Currently reviewing a digital forensics book! Busy...busy...busy...

Anyone want to request for technical review...:)

Also, concurrently planning for something...next year...2014...digital forensics...&...MyCERT!

Gmail now shows you all images by default

Interesting development :)

http://news.cnet.com/8301-1009_3-57615469-83/gmail-now-shows-you-all-images-by-default/

E-Discovery

A very important subject/knowledge in investigations.

A simple video on E-Discovery.

iOS Forensics

http://ieeexplore.ieee.org/xpl/login.jsp?tp=&arnumber=6657266&url=http%3A%2F%2Fieeexplore.ieee.org%2Fxpls%2Fabs_all.jsp%3Farnumber%3D6657266

Singapore's cyber defence firepower gets $130m boost

I'm so happy for them :)

http://news.asiaone.com/news/singapore/singapores-cyber-defence-firepower-gets-130m-boost

Australian High Comm in KL part of US spying network, Aussie media reports

Mmm...do we need to do something!!!

http://www.thestar.com.my/News/Nation/2013/10/31/Australia-US-spying-network-Malaysia.aspx

http://www.youtube.com/watch?v=1_eL7WS6Oos

A General Model of Forensic Data Recovery Framework for Digital CCTV Systems

I think this is an important topic for LEAs.

If you need to refer to the framework, it is available here (under the chapter Data Recovery from Proprietary-Formatted CCTV Hard Disks).

http://www.springer.com/computer/security+and+cryptology/book/978-3-642-41147-2

Contact me if you need further clarifications or suggestions.

Thanks :)

http://link.springer.com/chapter/10.1007/978-3-642-41148-9_15

Forensic Focus: Playing or converting .stream files from DVR/CCTV

http://www.forensicfocus.com/Forums/viewtopic/p=6568836/

Forensic Data Recovery and Anti-Forensics Tools For Digital CCTV Systems

I’ve developed two forensic tools.

1)      DDCT – DVR Data Carving Tool

2)      DDET – DVR Data Eraser Tool

The second tool…DDET…mmm…digital forensic practitioners would not be able to recover the video files!

Interesting talk by Simson Garfinkel

Simson L. Garfinkel is an Associate Professor at the Naval Postgraduate School in Monterey, California. Garfinkel is regarded as a leader in the fields of Digital forensics and Usable Security. In addition to his academic work, Garfinkel is a journalist, an entrepreneur, and an inventor, his work in all three concerned with computer security, privacy and information technology.

http://en.wikipedia.org/wiki/Simson_Garfinkel

Digital forensics as a career

I’ve received some emails from my Linkedin colleagues asking me whether digital forensics is good for their career.

Well, if you ask me about digital forensics, I will tell you that it is the best for you.

Most probably, I’m bias here, but I can’t help it.

Apart from family, I’m devoting my life to digital forensics. Almost everyday I’ve to read about digital forensics.

For those who are thinking to pursue their career in digital forensics, you can ask digital forensic experts (general or specific questions) or you can read digital forensics magazines to get more information; and of course literatures.

There are two new publications by eforensics magazines for you to read and loads of digital forensic literatures.

-       An ebook: Real life computer forensics

-       A magazine: Let’s play forensic tools

http://eforensicsmag.com/category/news/

My research is more towards data recovery and there are two good articles for you to read.

Hopefully you'll get some ideas if digital forensics is good for you.

Good luck!

Memory Forensics

I’ve done a bit of work on memory forensics and found it interesting but complex. And, as a researcher and practitioner, I need to read and write a lot. Same goes to you out there, my dear colleagues. The least that you need to do is to read in order to keep yourself informed. Apart from the Advances in Digital Forensics book by IFIP Working Group 11.9, eForensics Magazine is another good resource for you (I’ve been interviewed by them and I’ve also contributed an article to them).

http://aswamiariffin-cybercsimalaysia.blogspot.com.au/2012/09/interview-with-aswami-ariffin-by.html

http://aswamiariffin-cybercsimalaysia.blogspot.com.au/2012/12/an-analytical-framework-for-digital.html

If you are interested in memory forensics, you can refer,

http://eforensicsmag.com/memory-forensics-step-by-step-special-package-in-preorder/

iOS Forensics: How can we recover deleted image files with timestamp in a forensically sound manner?

