<br /> Digital<br /> The Quarterly Magazine for Digital Forensics Practitioners Issue 26 · February 2016<br /> WIN! an iPod Nano<br /> ForensicS<br /> / magazine<br /> IOS<br /> FORENSICS<br /> Latest News, 360<br /> Book Reviews, IRQ<br /> & much more inside!<br /> PLUS!<br /> Steganography & Metadata<br /> Improving Trust in the Cloud<br /> Mobile Device Location<br /> Malvertising<br /> 26<br /> 9 772042 061004<br /> Issue 26 / £14.99 TR Media<br /> <br /> EDITORIAL<br /> H<br /> ello everyone a belated Happy New Year to you all<br /> and welcome to issue 26 of the magazine.<br /> It is hard to believe but we are well into the 7th<br /> year of publishing the m<a title="DFM26 - Online page 1" href="http://viewer.zmags.com/publication/d840e6eb?page=1"> Digital The Quarterly Magazine for Digital Fore</a> <a title="DFM26 - Online page 2" href="http://viewer.zmags.com/publication/d840e6eb?page=2"> </a> <a title="DFM26 - Online page 3" href="http://viewer.zmags.com/publication/d840e6eb?page=3"> EDITORIAL H </a> <a title="DFM26 - Online page 4" href="http://viewer.zmags.com/publication/d840e6eb?page=4"> </a> <a title="DFM26 - Online page 5" href="http://viewer.zmags.com/publication/d840e6eb?page=5"> FEATURES 08 / Hunting With Honeypots In this art</a> <a title="DFM26 - Online page 6" href="http://viewer.zmags.com/publication/d840e6eb?page=6"> / NEWS NEWS NEWS / Ukranian Power Industry Hit</a> <a title="DFM26 - Online page 7" href="http://viewer.zmags.com/publication/d840e6eb?page=7"> Commenting on this, Mark Bower, global direct</a> <a title="DFM26 - Online page 8" href="http://viewer.zmags.com/publication/d840e6eb?page=8"> / FEATURE HUNTING WITH HONEYPOTS Dav</a> <a title="DFM26 - Online page 9" href="http://viewer.zmags.com/publication/d840e6eb?page=9"> communications. However, in reality the majority </a> <a title="DFM26 - Online page 10" href="http://viewer.zmags.com/publication/d840e6eb?page=10"> / FEATURE forcing. It then </a> <a title="DFM26 - Online page 11" href="http://viewer.zmags.com/publication/d840e6eb?page=11"> use of honeypots to detect data theft, this requi</a> <a title="DFM26 - Online page 12" href="http://viewer.zmags.com/publication/d840e6eb?page=12"> / FEATURE that they are in </a> <a title="DFM26 - Online page 13" href="http://viewer.zmags.com/publication/d840e6eb?page=13"> </a> <a title="DFM26 - Online page 14" href="http://viewer.zmags.com/publication/d840e6eb?page=14"> / FEATURE DRAWING ACCURATE FORENSIC CONCLUSI</a> <a title="DFM26 - Online page 15" href="http://viewer.zmags.com/publication/d840e6eb?page=15"> FORENSICS ANALYSIS OF SOFTWARE AND HARDWAR</a> <a title="DFM26 - Online page 16" href="http://viewer.zmags.com/publication/d840e6eb?page=16"> / FEATURE These prior methods compared softwa</a> <a title="DFM26 - Online page 17" href="http://viewer.zmags.com/publication/d840e6eb?page=17"> Figure 2. Filtering process to determine that the</a> <a title="DFM26 - Online page 18" href="http://viewer.zmags.com/publication/d840e6eb?page=18"> </a> <a title="DFM26 - Online page 19" href="http://viewer.zmags.com/publication/d840e6eb?page=19"> / LEGAL EDITORIAL LEGAL EDITORIAL Creator of popu</a> <a title="DFM26 - Online page 20" href="http://viewer.zmags.com/publication/d840e6eb?page=20"> / LEGAL FEATURE A LANDMARK RULING FROM THE EU </a> <a title="DFM26 - Online page 21" href="http://viewer.zmags.com/publication/d840e6eb?page=21"> IF THE DATA WERE STORED IN THE IT EQUIVALE</a> <a title="DFM26 - Online page 22" href="http://viewer.zmags.com/publication/d840e6eb?page=22"> / LEGAL FEATURE THOSE GUARANTEES WERE MA</a> <a title="DFM26 - Online page 23" href="http://viewer.zmags.com/publication/d840e6eb?page=23"> the US had already ensured an adequate level of p</a> <a title="DFM26 - Online page 