Cool stuff from Princeton researchers. They published a paper “Cold Boot Attacks on Encryption Keys” and showed that whole disk encryption can be defeated by relatively simple methods. They demonstrated their methods by using them to defeat three disk encryption products: BitLocker,
CERT and the United States Sectret Service published an insider threat research that focuses on both technical and behavioral aspects of actual compromises. The key findings are Current and former employees carried out insider activities in nearly equal numbers. Sixty-three percent of the insiders held technical positions within the targeted organizations.
I’m going to talk about Windows Vista Forensics at the DFN-CERT workshop. The workshop will be held on Februray 13 and 14, 2008 in Hamburg, Germany.
A new version of The sleuthkit (TSK) is out now. There are some minor bug fixes included. Changelog
I recently discovered, that Microsoft destroyed a most valuable digital forensics evidence source on NTFS filesystems with Vista. The default registry key value for HKEY_LOCAL_MACHINE\SYSTEM\ CurrentControlSet \ Control\FileSystem\NtfsDisableLastAccessUpdate is now “1”, which means no last access timestamp will be written at all. On Windows XP and Windows 2000
On uninformed.org you can find a whitepaper which describes several ways to get your code covertly executed in the Windows kernel.
I’m giving computer forensics classes for beginners in Munich, Frankfurt and of course Berlin.
I remodeled my other digital forensics related german website http://computer-forensik.org. It has now a fancy brand new theme. 😉
David Litchfield from NGSSoftware published some new material about Oracle Database Forensics.
The english Association of Chief Police Officers (ACPO) has released a new guide to collecting electronic evidence. The Good Practice Guide for Computer-Based Electronic Evidence has been revised by experts.