SANS Digital Forensics and Incident Response Blog

SANS Digital Forensics and Incident Response Blog

Digital Forensics Case Leads: News from CES Las Vegas Might Open Doors for Automotive Forensics, Landmark Legal Rulings Impact DFIR Investigators, and Tackling Insider Fraud

In this issue of Case Leads we go around the globe to cover telematics app development from Ford at CES Las Vegas; to Russia for new tools that allow investigators to access files users try to keep encrypted; an anti-forensic tool that tries to hide details from memory forensic tools; the insider fraud threat; and a number of landmark court rulings in the US that impact digital investigators.

If you have an item you'd like to contribute to Digital Forensics Case Leads, please send it to caseleads@sans.org.

Tools:

  • Have an investigation where the target puts a crypto-protected PC in hibernate? Now the team at ElcomSoft has a $300 app can get to the data well And, the ElcomSoft blog posting mentioned in the segment.
  • E-Investigations of Texas announces a new computer forensics software tool that can search multiple partitions on multiple hard drives within a single case, export the email containers, and extract individual emails from the containers in a single step. In a statement, the company says that the process allows investigators to provide more accurate results to its clients in less time.
  • Anti-forensics tool:'Dementia' wipes tracks that many Windows forensics memory tools focus on
  • Oxygen Forensic Suite 2013 Roots Android 4.x Smartphones
Good Reading and Listening
  • Our fearless SANS Forensics Leader, Rob Lee ,says its not new types of attacks that concern him for 2013. It's the old ones that continue to impact organizations. How can organizations learn from past incidents and respond in 2013? The bulk of the cases he investigates are external breaches, not insider cases, says Lee. When analyzing the incidents and reporting back to technical teams or executives, he's often faced with the question, "How do we stop this?" Read and listen to Rob Lee in this segment from BankInfoSecurity.com .
  • Marc Weber Tobias, is an attorney and investigator. He appeared on CyberJungle Radio to talk about insider fraud (Disclosure: your Case Leads contributor this week is the host of CyberJungle Radio. Listen to the interview segment here via Flash player, or download the segment here. The interview with Mr. Tobias begins about 15:30 into the program. Mr. Tobias wrote two columns recently on this topic for Forbes.com:

How Do You Spot The Thief Inside Your Company?


A Snitch In Time Can Save Employers a Lot of Money


News:
  • From CES 2013 in Las Vegas: Ford launches app developer program for Sync AppLink at CES. Apps need to be approved by Ford for safety while a user might be driving. Will Ford approve automotive forensic tools that leverage the API for investigative purposes?
  • Landmark court decision on the admissibility of social media communications: A Brooklyn Protester Pleads Guilty After His Twitter Posts Sink His Case.
  • In another landmark decision, a Federal Judge found that the Defendant had a duty to preserve audio recordings of calls that had been destroyed under the company's retention policy once the Defendant found out that the Plaintiff was filing an unemployment claim. Read more at the BowtieLaw Blog.
  • Attention incident responders: A new Java 0-day vulnerability has been discovered, and is already being exploited in the wild. Read more at the TheNextWeb news site.
  • U.S. nuclear lab removes Chinese tech over security fears. Some experts say we should be more fearful of the poor overall security of this equipment, not built-in backdoors.
  • Write Gambling Software, Refuse To Build In Secret Backdoors The Feds Demand Your Install, Go to Prison.
Levity:
Coming Events:Call For Papers:By Ira Victor, G2700, GCFA, GPCI, GSEC, ISACA CGEIT CRISC. Ira Victor is a forensic analyst with Data Clone Labs, He is also Co-Host of CyberJungle Radio, the news and talk on security, privacy and the law. Ira is President of Sierra-Nevada InfraGard, and a member of The High Tech Crime Investigator's Association (HTCIA). Follow Ira's security and forensics tweets: @ira_victor.

2 Comments

Posted January 13, 2013 at 3:18 PM | Permalink | Reply

H. Carvey

Any chance of getting some insight from the experts at SANS as to the value and importance of the links posted? The descriptions help, but I think that there would be great value in sharing the insight that led the experts to pick those links, and what value they saw in sharing them with the community at large. Thanks.

Posted January 13, 2013 at 9:52 PM | Permalink | Reply

Ira Victor

Thanks for reading the blog, H. Carvey and thanks for the feedback. As the contributor that created this week's posting, I will reply to your question as it relates my selections. I only post links to items that I think are important to digital forensics and incident response (DFIR), or those interested in the field. For more analysis on these topics, you may also like <a href="http://www.cyberjungleradio.com" title="CyberJungleRadio">CyberJungle Radio</a>. CyberJungle Radio is more focused on providing commentary and advancing stories on these topics, and I co-host the program.

Post a Comment






Captcha

* Indicates a required field.