Wednesday, October 29, 2008

First Ad

SGi Information Security Services, LLC has reached a milestone. I placed our first ad in the Oregon State Bar Bulletin. The ad will run in the November issue due out around Thanksgiving.


E-Discovery & Computer Forensics provided by SGi Information Security Services, LLC., the Willamette Valley's premier local source. (503)339-6174

I hope this will be an effective way to reach my target audience for E-Discovery and Forensic Services.

Monday, October 27, 2008

The case for forensics as part of your E-Discovery Process

First the disclaimers: I am not a lawyer nor have I ever played one on TV. Nothing that I write (or say) should be construed as legal advice.

The intent of this post is to highlight how and why computer forensic analysis belongs and should be part of your E-Discovery process. Perhaps the place to start is with the Federal Rules of Evidence Rule 901, Requirement of Authentication or Identification. Of particular interest is subsection 9 which states, “(9) Process or system. Evidence describing a process or system used to produce a result and showing that the process or system produces an accurate result.”

Computer Forensics does just that, it is a process by which information/data is collected and analyzed in a fashion which is repeatable and reproducible. So as anyone who follows that same procedures gets the same results and the results can be proven to be accurate. In Forensics this is done in part through cryptographic “hashing” or the process of feeding information into a formula to produce an answer that is unique and when the same information is feed into the formula it always produces the same answer. Conversely if a single “bit” of the information changes so does the answer. Thus computer forensics produces a result that is accurate and reproducible.

Naturally this type of analysis takes longer than say copying the data but there are many advantages other than producing accurate and reproducible results. Some of the key benefits include:

• Produces more information (think meta data, or data about data)
• Ultimately saves time and money
• Quicker lead generation
• More efficient replication of data
• Evidence is “scientific”
More to come in part 2

Friday, October 17, 2008

Hidden Data

Yesterday I attend a meeting at the Portland Chapter of ISSA (Information System Security Associations). The topic Computer Forensic Investigations in Civil Litigation. I enjoyed the presentation and came away with some deep thoughts. Part of the discussion centered around the use of anti-forensics, the general feeling was that only ninjas really can pull that sort of thing off. For the most part I agree with that, but anti-forensic technologies are becoming more accessible and adapted. For example the use of products such as the onion router that hide and obfuscate network traffic are on the rise.

Alright so its time for my deep thoughts. A technology that has been around a while but is growing and maturing is the art of hiding data in other data this is call Steganography often referred to as stego. There are many tools that are widely and freely available to perform such a task. So here is my though as a forensic analyst how would I know how and when steganography has been utilized. When common implementation of stego is to hide data in image files. Forensically speaking the average computer has thousands of images on it how would I detect if on or more had hidden data.

To be fair there are an ever growing number of tools available that detect if an image or other file has hidden data and can extract such data, but with thousands of images on a single computer how would you know? Is it practical to run all of the images through such a tool? Probably, not. Fortunately I have some ideas on how to accomplish this, so I am setting up some experiments to test my ideas and I will let you know what I come up with. In the mean time if you have any thoughts or ideas on this or other topics, or I just scared the Witt's out of you feel free to leave a comment.

Thursday, October 16, 2008

New Home

Welcome to my new blog home at is the web home for my new consulting company SGi Information Security Services, LLC. The intent of this blog is to share my insight and thoughts about topics related to Information Security, E-discovery, Forensics, and Incident Response amongst others.


Wednesday, October 1, 2008