In this week of Case Leads, Google buys VirusTotal, a new attack vector that counter cold-boot attack on RAMs, new tools that assist in malware detection and analysis, mozillas hidden camera!!! check it out! IPOD timestamps secrets comes to light, a hacker get caught while chatting, oops! The almighty Volatility update to 2.2 RC1 with over 50 new plugins that affects the majority of modules... Continue reading... this week of Case Leads.
If you have an item you'd like to contribute toDigital Forensics Case Leads, please send it to firstname.lastname@example.org.
- OfficeMalScanner, a toolkit that alerts you for potentially infected documents, now updated with an interesting new tool, RTFScan - as the name shows, now scanning RTF file format.
- Santoku Linux is a new linux distro that is specialised at mobile forensics and mobile malware analysis, it is still in the alpha release but it's based on the OWASP MobiSec ubuntu distro, take a look maybe you'll find something new ;)
- FoxTab, the firefox hidden camera! it is an interesting add-on for firefox that shows the user and he is opening and what tabs are being closed, etc... The neat feature in it that interests the forensicators most is the ability to show screenshots of the tabs visited by the user in an animated fashion.
- This release of Volatility has 50+ new plugins, LiME support and a Windows GUI memory!
- These are examples and discussions about the new RTFScan tool mentioned above that was added to the OfficeMalScanner toolkit.
- With the rise of SSD drives a new era of challenges rises as well in the Digital Forensics world... Will Digital Forensics crack SSD's?!
- Few experiments in the IOS world that reveals IPOD Timestamps secrets.
- A nice read in the mobile forensics, specifically Android forensics, showing the process, interesting evidence locations, etc...
- The search engine giant - Google, buys a known security firm that deals with virus scanning engines... That's right it's VirusTotal. You have a clue why?!
- Frozen Cache is a new technic that counter the cold-boot attacks on the full disk encryption. This technic uses the CPU cache instead of RAMs to store keys, etc... a PoC implementation for Linux systems, the demo will further dive into details.
- A Cross site scripting (XSS) vulnerability in WhatsApp website reported. The vulnerability can be used to download malware onto the victim machine
- Anonymous hacker, commentator, journalist and fameball Barrett Brown was arrested in a dramatic takedown last night live and on camera, in the middle of a TinyChat with a dozen others. Barrett Brown was arrested by the FBI last night, his apartment raided while he was in the middle of a live TinyChat session.
- Microsoft fights Chinese Nitol virus found in counterfeit OSs.
- HTCIA International Conference & Training Expo - Hershey, PA - Sep 16 - 19, 2012
- SANS Network Security 2012 - Las Vegas, NV - Sep 16 - 24, 2012
- VirusBulletin 2012 - Dallas, TX - Sep 26 - 28, 2012
- GrrCon - Grand Rapids, MI - Sep 27 - 28, 2012
- 3rd Annual Sleuth Kit and Open Source Digital Forensics Conference - Chantilly, VA - Oct 2 - 3, 2012
- SANS Cybercon 2012 - Online Virtual Conference - Oct 8 - 13, 2012
- International Conference on Security in Computer Networks and Distributed Systems (SNDS'12) - Trivandrum, India - Oct 11 - 12, 2012
- SANS Seattle 2012 - Seattle, WA - Oct 14 - 19, 2012
- 4th International Conference on Digital Forensics & Cyber Crime - West Lafayette, IN - Oct 24 - 28, 2012
- SANS Chicago 2012 - Chicago, IL - Oct 27 - Nov 5, 2012
- Paraben Forensic Innovations Conference - Park City, UT - Nov 3- 7, 2012
- SANS San Diego 2012 - San Diego, CA - Nov 12 - 17, 2012
- SANS San Antonio 2012 - San Antonio, TX - Nov 27 - Dec 2, 2012
- Forensics@NIST 2012 - Rockville, MD - Nov 28 - 30, 2012
- IEEE International Workshop on Information Forensics and Security - Tenerife, Spain - Dec 2 - 5, 2012
- 2012 secau Security Congress - Perth, Western Australia - Dec 3 - 5, 2012
- SANS Cyber Defense Initiative 2012 - Washington, DC - Dec 7 - 16, 2012
- SANS Mobile Device Security Summit - Anaheim, CA - Jan 7 - 14, 2013
- SANS Virtualization & Cloud Computing Summit - Anaheim, CA - Jan 7 - 14, 2013
- 2012 secau Security Congress - Due Sep 30, 2012
- 10th Australian Digital Forensics Conference - Due Sep 30, 2012
About the author:
By Maher Yamout, CCNA, CNDA, ECSA, GCFE. Maher Yamout is an Information Security Officer and Digital Forensic Examiner with the Lebanese Ministry of Finance. He was involved in cyber-security exam item writing with EC-Council and currently with Prometric. Maher is also member of the High Tech Crime InvestigationAssociation (HTCIA) Europe-at-Large chapter.