Mark this date: On March 20th 2013, the non-technical managers may finally start to understand what a digital forensics professional actually does. With the massive cyber attacks on South Korean banks, media outlets, and ISPs, the role of forensicators is put front and center. The attack(s) resulted in widespread ATM outages, online banking and mobile banking offline, and tens of thousands of PCs wiped of all their data. At minimum, non-technical decision makers should finally start to understand that cyber attackers are not targeting "someone else." The attacks in South Korea had an impact on the bottom line of many South Korean firms. Since many of the same strategies for information security and incident response are used by most westernized nations, many experts agree that the attacks in South Korea are a warning sign of what could happen in the United States. We have analytical coverage of the South Korean attacks, with stories and drill downs that go beyond the...
In this issue of Case Leads we go around the globe to cover telematics app development from Ford at CES Las Vegas; to Russia for new tools that allow investigators to access files users try to keep encrypted; an anti-forensic tool that tries to hide details from memory forensic tools; the insider fraud threat; and a number of landmark court rulings in the US that impact digital investigators.
If you have an item you'd like to contribute to Digital Forensics Case Leads, please send it to firstname.lastname@example.org.
- Have an investigation where the target puts a crypto-protected PC in hibernate? Now the team at ElcomSoft has a $300 app can get to the data well And, the
The general public is getting a lesson in incident response with the post Hurricane Sandy storm damage in the Northeastern part of the United States. Your case leads blogger is working on incident responses related to the storm. Many non-technical professionals have had a chance to witness the challenges of DFIR. And some are starting to ask some very intelligent questions: How resistant are IT systems to intentional cyber attacks? Could attackers do more damage than a natural disaster? We have stories this week that try to answer the question this way: Do we need a strategic shift in how we respond to incidents? Listen to the interview with Conrad Constantine on his take regarding a new approach to incident response.
Before all the storm coverage saturated the news, there were a flurry of news stories following Secretary of Defense Leon Panetta's statements on how poorly prepared the nation's critical infrastructure is vulnerable to cyber attacks. And, after Hurricane...
This week's Digital Forensic Case Leads is chock full of forensics nuggets. Links to great forensics tools for encryption detection and memory extraction, plus a how-to for breaking/auditing the OS X Keychain. You will also find an analysis of the Samsung v. Apple patent case from a digital forensics perspective, with IP Attorney Ben Langlotz. And, as our headline promises, news and analysis on the latest alleged attacks by "Anonymous" and their affiliates. Your reporter this week explains how BOTH the Anon group AND the Fed's denials, could both be true.
If you have an item you'd like to contribute to Digital Forensics Case Leads, please send it to caseleads [at symbol here] sans.org.
- AccessData Group just released a new version of their forensics and investigation tool for mobile devices, MPE+. According the AccessData: " In addition to greatly improving mobile device investigations, MPE+ is the first
This week's Digital Forensic Case Leads takes us around the world. From a possible Anonymous waring in Latin America, to the report that the Chinese Government may be building in backdoors to networks across the globe. In the last few weeks there have been many announcements about the use of Near Field Communications (NFC) in the next generation of smartphones and tablets from all the major platform makers. Most of the press has been on digital wallets. But, many believe we will see use of NFC for multi-factor authentication, physical access control, and more. If that happens, look for NFC to be a factor in DFIR. Since NFC an RFID-based technology, be sure to read the paper co-authored by Dr. Hal Berghel on RFID security in this week's Good Reads.
- Registry Decoder 1.3 has been released. Registry Decoder,