Posted August 24th, 2006 by admin
by K K Mookhey, NII Consulting
Scott Carney over at Trailing Technologies did an interesting post on the Chennai Cyber Crime Cell needing an upgrade. The officers informed him that their lack of success was due to a lack of proper equipment, and that they needed a Rs. 1 crore (USD 200,000) investment to actually solve more crimes. But I think that is a fallacious argument. From our experience conducting forensics investigations, you can do really good work without needing investments of that magnitude. Plus, the Forensics Lab in Hyderabad (which does all sorts of forensics, not just for cybercrime) has some really state of the art stuff, including Encase Enterprise Edition. Read the rest of this entry »
Posted July 18th, 2006 by Bhushan Shah
Securing your passwords against Rainbow Table Attacks
By Bhushan Shah, NII Consulting
In the previous article we looked at the Rainbow Tables and how it can crack windows passwords in a matter of seconds. In this article we will look at different ways to add complexity to the passwords and protocols to secure your system so that you can survive the rainbow table attack. (Or at least try to) Read the rest of this entry »
Posted July 17th, 2006 by Bhushan Shah
By Bhushan Shah, NII Consulting
Windows passwords are stored in the registry (encrypted) in the form of a hash. LMHash was the first hash function used by Microsoft to secure their passwords. Eventually when the security issues popped up (as LMHash is quite insecure) they had to come up with NLTM and the most recent one being NTLM Version 2.
A hash function – is a way of creating a small digital “fingerprint” from any kind of data. The function chops and mixes the data to create the fingerprint, often called a hash value.
The LMHash – LM hash or LAN Manager hash is one of the formats that Microsoft LAN Manager and Microsoft Windows use to store Windows user passwords that are less than 15 characters long.
Read the rest of this entry »
Posted July 16th, 2006 by Kush
By Kush Wadhwa, NII Consulting
Welcome to the world of log analysis. Log analysis plays a crucial role in intrusion detection. If the compromised system is running on Linux platform one of the first steps which the investigator will perform is the analysis of log files.
Linux has an ability to store the logs of different services like for apache, squid logs, syslogs, and cron logs. These logs help users to resolve different problems and auditing of user actions. In this article we will talk about apache logs & squid logs since they are very closely related to each other and we will also see how to read apache & squid log files.
Read the rest of this entry »
Posted July 4th, 2006 by admin
K K Mookhey, NII Consulting
Two recent events bring to light how the lacunae in India’s privacy laws are now hitting where it hurts most – the bottomline. According to this report in the Economic Times, Apple and Powergen have moved their back-office operations out of India. This follows closely on the heels of the HSBC data theft scam, where an employee in HSBC’s BPO operations siphoned off close to a quarter million pounds from customers. This is just the latest in a series of BPO scandals that have left the Indian ITES industry floundering for explanations and NASSCOM issuing face-saving statements.
The other story is about a spy stealing sensitive data from the National Security Council Secretariat. The data was carried out using USB drives as well as print outs and SMSes. Apparently, Roasanne Minchew the spy in question did this under the cover of the much-hyped Indo-US Cyber Security Forum.
The fact of the matter is that all of the suggestions being put forward – such as establishment of a global database of BPO employees, frisking of employees, banning cellphones and cameras in offices – are ad-hoc. Nothing is likely to change until the IT Act is radically modified. And this has to be accompanied by the establishment of special courts for the quick dispensation of justice and punitive measures against violators of data privacy.
Posted May 2nd, 2006 by admin
by Chetan Gupta, NII Consulting
How many times in an investigation does a forensic investigator come across the problem of acquiring data from a suspect’s laptop? The answer to this question would be ‘many times’. Whenever such a situation arises, the investigator is usually in a dilemma as to whether he should open the laptop, take out the hard disk, connect it to IDE-to-USB converter and then perform the duplication or should he try to do it without opening the laptop. The preferrable choice usually is the latter one in which the investigator acquires the suspect disk over the network. Choosing the first option could lead to the laptop/hard disk getting damaged or the warrantly of the laptop being rendered void. Read the rest of this entry »
Posted January 21st, 2006 by admin
by Chetan Gupta, NII Consulting
Have you ever received an anonymous email and wondered who it was from? Ever conducted business via email and wanted to know if the other party is who they say they are? As you can imagine, the uses for this type of investigation are endless. Not only is it possible to find the sender of the anonymous email but it is also possible to locate the sender Read the rest of this entry »
Posted January 21st, 2006 by admin
by Chetan Gupta, NII Consulting
Everyday millions of people surf the web using popular web browsers such as Microsoft Internet Explorer (IE) or any one from the Firefox/Mozilla/Netscape family. A very important step in computer forensics is investigating the web usage of the suspect. This information is useful in everything from examining company policy violation to detecting corporate espionage. Examining a suspect’s web browsing history could provide critical clues to solving the case.
Each of these browsers saves the web browsing activity in their own unique formats. The Internet activity data related to a specific browser could be found in different locations according to the Operating System used by the suspect. In this article, we look at the various tools and techniques available for investigating one of the most widely used browsers: Internet Explorer. Read the rest of this entry »
Posted January 21st, 2006 by admin
by K. K. Mookhey, NII Consulting
e4
It’s late at night, and the phone rings. This had better be a world-changing revolution. But it’s something weirder. A client in East Asia informs us that his systems are behaving most abnormally. Before one can gather one’s senses, the information begins to flow:
“The primary trading systems, which offer web-based trading are down”
The panic in his voice is unmistakable. But this statement could mean many things, so we probe further. Read the rest of this entry »