NETWORK FORENSICS

A Journey into the Mind: How the use of Psychological Analysis Techniques give Computer Forensics Investigators Insight into How Criminals Hide Evidence on Computer and Networks

An Interview with Damon Petraglia

I really enjoyed working with the criminal population. I started to become interested in criminology and the criminal justice field. 9/11 was a turning point for me. When that happened I decided I was going to go back to school because I had some direct involvement in the aftermath of the 9/11 attacks. That’s a pretty life-changing experience

Insider Threats

Damon Petraglia

Insiders have the trust, confidentiality and access to execute attacks. An inside attacker will have a higher probability of success in infiltration or modification of critical information than any other attacker. The insider also represents the greatest challenge to securing sensitive data because they retain a privileged or authorized a level of access and are granted a certain degree of trust.

Evidence Handling for Mobile Devices

Elias Psyllos

Mobile devices are becoming more prevalent as evidence, in cases and investigations, whether it is for corporate or law enforcement. Mobile devices play a huge role in our everyday lives, so, the amount of data that passes through them can be extremely important for a case.

Evidence Handling for Digital Media

Elias Psyllos

When entering a situation that will involve handling of digital media, the first step should be to photograph the location in which the potential evidence is located. Photographs show a 360-degree view of the location, prior to taking any action. This allows the analyst to depict the location as found upon arrival. The second step involved with evidence handling would be to photograph the digital media in question.

 Master boot record malware analysis

Patrick Olsen, BJ Gleason

Master Boot Record (MBR) malware is making a return. Once confined to floppy disks, the technique is now being used to install botnet-based rootkits. In this article, we will show the basics of how MBR malware is deployed, how it installs itself, and how you can start to analyze what it is and what it is doing.

A Short Introduction to Malware Analysis

Jan Gobel

Malware has become an almost tolerated threat of the Internet. Private hosts and enterprise clients get compromised every day and the number of files to analyse is growing constantly. Automated sandbox systems have evolved to counter this threat, but they are not always the solution of all problems. Thus, knowing how to manually investigate a malicious binary and obtain the most important information must not be forgotten.

Computer Forensics in China Final

Erik Laykin

Collecting Electronic Data in China is fraught with risks and challenges. In this article, computer forensics pioneer Erik Laykin shares some of his experiences and observations regarding the hurdles often faced when managing electronic data collections in this dynamic and emerging market.

Computer Forensics in Russia: practical aspects for data collection

Roman Gorban

It is hard to imagine that time will pass and the use of hard copy documents will be perceived as something unusual and archaic. At least this is true for Russia. Even though Russian legislation has made considerable progress in recognising electronic documents, it is rare to find court practice where they have been treated as valid evidence.

Cloud Forensics as a new technology

Shahrzad Zargari, David Benford

Cloud computing is a new buzz promising to provide simplicity and delivering utilities based on virtualization technologies. It provides availability, convenience, elasticity, large storage capacity, scalability, speed, and on-demand network access to a shared pool of configurable computing resources while charging the consumer based on the usage (pay-as-you-go).

How secure is my remote connection

Paul Gafa

Remote Desktop Connection to your Windows machine has been available for quite a long time. Over the years the Remote Desktop Protocol (RDP) has evolved to provide higher security and better performance. Nowadays, due to users’ mobility, access to remote desktops or access from the cloud is very common.

The CCTV File Format Minefield

Mark Sugrue

CCTV footage is a rapidly growing source of evidence for Law enforcement agencies. It has surpassed fingerprints and other common evidence sources. The growth in CCTV as a source of evidence has primarily arisen due to a fundamental shift in technology– the move from Analog to Digital surveillance systems. Whilst the technology shift has provided a rich source of evidence, there are some technical issues which can give Law enforcement agencies a headache.