FREE VOL. 1 NO. 1
ORACLE FORENSICS Detection of Attacks Through Default Accounts and Passwords in Oracle
•
ADVANCED ADV ANCED STEGANOGRAPHY: ADD SILENCE TO SOUND
•
LIVE CAPTURE PROCEDURE PROCEDURES S
•
MOBILE PHONE FORENSICS: HUGE CHALLENGE OF THE FUTURE
•
ISSUES IN MOBILE DEVICE FORENSICS
•
INVESTIGATING FRAUD IN WINDOWS-BASED DRIVING EXAMINATION THEORY SYSTEMS AND SOFTWARE
•
DRIVE AND PARTITION CARVING PROCEDURES Issue 1/2012 (1) July
www.eForensicsMag.com
1
Titles you can't find anywhere else
Try Scribd FREE for 30 days to access over 125 million titles without ads or interruptions! Start Free Trial Cancel Anytime.
Titles you can't find anywhere else
Try Scribd FREE for 30 days to access over 125 million titles without ads or interruptions! Start Free Trial Cancel Anytime.
infrastructure devices, you can speed up the audit process without compromising the detail. You You can customize the audit policy for your customer’s specific requirements (e.g. password policy), audit the de vice to that policy and then create the report detailing the issues identified. The reports can include device specific mitigation actions and be customized with your own companies styling. Each report can then be saved in a variety of formats for management of the issues.
Although various tools exist that can examine some elements of a configuration, the assessment would typically end up being a largely manual process. Nipper Studio is a tool that enables penetration testers, and non-security professionals, to quickly perform a detailed analysis of network infrastructure devices. Nipper Studio does this by examining the actual configuration of the device, enabling a much more comprehensive and precise audit than a scanner could ever achieve. With Nipper Studio penetration testers can be experts in every device that the software supports, giving them the ability to identify device, version and configuration specific issues without having to manually reference multiple sources of information. With support for around 100 firewalls, routers, switches and other
Ian has been working with leading global organizations and government agencies to help improve computer security for more than a decade. He has been accredited by CESG for his security and team leading expertise for for over 5 years. In 2009 2009 Ian Whiting Whiting founded Titania Titania with the aim of of producing security auditing software products that can be used by non-security specialists and provide
Titles you can't find anywhere else
Try Scribd FREE for 30 days to access over 125 million titles without ads or interruptions! Start Free Trial Cancel Anytime.
Dear Readers!
Logo eForensics Magazine napis Free TEAM Editor: Aleksandra Bielska aleksandra.bielska@sotware.com.pl Associate Editors: Sudhanshu Chauhan (sudhanshu.chauhan@sotware.com.pl), Praveen Parihar (praveen.parihar@sotware.com.pl), (praveen.parihar@sotware.co m.pl), Hussein Rajabali (hussein.rajabali@sotware.com.pl) Betatesters/Proofreaders: Nicolas Villatte, Je Weaver, Danilo Danilo Massa, Cor Massar, Jason Lange, Lange, Himanshu anand, Dan Hill, Raymond Morsman, Alessandro Fiorenzi, Nima Majidi, Dave Mikesch, Brett Shavers, Cristian Bertoldi, Jacopo Lazzari, Juan Bidini, Olivier Cale, Johan Snyman Senior Consultant/Publisher: Paweł Marciniak CEO: Ewa Dudzic ewa.dudzic@sotware.com.pl Art Director: Mateusz Jagielski
[email protected] DTP: Mateusz Jagielski Production Director: Andrzej Kuca
[email protected] Marketing Director: Ewa Dudzic Publisher: Sotware Media Sp. z o.o. SK 02-682 Warszawa, ul. Bokserska 1 Phone: 1 917 338 3631 www.eorensicsmag.com
DISCLAIMER! The techniques described in our articles may only be used in private, local networks. The editors hold no responsibility for misuse of the presented techniques or consequent data loss.
