To All,
The FBI has just posted a truly unique employment opportunity, applications for which must be received on-line no later than May 25, 2009.
The position is that of a Senior Level Technical Forensic Advisor whose primary duty it is to advise and assist FBI executives on all issues affecting the acquisition, preservation, examination, processing, presentation and storage of digital evidence in support of both the FBI’s criminal and national security investigations.
The individual filling this position serve as a key architect responsible for mapping the future course of the exploding field of digital evidence forensics, including traditional computer hard drive forensics, network forensics, remote forensics, mobile forensics (e.g., cellular telephones), device forensics (e.g. GPS devices) and more.
The selected candidate would report directly only to Senior Executives of the FBI. The salary range for the position is $117.787 to $162,900 per year.
The FBI currently manages a network of over 400 certified digital evidence forensic examiners located across the country in FBI Field Offices, Laboratories and at FBI Headquarters in the Metro-Washington, DC area.
The FBI also operates and administers the FBI Digital Evidence Laboratory in Quantico, VA and Linthicum, MD as well as 14 existing Regional Computer Forensic Laboratories (RCFLs) across the country in collaboration with other Federal, State and local law enforcement agencies, all of which have either been accredited by the American Society of Criminal Laboratory Directors – Laboratory Accreditation Board (ASCLD-LAB) or are in the process of applying for the same.
Combined, these elements represent the world’s largest contingent of digital evidence forensic examiners operating under one central, validated, quality assurance system.
Details on the vacancy can be found at www.usajobs.gov as Job Announcement Number 18-2009-006, under the category “Senior Executive.”
Showing posts with label Computer Forensic. Show all posts
Showing posts with label Computer Forensic. Show all posts
Tuesday, May 19, 2009
Wednesday, April 1, 2009
Computer Hack - Google News
| FBI still investigating Cyrus 'hacker' KIMT - Mason City,IA,USA Josh Holly, 19, was named as a prime suspect in the police investigation after detectives raided his Tennessee home in October and seized his computer ... See all stories on this topic | ||
| A Chinese hack-job OneNewsNow - Tupelo,MS,USA The researchers, who initiated the study at the request of Tibetan exiles, say they observed documents being stolen from the Tibetan computer network and ... See all stories on this topic | ||
| April Fools' may be no joke for computer users CNN - USA "If someone says, 'I want to try to hack some system and try millions of combinations of Social Security numbers,' they could purchase this computing power ... See all stories on this topic | ||
| Computer Worm To Attack Millions Of pc's ABC2 News - Baltimore,MD,USA Here's how it works: The worm is created and sent out through the internet landing in servers then searches for computers on the network to hack into. ... See all stories on this topic | ||
| Computer Worm Threat Or Hoax On April 1st KIVI-TV - Boise,ID,USA ... which is a complex computer program is created and sent out through the internet landing in servers searching in computers on the network to hack in to. ... See all stories on this topic | ||
| Computer Virus May Strike April 1st WCTV - Tallahassee,FL,USA Microsoft is warning computer owners that a virus could possibly hack into your private information on Wednesday. Officials say the Conficker cun-fick-er ... See all stories on this topic | ||
| Beijing rejects China spy ring report as `lies' The Associated Press ... attention to computer network security and resolutely opposes and fights any criminal activity harmful to computer networks, such as hacking," Qin said. ... See all stories on this topic | ||
AFP EDF security chiefs Pierre Francois and Pierre Durieux are charged with conspiring to hack into computer systems including at the environmental group, ... See all stories on this topic | ||
| Suspect in Internet sex case appears in court Orlando Sentinel - Orlando,FL,USA Patrick Connolly, 36, a citizen of Northern Ireland, was arrested earlier this month in Atlanta on a federal computer hacking charge. ... See all stories on this topic | ||
| Convicted Trojan author in new hacking charge Register - London,England,UK Van T. Dinh, 25, was charged with two counts of computer hacking last Friday over accusations he hacked into an online currency exchange service before ... See all stories on this topic |
Thursday, December 18, 2008
85% of All Crimes Leave a Digital Fingerprint
It has been stated that 85% of all crime leaves a digital fingerprint in electronic devices. This may occur from an internet intrusion, identity theft and traditional crime like murder. Computer forensics has aided in the investigation of these crimes. Computer Forensics is the use of specialized techniques for recovery, authentication, and analysis of electronic data when a case involves issues relating to reconstruction of computer usage, examination of residual data, authentication of data by technical analysis or explanation of technical features of data and computer usage. Computer forensics requires specialized expertise that goes beyond normal data collection and preservation techniques available to end-users or system support personnel. The challenges facing many computer forensics examiners are an abundant of data that must be analyzed to produce a story or show correlation. Hard space are enormous and continue to grow. Hard disk space is inexpensive thus allow for more. In conjunction, RAID systems also provide additional challenges for the investigator. A simple case on a 200 GB hard drive can take weeks to review alone before any real assessment can occur. Issues such as terrorism and murder cases can prove to be fatal. By including Social network analysis (SNA), the time to locate correlation will be reduced. This will assist the examiner to focus his analysis on key area from the SNA results.
