<br /> The Quarterly Magazine for Digital Forensics Practitioners Issue 24 • August 2015<br /> Digital<br /> WIN! an iPod Nano<br /> ForensicS<br /> / magazine<br /> BLOOM<br /> FILTERS<br /> Identifying hard-to-detect data<br /> from Partial Evidentiary Hashes<br /> Latest News, 360<br /> Book Reviews, IRQ<br /> & much more inside!<br /> PLUS!<br /> HUMINT<br /> Digital Profiling<br /> Concept of a CSOC<br /> Virtual Honeynets<br /> 24<br /> 9 772042 061004<br /> Issue 24 / £14.99 TR Media<br /> <br /> EDITORIAL<br /> W ell summer has officially arrived<br /> and with it Issue 24 of the<br /> magazine. A landmark issue<br /> as we have now been publishing th<a title="DFM24 - Online page 1" href="http://viewer.zmags.com/publication/845781bc?page=1"> The Quarterly Magazine for Digital Forensics Prac</a> <a title="DFM24 - Online page 2" href="http://viewer.zmags.com/publication/845781bc?page=2"> </a> <a title="DFM24 - Online page 3" href="http://viewer.zmags.com/publication/845781bc?page=3"> EDITORIAL </a> <a title="DFM24 - Online page 4" href="http://viewer.zmags.com/publication/845781bc?page=4"> </a> <a title="DFM24 - Online page 5" href="http://viewer.zmags.com/publication/845781bc?page=5"> 32 FEATURES 08 / HUMINT With</a> <a title="DFM24 - Online page 6" href="http://viewer.zmags.com/publication/845781bc?page=6"> / NEWS NEWS NEWS / Students Experience Life In</a> <a title="DFM24 - Online page 7" href="http://viewer.zmags.com/publication/845781bc?page=7"> / NEWS ROUND-UP ISE SEEKS “HACKER BACKERS” TO PRO</a> <a title="DFM24 - Online page 8" href="http://viewer.zmags.com/publication/845781bc?page=8"> / FEATURE HUMINT Joh Walker maps the Homo Sapien</a> <a title="DFM24 - Online page 9" href="http://viewer.zmags.com/publication/845781bc?page=9"> / Marauders Map Although Marauders Map can still </a> <a title="DFM24 - Online page 10" href="http://viewer.zmags.com/publication/845781bc?page=10"> / FEATURE There are also multiple tools </a> <a title="DFM24 - Online page 11" href="http://viewer.zmags.com/publication/845781bc?page=11"> </a> <a title="DFM24 - Online page 12" href="http://viewer.zmags.com/publication/845781bc?page=12"> / FEATURE / Conclusion We are living in a time</a> <a title="DFM24 - Online page 13" href="http://viewer.zmags.com/publication/845781bc?page=13"> </a> <a title="DFM24 - Online page 14" href="http://viewer.zmags.com/publication/845781bc?page=14"> / LEAD FEATURE APPLICATION OF BLOOM FILTERS IN D</a> <a title="DFM24 - Online page 15" href="http://viewer.zmags.com/publication/845781bc?page=15"> • Where p is the probability of a false positive.</a> <a title="DFM24 - Online page 16" href="http://viewer.zmags.com/publication/845781bc?page=16"> / LEAD FEATURE / HASHING FUNCTIONS We often o</a> <a title="DFM24 - Online page 17" href="http://viewer.zmags.com/publication/845781bc?page=17"> / Considerations When Using Bloom filters Whil</a> <a title="DFM24 - Online page 18" href="http://viewer.zmags.com/publication/845781bc?page=18"> / LEAD FEATURE STREAM-ORIENTED OR BLOCK-</a> <a title="DFM24 - Online page 19" href="http://viewer.zmags.com/publication/845781bc?page=19"> / LEGAL EDITORIAL LEGAL EDITORIAL The FIFA Kerfu</a> <a title="DFM24 - Online page 20" href="http://viewer.zmags.com/publication/845781bc?page=20"> / LEGAL FEATURE THE CONSUMER PRIVACY PROTECTION </a> <a title="DFM24 - Online page 21" href="http://viewer.zmags.com/publication/845781bc?page=21"> the only two states in which data may be found, a</a> <a title="DFM24 - Online page 22" href="http://viewer.zmags.com/publication/845781bc?page=22"> / LEGAL FEATURE Whoever, having knowled</a> <a title="DFM24 - Online page 23" href="http://viewer.zmags.com/publication/845781bc?page=23"> appropriate locality. Interestingly enough, there</a> <a title="DFM24 - Online page 24" href="http://viewer.zmags.com/publication/845781bc?page=24"> / LEGAL EDITORIAL LEGAL NEWS A round-up of the l</a> <a title="DFM24 - Online page 