Information Security & Occasional Forays Into Adjacent Realms
A well-crafted OSINT, 3D Modeling, Geolocation and Forensic Architecture driven analysis of the August 4th, 2020 Explosion at the Port of Beirut, Lebanon. The investigation, and subsequent analysis, film, models and other materials are via Forensic-Architecture and are available on GitHub here. Additionally, examine the organizations' YouTube channel here. h/t
superlative DFIR videos on their SANS DFIR YouTube Channel
Wanna Dance?
via Robert N. Charette, writing at the IEEE's Spectrum Magazine, comes this outstanding piece on flawed forensic software, and the implications thereto. Enjoy!
"An in-depth look by the National Academy of Sciences into the state of forensic science in the United States in 2009 showed [PDF] that many “accepted” forensic techniques, such as “those used to infer the source of tool marks or bite marks have never been exposed to stringent scientific scrutiny.”" - Robert N. Charette, writing at the IEEE's Spectrum Magazine
...meanwhile, in National Institue of Standards and Technology (NIST) newa, comes a terrific piece on the latest efforts to provide assurance by NIST to the Drone Forensics community, with a compendium of tools and data, not the least of which is a grouping of Computer Forensic Reference Datasets, or CFReDS, of which, encompass digital evidence simulations (all available on a no-fee basis).
'A forensic image is a complete data extraction from a digital device, and NIST maintains a repository of images made from personal computers, mobile phones, tablets, hard drives and other storage media. The images in NIST’s Computer Forensic Reference Datasets, or CFReDS, contain simulated digital evidence and are available to download for free. Recently, NIST opened a new section of CFReDS dedicated to drones, where forensic experts can find images of 14 popular makes and models, a number that is expected to grow to 30 by December 2018.' via the National Institue of Standards and Technology
I am sure you have all read the news of Grayshift's issues battling extortionists and their ilk. I have, however, not seen any significant commentary regarding the data theft this SNAFU could facilitate.
Here's the thought problem (looking for culpability, specifically): A Law Enforcement agency has taken custody (adhering to standards of Generally Accepted Chain of Custody guidelines) of a suspect's iPhone. Unbeknownst to the trusted Sworn Officers and Forensicators (often, one in the same) examining the device, the Grayshift appliance undergoes an unfortunate successful attack - mounted by external miscreant(s) unknown, and succumbs to the exfiltration of all data on the applicance AND the slurped data on the iPhone.
Subsequent forensication by the Sworn Officers or Forensicators (again, often one in the same - at least in smaller agencies) entrusted with reasonable and prudent Chain of Custody of the device under scrutiny, discover that the Grayshift appliance and the suspect's iPhone have both undergone the indignity of significant data leakage. How does the Agency proceed in the effort to lay charges - or not - and protect the Agency, as well?
Oh, and while they are at it, perhaps they could explain why the device is attached to a forward facing TCP/UDP connection to our beloved Interweb?
Relatively new fingerprinting techniques were brought to my attention last week (H/T), that (reportedly) focus on the identification of browser users and utilization across multiple application deployments. Enjoy.
Or, how a South African hardware engineer, Francois Rautenbach, rescued NASA flight computers from the vagaries of the scrap heap, and extracted the bits from ancient hardware. Absolument magnifique!