Wednesday, December 3, 2008
Paraben's Device Seizure Field Kit
Paraben is pleased to announce the release of the Device Seizure Field Kit. Rugged, portable, and expandable, this comprehensive handheld forensic field kit allows you to take your lab out into the field to perform complete forensic exams of cell phones, PDAs, GPS devices, and related media (SIM cards, Micro SD Cards, Flash Drives, etc.).
The Device Seizure Field Kit Includes:
* One license of Device Seizure to acquire, analyze, and report on over 1,900 different devices
* All the components of the Device Seizure Toolbox including data cables, power management, a SIM card reader, and more
* A 1.6 GHz Laptop with 1 MB RAM and a 120 GB hard drive used to perform acquisitions and analysis
* One CSI Stick for even more convenient field acquisitions
* One license of Forensic Replicator to acquire data from different media you may encounter in the field
* One license of Case Agent Companion for quick analysis of non-device related data acquired in the field
* One license of P2 eXplorer to mount images as a virtual drive
* Various media card readers
* Rugged carrying case
* One year software and new cable subscriptions
This field kit is expandable, allowing you to add your other forensic tools for any type of digital examination anywhere, anytime. You can learn more about the Device Seizure Field Kit at http://www.paraben-forensics.com/catalog/product_info.php?products_id=501 .
Do you already have Device Seizure and Toolbox? You can buy a conversion kit to upgrade your products to a Device Seizure Field Kit at http://www.paraben-forensics.com/catalog/product_info.php?cPath=25&products_id=500 .
Thank you,
Paraben Corporation
The Device Seizure Field Kit Includes:
* One license of Device Seizure to acquire, analyze, and report on over 1,900 different devices
* All the components of the Device Seizure Toolbox including data cables, power management, a SIM card reader, and more
* A 1.6 GHz Laptop with 1 MB RAM and a 120 GB hard drive used to perform acquisitions and analysis
* One CSI Stick for even more convenient field acquisitions
* One license of Forensic Replicator to acquire data from different media you may encounter in the field
* One license of Case Agent Companion for quick analysis of non-device related data acquired in the field
* One license of P2 eXplorer to mount images as a virtual drive
* Various media card readers
* Rugged carrying case
* One year software and new cable subscriptions
This field kit is expandable, allowing you to add your other forensic tools for any type of digital examination anywhere, anytime. You can learn more about the Device Seizure Field Kit at http://www.paraben-forensics.
Do you already have Device Seizure and Toolbox? You can buy a conversion kit to upgrade your products to a Device Seizure Field Kit at http://www.paraben-forensics.
Thank you,
Paraben Corporation
Tuesday, July 15, 2008
States require a license to conduct data forensics
First off, I would like to apologize to Linda Musthaler and Brian Musthaler as well as IDG for not following the proper Blog etiquette on this posting by copying and pasting a entire article without providing my comments before hand. Linda brought this matter to my attention and I have edited this posting to be in “Blog Compliance”
The reason, I choose and posted this article, about 4 years ago while taking an instructor training course for AccessData in Texas, there was a discussion that Georgia was trying to implement similar requirements to conduct forensic examinations and how more and more states are passing laws that some people interpret as a requirement for Computer Forensic examiners to be licensed Private Investigators.
As more cases are performed and botched by inexperienced examiners, I feel there will be some licensing requirements for computer forensic examiners.
