Data Replay Services

Computer Crime / Digital Discovery / CCTV Image Recovery / Computer Forensics

Archive for the ‘Computer Crime’ Category

Common Mistakes In Computer Investigations

without comments

A number of common mistakes can arise during computer forensic investigation. The first and most frequent of these is the failure to maintain the proper documentation. The creation and maintenance of the documentation is both tedious and demanding, which is why this is one of the most common mistakes. Another is the inadvertent modification of data by opening files on the original evidence

Just opening a file from a computer’s hard drive to look at the contents results in the time stamps of the file being changed. This may hinder subsequent investigation or result in the evidence being rendered unusable. Another is the destruction of potential evidence as a result of the installation of software on the evidence media. The writing of software to the memory of the digital device or to a disk may result in evidence that was stored there, but not protected, being overwritten.

computer hard drive examinationWhile all of these mistakes may appear to be avoidable, there are times in some investigations where it is necessary to open a file on the original evidence before it has been copied or to install software in order to recover more evidence. This is particularly true of investigations into large networked systems that can not be isolated or easily turned off. When it is necessary to carry out such actions, it is essential they be recorded together with the reason such actions were taken.

Another common mistake made is failing to adequately control access to the digital evidence and maintain the chain of custody. When this occurs, it is almost impossible to proved the evidence has not been compromised.

Yet another instance is a failure by the investigator to know when they have reached the limits of their knowledge and to ask for assistance. We all like to think we are experts in our field, but in the area of digital forensics, the subject is now so vast and complex it is not possible for one person to have the necessary level of knowledge in all it’s relevant areas. Once the investigator exceeds their area of expertise, any evidence they recover will b of questionable value and may be challenged in the courts.

Written by Betty

December 4th, 2015 at 2:52 pm

Posted in Computer Crime

Thoughts On CCTV

without comments

Most budget CCTV systems comprise of one or more cameras that connect to a Digital Video Recorder box. Housed inside the DVR are one or more hard drives onto which the data is recorded.

The video images are often recorded in a compressed form in order to save storage space on the hard drives. Because CCTV recorders are saving data almost continuously, large amounts of storage space are needed in order to hold all the data.

To keep costs down and save on the amount of storage space required, DVRs can be programmed to hold data for a specific number of days, after which they loop back to the beginning of the recording and start to overwrite data. So, as an example, a DVR system that is set to only hold the last 7 days of data will do just that, and when it gets to day 8, this will be overwriting the data from day 1 etc etc.

The Recovery of CCTV Images

I am often asked if it is possible to recover data from CCTV systems where the hard drive’s data has been overwritten, so for example, is it possible to get data back from days 8 or further in the past? The answer, is usually no, but sometimes yes – it entirely depends how the data has been recorded on the hard drive. Samsung CCTV systems for example, record their data differently to Panasonic CCTV systems, and different approaches are used to rescue the images from both.

Written by Betty

October 16th, 2015 at 3:30 pm

Posted in Computer Crime

SQL Injection Attacks

without comments

A colleague of mine has received a notice from Google via his Web Master Tools account telling him that is site has been hacked:

“Unfortunately, it appears some pages on your site may infect visitors with software designed to access confidential information or harm their computers. You may not be able to easily see these problems if the hacker has configured your server to only show malicious content to certain visitors. To protect visitors to your site from malware, Google’s search results now display a warning when users click a link to your site.”

He’s yet to discover how this was accomplished but my money is on an SQL injection via the sites online database. SQL injections can be used to upload code to a web site, often a PHP file which can then be run remotely by the hacker and take control of the host web site. Taking control usually means redirecting the web traffic off to somewhere else (like a malware / trojan site).

