Digital Forensic Science

[Webinar] EnCase & Python – Extending Your Investigative Capabilities

EnCase & Python – Extending Your Investigative Capabilities

Date: Wednesday September 9th, 2015 
Time: 11:00am PDT / 2:00pm EDT / 7:00pm BST 

Presenters: Chet Hosmer, Founder of Python Forensics, Inc. and author of Python Forensics; James Habben, Master Instructor, Guidance Software Training; Robert Bond, Product Marketing Manager, Guidance Software

Digital forensic investigators are quickly becoming familiar with the power of Python. The open source programming language named after Monty Python has been around for approximately 20 years and is fairly simple to read and learn. While EnCase users have used the EnScripting language for 15 years to extend the capabilities of EnCase and create the 130+ EnScripts on EnCase App Central, Python has the ability to add additional powerful investigative capabilities. 

In this webinar, Chet Hosmer, Founder of Python Forensics, Inc. and James Habben, Master Instructor at Guidance Software will demonstrate examples of those capabilities in an investigation demonstration using EnCase. Whether you are performing single-mortem investigation, executing live triage, extracting evidence from mobile devices or cloud services, or you are collecting and processing evidence from a network, Python forensic implementations can fill in the gaps.

Register now at https://encase.webex.com/encase/onstage/g.php?MTID=e8f1fdc29d4fc150f6c935f4ab3b9b95b

Also, FYI Autopsy 2 supports custom python extensions (and is awesome).

ICDF2C Revised Draft Program Released

7th International Conference on Digital Forensics and Cyber Crime (ICDF2C) updated program is now available here: http://bit.ly/1LsJpvM

<div class="separator" style="clear: both; text-align: center;"></div>
The conference will be held in Seoul, South Korea from October 6 - 8, 2015. You can register for the conference here: http://d-forensics.org/2015/show/registration

We offer discounts for Law Enforcement and Students.

We are also working with Seoul Tech Society to run an information security essay contest and panel discussion. For more information, please see the call for essays.

ICDF2C and SeoulTechSoc Call for Essays on Information Security

ICDF2C and Seoul Tech Society Essay Contest

Have you ever surfed the Dark Web? Are you worried about the security of your virtual property? Technology is changing, and for every good side, there is a dark side. With these new technologies, how can the public protect themselves? Should the public rely on their government, or take security into their own hands? Let us know what you think with the ICDF2C and Seoul Tech Society Cyber Crime Essay Contest.

<div class="separator" style="clear: both; text-align: center;"></div>

This year ICDF2C has two focus areas:

<ul><li>Usage, implications and investigation of the “Dark Web”</li><li>Preventing or investigating crimes using cryptocurrencies</li></ul>
Although these topics are recommended, essays are not limited to these topics. For the full list of conference topics, please see http://d-forensics.org/2015/show/cf-papers

Submission Instructions

<ul><li>Submissions should be in English</li><li>Submissions should be no longer than 3 pages (with references)</li><li>Submissions must be submitted as a PDF</li></ul>
Please send a PDF of your essay to Joshua at cybercrimetech.com

Important Dates

<ul><li>Submission Deadline: September 21, 2015 (any time zone)</li><li>Notification: October 1, 2015</li><li>ICDF2C/SeoulTech Discussion Session: October 6, 2015, 18:00 – 19:30</li></ul>
Rewards

<ul><li>The top 5 essays will present their ideas at the ICDF2C/SeoulTech Discussion Session</li><li>Selected essays will be published in discussion session proceedings, and made available on the Seoul Tech Society web page</li></ul><div>See d-forensics.org for more information.</div>

How to print a double-side PDF booklet with a single-side printer

I only very rarely need to print something. However, printing things like grade reports and student schedules can come in handy. Since we don’t have a community printer, I bought a simple single-side, black and white laserjet from Samsung (pictured). Most of the features for connecting to it, I turned off. Google cloud print, however, is surprisingly useful for printing from my phone or outside the office.

Beyond printing schedules every now and then, I would like to print research articles (PDFs) from journals and read them on the train. My Galaxy Note II makes reading PDFs possible, but not great. eBooks are much better… when will journals provide ebooks?

So the goal is, with a single-sided printer, print booklets from PDFs.

By booklets, I mean a taking a normal A4 sheet of paper, holding in landscape, and folding it in half to form a book with the ‘spine’ where the fold is. There are 2 pages on one sheet of paper, and we want to print on both sides, so 4 pages for 1 sheet of paper. See the picture below. The trick is page ordering.

<div class="separator" style="clear: both; text-align: center;"></div>

Some software has ‘booklet’ mode when printing. In LibreOffice if you click on ‘File-> Print’ and select the “Page Layout” tab, there will be a “Brochure” option. This option will automatically order pages into a small booklet style. If you have a double-sided printer, congrats, you are done. If you have a single-sided printer, select “Page Sides->Include Front Sides / Right Pages”. Then print, and put the paper back in the printer. For my printer, the paper prints on the top so I should keep the pages in the same rotation, and put the blank sides up.

<div class="separator" style="clear: both; text-align: center;"></div>

“Booklet” options are easy to use if you are creating your own documents, but I want to print already created PDFs. I heard that Adobe Reader has a booklet mode, but I am on Linux and don’t use Adobe Reader.

My default reader is “Document Viewer - Evince”, and it does not have a booklet feature.

I came across the program “pdfbook” which basically rearranges PDF pages for you so you can print booklets. If you use pdfbook like so:

<pre>pdfbook journal-paper.pdf</pre>
It will output a pdf with 1 pages per sheet, but some of the pages are flipped over. I think this is intended for a double-sided printer. To be able to print with a single sided printer, we need to use the option ‘–short-edge’.

