I ran into this link over on Sunbelt Blog. It's a story about Meth addicts using ID Theft to fund their addictions.
The article, appearing in USA Today, offers some eye opening insight as to how this section of the criminal underground operates.
A lot of the initial information gathering by the group was done through dumpster diving and picking through trash (until the group went global) at companies that should know better.
Be diligent when it comes to destroying papers containing your sensative data. Buy yourself a paper shredder, for starters.
What do you do when companies with your data are lax in their procedures?
Staying familiar with your account and credit card transactions will help you notice anything out of the ordinary.
Thursday, December 15, 2005
Friday, December 09, 2005
Regular Tools to Make Your Security Life Easier - II
I ran across VirusTotal.com today. VirusTotal offers the scanning of any file uploaded to their website and does so through the use of multiple A/V products. The site does come with a caveat:
Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file.That should be obvious to anyone in information security, but it's a good reminder nevertheless. This page has a list of the A/V products used to scan the files.
Monday, December 05, 2005
Regular Tools to Make Your Security Life Easier
Today, I ran into a couple of problems switching back and forth between computers. Changing back and forth between keyboards and mice was getting to be a pain.
A coworker pointed me to the following tools:
Synergy was the answer to my problems. Synergy allows you to use two separate monitors attached to two separate machines and share a keyboard, mouse, and clipboard between the two.
In my case, I was switching back and forth between my Windows XP desktop and my PowerBook G4 laptop. Synergy installs on both machines (including Linux).
I chose to run the server on my Windows machine and the client on my OS X laptop. Configuration is self explanatory and can be easily adjusted from the sample .conf file.
Obviously, this would work best if you could actually see both monitors at the same time like a traditional dual monitor setup.
The second application was GeekTool.
A coworker pointed me to the following tools:
Synergy was the answer to my problems. Synergy allows you to use two separate monitors attached to two separate machines and share a keyboard, mouse, and clipboard between the two.
In my case, I was switching back and forth between my Windows XP desktop and my PowerBook G4 laptop. Synergy installs on both machines (including Linux).
I chose to run the server on my Windows machine and the client on my OS X laptop. Configuration is self explanatory and can be easily adjusted from the sample .conf file.
Obviously, this would work best if you could actually see both monitors at the same time like a traditional dual monitor setup.
The second application was GeekTool.
GeekTool is a PrefPane (System Preferences module) for Panther or Jaguar to show system logs, unix commands output, or images (i.e. from the internet) on your desktop (or even in front of all windows).A screenshot of GeekTool in action can be seen here.
Wednesday, November 30, 2005
Forensic Tools: FTK - Part II, Adding Evidence
In the first installment of Forensic Tools: FTK I talked a litte bit about what FTK is and does and also installing the FTK Demo version on a Windows computer. In this installment we'll talk about adding an image as evidence to a case. Screenshots visually describing the process described in this post can be found on the Infosecisms Flickr page.
Important Notice (the first three lines of ABOUT FTK):
First, open FTK and you get to see the lovely reminder that the Demo version of FTK can only handle 5,000 files (Pic 2). That's ok because AccessData was nice enough to give us this version for FREE. Besides, if you are serious about using FTK as a professional invesitgation tool this version should give you enough information for you to figure out if you like it. Then, you can pay for it or get your company to pay.
On to the "evidence". First, we need some "evidence" to learn the ins and outs of FTK. A good place for test images is the Digital Forensics Tool Testing Images website which is run by Brian Carrier, who also happens to be the author of Autopsy and The Sleuth Kit. For this exercise, I'll use the Basic Data Carving Test #1 image. Download, save, and unzip the image into a directory of your choosing.
