DFM16 - Online

If you are visually impaired or blind, you can visit the PDF version by Pressing CONTROL + ALT + 4

* { font-family: Arial, Helvetica, sans-serif; font-size: 12px; color: #5F6265 } body { background-color: #FFF; padding: 15px } h1 { font-size: 17px; font-weight: 700; border-bottom: 1px solid #D1E7B2; font-family: Tahoma, Geneva, sans-serif } p, li { padding: 5px 0 5px 0; } ul { padding-left: 40px; } a:link,a:visited,a:active,a:hover { text-decoration: underline; color: #5F6265 } #application,#applicationContainer { display: none } You need a JavaScript-enabled browser to view this PublicationPlease follow these steps to view the Publication:

Enable JavaScript in your browser

Refresh this page

Best regards
Zmags

The Quarterly Magazine for Digital Forensics Practitioners AN IPOD NANO IN THIS WIN! ISSUE'S COMPETITION ISSUE 16 AUGUST 2013 INSIDE / Using Google Earth / Utilising REP Data / Social Network StegANOGRAPHY / THE History of Malware VM INTROSPECTION Unearthing and proﬁling sophisticated x64 bit kernel mode 16 “bootkits” that continue to leverage holes on Windows 7 9 772042 061004 Issue 16 / £14.99 TR Media / REGULARS / INTRODUCING / FROM THE LAB / Book Reviews NEWS, 360, irq, A Fresh Look at Creating New Frontiers CUDA Programming & LEGAL & more… Cryptography For Live Forensics Silence on the Wir<a title="DFM16 - Online page 1" href="https://secure.viewer.zmags.com/publication/e9f4a3bd?page=1"> The Quarterly Magazine for Digital Forensics Prac</a> <a title="DFM16 - Online page 2" href="https://secure.viewer.zmags.com/publication/e9f4a3bd?page=2"> </a> <a title="DFM16 - Online page 3" href="https://secure.viewer.zmags.com/publication/e9f4a3bd?page=3"> EDITORIAL O </a> <a title="DFM16 - Online page 4" href="https://secure.viewer.zmags.com/publication/e9f4a3bd?page=4"> </a> <a title="DFM16 - Online page 5" href="https://secure.viewer.zmags.com/publication/e9f4a3bd?page=5"> CONTENTS / DIGITAL FORENSICS MAGAZINE </a> <a title="DFM16 - Online page 6" href="https://secure.viewer.zmags.com/publication/e9f4a3bd?page=6"> / NEWS NEWS The `Cyber-Attack' threat to Londo</a> <a title="DFM16 - Online page 7" href="https://secure.viewer.zmags.com/publication/e9f4a3bd?page=7"> Stevenson Universirty offering free forensics MOO</a> <a title="DFM16 - Online page 8" href="https://secure.viewer.zmags.com/publication/e9f4a3bd?page=8"> </a> <a title="DFM16 - Online page 9" href="https://secure.viewer.zmags.com/publication/e9f4a3bd?page=9"> / FEATURE FIVE TIPS FOR USING GOOGLE EARTH IN </a> <a title="DFM16 - Online page 10" href="https://secure.viewer.zmags.com/publication/e9f4a3bd?page=10"> / FEATURE Moving temp</a> <a title="DFM16 - Online page 11" href="https://secure.viewer.zmags.com/publication/e9f4a3bd?page=11"> Adding Picture Edit Box / Google Earth Default </a> <a title="DFM16 - Online page 12" href="https://secure.viewer.zmags.com/publication/e9f4a3bd?page=12"> / FEATURE Picture before </a> <a title="DFM16 - Online page 13" href="https://secure.viewer.zmags.com/publication/e9f4a3bd?page=13"> Zooming Into Pictures You may have noticed </a> <a title="DFM16 - Online page 14" href="https://secure.viewer.zmags.com/publication/e9f4a3bd?page=14"> / FEATURE Adding HTM</a> <a title="DFM16 - Online page 15" href="https://secure.viewer.zmags.com/publication/e9f4a3bd?page=15"> </a> <a