I have enclosed a link to a very interesting article which discusses some current issues on this topic:
Article can be accessed at: http://www.networkworld.com/newsletters/techexec/2008/071408techexec1.html
Entire Article:
Laws in place to protect the chain of custody during any type of forensic investigation
Technology Executive Alert By Linda Musthaler and Brian Musthaler , Network World , 07/14/2008
In 2007, the state of
The basic tenet of the new stipulation in the law is the protection of the chain of custody during any type of forensic investigation. If digital forensic data is to be used for a legal proceeding, it needs to be done by a professional who is trained and licensed in the practice of securing evidence and chain of custody. Traditionally, these people are law enforcement officials, lawyers and paralegals, and licensed private investigators.
An opinion written by the State of Texas Private Security Bureau is that “Computer repair or support services should be aware that if they offer to perform investigative services, such as assisting a customer with solving a computer-related crime, they must be licensed as investigators. The review of computer data for the purpose of investigating potential criminal or civil matters is a regulated activity under Chapter 1702 of the Texas Occupations Code, as is offering to perform such services.”
This law has broad ramifications for many people in IT professions, including hardware and software technicians and auditors. These people routinely analyze log data and other information on computers that may eventually be used in reports that could, someday, be called into question in court.
Related Content
For example, suppose the owner of a small business suspects one of his employees is creating bogus accounts and sending payments to those accounts. The business owner might ask a computer technician to study the computer logs to see what this employee is up to. The technician finds a clear digital trail of misconduct that points to the suspect employee and provides the “evidence” to the businessman in the form of a report. The business owner uses the information to dismiss the employee, who then sues his former employer for wrongful termination.
Unless the computer technician is a licensed PI, none of the information he dug up is admissible in court. Worse, both he and the business owner who used his services face misdemeanor charges for violating the Texas Private Security Act.
Several computer technicians from Houston and Austin have filed a lawsuit against the state, alleging that the law may inadvertently harm their businesses. An attorney handling the lawsuit says the law is so vaguely worded that it could be enforced broadly by the Private Security Board, the
Computer technicians aren’t the only ones concerned about the impact of this law. Auditing firms and law firms may also be ensnared by the law that requires licensing for anyone doing data retrieval and analysis for outside companies. (Companies can use their own employees to conduct internal investigations, but they cannot hire an unlicensed outsider to perform the same work.)
We don’t mean to downplay the importance of in-depth knowledge of the chain of custody of evidence. Of course it is important that evidence be properly collected and preserved if it is intended to be used in civil or criminal matters. But laws like the one in
Related Content
In
With the
To maintain legitimacy and comply with the law, large firms involved in digital forensics (e.g., law, audit, accounting and forensic firms) will hire a licensed PI that (in theory) oversees all of the digital forensic activities, and technically these firms will be following the letter of the law. Small service providers can’t afford to take this route, however, and this is the crux of the
There are no easy answers, and we’ll just have to see how this one plays out. Meanwhile, be aware of the laws that may cover your business so you don’t run afoul of the law.
Article can be accessed at: http://www.networkworld.com/newsletters/techexec/2008/071408techexec1.html
All contents copyright 1995-2008 Network World, Inc. http://www.networkworld.com/
Thursday, June 5, 2008
WINDOWS REGISTRY FORENSICS GUIDE: INVESTIGATING HACKER ACTIVITIES
WINDOWS REGISTRY FORENSICS GUIDE: INVESTIGATING HACKER ACTIVITIES
Ed Skoudis, Contributor
When analyzing a compromised Windows system, investigators and system
administrators can glean enormously useful information about
attackers' actions by looking through the Windows registry, a
hierarchical database storing tens of thousands of settings on a
modern Windows box. Whether an outside attacker compromised the box,
an inside employee engaged in nefarious activities, or malware
inexplicably infected the machine, the Windows registry contains
wonderful gems of information for investigators. In this tip, we'll
look at what information investigators can gather about user activity
via the registry.
