Revision for my upcoming forensic science exam was getting a bit tedious so I went to see Avatar last night.
It’s pretty good. The 3D effects are really impressive, and for the most part, a lot more subtle than I expected them to be. I probably won’t watch it again, but it’s worth seeing just for the spectacle of it all.
Other thoughts as we left the cinema:
- Dances with Wolves in space
- Animals with USB ports
Right, that’s enough time wasted. Notes on “presumptive tests for drugs of abuse” await!
Posted in General
|
Tagged avatar, films
|
There have been some very odd things going on in computer forensics over the last few weeks.
First, Microsoft’s COFEE incident response tool leaked onto the internet. COFEE had previously only been available to law enforcement organisations, so having it leak to the public kicked up a bit of storm with people trying to work out just exactly what it is capable of doing. The answer turned out to be “not very much”. Rather than being the ultimate secret backdoor that some early media reports made it out to be, COFEE is more like a glorified shell script that pulls down volatile memory to a USB stick.
Inevitably, someone released a tool aiming to disrupt COFEE’s execution. DECAF was released earlier this week, but a couple of things about it seemed a little strange. It’s website offered the tool for download, but in a binary only distribution. Perhaps it’s just me, but I find it quite hard to trust security tools that don’t release their source code. Another quirk was that the DECAF website contained an EULA for the software prohibiting reverse engineering or disassembly (Which also contained references to Skype of all things!). It all seemed to go against the ethos of full disclosure in computer security.
I downloaded a copy, and planned to play with it over this weekend (I’ve just handed in my final piece of MSc coursework for the semester today!), but there’s another twist:
The DECAF website has been updated to remove any links to the software and instead shows an odd message claiming that all copies of DECAF have been disabled, ending with a passage from the Bible!
As I’ve been writing this I’ve been listening to an interview with DECAF’s developer on the Cyberspeak podcast which seems to have been recorded before the tool was taken down. It’s interesting, but it doesn’t really make things any clearer with regard to the developers motivations or the manner in which the tool was released.
Posted in Forensics
|
Tagged cofee, decaf, strange
|
Last week I started playing with Last.fm in an attempt to stave off the boredom associated with the statistics labs that were piling-up on my desk.
If you have a strange desire to know what I’ve been listening to recently, here’s a link to my profile.
This is a pretty interesting read.
Back in August there was an article in Wired about people who decide to disappear without leaving any trace at all. As a sort of follow-up the writer decided to “disappear” himself and try to pick up a new identity for a month, with a bounty of $5000 for anyone who could track him down.
The premise is simple: I will try to vanish for a month and start over under a new identity. Wired readers, or whoever else happens upon the chase, will try to find me.
The idea for the contest started with a series of questions, foremost among them: How hard is it to vanish in the digital age? Long fascinated by stories of faked deaths, sudden disappearances, and cat-and-mouse games between investigators and fugitives, I signed on to write a story for Wired about people who’ve tried to end one life and start another. People fret about privacy, but what are the consequences of giving it all up, I wondered. What can investigators glean from all the digital fingerprints we leave behind? You can be anybody you want online, sure, but can you reinvent yourself in real life?
It’s one thing to report on the phenomenon of people disappearing. But to really understand it, I figured that I had to try it myself. So I decided to vanish. I would leave behind my loved ones, my home, and my name. I wasn’t going off the grid, dropping out to live in a cabin. Rather, I would actually try to drop my life and pick up another.
Writer Evan Ratliff Tried to Vanish: Here’s What Happened
Posted in General
|
Tagged id, vanish, wired
|
Scotland’s Autumn Tests started this weekend against Fiji. Getting tickets was easy but I had to solve a little logic puzzle to actually get into Murrayfield.
Someone at the SRU hadn’t thought their cunning plan all the way through.
Pretty good game. I’m off to the Scotland / Australia game next week.
On the off chance that you want to read a genuinely interesting piece of science writing, here’s a New Scientist article about the Large Hadron Collider.
And for those who worry about the repercussions of digging a tunnel under the Franco-Swiss border and smashing some very small things into other very small things at very high speeds, here’s a handy RSS feed.
Throughout our forensic informatics lectures we have been somberly informed that a career in digital forensics and avoiding child pornography are, to all intents and purposes, mutually exclusive. It isn’t very nice but sooner or later anyone involved in digital investigations is going to have to deal with it at some level.
I recently had a conversation with some friends where we discussed various scenarios where “evidence” could be planted on a computer without the owner’s knowledge. We came up with a few hypothetical situations in which it would be trivial for a motivated party with a bit of technical knowledge to cause a lot of trouble for an unsuspecting victim. Especially as child pornography is nasty enough that possession alone is all that’s needed to cause some serious legal difficulties.
I was reminded of that conversation by a post on Slashdot over the weekend concerning malware which, for one reason or another, seems to do just that. One case referred to in the AP article mentions software that hit 40 sites per minute while the defendant was out of the house. That case was eventually dropped but it took 11 months and cost the defendant $250,000 in legal fees, not to mention the damage to his reputation.
I’d like to think that it would be pretty simple to determine if malware is responsible for the presence of an image or video, but that doesn’t always seem to be the case. Another thing is that these seem to be “random infections”. I find it a little depressing to think of the damage that could be done by a properly targeted attack.
Toward the end of the first year of my undergraduate degree I read a book by Neil Barrett called Traces of Guilt, which describes the author’s involvement in computer-related crime as a security consultant and expert witness. It is written as a series of case-studies showing Barrett’s involvement in criminal cases ranging from paedophilia to murder, as well as private consultancy work such as dealing with a sociopath systems administrator at a wealthy holding company.
Despite the subject matter, it is surprisingly accessible (After all, it was my mother that recommended it to me!), but still contains enough technical information to keep a computer science student interested.
I read it again recently and even though five years have gone by since I first picked it up, very little of it seems dated. It’s definitely worth a read for anyone with an interest in computer-crime.
Traces of Guilt got me thinking about computer security from the “other side”, and is probably part of the reason that I’m studying computer forensics today.
I think this is quite interesting.
From The Register:
An Australian man who set up an elaborate network of hidden cameras to spy on his flatmates has escaped jail time after police were unable to crack the encryption scheme protecting his computer.
…
But the files were encrypted, and the 39-year-old Wyllie refused to divulge the password. The inability of police to review the files – combined with the fact that a camera he used was unplugged when the raid was commenced – meant prosecutors lacked the hard evidence they needed to prove the man had secretly taped his flatmates.
I’m under the impression that RIPA could be used over here to compel a suspect to give up the password, but it’s quite hard to find information on when Part 3 of the Act has been used, so perhaps I’m mistaken.
Posted in Forensics
|
Tagged encryption, ripa
|
