If you are visually impaired or blind, you can visit the PDF version by Pressing CONTROL + ALT + 4
<br /> The Quarterly Magazine for Digital Forensics Practitioners<br /> A STEGALYZER USB<br /> WIN!<br /> FROM SARC<br /> ISSUE 15<br /> MAY 2013<br /> INSIDE<br /> / Cryptographic<br /> Key Recovery<br /> / Tunnelling Out:<br /> Data Extraction<br /> / Fuzzing Risks in<br /> Software Tools<br /> / Timeline Creation<br /> & Review<br /> GOOGLE<br /> DESKTOP FORENSICS<br /> 15<br /> 9 772042 061004<br /> Google desktop use in Digital Forensic examinations Issue 15 / £14.99 TR Media<br /> / REGULARS / INTRODUCING / FROM THE LAB / Book Reviews<br /> NEWS, 360, irq, Registry Recon – StegAlyzer: DETECTING Windows Forensic<br /> LEGAL & more… HOW IT WAS DEVELOPED Steganography IN THE FIELD Analysis Toolkit<br /> <br /> EDITORIAL<br /> W<br /> <a title="DFM15 - Online page 1" href="https://secure.viewer.zmags.com/publication/6dcf3162?page=1"> The Quarterly Magazine for Digital Forensics Prac</a> <a title="DFM15 - Online page 2" href="https://secure.viewer.zmags.com/publication/6dcf3162?page=2"> </a> <a title="DFM15 - Online page 3" href="https://secure.viewer.zmags.com/publication/6dcf3162?page=3"> EDITORIAL W </a> <a title="DFM15 - Online page 4" href="https://secure.viewer.zmags.com/publication/6dcf3162?page=4"> </a> <a title="DFM15 - Online page 5" href="https://secure.viewer.zmags.com/publication/6dcf3162?page=5"> CONTENTS / DIGITAL FORENSICS MAGAZINE </a> <a title="DFM15 - Online page 6" href="https://secure.viewer.zmags.com/publication/6dcf3162?page=6"> / NEWS NEWS DC3 Digital Forensics Challen</a> <a title="DFM15 - Online page 7" href="https://secure.viewer.zmags.com/publication/6dcf3162?page=7"> UK Royal Military Police cuts digital forensics c</a> <a title="DFM15 - Online page 8" href="https://secure.viewer.zmags.com/publication/6dcf3162?page=8"> </a> <a title="DFM15 - Online page 9" href="https://secure.viewer.zmags.com/publication/6dcf3162?page=9"> / FEATURE CRYPTOGRAPHIC KEY RECOVERY Andy Swif</a> <a title="DFM15 - Online page 10" href="https://secure.viewer.zmags.com/publication/6dcf3162?page=10"> / FEATURE Now, this type of attack is a</a> <a title="DFM15 - Online page 11" href="https://secure.viewer.zmags.com/publication/6dcf3162?page=11"> 1) Some data to encrypt 2)An encryption algorithm</a> <a title="DFM15 - Online page 12" href="https://secure.viewer.zmags.com/publication/6dcf3162?page=12"> / FEATURE from the Internet, however one thin</a> <a title="DFM15 - Online page 13" href="https://secure.viewer.zmags.com/publication/6dcf3162?page=13"> a number of parameters such as the target platfor</a> <a title="DFM15 - Online page 14" href="https://secure.viewer.zmags.com/publication/6dcf3162?page=14"> / FEATURE We should be able to identify m</a> <a title="DFM15 - Online page 15" href="https://secure.viewer.zmags.com/publication/6dcf3162?page=15"> </a> <a title="DFM15 - Online page 16" href="https://secure.viewer.zmags.com/publication/6dcf3162?page=16"> / LEAD FEATURE GOOGLE DESKTOP FORENSICS Digital </a> <a title="DFM15 - Online page 17" href="https://secure.viewer.zmags.com/publication/6dcf3162?page=17"> / How Does Google Desktop Work? Google Desktop cr</a> <a title="DFM15 - Online page 18" href="https://secure.viewer.zmags.com/publication/6dcf3162?page=18"> / LEAD FEATURE Google Desktop creates a r</a> <a title="DFM15 - Online page 19" href="https://secure.viewer.zmags.com/publication/6dcf3162?page=19"> The amount of time that Google Desktop inde</a> <a title="DFM15 - Online page 20" href="https://secure.viewer.zmags.com/publication/6dcf3162?page=20"> / LEAD FEATURE indexed, as well as a link to </a> <a title="DFM15 - Online page 21" href="https://secure.viewer.zmags.com/publication/6dcf3162?page=21"> indexed for some reason. An initial theory was th</a> <a title="DFM15 - Online page 22" href="https://secure.viewer.zmags.com/publication/6dcf3162?page=22"> </a> <a title="DFM15 - Online page 23" href="https://secure.viewer.zmags.com/publication/6dcf3162?page=23"> / LEGAL EDITORIAL LEGAL EDITORIAL Thoughts on </a> <a title="DFM15 - Online page 24" href="https://secure.viewer.zmags.com/publication/6dcf3162?page=24"> / LEGAL FEATURE INSIDE THAILAND'S COMPUTER CRI</a> <a title="DFM15 - Online