<br /> Digital<br /> The Quarterly Magazine for Digital Forensics Practitioners Issue 25 · November 2015<br /> WIN! an iPod Nano<br /> ForensicS<br /> / magazine<br /> GRAPH<br /> TECHNOLOGY<br /> & FRAUD<br /> Learn how graph databases<br /> can be used to detect fraud<br /> Latest News, 360<br /> Book Reviews, IRQ<br /> & much more inside!<br /> PLUS!<br /> Anti-Virus Evasion<br /> Modified Bloom Filters<br /> Digital Forensic Readiness<br /> Providing DDoS Protection<br /> 25<br /> 9 772042 061004<br /> Issue 25 / £14.99 TR Media<br /> <br /> EDITORIAL<br /> H<br /> ello everyone and<br /> welcome to issue 25 of<br /> the magazine. When I am<br /> not edit<a title="DFM25 - Online page 1" href="http://viewer.zmags.com/publication/545708a6?page=1"> Digital The Quarterly Magazine for Digital Fore</a> <a title="DFM25 - Online page 2" href="http://viewer.zmags.com/publication/545708a6?page=2"> </a> <a title="DFM25 - Online page 3" href="http://viewer.zmags.com/publication/545708a6?page=3"> EDITORIAL H </a> <a title="DFM25 - Online page 4" href="http://viewer.zmags.com/publication/545708a6?page=4"> </a> <a title="DFM25 - Online page 5" href="http://viewer.zmags.com/publication/545708a6?page=5"> 58 FEATURES 08 / Forecasting the Business Impact</a> <a title="DFM25 - Online page 6" href="http://viewer.zmags.com/publication/545708a6?page=6"> / NEWS NEWS NEWS / UK AND China Sign Cybersecu</a> <a title="DFM25 - Online page 7" href="http://viewer.zmags.com/publication/545708a6?page=7"> THE TRUST OF OUR CUSTOMERS MEANS EVERYTHIN</a> <a title="DFM25 - Online page 8" href="http://viewer.zmags.com/publication/545708a6?page=8"> / FEATURE FORECASTING THE BUSINESS IMPACT OF S</a> <a title="DFM25 - Online page 9" href="http://viewer.zmags.com/publication/545708a6?page=9"> business value of IT control frameworks is a comp</a> <a title="DFM25 - Online page 10" href="http://viewer.zmags.com/publication/545708a6?page=10"> / FEATURE / Expert Tip A control fra</a> <a title="DFM25 - Online page 11" href="http://viewer.zmags.com/publication/545708a6?page=11"> Table 1. Control Configuration Cost & Associated R</a> <a title="DFM25 - Online page 12" href="http://viewer.zmags.com/publication/545708a6?page=12"> / FEATURE </a> <a title="DFM25 - Online page 13" href="http://viewer.zmags.com/publication/545708a6?page=13"> </a> <a title="DFM25 - Online page 14" href="http://viewer.zmags.com/publication/545708a6?page=14"> / FEATURE DIGITAL FORENSIC READINESS REVISITED</a> <a title="DFM25 - Online page 15" href="http://viewer.zmags.com/publication/545708a6?page=15"> policies. It aims to ensure uniformity across the</a> <a title="DFM25 - Online page 16" href="http://viewer.zmags.com/publication/545708a6?page=16"> / FEATURE The following are examples of DF po</a> <a title="DFM25 - Online page 17" href="http://viewer.zmags.com/publication/545708a6?page=17"> / WARNING From an initial study, as part of my Ma</a> <a title="DFM25 - Online page 18" href="http://viewer.zmags.com/publication/545708a6?page=18"> </a> <a title="DFM25 - Online page 19" href="http://viewer.zmags.com/publication/545708a6?page=19"> / LEGAL EDITORIAL LEGAL EDITORIAL Endeavour to di</a> <a title="DFM25 - Online page 20" href="http://viewer.zmags.com/publication/545708a6?page=20"> / LEGAL FEATURE BITCOINS – LEGITIMATE FINANCIA</a> <a title="DFM25 - Online page 21" href="http://viewer.zmags.com/publication/545708a6?page=21"> or Automated Teller Machines (ATMs) through which</a> <a title="DFM25 - Online page 22" href="http://viewer.zmags.com/publication/545708a6?page=22"> / LEGAL FEATURE E-money – money or a mone</a> <a title="DFM25 - Online page 23" href="http://viewer.zmags.com/publication/545708a6?page=23"> That can happen here as well, and through no faul</a> <a