Professional Documents
Culture Documents
AGDatacom - Guide To A Secured and Hassle-Free Internet Life PDF
AGDatacom - Guide To A Secured and Hassle-Free Internet Life PDF
June 2010
A Report Prepared By
http://www.agdatacom.com/
eDecision Group
http://www.edecision4u.com/
holes with known fixes are routinely left uncorrected. Further, no agreed-upon standards exist to
benchmark the quality of the tools, and no accepted methodology exists for organizations to
determine how much investment in security is enough. The inability to quantify the costs and
benefits, of information security investments leave security managers at a disadvantage when
competing for organizational resources. Much work remains to improve management and
technical solutions for information protection. [1]
Computer Network, either it is wired or wireless, both area of network environment
should be implemented with great security in order to breathe in and out peacefully. Wired
network can control by the computer policy implemented within the premise. It is easy to secure
it by using appropriate devices that can integrate to one another.
Now I am thinking ahead, about working on clouds, wirelessly, is it that safe? So I am
considering the fact that we have a solution on this kind of issue, when I am thoroughly browsing
our variety of IT solutions. I am digging all my stuff in this product, and I am happy to see
related articles that I can share here and tackle the important of it all throughout the
documentation.
Please take note that all articles and related documentation are not my own creation. They
are coming from our business partners and we want to share it in order to fully understand what
can this issue, affect us individually as well as globally. We cant thank them enough for giving
us opportunity to tackle those issues and their respective contribution that can be turned out to be
a great solution nowadays.
1.
please
visit:
http://www.witsa.org/papers/McConnell-
The "Simple file Carver tool", by Filesig, does a good job with data carving and every forensic
examiner must have one in his arsenal of tools.
In conclusion, one can safely infer that as computer technology evolves, so must digital
forensic practices evolve. For instance, the 512 Bytes default sector size for hard drives is
changing to 4096 Bytes, which is going to change some of the ways we examine evidence on
drives with respect to the definition of slack space and unallocated space. At this point, we are
faced with the question of: What happens to the 1024 Bytes size of MFT on NTFS partitions?
Are operating systems going to change to adapt to this situation? Are forensic tool vendors going
to retool? All I can say for now is; Time will tell. My next article will be on cloud computing and
Network Forensics.
Before we go through all the impediments that might be in the way of investigations,
Network Forensics might be a prime solution to buttress your case for further searches. Network
Forensics in a conventional way, is the analysis of network traffic logs for tracing events that
have occurred. The logs may reveal source and destination IP addresses of systems in question,
as well as time stamps and event that occurred, with the type of transaction that took place. This
will sometimes lead to dead end, rendering investigations useless. Evidence in question never
gets discovered and culprits walk away free, while the victim loses out. E.g. is a case of
corporate espionage.
The best way to deal with impediments in cloud computing investigation is to have
lawful interception of data crossing the corporate boundaries to the cloud. This is the collection
of raw data packet at the data link layer by intelligent tools, namely, Decision Group's EDetective Capturing Tool and the E-detective Data Decoding Center tool, which decodes raw
data in real time and offline as well, into various web application formats. There are other cost
effective and easy to use tools by Decision Group that will provide total compliance solutions to
companies and law enforcement agencies that are faced with the same impediments I have
mentioned.
We cannot revert to the old way of doing things on our network. Cloud computing is a
technology of now and it is going to be on the increase with time. We have to be able to adjust to
investigating data that has ever crossed the network through the internet to the cloud.
Do we have what it takes to do the job? I believe we all would have to adjust to meet the
present test of time. In my next presentation, I will talk about Network Packet Forensics and
evidence handling, and how to make it acceptable in the court of Law.
replaced with switches, which defeat the purpose of sniffing traffic on the entire network, but
only traffic emanating from a port on a switch, which has its own broadcast domain. Mac
flooding is a way to make the switch act in the same manner as a hub, hence enabling sniffing of
packets across all its ports.
The process of deep packet inspection begins with packet capturing, which occurs at the
outgoing connection to the internet. Depending on which sections of the network to be
monitored, a switch could be carefully configured into a mirror mode, where packets leaving the
network are mirrored back to the packet capturing appliance. The other alternative is to do an
inline capturing, where cable from the internal network is connected to one port of the capturing
appliance, and the other cable connects to another port of the capturing device to the internet
interface.
The packets captured are then organized to their various data formats from the inspection
and capturing carried out. This data is then decoded by the appliance to allow playback of the
data. This playback present the data in the same format it entered the network. This is good, as it
presents the data to the viewer in exactly the same way. There are 3 appliances engineered by
Decision Group Inc. which carry out the capturing, decoding and playback. The E-detective or
Wireless-detective product does real time decoding and plays back data. There is also the Edetective Decoding Center appliance that does both real time decoding and playback of data, or
offline decoding of data, either captured by the device or captured from offsite utilizing a
network packet sniffing device.
All data decoded is stored in a database on the appliance. This allows investigators the
chance to sift through to find evidence should the need ever arise, with less difficulty.
Note of caution: First and foremost, every reader must know that packet sniffing is
illegal. Corporations, in protecting their intellectual property, integrity of network traffic,
fighting off malware and viruses, can use the sniffing technology with caution. The employees
must be made aware of such a process going on, and must be duly informed of that. Secondly,
employees must also be given a central location with internet ready computers where they can
transact their personal business and check their mails. This network must not be included in the
segment being sniffed.
For the purpose of computer forensics, as cloud computing has changed the way data can
be stored, the surest way to be able to track back emails and other means of communication via
computers, which are mostly used in committing corporate crimes, is to have such a system in
place. This will eliminate the need to figure out how to execute search warrants on cloud
computing storage sites, which might be thousands of kilometers away, because a replica of the
communication is stored onsite.
As national security is on the minds of every government in the world and deemed very
important, I believe the art of Lawful packet interception will be very instrumental in tracking
down criminals and terrorists, as most of their means of communication is via the internet. Deep
packet inspection technology should be instrumental in dealing with such acts. Law enforcement
agencies in Taiwan have used this technology from Decision Group to their success.
This is the moment to think seriously about adoption of this technology for lawful usage.
Privacy must be considered when having this brain storming section. Just as we are now going
through virtual strip searches at airports, privacy must be carefully defined when dealing with
national security. There are ways to prevent abuse of this technology.
1: Only sworn law enforcement officials- Corporate Security must have access to the
Management interface of the appliance to search for information. In terms of Government
investigations, search warrants must be obtained before access to data is granted.
2: Data captured must also be preserved in a manner that follows proper chain of custody
procedures.
3: Officers running the appliances must be well trained to carry out their work.
Security, as I always say, is 85% common sense application, and 15% technology. And
with the 15%, 90% of it depends on people, and 10% on the equipment.
Articles tackled here are created by Samuel Amoah, is a Certified Computer Examiner, Network Packet
Forensics Examiner and Private Investigator. Also, President of CFG Computer Forensics Inc., located at
Brampton, Ontario, Canada. Partner of Decision Group.
What is AG Datacom?