In this issue of Case Leads, Magnet Forensics updates its IEF with new neat features, Analysing PE file with python, retrieving iPhone voicemail with Perl, sleeper APT target diplomats, banking trojans travelling through Skype... Continue reading... this week of Case Leads.
If you have an item you'd like to contribute toDigital Forensics Case Leads, please send it to firstname.lastname@example.org.
- Magnet Forensics (Formerly JAD Software) has unveiled v5.8 of its industry-leading forensic software, INTERNET EVIDENCE FINDER (IEF) — including several exciting forensic firsts!! Like DropBox Decryption, Web Video Recovery, Google Maps Tiles & Geo-Location Visualization, Support for NewsGroup Messages and other new artifacts added.
- BlackLight is a multi-platform forensic analysis tool that allows examiners to quickly and intuitively analyze digital forensic media. BlackLight's core strength is Mac OS X and iOS (iPhone and iPad) data analysis. Latest release (R4.1) is a fine tuning to the major release R4 included Skype analysis, Side-by-side Evidence Analysis, Consolidated Search and File Filter Tool, Virtual Machine Support, Time Machine Support, Secure USB Key Authorization and iOS 6 & Mountain Lion Compatibility.
- Cellular Mapping, a developer of law enforcement forensics tools, announces an update to its cell site analysis software, the Cellular Analysis Mapping Program (CAMP). The latest version of CAMP, includes features to reduce workload, while also offering an affordable and robust solution to analyse and create custom maps of cell phone activity. CAMP provides the ability to process hundreds of cell phone call detail records in seconds!
- Sumuri LLC will be releasing their latest version of Paladin this week, and announcing first thru AppleExaminer. The new version is huge upgrade offering, re-written code and the following notable features: new XFCE environment, live progress log viewer, support for (Ex01, SMART, AFF, VMDK, EXT4 and ExFAT) file format and systems, new image converter, new disk manager, image mounter, and inclusion of many of the popular open-source forensic tools.
- HiddenIllusion published an interesting python-based tool called AnalyzePE. This Tool wraps around various tools and provides some additional checks/information to produce a centralized report of a PE file. It will of course give the md5/sha hashes, do an entropy test and will tell if the file is being packed, or any suspicious behaviour detected and some other nice stuff...
- Retrieving data from an iPhone voicemail database. This is a nice readas it'll show how to write a Perl script to retrieve the contents of an iPhone's voicemail database and then display those contents in a nice HTML table that contains the number calling, date & time, duration, filename and if the voicemail is deleted or not.
- A post on on forensic focus, that go through malware analysis in Windows 8 and test its ability VS malwares and webshells. What makes this post interesting, it starts from the basics to catch the registry keys related and then the infected process.
- The Shylock, Banking Trojan now travelling by Skype The security firm CSIS recently discovered a Shylock module called "msg.gsm" trying to use the VoIP software to infect other computers. If successful, the malware then sets up a typical backdoor. The module tries to send Shylock as a file, bypassing warnings from the Skype software by confirming them itself and cleaning any generated messages from the Skype history.
- Kaspersky has published a malware analysis report on newly discovered malware called "Red October As this is a new APT that targets diplomats in Europe and Asia, it has been in the wild since 2007 as they claim and has infected lot of embassies and diplomatic sites. The report will go through a step-by-step approach for the infection and will discuss few details.
- Critical control systems inside two US power generation facilities were found infected with computer malware, according to the US Industrial Control Systems Cyber Emergency Response Team. The malware was spreading via USB drives, and based on the article, it's not clear if the control system workstations use any form of antivirus protection!?
- Singapore allows pre-crime strikes against online crooks by granting itself powers to take proactive measures against a potential cyber threat before it disrupts critical infrastructure. Failure to comply with the new law could land an individual with a 10-year prison term and $S50,000 (25,400) fine.
- NEW JERSEY Gov. invites vets returning from the Middle East, students and career switchers to compete for cyber residencies at key institutions, by joining a cyber battle this week for a spot at a community college program. The Brookdale Community College CyberCenter, similar to a medical teaching hospital, will assign aspiring network defenders to temporary posts at banks, the FBI and other organizations vital to American life.
- Ninth Annual IFIP WG 11.9 International Conference on Digital Forensics- Orlando, FL - Jan 28 - 30, 2013
- SANS Delhi 2013- New Delhi, India - Feb 11 - 22, 2013
- SANS Secure Singapore 2013- Singapore, Singapore - Feb 25 - Mar 2, 2013
- RSA Conference 2013- San Francisco, CA - Feb 28 - Mar 01, 2013
- The Second International Conference on Cyber Security, Cyber Warfare and Digital Forensic- Kuala Lumpur, Malaysia - Mar 4 - 6, 2013
- SANS 2013- Orlando, FL - Mar 8 - 15, 2013
- IMF 2013 - 7th International Conference on IT Security Incident Management & IT Forensics- Mar 12 - 14, 2013
- CTIN 2013 Digital Forensics Conference- Seattle, WA - Mar 13 - 15, 2013
- SANS Secure Canberra 2013- Canberra, Australia - Mar 18 - 23, 2013
- SANS Monterey 2013- Monterey, CA - Mar 22 - 27, 2013
- SANS Northern Virginia 2013- Reston, VA - Apr 8 - 13, 2013
- SANS Cyber Guardian 2013- Baltimore, MD - Apr 15 - 20, 2013
- SANS Secure Europr 2013- Amsterdam, Netherlands - Apr 15 - 27, 2013
- SANS CDK Seoul 2013- Seoul, Korea, Republic of - Apr 22 - 27, 2013
- SANS Security West 2013- San Diego, CA - May 9 - 14, 2013
- SANS Austin 2013- Austin, TX - May 19 - 24, 2013
- International Workshop on Cyber Crime- San Francisco, CA - May 24, 2013
- Techno Security and Forensics Investigation Conference- Myrtle Beach, SC - Jun 2 - 5, 2013
- Mobile Forensics World- Myrtle Beach, SC - Jun 2 - 5, 2013
- SANS Malaysia @ MCMC 2013- Jun 3 - 8, 2013
- ADFSL 2013 Conference on Digital Forensics, Security and Law- Richmond, VA - Jun 10 - 12, 2013
- FIRST Conference- Bangkok, Thailand - Jun 16 - 21, 2013
- The 1st ACM Workshop on Information Hiding and Multimedia Security- Jun 17 - 19, 2013
- Shakacon V- Honolulu, Hawaii - Jun 25 - 28, 2013
- SANS Digital Forensics and Incident Response Summit 2013- Austin, TX - Jul 9 - 10, 2013
- 28th IFIP TC-11 SEC 2013 International Information Security and Privacy ConferenceAuckland, New Zealand - Jul 8 - 10, 2013
- Symposium On Usable Privacy and SecurityNewcastle, United Kingdom - Jul 24 - 26, 2013
- The 1st ACM Workshop on Information Hiding and Multimedia Security- Due Jan 25, 2013
- Regional Computer Forensics Group- Due Jan 31, 2013
- Shakacon V- Due Feb 1, 2013
- International Workshop on Cyber Crime- Due Feb 15, 2013
- ADFSL 2013 Conference on Digital Forensics, Security and Law- Due Feb 19, 2013
About the author:
By Maher Yamout, CCNA, CNDA, ECSA, GCFE. Maher Yamout is an Information Security Officer and Digital Forensic Examiner with the Lebanese Ministry of Finance.
He was involved in cyber-security exam item writing with EC-Council and Prometric. Maher is also member of the High Tech Crime Investigation
Association (HTCIA) Europe-at-Large chapter.