<br /> Digital<br /> The Quarterly Magazine for Digital Forensics Practitioners Issue 20 · August 2014<br /> WIN! an iPod Nano<br /> ForensicS<br /> / magazine<br /> DR PLETS<br /> & PUDDLES<br /> Michelle Govan explains how data is exchanged<br /> between devices using the Hydrological Cycle<br /> Latest News, 360<br /> Book Reviews, IRQ<br /> & much more inside!<br /> PLUS!<br /> CSA for CIS<br /> Convergence<br /> Audio Steganography<br /> Recovering Passwords<br /> 20<br /> 9 772042 061004<br /> Issue 20 / £14.99 TR Media<br /> <br /> EDITORIAL<br /> H<br /> as it really been 5 years since we published<br /> the 1st issue of the magazine? It seems like<br /> only yesterday that Tony, Al and I talked abou<a title="DFM20 - Online page 1" href="http://viewer.zmags.com/publication/7d8f3263?page=1"> Digital The Quarterly Magazine for Digital Fore</a> <a title="DFM20 - Online page 2" href="http://viewer.zmags.com/publication/7d8f3263?page=2"> </a> <a title="DFM20 - Online page 3" href="http://viewer.zmags.com/publication/7d8f3263?page=3"> EDITORIAL H </a> <a title="DFM20 - Online page 4" href="http://viewer.zmags.com/publication/7d8f3263?page=4"> </a> <a title="DFM20 - Online page 5" href="http://viewer.zmags.com/publication/7d8f3263?page=5"> / CONTENTS 53 FEATUR E S 08 / Recoverin</a> <a title="DFM20 - Online page 6" href="http://viewer.zmags.com/publication/7d8f3263?page=6"> / NEWS NEWS NEWS / Google creates new Cybercri</a> <a title="DFM20 - Online page 7" href="http://viewer.zmags.com/publication/7d8f3263?page=7"> / NEWS ROUND-UP PIRATE BAY TRAFFIC DOUBLES IN THE</a> <a title="DFM20 - Online page 8" href="http://viewer.zmags.com/publication/7d8f3263?page=8"> / FEATURE RECOVERING USER PASSWORDS FROM MEMOR</a> <a title="DFM20 - Online page 9" href="http://viewer.zmags.com/publication/7d8f3263?page=9"> applicable on live systems while the OS is runnin</a> <a title="DFM20 - Online page 10" href="http://viewer.zmags.com/publication/7d8f3263?page=10"> / FEATURE Fi</a> <a title="DFM20 - Online page 11" href="http://viewer.zmags.com/publication/7d8f3263?page=11"> / Mimikatz to Pull The Password of a Logged-In</a> <a title="DFM20 - Online page 12" href="http://viewer.zmags.com/publication/7d8f3263?page=12"> / FEATURE Thus, with some understanding o</a> <a title="DFM20 - Online page 13" href="http://viewer.zmags.com/publication/7d8f3263?page=13"> </a> <a title="DFM20 - Online page 14" href="http://viewer.zmags.com/publication/7d8f3263?page=14"> / FEATURE INVESTIGATING STEGANOGRAPHY IN AUDIO</a> <a title="DFM20 - Online page 15" href="http://viewer.zmags.com/publication/7d8f3263?page=15"> audio document (Stego audio) from a pure audio do</a> <a title="DFM20 - Online page 16" href="http://viewer.zmags.com/publication/7d8f3263?page=16"> / FEATURE / Tool Testing Three different stegano</a> <a title="DFM20 - Online page 17" href="http://viewer.zmags.com/publication/7d8f3263?page=17"> Figure 1. Follow TCP Stream result for capture of</a> <a title="DFM20 - Online page 18" href="http://viewer.zmags.com/publication/7d8f3263?page=18"> / FEATURE / Audio Stream Insertions Substitutio</a> <a title="DFM20 - Online page 19" href="http://viewer.zmags.com/publication/7d8f3263?page=19"> / LEGAL EDITORIAL LEGAL EDITORIAL 2014 – The Year</a> <a title="DFM20 - Online page 20" href="http://viewer.zmags.com/publication/7d8f3263?page=20"> / LEGAL FEATURE SEARCH AND SEIZURE US Supreme </a> <a title="DFM20 - Online page 21" href="http://viewer.zmags.com/publication/7d8f3263?page=21"> We have two cases handy that led to the decision </a> <a title="DFM20 - Online page 22" href="http://viewer.zmags.com/publication/7d8f3263?page=22"> / LEGAL FEATURE THE PRIMARY CONCER</a> <a title="DFM20 - Online page 23" href="http://viewer.zmags.com/publication/7d8f3263?page=23"> so forth. What this means is that there isn't rea</a> <a