Blog

In this issue of Case Leads with have several mobile device updates along with several other tools, botnets and Androids hit the news and a little levity.

If you have an item you'd like to contribute to Digital Forensics Case Leads, please send it tocaseleads@sans.org.

Tools:

• Oxygen Forensics Suite have released version 5.0. It supports more then 6300 different models and will come with a brand new method for rooting for Android 4.x devices.
• Passware announces the release of version 12.1 which can recover the passwords from MS Office 2013 as well as numerous others. It also offers an instant decryption service for several different passwords.
• Burp Suite released a new version of their toolkit for web application and security testing. New additions in this release include support for Python, a richer API and numerous features dealing with extensions.
• Micro Systemation announces the release of XRY v6.4.1. This release supports 8,108 mobile device profiles along with enhanced support for 110 different smartphone apps over the Android, iOS, BlackBerry and Windows phone platforms
• Mandiant updates both Readline and IOC Editor. Redline v1.7 adds the ability to Timeline and Search. IOC Editor changes include bug fixes and additions to the properties panels, keyboard shutcuts and an Options dialog along with several others.

Good Reading and Listening

• Lance Mueller has a good post over atforensickb.comwhere he talks about trying to find a program that will wipe and verify a drive but also allow him to see what it is doing.
• Harlan Carvey has 2 posts over on his blog Windows Incident Response Blog. The first post deals with using shellbags and their artifacts that are be created. The second post is about who to use for a forensic exam.

News:

• Build your own Botnet for as little as $250. Symantec researchers stumbled upon someone selling a fully setup Zeus botnet for $250.
• New Android botnet discovered across all major networks. The threat, which is known at SpamSoldier, is said to spread through a collection of infected phones that send text messages, which usually advertise free versions of popular paid games.
• 92,000 Missourians affected by data breach. Nationwide Insurance/Allied Insurance's data breach that was back in early october will affectapproximately 1.1 million across the country and 92,000 Missourians according to the Missouri state officials.
• 2013 will be the year of the mobile malware for Android users. According to researchers Android devices infections increased by 41% in the second half of 2012 and will continue to rise.

Coming Events:

• SANS Mobile Device Security Summit- Anaheim, CA - Jan 7 - 14, 2013
• SANS Virtualization & Cloud Computing Summit- Anaheim, CA - Jan 7 - 14, 2013
• SANS Security East 2013- New Orleans, LA - Jan 16 - 23, 2013
• Ninth Annual IFIP WG 11.9 International Conference on Digital Forensics- Orlando, FL - Jan 28 - 30, 2013
• SANS Delhi 2013- New Delhi, India - Feb 11 - 22, 2013
• SANS Secure Singapore 2013- Singapore, Singapore - Feb 25 - Mar 2, 2013
• RSA Conference 2013- San Francisco, CA - Feb 28 - Mar 01, 2013
• The Second International Conference on Cyber Security, Cyber Warfare and Digital Forensic- Kuala Lumpur, Malaysia - Mar 4 - 6, 2013
• SANS 2013- Orlando, FL - Mar 8 - 15, 2013
• IMF 2013 - 7th International Conference on IT Security Incident Management & IT Forensics- Mar 12 - 14, 2013
• CTIN 2013 Digital Forensics Conference- Seattle, WA - Mar 13 - 15, 2013
• SANS Secure Canberra 2013- Canberra, Australia - Mar 18 - 23, 2013
• SANS Monterey 2013- Monterey, CA - Mar 22 - 27, 2013
• SANS Northern Virginia 2013- Reston, VA - Apr 8 - 13, 2013
• SANS Cyber Guardian 2013- Baltimore, MD - Apr 15 - 20, 2013
• SANS Secure Europr 2013- Amsterdam, Netherlands - Apr 15 - 27, 2013
• SANS CDK Seoul 2013- Seoul, Korea, Republic of - Apr 22 - 27, 2013
• SANS Security West 2013- San Diego, CA - May 9 - 14, 2013
• SANS Austin 2013- Austin, TX - May 19 - 24, 2013
• International Workshop on Cyber Crime- San Francisco, CA - May 24, 2013
• Techno Security and Forensics Investigation Conference- Myrtle Beach, SC - Jun 2 - 5, 2013
• Mobile Forensics World- Myrtle Beach, SC - Jun 2 - 5, 2013
• SANS Malaysia @ MCMC 2013- Jun 3 - 8, 2013
• ADFSL 2013 Conference on Digital Forensics, Security and Law- Richmond, VA - Jun 10 - 12, 2013
• FIRST Conference- Bangkok, Thailand - Jun 16 - 21, 2013
• The 1st ACM Workshop on Information Hiding and Multimedia Security- Jun 17 - 19, 2013
• Shakacon V- Honolulu, Hawaii - Jun 25 - 28, 2013
• SANS Digital Forensics and Incident Response Summit 2013- Austin, TX - Jul 9 - 10, 2013
• 28th IFIP TC-11 SEC 2013 International Information Security and Privacy ConferenceAuckland, New Zealand - Jul 8 - 10, 2013
• Symposium On Usable Privacy and SecurityNewcastle, United Kingdom - Jul 24 - 26, 2013

Call For Papers:

• The Second International Conference on Cyber Security, Cyber Warfare and Digital Forensic- Due Jan 3, 2013
• ICDCS Workshop on Network Forensics, Security and Privacy- Due Jan 15, 2013
• The 1st ACM Workshop on Information Hiding and Multimedia Security- Due Jan 25, 2013
• International Workshop on Cyber Crime- Due Feb 15, 2013
• ADFSL 2013 Conference on Digital Forensics, Security and Law- Due Feb 19, 2013

Digital Forensics Case Leads is a (mostly) weekly publication of the week's news and events relating to digital forensics. If you have an item you'd like to share, please send it tocaseleads@sans.org.

Digital Forensics Case Leads for 20121130 was compiled by Mark McKinnon (@markmckinnon) CCE, GCFA. Mark is a Software Developer and Instructor at a University in the Midwest where he also practices digital forensics.