Technology Assisted Research

The book I read to research this post was Insider’s Guide To Technology Assisted Research by Ernst & Young which is a very good book that I bought from kindle. This book is mainly reviewing the many messages and e-mails on various devices for legal purposes. It is mainly done from the American legal system point of view. It is around 100 pages so is reasonably short. I think this book is written by a company that specializes in this field. In another book I read that the potential use and number of devices needing to be checked is hugely overstretching the resources available. In many items which might disprove or prove a case or even lead to other prosecutions go unchecked. If you just think of the number of e-mails which are on a typical account and the potential cost of checking which if it is only a minor offence someone is accused of it isn’t worth it. In many cases keyword searches are done to keep costs down which as both agree is a good compromise. The methods used in retrieving data unless the defense think something is wrong often aren’t examined in a lot of detail in court. There is also the hassle especially in corporate cases that things like e-mail might need to be translated. If it say french or german the cost of getting a legal person who is fluent in this is relatively low and they are relatively plentiful. A problem comes say if the language is Japanese which is fairly commonly used but a legal translator is harder to find hence more expensive. This is an interesting book and I do recommend. I find digital forensics in general quite interesting although I know a lot of people would find it boring.

 

Forensic Science

The book I read to research this post was Forensic Science A Very Short Introduction by Jim Fraser which is a very good book that I bought from kindle. This book is part of a series of around 300 books where they get an expert to write around 130 pages on a given subject. The books tend to be pretty good. Forensice scienc is usinjg scientific means mostly analyzing stuff to solve crime. Every contact leaves a trace of one sort or another. In Britain all the forensic science labs are private companies. This has caused controversy over people thinking they exist to make a profit and don’t necessarily adhere to the highest standards. Opponents to this view say look at the high standards of the airline industry. In countries like America they have both private and publicly owned labs. Programs like CSI have made Forensic Science more popular than ever. There are now courses and more students studying it than any time previously. TV programs sometimes make false assumptions about Forensic Science which is bit of a touchy point and potentially it could even affect how juries respond in court cases. Many professionals including police officers and lawyers don’t fully understand forensic science and how it pertains to a particular case. Fingerprinting has been around a long time but one controversial aspect is if there is a tiny fragment of a fingerprint is it still admissible as evidence. In Britain they use the 16 point system to designate if it is usable. I thoroughly enjoyed reading this book and would recommend it.

Hacking

The book I read to research this post was Hacking For Dummies 4th edition which is a very good book which I read at http://safaribooksonline.com. This book is primarily about ethical hacking which is checking computers and computer networks for vulnerabilities. Any computer won’t be totally invulnerable to hacking but the trick is to make it so difficult and time consuming it’s not worth it. With most computer networks hackers don’t bother hacking the password with a password cracker program instead they resort to dumpster diving or social engineering. Dumpster is diving in the potential victim’s trash to see what you can find. It’s amazing what people don’t shred. Social engineering normally takes the form of someone phoning the company helpdesk and pretending they are an employee who has lost his password or pretend they are the computer repair men, there to repair one of the servers. In many companies the helpdesk is situated a distance from the entrance enabling anyone to walk in at busy times unnoticed. A hacker will often use a packet sniffer like wireshark to look at the traffic going to and from your server prior to the attack. Wireshark is free but not as easy to use as some commercial programs. For the actual cracking the password a program like Cain And Able or John The Ripper are the 2 best known. An important point is employees should have the screensaver enabled to come on when the system is not being used and should require the password for the user to log back in. Interestingly 80% of security breaches come from employees and former employees. One nightmare for many companies is the number of digital cameras and smartphones brought onto company premises each capable of photographing anything on a computer screen. Most companies don’t take this problem as seriously as they should. In the back of this book it lists loads of resources in connection with hacking even a phishing toolkit which I assume has dark motives. I really enjoyed this book and I think it’s obvious it is an interesting subject. One final point is you might moan about the cost of securing your computer or network but if it gets breached the cost is likely to be much higher. That’s especially true if you are a company or organization.