title="DFM16 - Online page 16" href="https://secure.viewer.zmags.com/publication/e9f4a3bd?page=16"> / FEATURE GOOGLE DESKTOP FORENSICS, PART 2 Digit</a> <a title="DFM16 - Online page 17" href="https://secure.viewer.zmags.com/publication/e9f4a3bd?page=17"> Figure 1. Misleading “No Desktop Results” Message</a> <a title="DFM16 - Online page 18" href="https://secure.viewer.zmags.com/publication/e9f4a3bd?page=18"> / FEATURE / Hash Functions Hash functions are pr</a> <a title="DFM16 - Online page 19" href="https://secure.viewer.zmags.com/publication/e9f4a3bd?page=19"> / Windows EFS Encrypting File System (EFS) is a f</a> <a title="DFM16 - Online page 20" href="https://secure.viewer.zmags.com/publication/e9f4a3bd?page=20"> </a> <a title="DFM16 - Online page 21" href="https://secure.viewer.zmags.com/publication/e9f4a3bd?page=21"> / LEGAL EDITORIAL LEGAL EDITORIAL Patent Trol</a> <a title="DFM16 - Online page 22" href="https://secure.viewer.zmags.com/publication/e9f4a3bd?page=22"> / LEGAL FEATURE A NEW APPROACH TO CYBERCRIME </a> <a title="DFM16 - Online page 23" href="https://secure.viewer.zmags.com/publication/e9f4a3bd?page=23"> / Draft Guidance from the EP/LIBE On 03 June 2013</a> <a title="DFM16 - Online page 24" href="https://secure.viewer.zmags.com/publication/e9f4a3bd?page=24"> vulnerabilities, due to their increased dependenc</a> <a title="DFM16 - Online page 25" href="https://secure.viewer.zmags.com/publication/e9f4a3bd?page=25"> approach against Cybercrime. Any need for EU acti</a> <a title="DFM16 - Online page 26" href="https://secure.viewer.zmags.com/publication/e9f4a3bd?page=26"> / LEGAL NEWS ALERT LEGAL NEWS ALERT Crime does</a> <a title="DFM16 - Online page 27" href="https://secure.viewer.zmags.com/publication/e9f4a3bd?page=27"> </a> <a title="DFM16 - Online page 28" href="https://secure.viewer.zmags.com/publication/e9f4a3bd?page=28"> / FEATURE SOCIAL NETWORKING STEGANOGRAPHY OPPO</a> <a title="DFM16 - Online page 29" href="https://secure.viewer.zmags.com/publication/e9f4a3bd?page=29"> Facebook Badoo Google+ Compressed image</a> <a title="DFM16 - Online page 30" href="https://secure.viewer.zmags.com/publication/e9f4a3bd?page=30"> / FEATURE Facebook and added Bob as a member </a> <a title="DFM16 - Online page 31" href="https://secure.viewer.zmags.com/publication/e9f4a3bd?page=31"> Facebook Google+ Features Tools us</a> <a title="DFM16 - Online page 32" href="https://secure.viewer.zmags.com/publication/e9f4a3bd?page=32"> / FEATURE another technique to assure secret </a> <a title="DFM16 - Online page 33" href="https://secure.viewer.zmags.com/publication/e9f4a3bd?page=33"> </a> <a title="DFM16 - Online page 34" href="https://secure.viewer.zmags.com/publication/e9f4a3bd?page=34"> / FEATURE UTILISING REPUTATION DATA TO INCREAS</a> <a title="DFM16 - Online page 35" href="https://secure.viewer.zmags.com/publication/e9f4a3bd?page=35"> simulated OS is analysed for changes that could i</a> <a title="DFM16 - Online page 36" href="https://secure.viewer.zmags.com/publication/e9f4a3bd?page=36"> / FEATURE all malware share, network communic</a> <a title="DFM16 - Online page 37" href="https://secure.viewer.zmags.com/publication/e9f4a3bd?page=37"> / Linux tools Grep – a command-line utility for s</a> <a title="DFM16 - Online page 