<br /> Digital<br /> The Quarterly Magazine for Digital Forensics Practitioners Issue 17 · November 2013<br /> WIN! an iPod Nano<br /> ForensicS<br /> / magazine<br /> The Shattered Project<br /> A Forensic Understanding of<br /> GOOGLE<br /> GLASS<br /> PLUS!<br /> SCADA Honeypots<br /> Trustworthy Cyber-Physical Systems17<br /> NAS vulnerabilities using SHODAN Issue 17 / £14.99 TR Media<br /> 9 772042 061004<br /> <br /> EDITORIAL<br /> O<br /> ne of the most interesting aspects of<br /> investigating the digital world is the never-<br /> ending source of new ideas and the fascinating<br /> way that we are using technology; wi<a title="DFM17 - Online page 1" href="http://viewer.zmags.com/publication/23e4b26c?page=1"> Digital The Quarterly Magazine for Digital Fore</a> <a title="DFM17 - Online page 2" href="http://viewer.zmags.com/publication/23e4b26c?page=2"> </a> <a title="DFM17 - Online page 3" href="http://viewer.zmags.com/publication/23e4b26c?page=3"> EDITORIAL O </a> <a title="DFM17 - Online page 4" href="http://viewer.zmags.com/publication/23e4b26c?page=4"> </a> <a title="DFM17 - Online page 5" href="http://viewer.zmags.com/publication/23e4b26c?page=5"> 16 FEATURES 08 / An Overview of Honeypots & SCAD</a> <a title="DFM17 - Online page 6" href="http://viewer.zmags.com/publication/23e4b26c?page=6"> / NEWS NEWS NEWS / Cellebrite Extends its Line</a> <a title="DFM17 - Online page 7" href="http://viewer.zmags.com/publication/23e4b26c?page=7"> Based on UFED technology which government and</a> <a title="DFM17 - Online page 8" href="http://viewer.zmags.com/publication/23e4b26c?page=8"> / FEATURE AN OVERVIEW OF HONEYPOTS & SCADA SYS</a> <a title="DFM17 - Online page 9" href="http://viewer.zmags.com/publication/23e4b26c?page=9"> Level of Interaction Definition and Features Hig</a> <a title="DFM17 - Online page 10" href="http://viewer.zmags.com/publication/23e4b26c?page=10"> / FEATURE SCADA HONEYPOTS OFFER AN I</a> <a title="DFM17 - Online page 11" href="http://viewer.zmags.com/publication/23e4b26c?page=11"> </a> <a title="DFM17 - Online page 12" href="http://viewer.zmags.com/publication/23e4b26c?page=12"> / FEATURE Figure 2.</a> <a title="DFM17 - Online page 13" href="http://viewer.zmags.com/publication/23e4b26c?page=13"> Available Active Name & Yea</a> <a title="DFM17 - Online page 14" href="http://viewer.zmags.com/publication/23e4b26c?page=14"> / FEATURE malware that propagates by removabl</a> <a title="DFM17 - Online page 15" href="http://viewer.zmags.com/publication/23e4b26c?page=15"> </a> <a title="DFM17 - Online page 16" href="http://viewer.zmags.com/publication/23e4b26c?page=16"> / FROM THE LAB THE SHATTERED PROJECT A FORENSI</a> <a title="DFM17 - Online page 17" href="http://viewer.zmags.com/publication/23e4b26c?page=17"> / Misconceptions With the media trying to release</a> <a title="DFM17 - Online page 18" href="http://viewer.zmags.com/publication/23e4b26c?page=18"> / FROM THE LAB ADB is a cross platform to</a> <a title="DFM17 - Online page 19" href="http://viewer.zmags.com/publication/23e4b26c?page=19"> IF THE USER ASKS HOW TO GET SOMEWHERE, SOME</a> <a title="DFM17 - Online page 20" href="http://viewer.zmags.com/publication/23e4b26c?page=20"> </a> <a title="DFM17 - Online page 21" href="http://viewer.zmags.com/publication/23e4b26c?page=21"> / LEGAL EDITORIAL LEGAL EDITORIAL Slander, libel,</a> <a title="DFM17 - Online page 22" href="http://viewer.zmags.com/publication/23e4b26c?page=22"> / LEGAL FEATURE LINKEDIN LAWSUIT A look at the</a> <a title="DFM17 - Online page 23" href="http://viewer.zmags.com/publication/23e4b26c?page=23"> Now we have arrived at a rather serious alleg</a> <a title="DFM17 - Online page 24" href="http://viewer.zmags.com/publication/23e4b26c?page=24"> / LEGAL FEATURE GOING BACK TO THE ALLEGAT</a> <a title="DFM17 - Online page 25" href="http://viewer.zmags.com/publication/23e4b26c?page=25"> schemes to make lots of $$$ with Java, Groovy and</a> <a title="DFM17 - Online page 