<br /> INSIDE<br /> / Using Wireshark<br /> / Deep Packet Inspection<br /> / Cryptanalysis<br /> / Social Network<br /> Monitoring<br /> BIG BROTHER<br /> FORENSICS<br /> Chad Tilbury takes a look at the<br /> rise of Geo Location data and how<br /> geo-artifacts can add a crucial<br /> dimension to investigations<br /> Competition!<br /> Win 3 Digital Forensics<br /> books from Syngress<br /> ISSUE 09<br /> November 2011<br /> 04<br /> 9 772042 061110<br /> Issue 9 / £11.99 TR Media<br /> / REGULARS / FROM THE LAB / INTRODUCING / Book Reviews<br /> robservations, 360, PART 2 OF TED SMITH'S our new FEATURE ON XBOX Forensics<br /> news, irq & more… X-Ways Forensics Forensic Uncertainty Extrusion DetectionTo find out more visit dmu.ac.uk/technology or contact us:<br /> T: (0116) 257 7456<br /> E: technology@dmu.ac.uk <a title="DFM-Issue9-Nov2011.pdf page 1" href="http://viewer.zmags.com/publication/06f1b969?page=1"> INSIDE / Using Wi</a> <a title="DFM-Issue9-Nov2011.pdf page 2" href="http://viewer.zmags.com/publication/06f1b969?page=2">To find out more visit dmu.ac.uk/technology or con</a> <a title="DFM-Issue9-Nov2011.pdf page 3" href="http://viewer.zmags.com/publication/06f1b969?page=3">EDITORIAL It is a very interesting time for digit</a> <a title="DFM-Issue9-Nov2011.pdf page 4" href="http://viewer.zmags.com/publication/06f1b969?page=4"> </a> <a title="DFM-Issue9-Nov2011.pdf page 5" href="http://viewer.zmags.com/publication/06f1b969?page=5">/ NEWS </a> <a title="DFM-Issue9-Nov2011.pdf page 6" href="http://viewer.zmags.com/publication/06f1b969?page=6"> / NEWS NEWS DHS claims Cyber Crime rate on the</a> <a title="DFM-Issue9-Nov2011.pdf page 7" href="http://viewer.zmags.com/publication/06f1b969?page=7"> In orde</a> <a title="DFM-Issue9-Nov2011.pdf page 8" href="http://viewer.zmags.com/publication/06f1b969?page=8"> Mobile Development from Apress The lar</a> <a title="DFM-Issue9-Nov2011.pdf page 9" href="http://viewer.zmags.com/publication/06f1b969?page=9"> / FEATURE HUNTING MALWARE WITH A (WIRE)SHARK T</a> <a title="DFM-Issue9-Nov2011.pdf page 10" href="http://viewer.zmags.com/publication/06f1b969?page=10"> / FEATURE First it is important to unders</a> <a title="DFM-Issue9-Nov2011.pdf page 11" href="http://viewer.zmags.com/publication/06f1b969?page=11"> dns contains “ru” or dns contains “cn” or dns con</a> <a title="DFM-Issue9-Nov2011.pdf page 12" href="http://viewer.zmags.com/publication/06f1b969?page=12"> / FEATURE Following the data stream it be</a> <a title="DFM-Issue9-Nov2011.pdf page 13" href="http://viewer.zmags.com/publication/06f1b969?page=13"> </a> <a title="DFM-Issue9-Nov2011.pdf page 14" href="http://viewer.zmags.com/publication/06f1b969?page=14"> / LETTERS 360° HYour chance to have your say … </a> <a title="DFM-Issue9-Nov2011.pdf page 15" href="http://viewer.zmags.com/publication/06f1b969?page=15"> Following Donald's post, Amer Aljaedi also mentio</a> <a title="DFM-Issue9-Nov2011.pdf page 16" href="http://viewer.zmags.com/publication/06f1b969?page=16"> / LEAD FEATURE BIG BROTHER FORENSICS One of </a> <a title="DFM-Issue9-Nov2011.pdf page 17" href="http://viewer.zmags.com/publication/06f1b969?page=17"> If a device is connected to the Internet and has </a> <a title="DFM-Issue9-Nov2011.pdf