<br /> Digital<br /> The Quarterly Magazine for Digital Forensics Practitioners<br /> ForensicS<br /> / magazine<br /> INSIDE<br /> INSIDE<br /> / Set up your own<br /> Set up your own<br /> Digital Forensic Lab<br /> Digital Forensic Lab<br /> / Proactive Digital<br /> Forensics<br /> Forensics<br /> / Cyber Chat,<br /> Deciphered!<br /> Deciphered!<br /> / Dissecting Malicious<br /> Software<br /> READING BETWEEN THE LINES<br /> SPAM BEWARE!<br /> Dr Tim Watson shows us how to perform<br /> forensic analysis on email headers<br /> 02<br /> 061103<br /> 9 772042 061103<br /> Issue 3 / £11.99 TR Media<br /> Competition!<br /> Win 3 brand new<br /> books from Syngress<br /> ISSUE 03<br /> 1 MAY 2010<br /> / REGULARS / PRODUCT REVIEW / Book Reviews / WRITERS<br /> LEGAL NEWS, 360, OUR VERDICT ON KATANA Forensic LINGUISTICS BUDDI<a title="DF3_Complete.pdf page 1" href="http://viewer.zmags.com/publication/72f19aac?page=1"> Digital The Quarterly Magazine for Digital Fore</a> <a title="DF3_Complete.pdf page 2" href="http://viewer.zmags.com/publication/72f19aac?page=2"> FORENSICS TRAINING http://computer-forensics.san</a> <a title="DF3_Complete.pdf page 3" href="http://viewer.zmags.com/publication/72f19aac?page=3">EDITORIAL W </a> <a title="DF3_Complete.pdf page 4" href="http://viewer.zmags.com/publication/72f19aac?page=4"> Reviewing the latest sports highlights </a> <a title="DF3_Complete.pdf page 5" href="http://viewer.zmags.com/publication/72f19aac?page=5"> / CONTENTS CONTENTS / DIGITAL FORENSICS MAGAZ</a> <a title="DF3_Complete.pdf page 6" href="http://viewer.zmags.com/publication/72f19aac?page=6"> / NEWS NEWS Academics & Practitioners Discuss </a> <a title="DF3_Complete.pdf page 7" href="http://viewer.zmags.com/publication/72f19aac?page=7"> Fortunately the strategy takes a broad view </a> <a title="DF3_Complete.pdf page 8" href="http://viewer.zmags.com/publication/72f19aac?page=8"> Cell site analysis Computer forensics Audio v</a> <a title="DF3_Complete.pdf page 9" href="http://viewer.zmags.com/publication/72f19aac?page=9"> 360° OYour chance to have your say … </a> <a title="DF3_Complete.pdf page 10" href="http://viewer.zmags.com/publication/72f19aac?page=10"> / LETTERS country (Deloitte Forensic) and pri</a> <a title="DF3_Complete.pdf page 11" href="http://viewer.zmags.com/publication/72f19aac?page=11"> </a> <a title="DF3_Complete.pdf page 12" href="http://viewer.zmags.com/publication/72f19aac?page=12"> / LEAD FEATURE YOU HAVE MAIL EMAIL DECEPTION A</a> <a title="DF3_Complete.pdf page 13" href="http://viewer.zmags.com/publication/72f19aac?page=13"> trail of clues left by those who seek to abuse th</a> <a title="DF3_Complete.pdf page 14" href="http://viewer.zmags.com/publication/72f19aac?page=14"> / LEAD FEATURE / Listing 1 From: “Digital Foren</a> <a title="DF3_Complete.pdf page 15" href="http://viewer.zmags.com/publication/72f19aac?page=15"> Figure 3 every time they view the email (unless,</a> <a title="DF3_Complete.pdf page 16" href="http://viewer.zmags.com/publication/72f19aac?page=16"> / LEAD FEATURE that it was perfectly comforta</a> <a title="DF3_Complete.pdf page 17" href="http://viewer.zmags.com/publication/72f19aac?page=17"> deceive us are normally