ORDER OF VOLATILITY OF DIGITAL EVIDENCE

1. Not all information-based evidence is the same! Evidence can be organized into an “order of volatility” meaning how long it will stick around for you to collect until it automatically is lost.

2. Dan Farmer & Wietse Venema created the below table of evidence volatility, which is commonly referenced by forensic professionals. For example, information stored on a CD-R or some optical storage media can last for about 10-100 years depending on the brand used. Information stored in a computer’s main memory, by contrast, will last for only tens of nanoseconds before it is wiped out by the computer’s normal processing.

TYPE OF DATA	LIFESPAN
Registers, peripheral memory, caches, etc.	Nanoseconds or less
Main memory	Ten nanoseconds
Network state	Milliseconds
Running processes	Seconds
Disk	Minutes
Floppies, backup media, etc.	Years
CD-ROMs, printouts, etc.	Tens of years

3. Very critical from forensics point of view.....most people would want to turn a computer off (or at the very least unplug it from the network) when they realize an incident has occurred. However, as noted in the chart above, one will lose evidence in main memory and “network state” information (which other systems the computer is connected with and what information they are exchanging) with such an approach. Even shutting down a computer the “normal” way (Start / Turn Off Computer / Turn Off in Windows XP) can delete evidence, as Windows performs a number of housekeeping tasks in the shutdown process, such as closing opened files and clearing out the temporary disk cache.

4. Thanks Peter C. Hewitt (Read from Browser Forensics).

New Gen BIOMETRICS : PALMSECURE from FUJITSU

1. Quiet often we seen biometrics fingers,palm,eyes,retina being chopped off in Hollywood movies for gaining illegal access to control rooms and secure areas by the bad man...so we used to think like there is no end and no permanent solution to this....now comes a solution to this problem wherein not the fingerprint or the palm print is taken as authentication model....it is the veins inside that exist inside the palm that matter and should match...now these veins should also be flowing blood to authenticate the logger.

2. Fujitsu provides a highly reliable biometric authentication system based on palm vein pattern recognition technology. PalmSecure™ features industry-leading authentication accuracy with extremely low false rates, and the non-intrusive and contactless reader device provides ease of use with virtually no physiological restriction for all users.Applications include :

• Physical access control / Time and Attendance
• User authentication to PCs or server systems
• Government / Commercial identity management systems
• OEM terminal devices (POS, ATMs or information kiosks)
• Other industry-specific applications
• 
  

3. More about this here.

E-Waste & Indian Policy

1. In my earlier blog posts at here,here & here ,issues of e-waste and its repurcussions were mentioned.....now seems like Indian govt has attempted to wake herself up and find a solution.In a recent development,Directorate of Revenue Intelligence (DRI) seized some containers in Chennai containing large quantity of such waste. The imports were made despite a prohibitory order in this regard. The containers were full of outdated computers and electrical waste. On further investigation, it was found that containers carried hundreds of tonnes of e-waste sourced from Australia, Canada, Korea and Brunei in violation of norms.

2. E-waste is being dumped in the country by developing nations using loopholes in domestic rules which allow NGOs and educational institutions to import such gadgets freely on the pretext of donations. onscious of the fact that huge shipments of e-waste generated in developing countries are finding convenient burial ground in India, the government had through a public notice on May 13, 2010 prohibited educational and other institutions from importing second hand computers, laptops and computer peripherals, including printers, plotters, scanners, monitors, keyboards and storage units. The step was short of a complete ban on such imports.

3. The government is now looking at banning the import of used computers and other electronic waste - coming primarily from developed nations such as US, Australia, Canada and parts of Europe - after several cases of e-waste smuggling came to light recently. A decision is likely to be taken at the Economic Intelligence Council meeting scheduled for this month to be chaired by finance minister Pranab Mukherjee.

4. Thanks http://timesofindia.indiatimes.com

TABNAPPING : A new generation Cyber Crime

1. Another new term in the cyber crime is "Tabnapping" a combination of "tab" and "kidnapping" that could be used by phishers to dupe users into giving up passwords by secretly changing already-open browser tabs. All browsers on Windows and Mac OS X are vulnerable.It is thus a computer exploit,a kind of phishing attack, which persuades users to submit their login details and passwords to popular Web sites by impersonating those sites and convincing the user that the site is genuine. Eg . An open tab of Facebook for instance may be a false window. But very few of us may notice. As a result, we readily log in our username and password when prompted, only to fall to phishers.

2. Aza Raskin is the person behind coining this term,this 1984 born genius is an active phishing researcher.It is unlikely that Browser makers will patch this up soon the risk does not emanate from security vulnerabilities per se.

3. However, every major browser has a filter of some kind designed to weed out malicious sites and sites suspected of being infected with attack code. Those filters, assuming the blacklists underlying them are current and accurate, would block tabnapping attacks.