26" href="http://viewer.zmags.com/publication/23e4b26c?page=26"> / LEGAL EDITORIAL LEGAL NEWS A round-up of the la</a> <a title="DFM17 - Online page 27" href="http://viewer.zmags.com/publication/23e4b26c?page=27"> </a> <a title="DFM17 - Online page 28" href="http://viewer.zmags.com/publication/23e4b26c?page=28"> / FEATURE TRUSTWORTHY CYBER-PHYSICAL SYSTEMS A</a> <a title="DFM17 - Online page 29" href="http://viewer.zmags.com/publication/23e4b26c?page=29"> Given the prevalence of cyber-physical system</a> <a title="DFM17 - Online page 30" href="http://viewer.zmags.com/publication/23e4b26c?page=30"> / FEATURE / Security Testing Cyber Physical </a> <a title="DFM17 - Online page 31" href="http://viewer.zmags.com/publication/23e4b26c?page=31"> Figure 2. and be able to take steps to improve i</a> <a title="DFM17 - Online page 32" href="http://viewer.zmags.com/publication/23e4b26c?page=32"> / FEATURE In the case of Stuxnet, its discove</a> <a title="DFM17 - Online page 33" href="http://viewer.zmags.com/publication/23e4b26c?page=33"> </a> <a title="DFM17 - Online page 34" href="http://viewer.zmags.com/publication/23e4b26c?page=34"> / FEATURE THE FORENSICS RESPONSE TO A CYBER TE</a> <a title="DFM17 - Online page 35" href="http://viewer.zmags.com/publication/23e4b26c?page=35"> BUSINESSES HAVE ALSO EMBRACED COMMERCIAL-OF</a> <a title="DFM17 - Online page 36" href="http://viewer.zmags.com/publication/23e4b26c?page=36"> / FEATURE But not only</a> <a title="DFM17 - Online page 37" href="http://viewer.zmags.com/publication/23e4b26c?page=37"> compromised host [the DOS Prompt]. In this case o</a> <a title="DFM17 - Online page 38" href="http://viewer.zmags.com/publication/23e4b26c?page=38"> / FEATURE system[s]. However, protection agai</a> <a title="DFM17 - Online page 39" href="http://viewer.zmags.com/publication/23e4b26c?page=39"> </a> <a title="DFM17 - Online page 40" href="http://viewer.zmags.com/publication/23e4b26c?page=40"> / INTERVIEW MEET THE PROFESSIONALS / GREG JON</a> <a title="DFM17 - Online page 41" href="http://viewer.zmags.com/publication/23e4b26c?page=41"> CWSS and CWE data. We have plans to integrate thi</a> <a title="DFM17 - Online page 42" href="http://viewer.zmags.com/publication/23e4b26c?page=42"> </a> <a title="DFM17 - Online page 43" href="http://viewer.zmags.com/publication/23e4b26c?page=43"> </a> <a title="DFM17 - Online page 44" href="http://viewer.zmags.com/publication/23e4b26c?page=44"> / FEATURE USING NETWORK INTRUSION DETECTION SY</a> <a title="DFM17 - Online page 45" href="http://viewer.zmags.com/publication/23e4b26c?page=45"> Figure 1. The Test Bed Architecture </a> <a title="DFM17 - Online page 46" href="http://viewer.zmags.com/publication/23e4b26c?page=46"> / FEATURE / Three References Maier,</a> <a title="DFM17 - Online page 47" href="http://viewer.zmags.com/publication/23e4b26c?page=47"> Figure 3. 100Mbs. The rates started at</a> <a title="DFM17 - Online page 48" href="http://viewer.zmags.com/publication/23e4b26c?page=48"> / FEATURE / Expert Tip: Use Multiple Tool</a> <a title="DFM17 - Online page 49" href="http://viewer.zmags.com/publication/23e4b26c?page=49"> Digital ForensicS / magazine The Quarterly Mag</a> <a title="DFM17 - Online page 50" href="http://viewer.zmags.com/publication/23e4b26c?page=50"> / GET INVOLVED GET INVOLVED Calling all Book Revi</a> <a title="DFM17 - Online page 51" href="http://viewer.zmags.com/publication/23e4b26c?page=51"> </a> <a title="DFM17 - Online page 52" href="http://viewer.zmags.com/publication/23e4b26c?page=52"> / FEATURE IPHONE BACKUP FILES PART II Kate Wri</a> <a title="DFM17 - Online page 53" href="http://viewer.zmags.com/publication/23e4b26c?page=53"> but specialist platforms were selected for experi</a> <a title="DFM17 - Online page 54" href="http://viewer.zmags.com/publication/23e4b26c?page=54"> / FEATURE fact that it will be resident on an</a> <a title="DFM17 - Online page 55" href="http://viewer.zmags.com/publication/23e4b26c?page=55"> / Where