Data Replay Services

Computer Crime / Digital Discovery / CCTV Image Recovery / Computer Forensics

Archive for the ‘computer forensics’ tag

Beware of Cryptolocker

without comments

Warning SignCryptolocker is a malware trojan that attacks Windows machines and was first seen in late 2013. It finds its way onto systems by several methods, most commonly by via an innocent looking email that requires the reader to open the a disguised attachment that it infect the trojan.

Once on a system, Cryptolocker will encrypt various files on the hard drive with a very strong encryption key before displaying a message to the user of the computer demanding a ransom payment in return for the decryption key.

As Cryptolocker was a completely new threat when first launched, malware detection programs were not able to spot it as these applications are only able to detect threats that have already been discovered. Although Cryptolocker is now detected by anti-malware and anti virus detection programs, the writers of Cryptolocker frequently update their code to avoid detection. This is a tactic that has proved successful on a number of releases.

The Cryptolocker program uses an encryption key of 1024 bits which means that the passwords are so long that they are more or less unbreakable. A brute force program (one that continually tries different password permutations in order to crack the password) would literally take many years, working at a rate of tens of thousands of attempts per day.

Alternatively the ransom amount can be paid in return for the decryption key allowing the encrypted files to be deleted. Cryptolocker ransoms are paid in Bitcoins – a new virtually untraceable internet currency and in December 2013 an attempt was made to discover how much Cryptolocker had earned it’s creators. It’s estimated that between October 15th and December 18th 2013 (ie. just over two months), almost 42,000 transactions had taken place with a total value of USD $27M.

If your system has been infected with Cryptolocker and you have some important files that need decrypting you can either pay the ransom – although there is no guarantee you’ll get the decryption key, try and crack the password using a brute force program – which will take decades, or accept that your data is gone. There’s little point contacting a data recovery company as they’ll only be able to do the same exercise as you – and will need the decryption key in order to access your data. The decryption key is not stored on the infected PC.

Written by Betty

January 15th, 2014 at 3:09 pm

Computer Misuse in the UK

without comments

Computer Misuse termsComputer misuse is an interesting phrase. Interpreted in a light hearted way it suggests using a computer for various activities that the computer wasn’t intended for – eg. the keyboard as a hammer or the heat from the monitor screen as a sort of clothes dryer etc.

Of course the interpretation the phrase is supposed to define is using the computer for illegal or dubious purposes. Whilst surfing standard internet porn is not illegal, many companies would take a dim view if their employees were doing this during working hours. It’s also an activity that can upset other members of staff and quickly lead to problems and arguments in the office. Therefore companies class surfing porn as computer misuse and will often sack employees who are found doing it. Playing online games during working hours is a far less contentious issue but also considered by companies to be computer misuse as the employee is being paid by the company to work, not to play games. This is also often a sackable offence.

The term computer misuse is also intended to apply to computer crime, such as internet blackmail, hacking and phishing. All 3 of these activities are quite common. Computer viruses are an early example of computer misuse and were being written long before anyone had even thought of a computer misuse law. Computer viruses have now morphed into what is often referred to as malware.

Malware is basically any type of malicious computer software that is design to cause harm or damage. Actually, the definition of malware is rather long winded and complicated, Wikipedia have a good stab at defining the term here. There are many types of malware and one of the most interesting types are the ones that turn computers into network zombies – these are vast numbers of machines that are infected (almost always with the knowledge of the owner of the machine) with a malware program that allows them to be subtly controlled by criminal gangs. The gangs then use these zombie networks for an array of large scale criminal activities such as credit card fraud, money laundering and denial of service (DOS) attacks.

So already you can see that computer misuse is sometimes intentional (as in the above example of surfing porn during office hours) and sometimes not (where the owner has no idea their malware hijacked computer is being used for illegal purposes).

It’s easy to identify computer misuse when it’s intentional but as with most laws, the interpretation of the law of computer misuse can be tricky and rather long winded. Computer misuse is also interpreted and legislated differently by many countries. For those of us under UK law there’s a good computer misuse FAQ page on the Computer Science web site. The page discusses & defines computer misuse in both civil and criminal instances and goes into further detail about the actual process of computer misuse and committing computer crime.

It’s a good idea for both companies and individuals to be aware of the definitions of computer misuse and also what constitutes an offence, both criminal and civil. Presently, many of us believe we know what computer misuse is and think we are able to spot it, but this is only an a superficial basis. Reading the computer misuse FAQ shows that the law is actually for more reaching and involved than you may currently believe.

Written by Betty

December 20th, 2013 at 12:58 pm

CCTV Image Recovery from DVR systems

without comments

DVR CCTV system

Recovering crime scene evidence from DVR CCTV systems is a skilled job.

Well, tonight is November 5th, which in the UK is a very auspicious day as it’s Guy Fawkes Night, commonly know as Fireworks Night.