Captcha exampleGoogle monitors web sites and attempts to detect when they have been compromised. This is how my colleague found out. SQL injection attacks are common way hackers use to take control of web sites but they are not the only way. Another common way is to gain access to the web site by cracking a username and password. Many sites these days have an extra page at login that introduces a Captcha into the login sequence – a code that is difficult for machines to read and easy for humans. You can read more about Captcha here: http://www.captcha.net/

Of course, this method is not 100% secure. While it’s often easy for people to identify the words or number sequence in the captcha boxes, it’s not an impossible task for a machine and there are many types of captcha software available that are able to crack many of the captcha codes. Also it’s possible to get captchas read and cracked by humans. Often in poorer countries – there are rooms of computers with people sat at them whose job is to type what they see. This is then relayed back to the captcha program and the captcha is broken and the system accessed.

Written by Betty

May 23rd, 2014 at 8:40 am

Beware of Cryptolocker

without comments

Warning SignCryptolocker is a malware trojan that attacks Windows machines and was first seen in late 2013. It finds its way onto systems by several methods, most commonly by via an innocent looking email that requires the reader to open the a disguised attachment that it infect the trojan.

Once on a system, Cryptolocker will encrypt various files on the hard drive with a very strong encryption key before displaying a message to the user of the computer demanding a ransom payment in return for the decryption key.

As Cryptolocker was a completely new threat when first launched, malware detection programs were not able to spot it as these applications are only able to detect threats that have already been discovered. Although Cryptolocker is now detected by anti-malware and anti virus detection programs, the writers of Cryptolocker frequently update their code to avoid detection. This is a tactic that has proved successful on a number of releases.

The Cryptolocker program uses an encryption key of 1024 bits which means that the passwords are so long that they are more or less unbreakable. A brute force program (one that continually tries different password permutations in order to crack the password) would literally take many years, working at a rate of tens of thousands of attempts per day.

Alternatively the ransom amount can be paid in return for the decryption key allowing the encrypted files to be deleted. Cryptolocker ransoms are paid in Bitcoins – a new virtually untraceable internet currency and in December 2013 an attempt was made to discover how much Cryptolocker had earned it’s creators. It’s estimated that between October 15th and December 18th 2013 (ie. just over two months), almost 42,000 transactions had taken place with a total value of USD $27M.

If your system has been infected with Cryptolocker and you have some important files that need decrypting you can either pay the ransom – although there is no guarantee you’ll get the decryption key, try and crack the password using a brute force program – which will take decades, or accept that your data is gone. There’s little point contacting a data recovery company as they’ll only be able to do the same exercise as you – and will need the decryption key in order to access your data. The decryption key is not stored on the infected PC.

Written by Betty

January 15th, 2014 at 3:09 pm

Computer Misuse in the UK

without comments

Computer Misuse termsComputer misuse is an interesting phrase. Interpreted in a light hearted way it suggests using a computer for various activities that the computer wasn’t intended for – eg. the keyboard as a hammer or the heat from the monitor screen as a sort of clothes dryer etc.

Of course the interpretation the phrase is supposed to define is using the computer for illegal or dubious purposes. Whilst surfing standard internet porn is not illegal, many companies would take a dim view if their employees were doing this during working hours. It’s also an activity that can upset other members of staff and quickly lead to problems and arguments in the office. Therefore companies class surfing porn as computer misuse and will often sack employees who are found doing it. Playing online games during working hours is a far less contentious issue but also considered by companies to be computer misuse as the employee is being paid by the company to work, not to play games. This is also often a sackable offence.

The term computer misuse is also intended to apply to computer crime, such as internet blackmail, hacking and phishing. All 3 of these activities are quite common. Computer viruses are an early example of computer misuse and were being written long before anyone had even thought of a computer misuse law. Computer viruses have now morphed into what is often referred to as malware.

Malware is basically any type of malicious computer software that is design to cause harm or damage. Actually, the definition of malware is rather long winded and complicated, Wikipedia have a good stab at defining the term here. There are many types of malware and one of the most interesting types are the ones that turn computers into network zombies – these are vast numbers of machines that are infected (almost always with the knowledge of the owner of the machine) with a malware program that allows them to be subtly controlled by criminal gangs. The gangs then use these zombie networks for an array of large scale criminal activities such as credit card fraud, money laundering and denial of service (DOS) attacks.