24" href="http://viewer.zmags.com/publication/d840e6eb?page=24"> / LEGAL EDITORIAL LEGAL NEWS A round-up of the la</a> <a title="DFM26 - Online page 25" href="http://viewer.zmags.com/publication/d840e6eb?page=25"> </a> <a title="DFM26 - Online page 26" href="http://viewer.zmags.com/publication/d840e6eb?page=26"> / LEAD FEATURE IOS 9 FORENSICS Mattia Epifani </a> <a title="DFM26 - Online page 27" href="http://viewer.zmags.com/publication/d840e6eb?page=27"> installed or simply with iTunes) to enable the co</a> <a title="DFM26 - Online page 28" href="http://viewer.zmags.com/publication/d840e6eb?page=28"> / LEAD FEATURE Even when it is possible t</a> <a title="DFM26 - Online page 29" href="http://viewer.zmags.com/publication/d840e6eb?page=29"> of the files structure and content. Alternatively,</a> <a title="DFM26 - Online page 30" href="http://viewer.zmags.com/publication/d840e6eb?page=30"> / LEAD FEATURE · SystemPreferencesDomain/ Sys</a> <a title="DFM26 - Online page 31" href="http://viewer.zmags.com/publication/d840e6eb?page=31"> · AppDomain/com.apple.mobilesafari/ Library/Safar</a> <a title="DFM26 - Online page 32" href="http://viewer.zmags.com/publication/d840e6eb?page=32"> / ADVERTORIAL CYBER SECURITY, ACADEMIA AND INDUST</a> <a title="DFM26 - Online page 33" href="http://viewer.zmags.com/publication/d840e6eb?page=33"> 33</a> <a title="DFM26 - Online page 34" href="http://viewer.zmags.com/publication/d840e6eb?page=34"> / FEATURE MALVERTISING Online Advertising… Whi</a> <a title="DFM26 - Online page 35" href="http://viewer.zmags.com/publication/d840e6eb?page=35"> / Even Forbes Can't Protect Itself From Malvertis</a> <a title="DFM26 - Online page 36" href="http://viewer.zmags.com/publication/d840e6eb?page=36"> / FEATURE Malware specific ads can co-exi</a> <a title="DFM26 - Online page 37" href="http://viewer.zmags.com/publication/d840e6eb?page=37"> / What if I Have Been Infected? Firstly relax, if</a> <a title="DFM26 - Online page 38" href="http://viewer.zmags.com/publication/d840e6eb?page=38"> / FEATURE STEG DETECTION Can we de</a> <a title="DFM26 - Online page 39" href="http://viewer.zmags.com/publication/d840e6eb?page=39"> A few of these attributes are explained below</a> <a title="DFM26 - Online page 40" href="http://viewer.zmags.com/publication/d840e6eb?page=40"> / FEATURE We did this to monitor which </a> <a title="DFM26 - Online page 41" href="http://viewer.zmags.com/publication/d840e6eb?page=41"> / Findings Invisible secrets: The five files proces</a> <a title="DFM26 - Online page 42" href="http://viewer.zmags.com/publication/d840e6eb?page=42"> / FEATURE / Conclusions From our research we dre</a> <a title="DFM26 - Online page 43" href="http://viewer.zmags.com/publication/d840e6eb?page=43"> </a> <a title="DFM26 - Online page 44" href="http://viewer.zmags.com/publication/d840e6eb?page=44"> </a> <a title="DFM26 - Online page 45" href="http://viewer.zmags.com/publication/d840e6eb?page=45"> </a> <a title="DFM26 - Online page 46" href="http://viewer.zmags.com/publication/d840e6eb?page=46"> / 360 36 Letters, emails, tweets, connections and</a> <a title="DFM26 - Online page 47" href="http://viewer.zmags.com/publication/d840e6eb?page=47"> / FACEBOOK At present we have a Facebook group, w</a> <a title="DFM26 - Online page 48" href="http://viewer.zmags.com/publication/d840e6eb?page=48"> </a> <a title="DFM26 - Online page 49" href="http://viewer.zmags.com/publication/d840e6eb?page=49"> / GET INVOLVED GET INVOLVED Calling all Book Revi</a> <a title="DFM26 - Online page 50" href="http://viewer.zmags.com/publication/d840e6eb?page=50"> / COMPETITION COMPETITION / This issue we have</a> <a title="DFM26 - Online page 51" href="http://viewer.zmags.com/publication/d840e6eb?page=51"> </a> <a title="DFM26 - Online page 