page 18" href="http://viewer.zmags.com/publication/06f1b969?page=18"> / LEAD FEATURE Image 1 </a> <a title="DFM-Issue9-Nov2011.pdf page 19" href="http://viewer.zmags.com/publication/06f1b969?page=19"> process is determining what requests give informa</a> <a title="DFM-Issue9-Nov2011.pdf page 20" href="http://viewer.zmags.com/publication/06f1b969?page=20"> / LEAD FEATURE Image 4 </a> <a title="DFM-Issue9-Nov2011.pdf page 21" href="http://viewer.zmags.com/publication/06f1b969?page=21"> Cell site analysis Computer forensics Audio vi</a> <a title="DFM-Issue9-Nov2011.pdf page 22" href="http://viewer.zmags.com/publication/06f1b969?page=22"> / FEATURE SOCIAL NETWORK MONITORING LEARNING TO </a> <a title="DFM-Issue9-Nov2011.pdf page 23" href="http://viewer.zmags.com/publication/06f1b969?page=23"> access to privileged information. But, there are </a> <a title="DFM-Issue9-Nov2011.pdf page 24" href="http://viewer.zmags.com/publication/06f1b969?page=24"> / FEATURE / Examples of Passive Monitoring u</a> <a title="DFM-Issue9-Nov2011.pdf page 25" href="http://viewer.zmags.com/publication/06f1b969?page=25"> Table 1 gives an example of Facebook communic</a> <a title="DFM-Issue9-Nov2011.pdf page 26" href="http://viewer.zmags.com/publication/06f1b969?page=26"> / FEATURE THE IPDR'S ARE DELIVERED TO </a> <a title="DFM-Issue9-Nov2011.pdf page 27" href="http://viewer.zmags.com/publication/06f1b969?page=27"> </a> <a title="DFM-Issue9-Nov2011.pdf page 28" href="http://viewer.zmags.com/publication/06f1b969?page=28"> / ROBSERVATIONS ROBSERVATIONS Our Profession: </a> <a title="DFM-Issue9-Nov2011.pdf page 29" href="http://viewer.zmags.com/publication/06f1b969?page=29"> Reviewing the latest sports highlights </a> <a title="DFM-Issue9-Nov2011.pdf page 30" href="http://viewer.zmags.com/publication/06f1b969?page=30"> Digital ForensicS / magazine Digital Forensics m</a> <a title="DFM-Issue9-Nov2011.pdf page 31" href="http://viewer.zmags.com/publication/06f1b969?page=31"> / LEGAL EDITORIAL LEGAL EDITORIAL The difficult</a> <a title="DFM-Issue9-Nov2011.pdf page 32" href="http://viewer.zmags.com/publication/06f1b969?page=32"> / LEGAL FEATURE MOBILE PHONES, GEO-LOCATION, A</a> <a title="DFM-Issue9-Nov2011.pdf page 33" href="http://viewer.zmags.com/publication/06f1b969?page=33"> As with earlier treatments of legal statutes,</a> <a title="DFM-Issue9-Nov2011.pdf page 34" href="http://viewer.zmags.com/publication/06f1b969?page=34"> / LEGAL FEATURE The first part of (35) des</a> <a title="DFM-Issue9-Nov2011.pdf page 35" href="http://viewer.zmags.com/publication/06f1b969?page=35"> </a> <a title="DFM-Issue9-Nov2011.pdf page 36" href="http://viewer.zmags.com/publication/06f1b969?page=36"> / LEGAL NEWS ALERT LEGAL NEWS ALERT Summer of </a> <a title="DFM-Issue9-Nov2011.pdf page 37" href="http://viewer.zmags.com/publication/06f1b969?page=37"> / COMPETITION COMPETITION / This issue we have</a> <a title="DFM-Issue9-Nov2011.pdf page 38" href="http://viewer.zmags.com/publication/06f1b969?page=38"> / MEET THE PROFESSIONALS MEET THE DF PROFESSIO</a> <a title="DFM-Issue9-Nov2011.pdf page 39" href="http://viewer.zmags.com/publication/06f1b969?page=39"> are required during a standard investigation. The</a> <a title="DFM-Issue9-Nov2011.pdf page 