Discere Dev Update
Discere is approaching a usable alpha release. I just need to add support for zip/jar/tar/etc archives, and incorporate my prior PST handler from black friar, then add rudimentary document tagging. Spreadsheets are still a bane – I don’t know what the point is really, they never come out in a readable format without human intervention; I’m wondering about rendering them from an HTML table extraction.
I thought I would just post the above dev log update since I have so little time to blog right now. As a quick explanation, Discere is a part of my dissertation work, and is a subset of my Blackfriar project. Discere is intended to be an eDiscovery / Document review system with robust index/search capabilities, while Black Friar is the overarching project linking digital forensic acquisition / preservation data into a reviewable / produce-able format. All of it relies on a substantial number of Open Source projects to leverage existing, robust projects into a tool usable by anyone. It is also cross-platform to address the increasing number of Mac and Linux systems found in the legal environment (trust me, half of my law school classmates are on macs right now, and I am noticing an increase in usage with clients I do expert work for).
Changes
Moving forward is never an easy decision, but sometimes we outgrow what we have, and must move to something new.
For me, it is time to move on from Venue Docket. I have been at Venue for over five years working with it and its sister companies, but now I find I must move on to move forward. For my clients, there will be no disruption to my services. I will be contacting you soon with updated information on my new company Digital Inquest, LLC.
One of the exciting opportunities this change brings is for me to expand my services to other clients I have been unable to work with in the past. I look forward to continuing my work with plaintiff firms who find themselves in eDiscovery disputes. I also look forward to doing more proactive work with defense firms dealing with issues from preservation through developing defensible search protocols. I feel that in the end, whether I am hired by a defense firm or a plaintiff firm, the ultimate goal is the same: understanding the problem, developing a solution, and delivering that solution in the most efficient manner possible.
NOPA Slides June 2011
I gave a presentation to the New Orleans Paralegal Association for their June 2011 meeting. The presentation was on differences between reality and crime genre movies and television shows like NCIS, CSI, Numb3rs, etc. The presentation contains a number of video clips from such shows, and has some information explaining where they were right, where they were wrong, and some of the problems with changing technology making previously impossible things possible.
*UPDATE* – One of my slides pokes fun at the “GUI Interface in Visual Basic” to track an IP address, and invalid IP addresses. This morning’s update to the long running BOFH ‘comic’ took a moment to poke fun at some of these same topics.
“Yes, but if you like we can use our television script based IT skills to determine who damaged these computers?”
“Well… yes, if you think it will work?” the Boss burbles.
“You bet. We’ll have it sorted inside the hour. Or 16 minutes if we don’t stop for adverts.”
“So you want me to run up a GUI interface using visual basic to track the killer’s IP Address?” the PFY asks.
“Yes do that – although we already know the first number in the address is 324 dot something.”
“Ah, so it’s from downtown,” the PFY nods knowingly.
Slide 9 Video – Utter nonsense
Slide 11 Video – Numb3rs IPv4
Slide 13 Video – Gaming Consoles & Spreadsheets
Slide 16 Video – NCIS Steganography
Slide 18 Video – Elements song; encoding lyrics into MP3
Slide 19 Video – Original vs Hidden comparison
Slide 21 Video – Fried phone
Slide 23 Video – Stuxnet
Slide 25 Video – You can always unplug
Westboro Baptist Church
In a strange turn of events, news outlets are reporting Anonymous, the same ‘group’ (or loose association depending on who you listen to) responsible for the HB Gary fiasco is now threatening the Westboro Baptist Church. Or is it? Suspicions are surfacing the threat was posted by Westboro Baptist Church itself. I have an interesting observation regarding the & symbol.
First, this is the press release by ‘anonymous’ which contains some peculiar uses of the & as illustrated below.
- Free Speech & the Advocate of the People
- chauvinists & religious zealots
- attention & in the name of religion
- Freedom of Speech & Freedom of Information
- intimidation and mental & emotional abuse
- Cease & desist your protest campaign
- Kansas, & close your public Web sites.
- propaganda & detestable doctrine
- conduction & promotion
- bigoted operations & doctrines
Note the significant use of & – Westboro Baptist Church is a fascinating group to me. I feel they represent a test of our dedication to free speech, the first amendment’s Gethsemane so to speak. Something about the post sounds like the WBC. For as long as it remains up, look at WBC’s reply. Very curious. Anonymous posted a reply to the WBC reply, note the difference in word usage.
Now look at this sentence:
You have condemned the men and women who serve, fight, and perish in the armed forces of your nation; you have prayed for and celebrated the deaths of young children, who are without fault; you have stood outside the United States National Holocaust Museum, condemning the men, women, and children who, despite their innocence, were annihilated by a tyrannical embodiment of fascism and unsubstantiated repugnance.
Note the super-run-on-super-comma sentence structure with two semi-colons. This is the same type of sentence structure used by WBC. There has been some research in the past to identify unique aspects of an individual’s writing style for author identification. I’m not overly impressed by its application in general because anyone who is aware of it can alter their writing style to suit. However, if you are not aware of it you can be betrayed by your own writing style. It is contended in the anonymous second reply that WBC has left their ports open to collect IPs for legal action. That would be an interesting outcome.
Personally, I think the “Operation Westboro” call to arms sounds remarkably like Westboro Baptist Church themselves, and any evidence of a WBC honey pot only strengthens that view.
The Brits crack some emails
This is an interesting tid bit from across the pond:
Police took months to break encrypted messages on his computer. They found he had been in direct contact with Awlaki, who is accused of having links to the attempted bombing of a plane over Detroit during Christmas in 2009 and an attempt last year to explode ink printer bombs on freight planes heading to the US.
- The Guardian
The plot came to light after expert from the Metropolitan Police Service Counter Terrorism Command spent nine months cracking 300 encrypted emails found on Karim’s hard drive.
- The Register
I say interesting, because encryption is a thorny issue. Generally, common wisdom holds a sufficiently large key size will take forever and a day to brute force. The common wisdom has to be balanced with a host of other factors such as the omnipresent human error, bad encryption (esp any encryption described as ‘proprietary’), but the real unknown is what kind of firepower various governments have at their disposal. It would be interesting to know how the emails were encrypted – a few more details on that and it could be viable to estimate what kind of number crunching 007 has over there.