<pre>pdfbook –short-edge journal-paper.pdf</pre>
This will rearrange the pages with 2 pages per sheet, and all are facing upwards. There is just one more thing to do to print the booklet.

When printing, go to ‘Print -> Page Setup Tab’ and choose ‘Only Print -> Even Sheets’. Make sure that your printer says 1 page per sheet. If you print 2 pages per sheet, you will have 4 ‘pages’ on one side of the paper.

After printing the even sheets, take the paper out of the printer. If you put the printed pages back in the printer in the order they are now, the first page will be on the bottom. We need to reverse the current order.

With the printed side facing you, put the first sheet on the table. Now put the next sheet on top of the first sheet with the printed side still facing you. Continue will the remaining sheets.

Once the sheets have been reordered, put the paper back in your printer with the printed side facing down (might be different on your printer). Now go to ‘Print -> Page Setup Tab’ and choose ‘Only Print -> Odd Sheets’.

You will need to determine how to feed the paper into your printer, but this is the method that works for mine.

If someone were printing a lot, I may recommend getting a double-sided printer, but since I am printing less than one paper per month, this method works for me. It makes a nice little - but not too little -booklet, and saves toner and trees.

Ashley Madison Data and Ethical Use

On August 19th, the Impact Team released data of millions of alleged Ashley Madison users. Ashley Madison is a type of social networking website that promotes extra-marital affairs. After the main user data, the source code for the website, and emails from the founder were also released.

The data was initially released on the Dark Web, but has since been added to many clear web sites.

<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody><tr><td style="text-align: center;"></td></tr><tr><td class="tr-caption" style="text-align: center;">Impact Team’s .onion site</td></tr></tbody></table>
The data contains information about users names, email addresses, locations, addresses, credit card numbers, credit card transactions, sexual preferences, and much, much more.

If you are thinking about looking up your friends and neighbors, think about the following first:
<h3>You cant trust most versions of the data</h3><div>Many people are interested in this data. Hackers and criminals know that it will be very popular, so they will add viruses and other malware to the data. It is also possible that copied versions had records added specifically to frame people. If you are going to use any version, make sure it came from Impact Team.</div><div><h3>You cant trust websites that let you search the data</h3></div><div>Even before the data was released, some websites were created to be able to single the data if and when it was released. Some of these websites are created by trusted security researchers, some are created by hackers, some are created by people who just want to make money off of the situation. The result is that you should only use trusted websites when evaluating data like this. Other sites may have malware, and some sites may collect any email addresses, names, phone numbers that you enter to “check” and resell that information to advertising companies. Be careful with websites you don’t know.</div><div><h3>The original data could have been fake or tampered with</h3></div><div>Data directly from Impact Team is the ‘most reliable’ version that we will get. However, this does not mean that it has not been tampered with. They may have added or modified entries.</div><div>
</div><div>Further, some accounts that exist in the system are likely to be fake anyway. The only accounts we can be reasonably sure of are attached to credit card transactions, and even those may possibly have been created by a stolen card.</div><h2>Think about what you are doing</h2><div>With data like this, there are a lot of things we can learn. I have a copy of the data, and I did not look up my friends or co-workers. Why? Because I don’t care. Many websites are using the data to find who is cheating on who. That question is not interesting. What is interesting is, for example, why people are cheating. We might even ask is cheating a bad thing? For 39 million people, apparently it isn’t. Other interesting questions include how to prevent an attack like this in the future? What are the most common passwords? Etc.</div><div>
</div><div>While the data is useful for information security to learn from its mistake, making the data easily accessible for the sake of gossip is not useful, and could potentially cause mental and physical damage. Consider this ‘help’ that a woman received from radio talk show hosts. As soon as the woman found out her husband was cheating, the host even admitted he felt like a jerk.</div><div>
</div><iframe frameborder="0" height="573" id="molvideoplayer" scrolling="no" src="http://www.dailymail.co.uk/embed/video/1207589.html" title="MailOnline Embed Player" width="698"></iframe>

I completely agree with the approach from the people at haveibeenpwned.com who explain in their blog single that it is not the job of security researchers to out people. It is our job to protect people.

Every time there is a data leak, the information is used for all sorts of scams, and criminals are already using the AM data. The people involved in this breach could have their entire lives destroyed by releasing all of their information. Some people will say that they deserve it for being on such a site. Thats a matter of opinion. But as security researchers if we don’t look for ways to use (and release) data responsibility, we may be hurting people to find the ‘juicy bits’ rather than improving security, privacy and freedom for everyone.

Webinar: Tackle the Legal Issues of Obtaining Digital Evidence in the Cloud

Cost: Free
Date: Wed August 12th, 2015
Time: 08:00am UTC / 10:00am CEST / 4:00pm AWST

Data stored on cloud services or on social networks can reflect a person’s motives, actions or consequences, which are essential to any investigation. But obtaining it is the real challenge. Does your agency currently face certain legal, operational and technical limitations in obtaining this important source of evidence?

Join our panel of global industry and product experts, for a live discussion where they will address the legal and operational considerations for identifying, collecting and preserving cloud-based media.

Panelists: Pamela Kiesselbach, Senior Consultant Corporate Crime & Investigations, Herbert Smith Freehills; Stephen Mason, Barrister; Jy Millis, Corporate Associate, Herbert Smith Freehills; Shahaf Rozanski, Director of Forensics Products, Cellebrite Ltd.

Register now at http://go.cellebrite.com/web_ca_legal_aug2015_reg