52" href="http://viewer.zmags.com/publication/d840e6eb?page=52"> / FEATURE IMPROVING TRUST IN CLOUD SECURI</a> <a title="DFM26 - Online page 53" href="http://viewer.zmags.com/publication/d840e6eb?page=53"> architecture copes with the data load variations </a> <a title="DFM26 - Online page 54" href="http://viewer.zmags.com/publication/d840e6eb?page=54"> / FEATURE / Trust Mechanisms Trust mechanisms l</a> <a title="DFM26 - Online page 55" href="http://viewer.zmags.com/publication/d840e6eb?page=55"> the ability of an individual or group to seclude </a> <a title="DFM26 - Online page 56" href="http://viewer.zmags.com/publication/d840e6eb?page=56"> / FEATURE Figure 1. The</a> <a title="DFM26 - Online page 57" href="http://viewer.zmags.com/publication/d840e6eb?page=57"> Not all relationships are expected to work out bu</a> <a title="DFM26 - Online page 58" href="http://viewer.zmags.com/publication/d840e6eb?page=58"> </a> <a title="DFM26 - Online page 59" href="http://viewer.zmags.com/publication/d840e6eb?page=59"> / COMING SOON COMING SOON… A round-up of featu</a> <a title="DFM26 - Online page 60" href="http://viewer.zmags.com/publication/d840e6eb?page=60"> / FEATURE MOBILE DEVICE LOCALISATION IN FORENS</a> <a title="DFM26 - Online page 61" href="http://viewer.zmags.com/publication/d840e6eb?page=61"> FIELD MEASUREM DETERMINING, IN IN THE REAL CELLUL</a> <a title="DFM26 - Online page 62" href="http://viewer.zmags.com/publication/d840e6eb?page=62"> / FEATURE A </a> <a title="DFM26 - Online page 63" href="http://viewer.zmags.com/publication/d840e6eb?page=63"> THE DETERMINATI CELLULAR NETWORK IN A GIVEN AREA </a> <a title="DFM26 - Online page 64" href="http://viewer.zmags.com/publication/d840e6eb?page=64"> / FEATURE EACH MEASUREMENT HAS GOT A</a> <a title="DFM26 - Online page 65" href="http://viewer.zmags.com/publication/d840e6eb?page=65"> </a> <a title="DFM26 - Online page 66" href="http://viewer.zmags.com/publication/d840e6eb?page=66"> / FROM THE LAB NETWORK STEGANALYSIS Haider M. </a> <a title="DFM26 - Online page 67" href="http://viewer.zmags.com/publication/d840e6eb?page=67"> / Development with BRO IDS Many available Intrusi</a> <a title="DFM26 - Online page 68" href="http://viewer.zmags.com/publication/d840e6eb?page=68"> / FROM THE LAB SNORT IDS while testing I</a> <a title="DFM26 - Online page 69" href="http://viewer.zmags.com/publication/d840e6eb?page=69"> · Ability to inspect the connection state (Re</a> <a title="DFM26 - Online page 70" href="http://viewer.zmags.com/publication/d840e6eb?page=70"> / FROM THE LAB truncated, however the size of</a> <a title="DFM26 - Online page 71" href="http://viewer.zmags.com/publication/d840e6eb?page=71"> Figure 14. Overview of Detected Steganograms / St</a> <a title="DFM26 - Online page 72" href="http://viewer.zmags.com/publication/d840e6eb?page=72"> Digital ForensicS / magazine Digital The Qua</a> <a title="DFM26 - Online page 73" href="http://viewer.zmags.com/publication/d840e6eb?page=73"> </a> <a title="DFM26 - Online page 74" href="http://viewer.zmags.com/publication/d840e6eb?page=74"> </a> <a title="DFM26 - Online page 75" href="http://viewer.zmags.com/publication/d840e6eb?page=75"> / book reviews BOOK REVIEWS LEARNING IOS FORENSIC</a> <a title="DFM26 - Online page 76" href="http://viewer.zmags.com/publication/d840e6eb?page=76"> / book reviews TARGETED CYBER ATTACKS Reviewer </a> <a title="DFM26 - Online page 77" href="http://viewer.zmags.com/publication/d840e6eb?page=77"> </a> <a title="DFM26 - Online page 78" href="http://viewer.zmags.com/publication/d840e6eb?page=78"> / IRQ IRQ F.app? T he ed.'s been</a> <a title="DFM26 - Online page 79" href="http://viewer.zmags.com/publication/d840e6eb?page=79"> </a> <a title="DFM26 - Online page 80" href="http://viewer.zmags.com/publication/d840e6eb?page=80"> </a>