External figures of Spanish Data Protection Act (LOPD)

(Editor note: This post is relative to the Spanish Data Protection Act or LOPD. Although LOPD is based on the 95/46/CE directive it may not be fully applicable to other countries inside the EU, so several sentences have been modified or eliminated.)... Leer Más

Safe Delete Meterpreter Module

It has recently been added to Metasploit (master branch) a module that can be interesting to delete files downloaded in a victim computer thru a meterpreter session.... Leer Más

Android Log Forensics

The introduction of the Android operating system in mobile devices is growing at a overwhelming speed. Latest data point shows that 1.3 million Android devices are activated every day (Spanish). If Android maintains this pace, in just 4 years there will be more Google systems in operation than Windows systems. Therefore, the study of the security of Android is necessary and in security, an interesting and important area is the forensic study.

A forensic analyst must be able to extract the maximum available information from the device. Depending on the purpose of the research, s/he will focus on extracting different types of data. For example, a researcher who analyzes a possible malware-infected smartphone need processes in memory, active connections, the inbound and outbound traffic, while in the analysis of a mobile phone whose owner is suspected of a crime, it will look for data that could help the investigation to provide evidence, such as calls, emails, GPS position, photos, chat history, etc.

There area several methods to extract information from an android device: RAM memory dump, NAND memory image, external memory SD-card data and hot extraction data. Today’s post focuses on recovering data by using the Android system’s own commands, and more specifically, the logs generated by the system.

[Read more…]

TCPdump DROP privileges

I’m sure many of you know tcpdump and use it frequently. As we all know when it is run without privileges to capture packets on a network interface it displays the following message:

$ /usr/sbin/tcpdump -i eth0
tcpdump: eth0: You don't have permission to capture on that device
(socket: Operation not permitted)

[Read more…]

SOX. A brief introduction.

I do not know how deep is your memory, but the reader will probably remember the name of Enron, an energy company that became world famous thanks to an accounting fraud scandal that implicated George W. Bush in late 2001, and affected seriously the known auditing firm Arthur Andersen. Perhaps Worldcom name is also familiar, company that filed for bankruptcy and holds the dubious title of being today the largest bankruptcy case in U.S. history (excuse my lack of technical financial and/or legal vocabulary); Enron is second on the podium. Beyond these two famous cases, you may be not know that Tyco and Xerox were also involved in similar scandals, and that there are many more.... Leer Más