25" href="http://viewer.zmags.com/publication/845781bc?page=25"> </a> <a title="DFM24 - Online page 26" href="http://viewer.zmags.com/publication/845781bc?page=26"> / FEATURE THE EVIDENTIAL VALUE OF SOCIAL NETWORK</a> <a title="DFM24 - Online page 27" href="http://viewer.zmags.com/publication/845781bc?page=27"> In Figure 1 the phases of investigation are ident</a> <a title="DFM24 - Online page 28" href="http://viewer.zmags.com/publication/845781bc?page=28"> / FEATURE Reporting is an important feat</a> <a title="DFM24 - Online page 29" href="http://viewer.zmags.com/publication/845781bc?page=29"> / Top Fact </a> <a title="DFM24 - Online page 30" href="http://viewer.zmags.com/publication/845781bc?page=30"> / FEATURE / Available Evidence The type of d</a> <a title="DFM24 - Online page 31" href="http://viewer.zmags.com/publication/845781bc?page=31"> </a> <a title="DFM24 - Online page 32" href="http://viewer.zmags.com/publication/845781bc?page=32"> / FEATURE DIGITAL PROFILING How much data does t</a> <a title="DFM24 - Online page 33" href="http://viewer.zmags.com/publication/845781bc?page=33"> / The Concepts of Credential Harvesting! During a</a> <a title="DFM24 - Online page 34" href="http://viewer.zmags.com/publication/845781bc?page=34"> / FEATURE / Nom Nom – Cookie Profiling & </a> <a title="DFM24 - Online page 35" href="http://viewer.zmags.com/publication/845781bc?page=35"> Figure 1. Data Point Gathering for Digital Profile</a> <a title="DFM24 - Online page 36" href="http://viewer.zmags.com/publication/845781bc?page=36"> / FEATURE While a lot of the above inf</a> <a title="DFM24 - Online page 37" href="http://viewer.zmags.com/publication/845781bc?page=37"> </a> <a title="DFM24 - Online page 38" href="http://viewer.zmags.com/publication/845781bc?page=38"> / FEATURE LAYER 2 SECURITY AND FORENSIC CAPABILI</a> <a title="DFM24 - Online page 39" href="http://viewer.zmags.com/publication/845781bc?page=39"> • Authentication – insurance of the identity</a> <a title="DFM24 - Online page 40" href="http://viewer.zmags.com/publication/845781bc?page=40"> / FEATURE • Frame spoofing • Frame forwarding</a> <a title="DFM24 - Online page 41" href="http://viewer.zmags.com/publication/845781bc?page=41"> / Communication Model Security What is less well </a> <a title="DFM24 - Online page 42" href="http://viewer.zmags.com/publication/845781bc?page=42"> / ADVERTORIAL CYBER SECURITY, ACADEMIA AND INDUST</a> <a title="DFM24 - Online page 43" href="http://viewer.zmags.com/publication/845781bc?page=43"> 43</a> <a title="DFM24 - Online page 44" href="http://viewer.zmags.com/publication/845781bc?page=44"> / FEATURE THE INSIDER THREAT Mike Corcoran explo</a> <a title="DFM24 - Online page 45" href="http://viewer.zmags.com/publication/845781bc?page=45"> / The National Security Context Security in th</a> <a title="DFM24 - Online page 46" href="http://viewer.zmags.com/publication/845781bc?page=46"> / FEATURE Good people, being bad: • Thes</a> <a title="DFM24 - Online page 47" href="http://viewer.zmags.com/publication/845781bc?page=47"> efforts of an attacker. Key areas addressed throu</a> <a title="DFM24 - Online page 48" href="http://viewer.zmags.com/publication/845781bc?page=48"> </a> <a title="DFM24 - Online page 49" href="http://viewer.zmags.com/publication/845781bc?page=49"> / GET INVOLVED GET INVOLVED Calling all Book Rev</a> <a title="DFM24 - Online page 50" href="http://viewer.zmags.com/publication/845781bc?page=50"> / INTERVIEW MEET THE PROFESSIONALS / Prof. Jo</a> <a title="DFM24 - Online page 51" href="http://viewer.zmags.com/publication/845781bc?page=51"> </a> <a title="DFM24 - Online page 52" href="http://viewer.zmags.com/publication/845781bc?page=52"> / FEATURE THE CYBER SECURITY OPERATIONS CENTRE (</a> <a title="DFM24 - Online page 53" href="http://viewer.zmags.com/publication/845781bc?page=53"> IN ORDER TO PROVIDE</a> <a title="DFM24 - Online page 54" href="http://viewer.zmags.com/publication/845781bc?page=54"> / FEATURE