40" href="http://viewer.zmags.com/publication/06f1b969?page=40"> </a> <a title="DFM-Issue9-Nov2011.pdf page 41" href="http://viewer.zmags.com/publication/06f1b969?page=41"> </a> <a title="DFM-Issue9-Nov2011.pdf page 42" href="http://viewer.zmags.com/publication/06f1b969?page=42"> / FEATURE MANAGEMENT OF KNOWLEDGE BASED GRIDS </a> <a title="DFM-Issue9-Nov2011.pdf page 43" href="http://viewer.zmags.com/publication/06f1b969?page=43"> Figure 1. G4CP Centre of Gravity / Grid for Crim</a> <a title="DFM-Issue9-Nov2011.pdf page 44" href="http://viewer.zmags.com/publication/06f1b969?page=44"> / FEATURE The application that G4CP plan</a> <a title="DFM-Issue9-Nov2011.pdf page 45" href="http://viewer.zmags.com/publication/06f1b969?page=45"> Figure 2. E-Science Certificate (X.509) </a> <a title="DFM-Issue9-Nov2011.pdf page 46" href="http://viewer.zmags.com/publication/06f1b969?page=46"> ASSESSMENT VENDOR INDEPENDENCE t</a> <a title="DFM-Issue9-Nov2011.pdf page 47" href="http://viewer.zmags.com/publication/06f1b969?page=47"> / APPLE AUTOPSY APPLE AUTOPSY As Apple loses its</a> <a title="DFM-Issue9-Nov2011.pdf page 48" href="http://viewer.zmags.com/publication/06f1b969?page=48"> / FEATURE FOOTPRINTS ON MACS – GEOGRAPHIC ARTI</a> <a title="DFM-Issue9-Nov2011.pdf page 49" href="http://viewer.zmags.com/publication/06f1b969?page=49"> So what if I wanted to know the GPS coordinat</a> <a title="DFM-Issue9-Nov2011.pdf page 50" href="http://viewer.zmags.com/publication/06f1b969?page=50"> / FEATURE The iPhone 1G was able to take </a> <a title="DFM-Issue9-Nov2011.pdf page 51" href="http://viewer.zmags.com/publication/06f1b969?page=51"> In iOS 4 all these property lists were then c</a> <a title="DFM-Issue9-Nov2011.pdf page 52" href="http://viewer.zmags.com/publication/06f1b969?page=52"> </a> <a title="DFM-Issue9-Nov2011.pdf page 53" href="http://viewer.zmags.com/publication/06f1b969?page=53"> / FROM THE LAB DISCOVERING THE EASE OF X-WAYS </a> <a title="DFM-Issue9-Nov2011.pdf page 54" href="http://viewer.zmags.com/publication/06f1b969?page=54"> / FROM THE LAB </a> <a title="DFM-Issue9-Nov2011.pdf page 55" href="http://viewer.zmags.com/publication/06f1b969?page=55"> Figure 20. The `Refine Volume Snapshot' dialogue </a> <a title="DFM-Issue9-Nov2011.pdf page 56" href="http://viewer.zmags.com/publication/06f1b969?page=56"> / FROM THE LAB E01, that can then easily be u</a> <a title="DFM-Issue9-Nov2011.pdf page 57" href="http://viewer.zmags.com/publication/06f1b969?page=57"> Forensic Computing 12-month stu</a> <a title="DFM-Issue9-Nov2011.pdf page 58" href="http://viewer.zmags.com/publication/06f1b969?page=58"> / FEATURE CRYPTANALYSIS USING DISTRIBUTED SYST</a> <a title="DFM-Issue9-Nov2011.pdf page 59" href="http://viewer.zmags.com/publication/06f1b969?page=59"> Figure 1. Example password files provided by hacki</a> <a title="DFM-Issue9-Nov2011.pdf page 60" href="http://viewer.zmags.com/publication/06f1b969?page=60"> / FEATURE Figure 2. Summary</a> <a title="DFM-Issue9-Nov2011.pdf page 61" href="http://viewer.zmags.com/publication/06f1b969?page=61"> anywhere from 0 to 255, while the key can be of l</a> <a title="DFM-Issue9-Nov2011.pdf page 62" href="http://viewer.zmags.com/publication/06f1b969?page=62"> Maximise Prioritise Visualise Call