If you are visually impaired or blind, you can visit the PDF version by Pressing CONTROL + ALT + 4
You need a JavaScript-enabled browser to view this Publication
Please follow these steps to view the Publication:
Enable JavaScript in your browser
Refresh this page
Best regards
Zmags
<br /> Digital<br /> The Quarterly Magazine for Digital Forensics Practitioners Issue 32 · August 2017<br /> WIN! an iPod Nano<br /> ForensicS<br /> / magazine<br /> NOT SO<br /> PRIVATE<br /> Michael Hauser investigates how good browsers are<br /> in private mode and if data might still be recovered<br /> Latest News, 360<br /> Book Reviews, IRQ<br /> & much more inside!<br /> PLUS!<br /> Stegblender<br /> IMSI Catcher<br /> Protecting Our Thoughts<br /> Public Cloud Insider Threat Detection<br /> 32<br /> 9 772042 061004<br /> Issue 32 / £14.99 TR Media<br /> <br /> EDITORIAL<br /> E<br /> very quarter after cajoling and pushing our authors to get their<br /> articles in on time, followed by the editing of those articles and<br /> <a title="DFM32 - Online page 1" href="http://viewer.zmags.com/publication/3b1ec1a8?page=1"> Digital The Quarterly Magazine for Digital Fore</a> <a title="DFM32 - Online page 2" href="http://viewer.zmags.com/publication/3b1ec1a8?page=2"> </a> <a title="DFM32 - Online page 3" href="http://viewer.zmags.com/publication/3b1ec1a8?page=3"> EDITORIAL E </a> <a title="DFM32 - Online page 4" href="http://viewer.zmags.com/publication/3b1ec1a8?page=4"> </a> <a title="DFM32 - Online page 5" href="http://viewer.zmags.com/publication/3b1ec1a8?page=5"> 8 FEATURES 08 / Protecting Our Thoughts Testing</a> <a title="DFM32 - Online page 6" href="http://viewer.zmags.com/publication/3b1ec1a8?page=6"> / NEWS NEWS NEWS / WannaCry Fallout New research </a> <a title="DFM32 - Online page 7" href="http://viewer.zmags.com/publication/3b1ec1a8?page=7"> mincemeat of the username and password (UNP) mode</a> <a title="DFM32 - Online page 8" href="http://viewer.zmags.com/publication/3b1ec1a8?page=8"> / FEATURE PROTECTING OUR THOUGHTS Bryce Coad</a> <a title="DFM32 - Online page 9" href="http://viewer.zmags.com/publication/3b1ec1a8?page=9"> brain-ware application to steer a remote control </a> <a title="DFM32 - Online page 10" href="http://viewer.zmags.com/publication/3b1ec1a8?page=10"> / FEATURE communication channel is for unplan</a> <a title="DFM32 - Online page 11" href="http://viewer.zmags.com/publication/3b1ec1a8?page=11"> algorithm but also themselves to think in a parti</a> <a title="DFM32 - Online page 12" href="http://viewer.zmags.com/publication/3b1ec1a8?page=12"> / FEATURE mode can match these signals with t</a> <a title="DFM32 - Online page 13" href="http://viewer.zmags.com/publication/3b1ec1a8?page=13"> </a> <a title="DFM32 - Online page 14" href="http://viewer.zmags.com/publication/3b1ec1a8?page=14"> / FEATURE GRR RAPID RESPONSE Aaron Momi </a> <a title="DFM32 - Online page 15" href="http://viewer.zmags.com/publication/3b1ec1a8?page=15"> / EXPERT TIP Develop a secure environment: · Int</a> <a title="DFM32 - Online page 16" href="http://viewer.zmags.com/publication/3b1ec1a8?page=16"> / FEATURE Table 1 provides a description </a> <a title="DFM32 - Online page 17" href="http://viewer.zmags.com/publication/3b1ec1a8?page=17"> GRR Developers advise “as a general rule you </a> <a title="DFM32 - Online page 18" href="http://viewer.zmags.com/publication/3b1ec1a8?page=18"> / FEATURE system (IBM, 2015). As part of an I</a> <a title="DFM32 - Online page 19" href="http://viewer.zmags.com/publication/3b1ec1a8?page=19"> </a> <a title="DFM32 - Online page 20" href="http://viewer.zmags.com/publication/3b1ec1a8?page=20"> </a> <a title="DFM32 - Online page 21" href="http://viewer.zmags.com/publication/3b1ec1a8?page=21"> / LEGAL EDITORIAL LEGAL EDITORIAL Do we need a ne</a> <a title="DFM32 - Online page 22" href="http://viewer.zmags.com/publication/3b1ec1a8?page=22"> / LEGAL FEATURE REVISTING A SADLY TRAGIC CASE </a> <a title="DFM32 - Online page 23" href="http://viewer.zmags.com/publication/3b1ec1a8?page=23"> THINK OF THE PEOPLE WHO INSIST THAT PLANET</a> <a title="DFM32 - Online page 24" href="http://viewer.zmags.com/publication/3b1ec1a8?page=24"> / LEGAL FEATURE THE OTHER, POTENTIALLY MO</a> <a title="DFM32 - Online page 25" href="http://viewer.zmags.com/publication/3b1ec1a8?page=25"> a. Involuntary manslaughter. 