ORACLE FORENSICS: DETECTION OF ATTAKCS THROUGH DEFAULT ACCOUNTS AND PASSWORDS IN ORACLE – EFORENSICS FREE

ISSUES IN MOBILE DEVICE FORENSICS
by Eamon Doherty
This article discusses some of the mobile devices and accessories that one may encounter on a suspect during an investigation. It is important to know about many of the new devices that are wireless and provide storage or those that utilize GPS, mark routes as well as points of interest. This article discusses examples of usage of these mobile devices and accessories and the tools that one can use to examine them. The article also starts off with some certifications that make one more marketable in this emerging field. In this article author discusses using tools such as Access Data’s FTK, Guidance Software’s Encase, and RecoverMyFiles to recover evidence from a digital camera with a FAT file system.

MOBILE PHONE FORENICS: HUGE CHALLENGE OF THE FUTURE
by M-Tahar Kechadi, Lamine Aouad
While the processes and procedures are well established in traditional hard drive based computer forensics, their counterparts for the rapidly emerging mobile ecosystem have proven to be much more challenging. In this article author shares some thoughts about the reasons leading to this, as well as the current state of mobile digital forensics, what is needed, and what to expect in the future.

LIVE CAPTURE PROCEDURES
by Craig S. Wright
As we move to a world of cloud based systems, we are increasingly finding that we are required to capture and analyse data over networks. Once, analysing a disk drive was a source of incident analysis and forensic material. Now we find that we cannot access the disk in an increasingly cloud based and remote world requiring the use of network captures. This is not a problem however. The tools that are freely available in both Windows and Linux offer a means to capture traffic and carve out the evidence we require. In this article author introduces a few tools that, although free, can be used together to create a powerful network forensics and incident response toolkit.

ADVANCED STEGANOGRAPHY: ADD SILENCE TO SOUND
by Praveen Parihar
Steganography is a very comprehensive topic for all techno-geeks because it involves such an interesting and comprehensive analysis to extract the truth, as we have heard this term many times in the context of terrorist activities and their communications. In this article author discusses methods of Steganography.

INVESTIGATING FRAUD IN WINDOWS-BASED DRIVING EXAMINATION THEORY SYSTEMS AND SOFTWARE
by George Chlapoutakis
Fraud can take many forms, can take place practically anywhere, any when and any how. Theoretical driving examinations are now computerized in most parts of the world and the overwhelming majority of such systems tend to have some to no security at all, relying instead on the invigilators of the exam to catch those suspected of fraud. But, what happens when the invigilators fail and you, the digital forensic investigator, is asked to look into the case? Where does one start, where does one go and where does one end up? What do we investigate, how do we go about it and what tools with? In this article author shares his experience from the point of view of the digital forensics investigator from the moment of arrival to the end report submitted to the client.

DRIVE AND PARTITION CARVING PROCEDURES
by Craig S. Wright
This article is the start of a series of papers that will take the reader through the process of carving files from a hard drive. We explore the various partition types and how to determine these (even on formatted disks), learn what the starting sector of each partition is and also work through identifying the length the sector for each partition. In this, we cover the last two bytes of the MBR and why they are important to the forensic analyst. This process is one that will help the budding analyst or tester in gaining an understanding of drive partitions and hence how they can recover and carve these from a damaged or formatted drive. We start by learning about hard disk drive geometry. In this article author takes the reader through the process of carving files from a hard drive.

DETECTION OF ATTACKS THROUGH DEFAUL ACCOUNTS AND PASSWORDS IN ORACLE
by Arup Nanda
An Oracle database comes with many default userids (and, worse, well known default passwords), which ideally shouldn’t have a place in a typical production database but database administrators may have forgotten to remove the accounts or lock them after setting up production environment. This provides for one of the many ways an adversary attacks a database system – by attempting to guess the presence of a default userid and password, either by brute force or by a social engineering techniques. In this article you will learn how to identify such attacks and trace back to the source quickly and effectively. You will also learn how to set up a honey pot to lure such adversaries into attacking so as to disclose their identity. Besides, you will also be able to determine why a legitimate user account gets locked out that needs unlocking or a password reset. In this article author learns how to identify potential attacks by adversaries through default accounts.