January 2012

As always we have several things to do starting in January, and it appears I have some more time since I organized my work somewhat more efficiently. Currently I am working with five students on projects on camera identification with PRNU, detection of image manipulation, heart beat detection in video and quantization tables in JPEG. It works often very efficient to have validation studies on several topics, since often journal articles do not directly translate in forensic solutions which have been validated.

Also working on some casework on forensic multimedia, doing some review work and participating in project proposals. Of course since budget cuts are near, it is time to look for new solutions which make work more efficiently. Most often in my experience with some pressure on budgets the nicest solutions are developed, as long as there remains some time for doing research, which is often not easy since forensic casework is of course the most important.

As you might have seen, I also have sometimes guest posts for this blog, which also helps with seeing the contents. The latest is of Melanie Slaugh on mobile forensics. New developments in this field are very rapidly making old methods less useful, so it is important to do very much development in this field, and know forensic properties of new devices that are handled. 

December was a month for planning, and January we have to do the real work, also in private life, to make more balance. The good thing it started right with many days that I could take my bicycle to my work, as is usual in the Netherlands. Since I live near the beach, I can go with my bicycle through the dunes without any traffic jams, and it always helps to make new plans, and evaluate the day.

Issues with Cell Phone Forensics guest post by Melanie Slaugh

Cell phones don’t feel new, but in reality they are. With this newness comes rapid change, sometimes so

rapid that it is difficult for forensic scientists to keep up. Suspects use cell phones in a variety of crimes

and it is up to the forensic scientists to uncover their wrongdoings. But where do you start? What are

some problems that scientists come across?

1. Change- Change is the number one issue for forensic scientists to overcome. Even the cell phone

manufactures don’t always know how to retrieve information stored in new phones, so how can

scientists retrieve the information? Staying up-to-date on new cell phones is difficult, but not

impossible. As fast as they are produced, criminals come up with ways to abuse them. Strangely

enough, this can be useful for forensic scientists. Using online tips can allow scientists to easily

access information that would otherwise remain inaccessible.

2. Passwords – Password protection on cell phones are difficult to overcome, though not

impossible. Depending on the model, passwords can be bypassed in several ways.

3. Internet connection – The smarter cell phones get, the harder they are to delve into. Using an

internet connection instead of SMS or voice makes a forensic scientist’s job much harder.

4. Charge – Unlike computers, much of what is stored in a phones memory is dependent upon the

battery. When the electricity goes, so does the information. Depending on what information you

are looking for and how it is stored, battery or charger power is an important thing to think about.

5. SIM cards and removable media- SIM cards are the heart of a cell phone. They carry important

user information. Likewise, removable media, such as SD cards, can have lots of stored

information on them. It is important that forensic scientists have the proper equipment to read and

analyze the data.

6. Isolation – One thing that is often overlooked is the need to isolate the cell phone before

analyzing it. New text messages can overwrite old information, and connections to the internet

can invalidate old data. It is important to make sure the phone is isolated.

7. Security enhancements- Be especially careful when dealing with cell phones that have been

enhanced in some way. Some users have the ability to put in dead man’s switches, effectively

wiping the contents after an action or a period of time. Malware can also be loaded onto the

phone, placing your computer systems in danger.

There are many ore issues to watch out for, but these are the seven most common. Tracing cell phone data

is an arduous task, but it can be done. All it takes is a little research, a few tools, and a lot of patience.

Melanie Slaugh is enthusiastic about the growing prospects and opportunities of various industries and

writing articles on various consumer goods and services as a freelance writer. She writes extensively for

internet service providers and also topics related to internet service providers in my area for presenting the

consumers, the information they need to choose the right Internet package for them. She can be reached at

slaugh.slaugh907 @ gmail.com.

(http://www.myispfinder.org/). 

Author Bio

Melanie Slaugh is enthusiastic about the growing prospects and opportunities of various industries and writing articles on various consumer goods and services as a freelance writer. She writes extensively for internet service providers and also topics related to internet service providers in my area for presenting the consumers, the information they need to choose the right Internet package for them. She can be reached at slaugh.slaugh907 @ gmail.com.

December 2011

The month started at a very nice organized cybercrime conference in London http://defence.flemingeurope.com/cyber-security-summit/ also forensic aspects, and in depth on Scada and mobile systems.

In December I just had a week vacation in Gibraltar/Spain, since most often we go in vacation in winter and not in summer due to the climate in the Netherlands. It is very amazing to see that the airport runway is crossing the regular road.

Also I had to do internal examination and defend six reports with an external expert, and passed that. As each exam it always takes preparation time, however it good to have discussion about reports that have been written.

In the last week of this year I finally have some time to clean my desk, and preparing presentations which I have not covered already, as well as time time to finalize reports and reviews.

Conference in Chongqing

Bit Forensic conference in Chongqing

It was the second conference on forensic science, many good speakers from Europe, Australia, Asia and the North America, and very good to see that the government of Chongqing is investing very much in Forensic Science in collaboration with Universities in the United States.

November 2011

On forensic science many resources are available on the internet, one resource that I saw lately, is a good overview for people that are interested in a carreer in forensic science, http://www.bestforensicscienceschools.com/blog/ or http://www.forensicsciencetechnician.net/blog/ . The specialized universities that have course in forensic science, are numerous. One issue is however that there are many more students in forensic science, compared to the number of jobs available in the field. So often I have students that work on a project for a while, and then later on, of course they will do some other work, related to forensic science, or perhaps something completely different.

This is different for students that specialize in forensic ICT, and currently it is difficult to attract people to these jobs since not many students appear to chose ICT. Also the number of people that are requested in cybersecurity related areas are very many. We see that law enforcement in many countries is expanding in many countries, since we become aware that since many processes are linked to internet, with software and hardware that are mostly not very transparant in how they exactly work. Also we see that systems are updated regularly, due to the complexity of the software and hardware solutions, this remains also a challenge even if the source code is available. Reverse engineering is often work that takes a lot of patience and time, and with the development cycles of products become shorter, it means also that with new versions of software and hardware, only a part can be used again.

Malware developers are also changing there software often, and it is unknown how many systems have been infected, however the number of reports of botnets are huge and develop malware. So either way, there is a lot in forensic ICT to develop, investigate and finally learn from these in making systems more secure.

October 2011

The month is with relatively many conferences, so one week I am in Montreal, Canada at the Colloquium IT Security Cyber Forensics and Combatting Cybercrime. Much nice forensic research on different aspects on cybercrime analysis and attacks. Also excellent for networking. I also gave an invited talk there, and it is an excellent venue, and also good to practice French language, although there was parrallel translation. The advantage of conferences is also that I have time to review proposals, write some text and look to planning. Also interesting to see that the costs of cybercrime is difficult to estimate, since much is not seen by governments.

Two weeks for casework, and looking for results from experiments of students on different topics as camera identification, enf and iris scanners. Also nice opportunities for European projects in the field.

Then one week at the lab, and the next week to ChongQing, China for the 2nd BIT Forensic Conference. Last year it was very nice, and I am looking forward to be there.

September (2) 2011

Sometimes things do not work as planned due to circumstances. I should leave to Riga as chairman for the ENFSI Forensic IT Working group meeting, however was in bad luck, due to an accute appidendicitis, and I had surgery for that. So unfortunately no visit to Riga for me this time, with the nice ENFSI group. However since the conference is very well organized and the steering committee is there, I am sure it will be a nice event.

However I hope the plans next week will work better, and as long as the complications are not too severe, it should work. Also the IAFS conference is this week, so I know many people that go to Madeira.

However many things work well, some projects got approved, and of course some interesting casework.