<br /> ForensicS<br /> / magazine<br /> Digital<br /> The Quarterly Magazine for Digital Forensics Practitioners<br /> INSIDE<br /> / Forensic Investigation of<br /> Virtual Environments<br /> / Lab tested: Disklabs’<br /> Faraday Evidence Bag<br /> / Inside the EU Data<br /> Retention Act<br /> / Brew your own<br /> version of COFEE<br /> Win 3 State of the Art<br /> Sony Dictaphones<br /> Competition!<br /> ISSUE 02<br /> ANDROID<br /> ON THE LOOSE<br /> Andrew Hoog unveils Google’s new mobile<br /> operating system, showings us exactly what’s<br /> important for forensic investigators<br /> 01<br /> 9 772042 061103<br /> Issue 2 / £17.50 TR Media<br /> / REGULARS / LATEST News / Book Reviews / 20% DISCOUNT<br /> LEGAL NEWS, 360, Mobile phone Malware Forensics Elcomsoft PASSWORD<br /> IRQ… AND MORE encryption hacked Live Hacking <a title="DF2_Online.pdf page 1" href="http://viewer.zmags.com/publication/c900c5ab?page=1"> ForensicS / magazine Digital The Quarterly Magaz</a> <a title="DF2_Online.pdf page 2" href="http://viewer.zmags.com/publication/c900c5ab?page=2"> Shape your future Forensic Computing MSc Fo</a> <a title="DF2_Online.pdf page 3" href="http://viewer.zmags.com/publication/c900c5ab?page=3"> EDITORIAL H as it really been t</a> <a title="DF2_Online.pdf page 4" href="http://viewer.zmags.com/publication/c900c5ab?page=4"> Reviewing the latest sports highlights </a> <a title="DF2_Online.pdf page 5" href="http://viewer.zmags.com/publication/c900c5ab?page=5">/ CONTENTS CONTENTS / DIGITAL FORENSICS </a> <a title="DF2_Online.pdf page 6" href="http://viewer.zmags.com/publication/c900c5ab?page=6"> / NEWS NEWS Photo © UCL Media Services, Photo</a> <a title="DF2_Online.pdf page 7" href="http://viewer.zmags.com/publication/c900c5ab?page=7"> Cyber security challenge UK-style As part of th</a> <a title="DF2_Online.pdf page 8" href="http://viewer.zmags.com/publication/c900c5ab?page=8"> Forensic Computing 12-month st</a> <a title="DF2_Online.pdf page 9" href="http://viewer.zmags.com/publication/c900c5ab?page=9"> 360° TYour chance to have your say … </a> <a title="DF2_Online.pdf page 10" href="http://viewer.zmags.com/publication/c900c5ab?page=10"> / LETTERS used in a third party country – ind</a> <a title="DF2_Online.pdf page 11" href="http://viewer.zmags.com/publication/c900c5ab?page=11"> PRACTICAL COMPUTER & MOBILE PHONE bBeofokre F</a> <a title="DF2_Online.pdf page 12" href="http://viewer.zmags.com/publication/c900c5ab?page=12"> / LEAD FEATURE ANDROID ON THE LOOSE EvERyTHINg</a> <a title="DF2_Online.pdf page 13" href="http://viewer.zmags.com/publication/c900c5ab?page=13"> Android is done in Java and runs in a Dalvik virt</a> <a title="DF2_Online.pdf page 14" href="http://viewer.zmags.com/publication/c900c5ab?page=14"> / LEAD FEATURE 1. Install Java a. JDK5 o</a> <a title="DF2_Online.pdf page 15" href="http://viewer.zmags.com/publication/c900c5ab?page=15"> Android applications framework 0xFF (all 1’s) an</a> <a title="DF2_Online.pdf page 16" href="http://viewer.zmags.com/publication/c900c5ab?page=16"> / LEAD FEATURE Forensics techniques Of course</a> <a title="DF2_Online.pdf page 17" href="http://viewer.zmags.com/publication/c900c5ab?page=17"> dEVICE </a> <a title="DF2_Online.pdf page 18" href="http://viewer.zmags.com/publication/c900c5ab?page=18"> </a> <a title="DF2_Online.pdf page 19" href="http://viewer.zmags.com/publication/c900c5ab?page=19"> / FEATURE Counter-forensiCs andthe pushto stay</a> <a title="DF2_Online.pdf page 20" href="http://viewer.zmags.com/publication/c900c5ab?page=20"> data destruction At first glance, it would appear</a> <a title="DF2_Online.pdf page 21" href="http://viewer.zmags.com/publication/c900c5ab?page=21"> file ‘shredding’ By performing file shredding, a </a> <a title="DF2_Online.pdf page 22" href="http://viewer.zmags.com/publication/c900c5ab?page=22"> / FEATURE modify material stored on a compute</a> <a title="DF2_Online.pdf page 23" href="http://viewer.zmags.com/publication/c900c5ab?page=23"> computerbackthreeyears,installtheoperatingsystem,</a> <a title="DF2_Online.pdf page 24" href="http://viewer.zmags.com/publication/c900c5ab?page=24"> / FEATURE / Pre-emption This technique involves</a> <a title="DF2_Online.pdf page 25" href="http://viewer.zmags.com/publication/c900c5ab?page=25"> / FEATURE FROM EVIDENCE COLLECTION TO THE COUR</a> <a title="DF2_Online.pdf page 26" href="http://viewer.zmags.com/publication/c900c5ab?page=26"> / FEATURE Computer data can be extremely vola</a> <a title="DF2_Online.pdf page 27" href="http://viewer.zmags.com/publication/c900c5ab?page=27"> documenting all running processes and network con</a> <a title="DF2_Online.pdf page 28" href="http://viewer.zmags.com/publication/c900c5ab?page=28"> / FEATURE HasH LIBRaRIEs aRE CREaTED OF aLLTHE </a> <a title="DF2_Online.pdf page 29" href="http://viewer.zmags.com/publication/c900c5ab?page=29"> 29</a> <a title="DF2_Online.pdf page 30" href="http://viewer.zmags.com/publication/c900c5ab?page=30"> / FEATURE / Verifiable Procedures The goal of t</a> <a title="DF2_Online.pdf page 31" href="http://viewer.zmags.com/publication/c900c5ab?page=31"> / FUTURE ISSUES COMING SOON… A Roundup of f</a> <a title="DF2_Online.pdf page 32" href="http://viewer.zmags.com/publication/c900c5ab?page=32"> Forensic Trade Shows, LLC and The New York Metro </a> <a title="DF2_Online.pdf page 33" href="http://viewer.zmags.com/publication/c900c5ab?page=33"> / Topics will include : • accountant Malpractice</a> <a title="DF2_Online.pdf page 34" href="http://viewer.zmags.com/publication/c900c5ab?page=34"> / COMPETITION COMPETITION / 3 Sony ICD-UX71 Di</a> <a title="DF2_Online.pdf page 35" href="http://viewer.zmags.com/publication/c900c5ab?page=35"> / LEGAL EDITORIAL LEGAL EDITORIAL Welcome aga</a> <a title="DF2_Online.pdf page 36" href="http://viewer.zmags.com/publication/c900c5ab?page=36"> / LEGAL NEWS ALERT LEGAL NEWS ALERT Sixth Amen</a> <a title="DF2_Online.pdf page 37" href="http://viewer.zmags.com/publication/c900c5ab?page=37"> standards of processing personal data, nonetheles</a> <a title="DF2_Online.pdf page 38" href="http://viewer.zmags.com/publication/c900c5ab?page=38"> / LEGAL FEATURE SETTING STORE ON NEW DATA RULE</a> <a title="DF2_Online.pdf page 39" href="http://viewer.zmags.com/publication/c900c5ab?page=39"> • People that wrote the directive claim that all </a> <a title="DF2_Online.pdf page 