Feb 24 2011

cloud based computer forensics pipeline

Tag: Informática LegalJoaquim Anguas @ 9:55 am

In a scenario in which there’s a need for flexible computing power for certain companies offering services in the computer forensics arena, cloud computing appears to be a model ready to offer value.

Amazon offers a set of services that may support the needs for flexible computing power a full «ingest/digest» analysis pipeline may need.

Continue reading «cloud based computer forensics pipeline»

Dic 15 2010

search warrant > court order

Tag: (i)realidad,Informática LegalJoaquim Anguas @ 11:53 am

The Sixth Circuit Court of Appeals has ruled that police must obtain a valid search warrant before accessing a suspect’s e-mail in a criminal investigation.

EFF via arstechnica.

BONUS: Search Warrant Affidavit example via Forensic Focus :-)

Oct 12 2010

Forensic Tecnologies Preview Day, Introduction

Tag: Informática LegalJoaquim Anguas @ 8:15 pm

Today I attended “Forensic Technologes Preview Day” held in Karlruhe, Germany, an overview of the state of the art by some of the major players in the field.

I would like to thanks the organizers MH Service for the initiative and specially to Jan for his help before and during the event.

With at least 50% of the attendees being from law enforcement, product demonstration and presentations had some focus to their needs.

There’s also an emerging trend to move forensically sound practices inside the enterprise.

While some providers’ concentrate on horizontal solutions, like Paraben’s  P2 Enterprise or AccessData’s Access Data Enterprise for example, others see vertical approaches and specialization as their core value.

I am not inclined myself to use the term “forensics” widely because of the dissonance between the original meaning of the term (“of or before the forum”, recently “legal” or “related to courts” (see here) and the meaning we find lately: scientific or engineering techniques or activities oriented to derive facts from evidences. Deriving facts from evidences is a matter of interest for legal systems, but also for investigators, auditors and computer security professionals in our context. In my humble opinion mixing disciplines is not recommended. Anyway…

I had the opportunity to share experiences with some law enforcement officers. They pointed me to a Linux distribution I wasn’t aware of: grml. It is not primarily intended for forensic acquisition or analysis, but it looks like it deserves an in depth evaluation. I’ll let you know.

I want to share some comments regarding the presentations in following posts.

Jun 04 2010

Evidence Examination Started

Tag: Informática LegalJoaquim Anguas @ 10:16 am

The case I introduced here is progressing.

The last episode ends with the examintation of the evidence seized while serving the search warrant at Mr. Journalist house.

I had to look up the role of the special master.

May 02 2010

lawful interception / lawful spying and FRE

Tag: Informática LegalJoaquim Anguas @ 9:14 pm

Recent news have taken lawful interception to (some) media exposure.

That LEA, NSA and other agencies may be using interception and/or spying to gather intelligence is no surprise to no one.

To do so, there has to be many actors intervening, including operating system vendors, network hardware manufacturers, network providers, TTP, etc, who may release proprietary secret knowledge about their systems in order to keep a competitive advantage with the considered «bad guys».

But reading FRE 702 and 703 (and the excellent notes here and here) one wonders in his infinite ignorance, if evidence collected using bleeding edge lawful interception techniques (those that use to be proprietary and secret) ever surfaces in trial, how is it going to stand?

Abr 27 2010


Tag: Informática LegalJoaquim Anguas @ 9:22 pm

I’ve just finished this book (excellent reading, by the way). It encourages you to critically read and comment cases. In order to test the knowledge I acquired in the read (or the lack of it, thereof), I want to evaluate the following case presented as an exercise:

Read the following text, put it into context and raise the legal issues you may find relevant.

On his birthday, Mr. Engineer, employee at a high-tech firm named Pear, goes to a biergarten and leaves behind a prototype cell phone he was working with.

Mr. Finder, also client at the bar, finds the prototype and allegedly tries to contact the firm with the purpose of returning it. Pear employees are not aware of the prototype missing and do not give Mr. Finder proper guidance to return the valuable.