Interacting with the registry
While there are several ways for investigators to interact with the
registry, two of the most useful are the built-in regedit GUI-based
tool and the reg command-line tool. Regedit has been included in
Windows for over a decade, while the reg command is only included in
more modern Windows machines, such XP Pro, 2003 Server, Vista and
2008 Server.
Read this tip:
http://go.techtarget.com/r/3788298/5749008
Listen to this tip on your PC or favorite MP3 player:
http://go.techtarget.com/r/3788299/5749008
Subscribe to Threat Monitor and our other security podcasts:
http://feeds.feedburner.com/techtarget/fHup
Ed Skoudis, Contributor
When analyzing a compromised Windows system, investigators and system
administrators can glean enormously useful information about
attackers' actions by looking through the Windows registry, a
hierarchical database storing tens of thousands of settings on a
modern Windows box. Whether an outside attacker compromised the box,
an inside employee engaged in nefarious activities, or malware
inexplicably infected the machine, the Windows registry contains
wonderful gems of information for investigators. In this tip, we'll
look at what information investigators can gather about user activity
via the registry.
Interacting with the registry
While there are several ways for investigators to interact with the
registry, two of the most useful are the built-in regedit GUI-based
tool and the reg command-line tool. Regedit has been included in
Windows for over a decade, while the reg command is only included in
more modern Windows machines, such XP Pro, 2003 Server, Vista and
2008 Server.
Read this tip:
http://go.techtarget.com/r
Listen to this tip on your PC or favorite MP3 player:
http://go.techtarget.com/r
Subscribe to Threat Monitor and our other security podcasts:
http://feeds.feedburner.com
Friday, May 30, 2008
The EnCase Evidence File Components and Function
The EnCase evidence file arrangement has what is described as “bag-and-tag” information which consists of information pertaining to case in the header of the file. In addition to the case information data, the image file also contains data and file integrity. Data and file integrity are very important when it come to ensuring the integrity and the proper authentication of the evidence image for court purposes. Message Digest 5 (MD5) and Cyclical Redundancy Check (CRC) are two functions that are used to provide these mechanisms within the EnCase evidence file.
MD5 is an algorithm that is used to verify data integrity through the creation of a 128-bit message digest from data input that is claimed to be as unique to that specific data as a fingerprint is to the specific individual. The result of the calculation is a 128-bit hexadecimal value which provides a number of possible values consisting of 2 ^128. This means that the odds of two files having the same MD5 value is 1 in 2^128. Because the chances are statically remote, the forensic community has adopted and accepted MD5 sufficient for forensic authentication.
CRC is similar in function and purpose to the MD5. The CRC algorithm results in a 32-bit hexadecimal value.
An EnCase evidence file has tree major components: the header, the data blocks and the file integrity component (CRC and MD5). The header will appear on the front end of the evidence file and the data blocks follow the header.
MD5 is an algorithm that is used to verify data integrity through the creation of a 128-bit message digest from data input that is claimed to be as unique to that specific data as a fingerprint is to the specific individual. The result of the calculation is a 128-bit hexadecimal value which provides a number of possible values consisting of 2 ^128. This means that the odds of two files having the same MD5 value is 1 in 2^128. Because the chances are statically remote, the forensic community has adopted and accepted MD5 sufficient for forensic authentication.
CRC is similar in function and purpose to the MD5. The CRC algorithm results in a 32-bit hexadecimal value.
An EnCase evidence file has tree major components: the header, the data blocks and the file integrity component (CRC and MD5). The header will appear on the front end of the evidence file and the data blocks follow the header.
Any additional contribution towards this topic will help for those attempting to obtain the EnCE.
Wednesday, May 28, 2008
The EnCase Evidence File Format
The EnCase Evidence File FormatThe EnCase evidence file can also be referred to as a forensic image file. The concept of an image file is where the entire drive contents of a target media is copied to a file and checksum values are calculated to verify the integrity (useful in court cases) of the image file (often referred to as a “hash value”). Forensic images are acquired with the use of software tools such as the UNIX “dd’ and FTK Imager as well as hardware were cloning devices such as the Solo Masster and Logicube’s MD5 have added forensic functionality.
One major difference between the above mentioned techniques to acquire image files and the EnCase image files is the “bag-and-tag” concept. The UNIX “dd” and many of the hardware cloning devices only provide the bit-for-bit information during acquisition. EnCase on the other hand provides the bit-for-bit data as well as additional data such as case information; data block integrity and file integrity to name a few. These functions are built into the EnCase imaging process for interoperability and ease of use. If the same function were to be implemented using the UNIX “dd” or the hardware options, this process would require many different tools and multiple steps to obtain the same results.
