January, 2008
The Directorate of Forensic Science laboratory, Government of Maharashtra Mumbai is holding a forensics awareness week from 7th to 11th Jan 2008.
The Director — Dr.Mrs R.Krishnamurthy is pleased to invite persons from the corporate world especially those who are working in the area of Risk management, frauds detection and In house Investigations to their lab at Kalina (Santa Cruz) to get first hand knowledge of the techniques that the lab is using at present.
All those who are interested in visiting this lab, may contact;
Dr. Mrs. S. R. Krishnamurthy,
Director
Directorate of Forensic Science Laboratories
Maharshtra State
Tel: 022 2667 0760. (direct).
Tel : 022 2667 0758/65 (board).
July, 2007
From NII Consulting
NII Consulting is glad to announce its fourth hands-on workshop for EC-Council’s “Certified Hacking Forensic Investigator (CHFI)” certificate course. As an Accredited Training Provider (ATP), NII is certified to teach the authorized curricula for security technologies.
The CHFI certification is awarded after successfully passing the EC0 312-49 exam. (The training fees include exam vouchers)
Read the full article »
June, 2007
by Kush Wadhwa, NII Consulting
Are you working as a cyber crime investigator and looking for something which can prove in court of law that there was some pornographic content on the suspect’s machine? Let me help you out in this case.There is a file with a name “thumbs.db” which is automatically generated by Windows XP whenever user views the folder or image in thumbs view or in filmstrip view. Automatic generation of this file is ON by default. Thumbs.db contains a copy of each of the tiny preview images generated for image files in that folder so that they load up quickly the next time you browse that folder. If a user tries to view this file by any image viewer then it will be of no use. For extracting the juicy content from this file, forensic investigator has to understand the header of the thumbs file present in thumbs.db. Let me explain step by step on how to extract useful content from thumbs.db file.
Read the full article »
May, 2007
by Kush Wadhwa, NII Consulting
There are times when you don’t have sufficient tools to understand the file system. At that time your knowledge in field of digital forensics will play a crucial role. In this article we will study a volume boot sector format of FAT32 file system and will see how to take out crucial information from it like sectors in particular volume, bytes per sector etc…I will be using Encase to explain this article but users can view their hard disk in any hex viewer like for win hex or xxd in Linux. Just open your hard disk’s fat volume in hex editor and follow the steps to understand it.
Read the full article »
February, 2007
by Kush Wadhwa, NII Consulting
Have you ever thought of what happens when you hit the delete button?
Delete: When we simply delete a file we are throwing that file in the recycle bin of that particular volume. For example, if file resides in C:\ drive having FAT32 as file system and we delete a file of C:\ drive then that file will move to C:\Recycled. But if it is an NTFS volume then the file will move to \Recycler\.
Shift+Delete: When we hit Shift+Delete the file will not move to Recycled or Recycler. Instead it will by pass these two folders and will simply be deleted. In such scenarios the user does not have an option to restore a file from these two folders.
Read the full article »
October, 2006
By, K K Mookhey
At long last there is news that changes will definitely be made to the Indian IT Act, purportedly due to the latest series of BPO scams. These have ranged from employees leaking out customer information to actually transferring customer money into their own bank accounts. Given the list of changes that are being proposed to be made, I seriously doubt it will make a difference.
Read the full article »
August, 2006
by Bhushan Shah, NII Consulting
Mrs Carol L. Stimmel has taken upon her to start a Computer Forensic Volunteer Project to provide low-cost services to those who cannot assert advantage from our skills.
Here is a bit taken from the press release:-
“As expert members of the international computer forensics community which provides unique and highly desirable services to the legal system, we assume a responsibility to provide services to those in need yet unable to pay. As a result, the Computer Forensics Volunteer Project (CFVP) provides pro bono and low-cost forensic services to individuals and organizations who normally would not be able to take advantage of the distinct litigation advantage provided by these techniques.”
On behalf of NII Consulting I have volunteered to take part in the project and would like to help people who cannot afford such services.
August, 2006
by K K Mookhey, NII Consulting
Scott Carney over at Trailing Technologies did an interesting post on the Chennai Cyber Crime Cell needing an upgrade. The officers informed him that their lack of success was due to a lack of proper equipment, and that they needed a Rs. 1 crore (USD 200,000) investment to actually solve more crimes. But I think that is a fallacious argument. From our experience conducting forensics investigations, you can do really good work without needing investments of that magnitude. Plus, the Forensics Lab in Hyderabad (which does all sorts of forensics, not just for cybercrime) has some really state of the art stuff, including Encase Enterprise Edition.
Read the full article »
July, 2006
Securing your passwords against Rainbow Table Attacks
By Bhushan Shah, NII Consulting
In the previous article we looked at the Rainbow Tables and how it can crack windows passwords in a matter of seconds. In this article we will look at different ways to add complexity to the passwords and protocols to secure your system so that you can survive the rainbow table attack. (Or at least try to)
Read the full article »
July, 2006
By Bhushan Shah, NII Consulting
Windows passwords are stored in the registry (encrypted) in the form of a hash. LMHash was the first hash function used by Microsoft to secure their passwords. Eventually when the security issues popped up (as LMHash is quite insecure) they had to come up with NLTM and the most recent one being NTLM Version 2.
A hash function - is a way of creating a small digital “fingerprint” from any kind of data. The function chops and mixes the data to create the fingerprint, often called a hash value.
The LMHash - LM hash or LAN Manager hash is one of the formats that Microsoft LAN Manager and Microsoft Windows use to store Windows user passwords that are less than 15 characters long.
Read the full article »
· « Previous entries