9 Involuntary ma</a> <a title="DFM32 - Online page 26" href="http://viewer.zmags.com/publication/3b1ec1a8?page=26"> / LEGAL EDITORIAL LEGAL NEWS A round-up of the la</a> <a title="DFM32 - Online page 27" href="http://viewer.zmags.com/publication/3b1ec1a8?page=27"> </a> <a title="DFM32 - Online page 28" href="http://viewer.zmags.com/publication/3b1ec1a8?page=28"> / FROM THE LAB AUDIO FORENSICS IN 2017 James </a> <a title="DFM32 - Online page 29" href="http://viewer.zmags.com/publication/3b1ec1a8?page=29"> a manner consistent with the methods claimed and </a> <a title="DFM32 - Online page 30" href="http://viewer.zmags.com/publication/3b1ec1a8?page=30"> / FROM THE LAB of previous </a> <a title="DFM32 - Online page 31" href="http://viewer.zmags.com/publication/3b1ec1a8?page=31"> Figure 3. Transcription of a covert drug deal rec</a> <a title="DFM32 - Online page 32" href="http://viewer.zmags.com/publication/3b1ec1a8?page=32"> / FROM THE LAB Like co</a> <a title="DFM32 - Online page 33" href="http://viewer.zmags.com/publication/3b1ec1a8?page=33"> comparison. Although there are two types: text de</a> <a title="DFM32 - Online page 34" href="http://viewer.zmags.com/publication/3b1ec1a8?page=34"> / FROM THE LAB Figu</a> <a title="DFM32 - Online page 35" href="http://viewer.zmags.com/publication/3b1ec1a8?page=35"> </a> <a title="DFM32 - Online page 36" href="http://viewer.zmags.com/publication/3b1ec1a8?page=36"> / FEATURE ENTERPRISE IMMUNE SYSTEM TECHNOLOGY</a> <a title="DFM32 - Online page 37" href="http://viewer.zmags.com/publication/3b1ec1a8?page=37"> TO KEEP UP WITH THE EVOLVING THREAT LANDS</a> <a title="DFM32 - Online page 38" href="http://viewer.zmags.com/publication/3b1ec1a8?page=38"> / FEATURE Thr</a> <a title="DFM32 - Online page 39" href="http://viewer.zmags.com/publication/3b1ec1a8?page=39"> One approach is based on iterative matrix me</a> <a title="DFM32 - Online page 40" href="http://viewer.zmags.com/publication/3b1ec1a8?page=40"> / FEATURE response to automatically contain t</a> <a title="DFM32 - Online page 41" href="http://viewer.zmags.com/publication/3b1ec1a8?page=41"> </a> <a title="DFM32 - Online page 42" href="http://viewer.zmags.com/publication/3b1ec1a8?page=42"> / ADVERTORIAL CYBER SECURITY, ACADEMIA AND INDUST</a> <a title="DFM32 - Online page 43" href="http://viewer.zmags.com/publication/3b1ec1a8?page=43"> 43</a> <a title="DFM32 - Online page 44" href="http://viewer.zmags.com/publication/3b1ec1a8?page=44"> / @CYBERSLEUTH YBERSLEUTH GAMES PEOPLE PLAY Dr J</a> <a title="DFM32 - Online page 45" href="http://viewer.zmags.com/publication/3b1ec1a8?page=45"> UNLESS A CASE IS REALLY SIMPLE AND THE TRIA</a> <a title="DFM32 - Online page 46" href="http://viewer.zmags.com/publication/3b1ec1a8?page=46"> / @CYBERSLEUTH Game point. The Defence </a> <a title="DFM32 - Online page 47" href="http://viewer.zmags.com/publication/3b1ec1a8?page=47"> </a> <a title="DFM32 - Online page 48" href="http://viewer.zmags.com/publication/3b1ec1a8?page=48"> / FEATURE PUBLIC CLOUD INSIDER THREAT DETECTIO</a> <a title="DFM32 - Online page 49" href="http://viewer.zmags.com/publication/3b1ec1a8?page=49"> Figure 1. Digital Forensic Analysis Cycle Model </a> <a title="DFM32 - Online page 50" href="http://viewer.zmags.com/publication/3b1ec1a8?page=50"> / FEATURE Process Monitor 3.3 and Wireshark 2</a> <a title="DFM32 - Online page 51" href="http://viewer.zmags.com/publication/3b1ec1a8?page=51"> Figure 2. Browser Analysis Figure 3</a> <a title="DFM32 - Online page 52" href="http://viewer.zmags.com/publication/3b1ec1a8?page=52"> / FEATURE Also found within the Cache a</a> <a title="DFM32 - Online page 53" href="http://viewer.zmags.com/publication/3b1ec1a8?page=53"> / Why Isn’t Memory Forensics Used? Physical memor</a> <a title="DFM32 - Online page 