The Quarterly Magazine for Digital Forensics Practitioners<br /> INSIDE<br /> INSIDE<br /> / bill dean on detecting<br /> commercial grade spyware<br /> commercial grade spyware<br /> / cell site analysis<br /> / cell site analysis<br /> / imaging a macBOOK air<br /> / imaging a macBOOK air<br /> / advanced cyber probes<br /> / advanced cyber probes<br /> Competition!<br /> Win copies of Kuiper<br /> Forensics Peerlab<br /> GENETIC<br /> ALGORITHMS<br /> & DIGITAL FORENSICS<br /> Tim Watson looks at the way that genetic<br /> algorithms can be used in forensic tools<br /> ISSUE 07<br /> 1st may 2011<br /> 02<br /> 9 772042 061110<br /> Issue 7 / £11.99 TR Media<br /> / REGULARS / FROM THE LAB / INTRODUCING / Book Reviews<br /> robservations, 360, peter jones looks our new legal editor hacking the human<br /> news, irq & more… at cellebrite pa v2 scott zimmerman windows <a title="Digital Magazine Issue 7 page 1" href="http://viewer.zmags.com/publication/01fa69e3?page=1">The Quarterly Magazine for Digital Forensics Pract</a> <a title="Digital Magazine Issue 7 page 2" href="http://viewer.zmags.com/publication/01fa69e3?page=2">Shape your future Forensic Computing MSc Forens</a> <a title="Digital Magazine Issue 7 page 3" href="http://viewer.zmags.com/publication/01fa69e3?page=3">EDITORIAL We have another new member </a> <a title="Digital Magazine Issue 7 page 4" href="http://viewer.zmags.com/publication/01fa69e3?page=4"> www.sans.org/summit SANS What Works in Forensics</a> <a title="Digital Magazine Issue 7 page 5" href="http://viewer.zmags.com/publication/01fa69e3?page=5">/ CONTENTS CONTENTS / DIGITAL FORENSICS </a> <a title="Digital Magazine Issue 7 page 6" href="http://viewer.zmags.com/publication/01fa69e3?page=6"> / NEWS NEWS Epsilon Hack On the 5th April, t</a> <a title="Digital Magazine Issue 7 page 7" href="http://viewer.zmags.com/publication/01fa69e3?page=7"> The Keynote Theatre was no different with t</a> <a title="Digital Magazine Issue 7 page 8" href="http://viewer.zmags.com/publication/01fa69e3?page=8"> Mobile Development from Apress The lar</a> <a title="Digital Magazine Issue 7 page 9" href="http://viewer.zmags.com/publication/01fa69e3?page=9"> / ROBSERVATIONS ROBSERVATIONS Law Is Not A Sci</a> <a title="Digital Magazine Issue 7 page 10" href="http://viewer.zmags.com/publication/01fa69e3?page=10"> / ROBSERVATIONS </a> <a title="Digital Magazine Issue 7 page 11" href="http://viewer.zmags.com/publication/01fa69e3?page=11"> Forensic Computing 12-month stu</a> <a title="Digital Magazine Issue 7 page 12" href="http://viewer.zmags.com/publication/01fa69e3?page=12"> / FEATURE FILE INTEGRITY MONITORING One of t</a> <a title="Digital Magazine Issue 7 page 13" href="http://viewer.zmags.com/publication/01fa69e3?page=13"> Figure 1. The default “/etc/passwd” file (with use</a> <a title="Digital Magazine Issue 7 page 14" href="http://viewer.zmags.com/publication/01fa69e3?page=14"> / FEATURE some aspects of the entry that shou</a> <a title="Digital Magazine Issue 7 page 15" href="http://viewer.zmags.com/publication/01fa69e3?page=15"> Figure 3. The same “/etc/passwd” file, this time w</a> <a title="Digital Magazine Issue 7 page 16" href="http://viewer.zmags.com/publication/01fa69e3?page=16"> Cell site analysis Computer forensics Audio vi</a> <a title="Digital Magazine Issue 7 page 17" href="http://viewer.zmags.com/publication/01fa69e3?page=17"> / COMPETITION