Cellebrite’s UFED, a Must for Forensic Investigators!

Thursday, April 19th, 2012

The digitalization has transformed the criminal enterprise to a high tech, stealthy, global organization. Identity theft, money laundering, fraud, theft of intellectual property, etc., are a few to add in a long list of crimes happening in web 2.0. Imagine if your friend is charged with money laundering which he/she is not committed. What if you could show electronic evidence that proves his/her innocence! Sounds interesting? Cellebrite’s UFED, a mobile forensic devise, gives investigators all the tools necessary to do job efficiently, with a full complement of accessories, cables, card readers and much more, plus powerful analyzing, extraction & reporting software that can be run from any PC.

With a rapid change in technology and advanced mobile devices, BlackBerrys, Androids, iPhones are some of the smart phone we use on daily basis to take photographs,send texts and emails, update Facebook, consult maps, search the web, and the list goes on. As we do this, however, our mobile devices often are quietly making records and generating evidence of all these activities. For better or for worse, this makes mobile devices perhaps the richest source of evidence about the people that use them.

However, one of the major issues is that, because the mobile device industry is still at nascent stage, a multitude of different operating systems, communications protocols, and data storage methods are in use, and more are being developed every day such as Apple’s iOS, Google’s Android, BlackBerry OS, Microsoft’s Windows Mobile, HP’s webOS, Nokia’s Symbian OS, and many others. What is the best solution then? Cellebrite’s UFED!


Why Cellebrite’s UFED?

A few exceptional and analyzing capabilities of the Cellebrite UFED standalone mobile forensic device:

  • Portable, fast and easy to operate, facilitates a truly untethered operation even in the most remote locations.
  • Performs physical, logical, user password and file system extractions.
  • IOS physical extraction, decoding & real-time decryption.
  • Gives access to internal application data.
  • Data extraction of hidden, existing and deleted data.
  • Android & GPS devices extraction and decoding.
  • Blackberry decoding.
  • Phone internal data including IMSI history, past SIM cards used, past user lock code history

In short, Cellebrite’s UFED is designed specifically for forensic investigators. Its best used for retrieving data ( deleted and non-deleted) from mobile phones, as the UFED forensic system empowers law enforcement, computer crime and investigations to capture critical forensic data and much more. The best part is it covers all major mobile OS: IOS, Android, BlackBerry, Symbian, Windows Mobile and Palm.

Virtualization – A Threat To Hard Drive Data Recovery

Sunday, July 3rd, 2011

Hard drive data recovery is the process of retrieving lost data from hard drive. This retrieval is done due to the inaccessibility of data through normal recovery processes. Notwithstanding the fact that your hard drive has crashed or locked up for some reason, you can recover the data using a variety of hard drive data recovering techniques.

Virtualization makes it complex to manage disparate virtual, physical and cloud resources simultaneously. There are three areas of IT where virtualization is making news – network virtualization, storage virtualization and server virtualization. Virtualization enables IT enterprises focus on their core competencies while their day-to-day troubles are taken care of by third party data centers and disaster recovery facilities. These centers offer end-to-end managed IT services on virtual systems to enable enterprises save on setting up IT infrastructure.

While virtualization is a great option, it is a path to leaving data unprotected. While IT companies are adopting virtualization to reduce costs, this process is adding to the complexity to their IT environments. This leaves the critical data unprotected. Only ten percent of the critical applications data that is stored on virtual system is protected. It is time IT companies resorting to virtualization assess the necessity of having a protection for virtual data. Almost half of the data stored on virtual systems is not even backed up.

One of the greatest drawbacks of virtualization is that there is a single point of failure. When the machine, on which all the virtualized solutions run fails, or when the virtualization solution itself fails, this crashes everything.

Less hardware is required in virtualizaton but it requires powerful machines. If the machines are outdated or archaic, the work might get disrupted. But given the cost of hardware, it is still cheaper to upgrade the machine and virtualize than install new hardware.

Performance issues arise in virtualization even though powerful virtualization of operating systems and applications are integrated in a machine. Frequently, an application running without any problem while not virtualized, brings to surface many problems when it is deployed in virtualized environment. There is no guarantee if an application will behave properly in virtualized environment. Performance degradation is one of the many issues when applications are deployed in virtual environment.

Although there are some disadvantages in virtualization, it is still a viable solution provided ample care is taken to overcome the possible snags. IT enterprises should treat mission critical data and applications with utmost care whether they are virtual or physical. Enterprises should adopt integrated tools for managing physical and virtual environments to save time, training costs and better automate processes.

Phone Log Reconciliation

Thursday, June 30th, 2011

Knowingly or unknowingly we transmit a lot of information over phones. While we may not realize or even see the need to keep such information, it becomes useful to retrieve phone log information for legal issues. In complex litigation, all information passing between the client and vendor is considered part of intellectual property or trade secrets.