54" href="http://viewer.zmags.com/publication/3b1ec1a8?page=54"> / FEATURE It may also suggest the actions are</a> <a title="DFM32 - Online page 55" href="http://viewer.zmags.com/publication/3b1ec1a8?page=55"> </a> <a title="DFM32 - Online page 56" href="http://viewer.zmags.com/publication/3b1ec1a8?page=56"> / LEAD FEATURE NOT SO PRIVATE! The Forensic A</a> <a title="DFM32 - Online page 57" href="http://viewer.zmags.com/publication/3b1ec1a8?page=57"> In choosing the browsers to analyse, Microsof</a> <a title="DFM32 - Online page 58" href="http://viewer.zmags.com/publication/3b1ec1a8?page=58"> / LEAD FEATURE Figure 2. Res</a> <a title="DFM32 - Online page 59" href="http://viewer.zmags.com/publication/3b1ec1a8?page=59"> Figure 4. Results table pagefile capture amended </a> <a title="DFM32 - Online page 60" href="http://viewer.zmags.com/publication/3b1ec1a8?page=60"> / LEAD FEATURE The memory of a computer</a> <a title="DFM32 - Online page 61" href="http://viewer.zmags.com/publication/3b1ec1a8?page=61"> Figure 5. Total results table amended the file pr</a> <a title="DFM32 - Online page 62" href="http://viewer.zmags.com/publication/3b1ec1a8?page=62"> / LEAD FEATURE / configuration of a virtual </a> <a title="DFM32 - Online page 63" href="http://viewer.zmags.com/publication/3b1ec1a8?page=63"> </a> <a title="DFM32 - Online page 64" href="http://viewer.zmags.com/publication/3b1ec1a8?page=64"> / COMPETITION COMPETITION / This issue we have</a> <a title="DFM32 - Online page 65" href="http://viewer.zmags.com/publication/3b1ec1a8?page=65"> / COMING SOON COMING SOON… A round-up of featu</a> <a title="DFM32 - Online page 66" href="http://viewer.zmags.com/publication/3b1ec1a8?page=66"> / FEATURE IS SOMEONE LISTENING IN ON YOUR CONF</a> <a title="DFM32 - Online page 67" href="http://viewer.zmags.com/publication/3b1ec1a8?page=67"> YOU CAN'T AFFORD TO TRUST MOBILE NETWORKS </a> <a title="DFM32 - Online page 68" href="http://viewer.zmags.com/publication/3b1ec1a8?page=68"> / FEATURE </a> <a title="DFM32 - Online page 69" href="http://viewer.zmags.com/publication/3b1ec1a8?page=69"> As an ordinary mobile user, you would never </a> <a title="DFM32 - Online page 70" href="http://viewer.zmags.com/publication/3b1ec1a8?page=70"> / GET INVOLVED GET INVOLVED Calling all Book Revi</a> <a title="DFM32 - Online page 71" href="http://viewer.zmags.com/publication/3b1ec1a8?page=71"> </a> <a title="DFM32 - Online page 72" href="http://viewer.zmags.com/publication/3b1ec1a8?page=72"> / FEATURE STEGBLENDER Rick Leinecker explores</a> <a title="DFM32 - Online page 73" href="http://viewer.zmags.com/publication/3b1ec1a8?page=73"> / Acceptable Degradation It should be obvious tha</a> <a title="DFM32 - Online page 74" href="http://viewer.zmags.com/publication/3b1ec1a8?page=74"> / FEATURE The magic of the StegBlender a</a> <a title="DFM32 - Online page 75" href="http://viewer.zmags.com/publication/3b1ec1a8?page=75"> </a> <a title="DFM32 - Online page 76" href="http://viewer.zmags.com/publication/3b1ec1a8?page=76"> / 360 36 Letters, emails, tweets, connections and</a> <a title="DFM32 - Online page 77" href="http://viewer.zmags.com/publication/3b1ec1a8?page=77"> / TWITTER 10,000 Followers! This past month saw u</a> <a title="DFM32 - Online page 78" href="http://viewer.zmags.com/publication/3b1ec1a8?page=78"> 9 772042 061004 Issue 28 / £14.99 TR </a> <a title="DFM32 - Online page 79" href="http://viewer.zmags.com/publication/3b1ec1a8?page=79"> / book reviews BOOK REVIEWS AUTOMATING OPEN SOURC</a> <a title="DFM32 - Online page 80" href="http://viewer.zmags.com/publication/3b1ec1a8?page=80"> / book reviews T his book provi</a> <a title="DFM32 - Online page 81" href="http://viewer.zmags.com/publication/3b1ec1a8?page=81"> </a> <a title="DFM32 - Online page 82" href="http://viewer.zmags.com/publication/3b1ec1a8?page=82"> / IRQ IRQ What's real anyway? S om</a> <a title="DFM32 - Online page 83" href="http://viewer.zmags.com/publication/3b1ec1a8?page=83"> </a> <a title="DFM32 - Online page 84" href="http://viewer.zmags.com/publication/3b1ec1a8?page=84"> </a>