not that clever. Here are</a> <a title="DF3_Complete.pdf page 18" href="http://viewer.zmags.com/publication/72f19aac?page=18"> </a> <a title="DF3_Complete.pdf page 19" href="http://viewer.zmags.com/publication/72f19aac?page=19"> / FEATURE PROACTIVE COMPUTER FORENSICS THE SEC</a> <a title="DF3_Complete.pdf page 20" href="http://viewer.zmags.com/publication/72f19aac?page=20">/ FEATURE Items (ii) and (iii) are v</a> <a title="DF3_Complete.pdf page 21" href="http://viewer.zmags.com/publication/72f19aac?page=21"> / Computer Misuse Act (1990) Where the US has the</a> <a title="DF3_Complete.pdf page 22" href="http://viewer.zmags.com/publication/72f19aac?page=22"> / FEATURE (3) It is immaterial for the purpos</a> <a title="DF3_Complete.pdf page 23" href="http://viewer.zmags.com/publication/72f19aac?page=23"> MD5 are recognised as one of the leading digital </a> <a title="DF3_Complete.pdf page 24" href="http://viewer.zmags.com/publication/72f19aac?page=24"> / FEATURE THE FACEBOOK MURDER: A LINGUISTIC MA</a> <a title="DF3_Complete.pdf page 25" href="http://viewer.zmags.com/publication/72f19aac?page=25"> Once in Chapman’s vehicle, Ashleigh then beg</a> <a title="DF3_Complete.pdf page 26" href="http://viewer.zmags.com/publication/72f19aac?page=26"> / FEATURE Q text measurements </a> <a title="DF3_Complete.pdf page 27" href="http://viewer.zmags.com/publication/72f19aac?page=27"> features, and Chapman is working under real press</a> <a title="DF3_Complete.pdf page 28" href="http://viewer.zmags.com/publication/72f19aac?page=28"> / FEATURE Chapman was a plau</a> <a title="DF3_Complete.pdf page 29" href="http://viewer.zmags.com/publication/72f19aac?page=29"> / FUTURE ISSUES COMING SOON… Some of the gr</a> <a title="DF3_Complete.pdf page 30" href="http://viewer.zmags.com/publication/72f19aac?page=30"> / FEATURE A DIGITAL FORENSICS LAB BY ANY OTHER</a> <a title="DF3_Complete.pdf page 31" href="http://viewer.zmags.com/publication/72f19aac?page=31"> working criminal defense cases). Law enforcement </a> <a title="DF3_Complete.pdf page 32" href="http://viewer.zmags.com/publication/72f19aac?page=32"> / FEATURE Additionally, large data sets c</a> <a title="DF3_Complete.pdf page 33" href="http://viewer.zmags.com/publication/72f19aac?page=33"> A centralized laboratory is important for di</a> <a title="DF3_Complete.pdf page 34" href="http://viewer.zmags.com/publication/72f19aac?page=34"> / FEATURE budget is cut or the firm is absorb</a> <a title="DF3_Complete.pdf page 35" href="http://viewer.zmags.com/publication/72f19aac?page=35"> Forensic Computing 12-month st</a> <a title="DF3_Complete.pdf page 36" href="http://viewer.zmags.com/publication/72f19aac?page=36"> / COMPETITION COMPETITION / 3 SYNGRESS BOOKS t</a> <a title="DF3_Complete.pdf page 37" href="http://viewer.zmags.com/publication/72f19aac?page=37"> / LEGAL EDITORIAL LEGAL EDITORIAL Welcome aga</a> <a title="DF3_Complete.pdf page 38" href="http://viewer.zmags.com/publication/72f19aac?page=38"> / LEGAL FEATURE THE FOURTH AMENDMENT CYBERSEAR</a> <a title="DF3_Complete.pdf page 39" href="http://viewer.zmags.com/publication/72f19aac?page=39"> Assuming that there is to be a governmental </a> <a title="DF3_Complete.pdf page 