For further info, http://aswamiariffin-cybercsimalaysia.blogspot.com.au/2013/05/ios-forensics-framework-for.html

http://ieeexplore.ieee.org/xpl/login.jsp?tp=&arnumber=6657266&url=http%3A%2F%2Fieeexplore.ieee.org%2Fxpls%2Fabs_all.jsp%3Farnumber%3D6657266

More digital forensics research papers in the future :) for practitioners and researchers.

iOS Forensics Framework For Practitioners

Digital forensics practitioners are welcome to discuss with me on iOS forensics framework (especially those from LEAs). You will need it, the framework, as an expert witness in the court of law and I've developed a framework that was accepted by a reputable digital forensics conference in Germany!

The report of your commercial tool...mmm...you might have tough time to explain it to the judge/jury on how you recovered the digital evidence from the device.

Publication of Digital Forensics and Cyber Security Research Paper

Dear fellow Malaysian digital forensic and cyber security researchers,

I have to say that I’m proud with some of your work. I know this development because I’m reviewing some of your papers (i.e., thanks to UKM for inviting me).

http://aswamiariffin-cybercsimalaysia.blogspot.com.au/2013/02/intelligent-computation-on-pattern.html

If you plan to do a research (or already doing it), I’m interested to work with you and publish/present paper at local or international conferences (such as IFIP Working Group 11.9 Digital Forensics).

http://aswamiariffin-cybercsimalaysia.blogspot.com.au/2012/11/digital-cctv-forensics-data-recovery-of.html

In fact, some of you have been communicating with me.

I hope to be back in Malaysia (and CyberSecurity Malaysia) soon and perhaps we could plan something in the future.

Most probably, I’m able to contribute and share my experience as a reviewer (thanks to ARES for inviting me a few times) and author.

http://aswamiariffin-cybercsimalaysia.blogspot.com.au/2013/01/the-sixth-international-workshop-on.html

Also, to my colleagues from other countries, I’m interested to work with you as well.

Digital CCTV Forensic Data Recovery Research

Most probably, because of our paper in ifip recently, digital CCTV forensic data recovery is emerging in the academic research.

http://www.ifip119.org/Conferences/ConferenceProgram2013.pdf

Data Recovery From Proprietary-Formatted Files CCTV Hard Disks

A. Ariffin, J. Slay and K.K.R Choo

University of South Australia, Mawson Lakes, Australia

See below in another conference in New Zealand.
http://www.sec2013.org/Conference/CallforPapers/DigitalForensics.aspx 

28th IFIP TC-11 SEC 2013 International Information
Security and Privacy Conference

Auckland, New Zealand, 8-10 July 2013

The 2013 Digital Forensics International Conference

“Digital Forensic Cases, Tools & Techniques”

July 8 & 9

Final Call for Presentations

Closes Friday 17 May 2013

The final call for papers closes 17 May for industry or applied digital forensic presentations examining digital forensic innovation, cases, tools and techniques.

AUT University Digital Forensic Research Laboratories is hosting in association with the 28th IFIP TC-11 SEC 2013 International Information Security and Privacy Conference, Auckland, New Zealand, 8-10 July 2013 The 2013 Digital Forensics International Conference.

Presentations are invited from Practitioners and Researchers to bring together the best of practice and innovation in the field. As Digital Forensics has differentiated from its Security and Computing roots rapid and path changing approaches are evolving that are contributing to a better fit of the legal, managerial and IT worlds.

If you wish to be a part of these two days examining the current state of Digital Forensic practice - then send in your abstract (150 words).

Presentations are accepted in three themes:
1)      Cases: Legal Cases, Employer Risk, Professional Practice, Standardisation
2)      Tools: Reliability, Functionality, Testing, Development, Demonstrations
3)      Techniques: Mobile Devices, Extraction Practices,  Preservation Skills, Network Forensics,
         Environmental Forensics, CCTV & Image/Visual Intelligence, GPS, Seganographic
         techniques

iOS Forensics: The death of data carving

With the iPhone encryption system...foremost...scalpel...mmm...:(...they are obsolete.

