• United States

Computer forensics company issues newsletter

Apr 13, 20042 mins

* Review of forensics firm CyberEvidence’s CyberBits newsletter

I recently began receiving an interesting monthly newsletter on digital forensics called _CyberBits_, which comes from CyberEvidence, a Texas firm that specializes in computer forensics training and computer incident response.

The company works with law enforcement and private companies in collecting and analyzing digital forensic evidence. The founder, Paul Brown, was an officer of the Houston Police Department and is active with the Texas InfraGard, the Information Systems Security Association, the American Society for Industrial Security, the High Technology Computer Investigation Association and others. He was also a contributor to the National Institute of Justice’s _Electronic Crime Scene Investigation: A Guide for First Responders_.

The February 2004 issue of _CyberBits_ has an overview of steganography by Angelique Grado. She points out that a key difference between encryption and steganography is that ciphertext is usually immediately recognizable as such. In contrast, the text concealed through steganography is usually unnoticed. This property of being covert is similar to encoded messages, where common words or phrases mean something else according to a code book; used carefully, a code can pass as ordinary text, too.

The article on page 4 (the last page) of the newsletter looks at video-game consoles as a source of forensic evidence. Author Terry Landry emphasizes that with their powerful processors, high-capacity disks and network connections – for example, an Xbox console with a 733-MHz Intel Processor, RAM, a 10G-byte hard disk, a DVD drive, and an Ethernet port capable of connecting to a broadband Internet connection – these units hardly qualify as “just a game.” He reports that there are many tools on the Internet for running Linux on these “toys” and that therefore investigators should not ignore them if they see such units during a search for evidence.

He writes that he knows of one investigation where an “old Sega Dreamcast game system was modified and then connected to a corporate network and used to harvest sensitive corporate data, but was overlooked by IT security simply because no one suspected a seemingly harmless video game sitting on an employee’s desk.”

I am looking forward to the next issues of CyberBits and hope that those of you with an interest in forensics will enjoy the newsletter.

[I have no association with CyberEvidence, other than checking with Paul Brown that it would be OK to publicize his newsletter.]