Digital forensics is a very young eld of science but nowadays it’s becoming more and more popular. Although it was originally designed for invesga ng crimes, soon it has become a big part of com puter systems engineering and contributed to the development of mobile devices. To meet your professional interests we have created a new publica on devoted to digital forensic issues. I present to you our rst eForensics ospring - eForensics Free Magazine. It’s a monthly compilaon of the best arcles from four tles: eForensics Mobile, eForensics Computer, Computer, eForensics Database and eForensics Network. Within the issue of eForensics Free you will nd two posions concerning mobile forensics, an ar cle about network forensics, three pieces focused on computer forensics and an arcle about database forensics. The arcle created by M-Tahar Kechadi and La mine Aoud will discuss an increasingly important role of mobile forensics in criminal invesgaons, law disputes and in informaon security. Eamon Doherty will describe tools used to recover data from mobile devices. Craig S. Wright will introduce you to free tools which can be used to create a powerful network forensics and incident response toolkit. Arup Nan da will show you how to idenfy idenfy potenal aacks aacks by adversaries through default accounts. George Chlapoutakis guides you step by step through digi tal forensic invesga invesgaon. on. Last but not least, I would like to announce the beginning of two arcle series. One of them, by Craig S. Wright, Wright, will take take you through the process process of carving les from a hard drive . The other, by Praveen Parihar, Parihar, will take you on a journey through t hrough advanced Steganography.
Titles you can't find anywhere else
Try Scribd FREE for 30 days to access over 125 million titles without ads or interruptions! Start Free Trial Cancel Anytime.
MOBILE
6 . ISSUES IN MOBILE DEVICE FORENSICS by Eamon Doherty
This article discusses some of the mobile devices and accessories that one may encounter on a suspect during an investigation, examples of usage of these mobile devices and accessories and the tools that one can use to examine them. The article also starts off with some certications that make one more marketable in this emerging eld. In this article author discusses using tools such as Access Data’s FTK, Guidance Software’s Encase, and RecoverMyFiles to recover evidence from a digital camera with a FAT FAT le system.
12. MOBILE PHONE FORENICS: HUGE CHALLENGE OF THE FUTURE by M-Tahar Kechadi, Lamine Aouad While the processes and procedures are well established in traditional hard drive based computer forensics, their counterparts for the rapidly emerging mobile ecosystem have proven to be much more challenging. In this article author shares some thoughts about the reasons leading to this, as well as the current state of mobile digital forensics, what is needed, and what to expect in the future.
8. LIVE CAPTURE PROCEDURES by Craig S. Wright
NETWORK
As we move to a world of cloud based systems, we are increasingly nding that we are required to capture and analyse data over networks. Once, analysing a disk drive was a source of incident analysis and forensic material. Now we nd that we cannot access the disk in an increasingly cloud based and remote world requiring the use of network captures. This is not a problem however. The tools that are freely available in both Windows and Linux offer a means to capture trafc and carve out the evidence we require. In this article author i ntroduces a few tools that, although free, can be used together to create a powerful network forensics and incident response toolkit.
24. ADVANCED STEGANOGRAPHY: ADD SILENCE TO SOUND by Praveen Parihar
COMPUTER
Steganography is a very comprehensive topic for all techno-geeks because it involves such an interesting and comprehensive analysis to extract the truth, as we have heard this term many times in the context of terrorist activities and their communications. In this article author discusses methods of Steganography. Steganography.
28. INVESTIGATING FRAUD IN WINDOWS-BASED DRIVING EXAMINATION THEORY SYSTEMS AND SOFTWARE by George Chlapoutakis Fraud can take many forms, can take place practically anywhere, any when and any how. Theoretical driving exa minations are now computerized in most parts of the world and the overwhelming majority of such systems tend to have some to no security at all, relying instead on the invigilators of the exam to catch those suspected of fraud. But, what happens when the invigilators fail and you, the digital forensic investigator, is asked to look into the ca se?In this article author shares his experience from the point of view of the digital forensics investigator.
32. DRIVE AND PARTITION CARVING PROCEDURES by Craig S. Wright This article is the start of a series of papers that will take the reader through the process of carving les from a hard drive. We explore the various partition types and how to determine these (even on formatted disks), learn what the starting sector of each partition is and also work through identifying the length the sector for each partition. In this, we cover the last two bytes of the MBR and why they are important to the forensic analyst. We start by learning about hard disk drive geometry. In this article author takes the reader through the process of carving les from a hard drive.
38. DETECTION OF ATTACKS THROUGH DEFAUL ACCOUNTS AND PASSWORDS IN ORACLE
DATABASE
Titles you can't find anywhere else
Try Scribd FREE for 30 days to access over 125 million titles without ads or interruptions! Start Free Trial Cancel Anytime.
