Time is Approaching

I've been spending some time lately preparing for my upcoming presentation on Dec. 17. my presentation title "Is Your Data Exposed". Items I'll be discussing include: do your business needs create liabilities/vulnerabilities/opportunities, Change and Configuration management, when security products fail you, and of course a few demonstrations. There will be a lot to get in in such a short time.

Who:
IIA (Institute of Internal Auditors - Salem Chapter)

What:
"Is Your Data Exposed"

When:
Wed. Dec 17 11:30am - 1pm

Where:
J James (Salem, OR)


For E-Discovery, Forensic Analysis, Vulnerability Assessment, or Incident Response Services in Salem, Corvallis, or Albany Oregon Check out my website: www.infosecuritypro.com

Presentation

I have been asked by the "The Institute of Internal Auditors" to give a presentation on Information Security. The Tittle of my presentation "Is Your Data Exposed" will focus on ways in which data is quickly compromised through outdated methodologies and antiquated protections. The date is Wednesday, Dec 17, 2008, 11:45 - 1:00pm. Save the date.

First Ad

SGi Information Security Services, LLC has reached a milestone. I placed our first ad in the Oregon State Bar Bulletin. The ad will run in the November issue due out around Thanksgiving.

Ad

E-Discovery & Computer Forensics provided by SGi Information Security Services, LLC., the Willamette Valley's premier local source. www.infosecuritypro.com (503)339-6174

I hope this will be an effective way to reach my target audience for E-Discovery and Forensic Services.

The case for forensics as part of your E-Discovery Process

First the disclaimers: I am not a lawyer nor have I ever played one on TV. Nothing that I write (or say) should be construed as legal advice.

The intent of this post is to highlight how and why computer forensic analysis belongs and should be part of your E-Discovery process. Perhaps the place to start is with the Federal Rules of Evidence Rule 901, Requirement of Authentication or Identification. Of particular interest is subsection 9 which states, “(9) Process or system. Evidence describing a process or system used to produce a result and showing that the process or system produces an accurate result.”

Computer Forensics does just that, it is a process by which information/data is collected and analyzed in a fashion which is repeatable and reproducible. So as anyone who follows that same procedures gets the same results and the results can be proven to be accurate. In Forensics this is done in part through cryptographic “hashing” or the process of feeding information into a formula to produce an answer that is unique and when the same information is feed into the formula it always produces the same answer. Conversely if a single “bit” of the information changes so does the answer. Thus computer forensics produces a result that is accurate and reproducible.

Naturally this type of analysis takes longer than say copying the data but there are many advantages other than producing accurate and reproducible results. Some of the key benefits include:

• Produces more information (think meta data, or data about data)
• Ultimately saves time and money
• Quicker lead generation
• More efficient replication of data
• Evidence is “scientific”
More to come in part 2

Hidden Data

Yesterday I attend a meeting at the Portland Chapter of ISSA (Information System Security Associations). The topic Computer Forensic Investigations in Civil Litigation. I enjoyed the presentation and came away with some deep thoughts. Part of the discussion centered around the use of anti-forensics, the general feeling was that only ninjas really can pull that sort of thing off. For the most part I agree with that, but anti-forensic technologies are becoming more accessible and adapted. For example the use of products such as the onion router that hide and obfuscate network traffic are on the rise.

Alright so its time for my deep thoughts. A technology that has been around a while but is growing and maturing is the art of hiding data in other data this is call Steganography often referred to as stego. There are many tools that are widely and freely available to perform such a task. So here is my though as a forensic analyst how would I know how and when steganography has been utilized. When common implementation of stego is to hide data in image files. Forensically speaking the average computer has thousands of images on it how would I detect if on or more had hidden data.

To be fair there are an ever growing number of tools available that detect if an image or other file has hidden data and can extract such data, but with thousands of images on a single computer how would you know? Is it practical to run all of the images through such a tool? Probably, not. Fortunately I have some ideas on how to accomplish this, so I am setting up some experiments to test my ideas and I will let you know what I come up with. In the mean time if you have any thoughts or ideas on this or other topics, or I just scared the Witt's out of you feel free to leave a comment.

New Home

Welcome to my new blog home at infosecuritypro.com. Infosecuritypro.com is the web home for my new consulting company SGi Information Security Services, LLC. The intent of this blog is to share my insight and thoughts about topics related to Information Security, E-discovery, Forensics, and Incident Response amongst others.

Shaun

Little Bobby Tables

Cartoon of the day

Guest Safety or Encryption Gone Wrong??

While on a recent vacation we stayed with a hotel chain that still used old fashioned keys at their properties. When I checked in I was assigned room F 123 in a particular building and was told that for my protection the room number was not on the key rather there was a coded so they would know what key went to what room. So far so good wright, well not so fast at looking at the key I saw the coded number was 36261. Wow it took all of 5 seconds to break this uber secret encryption algorithm. I would be impressed but my wife figured it out just as fast without saying a word. Better look next time.

So for our second night we stayed at a different property run by the same company same deal classic keys and top secret encoding system. Our room was was cottage 523 sure enough they encoded the key 29395. Does any one else see the pattern?