I think at some point in a computer scientist’s studies the computers themselves become less of a thing, a tool, and instead become more of an extension of the self like an arm or a hand. I’ve always felt the true power of computers comes not in completely automated processes, but in combining the analytical strength of computers with the very powerful pattern recognition abilities of the human mind. To some extent my research is trending in that direction with the idea digital forensics needs to move away from a synchronous process to an asynchronous one. You can see a previous post summarizing my AAFS presentation on Black Friar.

(more…)

I am testing new themes to find one which is more readable. Stay tuned.

P2P infringement cases are fascinating for several reasons. They are the essence of my argument the intersection of law and technology is going to be a significant one in the future once courts become more widely cognizant of the difference between abstraction and implementation. A case I am keeping tabs on now ACHTE/NEUNTE v DOES 1-2,094 is interesting because of the argument advanced regarding the BitTorrent protocol.

To review, with BitTorrent and most modern P2P protocols an individual offers to share a file. Various users locate files of interest to them. Traditionally, in the BitTorrent model the users locate a torrent file from a search engine or some other source, the torrent file points to a tracker which delivers a list of contacts to the program who have portions of the desired file. The program requests parts of the file from a variety of sources and reassembles the file once all the parts are downloaded.

(more…)

If pressed, I would name the ACTA treaty and Network Neutrality as the two most threatening issues of the day with regard to the Internet. The ACTA treaty has, until recently, been under super secret negotiations hidden from public scrutiny. There have been a number of leaks, and finally an official release of a treaty draft a few days ago. The treaty is titled as an “Anti-Counterfeiting Trade Agreement” , but it, at minimum, shares equal space with combating so-called Internet ‘piracy’. Section 2.18(3) is particularly interesting and pertinent in the same context as DMCA and Network Neutrality issues.

Section 4: [Special Measures Related to Technological Enforcement of Intellectual Property in the Digital Environment]

ARTICLE 2.18 [ENFORCEMENT PROCEDURES IN THE DIGITAL ENVIRONMENT] 45

[...]

1. Without prejudice to the rights, limitations, exceptions, or defenses to [[ patent, industrial design, trademark and][copyright or related rights]][intellectual property rights] infringement available under its law, including with respect to the issue of exhaustion of rights, each Party [confirms that] [shall provide for] [civil remedies as well as limitations, exceptions, or defenses with respect to the application of such remedies, are available in its legal system in cases of third party liability[ 47 ][or liability for those who authorize infringement, or both] for [[patent, industrial design, trademark and][copyright or related rights]][intellectual property rights] infringement. 48

[...]

Each Party recognizes that some persons 49 use the services of third parties, including online service providers,[ 50 ] for engaging in [ patent, industrial design and trademark,] copyright or related rights infringement.

[...]

50

[For purposes of this Article, online service provider and provider mean a provider of online services or network access, or the operators of facilities therefore, and includes an entity offering the transmission, routing, or providing of connections for digital online communications, between or among points specified by a user, of material of the user’s choosing, without modification to the content of the material as sent or received.]

The Electronic Frontier Foundation released a preliminary legal analysis of the treaty draft, noting:

“ACTA contains various provisions requiring countries to impose liability on intermediaries for their users’ behavior (Article 2.18(3)). This would apply to Internet intermediaries, but also to intermediaries such as libraries and educational institutions, which frequently provide Internet access to their customers and users.” – eff.org

(more…)

UNO was given a few tickets to the homeland security event tomorrow from the Louisiana Technology Council, and I managed to obtain one.  The event schedule looks like it has some interesting topics: (more…)

DC3 2k10 is here again, and team NSSAL will be participating again this year. I was a little disappointed in our overall ranked performance last year, but the challenge numbers are a little misleading. The 2008 challenge was composed of discrete components, whereas 2009 was an investigation – we solved the investigation, but there is only so much time you can spend beating a dead horse for more points once a case is solved.

I’m pleased to say this year our team will have fewer distractions and we’ll even all be in the same city this go around. I’m due to pick up the challenge data this weekend, but first appearances seem to indicate 2010 will be closer in format to 2008. Obviously, with the DC3 I cannot comment about the challenge itself until the end, but I hope to have another good write up on our entry when everything is over in December.

This year I attended the American Academy of Forensic Sciences (“AAFS”) conference in Seattle and presented in the digital and multimedia section. The following post is a summary of the oral presentation along with my slide set.

For those who do not know, I hold an M.S. in computer science with concentration in Information Assurance. I am presently a Ph.D. student in Engineering and Applied Sciences at the University of New Orleans. I expect to be ABD by fall of this year when I start law school as a J.D. student. Professionally, I work for a litigation support vendor in New Orleans dealing primarily with the civil side of digital forensics, eDiscovery, and other related areas. I have a somewhat unique perspective on the field by having one foot in academia and the other in industry.

One cannot begin a discussion of future trends and the need for new approaches without first examining the current state. At present the field has three main phases of practice: acquisition, analysis, reporting. Acquisition originated in dead acquisition where the data storage medium, such as a hard drive, is imaged byte-for-byte to produce an exact duplicate when the system is powered off. The duplicate is hashed for later verification after analysis is complete. In a more modern twist, Live analysis involves acquiring data from a system while it is still running. Live acquisition allows for preserving more ephemeral data such as memory dumps, active network connections, logged on users, running programs, etc which would otherwise be lost in powering the system down for dead acquisition. Live acquisition risks the triggering of anti-forensics tools, malicious commands from still logged in users, and damaging the system state. (more…)

Wikileaks has data from several Neo Nazi forums. The information includes user lists, private message histories, forum posts, etc. I’ve been pouring over the data since yesterday. They seem to be using SMF and phpBB primarily between the sites – some with modified fields. I’m currently looking at the communication patterns for the private messages. When I analyzed the user lists, I found a good number of overlap users between the sites – users who were members of multiple websites. What I’m doing now is cross referencing the private messages to and from the individuals with multiple memberships. I’m hoping this reveals who the significant actors are, what individuals form subgroups, and how different subgroups are linked between the sites through the multiple membership users.

This is all very preliminary, but should make for some fascinating observations later. After I am done with the communication patterns, I’m going to take a look at word frequencies in the forum posts. I might make one of those weighted word clouds, those always make for intriguing eye candy.

User error is ever the bane of security. It has plagued the digital world since the first user taped their password to their monitor, an event likely to have occurred shortly after the first passwords were given out. While the existence of user error continues its endless march, the form it takes mutates as technology advances. Recently, the Department of Homeland Security mistakenly released a manual on its screening procedures (user error 1) and failure to properly redact certain sections (user error 2). The internet, in its vast never sleeping glory, found this document and scattered it to the four winds to preserve it against censorship. (As a side note, I often speak of the internet metaphorically as if it were a living entity. I feel it better captures the internet’s essence that we are each but parts of a larger metaphorical mental organism.)

The document can be found at cryptome.org and on wikileaks.org.

The mistake was a fairly simple one, and a common governmental gaff. In redacting the document, the reviewer simply placed black boxes over the offending text without “burning in” the redaction. “Burning in” is a process of re-rendering the post-script data so instead of rendering a block of text with a black bar on top of it (e.g. layered) it renders just the black bar. The layered rendering they released can then have the redaction box deleted or the data simply cut and pasted out of the document.

(more…)