headermask image

Data Triage Blog

Computer Forensics Services Against Computer Vandalism

April 6, 2009 – 6:06 am

Computer crime, cybercrime, e-crime, hi-tech crime or electronic crime generally refers to criminal activity where a computer or network is the source, tool, or target of a crime. Although computer crime and cybercrime are more properly restricted to describing criminal activity in which the computer or network is a necessary part of the crime, they are also used to include crimes like fraud, theft, blackmail, forgery, and embezzlement, in which computers, information technology or networks is used.

A computer is an excellent device for record keeping, particularly given the power to encode the data and can be used as a source of evidence. This evidence can be obtained and decoded, which can be used by the criminal investigators with the technical help provided by Computer Forensics Services.

Computer Forensics Services makes use of analytical and investigative techniques to identify, collect, examine and preserve evidence or information that is magnetically stored or encoded against such crimes. A forensic investigation by Computer Forensics Services can be initiated as part of criminal investigation, or civil litigation, through the sophisticated digital forensic techniques.

Computer Forensics Services like Data Triage Technologies provides digital evidence when data has been lost in the instances like:

  • Employee internet abuse
  • Unauthorized disclosure of corporate information and data
  • Industrial espionage
  • Damage of the system in an accident
  • Criminal fraud and deception cases
  • Criminal cases where criminals have used computers to store information

    • Investigation by Computer Forensics Services offers to:

    • Secure the system from tampering
    • Generate a copy of hard drive
    • Identify and recover files deleted
    • Access or copy the hidden files
    • Retrieve the protected and temporary files
    • Generate data from the residue of deleted files
    • Analyze data/settings concerned
    • Identify installed applications/programs
    • Assess the system
    • Discover electronic evidence of the user activity

    At Data Triage Technologies, the computer forensics experts identify, preserve and analyze potentially discoverable electronic evidence, while maintaining a cost effective approach throughout the process to support ongoing investigation. Their digital interrogation techniques ensure that computers “talk” for discovery purposes. Computers don’t lie, but it takes an expert to uncover the truth.

    Author: Meshaal McLean

    meshaalmaclean | Computer Forensics | Comments (0)

    Network Forensic Analysis Tools to Assess Network Vulnerabilities

    October 24, 2008 – 12:09 am

    Every organization today has some type of a network security policy to protect or secure its systems, but when there is a violation of organization policies with vulnerable attacks then forensic analysis plays a crucial role. The evidence in computer forensics may take many forms with the help of network forensic tools.

    Many network analysis tools are available nowadays to create a report containing details of potential problems like monitoring network computers for possible vulnerabilities, checking network for all potential methods that a hacker might use to attack etc. Some of the forensic tools are specially designed for networks.

    For example: DNA (Distributed Network Attack) a new approach in computer forensic analysis is one of the most efficient forensic tools in recovery of password protected files. The new tool made major advancements in recovery of distributed network system, which were earlier limited to the processing of single machine.

    With installation of the DNA tool on the server it will have access to the network and power to processes on different machines to decrypt the passwords. There by the DNA manager is responsible for coordinating the attack, assigning small portions of key search to machines distributed throughout the network. With the use of this forensic tool the liability of client to commit mistakes can be avoided.

    There are other forensic tools, some designed for analysis of network activity and some are intended for log aggregation or analysis. Through these forensic tools you can see the services operating over the network like file openings and closing.

    Network security audit helps reduce the possibility of network downtime by discovering the security incidents and the attacks through its LAN, WAN or intranet. In terms of network security concerns you can even go for external and internal security audits to identify and eliminate any security vulnerabilities in your systems.

    An External network access will test your network devices and servers for vulnerability to a wide range of exploits, viruses, worms and other common internet attacks. Where as internal security audit starts with threat discoveries which include frequent virus outbreaks, unauthorized access to sensitive e-mail or documents etc.

    The domain hijacking, machine break-ins, cracking user passwords, retrieval of sensitive documents, and physical access to sensitive hardware or software can also be analyzed with these audits.

