI issued a warning to the lawyers: Hackers see attorneys as a back door to the valuable data of their corporate clients."
• Stealing smartphone crypto keys using plain old radio. Read more at ITWorld.
• Judge: Americans can be forced to decrypt their laptops. Read the coverage from Declan McCullagh at cnet.
• Did a California city order staff to commit spoliation?

• An interesting way to have fun with timelines - BBC Worldwide set to launch major new Doctor Who game: The Eternity Clock
  

• SANS Phoenix 2012-Phoenix, Arizona -February 13 - 18, 2012
• HIMSS National Conference Feb 20-24 2012 in Las Vegas. "Shelter from the Coming Malpractice Storm." Co-presented by your humble SANS Blogger, Ira Victor. Will include research done on 100 hospitals, and cover the preemptive use of forensic tools to reduce medical malpractice litigation and settlement costs.
• RSA Conference 2012-San Francisco, CA -February 26 - 27, 2012
• SANS Secure Singapore 2012-Singapore, Singapore -March 05 - 17, 2012
• Mobile Device Security Summit- Nashville, TN -March 12 - 15, 2012
• 12th Annual CanSecWest Conference-Vancouver, British Columbia, Canada - March 9 - 11, 2012
• SANS 2012-Orlando, Florida -March 23 - 30, 2012
• Euro Forensic 2012-Istanbul, Turkey - March 29 - 31, 2012
• SANS Northern Virginia 2012, Reston, VA - April 15 - 20, 2012 -
• 5th USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET '12) - San Jose, CA - April 24th, 2012
• SANS AppSec 2012: Summit & Training-Las Vegas, NV - April 24 - May 2, 2012

• 14th Information Hiding Conference- Due Date - Feb 05, 2012
• 5th USENIX Workshop on Large-Scale Exploits and Emergent Threats(LEET '12)- Due Date - Feb 13, 2012
• ARES Conference- Due Date - Mar 01, 2012
• Symposium On Usable Privacy and Security- Due Date - Mar 09, 2012
• European Symposium on Research in Computer Security (ESORICS) 2012- Due Date - Mar 31, 2012

Digital Forensics Case Leads is a (mostly) weekly publication of the week's news and events relating to digital forensics. If you have an item you'd like to share, please send it to caseleads@sans.org.

by Ira Victor, G2700, GCFA, GPCI, GSEC, ISACA CGEIT CRISC. Ira Victor is a forensic analyst with Data Clone Labs, He is also Co-Host of CyberJungle Radio, the news and talk on security, privacy and the law. Ira is President of Sierra-Nevada InfraGard, and a member of The High Tech Crime Investigator's Association (HTCIA). Follow Ira's security and forensics tweets: @ira_victor.