IWC CIR Blog

11/7/2014

The I.W.C.'s web series Cyber Secrets focuses on hacking, computer forensics, and information security. Created by the folks at InformationWarfareCenter.com, Cyber Secrets was developed for all levels of Internet citizens. From basic to advanced, you can learn more about real threats AND protection in cyberspace. Remember, Cyber Secrets at InformationWarfareCenter.com/Cyber-Secrets.html


9/30/2014
I've been working on a forensic case for a major retail chain and it never ceases to surprise me when aa major caper happens, there is a good chance that it is an inside job.  When the IT manager is in charge of the investigation and the evidence is still pointing to that same person, when does it become a conflict of interest in the eyes of the victim?.


4/26/2014
Data recovery has been needed since man started to write things down. Why? Because what ever medium they tried to store the data has always been susceptible to destruction. From earthquakes versus wall paintings to fire versus the library of Alexandria to head crashes versus your corporate file server. There has always been a weakness in how we have stored our information. While the risk mitigation to that sounds easy (back it up), the reality of the matter is that data loss happens all the time. When it does, there are 2 methods of data recovery.

1.)Physical recovery � Make sure the physical medium is functional
2.)Logical Recovery � Once the physical works, get the data

The data recovery process has 4 basic steps.

1.)Physical repair
2.)Image the device
3.)Recover the data
4.)Fix the data

Now to put this in perspective, the first method and the first step go together hand in hand. The second method is more of a software recovery that takes steps 2-4. Most people can do logical recovery with relatively inexpensive tools such as getdataback, rstudios, or even most of the forensic suites out there today. Physical recovery is an entirely different issue. It takes time, patience, a steady hand, practice, a clean room, the proper equipment, and an almost identical donor to use as a parts replacement cadaver. It is just like surgery and the donor needs to be compatible with the recipient if there needs to be an organ transplant. Just like the human body, the internals or organs of a hard drive are very fragile when not in the most ideal of environments. Platter based hard drives have more moving parts than a Solid State Drive (SSD), but the difficulty is still there. Just as in a normal transplant example, you need to understand that there is never a 100% guarantee that the recipient will come out of the surgery and recover. You can just hope and pray that the hard drive comes out and lives long enough to transfer the data to a secondary host so you can perform a logical recovery.

This is a video of a head stack replacement. There is a donor drive and a recipient drive. As luck would have it, there is only half a head, so the replacement was very fast with minimal risk to the donor head stack. Enjoy the video! http://youtu.be/DDWXZJPgbHM

As for the logical recovery, here are a couple more videos:
Imaging: http://youtu.be/3gFT2_u_6cI
Data Carving: http://youtu.be/X2sfxqSmerM

----------

4/25/2014
Every time malware or an massive exploit hits the news, the discussion always seems to revive of �how can you protect yourself on the Internet�. Then after the hype dies down, so does everyone's fear. This is quite unfortunate. Simple fact, there is never a 100% guarantee that you are secure when you connect to another computer. There are many things you can do to increase your defenses by minimizing your attack footprint, but there is always going to be a risk. If it is from an external threat ranging from cyber criminals to state sponsored attackers or the ever present risk of a disgruntled employee, the threats will NEVER go away unless you stop the ability for that threat to exist. However, no one wants to get rid of computers and cut themselves off the Internet. Many companies are pushing towards a Bring Your Own Device (BYOD) environment. Understand that by doing this, you are adding more risk to the work place since the company does not own the device and has not real legal claim to it if an event does occur. The 4th Amendment trumps corporate policy when consent is revoked. The 5th Amendment may also have some play. With a plethora of configurations in the mobile device space, there is no way to know all of the vendor/hardware discrepancies which adds a new level of risk. So, � The risk will always be there. The trick is not to ignore it, it is to be vigilant and watchful for what is coming down the pipe and constantly tweak what your defenses to minimize damages. Keep up-to-date. As ALWAYS, defense in depth... Always have a multilayered security infrastructure along with a least privilege mentality.

Some of the Cyber Secrets episodes that go with this theme are:
Heartbleeding Bug/Attack: View Video
Malware 101: View Video
Email Spoofing: View Video
Wireless Attack Tools: View Video
Hacking Androids: View Video


Other videos can be found at http://www.informationwarfarecenter.com/CyberSecrets.html

1-719-510-3554
- Information Warfare Center
. Copyright 2009-2014