SANS Digital Forensics and Incident Response Blog: Author - Ira Victor

Digital Forensics Case Leads: SMS botnet has ripples into mobile forensics; New iOS forensic tool; New USB encryption tool; Record a cop, go to jail? Free RSA Expo Pass and Free Beer!

This week's case leads features a new SMS botnet attack that has ripples into mobile forensics; Guidance Software releases an iOS forensics tool; an in-depth legal analysis of a recent ruling that could encourage lawyers to sue businesses due to downstream liability, and these lawsuits could involve considerable e-discovery; SIFT wins forensic award; PLUS get … Continue reading Digital Forensics Case Leads: SMS botnet has ripples into mobile forensics; New iOS forensic tool; New USB encryption tool; Record a cop, go to jail? Free RSA Expo Pass and Free Beer!


Digital Forensics Case Leads: Incident Response Hits The Mainstream; Powerful Tech Fighting CP; Acquisition Errors Can Cost Case

Incident Response Lead Story: Why it pays to have incident response in a Wikileaks world. The Wikileaks story is having a ripple effect that shows no sign of abating. As of this writing, according to a spokesperson for PandaSecurity: the following web sites have been attacked in the name of defending the actions of Wikileaks: … Continue reading Digital Forensics Case Leads: Incident Response Hits The Mainstream; Powerful Tech Fighting CP; Acquisition Errors Can Cost Case


Paraben Forensic Conference Report: iPhone Forensics - Tools and Tips From The Trenches

One of the training classes with high attendance at the Paraben Forensic Innovations Conference this week in Park City, Utah, was the Apple iOS Forensics Bootcamp. Apple's iOS is the operating system that powers the Apple iPhone, iPod Touch, the iPad, and the Apple iTV device. With the exploding popularity of these devices (well, except for the iTV), Law Enforcement, corporate investigators, and other forensic professionals are looking to learn more about this platform.

The iOS Forensics Bootcamp was instructed by Ben Lemere of Basis Technologies. Lemere has worked in forensics for The Feds, and the private sector. The focus of the bootcamp was mostly on iPhone forensics, although many of the principals apply to the other devices. Ben uses an excellent tool for conducting iOS forensic analysis, and provided

...


Touch Screen Voting Requires Forensic Foresight

There has been a ground swell of news reports in the past week about possible touch screen voting irregularities. Stories have been coming out of states like Nevada and North Carolina. I was rankled when Nevada election officials proclaimed it "technologically impossible" that voter's electronic ballot was "premarked" for a candidate when a voter inserted her ballot card into a touch screen voting machine. According to the voter, several people she knows experienced the same condition. The voter did not alert election officials, but appears to have alerted the media

Did it happen? I don't know, but I don't want to hear our election officials telling voters or the press that such

...


Digital Forensics Case Leads: Industrial Controls Forensics, Cracking Crackberries, Mobile Forensics

While most technical and non-technical types focus on servers, desktop, and mobile phones/pads when thinking about security and forensics, an area of growing concern is industrial controls security. This was brought to light in the wake of the Stuxnet worm. The accusations continue to fly, via arm-chair forensics. Was it an attack on Iran? Or maybe an attack against India, since it seems Stuxnet may have knocked out a TV Satellite. Security honcho Bruce Schnier says we may never know.

What is certain is a growing concern over industrial controls security. According to a San Francisco Chronicle story that ran on this week: "... Liam O Murchu, a researcher with the computer security firm Symantec, used a

...