This week’s edition of CaseLeads features a teaser from the Backtrack developers, a case study from Verizon which demonstrates the need for regular log review, a report on the impact of the recent DDoS attacks against US banks and an article about challenges in recovering data from hard drives.
If you have an item you’d like to contribute to Digital Forensics Case Leads, please send it to firstname.lastname@example.org.
- Backtrack will be reborn as Kali. The developers of Backtrack are planning to take the distribution to another level but in order to do that, they realized they needed to build something new. The Backtrack website has a teaser video about the project but for now, the developers quiet on the details
- Verizon’s security blog recently featured a case study that outlines why organizations should conduct regular log reviews. Data from Verizon’s annual DBIR suggests that fewer than 10% of security breaches are discovered through log review. The reason so few breaches are found this way is not because the logs lack indications of a breach but because very few organizations actually bother to review their logs. The case study tells the tale of an employee who was too creative in carrying out his job duties.
- During the third quarter of 2012, a number of predominantly US based banks were subjected to a series of Distributed Denial of Service (DDoS) attacks. The Ponemon Institute released a paper sponsored by Corero Network Security that surveyed 351 banks about the DDoS attacks. The survey sought information about the impact of the attacks and the actions taken to detect and prevent the attacks. The report is of interest to those that practice Incident Response because it highlights the challenges and defensive technologies concerning these attacks. Highlights from the survey show that more half of respondents had experienced a DDoS within the the last year and that the primary consequence of the attacks has been a loss of IT productivity.
- Dmitry Postrigan wrote a brief article that highlights the way hard drives were designed to prevent them from returning unreliable data. The article briefly discusses three types of corruption that can hinder data recovery efforts and mentions a couple of options from the ATA/ATAPI standard and SMART extension that could be useful in data recovery efforts. Dmitry also comments on the dangers of certain recovery techniques as they relate to increased media damage and data corruption.
- The White House and US Congress had a brief flirtation with cybersecurity in 2012 and the topic of was raised again during the recent Secretary of State confirmation hearings. While thin on details the nominee’s comments suggest that cybersecurity is being discussed at several levels within the US government and implies that some believe cybersecurity is the greatest threat facing the United States.
- Interesting use of an engineering degree – A graduate student at the University of Florida created a semi-autonomous mode of transportation for his flightless parrot.
- A random fail collection.
- SANS Delhi 2013 – New Delhi, India – Feb 11 – 22, 2013
- SANS Secure Singapore 2013 – Singapore, Singapore – Feb 25 – Mar 2, 2013
- RSA Conference 2013 – San Francisco, CA – Feb 28 – Mar 01, 2013
- The Second International Conference on Cyber Security, Cyber Warfare and Digital Forensic – Kuala Lumpur, Malaysia – Mar 4 – 6, 2013
- SANS 2013 – Orlando, FL – Mar 8 – 15, 2013
- IMF 2013 – 7th International Conference on IT Security Incident Management & IT Forensics – Mar 12 – 14, 2013
- CTIN 2013 Digital Forensics Conference – Seattle, WA – Mar 13 – 15, 2013
- SANS Secure Canberra 2013 – Canberra, Australia – Mar 18 – 23, 2013
- SANS Monterey 2013 – Monterey, CA – Mar 22 – 27, 2013
- SANS Northern Virginia 2013 – Reston, VA – Apr 8 – 13, 2013
- SANS Cyber Guardian 2013 – Baltimore, MD – Apr 15 – 20, 2013
- SANS Secure Europr 2013 – Amsterdam, Netherlands – Apr 15 – 27, 2013
- SANS CDK Seoul 2013 – Seoul, Korea, Republic of – Apr 22 – 27, 2013
- SANS Security West 2013 – San Diego, CA – May 9 – 14, 2013
- SANS Austin 2013 – Austin, TX – May 19 – 24, 2013
- International Workshop on Cyber Crime – San Francisco, CA – May 24, 2013
- Techno Security and Forensics Investigation Conference – Myrtle Beach, SC – Jun 2 – 5, 2013
- Mobile Forensics World – Myrtle Beach, SC – Jun 2 – 5, 2013
- SANS Malaysia @ MCMC 2013 – Jun 3 – 8, 2013
- ADFSL 2013 Conference on Digital Forensics, Security and Law – Richmond, VA – Jun 10 – 12, 2013
- FIRST Conference – Bangkok, Thailand – Jun 16 – 21, 2013
- The 1st ACM Workshop on Information Hiding and Multimedia Security – Jun 17 – 19, 2013
- Shakacon V – Honolulu, Hawaii – Jun 25 – 28, 2013
- SANS Digital Forensics and Incident Response Summit 2013 – Austin, TX – Jul 9 – 10, 2013
- 28th IFIP TC-11 SEC 2013 International Information Security and Privacy Conference Auckland, New Zealand – Jul 8 – 10, 2013
- Symposium On Usable Privacy and Security Newcastle, United Kingdom – Jul 24 – 26, 2013
Call For Papers:
- Regional Computer Forensics Group – Due Jan 31, 2013
- Shakacon V – Due Feb 1, 2013
- International Workshop on Cyber Crime – Due Feb 15, 2013
- ADFSL 2013 Conference on Digital Forensics, Security and Law – Due Feb 19, 2013
Digital Forensics Case Leads is a (mostly) weekly publication of the week’s news and events relating to digital forensics. If you have an item you’d like to share, please send it to email@example.com. This weeks’s Digital Forensics Case Leads was compiled by Ray Strubinger. Ray regularly leads digital forensics and incident response efforts and when the incidents permit, he is involved in aspects of information security ranging from Threat Intel to Risk Analysis.