So already you can see that computer misuse is sometimes intentional (as in the above example of surfing porn during office hours) and sometimes not (where the owner has no idea their malware hijacked computer is being used for illegal purposes).

It’s easy to identify computer misuse when it’s intentional but as with most laws, the interpretation of the law of computer misuse can be tricky and rather long winded. Computer misuse is also interpreted and legislated differently by many countries. For those of us under UK law there’s a good computer misuse FAQ page on the Computer Science web site. The page discusses & defines computer misuse in both civil and criminal instances and goes into further detail about the actual process of computer misuse and committing computer crime.

It’s a good idea for both companies and individuals to be aware of the definitions of computer misuse and also what constitutes an offence, both criminal and civil. Presently, many of us believe we know what computer misuse is and think we are able to spot it, but this is only an a superficial basis. Reading the computer misuse FAQ shows that the law is actually for more reaching and involved than you may currently believe.

Written by Betty

December 20th, 2013 at 12:58 pm

CCTV Image Recovery from DVR systems

without comments

DVR CCTV system

Recovering crime scene evidence from DVR CCTV systems is a skilled job.

Well, tonight is November 5th, which in the UK is a very auspicious day as it’s Guy Fawkes Night, commonly know as Fireworks Night.

It’s a celebration of an event that happened over 400 years ago in 1605 when a group of disgruntled Catholics tried to blow up King James I. The plot failed, and the perpetrators were all killed, in several nasty ways that we won’t go into. The plot was very nearly successful but was undone by an anonymous tip off sent several days before. Any my point to all this? Well I was just thinking that today the plot wouldn’t get that far as there is CCTV and DVR recording equipment everywhere.

You’d be surprised how often CCTV equipment is deliberately sabotaged by people who have committed criminal acts but fear they may have left traces of their wrong doing on CCTV recorders and been captured by the the surveillance cameras installed.

CCTV and DVR systems are often sent to CCTV and DVR image recovery companies as these firms are often specialists at recovering the data from damaged systems. Video evidence and photographic evidence can often be lost from a DVR for a number or reasons:

  • The data is overwritten – Most DVR recorders use a looping recording – ie. they only record the last 14 days or so and all new data overwrites the old data. This happens a lot and most of the time the image data is not recoverable as it’s been overwritten with more recent footage.
  • The DVR hard disk develops a problem – Hard disks are mechanical devices and as such their moving parts fail. When this happens the data is often recoverable but it’s frequently a specialist job.

Another thing to be aware of is if your CCTV cameras and DVR equipment has captured a criminal act taking place that you want to prosecute, it important to observe particular rules and a chain of custody. These ensure that if your case goes to court the evidence from the DVR CCTV system is admissible.

 

Written by Betty

November 5th, 2013 at 3:21 pm

XKeyScore – More Revelations That Concern Us All

without comments

Edward Snowden really has opened a can of worms.. Hang on – don’t stop reading… This concerns YOU and your privacy.

Bascially, you don’t have any.

Imagine a tool that goes unnoticed but collects everything you do when you’re online… Private browsing? Ha! Wake up…

http://www.theguardian.com/world/2013/jul/31/nsa-top-secret-program-online-data

This tool then sends the data it gathers back America’s NSA where it can be interrogated.

Written by Betty

November 1st, 2013 at 11:27 am

4 Ways Cyber Criminals Steal Your Data

without comments

Stealing DataJust as technology has progressed, so have the techniques and ways of cyber criminals. These individuals have manufactured methods to extract personal and private information from one’s computer and use it to their own advantage. There are several techniques of data theft used by these cyber criminals in a bid to maximize their criminal activity. Let’s take a look at some of these methods.

Fast Flux
This is the idea of getting through to one’s computer with rapid (virtual) movement. It can be difficult to trace and this leads to a lot of issues for those who are on the receiving end of this malware.

With “Fast Flux”, the data is moved from one place to another within moments. Without proper attention, phishing sites and/or malware can take care of one’s computer and extract all that is required. It is important to keep a vigilant eye out for any such activity.

