Friday, July 8, 2011

Computer Forensics Innocence Project

This has turned out to be The Week of Larry™ in that I’ve read several interesting stories that have all had a Larry Daniel angle to them. I’ll admit that I didn’t pay much attention to the Casey Anthony trial so I won’t even try to comment on the outcome, but there was a significant digital forensics component to it. Everything I have heard about the trial indicates that Sandy Osborne and Kevin Stenger from the Orange County Sheriff’s Office in Florida performed in an exemplary manner. Larry posted on his blog after the trial that he was a consultant for the defense. This means we just had an extraordinarily high profile murder trial where digital forensics was not only a key portion of the case, but where both sides utilized very skilled and respected digital forensics examiners to advance their respective cases.

I read an article later in the week that described how Larry played an active role for the defense in a murder trial in North Carolina. I know even less about this particular case than I know about the Anthony case, but the article is interesting to me in that Larry testified about not only the computer forensics aspect of the case, but also about mobile devices. This is another excellent example of how learning about mobile device forensics isn’t optional for digital forensics examiners who want to stay current and remain competitive in the job market over the long term.

Lastly, Larry posted on his blog letting people know about a proposed Computer Forensics Innocence Project. One of the biggest problem that I can see with this is what was mentioned by J-Michael Roberts on Twitter which is that participation in such a project could cause issues with the membership rules for some of the main digital forensics groups.  There are a number of really great organizations that one can join in the digital forensics field, but many of them prohibit their members from doing criminal defense work.

Copyright Alert System

Ars Technica and others reported this week on the proposed Copyright Alert System which is an agreement between some of the primary entertainment industry trade organizations such as the Recording Industry Association of America and the Motion Picture Association of America and major Internet service providers such as Verizon and Comcast to protect intellectual property rights. The White House even issued a supportive statement on its blog. Essentially what this system does is establish is a six step system where the Internet service providers would take incrementally more substantial action against their customers who are thought to be involved in copyright infringement. I predict that this is something will be increasingly common as we see the lines blur between those who create content and those who deliver content. The best example of this blurring is the merger of content deliverer Comcast with content creator NBC Universal.

Adventures in Corporate Communications: Dropbox Edition

The people over at the cloud storage service Dropbox had an idea that I’m sure sounded perfectly reasonable at the time they thought of it. The idea was to rewrite their terms of service, security overview, and privacy policy documents using plainer language and less “legalese”. Unfortunately, their attempt to make their terms of service more approachable actually resulted in a misunderstanding that caused many people to bolt from their service. The language that they used made it sound to some people that Dropbox was claiming at least some degree of ownership rights to user’s data. This wasn’t the case and Dropbox eventually clarified their terms of service. There’s a Harvard Business School case study about corporate communications in here somewhere because this incident illustrates clearly why professional communications people are important in the business world. It’s also is a good example of how individuals and enterprises are still more than a little skittish about data ownership and privacy issues relating to cloud computing.

Book Reviews

I love reading and I almost exclusively read non-fiction with an emphasis on information security and history. Amazon’s review system is great fun for me because it allows me write about the books I read and continue to learn how to write a proper book review. I also enjoy reading the book reviews of others such as the ones that are written by Ben Rothke and Richard Bejtlich.

A pair of cybercrime related books stood out for me recently. The first one was Susan Brenner’s Cybercrime: Criminal Threats from Cyberspace. As I pointed out in my review, it’s a masterfully done view into the world of cybercrime from a legal perspective. Susan also writes a very informative and frequently updated blog that extensively covers cybercrime law.  The second book was Kevin Poulson’s beautifully written Kingpin: How One Hacker Took Over the Billion-Dollar Cybercrime Underground. This is an incredibly approachable book that everyone can enjoy regardless of their level of technical knowledge. In fact, I liked both books so much that I added them to my Amazon “Learn About Cybercrime” guide.

As Harlan pointed out on his blog, I also have a very positive review up for Digital Forensics with Open Source Tools which was written by Cory Altheide and Harlan. This book is invaluable to people starting in the field and is also a great resource for experienced examiners who are looking to be introduced to new tools and methods. The book was so good that I added it to my Amazon “Learn Digital Forensics” guide.

New SANS Computer Forensics Assessment

SANS has a new computer forensics course assessment posted. This test is based on the core knowledge areas of the FOR408: Computer Forensic Investigations - Windows In-Depth course. I haven’t taken it yet, but I’ll be curious to know what other people think of it.

25th Annual HTCIA International Conference

The HTCIA people asked me to remind you all that they have their annual training conference coming up. I’ve attended a couple of these conferences in the past and enjoyed my time there. They tend to alternate  from one side of the country to another each year. This year it’s going to be in Indian Wells, California which is near Palm Springs.