title="DFM20 - Online page 24" href="http://viewer.zmags.com/publication/7d8f3263?page=24"> / LEGAL EDITORIAL LEGAL NEWS A round-up of the la</a> <a title="DFM20 - Online page 25" href="http://viewer.zmags.com/publication/7d8f3263?page=25"> </a> <a title="DFM20 - Online page 26" href="http://viewer.zmags.com/publication/7d8f3263?page=26"> / FROM THE LAB MAC MEMORY FORENSICS WeChat Ana</a> <a title="DFM20 - Online page 27" href="http://viewer.zmags.com/publication/7d8f3263?page=27"> Usage (Command): Super user privilege is required</a> <a title="DFM20 - Online page 28" href="http://viewer.zmags.com/publication/7d8f3263?page=28"> / FROM THE LAB Figu</a> <a title="DFM20 - Online page 29" href="http://viewer.zmags.com/publication/7d8f3263?page=29"> Figure 10. The User's Information / NEW FRAMEWO</a> <a title="DFM20 - Online page 30" href="http://viewer.zmags.com/publication/7d8f3263?page=30"> / FROM THE LAB Figure 14. Chat messag</a> <a title="DFM20 - Online page 31" href="http://viewer.zmags.com/publication/7d8f3263?page=31"> </a> <a title="DFM20 - Online page 32" href="http://viewer.zmags.com/publication/7d8f3263?page=32"> / LEAD FEATURE FORENSIC DROPLETS & PUDDLES Mic</a> <a title="DFM20 - Online page 33" href="http://viewer.zmags.com/publication/7d8f3263?page=33"> A CONFLICT OF INTERESTS EXISTS BETWEEN THE </a> <a title="DFM20 - Online page 34" href="http://viewer.zmags.com/publication/7d8f3263?page=34"> ace, and or appare / Foren Evapo sic Im rated por</a> <a title="DFM20 - Online page 35" href="http://viewer.zmags.com/publication/7d8f3263?page=35"> If the structure, interactions and relationsh</a> <a title="DFM20 - Online page 36" href="http://viewer.zmags.com/publication/7d8f3263?page=36"> / LEAD FEATURE / Purification & Filtration: </a> <a title="DFM20 - Online page 37" href="http://viewer.zmags.com/publication/7d8f3263?page=37"> </a> <a title="DFM20 - Online page 38" href="http://viewer.zmags.com/publication/7d8f3263?page=38"> / FEATURE THE CONVERGENCE OF IT SECURITY AND P</a> <a title="DFM20 - Online page 39" href="http://viewer.zmags.com/publication/7d8f3263?page=39"> Employees want the convenience of being able</a> <a title="DFM20 - Online page 40" href="http://viewer.zmags.com/publication/7d8f3263?page=40"> / FEATURE / keeping up TO DATE A recent study r</a> <a title="DFM20 - Online page 41" href="http://viewer.zmags.com/publication/7d8f3263?page=41"> / seamless experience Unfortunately, continued re</a> <a title="DFM20 - Online page 42" href="http://viewer.zmags.com/publication/7d8f3263?page=42"> / ADVERTORIAL CYBER SECURITY, ACADEMIA AND INDUST</a> <a title="DFM20 - Online page 43" href="http://viewer.zmags.com/publication/7d8f3263?page=43"> 43</a> <a title="DFM20 - Online page 44" href="http://viewer.zmags.com/publication/7d8f3263?page=44"> / FEATURE PROTECTING DATA ACROSS SYSTEMS Maor </a> <a title="DFM20 - Online page 45" href="http://viewer.zmags.com/publication/7d8f3263?page=45"> / Background As organizational IT infrastructures</a> <a title="DFM20 - Online page 46" href="http://viewer.zmags.com/publication/7d8f3263?page=46"> / FEATURE Action Items for Microsoft Exchange No</a> <a title="DFM20 - Online page 47" href="http://viewer.zmags.com/publication/7d8f3263?page=47"> </a> <a title="DFM20 - Online page 48" href="http://viewer.zmags.com/publication/7d8f3263?page=48"> / INTERVIEW MEET THE PROFESSIONALS / Michelle</a> <a title="DFM20 - Online page 49" href="http://viewer.zmags.com/publication/7d8f3263?page=49"> she went onto complete her doctoral thesis on con</a> <a title="DFM20 - Online page 50" href="http://viewer.zmags.com/publication/7d8f3263?page=50"> / INTERVIEW </a> <a title="DFM20 - Online page 51" href="http://viewer.zmags.com/publication/7d8f3263?page=51"> / GET INVOLVED GET INVOLVED Calling all Book Revi</a> <a title="DFM20 - Online page 