Mr. Finder then contacts Mr. Journalist, editor at an online publication dedicated to gadgetry news. Mr. Finder gives the found prototype to Mr. Journalist in exchange of 5.000USD.

Mr. Journalist publishes details of the device and the name of Mr. Engineer on his online publication.

Days later a search warrant is served at Mr. Journalist’s house when he is not at home and all computers and storage media found are seized.”

Continue reading «Exercise»

Mar 29 2010

Certifying lies

Tag: (i)realidad,Informática LegalJoaquim Anguas @ 7:54 pm

Packet Forensics is a firm that provides products and services to enterprises, network operators, law enforcement and defense and intelligence agencies.

It was mostly unknown, but lately it is gaining some focus because of a product of them that may be circumventing SSL.

See Wired (or Gizmodo) and arstechnica for more information. This paper from Christopher Soghoian and Sid Stamm explains the techniques they may be using.

P.S: Do not waste your time searching for the product on their website, it is not listed there.

Mar 28 2010

Evidence of obstruction

Tag: (i)realidad,Informática LegalJoaquim Anguas @ 12:24 pm

To the extent that the key players can be identified early, forensically imaging their hard drives immediately will demonstrate good faith and potentially avoid second-guessing later in the investigation.»

Karen E. Willenken, counsel specializing in white-collar criminal defense at New York-based Skadden, Arps, Slate, Meagher & Flom, makes a good point in this very interesting article.

It is focused on the importance of preserving hard drives in order to provide a strong proof support in the event of a request to produce evidence. At least in case the evidence found on them does not make you appear guilty.

Of course it does not fully apply to our legal system (Spain), but there are also mechanisms here that allow the judge to consider bad faith or to draw adverse inference from evidence (or the lack of it).

Via Forensic Focus.

Mar 20 2010

SecureCloud 2010: day 2 and conclusion

Tag: (i)realidad,Informática Legal,SystemsJoaquim Anguas @ 7:38 pm

SecureCloud 2010, second day:


First session was an excellent keynote by Mrs. Pamela Jones Harbour, Commissioner at US Federal Trade Commission. She “asked the tough questions” and pointed to some “storm clouds”.

First «storm cloud» she talked about was asymmetry between users and companies: consumers may not understand when they are using cloud computing and it is hard for them to delimitate what data they are willing to share. In the offer side, providers do not offer consumers minimum choices, they present «incomprehensive privacy clauses», they don’t «adequately disclose the scope» and hide behind «click wrapped agreements».

Second «storm cloud» was (in)security. Cloud services are potentially unsecure and there’s a potential opportunity for providers to avoid responsibility and accountability.

Third «storm cloud» was competition. There’s a great range of choices and if the consumer’s side does not request accurate information and an adequate level of security in the competitive process, government may have to make an intervention on the market. Turbulent times are forcing companies to low cost, so they are forced by the market to lower best practices.

Fourth «storm cloud» was Incompatible jurisdiction. There is an uncertain state of the law in the USA and there’s being some lobbying at federal legislation on cloud computing. There’s a need to identify challenges and develop good practices. In any case, rules have to be process oriented, not technology oriented, not specific on technology requirements.

Final message was: ask the tough questions but don’t fear the challenge of the cloud.

Continue reading «SecureCloud 2010: day 2 and conclusion»

Mar 16 2010

SecureCloud 2010: day 1

Tag: (i)realidad,Informática Legal,SystemsJoaquim Anguas @ 11:36 pm

Today I attended the first day at SecureCloud 2010, a two days event organized by ISACA, ENISA, CSA and IEEE centered on security on «The Cloud».

In this first day I had the opportunity to attend to nine talks, all of them very focused and well presented.

Here’s a very concise summary of the sessions:

Continue reading «SecureCloud 2010: day 1»

Página siguiente »