Data
Forensics - The smoking gun may be a click away
The term “data forensics” suggests a high-tech process
reserved only for cases centered around proprietary technology.
However, data speaks volumes and data forensics can really make
it talk. Recent news coverage of the Martha Stewart trial, the resignation
of Connecticut Governor John Rowland, and ongoing investigations
at Enron and WorldCom have demonstrated the importance of data forensics
which is now routinely being used in cases of all types. Whether
it is discrimination, breach of contract, theft of intellectual
property, or sexual harassment, data forensics will likely play
a role. Computer data is now ubiquitous, and data forensics has
quickly become a legal necessity. Click
Here for the Entire Article.
Enterprise
Computer Forensics: A defensive and offensive strategy to fight
computer crime
As days pass and the cyber space grows, so does the number of computer
crimes. The need for enterprise computer forensic capability is
going to become a vital decision for the CEO’s of large or
even medium sized corporations for information security and integrity
over the next couple of years. Now days, most of the companies don’t
have in house computer/digital forensic team to handle a specific
incident or a corporate misconduct, but having digital forensic
capability is very important and forensic auditing is very crucial
even for small to medium sized organizations. Most of the corporations
and organizations are still not aware of the risks and this can
be very harmful in the long run. This paper will particularly focus
on examining different aspects of enterprise computer forensics
with in-house forensics capability. It will also try to clarify
some of the issues that surround enterprise computer forensics.
Click
Here for the Entire Article.
Cyber
Forensics: A Military Operations Perspective
This paper discusses some of the unique military requirements and
challenges in Cyber Forensics. A definition of Cyber Forensics in
a military context is presented. Capabilities needed to perform
cyber forensic analysis in a networked environment are discussed,
along with a list of current shortcomings in providing these capabilities.
A technology needs list is presented. Finally, it will be shown
how these technologies and capabilities are transferable to civilian
law enforcement, critical infrastructure protection, and industry.
Click
Here for the Entire Article.
Are
non technical juries keeping criminals at large?
In England and Wales the only qualifications required of a jury
member to be eligible to appear in a court of law are that they
are registered on the electoral roll, aged between 18 and 70 and
have lived in the UK for at least 5 years. Jurors are not required
to hold any professional qualifications and there are to date no
technical jury qualification guidelines for cases involving complex
computer data. Where does that leave us then, when vital yet highly
complicated technical information needs to be communicated and thoroughly
understood in order to fairly evaluate a case? Let's take a look
at the evidence… Click
Here for the Entire Article.
Digital
forensics of the physical memory
This paper presents methods by which physical memory from a compromised
machine can be analyzed. Through this methods, it is possible to
extract useful information from memory such as: a full content of
files, detailed information about each process and also processes
that were being executed and then were terminated in the past. This
paper aims to explain the concepts of digital investigations of
volatile memory. Techniques covered by this paper will lead you
through the process of analyzing important structures and recovering
contents of files from physical memory.
In addition, a technique, that detects hidden User Mode processes,
will be discussed indepth. This technique leads to detect processes
which can be hidden by using various methods such as: function hooking
or direct kernel object manipulation (DKOM). Basing on methods discussed
in this paper, the proof-of-concept toolkit, called idetect, will
be presented. This toolkit can help an investigator to extract some
information from memory image or from memory object on a live system.
Click
Here for the Entire Article.
Digital
Evidence Collection & Handling
A computer forensic crime scene investigation should begin with
the development of a plan to approach and secure the crime scene,
the capability to document scene activity, and to engage in discovery
and identification of evidence or potential evidence, collect and
retrieve such material, and process or analysis it as evidence of
potential value to a successful prosecution. Computer evidence is
frequently challenged in court. Some judges accept it with little
question because they want to crack down on computer criminals,
and others reject it because they hold to a fairly technophobic
view of the 4th Amendment. There's also some confusion over the
legal classification of computer evidence -- is it documentary evidence
(which would require reams of printout under the best evidence rule)
or is it demonstrative evidence (which would require a true-to-life
sample of the reconstructed evidence)? Then, there's the problem
of establishing the expertise of cyberforensic experts who testify.
The complexity of the criminal law means that the overwhelming majority
of cases do not make it to civil or criminal court, but should.
This lecture deals with translating law into practice, and provides
an academic discussion of the law and evolving best practices in
computer forensics. Click
Here for the Entire Article.
FILExt
- The File Extension Source
Need to find what a file extension is? Use http://filext.com At
the moment, FILExt is only set up to search for programs that use
a particular file extension. You can also search for file extensions
starting with a particular letter. Click
Here for the Entire Article.
National
Institute of Justice Computer Forensic Tool Testing Results
The Computer Forensics Tool Testing (CFTT) project provides a measure
of assurance that the tools used in computer forensics investigations
produce accurate results. The CFTT develops specifications and test
methods for computer forensics tools and then tests tools to those
specifications. The results help toolmakers improve the tools, users
make informed choices about acquiring and using computer forensics
tools, and the legal community and others to understand the tools'
capabilities. This approach for testing computer forensic tools
is based on well recognized methodologies for conformance testing
and quality testing.
Find
test specifications, support software, and test set-up documents
at the NIST CFTT Web Site for:
• Disk Imaging
• Write block (Software)
• Write block (Hardware)
Click
Here for the Entire Article.
|