52" href="http://viewer.zmags.com/publication/7d8f3263?page=52"> Digital ForensicS / magazine II The Quarterly </a> <a title="DFM20 - Online page 53" href="http://viewer.zmags.com/publication/7d8f3263?page=53"> / FEATURE PROGRAMMING THE WETWARE, PART 2 The </a> <a title="DFM20 - Online page 54" href="http://viewer.zmags.com/publication/7d8f3263?page=54"> / FEATURE / Game Space Consider the data concer</a> <a title="DFM20 - Online page 55" href="http://viewer.zmags.com/publication/7d8f3263?page=55"> OUR FUNDAMENTAL TACTIC OF </a> <a title="DFM20 - Online page 56" href="http://viewer.zmags.com/publication/7d8f3263?page=56"> / FEATURE Whatever else games may be, they ar</a> <a title="DFM20 - Online page 57" href="http://viewer.zmags.com/publication/7d8f3263?page=57"> in this new environment; doing what we have alway</a> <a title="DFM20 - Online page 58" href="http://viewer.zmags.com/publication/7d8f3263?page=58"> </a> <a title="DFM20 - Online page 59" href="http://viewer.zmags.com/publication/7d8f3263?page=59"> / FEATURE CYBER SECURITY ATTRIBUTES FOR CRITIC</a> <a title="DFM20 - Online page 60" href="http://viewer.zmags.com/publication/7d8f3263?page=60"> / FEATURE / The Parkerian Hexad T</a> <a title="DFM20 - Online page 61" href="http://viewer.zmags.com/publication/7d8f3263?page=61"> devices that often operate independently within t</a> <a title="DFM20 - Online page 62" href="http://viewer.zmags.com/publication/7d8f3263?page=62"> / FEATURE / attack on a cyber-physical system</a> <a title="DFM20 - Online page 63" href="http://viewer.zmags.com/publication/7d8f3263?page=63"> </a> <a title="DFM20 - Online page 64" href="http://viewer.zmags.com/publication/7d8f3263?page=64"> / FEATURE ADDING ZFS EVENTS TO A SUPER-TIMELIN</a> <a title="DFM20 - Online page 65" href="http://viewer.zmags.com/publication/7d8f3263?page=65"> level analysis, it supports analysis plugins whic</a> <a title="DFM20 - Online page 66" href="http://viewer.zmags.com/publication/7d8f3263?page=66"> / FEATURE / Future Research The Dataset par</a> <a title="DFM20 - Online page 67" href="http://viewer.zmags.com/publication/7d8f3263?page=67"> / COMING SOON COMING SOON… A round-up of featu</a> <a title="DFM20 - Online page 68" href="http://viewer.zmags.com/publication/7d8f3263?page=68"> / COMPETITION COMPETITION / This issue we have</a> <a title="DFM20 - Online page 69" href="http://viewer.zmags.com/publication/7d8f3263?page=69"> 36 Letters, emails, tweets, connections and more…</a> <a title="DFM20 - Online page 70" href="http://viewer.zmags.com/publication/7d8f3263?page=70"> / FEATURE INTRODUCING CYBER SCHEME Brian Moore</a> <a title="DFM20 - Online page 71" href="http://viewer.zmags.com/publication/7d8f3263?page=71"> content which will include a wider range of cyber</a> <a title="DFM20 - Online page 72" href="http://viewer.zmags.com/publication/7d8f3263?page=72"> / FEATURE The CSTM course is delivered o</a> <a title="DFM20 - Online page 73" href="http://viewer.zmags.com/publication/7d8f3263?page=73"> </a> <a title="DFM20 - Online page 74" href="http://viewer.zmags.com/publication/7d8f3263?page=74"> / book reviews BOOK REVIEWS THE BASICS OF WEB HAC</a> <a title="DFM20 - Online page 75" href="http://viewer.zmags.com/publication/7d8f3263?page=75"> THIS IS A WELL-STRUCTURED BOOK THAT DEVELOP</a> <a title="DFM20 - Online page 76" href="http://viewer.zmags.com/publication/7d8f3263?page=76"> / book reviews T his book like t</a> <a title="DFM20 - Online page 77" href="http://viewer.zmags.com/publication/7d8f3263?page=77"> </a> <a title="DFM20 - Online page 78" href="http://viewer.zmags.com/publication/7d8f3263?page=78"> / IRQ IRQ Coders, Pi's and Forensics… Oh, my! T </a> <a title="DFM20 - Online page 79" href="http://viewer.zmags.com/publication/7d8f3263?page=79"> </a> <a title="DFM20 - Online page 80" href="http://viewer.zmags.com/publication/7d8f3263?page=80"> </a>