40" href="http://viewer.zmags.com/publication/c900c5ab?page=40"> / LEGAL FEATURE • (A1i) the calling telephon</a> <a title="DF2_Online.pdf page 41" href="http://viewer.zmags.com/publication/c900c5ab?page=41"> user id to a subscriber name and postal address. </a> <a title="DF2_Online.pdf page 42" href="http://viewer.zmags.com/publication/c900c5ab?page=42"> / LEGAL FEATURE DATA RETENTION STORAGE SUMMARy </a> <a title="DF2_Online.pdf page 43" href="http://viewer.zmags.com/publication/c900c5ab?page=43"> • Hosting companies; • Internet Cafes & Wireless </a> <a title="DF2_Online.pdf page 44" href="http://viewer.zmags.com/publication/c900c5ab?page=44"> Digital ForensicS / magazine Digital Forensics m</a> <a title="DF2_Online.pdf page 45" href="http://viewer.zmags.com/publication/c900c5ab?page=45"> / FEATURE WAKE UP AND SMELLTHE COFEE CrEATING </a> <a title="DF2_Online.pdf page 46" href="http://viewer.zmags.com/publication/c900c5ab?page=46"> / FEATURE • Network information (ipconfig.exe</a> <a title="DF2_Online.pdf page 47" href="http://viewer.zmags.com/publication/c900c5ab?page=47"> / Building the toolkit A lthough</a> <a title="DF2_Online.pdf page 48" href="http://viewer.zmags.com/publication/c900c5ab?page=48"> / FEATURE application execution information s</a> <a title="DF2_Online.pdf page 49" href="http://viewer.zmags.com/publication/c900c5ab?page=49"> / FILE HASHES MD5 or SHA1 files hashes provide th</a> <a title="DF2_Online.pdf page 50" href="http://viewer.zmags.com/publication/c900c5ab?page=50"> / FEATURE THESE DATA COLLECTION</a> <a title="DF2_Online.pdf page 51" href="http://viewer.zmags.com/publication/c900c5ab?page=51"> Maximise Prioritise Visualise Call IntaForen</a> <a title="DF2_Online.pdf page 52" href="http://viewer.zmags.com/publication/c900c5ab?page=52"> / FEATURE MODELLING FOR OPERATIONAL FORENSICS </a> <a title="DF2_Online.pdf page 53" href="http://viewer.zmags.com/publication/c900c5ab?page=53"> Thelattertwocanbeusefullyconjoinedintoasing</a> <a title="DF2_Online.pdf page 54" href="http://viewer.zmags.com/publication/c900c5ab?page=54"> / FEATURE PC LOGIN SCREEN Ethernet port </a> <a title="DF2_Online.pdf page 55" href="http://viewer.zmags.com/publication/c900c5ab?page=55"> PHYSICAL </a> <a title="DF2_Online.pdf page 56" href="http://viewer.zmags.com/publication/c900c5ab?page=56"> / PROACTIVE COMPUTER FORENSICS Planning for tr</a> <a title="DF2_Online.pdf page 57" href="http://viewer.zmags.com/publication/c900c5ab?page=57"> impossible in a magazine article; far too many ex</a> <a title="DF2_Online.pdf page 58" href="http://viewer.zmags.com/publication/c900c5ab?page=58"> / tech FEATURE R E L A X , IT’S IN THE BAG MoB</a> <a title="DF2_Online.pdf page 59" href="http://viewer.zmags.com/publication/c900c5ab?page=59"> the reverberation chamber does have a number of f</a> <a title="DF2_Online.pdf page 60" href="http://viewer.zmags.com/publication/c900c5ab?page=60"> / tech FEATURE / Setting up the test The tests </a> <a title="DF2_Online.pdf page 61" href="http://viewer.zmags.com/publication/c900c5ab?page=61"> </a> <a title="DF2_Online.pdf page 62" href="http://viewer.zmags.com/publication/c900c5ab?page=62"> / JOBS UNIVERSITY VACANCIES Digital Forensic V</a> <a