Congratulations to Bryan La Rock, Forensic Analyst at our Los Angeles offices. Bryan recently obtained his CCE (Certified Computer Examiner) from the ISFCE. Bryan is a highly qualified analyst in the areas of electronic discovery, computer forensics and general data forensics. Mr. La Rock also recently testified at trial in Federal Court, 9th Circuit for the first time. In addition to his computer forensics certification, Bryan holds a Master’s of Science in Computer Science from USC (University of Southern California) and is a valued member of Elluma Discovery having made a significant contribution in many cases.
Archive for the ‘Computer forensics’ Category
Congratulations to Bryan La Rock, Forensic Analyst
August 3rd, 2010
Protecting Yourself on Wireless Networks
July 8th, 2010
In our recent security testing of wireless networks, we found that with a little research and know-how it is not that difficult to steal usernames and passwords off of networks via Man in the Middle attacks (MITM). The following are a few tips that will help you and your personal information stay safe.
Internet Browsers: First and foremost, run the most up-to-date version of your internet browser: Internet Explorer 8 (IE 8), FireFox 3.6, Safari 4, and Chrome. Of the four browsers listed, we found FireFox to be the most secure and Safari, the least. The reason for running the newest version is the new security features—mainly webpage warnings—in the browsers. For example, when we used our less sophisticated MITN attack on IE 8, warnings appeared instructing the user not to continue on to the webpage; in IE 7, there were no such warnings. However, the more sophisticated MITM attack showed all the browsers to be lacking as none of them flashed warnings.
Unsecured Networks: It’s best to avoid any free, unsecured wireless network. There’s no telling who is on it or what they’re up to. If you need to use the network, DO NOT login to your online bank account, important email accounts, or any other site you don’t want others to look at or access.
Alternatives: The best thing for you to do is to buy an Aircard from one of the cellular telephone companies. These will cost a bit more, but your coverage and security will be significantly improved. If you are a little more tech savvy, you can setup a VPN client to browse off of your home network. This will be slower but also safer. Also, when given the choice between free wireless and pay-to-use wireless, always pay to use it. This will ensure there is at least some kind of security or encryption.
Best Practices: Whenever possible, only use networks you are familiar with and the security settings are known. If travelling, invest in an Aircard. Make sure your home networks are running at least a WPA encryption (WEP is too weak).
Man in the Middle Attack Wireless and Wired Networks
July 8th, 2010
Free Wireless Internet in the Coffee Shop: Is it Safe?
NO! It’s not safe. Our Elluma Discovery experts recently evaluated the security of different types of wireless networks, and what we discovered both amazed and scared us.
Utilizing a Man in the Middle attack (MITM) on a wireless network, we easily recovered usernames and passwords for some of the most commonly visited sites on the web. The MITM attack essentially places the attacking computer in the middle of the victim’s computer and the internet router, so all the information—including the usernames and passwords—sent from the victim to the router can be intercepted by the attacker.
At first we weren’t able to see usernames and passwords that were encoded with SSL (the encoding used for HTTPS), which most banking, email, and social networking sites use to protect their clients and users. Unfortunately, we found a way around the encryption. At the end of the day we could read any password sent over the wireless network.
Our testing was done over an unsecured wireless network like those you might find in coffee shops, libraries, airports, hotels, and bookstores; however, your secured home wireless network could also be asking for intruders. Most wireless networks, if secured use Wired Equivalent Privacy (WEP). In short, these networks can be cracked in 5-10 minutes. We recommend you use the stronger Wi-Fi Protected Access 2 (WPA2) encryption, which will take more time and know-how to break into.
Is Your Cell Phone Spying On You?
May 21st, 2010
Cell phone forensic expert Eric Robi was interviewed by CBS News about cell phone spyware technology. A forensic analysis of several different cell phone spy packages such as FlexiSpy and Mobile Spy showed that this type of software is effective at capturing private information such as SMS text messages, emails, and call logs all without the victim’s knowledge. One package was even allowed us to listen in on live test calls we made to our staff (with their full consent and cooperation obviously). We were also able to turn on the mic of our test phone and listen in on ourselves. We found that GPS tracking worked, albeit very poorly and we were even able to download pictures taken with the phone.
Fortunately since we were last interviewed for a cell phone story, several anti-malware software packages have appeared on the market, all of which have some degree of effectiveness. SMobile proved effective against spyware in our Blackberry tests. Forensically speaking, mobile phone spyware is quite difficult to detect. If you think you’re a victim, I urge you to read our article on getting spyware off your phone here.
Unfortunately, we won’t be able to assist you if you think you have this bit of nastiness on your phone. We work with corporate clients and law firms, but we do not work with consumers. Please have your attorney contact us. If you do not have an attorney we cannot help you at this time unless you are a corporation.
We do quite a bit of cell phone forensics and we will be happy to assist you understanding how the evidence on a mobile phone affects your case. Give us a call in our LAX Los Angeles office at 310-318-1073.
Download the PDF guide HOW TO ELIMINATE SPYWARE ON YOUR CELL PHONE
Was witness’ Facebook account hacked in the Devonni Benton – Jasmine Lynn murder?
May 10th, 2010
Our senior computer forensic expert Dave Kleiman appeared on CNN In Session to discuss the Devonni Benton murder trial. Benton is charged with the shooting murder of Jasmine Lynn at Clark Atlanta University.
The only person to identify the shooter is Brandon Hall who picked him out from a photo lineup. Apparently Hall sent a Facebook message to Benton’s girlfriend stating “I could have been mistaken, but I saw the Mohawk and Devo was the only one…” Hall denied sending the Facebook message.
Since Hall denies sending the message (that CNN has a copy of), is it possible that someone hacked into Hall’s account and sent the message? Kleiman, (Elluma’s Florida office) says that while it is possible to hack into a Facebook account, it is probably beyond the skill level of the ordinary user. In fact, it is quite possible to prove if Hall is telling the truth by sending a subpoena to Facebook and obtaining the IP addresses used to log into his account. Law enforcement has the power of a criminal subpoena which will get a response within a few days. In civil litigation, a subpoena can provide the same information, but it can take up to 30 days to obtain.
Since credibility of the only person to identify Benton is now in question, wouldn’t it make sense for law enforcement to trace the IP addresses used to log into Hall’s account? An IP address can link a person to a physical address. If it was actually Hall that was logged into his Facebook account at the time the message was sent, it seems likely he was the sender. Conversely, if the IP address recorded by Facebook when the message was sent was not Hall’s, then it would cast doubt on the authenticity of the message.