page 25" href="https://secure.viewer.zmags.com/publication/6dcf3162?page=25"> “Computer System” means a piece of equipment </a> <a title="DFM15 - Online page 26" href="https://secure.viewer.zmags.com/publication/6dcf3162?page=26"> / LEGAL FEATURE A DENIAL OF SERVICE (DOS) ATTAC</a> <a title="DFM15 - Online page 27" href="https://secure.viewer.zmags.com/publication/6dcf3162?page=27"> to legitimate user requests. A Distributed DoS (D</a> <a title="DFM15 - Online page 28" href="https://secure.viewer.zmags.com/publication/6dcf3162?page=28"> / LEGAL NEWS ALERT LEGAL NEWS ALERT Google set</a> <a title="DFM15 - Online page 29" href="https://secure.viewer.zmags.com/publication/6dcf3162?page=29"> </a> <a title="DFM15 - Online page 30" href="https://secure.viewer.zmags.com/publication/6dcf3162?page=30"> / FEATURE FUZZING RISKS IN SOFTWARE TOOLS Bug</a> <a title="DFM15 - Online page 31" href="https://secure.viewer.zmags.com/publication/6dcf3162?page=31"> to create malformed data structures through metho</a> <a title="DFM15 - Online page 32" href="https://secure.viewer.zmags.com/publication/6dcf3162?page=32"> / FEATURE Acceptance Result </a> <a title="DFM15 - Online page 33" href="https://secure.viewer.zmags.com/publication/6dcf3162?page=33"> / Anti-forensic Actions The widespread adoption a</a> <a title="DFM15 - Online page 34" href="https://secure.viewer.zmags.com/publication/6dcf3162?page=34"> / FEATURE (see Figure 1). The question then a</a> <a title="DFM15 - Online page 35" href="https://secure.viewer.zmags.com/publication/6dcf3162?page=35"> amount of processing time and has been prevented </a> <a title="DFM15 - Online page 36" href="https://secure.viewer.zmags.com/publication/6dcf3162?page=36"> </a> <a title="DFM15 - Online page 37" href="https://secure.viewer.zmags.com/publication/6dcf3162?page=37"> / FEATURE NOT FOR PROFIT CERTIFICATI</a> <a title="DFM15 - Online page 38" href="https://secure.viewer.zmags.com/publication/6dcf3162?page=38"> / FEATURE / Penetration Testing The foundation </a> <a title="DFM15 - Online page 39" href="https://secure.viewer.zmags.com/publication/6dcf3162?page=39"> </a> <a title="DFM15 - Online page 40" href="https://secure.viewer.zmags.com/publication/6dcf3162?page=40"> / MEET THE PROFESSIONALS MEET THE DF PROFESSI</a> <a title="DFM15 - Online page 41" href="https://secure.viewer.zmags.com/publication/6dcf3162?page=41"> How do you see the future of your research? I can</a> <a title="DFM15 - Online page 42" href="https://secure.viewer.zmags.com/publication/6dcf3162?page=42"> </a> <a title="DFM15 - Online page 43" href="https://secure.viewer.zmags.com/publication/6dcf3162?page=43"> </a> <a title="DFM15 - Online page 44" href="https://secure.viewer.zmags.com/publication/6dcf3162?page=44"> / FEATURE THE GREAT ESCAPE – WE'RE TUNNELLING </a> <a title="DFM15 - Online page 45" href="https://secure.viewer.zmags.com/publication/6dcf3162?page=45"> Every network administrator will be aware of </a> <a title="DFM15 - Online page 46" href="https://secure.viewer.zmags.com/publication/6dcf3162?page=46"> / FEATURE Remotebox$ stunnel stunnel.conf </a> <a title="DFM15 - Online page 47" href="https://secure.viewer.zmags.com/publication/6dcf3162?page=47"> This sets the ID to 1980 (a great decade) and</a> <a title="DFM15 - Online page 48" href="https://secure.viewer.zmags.com/publication/6dcf3162?page=48"> / FEATURE Although these transforms are</a> <a title="DFM15 - Online page 49" href="https://secure.viewer.zmags.com/publication/6dcf3162?page=49"> / COMPETITION COMPETITION / Win one of Two SARC </a> <a title="DFM15 - Online page 50" href="https://secure.viewer.zmags.com/publication/6dcf3162?page=50"> / LETTERS 360° HYour chance to have your say… </a> <a title="DFM15 - Online page 51" href="https://secure.viewer.zmags.com/publication/6dcf3162?page=51"> LinkedIn The DFM LinkedIn Group now has grown pas</a> <a title="DFM15 - Online page 52" href="https://secure.viewer.zmags.com/publication/6dcf3162?page=52"> Digital ForensicS / magazine BACK ISSUES The Quar</a> <a title="DFM15 - Online page 53" href="https://secure.viewer.zmags.com/publication/6dcf3162?page=53"> / FROM THE LAB DETECTING STEGANOGRAPHY IN THE </a> <a title="DFM15 - Online page 54" href="https://secure.viewer.zmags.com/publication/6dcf3162?page=54"> / FROM