Tag Archive for: INCLUDE

Equipment to include in a computer forensic toolkit

/in


For those beginning their computer forensic investigator career, an important aspect to consider is what equipment is needed to carry out successful investigations.

While software is a critical component of the job, examiners should have a complete computer forensic toolkit that consists of a computer workstation and a response kit to take out into the field.

In Learn Computer Forensics: Your one-stop guide to searching, analyzing, acquiring, and securing digital evidence, computer forensic investigator and author William Oettinger teaches new and experienced investigators everything they need to search for and analyze digital evidence, including which software and hardware to consider.

In the following excerpt from Chapter 2, learn about the forensic analysis process, starting with a look at the equipment Oettinger recommends including in a computer forensic toolkit. Download a PDF of the rest of Chapter 2 here.

Check out an interview with Oettinger, where he offers advice on starting down the computer forensic investigator career path.

The Forensic Analysis Process

We will now discuss the forensic analysis process. As a forensic investigator, you will need to create a strategy that will enable you to conduct an efficient investigation. You also need to make sure you are familiar with your tools and the results that they will provide. Without a process, you will waste time examining data that will not impact your investigation, and you will not be able to rely on your tools. In addition, you want to make sure you get valid results from the tools you deploy. Finally, to be thorough and efficient, you must use critical thinking to determine the best investigation or exam method.

Book cover image for Learn Computer Forensics by William OettingerClick here to learn more about

Learn Computer Forensics.

While there are similarities in every investigation, you will find differences that will require you to have an exam strategy to be efficient. I am not a fan of keeping an examination checklist because there will be areas that aren’t relevant, such as different operating systems, physical topography of the network, criminal elements, and suspects. These variables ensure that no two examinations or investigations are the same and will…

Source…

Pinnacle Health hack: Sensitive files posted to the dark web include ‘confidential’ report

/in


Sensitive files posted to the dark web, Auckland’s new mayor gets to work and police on the scene in Wattle Downs in the latest NZ Herald headlines. Video / NZ Herald

Sensitive patient files and high-level data stolen in a cyber attack on a major primary health provider have been posted to the dark web by a ransomware group with Russian links, the Herald can reveal.

In a statement last night, Pinnacle Midlands Health Network — which operates dozens of North Island GP practices — confirmed the upload of stolen material to the net, following a “cyber incident” last week.

While the number of affected patients has not been made public, initial reports suggested hackers may have had access to as many as 450,000 people’s information.

Justin Butcher, CEO of Pinnacle Incorporated, told the Herald information illegally obtained was uploaded to the internet by “malicious actors”.

The information and data related to past and present patients and customers of the Pinnacle group in the Waikato, Lakes, Taranaki and Tairawhiti districts. It also includes Primary Health Care Ltd (PHCL) practices from across Taranaki, Rotorua, Taupō-Tūrangi, Thames-Coromandel and Waikato.

The information in the breach includes high-level data related to the use of hospital services, claiming information related to services that Pinnacle provides, and information sent to practices around immunisation and screening status of individual patients.

“Over the past 24 hours, we were notified by our security experts that the data taken from our IT platform had been released by malicious actors,” Butcher confirmed.

“We acknowledge that this will be concerning to our patients and their whānau, and we are taking this seriously, our immediate focus is on supporting people who may have been impacted, and working with the authorities to ensure we are doing everything we need to be.”

Pinnacle chief executive Justin Butcher said investigations were still under way but he believed attackers accessed information that could include commercial and personal details. Photo / Supplied
Pinnacle chief executive Justin Butcher said investigations were still under way but he believed attackers accessed information that could include commercial and personal details. Photo / Supplied

While Pinnacle does not hold GP notes and consultation records, Butcher said the company “now have a much clearer understanding of the breadth of…

Source…

Suffolk documents posted by hackers include traffic tickets with defendants’ names, and county contracts

/in


Documents published by a group taking responsibility for the ransomware attack on Suffolk County government include speeding tickets, contracts with county vendors, and a handwritten marriage license from 1908, according to a Newsday review of the materials.

Such documents, which in some cases show the names, addresses and dates of birth of county residents, could contain increasingly sensitive information as hackers press their demands, one cybersecurity expert said.

Steve Morgan, founder of Cybersecurity Ventures in Northport, which provides data and research to the information technology industry, said ransomware hackers sometimes will start by leaking less sensitive data in what they consider to be a show of good faith to open ransom negotiations.

“They’re putting data out to try to provide evidence that we have your data, and we’re willing to put your data out, but without putting out anything that would be too compromising to scare the county,” Morgan told Newsday Monday.

Morgan said hackers could continue to leak increasingly sensitive information to ramp up pressure on the county.

“The worst of what they have is the last that would get published,” Morgan said.

Suffolk County took down its web-based applications and websites on Sept. 8 following a cyberattack on county computer systems.

On Friday, Suffolk County Executive Steve Bellone announced cybercriminals had taken credit for a hack on county government.

Bellone said county officials were working to protect sensitive information.

County officials referred to postings on the “dark web” — an anonymized portion of the internet where criminal activity can occur — attributing the attack to the BlackCat or ALPHV strain of ransomware.

County officials have not said whether hackers have made a ransom demand, and have offered no timeline for when county operations could be back online.

An updated posting Monday said the hackers were seeking an unspecified “small reward.”

County officials did not respond immediately for comment last night.

Earlier Monday, Marykate Guilfoyle, a spokeswoman for Bellone, said county officials were continuing to assess the attack.

In their post on the dark…

Source…

Meta Expands Bug-Bounty Program to Include Data Scraping

/in


Meta, recently rebranded from Facebook, today announced the expansion of its bug-bounty and data-bounty programs to reward valid reports of so-called scraping bugs and scraped databases with monetary compensation and matched charity donations, respectively.

The move is meant to address the risk of attack activity designed to scrape public and private data, which poses a threat to all kinds of websites and services. Scrapers such as malicious apps, websites, and scripts are constantly being updated to evade detection; the idea here is to make the process harder and more expensive for attackers, explained Dan Gurfinkel, security engineering manager, in a blog post.

The programs will start as a private bounty track for Meta’s Gold+ HackerPlus researchers. The company will reward reports of scraping methods, even if the targeted data is public, he noted. Its goal is to find bugs that allow attackers to bypass scraping limitations and access data at a larger scale than a product intended.

“Our goal is to quickly identify and counter scenarios that might make scraping less costly for malicious actors to execute,” he wrote. To the best of the company’s knowledge, this is the industry’s first data-scraping bug-bounty program.

Lack of proper rate limiting is currently included in the program’s scope, Gurfinkel continued, but its terms don’t allow hackers to automate data access and collection. Meta is encouraging research into logic bypass issues that could enable attackers to access information through untended mechanisms, even if proper rate limits are in place.

Starting Dec. 15, Meta’s bug-bounty program will reward reports of unprotected or openly public databases containing at least 100,000 unique Facebook user records with personally identifiable information (PII) or sensitive data, such as email addresses, phone numbers, physical addresses, or religious or political affiliations.

“The reported dataset must be unique and not previously known or reported to Meta,” Gurfinkel wrote. “We aim to learn from this effort so we can expand the scope to smaller datasets over time.”

If it’s confirmed that PII was scraped and is available on a website outside Meta, the company says it will “work to…

Source…