The infamous Conficker computer virus (also known as Downup, Downadup and Kido) appears to be making a comeback. In this past week we've seen two clients from different industries attacked by this worm. The worm uses a combination of advanced malware techniques, which has made it difficult to counter and has since spread rapidly into what is now believed to be the largest computer worm infection since the 2003 SQL Slammer.
At a minimum, all your computer systems should be updated with the latest virus definations and Microsoft has released a removal guide for the worm, and recommends using the current release of its Windows Malicious Software Removal Tool to remove the worm, then applying the patch to prevent re-infection.
Read more!
Showing posts with label data forensics. Show all posts
Showing posts with label data forensics. Show all posts
Thursday, July 30, 2009
Thursday, May 28, 2009
Identity Theft: Duty of Care to a Non-Customer
Identity theft is big business, but it also makes finding the perpetrator of a crime that more difficult. Financial and fraud investigators need to look at more then just the raw data they need to get the whole picture and story before jumping the gun. As an example, the following linked article demonstrates how being a little to quick to identify the frauster lead to the wrong person. >Identity Theft: Stutzman on a Bank's Duty of Care to a Non-Customer: It just goes to show that a what appears to be a smoking gun, isn't always the truth. Our Forensic Technology Team understands this and helps you work through these investigations methodically and with due care.
Read more!
Read more!
Friday, May 8, 2009
Best Practice for Digital Forensics
We run into some very interesting situations with our clients. Sometimes you just can't make this stuff up. We've seen clients with former employees breaking back in to system to cause havoc to conducting covert data acquisition in the middle of the night of current employees suspected of wrongdoing. Often times companies are left to balance the need to get to information and gathering that information in a manner that doesn't trample all over the effectiveness of the data.
As an example, say you are laying off a key individual in your company and they have information on their laptop that you need. One approach would be just to have your technical support team come in and copy off the data via Windows copy or use Ghost to make a copy of hard drive. These two options will get the data copied, but at what cost?
Read more!
As an example, say you are laying off a key individual in your company and they have information on their laptop that you need. One approach would be just to have your technical support team come in and copy off the data via Windows copy or use Ghost to make a copy of hard drive. These two options will get the data copied, but at what cost?
- Will you have access to deleted data?
- What if the data collected reveals criminal behavior or behavior that warrants litigation - do you have the data collected in a manner that can be used in court?
- Have you taken the steps to be able to show a clear picture of what occured on the computer?
- Document everything.
- Never mishandle data. [case example]
- Never work on the original data.
- Never trust the custodian’s software/hardware.
- Maintain chain-of-custody throughout the process.
- Only use courtroom admissible and licensed tools. [see NIST CFTT]
- Be sure to be fully trained in the use of digital forensic tools.
- Don’t forget other devices such as PDAs, Blackberries, iPhones etc. [see Paraben]
- Use write-blocking hardware when doing physical acquisitions.
- Call an expert if you can't do any of the above!
Read more!
Monday, February 2, 2009
SecureState Speaks at ShmooCon 2009
SchmooCon for SecureState! SecureState's Dave Kennedy and Matt Neely will be speaking at ShmooCon in Washington, D.C., the annual East coast hacker convention hell-bent on offering three days of an interesting atmosphere for demonstrating technology exploitation, inventive software & hardware solutions, and open discussions of critical infosec issues. The first day is a single track of speed talks, One Track Mind. The next two days, there are three tracks: Break It!, Build It!, and Bring It On!.
Principal at SecureState, Dave Kennedy focuses on the technical side of security, performing penetration tests, source code review, web application security, data forensics, electronic discovery and wireless assessments. Prior to SecureState, Dave worked for the National Security Agency (N.S.A.) and has worked with some of the nations most elite security groups. Dave is also the author of Fast-Track, an open-source penetration testing suite available in Linux, has previously presented at Defcon, and is a contributor to the BackTrack distributions.
Dave's presentation (The Fast-Track Suite: Advanced Penetration Techniques Made Easy) will be the last talk in the Bring It On! track where he will discuss attacks in detail and also release the newest version of Fast-Track.
Matt Neely, Profiling Manager at SecureState, will be presenting "Radio Reconnaissance in Penetration Testing - All Your RF Are Belong to Us," in the first talk of Bring It On! track this Saturday.
Read more!
Principal at SecureState, Dave Kennedy focuses on the technical side of security, performing penetration tests, source code review, web application security, data forensics, electronic discovery and wireless assessments. Prior to SecureState, Dave worked for the National Security Agency (N.S.A.) and has worked with some of the nations most elite security groups. Dave is also the author of Fast-Track, an open-source penetration testing suite available in Linux, has previously presented at Defcon, and is a contributor to the BackTrack distributions.
Dave's presentation (The Fast-Track Suite: Advanced Penetration Techniques Made Easy) will be the last talk in the Bring It On! track where he will discuss attacks in detail and also release the newest version of Fast-Track.
Matt Neely, Profiling Manager at SecureState, will be presenting "Radio Reconnaissance in Penetration Testing - All Your RF Are Belong to Us," in the first talk of Bring It On! track this Saturday.
Read more!
Subscribe to:
Posts (Atom)
Posts
