Blog

Why Your IT Gal/Guy Shouldn't Do Forensics For You - Part 1

posted May 12, 2015, 11:56 AM by David Schippers   [ updated May 12, 2015, 9:58 PM ]

There are a lot of organizations that feel their in-house information technology staff can handle their digital forensics' needs.  On the surface, this decision seems like a great way to save money and control the release of key information.  However, there are some key things that should be included in your decision to outsource or in-house your digital forensics needs. 

If our tech geek gets in over their head, we can call in the professionals
This is a major problem for incident response and digital forensics.  Organizational leaders assume they can start a major response in house and outsource it when things get to complex or deep.  The major issue with this assumption is that any evidence will never be destroyed, deleted or manipulated by their in house staff.  In essence, this is comparable to having your friend start open heart surgery and call in a surgeon when things start to go bad.  Sometimes, actions cause irreparable damage to your response and evidence.  Even if a professional forensics investigator can recover from the problems created by untrained/unskilled responders, it will cost the organization a considerable amount of money in the form of billable hours by a skilled responder.    

Do you need to comply with standards such as PCI-DSS or ISO standards?
These standards bodies require timely and consistent responses to security incidents.  Consistent is the key term.  Policies, procedures, tools and knowledge should be in place to provide the response.  The vast majority of people assume digital forensics is a technical field that any geek can handle.  This assumption is a major mistake.  Pulling your resident tech geek without proper training or certification in evidentiary and legal procedures can put your response in a bad position.  The other big hurdle your organization may face is the ability for their work to hold up in a court of a law. 

But we don't need to worry about a lawsuit
These are common words in most circles.  Many security responses start off with simple assumptions.  As things escalate, it can become clear that the situation will end up in court, which can be for various reasons.  If you've utilized an untrained and uncertified responder, your chances of defending your legal argument can be placed in jeopardy.  

As always, if you ever need advice or help with a digital forensics response, please feel free to contact us.  We're here to help you with your difficult situations.  

Sample Screenshot XifMp Update

posted May 11, 2015, 12:37 AM by David Schippers

Our updates for XifMp are nearing completion.  There are two major changes with the new update.  The first of the two changes involves a different naming schema for mapped images.  The new naming schema uses #--<imagename>.  For example, 33--image87.jpg.  This allows an examiner to quickly identify the sequence of the mapped images with the associated lines.  The sample image below illustrates the new feature.  

Open Source Intelligence | Online Investigations

posted Apr 27, 2015, 11:41 AM by David Schippers

Why do you request an online investigation?  Many people have different reasons for requesting.  Here are a few:
  • Civil Cases
    • Custody 
    • Divorce
    • Evidence for admission
    • Facts to drive case direction
  • Background checks
  • Verifying Applicant's information
  • Activity discovery
If you have any needs for online investigations, please feel free to contact us for help.  

CEIC - GPS Location Accuracy - Traingulation vs. Trilateration

posted Mar 31, 2015, 11:26 PM by David Schippers

We are pleased to announce Iron Dog LLC's forensic investigator Dave Schippers has been offered a reserver speaker spot at CEIC 2015.  CEIC is Guidance Software's global information security, legal, and digital forensics conference.  CEIC attracts attendees from across the globe, including Europe and the Asia Pacific rim.  Dave's session is focused on GPS location accuracy in relation to coordinate information for investigations.  Stay tuned for more updates.  

XifMp Updated

posted Mar 15, 2015, 9:12 AM by David Schippers

Sometimes, life gets in the way of getting things done.  There's been a lot going on and it has delayed some important updates for XifMp.  

Now, we are pleased to announce a key enhancement we were intending to have completed a long time ago.  XifMp how handles unicode file names.  This sounds pretty simple, but its been a longer process than anticipated. 

The primary problem with XifMp are the Python modules that are leveraged for the core code.  One of those primary modules is xml.dom.minidom.  In essence, everything worked great until passing a file with unicode characters to the xml module.

To address the issue for now, we are utilizing the base64 module and performing a unicode character check on inbound file name passing.  This allows us to grab files with unicode character naming and convert it to ASCII friendly naming in the form of a base64 encode.  Of course, we also provide a text file that explains the former and new name.  This file opens in the default system text editor at the same time that the KML file opens in Google Earth.  
As a side note, XifMp provides a logging file to help troubleshoot any problems if images create errors.  

As always, please feel to contact us with commentary or suggestions.  

GPS Data

posted Feb 14, 2015, 1:34 AM by David Schippers

Sometimes, you have to fix the GPS unit before extracting data.  Thankfully, it was relatively simple.  Green light - unit repaired.  


GPS Data in Criminal Case

posted Dec 11, 2014, 12:15 AM by David Schippers

GPS can be used in a variety of fashions to validate or discredit claims in legal cases.  

http://www.hollandsentinel.com/article/20141111/News/141119755

XifMp Teaser

posted Oct 16, 2014, 3:15 AM by David Schippers

XifMp Teaser


This is a 15 minute video on some of the capabilities of the XifMp picture mapping program.  

Website Metadata Purging

posted Jul 11, 2014, 9:57 PM by David Schippers

In some recent research for a case, we came across this interesting site with testing information on metadata availability on websites.  This seemed to be pretty valuable.  (Although, we have not tested all of the sites, please use the information carefully.)  Many websites purge metadata when you try to download images.  

http://www.embeddedmetadata.org/social-media-test-results.php

2014 Toyota Sienna JBL Infotainment Review

posted Jun 28, 2014, 12:13 AM by David Schippers

Another Alex on Autos video review of the infotainment system for the Toyota 2014 Sienna.  

For those interested, please note that this system is citing only call history while Bluetooth syncing is enabled will appear in the infotainment history.  Essentially, it does not pull the entire call history as many of the new infotainment systems do.  

https://www.youtube.com/watch?v=fcoGt1MB530&list=UU3qM33hHgedfi7qTKKgIApg

1-10 of 12