Skimmers
This is one of the most attributed technique to cyber criminals and has often been seen brought up by law enforcement. Skimmers are bent on gaining access to one specific piece of information and this one’s credit card information.

Devices are used by cyber criminals to keep tabs on the credit card information that is being passed through. The victim will never realize what occurred until the credit card has been used later on. This can be disconcerting and is on top of the methods used by cyber criminals.

What is done with the credit card information that has been retrieved? It is often used and/or sold online within the criminal community for further gains. This is one of the major reasons to always use one’s credit card with proven retailers. Any side business can often become victim to these sites (unknowingly) and lead all of their customers into a boatload of trouble.

Botnet
The idea with this is to have a series of virtual bots that can spread malware onto a system. The malware conveniently gains access onto the computer through a website and/or program that has been installed. This malware will quickly start seeking out private information on the computer as  desired by the cyber criminal.

Malware is designed to do a range of things and this can often be based on what the cyber criminal requires. It is best to have the right anti-virus software installed on one’s computer in order to tackle these issues head on.

Social Engineering
This has recently started becoming a very popular tactic used by criminals in the virtual world. The idea is to get the individual to personally provide all of the information to the criminal with the use of manipulative, neatly placed tricks.

Phishing websites are often used for such tactics as they are effective for those who are not in the know. All it takes is a few victims for this technique to become a handy one to have up their sleeves.

Always be careful when using these websites and make sure they are reliable and safe. Information should only be shared with reputable websites that have a track record for protecting data.

Concluding Thoughts
These are are some of many proven ways and techniques used by the world’s most notorious cyber criminals to extract personal and private information for vulnerable individuals.

It is important to keep an eye on all activity that is being done on one’s computer, you can use expert companies such as Computer Science Labs and the like. Any slip up can lead to a lot of trouble and it has for many people. Law enforcement continues to tackle this issue head on, but the best preventative measure is always on an individual level at home.

Written by Betty

October 28th, 2013 at 1:29 pm

Posted in Computer Crime

USA / Germany in Row Over Phone Hacking

without comments

obama-merkelGermany has summoned the US ambassador in Berlin around claims the US monitored German Chancellor Angela Merkel’s mobile phone.

Foreign Minister Guido Westerwelle will meet US envoy John Emerson after in what is viewed as an unusual measure between close friends.

However, it left open the question of whether calls were listened to formerly.

French President Francois Hollande had already called for the issue to be put in the plan of the summit, where EU leaders are expected to discuss Europe’s digital economy, economic recovery and immigration.

‘Completely unacceptable’
The German government hasn’t said how it received the trick about the alleged US spying. But news magazine Der Spiegel, which has printed stories predicated on content from former CIA contractor Edward Snowden, said the advice had come from its investigations.
Continue reading the story
Press review

Germany’s Berliner Zeitung regrets that “just now does the government appear to actually understand what it is occurring”

The New York Times worries that there is mounting damage to “core American relationships”

Press aghast at latest US spying claims
State-observation of phone calls has a special resonance in Germany – Mrs Merkel herself grew up in East Germany, where phone-tap was pervasive.

Her spokesman said the German leader “views such practices… as entirely unacceptable” and had demanded a “complete and comprehensive explanation”.

“Among close friends in addition to partners, while the Federal Republic of Germany and additionally the US have been for decades, there ought to be no such observation of the communications of the head of government,” said Steffen Seibert in a statement.

White House spokesman Jay Carney said the US “is not tracking and will not trail the communications of the chancellor”.

German ministers’ phones have purportedly been protected using technology from security company Secusmart since 2009. Secusmart said in March that German government officials could be issued with new, highlysecured technology made for Blackberry mobile phones.

A German information technology master told the BBC that security services for lots of countries could have intercepted the chancellor’s calls before she had complete encryption.

Numerous US friends have expressed fury over the Snowden-based spying allegations.

Veteran French European Commissioner Michel Barnier told the BBC on Thursday that “enough is enough”, and that trust within the US was shaken.

‘No business as usual’
Germany’s press echoed a feeling of indignation, with a frontpage comments Sueddeutscher Zeitung – 1 of the country’s most respected newspapers – referring to the “greatest potential affront”.

