• iPhone

    iPhone 3gs Encryption?

    Following an argument I recently had over iPhone security I thought I would post easy to access links that any fanboy can get to regarding the full disk encryption of the iPhone 3gs. En garde, I’ll let you try my Wu-Tang style.

  • Mac Security,  public speaking

    DFRWS Challenge 2009

    DFRWS is an organization dedicated to furthering digital forensics research. They have annual conferences, workgroups, challenges and publish papers. This years conference will be in Montreal, from August 17th through the 19th, for more info check out the flyer or to register, check it out here. The DFRWS 2009 Challenge has been posted as well. It focuses on the development of tools and techniques for forensically analyzing the PS3 (aka Sony Playstation 3). The challenge requires you to analyze the file system of a Playstation, a physical memory dump, images, and network traces involving 2 PS3’s and a Playstation Portable (PSP). All in all, it sounds pretty interesting. To find…

  • Mac OS X,  Mac Security

    Open Source Forensics for Safari

    SFT (Safari Forensic Tools) is a collection of command line tools that can be used to analyze information from Safari. The tools include parsers for Safari history, downloads, cookies, bookmarks, icon caches, and other information. They’re easy to use and can aid you in learning a bit more about what kind of information you leave behind on your own system… Find out more on SFT here.

  • Business,  Mac Security

    Spoliation and System Administration

    In legal circles, spoliation means intentionally destroying or altering data in a way that destroys its value as evidence.  This could mean editing time stamps, deleting email, editing files or deleting files.  Basically, this could mean anything that can contaminate evidence.  It’s often difficult to prove spoliation because of the word intent.  For example, if you are using Retrospect to move data and it gets lost in a move then you may destroy the value of data, but if you can prove that you did the move of data every night and why a failure occured, then you are probably in the clear… Stick with me, ’cause there’s a point here.…

  • Mac OS X,  Mac OS X Server

    Mac OS X: SetFile

    A couple of months ago I wrote about Using SetFile to Make Files Invisible. But today I’m going to discuss using it to change a few other attributes of a file. The options for SetFile include: SetFile -a can change attributes of a file, such as visibility, locked status, etc. SetFile -c can change the creator of the file SetFile -d can change the creation date of the file SetFile -m can change the modification date of the file SetFile -t can change the file type So let’s look at using some of these other options. First let’s take a file called logo.png on my Desktop (~/Desktop) and let’s change…

  • Mac Security,  Windows XP

    FTK

    From the FTK Website: Forensic Toolkit® (FTK®) is recognized around the world as the standard in computer forensic investigation technology. This court-validated platform delivers cutting edge analysis, decryption and password cracking all within an intuitive, customizable and user-friendly interface. In addition, with FTK, you have the option of utilizing a back-end database to handle large data sets. Or you can work without one if application simplicity is your goal. Either way you will get the benefit of best-of-breed technologies that can be expanded to meet your ever-changing needs. Known for its intuitive functionality, email analysis, customizable data views and stability, FTK is the smart choice for stand-alone forensic investigations.

  • Mac Security

    MacForensix

    Ever been hacked? Had information stolen? Who do you turn to? What do you do? No matter what the level, a security breech has occurred and action must be taken to ensure a repeat offense doesn’t happen. The first reaction to a security breech is to isolate it and fix it as soon as possible. However, writing to the systems in any way can cause clues to be overwritten. Therefore it is important to discover the identity of the attacker. The more quickly that forensic analysis is performed the more likely that the attacker, vandal or thief will be apprehended. One of the best places to start in analysis is…