SANS DFIR, Jason Jordaan's 'Understanding The Forensic Science In Digital Forensics' →

October 06, 2019 by Marc Handelman in SANS, SANS DFIR, Forensication, Forensics, Digital Forensics, Forensics Education, Information Security

Thanks to SANS for publishing the SANS DFIR

superlative DFIR videos on their SANS DFIR YouTube Channel

Drone Forensics, The Path of NIST →

June 08, 2018 by Marc Handelman in Drones, Drone Countermeasures, Drone Forensics, FISSEA, Forensication, Forensics

...meanwhile, in National Institue of Standards and Technology (NIST) newa, comes a terrific piece on the latest efforts to provide assurance by NIST to the Drone Forensics community, with a compendium of tools and data, not the least of which is a grouping of Computer Forensic Reference Datasets, or CFReDS, of which, encompass digital evidence simulations (all available on a no-fee basis).

'A forensic image is a complete data extraction from a digital device, and NIST maintains a repository of images made from personal computers, mobile phones, tablets, hard drives and other storage media. The images in NIST’s Computer Forensic Reference Datasets, or CFReDS, contain simulated digital evidence and are available to download for free. Recently, NIST opened a new section of CFReDS dedicated to drones, where forensic experts can find images of 14 popular makes and models, a number that is expected to grow to 30 by December 2018.' via the National Institue of Standards and Technology

The Grayshift Predicament →

April 27, 2018 by Marc Handelman in Hardware Secrets, Hardware Flaws, Hardware Security, Information Security, Forensication, Forensics, Law Enforcement, Law

I am sure you have all read the news of Grayshift's issues battling extortionists and their ilk. I have, however, not seen any significant commentary regarding the data theft this SNAFU could facilitate.

Here's the thought problem (looking for culpability, specifically): A Law Enforcement agency has taken custody (adhering to standards of Generally Accepted Chain of Custody guidelines) of a suspect's iPhone. Unbeknownst to the trusted Sworn Officers and Forensicators (often, one in the same) examining the device, the Grayshift appliance undergoes an unfortunate successful attack - mounted by external miscreant(s) unknown, and succumbs to the exfiltration of all data on the applicance AND the slurped data on the iPhone.

Subsequent forensication by the Sworn Officers or Forensicators (again, often one in the same - at least in smaller agencies) entrusted with reasonable and prudent Chain of Custody of the device under scrutiny, discover that the Grayshift appliance and the suspect's iPhone have both undergone the indignity of significant data leakage. How does the Agency proceed in the effort to lay charges - or not - and protect the Agency, as well?

Oh, and while they are at it, perhaps they could explain why the device is attached to a forward facing TCP/UDP connection to our beloved Interweb?

SANS DFIR, Ronnie Tokazowski's Reversing Threat Intelligence - Fun with Strings in Malware →

March 15, 2017 by Marc Handelman in All is Information, Conferences, Education, Information Security, Forensics, Forensication

CTI Summit 2017, Cliff Stoll's Keynote Address - (Still) Stalking the Wily Hacker →

March 12, 2017 by Marc Handelman in All is Information, Conferences, DFIR, SANS, Education, Forensics, Forensication

GRR Find All the Badness, Collect All the Things →

May 14, 2015 by Marc Handelman in All is Information, Forensics, Information Security

Google Inc.'s {NasdaqGS: GOOG) GRR Rapid Response, an incident response framework focused on remote live forensics.

Anti-Forensics and Actionable Evidence →

April 15, 2015 by Marc Handelman in All is Information, Education, Forensics, Information Security, Research, Security Education

News, brought to my attention by Steve Hailey, CEO of the Cybersecurity Institute, is todays MustRead, focusing on Anti-Forensics. Examine, if you will, the affect anti-forensics has on investigatory professionals when performing examinations targeting computational systems. If you read anything today regarding forensics, read Steve's posting on LinkedIn, and the paper published by the three University of Washington researchers responsible for this superlative effort. Namely, Justin Brecese MSIM , Aaron Alva MISM and Casey Rodgers MISM. You may also download the documents from the CyberSecurity Insitute here in a compressed file, or from UW's Capstone Archives.

NIST Releases First Revision for Media Sanitization Guidelines

February 06, 2015 by Marc Handelman in All is Information, Data Loss Prevention, Data Security, Hardware Security, Information Security, Forensics

News, via Pat O'Reilly of the National Institute of Standards and Technology Computer Security Division [NIST CSRC]; in which, the good Mr. O'Reilly notifies us of the release of NIST Special Publication 800-88 Revision 1, Guidelines for Media Sanitization. MYou can also view and download any previous NIST ITL [Security] bulletins, and their associated documentation and special publications at the NIST Computer Security Divisions' Computer Security Resource Center.

Inside DHS Security Investigations Forensics Laboratories →

October 15, 2014 by Marc Handelman in All is Information, Cryptography, Data Security, Government, Information Sciences, Information Security, National Security, Physical Security, Forensics

Astonished to find this well-written investigative piece by Vince Lattanzio, writing for NBC 10, in Bala Cynwyd, Pennsylvania [covering Philadelphia and the NBC affiliate in the City of Brotherly Love]. In an effort to detail the the Department of Homeland Security's Forensics Investigation Laboratory many of the tricks of the trade - so to speak- are illustrated for all, including an EMF blocker container to examine miscreant-owned mobile devices without the possibility of remote data destruction.