40" href="http://viewer.zmags.com/publication/72f19aac?page=40"> / LEGAL FEATURE could simply show the target’</a> <a title="DF3_Complete.pdf page 41" href="http://viewer.zmags.com/publication/72f19aac?page=41"> in that case, what exactly has been “lawfully sei</a> <a title="DF3_Complete.pdf page 42" href="http://viewer.zmags.com/publication/72f19aac?page=42"> / LEGAL NEWS ALERT LEGAL NEWS ALERT Take C</a> <a title="DF3_Complete.pdf page 43" href="http://viewer.zmags.com/publication/72f19aac?page=43"> Inspection of Electronically Stored Information (</a> <a title="DF3_Complete.pdf page 44" href="http://viewer.zmags.com/publication/72f19aac?page=44"> Shape your future Forensic Computing MSc Fo</a> <a title="DF3_Complete.pdf page 45" href="http://viewer.zmags.com/publication/72f19aac?page=45"> / FEATURE PLAYING WITH FIRE: DISSECTING MALICI</a> <a title="DF3_Complete.pdf page 46" href="http://viewer.zmags.com/publication/72f19aac?page=46"> / FEATURE keyloggers, screen loggers, email r</a> <a title="DF3_Complete.pdf page 47" href="http://viewer.zmags.com/publication/72f19aac?page=47"> from BinText we see the text ‘.aspack’, see Fig 1</a> <a title="DF3_Complete.pdf page 48" href="http://viewer.zmags.com/publication/72f19aac?page=48"> / FEATURE Figure 5 allow</a> <a title="DF3_Complete.pdf page 49" href="http://viewer.zmags.com/publication/72f19aac?page=49"> In this virtual realm, we install the monito</a> <a title="DF3_Complete.pdf page 50" href="http://viewer.zmags.com/publication/72f19aac?page=50"> / FEATURE A common side effect of using</a> <a title="DF3_Complete.pdf page 51" href="http://viewer.zmags.com/publication/72f19aac?page=51"> 22. OllyDbg v1.10 [Internet] [cited 2009 11/22/20</a> <a title="DF3_Complete.pdf page 52" href="http://viewer.zmags.com/publication/72f19aac?page=52"> / FEATURE MODELLING FOR OPERATIONAL FORENSICS </a> <a title="DF3_Complete.pdf page 53" href="http://viewer.zmags.com/publication/72f19aac?page=53"> Figure 4. Influence Diagram of Trust Trap from ME</a> <a title="DF3_Complete.pdf page 54" href="http://viewer.zmags.com/publication/72f19aac?page=54"> / FEATURE Although the example is a ver</a> <a title="DF3_Complete.pdf page 55" href="http://viewer.zmags.com/publication/72f19aac?page=55"> Figure 8. Multiple Models looking at [Stephenson</a> <a title="DF3_Complete.pdf page 56" href="http://viewer.zmags.com/publication/72f19aac?page=56"> Maximise Prioritise Visualise Call IntaForen</a> <a title="DF3_Complete.pdf page 57" href="http://viewer.zmags.com/publication/72f19aac?page=57"> / FEATURE IT’S NOT ABOUT PREVENTION THE NEED F</a> <a title="DF3_Complete.pdf page 58" href="http://viewer.zmags.com/publication/72f19aac?page=58"> / FEATURE attacks. It seems illogical that in</a> <a title="DF3_Complete.pdf page 59" href="http://viewer.zmags.com/publication/72f19aac?page=59"> application firewalls, unified threat management,</a> <a title="DF3_Complete.pdf page 60" href="http://viewer.zmags.com/publication/72f19aac?page=60"> / PRODUCT REVIEW PRODUCT REVIEW Product Purpos</a> <a title="DF3_Complete.pdf page 61" href="http://viewer.zmags.com/publication/72f19aac?page=61"> applications that install on OS X, the installati</a> <a title="DF3_Complete.pdf