Computer forensics is a very important branch of computer science in relation to computer and Internet related crimes. Earlier, computers were only used to produce data but now it has expanded to all devices related to digital data. The goal of Computer forensics is to perform crime investigations by using evidence from […]
Every analysis begins with specific goals in mind. As a forensics investigator, you are expected to know the type and importance of information you are looking for while investigating a computer crime. Computer forensics investigations involving a Windows box rely heavily on meticulous inspection of the keys, subkeys and […]
The particular exploits in this article take advantage of systemic query factory vulnerabilities, vulnerabilities which exist throughout an entire application’s SQL generation code, found in a deprecated version of OSCommerce’s development/unstable tree (specifically version 3.0.3 alpha) that were implemented by other developers into their own product’s stable tree. While […]
Acceptable Use Policies (AUPs) are an essential component to all organizations, companies, and other establishments offering Internet or Intranet access.
According to network security provider GFI, an Acceptable Use Policy should successfully define which network systems the policy covers; explicitly prohibit illicit behavior, distribution, and communications; establish privacy guidelines; and […]
A few weeks ago, I wrote an article for 2600 Magazine. (If you’re curious, publication has been confirmed and you’ll probably see it in the Winter 2014-2015 issue.) The form email you get when you email an article submission says:
“We don’t recommend sending PGP encrypted articles as we frequently […]
This article introduces Android forensics and the techniques used to perform Android forensic investigations. We will discuss Android file systems, data acquisition, analysis, and various tools available for Android Data Extraction.
The smart phone market is growing higher and higher. With the drastic changes in technology, smart phones are becoming […]
The cloud is expanding. More applications are being run online. More data is being stored online. More businesses are relying on public, private, and hybrid clouds for their apps, records, and backups. And more hackers are taking advantage.
Why Security Breaches Happen in the Cloud
Hackers aren’t attacking the cloud; the […]
In this article we will learn about one of the most important features introduced by Microsoft from the perspective of network access protection (NAP). We will also cover all the main concepts surrounding NAP and various design scenarios and best practices.
Network Access Protection (NAP) is a platform to check […]
1. IntroductionCreating a backup procedure is a very important aspect for a company, because a loss of data can result in great damage to the company, possibly even a company going bankrupt. Proper backup mechanisms are usually not in place or are poorly designed, which becomes evident once it’s […]
Security experts at Trend Micro have recently uncovered a hacking campaign dubbed “Operation Emmental” which targeted Swiss bank accounts with a multi-faceted attack.
Bad actors were able to bypass the two-factor authentication mechanism used by the bank to secure its customers’ accounts. The researchers at TrendMicro coded the campaign […]
Windows registry is a gold mine for a computer forensics investigator. During case analysis, the registry is capable of supplying the evidence needed to support or deny an accusation. There are other sources of information on a Windows box, but the importance of registry hives during investigations cannot be […]
Cyber insurance coverage has been available on the market for a decade, but only recently companies have been seeing a significant growth—sales of cyber insurance in 2013 escalated 30 percent in comparison with 2012, according to the Global Head of Professional Liability for AIG Tracie Grella.
Now cyber insurance is […]
Cloud computing is changing the way we interact with devices, software, data and processes. But some things never change, and one thing that remains true across the old and new computing paradigms is the importance of authentication to confirm the identity of the user and/or system with which we’re […]
At the beginning of this year, an Intermap poll found that cloud security is still a major obstacle to cloud adoption, with 40% of respondents still wary of going to the cloud for that reason, although many experts, such as the panel at the most recent RSA Conference, say […]
In the previous article, we had already configured the Mod-Security Firewall with OWASP Core Rule Set (CRS). But installing and configuring the Mod Security alone is not enough, as we are using the standard OWASP Core Rule set. The common problem with standard OWASP (CRS) is that it gives […]
Canadian Chinese Embassy spokesperson Yang Yundong can’t pull the wool over my eyes.
“The Chinese government has always been firmly opposed to and combated cyber attacks in accordance with the law. In fact, China is a major victim of cyber attacks,” he said on July 29th.
Mr. Yundong released that statement […]
When a cookie has secure flag set, it will only be sent over secure HTTPS, which is HTTP over SSL/TLS. This way, the authentication cookie will not be disclosed in insecure communication (HTTP). It turns out, however, that an insecure HTTP response can overwrite a cookie with secure flag […]
Websites are used daily by a large part of the world’s population to carry sensitive data from a person to an entity with online-based presence. In websites containing materials that are shown after authentication only, forms transfer data containing user credentials to server-side scripts. Users store their credit card […]
Tor is the acronym of “The onion router”, a system implemented to preserve online anonymity. Tor client software routes Internet traffic through a worldwide volunteer network of servers that hide user information, eluding surveillance of government and other bad actors.
The Tor project was born in the military sector, sponsored […]
Voice over Internet Protocol (VoIP) is a methodology and group of technologies for the delivery of voice communications and multimedia sessions over Internet Protocol (IP) networks, such as the Internet. VoIP communication has reduced the cost of international calls dramatically allowing people to dial ISD calls with a cheaper […]