38" href="https://secure.viewer.zmags.com/publication/e9f4a3bd?page=38"> / FEATURE information can then be used to loo</a> <a title="DFM16 - Online page 39" href="https://secure.viewer.zmags.com/publication/e9f4a3bd?page=39"> </a> <a title="DFM16 - Online page 40" href="https://secure.viewer.zmags.com/publication/e9f4a3bd?page=40"> / MEET THE PROFESSIONALS MEET THE DF PROFESSIO</a> <a title="DFM16 - Online page 41" href="https://secure.viewer.zmags.com/publication/e9f4a3bd?page=41"> What are your main areas of interest and research</a> <a title="DFM16 - Online page 42" href="https://secure.viewer.zmags.com/publication/e9f4a3bd?page=42"> </a> <a title="DFM16 - Online page 43" href="https://secure.viewer.zmags.com/publication/e9f4a3bd?page=43"> </a> <a title="DFM16 - Online page 44" href="https://secure.viewer.zmags.com/publication/e9f4a3bd?page=44"> / FEATURE IPHONE BACK-UP FILES A viable source</a> <a title="DFM16 - Online page 45" href="https://secure.viewer.zmags.com/publication/e9f4a3bd?page=45"> kept to a minimum by excluding data that is non-e</a> <a title="DFM16 - Online page 46" href="https://secure.viewer.zmags.com/publication/e9f4a3bd?page=46"> / FEATURE Information that can be found</a> <a title="DFM16 - Online page 47" href="https://secure.viewer.zmags.com/publication/e9f4a3bd?page=47"> sufﬁcient format that can be interpreted or utili</a> <a title="DFM16 - Online page 48" href="https://secure.viewer.zmags.com/publication/e9f4a3bd?page=48"> / FEATURE would be a simple process and is li</a> <a title="DFM16 - Online page 49" href="https://secure.viewer.zmags.com/publication/e9f4a3bd?page=49"> Digital ForensicS / magazine BACK ISSUES </a> <a title="DFM16 - Online page 50" href="https://secure.viewer.zmags.com/publication/e9f4a3bd?page=50"> / LETTERS 360° HYour chance to have your say… </a> <a title="DFM16 - Online page 51" href="https://secure.viewer.zmags.com/publication/e9f4a3bd?page=51"> “Oh no, the suspect ran CCleaner to get rid of th</a> <a title="DFM16 - Online page 52" href="https://secure.viewer.zmags.com/publication/e9f4a3bd?page=52"> / FROM THE LAB VM INTROSPECTION: CREATING NEW </a> <a title="DFM16 - Online page 53" href="https://secure.viewer.zmags.com/publication/e9f4a3bd?page=53"> No LAVA Event </a> <a title="DFM16 - Online page 54" href="https://secure.viewer.zmags.com/publication/e9f4a3bd?page=54"> / FROM THE LAB The event trace immediatel</a> <a title="DFM16 - Online page 55" href="https://secure.viewer.zmags.com/publication/e9f4a3bd?page=55"> In our example the ﬁrst thing that the Gapz d</a> <a title="DFM16 - Online page 56" href="https://secure.viewer.zmags.com/publication/e9f4a3bd?page=56"> / FROM THE LAB Sample File System Activit</a> <a title="DFM16 - Online page 57" href="https://secure.viewer.zmags.com/publication/e9f4a3bd?page=57"> </a> <a title="DFM16 - Online page 58" href="https://secure.viewer.zmags.com/publication/e9f4a3bd?page=58"> / FEATURE HISTORY OF MALWARE In the past three</a> <a title="DFM16 - Online page 59" href="https://secure.viewer.zmags.com/publication/e9f4a3bd?page=59"> of the omega sign that it wrote in certain condit</a> <a title="DFM16 - Online page 60" href="https://secure.viewer.zmags.com/publication/e9f4a3bd?page=60"> / FEATURE One-half or Slovak bomber was</a> <a title="DFM16 - Online page 