COMPETITION / THIS ISSUE WE HAVE</a> <a title="Digital Magazine Issue 7 page 18" href="http://viewer.zmags.com/publication/01fa69e3?page=18"> / LETTERS 360° TYour chance to have your say … </a> <a title="Digital Magazine Issue 7 page 19" href="http://viewer.zmags.com/publication/01fa69e3?page=19"> / LEAD FEATURE THE NEXT GENERATION HOW GENETI</a> <a title="Digital Magazine Issue 7 page 20" href="http://viewer.zmags.com/publication/01fa69e3?page=20"> / LEAD FEATURE / A Face in the Crowd Having tau</a> <a title="Digital Magazine Issue 7 page 21" href="http://viewer.zmags.com/publication/01fa69e3?page=21"> Ste</a> <a title="Digital Magazine Issue 7 page 22" href="http://viewer.zmags.com/publication/01fa69e3?page=22"> / LEAD FEATURE GAs THEMSELVES ARE OFTEN QUITE E</a> <a title="Digital Magazine Issue 7 page 23" href="http://viewer.zmags.com/publication/01fa69e3?page=23"> So there we have it. We can evolve an accura</a> <a title="Digital Magazine Issue 7 page 24" href="http://viewer.zmags.com/publication/01fa69e3?page=24"> / FEATURE IMAGING 10,000 DRIVES What you need</a> <a title="Digital Magazine Issue 7 page 25" href="http://viewer.zmags.com/publication/01fa69e3?page=25"> / A New Set Of Skills And The Corporate Paradox N</a> <a title="Digital Magazine Issue 7 page 26" href="http://viewer.zmags.com/publication/01fa69e3?page=26"> / FEATURE Figure 1. SIEM Ne</a> <a title="Digital Magazine Issue 7 page 27" href="http://viewer.zmags.com/publication/01fa69e3?page=27"> Figure 3. SIEM Being Used With Any Tool / Forens</a> <a title="Digital Magazine Issue 7 page 28" href="http://viewer.zmags.com/publication/01fa69e3?page=28"> Reviewing the latest sports highlights </a> <a title="Digital Magazine Issue 7 page 29" href="http://viewer.zmags.com/publication/01fa69e3?page=29"> / LEGAL EDITORIAL LEGAL EDITORIAL Regular read</a> <a title="Digital Magazine Issue 7 page 30" href="http://viewer.zmags.com/publication/01fa69e3?page=30"> / LEGAL FEATURE LOCARD'S EXCHANGE PRINCIPLE In</a> <a title="Digital Magazine Issue 7 page 31" href="http://viewer.zmags.com/publication/01fa69e3?page=31"> skin cells, for example if the floor were wooden, </a> <a title="Digital Magazine Issue 7 page 32" href="http://viewer.zmags.com/publication/01fa69e3?page=32"> / LEGAL FEATURE machines. However, forensic e</a> <a title="Digital Magazine Issue 7 page 33" href="http://viewer.zmags.com/publication/01fa69e3?page=33"> This line, used several times in the script, </a> <a title="Digital Magazine Issue 7 page 34" href="http://viewer.zmags.com/publication/01fa69e3?page=34"> / LEGAL NEWS ALERT LEGAL NEWS ALERT While the </a> <a title="Digital Magazine Issue 7 page 35" href="http://viewer.zmags.com/publication/01fa69e3?page=35"> / FEATURE CELL SITE ANALYSIS TRIANGULATION OF </a> <a title="Digital Magazine Issue 7 page 36" href="http://viewer.zmags.com/publication/01fa69e3?page=36"> / FEATURE Figure 1. Standard Cell</a> <a title="Digital Magazine Issue 7 page 37" href="http://viewer.zmags.com/publication/01fa69e3?page=37"> Figure 2. Cellular Sectorisation `sphere of cove</a> <a title="Digital Magazine Issue 7 page 38" href="http://viewer.zmags.com/publication/01fa69e3?page=38"> </a> <a title="Digital Magazine Issue 7 page 39" href="http://viewer.zmags.com/publication/01fa69e3?page=39"> </a> <a title="Digital Magazine Issue 7 page 