This week’s edition of SANS Case Leads features a shmorgishborg of #DFIR tool updates, good reads, and some follow up information to recent data breaches. Don’t forget to vote for the Forensic4cast awards, voting closes at the end of the day June 17 2012 and winners will be announced at the SANS DFIR summitt June 26, 2012.
If you have an item you’d like to contribute to Digital Forensics Case Leads, please send it to email@example.com.
- New release of log2timeline, version 0.64. Bug fixes, one input module (LS_QuarantineEvents), and the introduction to a unit test suite. See changelog for full details.
- The third beta release of Autopsy (version 3.0.0b3) was released. It has a lot of new features. See the Autopsy 3 page for more details.
- Lightbox Technologies released Lightgrep Search for EnCase 1.0, a Perl-compatible regular expression search engine for forensics that’s several times faster than EnCase’s keyword search.
- Hexacorn Limited released a neat prefetch hash calculator and look up table for Windows.
- KatanaForensics announced on twitter that Lantern works on iOS 6.
- Crypto breaktzhrough shows Flame was designed by world-class scientists. The spy malware achieved an attack unlike any cryptographers have seen before.
- FBI had 2000 cases related to breaches in early 2012; the majority of which no one has heard of Scores of U.S. firms keep quiet about cyber attacks.
- Learn about OS X Folder Layout in Part 1 of a 4 part series on Apple Examiner. If you don’t know already, this is a “go-to” site for anything OS X forensics.
- Daniel Parson posted a good summary of Rob Lee’s time bandits timeline analysis session at the CEIC conference.
- Global Payments says data breach is “contained”. Lucas Zaichkowsky writes on the Mandiant blog about how How Global Payments Succeeded at Identifying their Breach.
- Check out Guidance Software blog for two new article. Mark Morgan discussing “how to use volatility with Encase” and Simon Key discussing “Examining Volume Shadow Copies – The Easy Way!”
- Corey Harrell posted about Computers Don’t Get Sick – They Get Compromised.
- Lance Muller is back and posted some references to Windows 8.
- Harlan Carvery posted some thoughts about timeline analysis.
- Not a read – On June 12, 2012, Ken Johnson presented a SANS webcast on Windows 8 forensics. It should be posted soon to the SANS webcast archives.
- Scores of US Firms Keep Quiet about Cyber Attacks.
- Experts See US Response to Cybercrime as Fragmented.
- NY bill won’t make cyber bullying a crime.
- Apple fails to fend off mobile tracking lawsuit.
- Accused British hacker charged in U.S. over LulzSec attacks.
- ATMs to operate without a card – New technology to enable people to withdraw money from cash machines using their smartphone has been unveiled.
- Two leading computer security firms have linked some of the software code in the powerful Flame virus to the Stuxnet cyber weapon, which was widely believed to have been used by the United States and Israel to attack Iran’s nuclear program.
- Leading cyber experts warned of a shortage of talented computer security experts in the United States, making it difficult to protect corporate and government networks at a time when attacks are on the rise.
- A British judge has ruled that Facebook must help identify multiple people who allegedly created a fake Facebook page and used it to harass a British woman.
- Michael Northcott reports that regulatory bodies that control Internet domain names will roll out hundreds of new endings such as name.sex and name.group.
- Euro fears boost virtual currency Bitcoin
- Oracle employee named in Singapore sex-for-favors case
- Deborah Netburn reports about a new app that can determine if email content is good, bad or neutral. The scientists call it “sentiment analysis” and it is essentially an algorithm designed to determine whether a mobile communication will make you happy — “Hey, we can have dinner tonight!” — or bummed — “I am so angry at you!” — or indifferent — “I need you to pick up the kids at 5.”
- Sans Forensics and Incident Response Summit – Austin, TX – June 20 – 27, 2012
- SANS Canberra 2012 – Canberra, Australia – July 2 – 10, 2012
- SANSFIRE 2012 – Washington, DC – July 6 – 15, 2012
- Symposium On Usable Privacy and Security (SOUPS 2012) – Washington, DC – July 11 – 13, 2012
- BLackhat USA – Las Vegas, NV – July 21 – 26, 2012
- DEF CON 20 – Las Vegas, NV – July 26 – 29, 2012
- Sans San Francisco 2012 – San Francisco, CA – July 30 – Aug 06, 2012
- DFRWS 2012 Conference – Washington, DC – Aug 05 – 08, 2012
- SANS Boston 2012 – Boston, MA – Aug 06 – 11, 2012
- USENIX Security ’12 – Bellevue, WA – Aug 06 – 10, 2012
- 7th USENIX Workshop on Hot Topics in Security (HOTSEC ’12) – Bellevue, WA – Aug 07, 2012
- 2012 Malware Technical Exchange Meeting (Security Clearance Required) – El Segundo, CA – Aug 14 – 16, 2012
- 7th ARES conference (ARES 2012) – Prague, Czech Republic – Aug 20 – 24, 2012
- First International Workshop on Security Ontologies and Taxonomies (SecOnT 2012) – University of Economics, Prague, Czech Republic – Aug 20 – 24, 2012
- SANS Virginia Beach – Virginia Beach, VA – Aug 20 – 31, 2012
- SANS Crystal City – Arlington, VA – Sep 06 – 11, 2012
- European Symposium on Research in Computer Security – Pisa, Italy – Sep 10 – 12, 2012
- 15th International Symposium on Research in Attacks, Intrusions and Defenses – Vrije Universiteit, Amsterdam, The Netherlands – Sep 12 – 14, 2012
- HTCIA International Conference & Training Expo – Hershey, PA – Sep 16 – 19, 2012
- SANS Network Security 2012 – Las Vegas, NV – Sep 16 – 24, 2012
- VirusBulletin 2012 – Dallas, TX – Sep 26 – 28, 2012
- GrrCon – Grand Rapids, MI – Sep 27 – 28, 2012
Call For Papers:
- IEEE International Workshop on Information Security and Forensics – Due Jun 24, 2012
- International Computer Science and Engineering Conference – Due Jun 30, 2012
- DoD Cybercrime Conference 2013 – Due July 6, 2012
- 7th International Conference on Legal, Security and Privacy Issues in IT Law – Due Aug 25 , 2012
- 2012 secau Security Congress – Due Sep 30, 2012
About the authors:
David Nides is a manager in a Big4 Forensic Technology Services practice in Chicago, IL. He currently plays a lead role developing and delivering KPMG’s Incident Response services, consulting clients globally in APT, data breach, and other cyber crime investigations. You can follow David on twitter @davnads or at his forensic blog.
Tony DeSarro is a manager in a Big4 Forensic Technology Services practice in Atlanta, GA, where he specializes in providing services to clients in the areas of computer forensics, electronic discovery, litigation readiness in support of civil litigation, compliance and monitoring, and fraud detection.