One major difference between the above mentioned techniques to acquire image files and the EnCase image files is the “bag-and-tag” concept. The UNIX “dd” and many of the hardware cloning devices only provide the bit-for-bit information during acquisition. EnCase on the other hand provides the bit-for-bit data as well as additional data such as case information; data block integrity and file integrity to name a few. These functions are built into the EnCase imaging process for interoperability and ease of use. If the same function were to be implemented using the UNIX “dd” or the hardware options, this process would require many different tools and multiple steps to obtain the same results.
My next posting will be on the "EnCase Evidence File Components and Functions".
Thursday, May 22, 2008
What are the phases of the EnCE® exam?
What are the phases of the EnCE® exam?
The EnCE® exam has two phases:
- Phase I of the EnCE® exam is a computer-based test administered by Prometric. Students must obtain a grade of 80% or higher to pass and proceed to Phase II.
- Phase II is a practical test requiring students to examines computer evidence that is sent to them via CD-Rom. Students must submit their findings report to the certification coordinator within 60 days and receive a grade of 85% of higher to pass. A 30-day extension may be granted in certain circumstances. Candidates successfully passing Phase I and II of the process are awarded the EnCE® designation.
How much does the EnCE® program cost?
The total cost for the EnCE® program is $200.00(USD) in the USA and $225.00(USD) internationally . This fee is paid to Prometric to take the Phase I computer-based test. When you register for Phase I of your EnCE® test with Prometric, you will notice the price is listed from $750.00 to $1000.00 (USD). After you enter in your voucher number provided by the Guidance Software certification coordinator, the test price will change to the discounted price. EnCE® certification is inexpensive compared to other professional and IT certifications. The cost was intentionally kept low, as Guidance Software understands many users, especially in the public sector, will not be reimbursed for the fee.
What materials can I use to study for the EnCE® computer-based test?
Guidance Software offering free EnCase® Certified Examiner Study Guides for the computer-based test administered by Prometric. All EnCE® candidates whose applications are approved by the Certification Coordinator will receive a free EnCE® Study Guide by mail. The study guide covers the four parts of the test administered by Prometric including: Examining Computer Based Evidence With Encase®, Computer Knowledge, Good Forensic Practices, and Legal.
If your application for the EnCE® program has been approved and you have received a Prometric voucher number, but have not received you EnCE® Study Guide, please fill out our online Study Guide Request or contact the Guidance Software Certification Coordinator at (626) 229-9191, ext. 513, or email us at certification@guidancesoftware.com
We recommend candidates familiarize themselves with information contained in the following publications:
- EnCase® Legal Journal by Guidance Software
- EnCase® User's Manual by Guidance Software
The EnCase® Forensic Methodology Training manuals also serve as helpful study material. The EnCase® Legal Journal can be downloaded in Adobe Acrobat Reader from Guidance Software's Web site. The EnCase® User's Manual can also be downloaded from Guidance Software's Web site (EnCase® software user name and password required). Some suggested resources for the Computer Knowledge and Good Forensic Practices sections are:
- How Computers Work by Ron White
- Handbook of Computer Crime by Eoghan Casey
What topic areas does the EnCE® computer-based test cover?
- Examining computer based evidence with EnCase®
- The EnCase® Evidence File
- EnCase® Concepts
- The EnCase® Environment
- Searching
- File Signature and Hash Analysis
- Computer Knowledge
- Understanding Data and Binary
- The BIOS
- Computer Boot Sequence
- File Allocation Table Systems
- Computer Hardware Concepts
- Good Forensic Practices
- First Response
- Acquisition of Digital Evidence
- Operating System Artifacts
- Legal (North American EnCE® candidates only)
How do I renew my EnCE®?
The EnCE® designation is valid for two years from the date it is earned. EnCase® Certified Examiners are required to earn sixty-four (64) credit hours of documented continuing education in Computer Forensics or Incident Response every two years to maintain their certification. The training should either be from Guidance, your agency, or an accredited source. You can earn one credit hour for each classroom hour of training and 1/2 credit hour for each one hour of instruction as a Computer Forensics or Incident Response curriculum instructor. Your expiration date is listed on your wallet card. In order for training to qualify for renewal it needs within the two year time period. (Example: If you were certified on 1/1/2005, only training taken between 1/1/2005 and 1/1/2007 would qualify for renewal credits.)