Open FTK and you'll be presented with a dialogue asking you to Start a New Case, Open an existing case, Preview evidence, or Go Directly to using the program. Since we're budding FTK users and forensic investigators, we'll choose "Start a New Case". (Pic 3)
This choice will bring us to the wizard for creating a new case. Enter the appropriate information for yourself (the investigator) and the case and press Next. (Pic 4)
Take the default settings on the next two windows. On "Processes to Perform", check all of the available options. (Pic 5)
When you get to the "Add Evidence to Case" window, click "Add Evidence". (Pic 6)
Choose add an "Acquired Image of Drive". Pic 7
Browse to the image you wish to add and select it. In this case, I choose "12-carve-ext2.dd" and press "Open". (Pic 8)
Add any relevant image information on the following screen and click "Ok". When you have added all of the "evidence" that you want to the case, click "Next" on the "Add Evidence to Case" window. Click "Finish" to finish the case setup.
Once the case setup is done, FTK will process the "evidence" (Pic 9)that was added to the case. For larger images this may take some time. However, for our example it shouldn't take very long.
Ok, now we have an image added to a case (Pic 10).
Now what? "What" is the topic for the next installment of Forensic Tools: FTK.
In the meantime, feel free to browse around and figure some things out. After all, while you are still learning is the best time to make mistakes and learn the intricacies of a program. Until next time...
Important Notice (the first three lines of ABOUT FTK):
FOR TRAINING AND DEMO PURPOSES ONLY. PER THIS PROGRAM'S LICENSE AGREEMENT, COMPUTER FORENSICS INFORMATION GATHERED FROM A NON-LICENSED VERSION OF THE FTK IS NOT ADMISSIBLE IN COURT AS EVIDENCE. (Pic 1)Ok, now that you have FTK installed (along with KFF), it's time to start adding "evidence" to a case as you would during an investigation. Keep in mind that this is a guide for using FTK and NOT a guide for conducting a forensic investigation.
First, open FTK and you get to see the lovely reminder that the Demo version of FTK can only handle 5,000 files (Pic 2). That's ok because AccessData was nice enough to give us this version for FREE. Besides, if you are serious about using FTK as a professional invesitgation tool this version should give you enough information for you to figure out if you like it. Then, you can pay for it or get your company to pay.
On to the "evidence". First, we need some "evidence" to learn the ins and outs of FTK. A good place for test images is the Digital Forensics Tool Testing Images website which is run by Brian Carrier, who also happens to be the author of Autopsy and The Sleuth Kit. For this exercise, I'll use the Basic Data Carving Test #1 image. Download, save, and unzip the image into a directory of your choosing.
Open FTK and you'll be presented with a dialogue asking you to Start a New Case, Open an existing case, Preview evidence, or Go Directly to using the program. Since we're budding FTK users and forensic investigators, we'll choose "Start a New Case". (Pic 3)
This choice will bring us to the wizard for creating a new case. Enter the appropriate information for yourself (the investigator) and the case and press Next. (Pic 4)
Take the default settings on the next two windows. On "Processes to Perform", check all of the available options. (Pic 5)
When you get to the "Add Evidence to Case" window, click "Add Evidence". (Pic 6)
Choose add an "Acquired Image of Drive". Pic 7
Browse to the image you wish to add and select it. In this case, I choose "12-carve-ext2.dd" and press "Open". (Pic 8)
Add any relevant image information on the following screen and click "Ok". When you have added all of the "evidence" that you want to the case, click "Next" on the "Add Evidence to Case" window. Click "Finish" to finish the case setup.
Once the case setup is done, FTK will process the "evidence" (Pic 9)that was added to the case. For larger images this may take some time. However, for our example it shouldn't take very long.
Ok, now we have an image added to a case (Pic 10).
Now what? "What" is the topic for the next installment of Forensic Tools: FTK.
In the meantime, feel free to browse around and figure some things out. After all, while you are still learning is the best time to make mistakes and learn the intricacies of a program. Until next time...
Forensic Tools: Forensic Tool Kit (FTK) from AccessData
Forensic Tool Kit (FTK) from AccessData:
FTK is a forensic tool for use on Windows. The tool overview page also gives a good description of FTK's other qualities but I'll leave that bit of reading up to you. I have used FTK in a classroom setting, personal use, and recovering data from corrupted disks and files for other people.
I have never used it in an official investigation however the professor who taught the forensic class that I took does have extensive law enforcement experience so that is good enough for me.