Btw, I've completed my research on iPhone anti-forensics :)...writing another paper.

The iOS won't be able to detect it...hahaha

Hacking effaceable area...lwvm...IOKit...etc...etc...mmm...

iOS Forensics: cprotect.h

It is important for you to understand this attribute.

struct cp_xattr {
 u_int16_t xattr_major_version;
 u_int16_t xattr_minor_version;
 u_int32_t flags;
 u_int32_t persistent_class;
 u_int32_t key_size;
 uint8_t  persistent_key[CP_WRAPPEDKEYSIZE]; 
}; 

Playing around with iPhone...:) 

iOS Forensics: iPad 2 - A Step by Step Guide

I'm so relief :)...iOS paper submitted. Not easy...:(...but manage to break the hierarchical encryption file system - cryptography.

Mmm...EMF, DKey and per-file keys.

3334ef111ea88f66abcccbe5606f777cafc91f5e7932a666cb77a45cb75d888b

Most importantly, how you do it in a "forensically sound" manner (needed by digital forensics practitioners).

Next is iPad 2 forensics!

Intelligent Computation on Pattern Analysis and Robotics

http://www.ftsm.ukm.my/icpair/index.php?option=com_content&view=article&id=62&Itemid=67

The Sixth International Workshop on Digital Forensics (WSDF 2013)

If you plan to attend a Digital Forensics Workshop.

http://www.ares-conference.eu/conf/index.php?option=com_content&view=article&id=49&Itemid=95 

To be held in conjunction with the 8th International Conference on Availability, Reliability and Security (ARES 2013 – http://www.ares-conference.eu).

September 2nd – 6th, 2013, University of Regensburg, Regensburg, Germany.

Digital forensics is a rapidly evolving field primarily focused on the extraction, preservation and analysis of digital evidence obtained from electronic devices in a manner that is legally acceptable. Research into new methodologies tools and techniques within this domain is necessitated by an ever-increasing dependency on tightly interconnected, complex and pervasive computer systems and networks. The ubiquitous nature of our digital lifestyle presents many avenues for the potential misuse of electronic devices in crimes that directly involve, or are facilitated by, these technologies. The aim of digital forensics is to produce outputs that can help investigators ascertain the overall state of a system. This includes any events that have occurred within the system and entities that have interacted with that system. Due care has to be taken in the identification, collection, archiving, maintenance, handling and analysis of digital evidence in order to prevent damage to data integrity. Such issues combined with the constant evolution of technology provide a large scope of digital forensic research. WSDF aims to bring together experts from academia, industry, government and law enforcement who are interested in advancing the state of the art in digital forensics by exchanging their knowledge, results, ideas and experiences. The aim of the workshop is to provide a relaxed atmosphere that promotes discussion and free exchange of ideas while providing a sound academic backing. The focus of this workshop is not only restricted to digital forensics in the investigation of crime. It also addresses security applications such as automated log analysis, forensic aspects of fraud prevention and investigation, policy and governance. 

Topics of interest comprise but are not limited to:

Digital Evidence Network Forensics Anti Forensics Physical Memory Acquisition and Analysis Digital Forensic Information Visualisation Fraud Investigations Involving Technology Portable Devices

Cyber Terrorism Log Analysis Risk and Incident Management Investigative Case Studies Data Hiding Techniques and Steganography Novel Data Recovery Techniques Cyber Crime

Submission deadline extended to April 2nd, 2013.

Program Committee

• Aswami Ariffin, CyberSecurity Malaysia and University of South Australia
• Aniello Castiglione, University of Salerno
• Raymond Choo, University of South Australia
• Kam-Pui Chow, Hong Kong University
• Simson Garfinkel, Naval Postgraduate School, US
• Chris Hargreaves, Cranfield University, UK
• Grant Osborne, University of South Australia
• Vassil Roussev, University of New Orleans
• Robert Taylor, South Australian Police, Australia
• Simon Tjoa, St. Pölten University of Applied Sciences, Austria
• Vrizlynn Thing, National University of Singapore
• Benjamin Turnbull, Defence Science Technology Organisation, Australia
• Hein Venter, University of Pretoria, South Africa
• Stefano Zanero, Politecnico di Milano