IntaForen</a> <a title="DFM-Issue9-Nov2011.pdf page 63" href="http://viewer.zmags.com/publication/06f1b969?page=63"> / FEATURE DIGITAL ARCHIVING AND DATA RECOVERY </a> <a title="DFM-Issue9-Nov2011.pdf page 64" href="http://viewer.zmags.com/publication/06f1b969?page=64"> / FEATURE All of these machines store dat</a> <a title="DFM-Issue9-Nov2011.pdf page 65" href="http://viewer.zmags.com/publication/06f1b969?page=65"> / Emulation It is pointless saving all of this di</a> <a title="DFM-Issue9-Nov2011.pdf page 66" href="http://viewer.zmags.com/publication/06f1b969?page=66"> / FEATURE remain in align</a> <a title="DFM-Issue9-Nov2011.pdf page 67" href="http://viewer.zmags.com/publication/06f1b969?page=67"> / NEXT ISSUE COMING SOON… A Roundup of Featu</a> <a title="DFM-Issue9-Nov2011.pdf page 68" href="http://viewer.zmags.com/publication/06f1b969?page=68"> / FEATURE SIFTER10 PROBES A successful new app</a> <a title="DFM-Issue9-Nov2011.pdf page 69" href="http://viewer.zmags.com/publication/06f1b969?page=69"> Typically, PC based software security product</a> <a title="DFM-Issue9-Nov2011.pdf page 70" href="http://viewer.zmags.com/publication/06f1b969?page=70"> / FEATURE </a> <a title="DFM-Issue9-Nov2011.pdf page 71" href="http://viewer.zmags.com/publication/06f1b969?page=71"> The physical network interfaces (PHY) on the </a> <a title="DFM-Issue9-Nov2011.pdf page 72" href="http://viewer.zmags.com/publication/06f1b969?page=72"> / FEATURE As an example, network analysis</a> <a title="DFM-Issue9-Nov2011.pdf page 73" href="http://viewer.zmags.com/publication/06f1b969?page=73"> / GET INVOLVED GET INVOLVED / Authors As we c</a> <a title="DFM-Issue9-Nov2011.pdf page 74" href="http://viewer.zmags.com/publication/06f1b969?page=74"> Digital ForensicS / magazine BACK ISSUES Digita</a> <a title="DFM-Issue9-Nov2011.pdf page 75" href="http://viewer.zmags.com/publication/06f1b969?page=75"> HANRATTY REVISITED What should the legal system d</a> <a title="DFM-Issue9-Nov2011.pdf page 76" href="http://viewer.zmags.com/publication/06f1b969?page=76"> / FEATURE / Caveat I was not granted access to a</a> <a title="DFM-Issue9-Nov2011.pdf page 77" href="http://viewer.zmags.com/publication/06f1b969?page=77"> 1990 – Single Locus Profiling (SLP) replaces the l</a> <a title="DFM-Issue9-Nov2011.pdf page 78" href="http://viewer.zmags.com/publication/06f1b969?page=78"> / FEATURE / Considering the clothing Regarding </a> <a title="DFM-Issue9-Nov2011.pdf page 79" href="http://viewer.zmags.com/publication/06f1b969?page=79"> But what happened to Gregsten's seminal fluid </a> <a title="DFM-Issue9-Nov2011.pdf page 80" href="http://viewer.zmags.com/publication/06f1b969?page=80"> / BOOK REVIEWS BOOK REVIEWS Extrusion Detectio</a> <a title="DFM-Issue9-Nov2011.pdf page 81" href="http://viewer.zmags.com/publication/06f1b969?page=81"> concern for the population with news reports abou</a> <a title="DFM-Issue9-Nov2011.pdf page 82" href="http://viewer.zmags.com/publication/06f1b969?page=82"> / COLUMN IRQ APlanes, packets and IP mobiles... </a> <a title="DFM-Issue9-Nov2011.pdf page 83" href="http://viewer.zmags.com/publication/06f1b969?page=83"> </a> <a title="DFM-Issue9-Nov2011.pdf page 84" href="http://viewer.zmags.com/publication/06f1b969?page=84"> </a>