    Once the analysis or audit is completed you can easily eliminate the network security problems. These are also applied to the storage area networks and network attached storage. With the help of network forensic tool you can identify and respond to computer crimes and policy violations, not just investigating historical incidents.

    www.Datatriage.com, a leading expert in Network Forensic Analysis, Network Security Auditing and Network Vulnerability Services.

    imtiaz | Computer Forensics, Informative, Network Security | Comments (0)

    Tips To Protect Your Server From Getting Hacked

    September 15, 2008 – 3:30 am

    Generally as we know that when we visit a web page or when you interact with any web application on internet, some of the information pertaining to us will be stored on the server. When the hackers enter into a hosting server they will try to obtain the root access of your server and will know the confidential database details, which are restricted to the regular visitors. They crack the personal information about the user and steal credit card numbers, which the user submit while making a purchase through the website.

    Have doubt on how this hacking on your server takes? Want to know more how the servers are hacked and how we can protect our servers from being hacked?

    Being able to run this server-side scripting language or the data in transit is not protected or not encrypted are the reasons to hack, most of the time. Different hackers use different ways, often called white hat hackers and black hat users. These white hat hackers find the security flaw in a script of a website or software and make it public, where as black hat users are malicious hackers, who tamper illegally with software installed in your computers and tell other users about how to do the same.

    Finding hackers breaking into your server is difficult to find, as they are not easy to spot. The script kiddies utilize free software hacking programs called “exploits” and distribute them over the internet.
    When you suspect malicious software programs, you must be able to react quickly to minimize the outbreak. If your server is prone to an attack by a hacker, here are some tips on how you can protect your server:

    1. Disconnect the system from the network

    If you suspect your server is infected, then you simply disconnect the system from the network to avoid from any infected programs. Rather than fixing the current problem, leave the system on the network and document this reports in your incident response plan.

    2. Discover the method used by the hacker

    Know the methods hackers use to overcome the problem, as they use different types of hacking technologies. Using software tools like tripwire, you can identify the files whether any they are uploaded, added or changed on the system. Also find the owner of the files to let you know what is the application used by the hacker to get into server breaking. Investigate the files that were uploaded on the server system which might provide the valuable information about the attack against your server.

    3. Information from the running scripts launched by the attacker

    Use the lsof (list open files) commands in the system which includes the disk files, pipes, network sockets, the user who owns them, and devices opened by all the processes through which you can find the source of the attack from this information. Also use rootkit detection tools like rkhunter or chkrootkit to scan the possible local exploits to identify and detect the common attacks. It also performs checks to see if commands have been modified, and various checks on the network interfaces.

    4. Stop all the attacker scripts and remove the files

    Now that when you have identified the cause of the attack on the server you can safely eradicate the running scripts launched by the attacker and remove all the files and save them in a different location for further investigation. Once we know the method used by the hackers, we can stop it and restore the network connection like mail, DNS etc.

    These steps are obviously helpful to some extent in restoring the server system from variety of attacks which you might encounter and can be used as a baseline to develop your own plan of actions. Also you can go for the Data Triage Intrusion Detection and Prevention Products, which provide comprehensive and easy to use protection against current and emerging threats at both the application and network layer. www.Datatriage.com, a leading expert in Network Security Auditing and Network Vulnerability Services.

    imtiaz | Intrusion Prevention, Network Security | Comments (0)

    Computer Forensic Focus On Keystroke Logging

    August 12, 2008 – 12:43 am

    Computer forensics or digital forensics has extremely gone under rapid forensic application of computer investigation and is often followed up with expert witness in court. Computer forensics is something which you really need to do regularly in investigation process which will help, boost business and will also present evidence through out the legal process.

    To protect your company, business on internet against hacking, you have to know the tactics employed by the hackers which will help you prevent the fraud by staying one step ahead of them. The data generally is hacked by means of phishing, spyware, malware programs, insider attacks, keystroke logging etc. In this article i would like to discuss on the keystroke logging.

    Have doubt on what exactly is keystroke logging?

    Keystroke logging or keylogging is a method of capturing information and recording user keystrokes through hardware or software program.

    The keystroke logging are done remotely to steal credit card and bank account numbers, usernames, passwords and also some times to monitor personal files, emails and FTP to spy them. These keyloggers can be installed through download programs and also through physical access to the computer.

    How exactly it works - The key logger uses a web server and appends the browser redirecting it to web pages and when the client downloads the web page and Java script, it redirects to hackers site unknowingly and keyboard logger is installed and the individual user names, passwords, bank pin card numbers are sent to hacker’s website.

