Tag Archives: forensics

ISNow – Future Threats

The following introduction was originally published in the BCS Information Security Now Magazine, Winter 2010 issue (Volume 5, Issue 2), which was on the topic of Future Threats:

“The start of each New Year brings festive cheer and thoughts about what security related treats we might see in the coming year. I think 2011 may bring:

Targeted malware – next generation spear-phishing. The emergence of Stuxnet, which combines traditional malware techniques with a specially crafted targeting mechanism and payload parameters, may signal a new form of deniable attack. Even with the required time and resources required to develop the intelligence and programming that feeds into such software, it could still be a much more cost effective and politically acceptable virtual approach versus physical alternatives. This attack vector is likely to be picked up by other online ne’er- do-goods.

Secrets revealed – exposing truths. Wikileaks, Crytome, The Smoking Gun and others have a track record of exposing the secrets of governments, corporations and individuals. State and court sanctions are unlikely to deter all those seeking to expose unlawful, hypocritical and immoral activities. Once details are released on the internet it is too late, however good your censorship capabilities are and if the traditional press get hold of it too it’s as good as over. As people learn the effectiveness of such exposure we may see more whistleblowers emerge.

Personal intrusions – self-exposure. From airport security officials wishing to either irradiate us or touch our junk; governments wanting to know about our worldwide banking arrangements, health, happiness and online activities; social networks wanting to know where you are, who your friends are and what you’re saying; advertisers wanting to know where you are and what you’re interested in; employers wanting to know if you’re a suitable hire or risk to the business.

Happy New Year – hopefully.”

A PDF version of the magazine is available online at:

http://www.bcs.org/upload/pdf/ISNOW-Winter2010.pdf

ISNow – Computer Forensics

The following introduction was originally published in the BCS Information Security Now Magazine, Winter 2009 issue (Volume 3, Issue 2), which was on the topic of Computer Forensics:

“Digital forensics is an area overlooked by many companies – until needed. When required it can touch upon many business areas, including IT, HR and Legal. Proper planning can help ensure that it is effective when called upon.

Forensic Readiness
Companies should have a formal forensic readiness plan in place, so that when an incident occurs the correct skills, processes and technology are available to ensure proper collection of reliable evidence. This may require external resources being brought in to perform activities beyond, say, seizure or quarantining of a system or storage medium.

It may also be sensible to limit untrained internal technical resources from engaging in digital forensics. They may overcompensate for having ‘permitted an incident to occur’ by being overly eager to respond and investigate, usually in a non-forensically sound manner. This would then undermine any disciplinary and legal proceedings.

As with any incident response and investigation, all those involved need to be skilled and knowledgeable practitioners in their field and follow clear procedures, such as the CPNI First Responder’s Guide and the ACPO Good Practice Guide for Computer-Based Electronic Evidence.

Future Forensics
I expect issues to develop with increasingly smart mobile devices, online / cloud / Web 2.0 services and storage, encryption, mass storage and anti-forensics tools. Emerging techniques such as live and remote forensics will continue to develop, to try and keep up with technology and the bad guys.”

A PDF version of the magazine is available online at:

http://www.bcs.org/upload/pdf/isnow-winter09.pdf