In legal cases phone log information records can be subpoenaed to determine if there was a trade secret violation or any other breach, or intellectual property information that is confidential has been compromised. In such scenarios, a search should be conducted through multiple phone numbers’ log records to produce a comprehensive report of violation or non violation.

Data Triage Technologies (DTT) has pioneered in Phone Log Reconciliation Service that is designed to manage completely a process that can be very time consuming if not automated appropriately. Now, it is possible for you to retrieve information that you may need to call as proof in a case. This service is extremely beneficial for lawyers and legal firms.

Phone logs come in several patterns that include digitally archived as images and spreadsheets as well as in paper format. Each phone company and cell phone provider has its own proprietary format for storing and presenting records. These formats require standardization to generate a comprehensive analysis. DTT executes a process of Optical Character Resolution (OCR) as well as Quality Assurance to ensure the information is correctly entered into a database able to execute the various formats.

Once evidence call records are introduced into a database, DTT performs an exhaustive search for the phone numbers under investigation. DTT then complies a report containing Calling Number, Called Number, Date and Time information, Statement Date and Statement Page.

The Sarbanes-Oxley Compliance For Corporates

Saturday, March 26th, 2011

Auditing is a major concern of any company. Every organization should comply with rules and regulations set forth by the US government. One such regulation is Sarbanes-Oxley Act which applies to public companies.

The Sarbanes-Oxley Act was enacted as a reaction to a number of corporate and accounting scandals. These scandals shook the confidence of the public because they cost investors millions of dollars when the share price of the affected companies collapsed.

This Act does not apply to privately held companies though.

The Sarbanes-Oxley Act was passed into law in 2002 to protect investors by improving the accuracy and reliability of corporate disclosures. The requirements of Sarbanes-Oxley are that a public company must have written policies and procedures that are followed to protect the interests of its stock holders. This law totally changed the standards of all US public company boards, management and public accounting firms.The SOX orders strict reforms to improve financial disclosures from corporations and prevent accounting fraud.

The Sarbanes-Oxley Act (SOX) requires that if a company records client personal information, it must be maintained in a secure manner. In the event any client’s personal information is compromised each client who may have been affected must be informed within a reasonable period of time.

The Act

  • Creates a Public Company Accounting Oversight Board to enforce professional standards, ethics, and competence for the accounting profession
  • Strengthens the independence of firms that audit public companies
  • Increases corporate responsibility and usefulness or corporate financial disclosure
  • Increases penalties for corporate wrongdoing
  • Protects the objectivity and independence of securities analysts
  • Increases Securities and Exchange Commission resources

Data Triage Technologies (DTT) provides confidential auditing services that comply with the Sarbanes-Oxley and ISO (1)7799. DTT’s consultants test and review network security policies and procedures and provide a detailed report addressing the security findings. Details of all work performed including testing and analysis of the network security situation is included in a comprehensive report and delivered to the client in a timely manner after completion of work.

The Process for Recovering Electronic Evidence

Tuesday, March 1st, 2011

There are two primary steps in the process of recovering electronic data; “acquisition” of the target medium, and a forensic byte-by-byte analysis of the data.

Computer forensic science was created to address the specific and articulated needs of law enforcement to make the most of this new form of electronic evidence. Computer forensic science is the science of acquiring, preserving, retrieving, and presenting data that has been processed electronically and stored on computer medium.

Rather than producing interpretative conclusions, as in many forensic disciplines, computer forensic science produces direct information and data that may have some significance in a case. This type of direct data collection has wide-ranging implications for both the relationship between the investigator and the forensic scientist and the work product of the forensic computer examination.

Using customized computer forensic tools, the target medium is acquired through a non-invasive complete area-by-area bit-stream image procedure. During the imaging process, it is critical the mirror image be acquired in a DOS environment. Switching on the computer and booting into its operating system will subtly modify the file system, potentially destroying some recoverable evidence.

The resulting image becomes the “evidence file,” which is mounted as a read-only or “virtual” file, on which the forensic examiner will perform their analysis. The forensics software used by CFI creates an evidence file that will be continually verified by a Cyclical Redundancy Checksum (“CRC”) algorithm for every 64 sectors (block) of data and a by a MD5 128 bit encryption hash file for the entire image. Both steps verify the integrity of the evidence file, and confirms the image has remained unaltered and forensically intact. Using the MD5 hash encryption, changing even one bit of data will result in a notification that the evidence file data has been changed and is no longer forensically intact.

The Computer Fraud and Abuse Act (CFAA), 18 U.S.C. 1030, a federal criminal statute outlawing various computer crimes, provides a civil remedy for companies victimized by a violation of the statute.In this new digital age, the CFAA is fast becoming recognized as a proactive tool that can be used by companies to retrieve stolen data, prevent its dissemination in the marketplace and obtain compensatory damages resulting from its theft, use and malicious destruction.