title="DF2_Online.pdf page 63" href="http://viewer.zmags.com/publication/c900c5ab?page=63"> As the educational and technical arm of the </a> <a title="DF2_Online.pdf page 64" href="http://viewer.zmags.com/publication/c900c5ab?page=64"> DF1_OFC_Cover - Online.indd 1 </a> <a title="DF2_Online.pdf page 65" href="http://viewer.zmags.com/publication/c900c5ab?page=65"> / TECH FEATURE THE Trials aND TribulaTioNs of </a> <a title="DF2_Online.pdf page 66" href="http://viewer.zmags.com/publication/c900c5ab?page=66"> / TECH FEATURE change in the mobile phone for</a> <a title="DF2_Online.pdf page 67" href="http://viewer.zmags.com/publication/c900c5ab?page=67"> ing new relationships and providing a hugely valu</a> <a title="DF2_Online.pdf page 68" href="http://viewer.zmags.com/publication/c900c5ab?page=68"> BLADE F O R E N S I C D AT A R E C O V E RY </a> <a title="DF2_Online.pdf page 69" href="http://viewer.zmags.com/publication/c900c5ab?page=69"> / TECH FEATURE PROVIDING THE PROOF At some po</a> <a title="DF2_Online.pdf page 70" href="http://viewer.zmags.com/publication/c900c5ab?page=70"> / TECH FEATURE / Product Implications Existing </a> <a title="DF2_Online.pdf page 71" href="http://viewer.zmags.com/publication/c900c5ab?page=71"> / Trusted Third-Party Organizationsmayconsiderwhe</a> <a title="DF2_Online.pdf page 72" href="http://viewer.zmags.com/publication/c900c5ab?page=72"> / FEATURE Hacker's HIDDeN TerrOr robert a andr</a> <a title="DF2_Online.pdf page 73" href="http://viewer.zmags.com/publication/c900c5ab?page=73"> / TECH FEATURE GHOST IN THE MACHINE Forensic e</a> <a title="DF2_Online.pdf page 74" href="http://viewer.zmags.com/publication/c900c5ab?page=74"> / TECH FEATURE extract encryption keys from p</a> <a title="DF2_Online.pdf page 75" href="http://viewer.zmags.com/publication/c900c5ab?page=75"> Next step: establish file integrity Afterthesnaps</a> <a title="DF2_Online.pdf page 76" href="http://viewer.zmags.com/publication/c900c5ab?page=76"> / TECH FEATURE files comprising the virt</a> <a title="DF2_Online.pdf page 77" href="http://viewer.zmags.com/publication/c900c5ab?page=77"> image, but keep in mind that you may want to cons</a> <a title="DF2_Online.pdf page 78" href="http://viewer.zmags.com/publication/c900c5ab?page=78"> / BOOK REVIEWS BOOK REVIEWS Malware Forensics:</a> <a title="DF2_Online.pdf page 79" href="http://viewer.zmags.com/publication/c900c5ab?page=79"> sprinkled throughout the text, and these soon sta</a> <a title="DF2_Online.pdf page 80" href="http://viewer.zmags.com/publication/c900c5ab?page=80"> Digital ForensicS / magazine PLACE YOU</a> <a title="DF2_Online.pdf page 81" href="http://viewer.zmags.com/publication/c900c5ab?page=81"> CALLING ALL RESEARCHERS & PRACTITIONERS If you ar</a> <a title="DF2_Online.pdf page 82" href="http://viewer.zmags.com/publication/c900c5ab?page=82"> / COLUMN IRQ ITriage and the triumph of common se</a> <a title="DF2_Online.pdf page 83" href="http://viewer.zmags.com/publication/c900c5ab?page=83"> Now Available! WindowsForensicAnalysis MalwareFor</a> <a title="DF2_Online.pdf page 84" href="http://viewer.zmags.com/publication/c900c5ab?page=84"> OrderToday! April 2010 PhoneForensicAnalysis 20</a>