MOBILE
Titles you can't find anywhere else
Try Scribd FREE for 30 days to access over 125 million titles without ads or interruptions! Start Free Trial Cancel Anytime.
Titles you can't find anywhere else
Try Scribd FREE for 30 days to access over 125 million titles without ads or interruptions! Start Free Trial Cancel Anytime.
CYBER CRIME LAWYERS
Pannone are one o the frst UK frms to recognise the need or specialist cyber crime advice. We can both deend and prosecute matters on behal o private individuals and corporate bodies. We are able to examine material or secure evidence in-situ and will then represent your needs at every step o the way. Our team has a wealth o experience in this growing area and are able to give discrete, specialist advice.
Titles you can't find anywhere else
Try Scribd FREE for 30 days to access over 125 million titles without ads or interruptions! Start Free Trial Cancel Anytime.
Titles you can't find anywhere else
Try Scribd FREE for 30 days to access over 125 million titles without ads or interruptions! Start Free Trial Cancel Anytime.
MOBILE
MOBILE PHONE FORENSICS: HUGE CHALLENGE OF THE FUTURE While the processes and procedures are well established in traditional hard drive based computer orensics, their counterparts counterpar ts or the rapidly emerging mobile ecosystem have proven to be much more challenging. This article shares some thoughts about the reasons leading to this, as well as the current state o mobile digital orensics, what is needed, and what to expect expec t in the uture.
The information and data era is rapidly evolving. As a result, there has been an exponential growth of consumer electronics, and especially mobile devices over the past few years, with ever-increasing trends and forecasts for the coming years. Mobile devices have already overtaken PCs, and mobile data trafc is expected to increase 18-fold over the next ve years to approach 11 Exabyte per month, according to Cisco systems [1]. Their computing power, storage, and functionality have tremendously increased. Phones have been transformed from simple handheld devices, essentially emitting and receiving calls or text messages, into highly effective devices
suspect he was about to arrest was using his smartphone to listen to the police secure channels streaming via the Internet! [2]. All classes of crimes can involve some type of digital evidence (a photo, a video, a received or emitted call, messages, web pages, etc.). These devices are also commonly used is social networking nowadays, and in carrying out sensitive operations online, including online banking, shopping, electronic reservations, etc. Hacking becomes then a huge problem. In February 2011, hackers were remotely monitoring the calls made and received from about 150,000 infected mobile devices in China [3]. Another example is the Zeus man-in-the
Titles you can't find anywhere else
Try Scribd FREE for 30 days to access over 125 million titles without ads or interruptions! Start Free Trial Cancel Anytime.
Titles you can't find anywhere else
Try Scribd FREE for 30 days to access over 125 million titles without ads or interruptions! Start Free Trial Cancel Anytime.
Titles you can't find anywhere else
Try Scribd FREE for 30 days to access over 125 million titles without ads or interruptions! Start Free Trial Cancel Anytime.
Titles you can't find anywhere else
Try Scribd FREE for 30 days to access over 125 million titles without ads or interruptions! Start Free Trial Cancel Anytime.
NETWORK
LIVE CAPTURE PROCEDURES As we move to a world o cloud based systems, we are increasingly fnding that we are required to capture and analyse data over networks. Once, analysing a disk drive was a source o incident analysis and orensic material. Now we fnd that we cannot access the disk in an increasingly cloud based and remote world requiring the use o network captures. This is not a problem however. however. The tools that are reely available in both Windows and Linux oer a means to capture traffic and carve car ve out the t he evidence evid ence we require. req uire. As we move to a world of cloud based systems, we are increasingly nding that we are required to capture and analyse data over networks. To do this, we need to become familiar with the various tools that are available for these purposes. In this article, we look at a few of the more common free tools that will enable you to capture trafc for analysis within your organisation. Once, analysing a disk drive was a source of incident analysis and forensic material. Now we nd that we cannot access the disk in an increasingly cloud based and remote world requiring the use of network captures. This is not a problem however. The tools that are freely available in both Windows and Linux offer a means to capture trafc and carve out the evidence we require. For this reason alone we would require the ability to capture and analyse data over networks, but when we start to add all
Tcpdump Tcpdump uses the libpcap library. This can capture trafc from a le or an interface. This means that you can save a capture and analyse it later. This is a great aid in incident response and network forensics. With a le such as, “capture.pcap”, we can read and display the data using the „-r” flag. For instance: tcpdump -r capture. pcap will replay the data saved in the le, “capture.pcap”. By default, this will display the output to the screen. In reality, the data is sent to STDOut (Standard Out), but for most purposes the console and STDOut are one and the same thing. Using BPF (Berkley Packet Filters), you can also restrict the output - both collected and saved. In this way, you can collect all data to and from a host and then strip selected ports (or services) from this saved le. Some of the options that apply to tcpdump include (quoted with alterations from the Redhat
Titles you can't find anywhere else
Try Scribd FREE for 30 days to access over 125 million titles without ads or interruptions! Start Free Trial Cancel Anytime.