The process is a simple model </a> <a title="DFM24 - Online page 55" href="http://viewer.zmags.com/publication/845781bc?page=55"> impact the decision making process, on occasion t</a> <a title="DFM24 - Online page 56" href="http://viewer.zmags.com/publication/845781bc?page=56"> / FEATURE / SIGINT SIGINT is intelligence der</a> <a title="DFM24 - Online page 57" href="http://viewer.zmags.com/publication/845781bc?page=57"> </a> <a title="DFM24 - Online page 58" href="http://viewer.zmags.com/publication/845781bc?page=58"> / 360 Letters, emails, tweets, </a> <a title="DFM24 - Online page 59" href="http://viewer.zmags.com/publication/845781bc?page=59"> / TWITTER Our Twitter followers have now increase</a> <a title="DFM24 - Online page 60" href="http://viewer.zmags.com/publication/845781bc?page=60"> / FEATURE VICTIM JOURNEY MAPPING Bil Hallaq, T</a> <a title="DFM24 - Online page 61" href="http://viewer.zmags.com/publication/845781bc?page=61"> / Phishing Phishing is the attempt to acquire sen</a> <a title="DFM24 - Online page 62" href="http://viewer.zmags.com/publication/845781bc?page=62"> engineering, or exploiting the ways a victim comm</a> <a title="DFM24 - Online page 63" href="http://viewer.zmags.com/publication/845781bc?page=63"> Figure 3. Framework for Analysing the Cost of Cyb</a> <a title="DFM24 - Online page 64" href="http://viewer.zmags.com/publication/845781bc?page=64"> / FEATURE TRAPPING THE ATTACKER Aaron Momi an</a> <a title="DFM24 - Online page 65" href="http://viewer.zmags.com/publication/845781bc?page=65"> Figure 1. Honeyd Configuration Figu</a> <a title="DFM24 - Online page 66" href="http://viewer.zmags.com/publication/845781bc?page=66"> / FEATURE </a> <a title="DFM24 - Online page 67" href="http://viewer.zmags.com/publication/845781bc?page=67"> Figure 6. Tomcat Manager User Figure </a> <a title="DFM24 - Online page 68" href="http://viewer.zmags.com/publication/845781bc?page=68"> / FEATURE Figure 9. SSH A</a> <a title="DFM24 - Online page 69" href="http://viewer.zmags.com/publication/845781bc?page=69"> / COMING SOON COMING SOON… A round-up of feature</a> <a title="DFM24 - Online page 70" href="http://viewer.zmags.com/publication/845781bc?page=70"> / COMPETITION COMPETITION / This issue we have</a> <a title="DFM24 - Online page 71" href="http://viewer.zmags.com/publication/845781bc?page=71"> </a> <a title="DFM24 - Online page 72" href="http://viewer.zmags.com/publication/845781bc?page=72"> Digital ForensicS / magazine The Quarterly </a> <a title="DFM24 - Online page 73" href="http://viewer.zmags.com/publication/845781bc?page=73"> / book reviews BOOK REVIEWS DESIGNING AND BUILDI</a> <a title="DFM24 - Online page 74" href="http://viewer.zmags.com/publication/845781bc?page=74"> / book reviews IN ADDITION TO O</a> <a title="DFM24 - Online page 75" href="http://viewer.zmags.com/publication/845781bc?page=75"> This book provides guidelines for pl</a> <a title="DFM24 - Online page 76" href="http://viewer.zmags.com/publication/845781bc?page=76"> / book reviews This book addresses the conc</a> <a title="DFM24 - Online page 77" href="http://viewer.zmags.com/publication/845781bc?page=77"> </a> <a title="DFM24 - Online page 78" href="http://viewer.zmags.com/publication/845781bc?page=78"> </a> <a title="DFM24 - Online page 79" href="http://viewer.zmags.com/publication/845781bc?page=79"> / PRODUCT review PRODUCT REVIEW IRONKEY IMATION </a> <a title="DFM24 - Online page 80" href="http://viewer.zmags.com/publication/845781bc?page=80"> / PRODUCT review </a> <a title="DFM24 - Online page 81" href="http://viewer.zmags.com/publication/845781bc?page=81"> </a> <a title="DFM24 - Online page 82" href="http://viewer.zmags.com/publication/845781bc?page=82"> / IRQ IRQ Censored. In the last 18 months, or</a> <a title="DFM24 - Online page 83" href="http://viewer.zmags.com/publication/845781bc?page=83"> </a> <a title="DFM24 - Online page 84" href="http://viewer.zmags.com/publication/845781bc?page=84"> </a>