German Defence Minister Thomas de Maiziere said it would be impossible to come back to business as usual. That is much more than a tiff that’ll blow over easily, the BBC’s Stephen Evans reports from Berlin.

President Obama had assured Chancellor Merkel in June that German citizens were not being usually spied upon.

Written by Betty

October 24th, 2013 at 1:20 pm

PRISM and YOUR data security

without comments

PRISM

Picture of Edward Snowdenhttp://data-recovery-tips.co.uk/data-security-prism/

Have you heard of PRISM lately? Do you know what it is ?

Edward Snowden… Have you heard of him ?

Something to do with whistle-blowing about data security right? Yep….

If you’re anything like me there so much information about these days that you just selectively filter what you take notice of. Sometimes the important things go un-noticed. I suggest that to a large part of the UK population one of those things is PRISM.

What is it? In two words it’s a snooper’s charter. It gives license to involved parties to look through your data, if it’s held in the US.

Now perhaps you think you don’t have any data stored in America? Well… what about the online cloud backup you have that keeps your valuable data safe should your computer crash?? If that cloud data is stored anywhere with US jurisdiction then your data can be looked through legally…

Now what about the companies who you deal with.. Where is their data stored? Is it in the US? If it is then same thing… your data can be read thought about.. Legally.

It’s the world we live in.

Written by Betty

October 15th, 2013 at 11:30 am

Don’t Succumb to Online Identity Theft!

without comments

Identity theft is a cyber crimeIt is often been stated that imitation could be the sincerest form of flattery. This can be accurate when talking about clothes, dwellings or vehicles however as it pertains to getting your individuality stolen, it is a quite different narrative.

Safeguarding your own personal information is very significant and there are several things that you are able to do in order to assist in preventing identity theft and cyber criminals from targetting you personally.

Prevent Getting Scammed
You have likely noticed the expression “If something seems too wonderful to be accurate, it probably is.” You’ll find certain people who attempt to wrongly get info from you by suggesting you’ve won a competition and all-they require to deposit your money prize is bank-account number, charge card info and address. You shouldn’t provide these figures to anybody – whether it is within the web or in the phone, and definitely never to anyone you really do not trust. These cyber-criminals will frequently provide lure like money prizes and free vacation as they attempt to catch info about you – in-fact this is the place where the expression “phishing” originates from. They’ll contact you by telephone or e-mail informing you your individual account is going to expire and they want you to really update your info. Don’t take the lure – don’t react to these e-mails or calls, like you do you may probably be providing your particulars to these cyber-criminals.

You ought to promptly forward these phony emails to your own financial institution, lender, and regulators, before removing them. In Addition, ensure you use an excellent antispyware application on your personal computer to shield you from rouge popups, e-mails and malicious software that seek to collect your private info. Ensure that your antivirus and antimalware applications are set to mechanically update so that you get the most recent shielding that stops infections and hackers from accessing your pc.

Hold Your Confidential Files Personal
An excellent notion would be to repeat your entire lawful and private info and save it in both a bank safety-deposit box or perhaps a document at home. Maintain the advice that you take to the very least in case your bag or wallet is taken. Never bring your birth certificate, passport, or driving license on you unless completely needed, and not depart from your bag or wallet inside your car for thieves to grab.

Charge card purchases, bank statements, phone charges and repayment histories must even be shredded.

Place your own credit card bills inside your own wallet rather than inside your shopping tote. Additionally never toss receipts in the trash can. As they seek out methods to take your info robbers will frequently sort through your junk.

Frequently Track Your Credit History
Be conscious of your own credit history and assess it. Discover whether you’ll find any credit or debit cards in your statement that you didn’t authorise. Seek out any unexpected purchases and should you discover any record them all to regulators.

Produce passwords which have figures and characters and also would be challenging for anybody to figure. Don’t take a list beside you in your handbag or wallet. Retain the code words in a secure location at house. Memorise the code words. Your lender too can issue another phrase or password to gain access to your accounts.

