1300 222 547
Archive for May, 2009
Computer Forensics – Swine `Flu Scammers: 3 Live Case Stories
The US Better Business Bureau [BBB] says more than 250 website domain names have so far been registered with the term “swine flu”. The fear is that many of these will be used to commit fraud and scam consumers. The BBB is especially warning internet users not to take up offers to purchase swine flu vaccines as no such thing exists.
As the internet continues to make the world smaller and allows us to communicate with each other around the globe, scammers utilize the same networks to infiltrate computer systems. The scammers quickly seize upon world events in the news as a means to mount their attacks on unsuspecting victims. Recent examples include phishing attempts by sending emails with the subject titles of `Italian Earthquake latest news’ and of course `Swine flu latest news’ as an inducement to get the recipients to view the email and open attachments posing as images.
Wikipedia defines phishing as “the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication”. The Scammers also seek to infect computer systems with viruses, trojans and key-stroke logging programs as a method to steal information. This activity can result in the unauthorised copying, manipulation & deletion of files or logs on a computer system. There is now an established industry seeking to combat these attacks, including companies such as Norton and AVG.
Attacks using phishing or trojans applications are usually discovered only after the event. This often results in the system administrator or users being the first to note that files have been altered or deleted, or else data have been copied without authority. At this point, administrators often turn to experts in computer forensics or digital forensics to ascertain the extent of the compromise, what information has been altered / deleted / moved / copied.
Computer hard disk drive sold on eBay ‘had details of top secret U.S. missile defence system’
The perils of failing to properly dispose of computer hard drives, raids or other digital storage mediums was brought into sharp focus over the past week after media reports disclosed that a top secret plans for a US military missile was found on a secondhand hard drive.
Computer forensics, the discipline of recovering data from a hard disk drive or other digital medium, has become better known in recent years as highly sensitive data such as photos or personal details have been lifted by the authorities, researchers or criminals. Cyber crime and data misuse has become a real threat to individuals and corporations as their sensitive data is exposed whenever a hard disk drive is improperly disposed of.
In this most recent example of this issue, media reports featured an ongoing research project conducted by three universities – Longwood University in the USA, Glamorgan University in the UK and Edith Cowan University in Western Australia plus BT [British Telecom] and Sims Recycling Solutions.
The project is in its fourth year and the purpose is to create public attention as to the risk to personal and corporate data posed by carelessly discarded computer equipment which often contains massive amounts of unsecured personal and commercial data. The technicians involved in the study used applications and tools that are available from the internet and can be used by someone with simple knowledge of computers to recover the data left on the drives. The technicians often found that the data was readily readable as it had not even been deleted or wiped using basic instructions.
Computer Forensics - How to Leverage Data Recovery for Use in Court
One of the first questions you can expect to be asked in the computer forensics field is: What exactly are you hoping to find on the Hard Drive?
It is actually a difficult question to accurately respond to. The short answer would be “evidence”, but what that evidence is exactly, varies from case to case. It might be something as simple as a few stolen documents on the suspect’s C: drive, or it might be something much more subtle, such as a login record showing the suspect was on the computer at a certain time on a certain day.
It is the same with crime scene forensics. What is the detective looking for exactly? It might be evidence like a thumbprint or a hair sample, something linking an individual to the crime scene, or it could be something that seems entirely unrelated. Many of us have seen the detective shows where the culprit is caught because he left behind a single thread of his shirt. Computer forensics is very similar in that every case will have a different definition of what constitutes a chain of evidence.
Of course, a slightly trickier question would be: What right do you have to access the suspect’s computer in the first place?
