Information Security & Occasional Forays Into Adjacent Realms
Thanks to the 0xdade for publishing these outstanding Shmoocon 2020 Convention videos via the 0xdade YouTube channel and the 0xdade Shmoocon 2020 Playlist for everyone to view, learn and, of course, enjoy.
superlative DFIR videos on their SANS DFIR YouTube Channel
...meanwhile, in National Institue of Standards and Technology (NIST) newa, comes a terrific piece on the latest efforts to provide assurance by NIST to the Drone Forensics community, with a compendium of tools and data, not the least of which is a grouping of Computer Forensic Reference Datasets, or CFReDS, of which, encompass digital evidence simulations (all available on a no-fee basis).
'A forensic image is a complete data extraction from a digital device, and NIST maintains a repository of images made from personal computers, mobile phones, tablets, hard drives and other storage media. The images in NIST’s Computer Forensic Reference Datasets, or CFReDS, contain simulated digital evidence and are available to download for free. Recently, NIST opened a new section of CFReDS dedicated to drones, where forensic experts can find images of 14 popular makes and models, a number that is expected to grow to 30 by December 2018.' via the National Institue of Standards and Technology
I am sure you have all read the news of Grayshift's issues battling extortionists and their ilk. I have, however, not seen any significant commentary regarding the data theft this SNAFU could facilitate.
Here's the thought problem (looking for culpability, specifically): A Law Enforcement agency has taken custody (adhering to standards of Generally Accepted Chain of Custody guidelines) of a suspect's iPhone. Unbeknownst to the trusted Sworn Officers and Forensicators (often, one in the same) examining the device, the Grayshift appliance undergoes an unfortunate successful attack - mounted by external miscreant(s) unknown, and succumbs to the exfiltration of all data on the applicance AND the slurped data on the iPhone.
Subsequent forensication by the Sworn Officers or Forensicators (again, often one in the same - at least in smaller agencies) entrusted with reasonable and prudent Chain of Custody of the device under scrutiny, discover that the Grayshift appliance and the suspect's iPhone have both undergone the indignity of significant data leakage. How does the Agency proceed in the effort to lay charges - or not - and protect the Agency, as well?
Oh, and while they are at it, perhaps they could explain why the device is attached to a forward facing TCP/UDP connection to our beloved Interweb?
Google Inc.'s {NasdaqGS: GOOG) GRR Rapid Response, an incident response framework focused on remote live forensics.
News, brought to my attention by Steve Hailey, CEO of the Cybersecurity Institute, is todays MustRead, focusing on Anti-Forensics. Examine, if you will, the affect anti-forensics has on investigatory professionals when performing examinations targeting computational systems. If you read anything today regarding forensics, read Steve's posting on LinkedIn, and the paper published by the three University of Washington researchers responsible for this superlative effort. Namely, Justin Brecese MSIM , Aaron Alva MISM and Casey Rodgers MISM. You may also download the documents from the CyberSecurity Insitute here in a compressed file, or from UW's Capstone Archives.
News, via Pat O'Reilly of the National Institute of Standards and Technology Computer Security Division [NIST CSRC]; in which, the good Mr. O'Reilly notifies us of the release of NIST Special Publication 800-88 Revision 1, Guidelines for Media Sanitization. MYou can also view and download any previous NIST ITL [Security] bulletins, and their associated documentation and special publications at the NIST Computer Security Divisions' Computer Security Resource Center.
Astonished to find this well-written investigative piece by Vince Lattanzio, writing for NBC 10, in Bala Cynwyd, Pennsylvania [covering Philadelphia and the NBC affiliate in the City of Brotherly Love]. In an effort to detail the the Department of Homeland Security's Forensics Investigation Laboratory many of the tricks of the trade - so to speak- are illustrated for all, including an EMF blocker container to examine miscreant-owned mobile devices without the possibility of remote data destruction.