Following an argument I recently had over iPhone security I thought I would post easy to access links that any fanboy can get to regarding the full disk encryption of the iPhone 3gs. En garde, I’ll let you try my Wu-Tang style.
-
-
DFRWS Challenge 2009
DFRWS is an organization dedicated to furthering digital forensics research. They have annual conferences, workgroups, challenges and publish papers. This years conference will be in Montreal, from August 17th through the 19th, for more info check out the flyer or to register, check it out here. The DFRWS 2009 Challenge has been posted as well. It focuses on the development of tools and techniques for forensically analyzing the PS3 (aka Sony Playstation 3). The challenge requires you to analyze the file system of a Playstation, a physical memory dump, images, and network traces involving 2 PS3’s and a Playstation Portable (PSP). All in all, it sounds pretty interesting. To find…
-
Open Source Forensics for Safari
SFT (Safari Forensic Tools) is a collection of command line tools that can be used to analyze information from Safari. The tools include parsers for Safari history, downloads, cookies, bookmarks, icon caches, and other information. They’re easy to use and can aid you in learning a bit more about what kind of information you leave behind on your own system… Find out more on SFT here.
-
Spoliation and System Administration
In legal circles, spoliation means intentionally destroying or altering data in a way that destroys its value as evidence. This could mean editing time stamps, deleting email, editing files or deleting files. Basically, this could mean anything that can contaminate evidence. It’s often difficult to prove spoliation because of the word intent. For example, if you are using Retrospect to move data and it gets lost in a move then you may destroy the value of data, but if you can prove that you did the move of data every night and why a failure occured, then you are probably in the clear… Stick with me, ’cause there’s a point here.…
-
Mac OS X: SetFile
A couple of months ago I wrote about Using SetFile to Make Files Invisible. But today I’m going to discuss using it to change a few other attributes of a file. The options for SetFile include: SetFile -a can change attributes of a file, such as visibility, locked status, etc. SetFile -c can change the creator of the file SetFile -d can change the creation date of the file SetFile -m can change the modification date of the file SetFile -t can change the file type So let’s look at using some of these other options. First let’s take a file called logo.png on my Desktop (~/Desktop) and let’s change…
-
Mac OS X: Forensics Group on Yahoo! Groups
http://tech.groups.yahoo.com/group/macos_forensics/
-
FTK
From the FTK Website: Forensic Toolkit® (FTK®) is recognized around the world as the standard in computer forensic investigation technology. This court-validated platform delivers cutting edge analysis, decryption and password cracking all within an intuitive, customizable and user-friendly interface. In addition, with FTK, you have the option of utilizing a back-end database to handle large data sets. Or you can work without one if application simplicity is your goal. Either way you will get the benefit of best-of-breed technologies that can be expanded to meet your ever-changing needs. Known for its intuitive functionality, email analysis, customizable data views and stability, FTK is the smart choice for stand-alone forensic investigations.
-
Mac OS X: Forensics
It’s old but it’s good: http://www.afp548.com/Articles/security/postmortem.html
-
MacForensix
Ever been hacked? Had information stolen? Who do you turn to? What do you do? No matter what the level, a security breech has occurred and action must be taken to ensure a repeat offense doesn’t happen. The first reaction to a security breech is to isolate it and fix it as soon as possible. However, writing to the systems in any way can cause clues to be overwritten. Therefore it is important to discover the identity of the attacker. The more quickly that forensic analysis is performed the more likely that the attacker, vandal or thief will be apprehended. One of the best places to start in analysis is…