First of all we need to download and install FTK. As you will see on the download page, the version of FTK is the Demo Version 1.60.
Be advised that it will only handle 5,000 files or less in any case added to it. Also, you will want to download and install the Known File Filter (KFF).
The KFF is a collection of standard operating system and program files, known child porn and other potential evidence files, and hash datasets. It basically makes it easy for you to identify a file as "known" that otherwise would make you chase it down to identify its use or purpose.
FTK download site:
http://www.accessdata.com/Product04_Download.htm
Download and install FTK and the KFF. You can either download it as a whole or in parts, whichever is better for your situation (bandwidth, time, etc). The KFF is quite large at 183MB so you might want to download it overnight or somewhere with a fast connection.
You will need administrator access to your machine to do the installation. Double-clicking on the setup files should take care of everything. I used the default values for the install.
In the next installment, I'll show you how to add an image to a case and we'll start browsing around the application.
offers law enforcement and corporate security professionals the ability to perform complete and thorough computer forensic examinations. The FTK features powerful file filtering and search functionality. FTK's customizable filters allow you to sort through thousands of files to quickly find the evidence you need. FTK is recognized as the leading forensic tool to perform e-mail analysis.
FTK is a forensic tool for use on Windows. The tool overview page also gives a good description of FTK's other qualities but I'll leave that bit of reading up to you. I have used FTK in a classroom setting, personal use, and recovering data from corrupted disks and files for other people.
I have never used it in an official investigation however the professor who taught the forensic class that I took does have extensive law enforcement experience so that is good enough for me.
First of all we need to download and install FTK. As you will see on the download page, the version of FTK is the Demo Version 1.60.
Be advised that it will only handle 5,000 files or less in any case added to it. Also, you will want to download and install the Known File Filter (KFF).
The KFF is a collection of standard operating system and program files, known child porn and other potential evidence files, and hash datasets. It basically makes it easy for you to identify a file as "known" that otherwise would make you chase it down to identify its use or purpose.
FTK download site:
http://www.accessdata.com/Product04_Download.htm
Download and install FTK and the KFF. You can either download it as a whole or in parts, whichever is better for your situation (bandwidth, time, etc). The KFF is quite large at 183MB so you might want to download it overnight or somewhere with a fast connection.
You will need administrator access to your machine to do the installation. Double-clicking on the setup files should take care of everything. I used the default values for the install.
In the next installment, I'll show you how to add an image to a case and we'll start browsing around the application.
Forensic Tools
From time to time I will review digital forensic tools that I run across in my daily use or read about online. Mostly, the tools will be free to use but every once in a while I'll run across a tool that has a free or trial version.
As of now I have plans to review Forensic Tool Kit (FTK) from AccessData, Autopsy and The Sleuth Kit, pstools from sysinternals.com, and netcat. I'll add more to the list as I go and if you have any suggestions leave a comment. Thanks.
As of now I have plans to review Forensic Tool Kit (FTK) from AccessData, Autopsy and The Sleuth Kit, pstools from sysinternals.com, and netcat. I'll add more to the list as I go and if you have any suggestions leave a comment. Thanks.
Monday, November 28, 2005
Keeping up with the Joneses
With the SANS Top 20 Vulnerabilities list coming out on a yearly basis, information security professionals cannot afford to entirely rely on just one yearly source of information.
That is why security professionals should be subscribed to one or more (preferrably more) security mailing lists to stay on top of the latest happenings in information security.
One such list to subscribe to is the @RISK: The Consensus Security Alert:
That is why security professionals should be subscribed to one or more (preferrably more) security mailing lists to stay on top of the latest happenings in information security.
One such list to subscribe to is the @RISK: The Consensus Security Alert:
Delivered every Thursday morning, @RISK first summarizes the three to eight vulnerabilities that matter most, tells what damage they do and how to protect yourself from them, and then adds a unique feature: a summary of the actions 15 giant organizations have taken to protect their users.Two more great lists are the US-CERT Technical Cyber Security Alerts and Bugtraq.
Subscribe to:
Posts (Atom)