If you were not given certificates, please put the following information in a letter.
Date of the Class
Number of hours
Name of the class
Who provided the training
Short description of the class
When you are ready to submit your renewal credit, please fill out the EnCE® Renewal Form, attach renewal documentation and either mail, fax, or scan/email to:
Certification Coordinator
Guidance Software, Inc.
215 N. Marengo Ave. 2nd floor
Pasadena, CA 91101
Email: certification@guidancesoftware.com
Fax: (626) 432-9558
What if my voucher expires or did not finish my Phase II test before the due date?
- If the Phase I voucher expires, simply contact the Certification Coordinator to obtain a new voucher.
- If anyone does not turn in the Phase II practical with in the time allotted them, they will be required to wait 2 month from the date that the test would have been due and then start the EnCE® process over starting at Phase I.
What if I fail the test?
- Anyone who does not obtain a grade of 80% to pass the Phase I test will be required to wait 2 months before a new voucher will be issued.
- Anyone who does not obtain a grade of 85% to pass the Phase II Practical will be required to wait 2 months before they will be allowed to retest. Those who fail the Phase II will be required to start over at Phase I .
- A new application will be needed if organization of personal information has changed during the 2-month wait period.
Contact Guidance Software's EnCE® certification coordinator at:
Guidance Software
Certification Coordinator
215 North Marengo Avenue
Second Floor
Pasadena, CA 91101
Tel: (626) 229-9191 x 513
certification@guidancesoftware.com
Monday, May 19, 2008
PTK Beta release is coming on May 30th!
DFLabs team planned a webinar for that date at 5:00 PM italian time(GMT +01:00), during which you will attend a fully functional demo ofthe PTK Beta version.PTK is an alternative advanced interface for the suite TSK (The SleuthKit). PTK was developed from scratch and besides providing thefunctions already present in Autopsy Forensic Browser it implementsnumerous new features essential during forensic activity. PTK is notjust a new graphic and highly professional interface based on Ajaxtechnology but offers a great deal of features like analysis, searchand management of complex cases of digital investigation. The corecomponent of the software is made up of an efficient Indexing Engineperforming different preliminary analysis operations during importingof every evidence. PTK allows the management of different cases anddifferent levels of multi-users. It is possible to allow more than oneinvestigators to work at the same case at the same time. All thereports generated by an investigator are saved in a reserved sectionof the Database. PTK is a Web Based application and builds itsindexing archive inside a Database MySQL, using thus the constructionLAMP(Linux-Apache- MySql-PHP) .
PTK main features:
* Preliminar indexing phase
* Efficient File analysis
* Dynamic Timeline
* File Categorization
* Gallery view
* Indexed keyword search
* Personal bookmark section
* Cases features shared between multiple investigators
* Memory Dump Analysis
Others features:
* Improved Usability, Ajax Based
* Dynamic web application with a centralized database. Now moreinvestigators will be able to be er work on the same case simultaneously.
* Extensible with other tools
* Log of all operations
* Many browser are supported.
* PTK is a forensic analysis interface, it is not strictly devoted toincident response
* Its scope is helping small groups of investigators to reach the goalwith reduced budget
* Can be furtherly enhanced with the concurrent engineering anddevelopment participation
Here are the new features that are included in the Beta release.
***Memory Dump Analysis***T
The first PTK extension includes Volatility 1.1.1, a useful tool foranalyzing dump of RAM memory. It's possible to retrieve these informations:- active connections
- dlls loaded in any process
- open file handles
- kernel loaded modules
- processes
- sockets
- ETHREAD objects
- Virtual Address Descriptors (VAD) of any process
PTK also implements a Live Keyword Search on ram images, based onAscii andUnicode strings.
***Gallery Analysis***
PTK comes with a new tab for gallery analysis: it¹s now possible tosearch for graphic files using an easy tree-view of the evidence disk.
