NISA 2017 - UNDERSTANDING METADATA - WHAT IS METADATA, AND WHAT IS IT FOR? is available. Surprisingly, not read anywhere else that this update was out, being that it is a highly relevant subject to digital (mobile, computer, audio, etc.) forensics.
http://www.niso.org/apps/group_public/download.php/17446/Understanding%20Metadata.pdf
Sunday, October 29, 2017
Android CDD
As of the 1st September 2017 Android published their updated Compatibility Definitions Document version 8.
9.8.1 . Usage History - Android stores the history of the user's choices and manages such history by UsageStatsManager . Device implementations: [C-1 -1 ] MUST keep a reasonable retention period of such user history. [SR] Are STRONGLY RECOMMENDED to keep the 1 4 days retention period as configured by default in the AOSP implementation.
See also: 9.9. Data Storage Encryption, 9.9.2. File Based Encryption, 9.9.3. Full Disk Encryption,
https://source.android.com/compatibility/android-cdd.pdf
9.8.1 . Usage History - Android stores the history of the user's choices and manages such history by UsageStatsManager . Device implementations: [C-1 -1 ] MUST keep a reasonable retention period of such user history. [SR] Are STRONGLY RECOMMENDED to keep the 1 4 days retention period as configured by default in the AOSP implementation.
See also: 9.9. Data Storage Encryption, 9.9.2. File Based Encryption, 9.9.3. Full Disk Encryption,
https://source.android.com/compatibility/android-cdd.pdf
Face Recognition
Following Apple's Face ID launch this is one of those hot topics at the moment. This technology is not without its sceptics and questions still remain whether it can become full proof. In today's world, that is a big ask.
I have collected some bits and pieces worth reading.
Apple's September 2017 paper on face ID and security - [https://images.apple.com/business/docs/FaceID_Security_Guide.pdf]
Kairos produce a useful comparison chart of facial recognition services[https://www.kairos.com/blog/face-recognition-kairos-vs-microsoft-vs-google-vs-amazon-vs-opencv]
The Guardian Newspaper published an article of Samsung's flawed Iris scanner - [https://www.theguardian.com/technology/2017/may/23/samsung-galaxy-s8-iris-scanner-german-hackers-biometric-security]
New research proposal just out 'Bypassing 3D Facial Recognition Authentication on Mobile Devices' - [https://www.os3.nl/_media/2017-2018/courses/ssn/projects/ssn_proposal_01.pdf]
I have collected some bits and pieces worth reading.
Apple's September 2017 paper on face ID and security - [https://images.apple.com/business/docs/FaceID_Security_Guide.pdf]
Kairos produce a useful comparison chart of facial recognition services[https://www.kairos.com/blog/face-recognition-kairos-vs-microsoft-vs-google-vs-amazon-vs-opencv]
The Guardian Newspaper published an article of Samsung's flawed Iris scanner - [https://www.theguardian.com/technology/2017/may/23/samsung-galaxy-s8-iris-scanner-german-hackers-biometric-security]
New research proposal just out 'Bypassing 3D Facial Recognition Authentication on Mobile Devices' - [https://www.os3.nl/_media/2017-2018/courses/ssn/projects/ssn_proposal_01.pdf]
NCSC Cyber Security: Small Business Guide
Cyber security can feel like a daunting challenge for many small business owners. But it needn’t be. Following the five quick and easy steps outlined in this guide could save time, money and even your business’ reputation.
Threema - white paper
Latest white paper Sept 2017
https://threema.ch/press-files/2_documentation/cryptography_whitepaper.pdf
https://threema.ch/press-files/2_documentation/cryptography_whitepaper.pdf
Threema-iTunes
Threema is the world’s favourite secure messenger and keeps your data out of the hands of hackers, corporations and governments. Threema can be used completely anonymously, allows to make end-to-end encrypted voice calls, and offers every feature one would expect from a state-of-the-art instant messenger.
Useful for running lab tests.
https://itunes.apple.com/gb/app/threema/id578665578?mt=8
Useful for running lab tests.
https://itunes.apple.com/gb/app/threema/id578665578?mt=8
Childrens' Smart Watch Tracking Movements
Is a stranger hacking your child's smart watch? Warning that loopholes in the devices are being targeted to track youngsters' movements.
Daily Mail Science Tech Article 4991102
Daily Mail Science Tech Article 4991102
Very Low Cost Training $99.00 - US Marketplace
Just been reading a post from Dennis Carroll Special Agent / Law Enforcement Instructor about some very low cost training in the States
"The Fox Valley Technical College in partnership with the National Criminal Justice Training Center (NCJTC) have approved my three day cellular device investigations course. The first course is being offered in Appleton Wisconsin in December as a pilot and then throughout the US as requested. The FVTC and NCJTC have obtained a grant to lower the cost of this course to $99. This is the lowest price you will find for a three day comprehensive cellular device investigation course. There is a link to request this course at your host agency on the link below. Please share if you would."
https://ncjtc.fvtc.edu/training/details/TR00005533/TRI0005534/cellular-device-investigations
"The Fox Valley Technical College in partnership with the National Criminal Justice Training Center (NCJTC) have approved my three day cellular device investigations course. The first course is being offered in Appleton Wisconsin in December as a pilot and then throughout the US as requested. The FVTC and NCJTC have obtained a grant to lower the cost of this course to $99. This is the lowest price you will find for a three day comprehensive cellular device investigation course. There is a link to request this course at your host agency on the link below. Please share if you would."
https://ncjtc.fvtc.edu/training/details/TR00005533/TRI0005534/cellular-device-investigations
New Cyber Report recognises legal actions
June 2015 I sketched foreseen legal actions impacting on cybercrime. I posted a diagram-infographic in Feb 2016 "LEGALLY SPEAKING – OBSERVATIONS CHART FOR JUDGES BARRISTERS AND SOLICIT0RS" - http://trewmte.blogspot.co.uk/2016/02/threatware-legally-speaking.html.
I am pleased to see that ETSI (European Telecommunications Standards Institute) have also picked up on my themes in their 2017 published technical report (TR) CYBER; Implementation of the Network and Information Security (NIS) Directive ETSI TR 103 456 V1.1.1 (2017-10) with reference to Contract, Tort and Crime.
I am pleased to see that ETSI (European Telecommunications Standards Institute) have also picked up on my themes in their 2017 published technical report (TR) CYBER; Implementation of the Network and Information Security (NIS) Directive ETSI TR 103 456 V1.1.1 (2017-10) with reference to Contract, Tort and Crime.
Sunday, October 08, 2017
Subscribe to:
Posts (Atom)