This week's CaseLeads features several findings from security researchers who have been studying Flame, Stuxnet and numerous state sponsored hackers. A couple of vendors have released new tools or updates to existing tools for those into mobile device forensics and malware analysis.
If you have an item you'd like to contribute to Digital Forensics Case Leads, please send it to firstname.lastname@example.org.
- Santoku for mobile device forensics, malware analysis and application security testing includes tools for development, pen testing, wireless analysis, data carving, metadata analysis and reverse engineering applications.
- Motorola launched an "Unlock My Device" page which could be useful for forensic examiners. The list of supported devices is currently rather limited but Motorola states they will be adding more devices so this site is worth keeping an eye on.
- Flame - the fire may have started back in 2006. Security vendors analyzing aspects of the Flame malware have determined that it may have been one of a four part suite of programs dating back several years. Researchers currently aren't sure what the other programs may be but they seem confident they aren't Stuxnet or Gauss. A similar article, suggests that a fifth Flame-like derivative was in development around the time Flame was discovered but appears to have been abandoned. Like another study mentioned in this week's blog (see the News section), the researchers found indications that the operators of Flame appeared to have compartmentalized roles and may have been part of a larger, possibly government sponsored organization.
- Questions arise on the Stuxnet escape theory - At least one expert is calling into question the current popular story as to how Stuxnet escaped into the wild. In an IEEE Spectrum Techwise Conversations podcast, Professor Larry Constantine calls into question some aspects of journalist David Sanger's account. Other experts with Eset, including David Harley, Eugene Rodionov, Juraj Mallcho and Aleksandr Matrosov published yet another theory on Stuxnet escape that agrees and disagrees with several points made by Constantine.
- There's always a debate about how effectiveness of user awareness training. A city in Taiwan was also having this debate so they decided to try an experiment. Now nearly one in six civil servants will have to sit through a two hour class on internet security after responding to a phishing email sent by the government of New Taipei City.
- Experts claim two groups are responsible for stealing most US business secrets. Many of those in information security have long claimed that China or groups sanctioned by that government have been engaged in various forms of espionage against the United States an other countries. The Chinese groups are known by several names depending on which researcher is studying them but the two most popular according to a recent report are the Elderwood Gang out of Beijing and the Comment Crew of Shanghai. Researchers who have been studying these groups for years have determined that the number of people employed by the groups number in the hundreds if not thousands based on the diverse capabilities the groups have demonstrated. The number of people engaged leads the researchers to believe that only organized crime or a nation state could fund the effort.
- Cinnamon Challenge - If you don't know about the challenge (and even if you do) don't try this at home.
- Boiling an iPhone like an Egg - Now you have no reason to wonder...
- VirusBulletin 2012 - Dallas, TX - Sep 26 - 28, 2012
- GrrCon - Grand Rapids, MI - Sep 27 - 28, 2012
- 3rd Annual Sleuth Kit and Open Source Digital Forensics Conference - Chantilly, VA - Oct 2 - 3, 2012
- SANS Cybercon 2012 - Online Virtual Conference - Oct 8 - 13, 2012
- International Conference on Security in Computer Networks and Distributed Systems (SNDS'12) - Trivandrum, India - Oct 11 - 12, 2012
- SANS Seattle 2012 - Seattle, WA - Oct 14 - 19, 2012
- 4th International Conference on Digital Forensics & Cyber Crime - West Lafayette, IN - Oct 24 - 28, 2012
- SANS Chicago 2012 - Chicago, IL - Oct 27 - Nov 5, 2012
- Paraben Forensic Innovations Conference - Park City, UT - Nov 3- 7, 2012
- SANS San Diego 2012 - San Diego, CA - Nov 12 - 17, 2012
- SANS San Antonio 2012 - San Antonio, TX - Nov 27 - Dec 2, 2012
- Forensics@NIST 2012 - Rockville, MD - Nov 28 - 30, 2012
- IEEE International Workshop on Information Forensics and Security - Tenerife, Spain - Dec 2 - 5, 2012
- 2012 secau Security Congress - Perth, Western Australia - Dec 3 - 5, 2012
- SANS Cyber Defense Initiative 2012 - Washington, DC - Dec 7 - 16, 2012
- SANS Mobile Device Security Summit - Anaheim, CA - Jan 7 - 14, 2013
- SANS Virtualization & Cloud Computing Summit - Anaheim, CA - Jan 7 - 14, 2013
Call For Papers:
- 2012 secau Security Congress - Due Sep 30, 2012
- 10th Australian Digital Forensics Conference - Due Sep 30, 2012
Digital Forensics Case Leads is a (mostly) weekly publication of the week's news and events relating to digital forensics. If you have an item you'd like to share, please send it to email@example.com.
Digital Forensics Case Leads for 20120921 was compiled by Ray Strubinger. Ray regularly leads digital forensics and incident response efforts and when the incidents permit, he is involved in aspects of information security ranging from Threat Intel to Risk Analysis.