    Hardware keyloggers are external attachment (a small cable) within the keyboard and the port. This external attachment can be the USB memory stick, external hard drives which are placed on back of the computer and are hard to spot. These devices are invisible to the computer’s user, as these hardware keyloggers are placed inside the keyboard or next to keyboard port.

    Software key logger is a program which is installed on a machine with administrative privileges. It can be the device driver that replaces the existing input /output driver with embedded key logging functionality. The functionality will have many options such as encrypting, decrypting and sending the files to a destination across the internet. The log files were hard to find from the operating system files though you go for directory listing of hidden files, as they are hidden.

    You can prevent this unsecured accessing of data from web server from being affected by the keystroke loggers through comprehensive intrusive prevention system that defends your network which consists of signature deployment, anomaly detection, and protocol recognition and also you can go for anti-key loggers (software program) to detect key loggers.

    These computer forensic tools provide a solution to individuals in detecting the key loggers and for further assistance and help you can go for www.Datatriage.com, which is the best Computer Forensic Expert providing the effective approach to support your online investigation.

    As we know these key loggers are simple and easy to install, the best that can be done manually is to prevent keylogging by adopting a good security practices. By having restricted privileges to the users by making them part of the user group, and having administrator group with strong password policy, and also perform physical check of hardware loggers.

    imtiaz | Computer Forensics, Keylogging | Comments (0)

    Email Discovery as Electronic Evidence

    July 22, 2008 – 7:52 am

    In today’s legal discovery world, electronically stored information requires special attention in litigation. The recent emphasis on producing electronically stored information requires an e-discovery team to apply legal principles to information technology. But electronically stored information in some cases drive them out of business, especially in companies as they are unaware to find electronically stored information, especially Email and associated attachments. Most email discovery efforts relate to the collection and review of Email as they remain one of the highest risk areas.

    Email is most popularly used by all the people for communication of personal or business related matters. Currently more than 1000 million Email accounts are in use Worldwide, with an average of more than 4 Email accounts per person. With the Email accounts, all your incoming, saved, and sent mail is stored on a mail server with in IMAP folders. As we know we all rely on Email to operate our businesses in our personal lives, it is important to take preventive measures to avoid the ultimate disaster of unrecoverable Email.

    The message index in the Email s lists the messages and is stored as entries in a database associated with the file structure. When you delete mail messages the attachments of the deleted file are also deleted as well. How ever you can restore them as they are only moved to a special deleted message folder called Trash folder, like the files in Recycle bin. These deleted Email s still remain on a computer hard drive, servers or retained on back-up tapes.

    After deleting the Email from the folder, it reduces the size of the database file by eliminating this vacant space. Once they get deleted they restore it in the trash folder, which can be easily retrieved. These files are not removed from an index of the files, they just move to the trash directory and the space is considered to be available for writing new data.

    But if an Email in the trash folder is deleted again then it is no longer indexed and no longer readily accessible. But these files are not truly deleted; they still exist on your hard drive. These deleted files have not been erased, but in most of the cases they can be easily retrieved. To retrieve the data from the trash files, forensic examination is required to locate and retrieve them. In some circumstances, these mails may be impossible to retrieve from the server, hard drive or pc because they have been overwritten by other files.

    Even if your Email is completely lost, then these mail recovery tools are used to scan the entire hard disk, locate and recovers the deleted Email and also repairs the database if it is corrupted.

    Imagine your Email database deleted or the file system corrupted. If that happens, you would need an undelete tool to get the files back. Though the database becomes corrupted, the data content may still exist, but the structure of the file may be wrong such that the mail cannot list the messages. Then you need to use email discovery tools typically to scan your hard disk and list a whole bunch of files with damaged, crippled file names.

    As different mail programs store data in different formats like word, Excel, csv, pdfs etc, you must use a data recovery tool that supports the mail software you are using. For Outlook Express or Windows Mail, Mail Recovery is effective and easy to use, For Microsoft outlook files to recover, you need Outlook recovery, and for Mozilla thunderbird mail folders you can recover by using a text editor as they are plain text files.

    To avoid severe legal sanctions, you need an easy way to search for relevant Email in order to quickly meet legal discovery requests. In fact, an effective Email discovery solution can help mitigate these legal risks. www.Datatriage.com is one of the leading experts in the field of email discovery, which restores electronically stored information in Email and associated attachments.

    imtiaz | Articles, Computer Forensics, Electronic Discovery | Comments (0)