THE LAB InPlainV</a> <a title="DFM15 - Online page 55" href="https://secure.viewer.zmags.com/publication/6dcf3162?page=55"> </a> <a title="DFM15 - Online page 56" href="https://secure.viewer.zmags.com/publication/6dcf3162?page=56"> / FROM THE LAB / How Does StegAlyzerFS Work? St</a> <a title="DFM15 - Online page 57" href="https://secure.viewer.zmags.com/publication/6dcf3162?page=57"> there are a large number of compressed files or ar</a> <a title="DFM15 - Online page 58" href="https://secure.viewer.zmags.com/publication/6dcf3162?page=58"> </a> <a title="DFM15 - Online page 59" href="https://secure.viewer.zmags.com/publication/6dcf3162?page=59"> / FEATURE EVERYTHING TIME This article will ex</a> <a title="DFM15 - Online page 60" href="https://secure.viewer.zmags.com/publication/6dcf3162?page=60"> / FEATURE / THE SANS SIFT WORKSTATION The SANS S</a> <a title="DFM15 - Online page 61" href="https://secure.viewer.zmags.com/publication/6dcf3162?page=61"> Figure 3. Example of Interactive Chart Displaying</a> <a title="DFM15 - Online page 62" href="https://secure.viewer.zmags.com/publication/6dcf3162?page=62"> / FEATURE Fi</a> <a title="DFM15 - Online page 63" href="https://secure.viewer.zmags.com/publication/6dcf3162?page=63"> filtering. Filters may be created for common fields</a> <a title="DFM15 - Online page 64" href="https://secure.viewer.zmags.com/publication/6dcf3162?page=64"> / FEATURE LAUNCHING ECENTRE European Commission </a> <a title="DFM15 - Online page 65" href="https://secure.viewer.zmags.com/publication/6dcf3162?page=65"> The major ECENTRE project tasks include: · Devel</a> <a title="DFM15 - Online page 66" href="https://secure.viewer.zmags.com/publication/6dcf3162?page=66"> </a> <a title="DFM15 - Online page 67" href="https://secure.viewer.zmags.com/publication/6dcf3162?page=67"> / FEATURE RAISING THE BAR IN WINDOWS REGISTRY </a> <a title="DFM15 - Online page 68" href="https://secure.viewer.zmags.com/publication/6dcf3162?page=68"> / FEATURE Recon Vie</a> <a title="DFM15 - Online page 69" href="https://secure.viewer.zmags.com/publication/6dcf3162?page=69"> using some sample Windows 7 Registry keys. Please</a> <a title="DFM15 - Online page 70" href="https://secure.viewer.zmags.com/publication/6dcf3162?page=70"> / FEATURE USBOblivion / Reg</a> <a title="DFM15 - Online page 71" href="https://secure.viewer.zmags.com/publication/6dcf3162?page=71"> COMING SOON… A round-up of features and article</a> <a title="DFM15 - Online page 72" href="https://secure.viewer.zmags.com/publication/6dcf3162?page=72"> / PRODUCT REVIEW FAW – FORENSICS ACQUISITION </a> <a title="DFM15 - Online page 73" href="https://secure.viewer.zmags.com/publication/6dcf3162?page=73"> / Acquisition The program allows acquiring a whol</a> <a title="DFM15 - Online page 74" href="https://secure.viewer.zmags.com/publication/6dcf3162?page=74"> / PRODUCT REVIEW · The star</a> <a title="DFM15 - Online page 75" href="https://secure.viewer.zmags.com/publication/6dcf3162?page=75"> </a> <a title="DFM15 - Online page 76" href="https://secure.viewer.zmags.com/publication/6dcf3162?page=76"> / PRODUCT REVIEW NUIX INVESTIGATOR 4.2 W </a> <a title="DFM15 - Online page 77" href="https://secure.viewer.zmags.com/publication/6dcf3162?page=77"> Figure 2 / Investigative Interface Once the dat</a> <a title="DFM15 - Online page 78" href="https://secure.viewer.zmags.com/publication/6dcf3162?page=78"> / PRODUCT REVIEW / Case Subsetting As I mention</a> <a title="DFM15 - Online page 79" href="https://secure.viewer.zmags.com/publication/6dcf3162?page=79"> </a> <a title="DFM15 - Online page 80" href="https://secure.viewer.zmags.com/publication/6dcf3162?page=80"> / BOOK REVIEWS BOOK REVIEWS Hacking the Human </a> <a title="DFM15 - Online page 81" href="https://secure.viewer.zmags.com/publication/6dcf3162?page=81"> The book begins with a review of basic fore</a> <a title="DFM15 - Online page 82" href="https://secure.viewer.zmags.com/publication/6dcf3162?page=82"> / COLUMN IRQ A rose by any uvver name… Tby Angus</a> <a title="DFM15 - Online page 83" href="https://secure.viewer.zmags.com/publication/6dcf3162?page=83"> </a> <a title="DFM15 - Online page 84" href="https://secure.viewer.zmags.com/publication/6dcf3162?page=84"> </a>