Showing posts with label Forensics. Show all posts
Showing posts with label Forensics. Show all posts

April 1, 2012

A Word Indeed


The information in your smartphone and managed by your telecommunications carrier is available and accessible to others with today's tools and following the right processes. 

Bloomberg BusinessWeek (29 March 2012) reports on a new tool for law enforcement that captures your data from smartphones. 

It is called the Cellebrite or Universal Forensic Extraction Device (UFED).

As the video describes it works with almost every mobile device out there--over 1,800 of them. 

And when attached to a smartphone, it can extract everything from your call log, emails, texts, contact list, web history, as well as photos and videos. 

The forensic tool can even retrieve deleted files from your phone. 

Your smartphone is a digital treasure trove of personal information and the privacy protection afforded to it is still under debate. 

The article cites varying court opinions on "whether it's fair game to examine the contents of a mobile phone without a warrant," since it is in the suspect's immediate possession. 

According to law enforcement sources quoted in the article, "we use it now on a daily basis."

Aside from the contents on the phone itself, Bloomberg BusinessWeek (29 September 2012) earlier reported that telecommunications companies are also storing your personal data for various lengths of time.

For example, detail call records and text contacts are retained for up to 7 years and phone location information indefinitely, depending on the carrier.

This data is available too under the processes specified in the Electronic Communications Privacy Act. 

While the technology is constantly getting better for us to electronically manage our information and communicate with each other, the reach and life cycle of digital information can certainly be far and long.

As we should all by now know, working remotely, digitally, in cyberspace, and encrypting, deleting, or even attempting to destroy data files does not ensure their ultimate privacy. 

In that respect, both digital and non-digital information are the same in one very important facet and that is as we all learned early in life that "a word once said cannot be taken back."

Share/Save/Bookmark

June 5, 2011

Video Surveillance Made Easier

One of the big problems with video surveillance is that even the most alert security team can be lulled by fatigue and boredom into missing critical events and details on the closed-circuit television (CCTV).

Now there is a new technology called BriefCam (founded in 2007) from Hebrew University in Israel that summarizes hours of video in brief minutes.

What differentiates this new technology, according to The Economist (15 February 2011) is that rather than fast-forwarding or using motion detection to capture or select images, BriefCam captures everything, but "creates a summary of all moving events and play back a synopsis...not speeded up, each person moves at their actual pace. And at any time during the review an operator can switch [click-on the time stamp of the event of interest] to see the original video footage."

BriefCam creates like a time warp where "all moving events from the period of interest are collected and shifted in time to create the synopsis."

Essentially objects are overlaid on a timeless background, so you are seeing them occur simultaneously, each with a timestamp that can be selected and clicked to isolate the event.

What makes this an incredible forensic tool, is that there are controls for speed and density of what you watching, and for even moving objects out of the way on the screen.

The Chairman of BriefCam explains, "We don't try to replace human eyes, we just report what we see so that it is more comprehensible."

This is particularly helpful since according to CNBC (July 2010), which awarded BriefCam as number 2 of Europe's 25 Most Creative Companies, noted "the average person viewing surveillance footage has an effective attention span of about [only] 20 minutes."

This is why BriefCam can help our law enforcement and security personnel overcome the traditional video surveillance issues that the Wall Street Journal (27 September 2010) put as "there's not enough time and manpower to watch it all." This is one reason that the WSJ awarded BriefCam their 2010 Innovation Award.

Potential customers for this physical security technology includes police, homeland security, military, as well as commercial customers.

This is a very promising technology tool that with the addition or integration of recognition software and metadata tagging can help us monitor and safeguard our borders, streets, and critical infrastructure.

Share/Save/Bookmark

April 23, 2008

Activity Monitoring and Enterprise Architecture

When you log on at work, many of you probably—know it or not--click on an acknowledgement that you consent to monitoring of your activities.

When you are working, your time and your “privacy” are not really your own!

Organizations routinely conduct various sorts of monitoring include network monitoring, intrusion detection monitoring, and now more and more, monitoring of employee activities online. This is an important part of the organization’s technical and security architecture.

  • Network focused--Network monitoring describes the use of a system that constantly monitors a computer network for slow or failing systems and that notifies the network administrator in case of outages via email, pager or other alarms. It is a subset of the functions involved in network management.”
  • External focused--“An intrusion detection system (IDS) is used to detect several types of malicious behaviors that can compromise the security and trust of a computer system. This includes network attacks against vulnerable services, data driven attacks on applications, host based attacks such as privilege escalation, unauthorized logins and access to sensitive files, and malware (viruses, trojan horses, and worms).” (Wikipedia)
  • Internal-focused--An activity monitoring tool, according to ComputerWorld Magazine, 7 April 2007, “monitors all activities on an end-user’s system to make sure that no data or computer usage policies are violated. If a violation does occur, the agent issues an alert to the company’s security team and begins collecting data for further review.”