page 62" href="http://viewer.zmags.com/publication/72f19aac?page=62"> / PRODUCT REVIEW Figure 3 </a> <a title="DF3_Complete.pdf page 63" href="http://viewer.zmags.com/publication/72f19aac?page=63"> UNIVERSITY VACANCIES Digital Forensic Vacancies a</a> <a title="DF3_Complete.pdf page 64" href="http://viewer.zmags.com/publication/72f19aac?page=64"> Digital ForensicS / magazine Digital Forensics m</a> <a title="DF3_Complete.pdf page 65" href="http://viewer.zmags.com/publication/72f19aac?page=65"> MEET THE DF PROFESSIONALS Thomas J. Slovenski – C</a> <a title="DF3_Complete.pdf page 66" href="http://viewer.zmags.com/publication/72f19aac?page=66"> BLADE F O R E N S I C D AT A R E C O V E R Y </a> <a title="DF3_Complete.pdf page 67" href="http://viewer.zmags.com/publication/72f19aac?page=67"> / FEATURE TIME FOR FORENSICS THE IMPLICATIONS </a> <a title="DF3_Complete.pdf page 68" href="http://viewer.zmags.com/publication/72f19aac?page=68"> / FEATURE Figur</a> <a title="DF3_Complete.pdf page 69" href="http://viewer.zmags.com/publication/72f19aac?page=69"> then went on to become GMT). This eventually occu</a> <a title="DF3_Complete.pdf page 70" href="http://viewer.zmags.com/publication/72f19aac?page=70"> / FEATURE / More info SANS Internet storm Centr</a> <a title="DF3_Complete.pdf page 71" href="http://viewer.zmags.com/publication/72f19aac?page=71"> Time Stamp </a> <a title="DF3_Complete.pdf page 72" href="http://viewer.zmags.com/publication/72f19aac?page=72"> Mobile Development from Apress The la</a> <a title="DF3_Complete.pdf page 73" href="http://viewer.zmags.com/publication/72f19aac?page=73"> / FEATURE DIGITAL STEGANOGRAPHY AN INTRODUCTIO</a> <a title="DF3_Complete.pdf page 74" href="http://viewer.zmags.com/publication/72f19aac?page=74"> / FEATURE </a> <a title="DF3_Complete.pdf page 75" href="http://viewer.zmags.com/publication/72f19aac?page=75"> Figure 2. Advanced Steganography Model illustrat</a> <a title="DF3_Complete.pdf page 76" href="http://viewer.zmags.com/publication/72f19aac?page=76"> / FEATURE For example, who would suspect that</a> <a title="DF3_Complete.pdf page 77" href="http://viewer.zmags.com/publication/72f19aac?page=77"> </a> <a title="DF3_Complete.pdf page 78" href="http://viewer.zmags.com/publication/72f19aac?page=78"> / BOOK REVIEWS BOOK REVIEWS E-discovery: Cr</a> <a title="DF3_Complete.pdf page 79" href="http://viewer.zmags.com/publication/72f19aac?page=79"> the anthrax scare that haunted US citizens just a</a> <a title="DF3_Complete.pdf page 80" href="http://viewer.zmags.com/publication/72f19aac?page=80"> Digital ForensicS / magazine PLACE YOU</a> <a title="DF3_Complete.pdf page 81" href="http://viewer.zmags.com/publication/72f19aac?page=81"> CALLING ALL RESEARCHERS & PRACTITIONERS If you ar</a> <a title="DF3_Complete.pdf page 82" href="http://viewer.zmags.com/publication/72f19aac?page=82"> / COLUMN IRQ Angus Marshall interrupts your train</a> <a title="DF3_Complete.pdf page 83" href="http://viewer.zmags.com/publication/72f19aac?page=83"> Now Available! Cutting Edge Content in Digital S</a> <a title="DF3_Complete.pdf page 84" href="http://viewer.zmags.com/publication/72f19aac?page=84"> Order Today! May April 2010 2010 Digita</a>