Avoidance Is The Crucial Thing!
The likelihood of you getting one are considerably decreased by obeying the recommendations above, though there aren’t any guarantees you won’t be an id theft victim. Permit no-one to take your personal information.

Written by Betty

October 8th, 2013 at 7:28 pm

Types Of CCTV Setup

without comments

DataReplayServices - Experts in CCTVIn recent times, CCTV systems have received a great deal of interest as security has become a significant issue to most people. There is a huge demand for CCTV security systems not just in the United Kingdom but also worldwide. Let us look at some of the most important considerations concerning CCTVs so that you can understand the fundamentals.

Image Resolution
An important thing to consider is the quality of video and image resolution the system records in. Resolution is generally measured in TVL (the number of television lines produced by the cameras. If you want a CCTV system that records high resolution video and still images, you’ll require one with a TVL level towards the top end. If you think there’s a chance you’ll need to use the video recorded images in court (eg. in case of robbery), be sure to buy in a high resolution camera.

The Types Of Available CCTV Camera
Avoid getting the first setup you see. It is vital that you have a basic of the different types of camera on offer so you’ll know you’re getting the correct one for your business.

1. Standard
Standard types of camera are affordable and produce decent enough quality video and still images. One downside is that a decent source of light is necessary in order to get decent quality images. This means that these types of camera are virtually useless at night.

2. Infra Red
Infrared CCTV setups are able to see in darkness. This makes them a very useful security tool. Money is will be saved on lighting and you’ll have system that provides high quality video and images regardless of the conditions.

3. DVRs (Digital Video Recorders)
DVRs produce good quality images and are ideal for finding and viewing specific moments in time. Many DVRs will let you to remotely monitor the footage recorded from anywhere using the net.

4. PTZ Setups
PTZ cameras otherwise known as Pan, Tilt and Zoom can be remotely controlled. These cameras often housed in mesh housings and are controlled by monitoring companies in the area.

Written by admin

August 23rd, 2013 at 12:04 pm

Posted in Computer Crime

Computer Investigation

without comments

Computer Crime: What Does A Computer Data Forensics Investigator Do…

A person using a computerComputer (or ‘cyber’) crime is growing. As reported by police briefings, the number of computer forensics cases has been progressively increasing year on year. In the beginning, the industry literature used the term of computer forensics to specify the specific part of forensic science dealing with the study and retrieval of various material discovered in computer systems. The field expanded to digital forensics to include the examination and research of all the devices that are able to store electronic data. These kind of investigations are generally conducted in relationship to a crime, which is why it is essential that the computer forensics investigator to have the required training, but also a strong experience in the field. The responsibility of such an investigator is different from that of a system or network supervisors.

The most usual application of digital forensics investigations is usually to discredit or support hypotheses before a court of law, either criminal or civil. When it comes to digital discovery, an investigator can also be beneficial in the private sector, along the lines of corporate security and internal investigations. No matter what the case, the work of a computer forensics investigator follows a standard procedure that starts with the seizure of storage devices and continues on with its acquisition, also called forensic imaging. It is very important that the investigator has as much information as is possible before going through these steps. A very first step is frequently interviewing any individuals who can supply information in connection to the case.

The specialized processes start with the acquisition of the volatile evidence, which is the data which might change or vanish swiftly if incorrectly handled. After this step, which is often difficult to conduct, depending on the amount of access the investigator has to the computer or digital equipment. After that comes the acquisition of physical storage, including memory cards, hard disks, removable disks or USB hard disks, which will be forensically imaged, in order to ensure the continuity of the operational system, whilst additionally using the devices as evidence.

The world of digital forensics is fascinating, but it is also complicated and demanding. A good computer forensics investigator should not only be highly trained and experienced in the field, but additionally ready to step out of the technical world and into the courtroom. Testifying is normally the most demanding part of an investigator’s job. In court, you need to have the ability to translate the technical forensic language to situational basics that people can fully grasp. No matter how perfect an investigation, a poor presentation in court can easily kill it.

Written by admin

August 20th, 2013 at 10:29 am

Posted in Computer Crime