Digital Forensics & E-Discovery

I read the book Techno Security’s Guide to E-Discovery & Digital Forensics by Jack Wiles to research this post, which is an excellent book which I bought from kindle. This book is a great introduction to the field of digital forensics although it’s done from an american perspective & I am english. It even suggests the equipment and software you need if you are just starting out. It’s a shame there isn’t a section suggesting open source software you can use although I think most laboratories use software like paraben & encase which are commercial software. There is an extensive section in this book on how people retrieve other users passwords. You can enter a term like shoulder surfing or war driving into google and finds lots of examples. If you are a commercial organisation your biggest threat comes from disgruntled employees. If they want to do serious damage they will try to find the administrators password. A lot of potential trouble makers just watch as he is typing in his password and try to memorize it. Thankfully your password isn’t displayed when you type it. Sometimes people put a keylogger either in the form of software or hardware to capture passwords and user names. Your user name should be difficult to guess if possible and is another line of defence. A hacker can usually crack your password in a few hours but if he has to try and work out your user name as well hopefully he will give up. If someone is trying to crack your password by war driving you will see a list of failed attempts to access your account in the event viewer.

Identity Theft

The book I read to research this post was Identity Theft Inc by Glenn Hastings et al which is an excellent book which I borrowed from the library. This book is written by a couple of identity thieves & tells you everything you need to know I think it’s the best book on the subject I have read. This is intended for information purposes only. On a simple level a simple scam is to have a friend who has a credit card you use their credit card to buy stuff. The stuff is sent to a place you rent under a false name. At the end of the month when your friend gets their statement they say the payment is fraudulent & don’t know anything about it & claim their money back. Another system is to give you the card let you buy stuff with it & an hour later report it stolen. When renting a flat for the stuff to go to you can use friends for references.  If you order stuff by phone most businesses can trace the call so you should probably use a payphone & definitely shouldn’t lie about your location. If you are looking for people with an excellent credit record use a service like Experian. Arizona is the world capital of online fraud partly because it has a rapidly expanding population & because it has a lot of methamphetamine addicts. Also a lot of people who are high on drugs in the early hours of the morning find it ideal to go through other peoples garbage looking for things like unused chequebooks which they can use for fraudulent activity.