Forensics Section

DRUG

New member
Data Recovery IMHO walks hand to hand with forensics.

Perhaps we could create a section dedicated for the use of XWAYS and other forensics software.

I'd like to suggest a section for Security & Penetration Testing, as the industry standards for keeping the data where it belongs keep improving and makes me believe that in a 5 year time lenght there will be a great market. This would apply for encription solutions, safe networks, etc. All this because even though our priority is to recover data, keeping the data safe should be a skill some of us could have more insight!
 

HaQue

Moderator
I agree, I stay current with as much InfoSec as I can, and try to with forensic info as well, though there isn't as much content produced for forensics as there is InfoSec. I believe with all the ransomware, and the way it is crossing over to the DR field with filesystems being messed with and partitions now.. then it certainly will benefit to at least watch the discussions.

If anyone knows any good forensic centric podcasts, please let me know.. Since Forensic4cast has died, and cyberspeak has produced one single podcast in 2015(despite the hope it would be back) I haven't found a single good one. I could list a dozen InfoSec ones, but at a bare minimum, you should listen to:
Risky Business
Grumpy Old Geeks / Up To Speed
The CyberWire
Defensive Security
Liquidmatrix Security Digest
Pauls Security Wekly / Hack named TV
Southern Fried Security
TrustedSec Security Podcast
ChetChat Sophos Podcast
Take 1 Security
Brakeing down Security


There are a few more I wont list as they have stagnated such as InfoSec Hot button.. Which I loved because Boris and the guys were like Janice from accounting.. she don't give a ....!) and Tonys' Standard deviant podcast.

I think it is remiss to ignore InfoSec / forensics if you have any stake in technology
 

DRUG

New member
jol":1gdxo0lo said:
[post]4857[/post]
DRUG":1gdxo0lo said:
[post]4854[/post]keeping the data safe should be a skill some of us could have more insight!
But will reduce our clients :lol:

Nowadays keeping the data safe isn't something average joe will be able to do.

I'm not talking about backing up to a NAS or to a Cloud. I'm talking about not allowing 3rd parties to access your data. For instance, sqlinjection. Everyone knows that's no state of the art breach, but there are still so many sites vulnerable. In my country you can find top notch companies with poor coding jobs on their websites and that allows people with malicous intentions to dump their databases, work around XSS etc. With the new regulations coming from European Union about data safety, companies will be forced to protect themselves with encryption mechanisms to prevent that even if data is leaked, it won't be read by people without their permission.

I've been working with Sophos Safeguard and Wave (former SAFEND) and this kind of jobs will have more demand in a real near future (in a matter of months if you are Europe-based).
 

jol

Member
I'm not from the EU
regardless I think you overloading yourself for no reason, HDD DR, flash DR, forensic, data security...
 

HaQue

Moderator
DRUG":12cuyg2n said:
Nowadays keeping the data safe isn't something average joe will be able to do.

agree, but I will go a step further: the average joe knows so little about computers that they cant even backup effectively anymore.

average house:
* 1 - 4 iphones, an ipad or 2 ... do they even REALLY know what iCloud is, or encrypted backups, or where the backups are, or.. or... or??
* 2 or 3 laptops and probably a desktop .. if all these are backed up and malware free it would be a miracle
* other IoT stuff.. TV, Media players, SOHO router.. are the firmwares updated, vuln free? even HAVE updates for some major vulnerable code?
* credential management.. passwords not re-used, shared or stupid?? changed sometimes, or even wilder thought, using a password manager? wifi secured?
* Credit monitored? would they even know if credit was compromised, or identity?
* practice safe computing with USB devices, flash drives etc?
* best of all.. do the say "oh, why do we have to listen to your hacking ****?" when you try and bring attention to Ransomware and to be careful with attachments and macros!

I could go on and on, but this is 90% of the population.. IMHO!
 

DRUG

New member
HaQue":1jhjqa8g said:
[post]4861[/post]
DRUG":1jhjqa8g said:
Nowadays keeping the data safe isn't something average joe will be able to do.

agree, but I will go a step further: the average joe knows so little about computers that they cant even backup effectively anymore.

average house:
* 1 - 4 iphones, an ipad or 2 ... do they even REALLY know what iCloud is, or encrypted backups, or where the backups are, or.. or... or??
* 2 or 3 laptops and probably a desktop .. if all these are backed up and malware free it would be a miracle
* other IoT stuff.. TV, Media players, SOHO router.. are the firmwares updated, vuln free? even HAVE updates for some major vulnerable code?
* credential management.. passwords not re-used, shared or stupid?? changed sometimes, or even wilder thought, using a password manager? wifi secured?
* Credit monitored? would they even know if credit was compromised, or identity?
* practice safe computing with USB devices, flash drives etc?
* best of all.. do the say "oh, why do we have to listen to your hacking poop?" when you try and bring attention to Ransomware and to be careful with attachments and macros!

I could go on and on, but this is 90% of the population.. IMHO!

Average joe will find out a usb drive on the floor, pick it up and insert it on his computer. This was massive and is still the best method for BadUSB to still work even though its primitive work to replace Phison 2251-03 to a custom firmware and make the usb be recognized as a keyboard. Average joe will think this is NSA grade level job, but someone with a bit of tech expertise can mass produce this device to create their own botnet or to have reverse shells on random computers.
 

HaQue

Moderator
Only this week on one of the podcasts I mentioned they talked about a guy that bought an IP camera on ebay - pre-loaded with malware.
I myself was buying lots of flash drives on ebay, I think I even posted on HDDGuru about when at least 3 had malware on them. I suspect they had been sitting around since a couple of years ago when USB based malware was really rampant. I had a huge battle getting malware out of Edu environments... it was on students and staff drives, and home computers with different variants re-infecting daily. People would even say straight out oh, we have viruses and the computer is slow... so Blaise..but not bothering to do anything about it.. I showed one customer a file something like key.log and it basically contained every keystroke - that got their attention ;-)
Ransomware is bad, but I think the current trend of buying or hiring malware C&C consoles is really bad. law enforcement can track down the dumbasses that use these fairly easy, then they need to get the vendors of them, and then another level back, get the creators of them. These Cretins don't need to abide by the law and can be very agile, hiring consoles for even 1 day. Law enforcement need to investigate, deal with warrants and wire tapping laws, different jurisdictions.. plus try and keep up with all the new crap out there. They definitely have their work cut out for them.

The good news is that they are shutting some of these things down, I heard about one today that was something like a 2,000 machine botnet for spam. (how is THAT still a thing?)

Anyone looking for a career couldn't go wrong if they got some skills in InfoSec. Not like you would run out of work any time soon! :)
 

Jared

Administrator
Staff member
I'm up for the idea of adding forensics and info security sections. Probably could move a lot of crypto virus discussions into that section.

I'm not sure that many current users of this forum are in the forensics side of the business, but as they say "if you build it, they will come".

Though I have a Salvation Data section, and they aren't coming. Not sure why...doh!

Sent from my SM-N900V using Tapatalk
 
Top