Blog

This week's Case Leads brought us anoutbreak of a trojan exploiting a Java flawthat has infected hundreds of thousands of Macs,several new tool releases, news (and humor) about forensic awards, and an announcement by Pastebin that they are taking action against people posting sensitive data on their site.

If you have an item you'd like to contribute to Digital Forensics Case Leads, please send it to caseleads@sans.org.

Tools:

• AFFLIB version 3.7 was released, along with a copyright clarification and move to github
• Related to that, Bruce Allen has announced a new release of BEViewer and a new home page.
• Microsoft releases Log Parser Studio. A GUI front-end to the Log Parser tool.
• Version 4.1.1 of Oxygen Forensic Suite has been released with support for new phones and software. Read the summary of the update at Forensic Focus
• There's a new version (2.1) of the network brute force tool Medusa. No new major features but two year's worth of bug fixes
• A new Burp Suite Professional with some Ruby fixes
• Chris Mayhew has released Simple File Parser, a Windows app that parses .lnk and prefetch files.
• Mandiant held a Twitter chat about their triage tool Redline, with some tips about how to use it more effectively.
• Cheeky4n6Monkey posted a script for dealing with missing RegRipper plugins

Good Reads:

• Spook security gadgets
• Duqu factory is still at it.
• Avivah Litan offers some insight into the Global Payments breach.
• Presentation slides from Massimiliano Oldani and Bas Alberts about Practical Android Attacks
• Girl, Unallocated writes about using log2timeline to put USB key artifacts from NTUSER.DAT into context.
• A walkthrough of an impromptu analysis of fake AVfrom Sketchymoose's blog.
• Claus has again done a good job of summarizing recent events as of last weekend on his blog.
• Video walkthrough of Stuxnet executable analysis using Volatility.
• A mere two pages of email can waive privilege.
• Overcoming Potential Legal Challenges to the Authentication of Social Media Evidence

News:

• Microsoft has announced the final tally of twenty entries for the $200,000 Bluehat prize.
• Pastebin is hiring staff to deal with people dropping sensitive data on their site. (But..but...I like my pasteLerts)
• Esingles issued a denial of the claim that they were hacked.
• Anonymous hacks hundreds of Chinese sites.
• Lack of encryption makes it easy to sniff Facebook credentials from iOS and Android.
• Adobe joins the 21st Century with automatic background updates to Flash.

Levity:

• FREE SOFTWARE IS FREE(not really)
• Alternative forensic awards.(Adult language)

Coming Events:

• Twin Cities Information Security Forum 2012, Minneapolis, MN - April 11-12, 2012
• SANS Northern Virginia 2012, Reston, VA - April 15 - 20, 2012 -
• 5th USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET '12) - San Jose, CA - April 24th, 2012
• SANS Cyber Guardian 2012 - Baltimore, MD - April 30 - May 7, 2012
• SANS AppSec 2012: Summit & Training-Las Vegas, NV - April 24 - May 2, 2012
• 7th ACM Symposium on Information, Computer and Communications Security - Seoul, South Korea - May 1 - 3, 2012
• SANS Secure Europe 2012 Amsterdam - Amsterdam, Netherlands - May 5 - 19, 2012
• AccessData User's Conference - Las Vegas, NV - May 08 - 10, 2012
• SANS Security West 2012 - San Diego, CA - May 10 - 18, 2012
• 14th Information Hiding Conference - Berleley, CA - May 15 - 18, 2012
• IEEE Symposium on Security & Privacy - San Francisco, CA - May 20 - 23, 2012
• Computer Enterprise and Investigation Conference - Summerlin, NV - May 21 - 24, 2012
• SANS Brisbane 2012 - Brisbane, Australia - May 21 - 26, 2012
• 2012 ADFSL Conference on Digital Forensics, Security and Law - Richmond, VA - May 30 - 31, 2012
• BSides Pittsburgh, Pittsburgh, PA, June 1, 2012
• Techno Security 2012 Myrtle Beach, SC - June 03 - 06, 2012
• Mobile Forensics Conference - Myrtle Beach, SC - June 03 - 06, 2012
• 27th IFIP International Information Security and Privacy Conference - Heraklion, Crete, Greece - June 04 - 06, 2012
• Audio Engineering Society Audio Forensics - Denver, CO - June 14 - 16, 2012
• 24th Annual FIRST Conference - Malta - June 17 - 22, 2012
• Seats are filling up for the Sans Forensics and Incident Response Summit - Austin, TX - June 20 - 27, 2012
• SANS Canberra 2012 - Canberra, Australia - July 2 - 10, 2012
• SANSFIRE 2012 - Washington, DC - July 6 - 15, 2012
• Symposium On Usable Privacy and Security (SOUPS 2012) - Washington, DC - July 11 - 13, 2012
• 2012 Open Source Digital Forensics Conference, October 2, Chantilly VABrian Carrier has asked for feedback about participation in a hack-a-thon ("a bunch of developers and non-developers get together to build something in a short amount of time") at this event. Email hackathon@osdfcon.org if you are interested or want more information.

Call For Papers:

• 15th Research in Attacks, Intrusions and Defenses - Due April 06, 2012
• 2012 Sleuth Kit and Open Source Digital Forensics Conference- Due Date April 16, 2012
• 7th USENIX Workshop on Hot Topics in Security (HotSec '12) - Due May 07, 2012
• 7th IEEE LCN Workshop on Security In Communication Networks - Due May 12, 2012
• Grrcon - Due June 01, 2012
• Applied Computer Security Applications Conference - Due Jun 01, 2012
• 4th International Conference on Digital Forensics & Cyber Crime - Due Jun 01, 2012
• IEEE International Workshop on Information Security and Forensics - Due Jun 24, 2012
• 2012 secau Security Congress - Due Sep 30, 2012

Digital Forensics Case Leads is a (mostly) weekly publication of the week's news and events relating to digital forensics. If you have an item you'd like to share, please send it to caseleads@sans.org.

Digital Forensics Case Leads for 20120406 was compiled by Rob Dewhirst GCFA, GCIH, CISSP. Rob is a security analyst and CSIRT lead for a Tier I University in the midwest and a private DFIR consultant.