title="DFM25 - Online page 24" href="http://viewer.zmags.com/publication/545708a6?page=24"> / LEGAL EDITORIAL LEGAL NEWS A round-up of the la</a> <a title="DFM25 - Online page 25" href="http://viewer.zmags.com/publication/545708a6?page=25"> </a> <a title="DFM25 - Online page 26" href="http://viewer.zmags.com/publication/545708a6?page=26"> / FEATURE A DECEPTION TOOL TO IMPROVE SE</a> <a title="DFM25 - Online page 27" href="http://viewer.zmags.com/publication/545708a6?page=27"> Figure 1. Nmap Port Scan for a Honeyd Instance </a> <a title="DFM25 - Online page 28" href="http://viewer.zmags.com/publication/545708a6?page=28"> / FEATURE </a> <a title="DFM25 - Online page 29" href="http://viewer.zmags.com/publication/545708a6?page=29"> Figure 6. HoneyBOT Keystroke Capture </a> <a title="DFM25 - Online page 30" href="http://viewer.zmags.com/publication/545708a6?page=30"> / FEATURE Figure 9. Apac</a> <a title="DFM25 - Online page 31" href="http://viewer.zmags.com/publication/545708a6?page=31"> Figure 11. Shell takeover Figure 1</a> <a title="DFM25 - Online page 32" href="http://viewer.zmags.com/publication/545708a6?page=32"> </a> <a title="DFM25 - Online page 33" href="http://viewer.zmags.com/publication/545708a6?page=33"> </a> <a title="DFM25 - Online page 34" href="http://viewer.zmags.com/publication/545708a6?page=34"> / FEATURE MODIFIED BLOOM FILTER CASE STUDIES R</a> <a title="DFM25 - Online page 35" href="http://viewer.zmags.com/publication/545708a6?page=35"> / Top Fact: Best High Performance Linux File </a> <a title="DFM25 - Online page 36" href="http://viewer.zmags.com/publication/545708a6?page=36"> / FEATURE / Piecewise Hashing Bloom filters are </a> <a title="DFM25 - Online page 37" href="http://viewer.zmags.com/publication/545708a6?page=37"> / Data Recovery & Carving There is a multitude of</a> <a title="DFM25 - Online page 38" href="http://viewer.zmags.com/publication/545708a6?page=38"> / FEATURE / Disk Sector Size Sometimes it is no</a> <a title="DFM25 - Online page 39" href="http://viewer.zmags.com/publication/545708a6?page=39"> / BIOGRAPHIES R. Carbone has been working for Def</a> <a title="DFM25 - Online page 40" href="http://viewer.zmags.com/publication/545708a6?page=40"> / ADVERTORIAL CYBER SECURITY, ACADEMIA AND INDUST</a> <a title="DFM25 - Online page 41" href="http://viewer.zmags.com/publication/545708a6?page=41"> 41</a> <a title="DFM25 - Online page 42" href="http://viewer.zmags.com/publication/545708a6?page=42"> / FEATURE PROVIDING DDOS PROTECTION Proper vis</a> <a title="DFM25 - Online page 43" href="http://viewer.zmags.com/publication/545708a6?page=43"> / Top Myths About DDoS Attacks Myth: Enterprises </a> <a title="DFM25 - Online page 44" href="http://viewer.zmags.com/publication/545708a6?page=44"> / FEATURE / TOP FACT Many equate D</a> <a title="DFM25 - Online page 45" href="http://viewer.zmags.com/publication/545708a6?page=45"> / Duration and Scale With significant DDoS attacks</a> <a title="DFM25 - Online page 46" href="http://viewer.zmags.com/publication/545708a6?page=46"> </a> <a title="DFM25 - Online page 47" href="http://viewer.zmags.com/publication/545708a6?page=47"> / COMING SOON COMING SOON… A round-up of featu</a> <a title="DFM25 - Online page 48" href="http://viewer.zmags.com/publication/545708a6?page=48"> / COMPETITION COMPETITION / This issue we have</a> <a title="DFM25 - Online page 49" href="http://viewer.zmags.com/publication/545708a6?page=49"> </a> <a title="DFM25 - Online page 50" href="http://viewer.zmags.com/publication/545708a6?page=50"> / 360 36 Letters, emails, tweets, connections and</a> <a title="DFM25 - Online page 51" href="http://viewer.zmags.com/publication/545708a6?page=51"> / TWITTER Our Twitter followers continue to grow </a> <a title="DFM25 - Online page 52" href="http://viewer.zmags.com/publication/545708a6?page=52"> / FEATURE DIGITAL FORENSICS AND SFIA Matthew B</a> <a title="DFM25 - Online page 53" href="http://viewer.zmags.com/publication/545708a6?page=53"> The collaborative development style involves </a> <a title="DFM25 - Online page 54" href="http://viewer.zmags.com/publication/545708a6?page=54"> / FEATURE SFIA WORKS WELL WITH THE VARIO</a> <a title="DFM25 - Online page 55" href="http://viewer.zmags.com/publication/545708a6?page=55"> / How SFIA helps in Cyber Security and Info</a> <a title="DFM25 - Online page 56" href="http://viewer.zmags.com/publication/545708a6?page=56"> </a> <a title="DFM25 - Online page 57" href="http://viewer.zmags.com/publication/545708a6?page=57"> </a> <a title="DFM25 - Online page 58" href="http://viewer.zmags.com/publication/545708a6?page=58"> / LEAD FEATURE GRAPH TECHNOLOGY & FRAUD Stop b</a> <a title="DFM25 - Online page 59" href="http://viewer.zmags.com/publication/545708a6?page=59"> Figure 1. Risk-Impact Analysis / All Too-Familia</a> <a title="DFM25 - Online page 60" href="http://viewer.zmags.com/publication/545708a6?page=60"> / LEAD FEATURE / Could Entity Link Analysis Hel</a> <a title="DFM25 - Online page 61" href="http://viewer.zmags.com/publication/545708a6?page=61"> Standard instruments, such as a deviation fr</a> <a title="DFM25 - Online page 62" href="http://viewer.zmags.com/publication/545708a6?page=62"> </a> <a title="DFM25 - Online page 63" href="http://viewer.zmags.com/publication/545708a6?page=63"> / GET INVOLVED GET INVOLVED Calling all Book Revi</a> <a title="DFM25 - Online page 64" href="http://viewer.zmags.com/publication/545708a6?page=64"> / FROM THE LAB AN INTRODUCTION TO ANTI-VIRUS E</a> <a title="DFM25 - Online page 65" href="http://viewer.zmags.com/publication/545708a6?page=65"> / Starting a Multi-Handler All the payloads creat</a> <a title="DFM25 - Online page 66" href="http://viewer.zmags.com/publication/545708a6?page=66"> / FROM THE LAB use throughout this tutorial, </a> <a title="DFM25 - Online page 67" href="http://viewer.zmags.com/publication/545708a6?page=67"> add enough code to fool the signature- matching f</a> <a title="DFM25 - Online page 68" href="http://viewer.zmags.com/publication/545708a6?page=68"> / FROM THE LAB There are however, a numbe</a> <a title="DFM25 - Online page 69" href="http://viewer.zmags.com/publication/545708a6?page=69"> </a> <a title="DFM25 - Online page 70" href="http://viewer.zmags.com/publication/545708a6?page=70"> / FEATURE UNDERSTANDING HEURISTIC-BASED SCANNI</a> <a title="DFM25 - Online page 71" href="http://viewer.zmags.com/publication/545708a6?page=71"> Top searched threats on Metascan Online's statist</a> <a title="DFM25 - Online page 72" href="http://viewer.zmags.com/publication/545708a6?page=72"> Digital ForensicS / magazine Digital The Qua</a> <a title="DFM25 - Online page 73" href="http://viewer.zmags.com/publication/545708a6?page=73"> </a> <a title="DFM25 - Online page 74" href="http://viewer.zmags.com/publication/545708a6?page=74"> </a> <a title="DFM25 - Online page 75" href="http://viewer.zmags.com/publication/545708a6?page=75"> / book reviews BOOK REVIEWS THE MOBILE APPLICATIO</a> <a title="DFM25 - Online page 76" href="http://viewer.zmags.com/publication/545708a6?page=76"> / book reviews </a> <a title="DFM25 - Online page 77" href="http://viewer.zmags.com/publication/545708a6?page=77"> </a> <a title="DFM25 - Online page 78" href="http://viewer.zmags.com/publication/545708a6?page=78"> / IRQ IRQ There's no evidence. I 've no</a> <a title="DFM25 - Online page 79" href="http://viewer.zmags.com/publication/545708a6?page=79"> </a> <a title="DFM25 - Online page 80" href="http://viewer.zmags.com/publication/545708a6?page=80"> </a>