Thursday, November 18, 2010

Misc Updates

There have been some interesting items in the last week:

Brian Carrier has started a new Open Source Digital Forensics website. It offers a quick way for people to find useful tools, papers and procedures.

Dave Kovar released a new version of analyzeMFT. Not sure how he's had time to work on this, what with his busy glob-trotting lifestyle, but he's done it again :-)

Lance Mueller blogged recently about an EnScript that uses MSSQL for faster filtering of files by hash values. It was provided by Oliver Höpli.

For the iPhone forensics peeps, an iPhone Forensics White Paper was released on viaForensics.

There was also an open source iPhone Analyser released on Sourceforge.

Wednesday, November 17, 2010

NYC4SEC Meeting 11/17/2010

There is a NYC4SEC meeting tonight (11/17/2010). This month our speaker is Professor Nasir Memon who will be giving a presentation on digital image forensics. Description below:

Photo Forensics: There is More to a Picture Than Meets the Eye

When presented with a device full of active or deleted data – what do you know about the images? Can you recover them all? Can you tell which camera they are taken with? Can you tell if they are manipulated? Can you find from the Internet all other pictures taken from the same camera? Forensics professionals all over the world are increasingly encountering such questions.

Given the ease by which digital images can be created, altered, and manipulated with no obvious traces, digital image forensics has emerged as a research field with important implications for ensuring digital image credibility. This presentation provides an overview of recent developments in the field, focusing on three problems.

First, collecting image evidence and reconstructing them from fragments, with or without missing pieces. This involves sophisticated file carving technology.

Second, attributing the image to a source, be it a camera, a scanner, or a graphically generated picture. The process entails associating the image with a class of sources with common characteristics (device model) or matching the image to an individual source device, for example a specific camera.

Third, attesting to the integrity of image data. This involves image forgery detection to determine whether an image has undergone modification or processing after being initially captured.

So please join us on Wednesday, November 17th, 7:00pm at John Jay College.

John Jay College - Forensic Computing Program and the Center for Cybercrime Studies
899 Tenth Avenue - btwn 58th & 59th
Room 610T - 6th Floor

Don't forget to RSVP!!!

Thanks to Douglas Brush, Joe Garcia, Prof Bilal Khan and Prof Douglas Salane for making this possible.