The Many Fields of Digital Forensics and
As the world of information technology grows in
size and complexity, sectors within the IT industry
become more and more specialized. Within IT,
information security used to be considered niche.
Nowadays, saying that you’re an infosec professional positions you as somewhat of a generalist.
After all, within the infosec field there are several
specialization areas, including compliance, pen
testing, and application security.
This brings us to digital forensics and incident
response (DFIR), which may be seen as a niche
within information security. Today, being great
at all things related to DFIR is no longer practical
for most people, which is why DFIR professionals have been specializing in areas such as file
system examination, incident handling, memory
forensics, malware analysis, and so on.
Forensic Analysis of Anti-forensic Activities
I attended Shmoocon and sat in the presentation by
Jake Williams and Alissa Torres regarding subverting memory forensics. As I sat through the talk I
kept thinking to myself that it would be impossible to
completely hide every artifact related to your activity, which Jake also stated in his presentation. Seeing
a tweet the other day that had a link to download
the memory image, I quickly grabbed it to see what
I could find (If you are interested in having a look at
the image it can be found here). I will also state that
I have not looked at anything else that was posted
as I didn’t want to have any hints on what to look
Solid State Drives
The way in which a solid state drive stores data
is totally different from how data is stored on a
traditional hard drive. To fully comprehend how an
SSD functions and provide insight into their forensic
examination, it is necessary to understand SSD terminology. This series takes you through the ins and
outs of solid state drives. Part 1 detailed the history
of SSDs. Controllers, NAND non-volatile memory,
and Program Erase Cycles (P/E) were discussed
in Part 2. Pages, Blocks, Planes, Dies, TSOPs,
Wear-Leveling (WL), and Garbage Collection (GC)
were discussed in Part 3. Write Amplification (WA),
Over-Provisioning (OP), and Bad Block Management
(BBM) were discussed in Part 4. Part 5 discusses
cylinders, heads, and sectors; logical and physical
block addressing, and the “TRIM” command.
Secret Service Urges Lawmakers to Do
More on Cyber Crime
The Secret Service has urged U.S. lawmakers
to do more to prevent the types of cyber thefts
of consumer information that recently have hit
Target Corp and other major retailers.
“Legislative action could help to improve the
nation’s cybersecurity, reduce regulatory costs
on U.S. companies, and strengthen law enforcement’s ability to conduct effective investigations,”
says William Noonan, a top agent with the
Secret Service’s cyber operations branch.