40" href="http://viewer.zmags.com/publication/01fa69e3?page=40"> / MEET THE PROFESSIONALS MEET THE DF PROFESSIO</a> <a title="Digital Magazine Issue 7 page 41" href="http://viewer.zmags.com/publication/01fa69e3?page=41"> participants must have a clear understanding of t</a> <a title="Digital Magazine Issue 7 page 42" href="http://viewer.zmags.com/publication/01fa69e3?page=42"> / FEATURE CLONING DRIVES WITH FAULTY SECTORS </a> <a title="Digital Magazine Issue 7 page 43" href="http://viewer.zmags.com/publication/01fa69e3?page=43"> Drive name Drive type Size (GB) Numbe</a> <a title="Digital Magazine Issue 7 page 44" href="http://viewer.zmags.com/publication/01fa69e3?page=44"> / FEATURE Faulty drive </a> <a title="Digital Magazine Issue 7 page 45" href="http://viewer.zmags.com/publication/01fa69e3?page=45"> Operating system Tool Device Bus </a> <a title="Digital Magazine Issue 7 page 46" href="http://viewer.zmags.com/publication/01fa69e3?page=46"> / FEATURE ((INT((LBA of faulty sector/8))+l)</a> <a title="Digital Magazine Issue 7 page 47" href="http://viewer.zmags.com/publication/01fa69e3?page=47"> Operating system Tool Device Bus </a> <a title="Digital Magazine Issue 7 page 48" href="http://viewer.zmags.com/publication/01fa69e3?page=48"> </a> <a title="Digital Magazine Issue 7 page 49" href="http://viewer.zmags.com/publication/01fa69e3?page=49"> / APPLE AUTOPSY APPLE AUTOPSY Apple released the</a> <a title="Digital Magazine Issue 7 page 50" href="http://viewer.zmags.com/publication/01fa69e3?page=50"> / FEATURE IMAGING THE NEW MACBOOK AIR Images c</a> <a title="Digital Magazine Issue 7 page 51" href="http://viewer.zmags.com/publication/01fa69e3?page=51"> </a> <a title="Digital Magazine Issue 7 page 52" href="http://viewer.zmags.com/publication/01fa69e3?page=52"> / FEATURE that doesn't have diskarbitration e</a> <a title="Digital Magazine Issue 7 page 53" href="http://viewer.zmags.com/publication/01fa69e3?page=53"> 6. Advanced Options – Here one can control the ty</a> <a title="Digital Magazine Issue 7 page 54" href="http://viewer.zmags.com/publication/01fa69e3?page=54"> MD5 are recognised as one of the leading digital </a> <a title="Digital Magazine Issue 7 page 55" href="http://viewer.zmags.com/publication/01fa69e3?page=55"> / FEATURE DETECTING COMPUTER MONITORING AND CO</a> <a title="Digital Magazine Issue 7 page 56" href="http://viewer.zmags.com/publication/01fa69e3?page=56"> / FEATURE available applications provided by </a> <a title="Digital Magazine Issue 7 page 57" href="http://viewer.zmags.com/publication/01fa69e3?page=57"> protocols, providing simple drill-down capabiliti</a> <a title="Digital Magazine Issue 7 page 58" href="http://viewer.zmags.com/publication/01fa69e3?page=58"> / FEATURE Figure C. Webwatcher DNS Reques</a> <a title="Digital Magazine Issue 7 page 59" href="http://viewer.zmags.com/publication/01fa69e3?page=59"> / GET INVOLVED GET INVOLVED / Authors As we c</a> <a title="Digital Magazine Issue 7 page 60" href="http://viewer.zmags.com/publication/01fa69e3?page=60"> / NEXT ISSUE COMING SOON… Some of the great </a> <a title="Digital Magazine Issue 7 page 61" href="http://viewer.zmags.com/publication/01fa69e3?page=61"> / FEATURE DRONE ARCHITECTURE FOR WIRELESS FORE</a> <a title="Digital Magazine Issue 7 page 62" href="http://viewer.zmags.com/publication/01fa69e3?page=62"> / FEATURE (WFM) after reviewing other publish</a> <a