Sunday, October 29, 2017

Understanding Metadata

NISA 2017 - UNDERSTANDING METADATA - WHAT IS METADATA, AND WHAT IS IT FOR? is available. Surprisingly, not read anywhere else that this update was out, being that it is a highly relevant subject to digital (mobile, computer, audio, etc.) forensics.
http://www.niso.org/apps/group_public/download.php/17446/Understanding%20Metadata.pdf

Android CDD

As of the 1st September 2017 Android published their updated Compatibility Definitions Document version 8.

9.8.1 . Usage History - Android stores the history of the user's choices and manages such history by UsageStatsManager . Device implementations: [C-1 -1 ] MUST keep a reasonable retention period of such user history. [SR] Are STRONGLY RECOMMENDED to keep the 1 4 days retention period as configured by default in the AOSP implementation.

See also: 9.9. Data Storage Encryption, 9.9.2. File Based Encryption, 9.9.3. Full Disk Encryption,
https://source.android.com/compatibility/android-cdd.pdf

Face Recognition

Following Apple's Face ID launch this is one of those hot topics at the moment. This technology is not without its sceptics and questions still remain whether it can become full proof. In today's world, that is a big ask.

I have collected some bits and pieces worth reading.

Apple's September 2017 paper on face ID and security - [https://images.apple.com/business/docs/FaceID_Security_Guide.pdf]

Kairos produce a useful comparison chart of facial recognition services[https://www.kairos.com/blog/face-recognition-kairos-vs-microsoft-vs-google-vs-amazon-vs-opencv]

The Guardian Newspaper published an article of Samsung's flawed Iris scanner - [https://www.theguardian.com/technology/2017/may/23/samsung-galaxy-s8-iris-scanner-german-hackers-biometric-security]

New research proposal just out 'Bypassing 3D Facial Recognition Authentication on Mobile Devices' - [https://www.os3.nl/_media/2017-2018/courses/ssn/projects/ssn_proposal_01.pdf]

NCSC Cyber Security: Small Business Guide

Cyber security can feel like a daunting challenge for many small business owners. But it needn’t be. Following the five quick and easy steps outlined in this guide could save time, money and even your business’ reputation.

https://www.ncsc.gov.uk/smallbusiness

National Crime Agency - Suspicious Activity Reports (SARs) 2017

A lot of good work being achieved by the NCA.

http://www.nationalcrimeagency.gov.uk/publications/suspicious-activity-reports-sars/826-suspicious-activity-reports-annual-report-2017/file

Threema - white paper

Latest white paper Sept 2017

https://threema.ch/press-files/2_documentation/cryptography_whitepaper.pdf

Threema-iTunes
 
Threema is the world’s favourite secure messenger and keeps your data out of the hands of hackers, corporations and governments. Threema can be used completely anonymously, allows to make end-to-end encrypted voice calls, and offers every feature one would expect from a state-of-the-art instant messenger.

Useful for running lab tests.
https://itunes.apple.com/gb/app/threema/id578665578?mt=8

Childrens' Smart Watch Tracking Movements

Is a stranger hacking your child's smart watch? Warning that loopholes in the devices are being targeted to track youngsters' movements.

Daily Mail Science Tech Article 4991102

Mobile Data Traffic 2016-2021


Very Low Cost Training $99.00 - US Marketplace

Just been reading a post from Dennis Carroll Special Agent / Law Enforcement Instructor about some very low cost training in the States

"The Fox Valley Technical College in partnership with the National Criminal Justice Training Center (NCJTC) have approved my three day cellular device investigations course. The first course is being offered in Appleton Wisconsin in December as a pilot and then throughout the US as requested. The FVTC and NCJTC have obtained a grant to lower the cost of this course to $99. This is the lowest price you will find for a three day comprehensive cellular device investigation course. There is a link to request this course at your host agency on the link below. Please share if you would."
https://ncjtc.fvtc.edu/training/details/TR00005533/TRI0005534/cellular-device-investigations

5G in Five Minutes

New Cyber Report recognises legal actions

June 2015 I sketched foreseen legal actions impacting on cybercrime. I posted a diagram-infographic in Feb 2016 "LEGALLY SPEAKING – OBSERVATIONS CHART FOR JUDGES BARRISTERS AND SOLICIT0RS" - http://trewmte.blogspot.co.uk/2016/02/threatware-legally-speaking.html.

I am pleased to see that ETSI (European Telecommunications Standards Institute) have also picked up on my themes in their 2017 published technical report (TR) CYBER; Implementation of the Network and Information Security (NIS) Directive ETSI TR 103 456 V1.1.1 (2017-10) with reference to Contract, Tort and Crime.