Titles you can't find anywhere else
Try Scribd FREE for 30 days to access over 125 million titles without ads or interruptions! Start Free Trial Cancel Anytime.
COMPUTER
ADVANCED STEGANO ADVANCED STEGANO-GRAPHY: ADD SILENCE TO SOUND Steganography is a very comprehensive topic or all techno-geeks because it involves such an interesting and comprehensive analysis to extract the truth, as we have heard this term many times in the context o terrorist activities and their communications.
Steganography means covert writing: writing : hiding condential Information into a cover le. This cover le can be in the form of pdf, xls, exe, jpeg, mp3 or mp4, etc. Least Significant Bit (LSB) Method is very famous & fascinating when Steganography is discussed because when we discuss the case study of hiding a secret text behind an image it actually sounds interesting, To understand this concept, rst we need to understand how an image is classied and what happens when a small bit is altered in an image which has been described below: Images are composed of small elements which are called pixels and we have basically three types of images. A pixel is the essential component of an image: 1) Black and white – each pixel is i s composed of a single bit and is either a zero or a one.
So, changing that LSB only affects 1/256th of the intensity and humans simply cannot perceive a difference. In fact, it is difcult to perceive a difference in 1/16th of an intensity change, so we can easily alter the 4 LSBs with little or no perceptible difference. Here we have shown these two images which illustrates why Steganography has become famous and how an image does not get distorted even if we embed secret or condential information.
Titles you can't find anywhere else
Try Scribd FREE for 30 days to access over 125 million titles without ads or interruptions! Start Free Trial Cancel Anytime.
Titles you can't find anywhere else
Try Scribd FREE for 30 days to access over 125 million titles without ads or interruptions! Start Free Trial Cancel Anytime.
Titles you can't find anywhere else
Try Scribd FREE for 30 days to access over 125 million titles without ads or interruptions! Start Free Trial Cancel Anytime.
COMPUTER
INVESTIGATING FRAUD IN WINDOWS-BASED WINDOWS-BASED DRIVING EXAMINA EXAMINATIO TION N THEORY SYSTEMS AND SOFTWARE Fraud can take many orms, can take place practically anywhere, any when and any how. how. Theoretical driving examinations are now computerized in most parts o the world and the overwhelming majority o such systems tend to have some to no security at all, relying instead on the invigilators o the exam to catch those suspected o raud. But, what happens when the invigilators ail and you, the di-
Titles you can't find anywhere else
Try Scribd FREE for 30 days to access over 125 million titles without ads or interruptions! Start Free Trial Cancel Anytime.
Titles you can't find anywhere else
Try Scribd FREE for 30 days to access over 125 million titles without ads or interruptions! Start Free Trial Cancel Anytime.
Titles you can't find anywhere else
Try Scribd FREE for 30 days to access over 125 million titles without ads or interruptions! Start Free Trial Cancel Anytime.
COMPUTER
DRIVE AND PARTITI ARTITION ON CARVING PROCEDURES This article ar ticle is the start star t o a series o papers that will take the reader through the process o carving fles rom a hard drive. We explore the various partition types and how to determine these (even on ormatted disks), learn what the starting sector o each partition is and also work through identiying the length the sector or each partition. In this, we cover the last two bytes o the MBR and why they are important to the orensic analyst. This process is one that will help the budding analyst or tester in gaining an understanding o drive partitions and hence how they can recover and carve these rom a damaged or ormatted drive. We We start by learning about hard disk drive geometry.