While we all can understand the need for network monitoring and intrusion detection systems, many find internally-focused activity monitoring, a put-off, a display of lack of trust in the employees, or a violation of our privacy.

However, companies do actually have much to fear from their employees—especially the disgruntled or corrupt ones:

CyberDefense Magazine, August 2004, reports in “Beware of Insider Threats to Your Security” as follows: “Gartner estimates that 70% of security incidents that cause monetary loss to enterprises involve insiders…[that] recent FBI statistics show that 59% of computer hackings are done internally…[and that] a source inside the United states intelligence community stated that more than 85% of all incidents involving the attempted theft or corruption of classified data involved an individual who had already been thoroughly vetted and been given legal access to the data.

According to ComputerWorld, activity monitoring tools “features a video-like playback feature that lets security administrators view precisely what a user was doing before, during and after a policy violation was flagged. That can help the admins determine almost instantly whether the violation was an accident or the result of deliberate action…[Additionally, other tools] keeps an eye on all internal network traffic for sensitive or inappropriate material…[or] monitor database activity and check for improper access and other abuses.”

“Because the software [tools] can quickly correlate log even from practically every IT system, it also serve as both a “real-time alerting system and an after-the-fact forensic tool.”

Related products can actually be set up to quarantine a computer, when a policy violation is detected.

The architecture for monitoring the network and internal and external threats is becoming ever more sophisticated. While according to ComputerWorld, Gartner estimates that “less than 30% of Fortune 5,000 companies have installed such [activity monitoring] tools,” we can expect many more to adopt these in the near future.

These tools are vital in today’s information-rich environment where confidentiality, availability, and integrity are the backbone for our enterprise decision-making.


Share/Save/Bookmark

March 27, 2008

Identifying a Phony and Enterprise Architecture

Part of what distinguishes a good enterprise architect from a mediocre one, is the ability to discern fact from fiction and the important from the mundane when it comes to the state of the enterprise. Having the skill to do this is critical to being able to establish viable targets and transition plans. A mediocre architect may collect information, but can’t spot the true nature of the enterprise, what is right and wrong with it and how it needs to course correct. The truly talented architect can make those distinctions.

Recently in the news there was an item about a doctored photo of a Tibetan antelope running harmoniously alongside the controversial high-speed train developed by China in the animals’ Himalayan habitat. When first released, this photo was accepted as genuine and only upon analysis was it discovered as a fake.

Just like with the photo of the Tibetan antelope, as enterprise architects, we must a look with circumspection and fine tuned analyses at the information presented, so that we can come to valid conclusions and not just accept everything at face value.

MIT Technology Review, 17 March 2008, reports that “new tools that analyze lighting in images help spot tampering.”

One MIT researcher states: “lighting is hard to fake…even frauds that look good to the naked eye are likely to contain inconsistencies that can be picked up by software.”

Similarly, in enterprise architecture, we need to proverbially shed light on the information we capture in the architecture to discern its meaning to the organization—are there really gaps or in our capabilities or does some executive just want to have the latest technology gadget to showcase? Are the redundancies identified in the enterprise needed for backup purposes or are they truly superfluous? Is a process efficient or is this just the way things have been done for so long, that no one really knows differently or wants to change? Is an opportunity really advantageous to the organization or is it fool’s gold?

These are tough questions and answered incorrectly, could lead the organizations down the wrong path and result in costly mistakes, such as unsatisfied customers, lost market share, wasted time and effort, and demoralized staff.

The MIT Technology Review article states: “many fraudulent images are created by combining parts of two or more photographs into a single image.”

Similarly, in enterprise architecture, facts are often misinterpreted or distorted by combining pieces of information that do not go together or by omitting information from the puzzle. For example, user needs and technology solutions can be combined as touted as the ideal solution for the enterprise, but in fact the solution is mismatched to the requirement. Or an IT investment may be heralded as the be all and end all, but critical information was not examined such as the security of the product, the vendor support and training available, the true cost including operations and maintenance in the out years and so on. So just as with photographs you can have errors of commission and omission.

Cynthia Baron, associate director of digital media programs at Northeastern University and author of a book on digital forensics states: “it’s amazing to me, some of the things that make their way onto the web that people believe are real. Many of the things that software can point out [as fraudulent], you can see with the naked eye, but you don’t notice it.”

This is the same with the information that enterprise architects analyze—so much of it is can be misinterpreted—but with a little more attention and a skilled architect, you can find the true meaning behind the data.

In the end a good enterprise architect can be worth their weight in gold to the organization.


Share/Save/Bookmark