***Graphic Timeline***
A new effective graphic timeline allows to view MAC time trends. Aline chart shows time details and total amounts for Modified, Createdand Accessed files; user can choose among daily, monthly and yearlyview and can also work using zoom and scroll controls.
***File analysis with Ajax pagination** *
The file analysis section is now enhanced: development teamimplemented an Ajax pagination system for file content visualization,so reducing page loading and avoiding system crashes.
The software is totally free. If you want to follow the webinar, jointhe PTK testing program or take part to the PTK development, pleasecontact us at ptk@dflabs.com. You will be able to download the PTKpackage and send feedbacks and suggestions directly to the PTKdevelopers team.
PTK Newsletter
website: http://ptk.dflabs.%20com/
Friday, May 16, 2008
CSI Stick - Get Forensic Data from Cell Phones Anywhere
Paraben is pleased to announce it has shipped initial orders of the CSI Stick. Paraben's CSI Stick is a thumb drive sized cell phone forensic acquisition tool. The data acquired from the CSI Stick can be viewed in Device Seizure or DS Lite. With the CSI Stick, you can get the following data:
* Phonebook
* Call Logs
* Camera Pictures
* Text Messages (SMS)
* Multi-media Messages (MMS)
* and much more...
Version 1.0 of the CSI Stick supports many Motorola and Samsung phones. For more information on model support and product details, visit http://www.csistick.com/details.html.
What you get:
* One CSI Stick Base Unit
* Two Motorola Tips
* One Samsung Tip
* One Remote Charger
* One Female USB Charger Tip * Carrying Case * How to Guide
PRICE: $199.00 U.S.
Paraben will be adding support for new manufacturers with new data tips. Upgrading your CSI Stick is easy. When an upgrade is available, simply purchase the upgrade package and we'll ship you new data tips and instructions on how to update your CSI Stick.
Don't wait to place your order. Call us at 1.801.796.0944 or visit http://www.csistick.com/.
Wednesday, March 26, 2008
Digital Forensic Acquisition
Digital Forensic Acquisition
One of the key aspects of conducting digital forensics pertains with the proper collection and authentication of the evidence. If the evidence is not collected properly, there is a very good chance the results of the examination will be questioned. Following digital forensic best practices, we typically conduct our examination on copies, often referred to as "forensic images" of the original evidence. By doing so, the original data is protected from alteration and can be used to verify authenticity of an analysis.
One of the key aspects of conducting digital forensics pertains with the proper collection and authentication of the evidence. If the evidence is not collected properly, there is a very good chance the results of the examination will be questioned. Following digital forensic best practices, we typically conduct our examination on copies, often referred to as "forensic images" of the original evidence. By doing so, the original data is protected from alteration and can be used to verify authenticity of an analysis.
Some of the popular software that can be used to conduct disk imaging are:
1. AccessData Imager
2. LinEn
3. Knoppix
4. Helix
5. DD
Tuesday, January 22, 2008
Computer Viruses: Malware Analysis
Malware Analysis
Dynamic analysis and static analysis are two approaches to analyzing malware on a comprised system once it has been discovered after a computer related incident. Dynamic analysis consist of examining the inputs and outputs produced by the malware, its interaction on the system as to what files are being read or written to and what effects it is applying to the system . The examiner concern is not with the internals of the malware, but the malware's functionality and behavior. Whereas static analysis being the more difficult of the two analysis approaches consists of extracting and reviewing readable data located in the malware binary and converting machine language to readable source code for analysis. Unlike the dynamic analysis approach which usually requires execution of the malware, the static analysis approach does not making it a safer approach, but much more exhausting process.
Dynamic analysis and static analysis are two approaches to analyzing malware on a comprised system once it has been discovered after a computer related incident. Dynamic analysis consist of examining the inputs and outputs produced by the malware, its interaction on the system as to what files are being read or written to and what effects it is applying to the system . The examiner concern is not with the internals of the malware, but the malware's functionality and behavior. Whereas static analysis being the more difficult of the two analysis approaches consists of extracting and reviewing readable data located in the malware binary and converting machine language to readable source code for analysis. Unlike the dynamic analysis approach which usually requires execution of the malware, the static analysis approach does not making it a safer approach, but much more exhausting process.
Subscribe to:
Posts (Atom)
Posts