61" href="https://secure.viewer.zmags.com/publication/e9f4a3bd?page=61"> Happy99 was the ﬁrst mail virus. It spread </a> <a title="DFM16 - Online page 62" href="https://secure.viewer.zmags.com/publication/e9f4a3bd?page=62"> </a> <a title="DFM16 - Online page 63" href="https://secure.viewer.zmags.com/publication/e9f4a3bd?page=63"> hosts. It could spread to Windows 95, 98, Me, NT </a> <a title="DFM16 - Online page 64" href="https://secure.viewer.zmags.com/publication/e9f4a3bd?page=64"> / FEATURE malware needed to crash the LSAS se</a> <a title="DFM16 - Online page 65" href="https://secure.viewer.zmags.com/publication/e9f4a3bd?page=65"> the victim. It used an exploit in the browser to </a> <a title="DFM16 - Online page 66" href="https://secure.viewer.zmags.com/publication/e9f4a3bd?page=66"> / FEATURE a Siemens Step 7 controller, and th</a> <a title="DFM16 - Online page 67" href="https://secure.viewer.zmags.com/publication/e9f4a3bd?page=67"> </a> <a title="DFM16 - Online page 68" href="https://secure.viewer.zmags.com/publication/e9f4a3bd?page=68"> / NEXT ISSUE COMING SOON… A round-up of feat</a> <a title="DFM16 - Online page 69" href="https://secure.viewer.zmags.com/publication/e9f4a3bd?page=69"> / FEATURE DIGITAL FORENSICS CAPABILITY WORKSHO</a> <a title="DFM16 - Online page 70" href="https://secure.viewer.zmags.com/publication/e9f4a3bd?page=70"> / FEATURE Challenge Solution (%age Sugges</a> <a title="DFM16 - Online page 71" href="https://secure.viewer.zmags.com/publication/e9f4a3bd?page=71"> / REvidence Source Categories & State of the </a> <a title="DFM16 - Online page 72" href="https://secure.viewer.zmags.com/publication/e9f4a3bd?page=72"> / COMPETITION COMPETITION / This issue we have</a> <a title="DFM16 - Online page 73" href="https://secure.viewer.zmags.com/publication/e9f4a3bd?page=73"> / COMPETITION WINNERS SARC WINNERS! StegAlyze</a> <a title="DFM16 - Online page 74" href="https://secure.viewer.zmags.com/publication/e9f4a3bd?page=74"> </a> <a title="DFM16 - Online page 75" href="https://secure.viewer.zmags.com/publication/e9f4a3bd?page=75"> / FEATURE A FRESH LOOK AT CRYPTOGRAPHY Are we</a> <a title="DFM16 - Online page 76" href="https://secure.viewer.zmags.com/publication/e9f4a3bd?page=76"> / FEATURE Figure 1. The S</a> <a title="DFM16 - Online page 77" href="https://secure.viewer.zmags.com/publication/e9f4a3bd?page=77"> Figure 3. Setting or Selecting a Simple Passphras</a> <a title="DFM16 - Online page 78" href="https://secure.viewer.zmags.com/publication/e9f4a3bd?page=78"> / FEATURE those involved in the cryptographic</a> <a title="DFM16 - Online page 79" href="https://secure.viewer.zmags.com/publication/e9f4a3bd?page=79"> </a> <a title="DFM16 - Online page 80" href="https://secure.viewer.zmags.com/publication/e9f4a3bd?page=80"> / BOOK REVIEWS BOOK REVIEWS CUDA Programming </a> <a title="DFM16 - Online page 81" href="https://secure.viewer.zmags.com/publication/e9f4a3bd?page=81"> Silence on the Wire Author: Michael Zalewski Pub</a> <a title="DFM16 - Online page 82" href="https://secure.viewer.zmags.com/publication/e9f4a3bd?page=82"> / COLUMN IRQ Facebook Follies Fby Angus Marshall</a> <a title="DFM16 - Online page 83" href="https://secure.viewer.zmags.com/publication/e9f4a3bd?page=83"> </a> <a title="DFM16 - Online page 84" href="https://secure.viewer.zmags.com/publication/e9f4a3bd?page=84"> </a>