It’s a celebration of an event that happened over 400 years ago in 1605 when a group of disgruntled Catholics tried to blow up King James I. The plot failed, and the perpetrators were all killed, in several nasty ways that we won’t go into. The plot was very nearly successful but was undone by an anonymous tip off sent several days before. Any my point to all this? Well I was just thinking that today the plot wouldn’t get that far as there is CCTV and DVR recording equipment everywhere.

You’d be surprised how often CCTV equipment is deliberately sabotaged by people who have committed criminal acts but fear they may have left traces of their wrong doing on CCTV recorders and been captured by the the surveillance cameras installed.

CCTV and DVR systems are often sent to CCTV and DVR image recovery companies as these firms are often specialists at recovering the data from damaged systems. Video evidence and photographic evidence can often be lost from a DVR for a number or reasons:

  • The data is overwritten – Most DVR recorders use a looping recording – ie. they only record the last 14 days or so and all new data overwrites the old data. This happens a lot and most of the time the image data is not recoverable as it’s been overwritten with more recent footage.
  • The DVR hard disk develops a problem – Hard disks are mechanical devices and as such their moving parts fail. When this happens the data is often recoverable but it’s frequently a specialist job.

Another thing to be aware of is if your CCTV cameras and DVR equipment has captured a criminal act taking place that you want to prosecute, it important to observe particular rules and a chain of custody. These ensure that if your case goes to court the evidence from the DVR CCTV system is admissible.

 

Written by Betty

November 5th, 2013 at 3:21 pm

XKeyScore – More Revelations That Concern Us All

without comments

Edward Snowden really has opened a can of worms.. Hang on – don’t stop reading… This concerns YOU and your privacy.

Bascially, you don’t have any.

Imagine a tool that goes unnoticed but collects everything you do when you’re online… Private browsing? Ha! Wake up…

http://www.theguardian.com/world/2013/jul/31/nsa-top-secret-program-online-data

This tool then sends the data it gathers back America’s NSA where it can be interrogated.

Written by Betty

November 1st, 2013 at 11:27 am

Don’t Succumb to Online Identity Theft!

without comments

Identity theft is a cyber crimeIt is often been stated that imitation could be the sincerest form of flattery. This can be accurate when talking about clothes, dwellings or vehicles however as it pertains to getting your individuality stolen, it is a quite different narrative.

Safeguarding your own personal information is very significant and there are several things that you are able to do in order to assist in preventing identity theft and cyber criminals from targetting you personally.

Prevent Getting Scammed
You have likely noticed the expression “If something seems too wonderful to be accurate, it probably is.” You’ll find certain people who attempt to wrongly get info from you by suggesting you’ve won a competition and all-they require to deposit your money prize is bank-account number, charge card info and address. You shouldn’t provide these figures to anybody – whether it is within the web or in the phone, and definitely never to anyone you really do not trust. These cyber-criminals will frequently provide lure like money prizes and free vacation as they attempt to catch info about you – in-fact this is the place where the expression “phishing” originates from. They’ll contact you by telephone or e-mail informing you your individual account is going to expire and they want you to really update your info. Don’t take the lure – don’t react to these e-mails or calls, like you do you may probably be providing your particulars to these cyber-criminals.

You ought to promptly forward these phony emails to your own financial institution, lender, and regulators, before removing them. In Addition, ensure you use an excellent antispyware application on your personal computer to shield you from rouge popups, e-mails and malicious software that seek to collect your private info. Ensure that your antivirus and antimalware applications are set to mechanically update so that you get the most recent shielding that stops infections and hackers from accessing your pc.

Hold Your Confidential Files Personal
An excellent notion would be to repeat your entire lawful and private info and save it in both a bank safety-deposit box or perhaps a document at home. Maintain the advice that you take to the very least in case your bag or wallet is taken. Never bring your birth certificate, passport, or driving license on you unless completely needed, and not depart from your bag or wallet inside your car for thieves to grab.

Charge card purchases, bank statements, phone charges and repayment histories must even be shredded.

Place your own credit card bills inside your own wallet rather than inside your shopping tote. Additionally never toss receipts in the trash can. As they seek out methods to take your info robbers will frequently sort through your junk.

Frequently Track Your Credit History
Be conscious of your own credit history and assess it. Discover whether you’ll find any credit or debit cards in your statement that you didn’t authorise. Seek out any unexpected purchases and should you discover any record them all to regulators.

Produce passwords which have figures and characters and also would be challenging for anybody to figure. Don’t take a list beside you in your handbag or wallet. Retain the code words in a secure location at house. Memorise the code words. Your lender too can issue another phrase or password to gain access to your accounts.

Avoidance Is The Crucial Thing!
The likelihood of you getting one are considerably decreased by obeying the recommendations above, though there aren’t any guarantees you won’t be an id theft victim. Permit no-one to take your personal information.

Written by Betty

October 8th, 2013 at 7:28 pm