July, 2006
By Kush Wadhwa, NII Consulting
Welcome to the world of log analysis. Log analysis plays a crucial role in intrusion detection. If the compromised system is running on Linux platform one of the first steps which the investigator will perform is the analysis of log files.
Linux has an ability to store the logs of different services like for apache, squid logs, syslogs, and cron logs. These logs help users to resolve different problems and auditing of user actions. In this article we will talk about apache logs & squid logs since they are very closely related to each other and we will also see how to read apache & squid log files.
Read the full article »
July, 2006
K K Mookhey, NII Consulting
Two recent events bring to light how the lacunae in India’s privacy laws are now hitting where it hurts most - the bottomline. According to this report in the Economic Times, Apple and Powergen have moved their back-office operations out of India. This follows closely on the heels of the HSBC data theft scam, where an employee in HSBC’s BPO operations siphoned off close to a quarter million pounds from customers. This is just the latest in a series of BPO scandals that have left the Indian ITES industry floundering for explanations and NASSCOM issuing face-saving statements.
The other story is about a spy stealing sensitive data from the National Security Council Secretariat. The data was carried out using USB drives as well as print outs and SMSes. Apparently, Roasanne Minchew the spy in question did this under the cover of the much-hyped Indo-US Cyber Security Forum.
The fact of the matter is that all of the suggestions being put forward - such as establishment of a global database of BPO employees, frisking of employees, banning cellphones and cameras in offices - are ad-hoc. Nothing is likely to change until the IT Act is radically modified. And this has to be accompanied by the establishment of special courts for the quick dispensation of justice and punitive measures against violators of data privacy.
May, 2006
by Chetan Gupta, NII Consulting
How many times in an investigation does a forensic investigator come across the problem of acquiring data from a suspect’s laptop? The answer to this question would be ‘many times’. Whenever such a situation arises, the investigator is usually in a dilemma as to whether he should open the laptop, take out the hard disk, connect it to IDE-to-USB converter and then perform the duplication or should he try to do it without opening the laptop. The preferrable choice usually is the latter one in which the investigator acquires the suspect disk over the network. Choosing the first option could lead to the laptop/hard disk getting damaged or the warrantly of the laptop being rendered void.
Read the full article »
January, 2006
by Chetan Gupta, NII Consulting
Have you ever received an anonymous email and wondered who it was from? Ever conducted business via email and wanted to know if the other party is who they say they are? As you can imagine, the uses for this type of investigation are endless. Not only is it possible to find the sender of the anonymous email but it is also possible to locate the sender
Read the full article »
by Chetan Gupta, NII Consulting
Everyday millions of people surf the web using popular web browsers such as Microsoft Internet Explorer (IE) or any one from the Firefox/Mozilla/Netscape family. A very important step in computer forensics is investigating the web usage of the suspect. This information is useful in everything from examining company policy violation to detecting corporate espionage. Examining a suspect’s web browsing history could provide critical clues to solving the case.
Each of these browsers saves the web browsing activity in their own unique formats. The Internet activity data related to a specific browser could be found in different locations according to the Operating System used by the suspect. In this article, we look at the various tools and techniques available for investigating one of the most widely used browsers: Internet Explorer.
Read the full article »
by K. K. Mookhey, NII Consulting
e4
It’s late at night, and the phone rings. This had better be a world-changing revolution. But it’s something weirder. A client in East Asia informs us that his systems are behaving most abnormally. Before one can gather one’s senses, the information begins to flow:
“The primary trading systems, which offer web-based trading are down”
The panic in his voice is unmistakable. But this statement could mean many things, so we probe further.
Read the full article »
Next entries » ·