Titles you can't find anywhere else
Try Scribd FREE for 30 days to access over 125 million titles without ads or interruptions! Start Free Trial Cancel Anytime.
Titles you can't find anywhere else
Try Scribd FREE for 30 days to access over 125 million titles without ads or interruptions! Start Free Trial Cancel Anytime.
Titles you can't find anywhere else
Try Scribd FREE for 30 days to access over 125 million titles without ads or interruptions! Start Free Trial Cancel Anytime.
Global I.T. Security Training & Consulting www.mile2.com ? E R
In February 2002, Mile2 was established in response to the critical need for an international team of IT security training experts to mitigate threats to national and corporate security far beyond USA borders in the aftermath of 9/11.
U C
TM
E S K R
mile2 Boot Camps
O W T E N
A Network breach... Could cost your Job! R U O Y SI
Available Training Formats CISSPTM C)ISSO C)SLO ISCAP
GENERAL SECURITY TRAINING CISSP & Exam Prep Certied Information Systems Security Ocer Certied Security Leadership Ocer Info. Sys. Certication & Accred. Professional PENETRATION PENETRA TION TESTING (AKA ETHICAL HACKING)
1. 2. 3. 4. 5.
F2F CBT LOT KIT LHE
Classroom Based Training Self Paced CBT Live Online Training Study Kits & Exams Live Hacking Labs (War-Room)
Other New Courses!!
s n o i
Titles you can't find anywhere else
Try Scribd FREE for 30 days to access over 125 million titles without ads or interruptions! Start Free Trial Cancel Anytime.
Titles you can't find anywhere else
Try Scribd FREE for 30 days to access over 125 million titles without ads or interruptions! Start Free Trial Cancel Anytime.
Titles you can't find anywhere else
Try Scribd FREE for 30 days to access over 125 million titles without ads or interruptions! Start Free Trial Cancel Anytime.
DATABASE
DETECTION OF ATTACKS THROUGH DEFAULT ACCOUNTS AND PASSWORDS IN ORACLE An Oracle database comes with many deault userids (and, worse, well known deault passwords), which ideally shouldn’t have a place in a typical production database but database administrators may have orgotten to remove remove the accounts or lock them ater setting up production environment. This provides or one o the many ways an adversary attacks a database system – by attempting to guess the
Titles you can't find anywhere else
Try Scribd FREE for 30 days to access over 125 million titles without ads or interruptions! Start Free Trial Cancel Anytime.
Titles you can't find anywhere else
Try Scribd FREE for 30 days to access over 125 million titles without ads or interruptions! Start Free Trial Cancel Anytime.
Titles you can't find anywhere else
Try Scribd FREE for 30 days to access over 125 million titles without ads or interruptions! Start Free Trial Cancel Anytime.
In the Upcoming Issue of
FREE
Smartphone Forensics Smartphone & More More... ...
Titles you can't find anywhere else
Try Scribd FREE for 30 days to access over 125 million titles without ads or interruptions! Start Free Trial Cancel Anytime.
Titles you can't find anywhere else
Try Scribd FREE for 30 days to access over 125 million titles without ads or interruptions! Start Free Trial Cancel Anytime.
Titles you can't find anywhere else
Try Scribd FREE for 30 days to access over 125 million titles without ads or interruptions! Start Free Trial Cancel Anytime.
Titles you can't find anywhere else
Try Scribd FREE for 30 days to access over 125 million titles without ads or interruptions! Start Free Trial Cancel Anytime.
Now Hiring
Teamwork Innovation Quality
Titles you can't find anywhere else
Try Scribd FREE for 30 days to access over 125 million titles without ads or interruptions! Start Free Trial Cancel Anytime.
Titles you can't find anywhere else
Try Scribd FREE for 30 days to access over 125 million titles without ads or interruptions! Start Free Trial Cancel Anytime.
Titles you can't find anywhere else
Try Scribd FREE for 30 days to access over 125 million titles without ads or interruptions! Start Free Trial Cancel Anytime.
Titles you can't find anywhere else
Try Scribd FREE for 30 days to access over 125 million titles without ads or interruptions! Start Free Trial Cancel Anytime.
The Only Magazine about Pentesting