4. Thanks http://www.standardmedia.co.ke & http://www.couponsherpa.com

ScareWare : One more WAREior in the family

1. Adware,spyware,malware....and now one SCAREWARE.Imagine this...u r surfing innocently(???) on the web via your home/office PC,an advertisement appears on the web-page, trying to convince you that your computer is at risk and you must download the anti-virus to clean it. Once you click on the advertisement, a software trigger gets activated and you get caught in an unnerving loop impossible to abort. A scanner window will appear with red-letter warnings listing viruses purportedly infesting your hard drive. A series of dialogue boxes will follow giving you choices that all lead to the same screen: a sales pitch. Make the purchase, and you get a bogus inoculation. Try to cancel it, and you'll get repeated offers. It's like stepping into quicksand. The more you try to get out of it, the deeper you sink.....this is Scareware..the latest new generation way to get ur PC infected...although its first origin dates to sometime in 2004...its now that this is getting firm roots via increased strength of web surfers who are naive about security.

2. In brief, the scareware trickery ensnares internet users in the following steps:

• Criminals buy blocks of advertisement space on websites, intermittently slipping in a tainted advertisement.
• Just visiting a webpage with a tainted ad causes a fake warning box to appear.
• Clicking "OK" or "Cancel" launches the same thing: a "free scan."

After you've been lured into a fake "free" scan of your PC:

• The bogus scan will purport to find a virus infestation.
• Ensuing boxes steer the user to activate "Personal Antivirus," on left.
• The activation prompts take the user to a shopping cart.
• Declining to place an order triggers endless fake scans.

3. Thanks http://fanaticmedia.com

Man in the Browser Attack : New dimension of cyber attack

1. The name is interesting though and so is the working behind....MITB (Man in the Browser) attacks are designed by fraudsters to infect a web browser with malware which can result in mmodified web pages and transactions that are largely transparent to both the user and the host application.Trojans incl Silent Banker,Sinowal etc are pre programmed by fraudsters to activate when the user browser accesses a specific website such as their online banking portal.The activated trojan can then track the online session and perform real time interception etc that can lead to illegal money transfers,identity theft and further compromise on the users personal info.

2. The Man-in-the-Browser attack is the same approach as Man-in-the-middle attack, but in this case a Trojan Horse is used to intercept and manipulate calls between the browser and its security mechanisms or libraries in real time.A MitB attack will be successful irrespective of whether security mechanisms such as SSL/PKI and/or Two or Three Factor Authentication solutions are in place.

3. Thanks http://fanaticmedia.com/infosecurity/

BILL GATES & Khan Academy

1. I m a follower of Bill Gates on twitter and have come to know of this khan academy thru this......

2. When every one looks forward to learning from Bill Gates on so many aspects of IT education.....where do u guess his 11 year old son looks up-to for his education.....he follows Salman Khan...no no...not the Bollywood Dabanggg...he is another Salman Khan....click here to know more.....

3. Khan turns out thousands of videos from a converted walk-in closetin his Silicon Valley home (shown in this pic below) ...................gr888888888 work...and imagine the amount of effort that he has put in single handedly here......

4. This site at http://www.khanacademy.org/ has 1600 plus videos for school level maths,chemistry and science and many more subjects.....more news ....click here

Windows Systernals

1. I had not heard and read about this very low key but very powerful utility site which helps one manage, troubleshoot and diagnose Windows systems and applications incl so many unheard functions and utilities that one can go on and on exploring all.....the complete Windows systernals Suite can be downloaded by clicking here.

2. Another related site named Sysinternals Live is a service that enables to execute Sysinternals tools directly from the Web without hunting for and manually downloading them.

3. Must see and must try site.....click here to hit direct.

SALAAMI ATTACK

1. Ever seen your account with minute details of each and every penny/cent/paise in your account...I m sure many of you wouldn't have....how does it matter if its Rs 22323.45 or Rs 22322.12.....a difference of some paise ...we generally account for it against rounding off....but now on be ware...u may just be a salaami target....better known as Saalami Attack

2. An example of this also known as penny shaving, is the mal practice of stealing money repeatedly in extremely small quantities, usually by taking advantage of rounding off to the nearest money unit viz cent or paisa in financial transactions. It would be done by always rounding down, and putting the fractions of a cent into another account. The idea is to make the change small enough that any single transaction will go undetected.

3. IT comes with a whole lot of things...u get some,u loose some.....be ware.For more info click here, here and here.

4. Thanks http://www.cyberpolicebangalore.nic.in and http://en.wikipedia.org

TROJANs & BANK: Another story

1. Hard working hackers have recieved more then 700,000 pounds from thousands of bank accounts in Britain using a malicious software which claimants say is the deadliest,brutaliest(whats this???)trojan attack ever seen....

2. More then 4,000 online banking customers have found themselves as unwanted customers of this deal by hackers which empties their accounts while showing them fake statements so the crime goes undetected.This trojan is being termed and guessed as a variant of the Zeus trojan banking virus called Zeus v3. This is capable of collecting data such as passwords and even transfers money out of accounts automatically.

3. Beware ...nothing of this scale has happened till date in INDIA...why....because poor dont have much money and the rich keep and talk cash