To Look & What Can Be Found Its astoni</a> <a title="DFM17 - Online page 56" href="http://viewer.zmags.com/publication/23e4b26c?page=56"> / FEATURE active and used at this point in ti</a> <a title="DFM17 - Online page 57" href="http://viewer.zmags.com/publication/23e4b26c?page=57"> </a> <a title="DFM17 - Online page 58" href="http://viewer.zmags.com/publication/23e4b26c?page=58"> 1101010010010101010100010010101011101010010010101</a> <a title="DFM17 - Online page 59" href="http://viewer.zmags.com/publication/23e4b26c?page=59"> 1101010010010101010100010010101011101010010010101</a> <a title="DFM17 - Online page 60" href="http://viewer.zmags.com/publication/23e4b26c?page=60"> 1101010010010101010100010010101011101010010010101</a> <a title="DFM17 - Online page 61" href="http://viewer.zmags.com/publication/23e4b26c?page=61"> 1101010010010101010100010010101011101010010010101</a> <a title="DFM17 - Online page 62" href="http://viewer.zmags.com/publication/23e4b26c?page=62"> </a> <a title="DFM17 - Online page 63" href="http://viewer.zmags.com/publication/23e4b26c?page=63"> 36 Letters, emails, tweets, connections and more…</a> <a title="DFM17 - Online page 64" href="http://viewer.zmags.com/publication/23e4b26c?page=64"> / FEATURE HELLO! MY NAME IS PAUL Jeff Harris a</a> <a title="DFM17 - Online page 65" href="http://viewer.zmags.com/publication/23e4b26c?page=65"> cases. Most importantly, these home networks are </a> <a title="DFM17 - Online page 66" href="http://viewer.zmags.com/publication/23e4b26c?page=66"> / FEATURE many billions of pounds. 10% of the</a> <a title="DFM17 - Online page 67" href="http://viewer.zmags.com/publication/23e4b26c?page=67"> / The Scale Of The Challenge Faced & Attributi</a> <a title="DFM17 - Online page 68" href="http://viewer.zmags.com/publication/23e4b26c?page=68"> / FEATURE need to bring in third party consul</a> <a title="DFM17 - Online page 69" href="http://viewer.zmags.com/publication/23e4b26c?page=69"> an immediate and challenging, “why are you lookin</a> <a title="DFM17 - Online page 70" href="http://viewer.zmags.com/publication/23e4b26c?page=70"> / FEATURE 15% OF </a> <a title="DFM17 - Online page 71" href="http://viewer.zmags.com/publication/23e4b26c?page=71"> organisations where this is not the case there we</a> <a title="DFM17 - Online page 72" href="http://viewer.zmags.com/publication/23e4b26c?page=72"> </a> <a title="DFM17 - Online page 73" href="http://viewer.zmags.com/publication/23e4b26c?page=73"> / REPORT CYBER WEEK 2013 CONFERENCE REPORT The</a> <a title="DFM17 - Online page 74" href="http://viewer.zmags.com/publication/23e4b26c?page=74"> / REPORT Colin Robbins, Technical Direct</a> <a title="DFM17 - Online page 75" href="http://viewer.zmags.com/publication/23e4b26c?page=75"> / COMING SOON COMING SOON… A round-up of featu</a> <a title="DFM17 - Online page 76" href="http://viewer.zmags.com/publication/23e4b26c?page=76"> / FEATURE IS LINUX AN ALTERNATIVE OS FOR BUSIN</a> <a title="DFM17 - Online page 77" href="http://viewer.zmags.com/publication/23e4b26c?page=77"> especially when you have an option to use an open</a> <a title="DFM17 - Online page 78" href="http://viewer.zmags.com/publication/23e4b26c?page=78"> / COMPETITION COMPETITION / This issue we have</a> <a title="DFM17 - Online page 79" href="http://viewer.zmags.com/publication/23e4b26c?page=79"> / book reviews BOOK REVIEWS PRACTICAL ANON</a> <a title="DFM17 - Online page 80" href="http://viewer.zmags.com/publication/23e4b26c?page=80"> / book reviews ALTHOUGH THE BOOK LACKS I</a> <a title="DFM17 - Online page 81" href="http://viewer.zmags.com/publication/23e4b26c?page=81"> </a> <a title="DFM17 - Online page 82" href="http://viewer.zmags.com/publication/23e4b26c?page=82"> / IRQ IRQ Signed, Sealed, Delivered? O </a> <a title="DFM17 - Online page 83" href="http://viewer.zmags.com/publication/23e4b26c?page=83"> </a> <a title="DFM17 - Online page 84" href="http://viewer.zmags.com/publication/23e4b26c?page=84"> </a>