title="Digital Magazine Issue 7 page 63" href="http://viewer.zmags.com/publication/01fa69e3?page=63"> Figure 2. Potential Evidence from Wireless Networ</a> <a title="Digital Magazine Issue 7 page 64" href="http://viewer.zmags.com/publication/01fa69e3?page=64"> / FEATURE Protocol (IP) address in an Interne</a> <a title="Digital Magazine Issue 7 page 65" href="http://viewer.zmags.com/publication/01fa69e3?page=65"> / FEATURE CRIMINAL PROFILING A DETAILED LOOK A</a> <a title="Digital Magazine Issue 7 page 66" href="http://viewer.zmags.com/publication/01fa69e3?page=66"> / FEATURE 2. When did the probes used, start </a> <a title="Digital Magazine Issue 7 page 67" href="http://viewer.zmags.com/publication/01fa69e3?page=67"> ask “what they needed that could not be possible </a> <a title="Digital Magazine Issue 7 page 68" href="http://viewer.zmags.com/publication/01fa69e3?page=68"> / FEATURE In this phase we can find trac</a> <a title="Digital Magazine Issue 7 page 69" href="http://viewer.zmags.com/publication/01fa69e3?page=69"> Traditional Crime Computer Intrusion The kill</a> <a title="Digital Magazine Issue 7 page 70" href="http://viewer.zmags.com/publication/01fa69e3?page=70"> Maximise Prioritise Visualise Call IntaForen</a> <a title="Digital Magazine Issue 7 page 71" href="http://viewer.zmags.com/publication/01fa69e3?page=71"> / FEATURE ADVANCED CYBERSECURITY PROBES Severa</a> <a title="Digital Magazine Issue 7 page 72" href="http://viewer.zmags.com/publication/01fa69e3?page=72"> / FEATURE But I digress; a Cybersecurity </a> <a title="Digital Magazine Issue 7 page 73" href="http://viewer.zmags.com/publication/01fa69e3?page=73"> or SSH/port 22. And as attackers “attack” servers</a> <a title="Digital Magazine Issue 7 page 74" href="http://viewer.zmags.com/publication/01fa69e3?page=74"> / FEATURE CPU/Nice PROCESS Network </a> <a title="Digital Magazine Issue 7 page 75" href="http://viewer.zmags.com/publication/01fa69e3?page=75"> ASSESSMENT VENDOR INDEPENDENCE t</a> <a title="Digital Magazine Issue 7 page 76" href="http://viewer.zmags.com/publication/01fa69e3?page=76"> / FEATURE CELLEBRITE PHYSICAL ANALYSER V2.0 A</a> <a title="Digital Magazine Issue 7 page 77" href="http://viewer.zmags.com/publication/01fa69e3?page=77"> Figure 2 physical extraction or if you open up X</a> <a title="Digital Magazine Issue 7 page 78" href="http://viewer.zmags.com/publication/01fa69e3?page=78">/ FEATURE Figure 4 The universal search ba</a> <a title="Digital Magazine Issue 7 page 79" href="http://viewer.zmags.com/publication/01fa69e3?page=79"> Digital ForensicS / magazine BACK ISSUES Digita</a> <a title="Digital Magazine Issue 7 page 80" href="http://viewer.zmags.com/publication/01fa69e3?page=80">BOOK REVIEWS BOOK REVIEWS Hacking the Huma</a> <a title="Digital Magazine Issue 7 page 81" href="http://viewer.zmags.com/publication/01fa69e3?page=81"> There are moments in the book, however, whe</a> <a title="Digital Magazine Issue 7 page 82" href="http://viewer.zmags.com/publication/01fa69e3?page=82"> / COLUMN IRQ FA rose by any other name? </a> <a title="Digital Magazine Issue 7 page 83" href="http://viewer.zmags.com/publication/01fa69e3?page=83"> With today’s ever-changing technologies and env</a> <a title="Digital Magazine Issue 7 page 84" href="http://viewer.zmags.com/publication/01fa69e3?page=84"> Digital Forensics for an Evolving World May 201</a>