About Adam M. Erickson

Geek, Dad, Life-Student, Biker & DIY Enthusiast Application Developer Attended Ferris State University Lives in Muskegon, MI

Digital Forensics

 forensics              Reviewing the concept of anti-forensics, which can be described as being:  “…more than technology. It is an approach to criminal hacking that can be summed up like this: Make it hard for them to find you and impossible for them to prove they found you” (Berinato, 2007).  The ultimate fear is that the rise of anti-forensics tools and techniques could make any data collected suspect, and that it jeopardizes the validity of any forensic investigation (or at least makes them so cost-prohibitive that they will seldom be feasible).  Throughout this paper we will look at what these tools and techniques are – from new developments in the field intended to conceal illegal activity to traditional anti-forensic methods to wipe data when old equipment is sold or no longer needed.  We will likewise examine the potential impact to the future of forensic investigations, as this could make the probability of a conviction extremely low.

Case studies

     After painstakingly searching several sites in the attempts to find documentation of successful anti-forensics stories and tools that were used, attempt came up pretty empty. While there are a few stories that share how people have tried to fool digital forensic experts, the fact is that no one is going to report that they were successful in fooling digital forensic investigators because they want to be able to fool them again in the future. Even the digital forensic investigators are not willing to relinquish case stories on what they found and the conclusions that they were able to come to so that they can stay an expert in their field. Some of the following stories were what I was able to find. If you ever find any interesting stories like explosives rigged into computers, or magnetic doorways, I would be interested to hear about it. Lastly I included information on how anti-forensics could be useful for personal use, in order to keep your personal information safe.

     With the amount of digital forensic cases that have been posted after the initial commencement date of this research paper, suggests that the amount of information that will be available within the next year will be an exponential growth from the amount that is available at present.

     Additionally I have come to the conclusion from reading several discussions and online expert opinions that while EnCase is the chosen digital forensic tool of use to get a broad overview of the file system, it is only one of the primary tools in an arsenal of tools that usually has a few other tools dropped into the mix and only through suggestions of peers and trial and error will you be able to decide what are the best tools for you to use.

     Just like some people to use torrents to collect illegal free music, movies, and books, pedophiles are using the same technology to spread child pornography to other pedophiles. The city of Trenton, N.J. tracked the digital fingerprints of pornographic pictures as they left one person’s computer and followed it to the next IP address and was willing to follow pictures for a total of 27 adults. One of the adults was arrested promptly before the others when officers found out he lived above a daycare facility.

     Out of the 100 state troopers and 3 months of hard work, the time came to collect the computers from the felons and extract the digital forensics necessary to convict the 27 individuals for the federal offense of either creating or having possession of child pornography. The traceable factor was the electronic watermark that was imprinted on each image. Making each image traceable on individual’s computers and also the routes the images would take on the internet. Artifacts were left on computers that were proof that the images were downloaded and viewed even if the images were deleted, just like a fingerprint on a murder weapon, it should be easy to convict each person.

The most anti-forensic material that was used by one of the culprits was heavy duty magnets that were installed in the shoes to erase the hard-drive of incriminating evidence. Yet with all the networking detective work, the magnets in the shoes probably just helped proof his guilt.

     Because the images were shared on a peer-to-peer network, every person involved in the arrest will not only be charged with possession of child pornography but also of distribution of child pornography because most torrent downloads automatically start uploading to other users who request the same data(Fletcher, 2012).

     30 year old Higinio O. Ochoa, a member of the hacker group Cabincr3w an offshoot of anonymous, was arrested after he posted an image of his girlfriend from an iPhone to Twitter. What he neglected to take into account was the GPS tagging EXIF metadata that was imprinted on the image. When the FBI viewed the metadata on the image, it effortlessly pointed to his girlfriend’s house in the outer-Melbourne area. Because of the image, I cannot post the actual image to this research paper but I can tell you that there was a message on it that his girlfriend was displaying, it read, “PwNd by W0rmer & cabinCr3w <3 u B(commented out)’s!”. All EXIF data had been wiped from the photos posted online.

     I was not able to find any current digital forensics tools that would look for coded messages, just encrypted messages. One helpful post I found from a digital forensics expert suggests that by using Unicode escape sequence messages, that you could possibly circumvent most digital forensic tools, unless it is a professional smart enough to check for the. For an example, \u0048 \u0045 \u004c \u004c \u004f , spells out HELLO.

     Fortunately there are people that are trying to close the gap for digital forensic tools lie Pavel Gladyshev of the UCD School of Computer Science and Informatics located in Texas, is working on a project to develop tools that will not only search for raw binary data for keywords but also search for possible character encoding to include ASCII, UTF-8, UTF-16, and UTF-32 that might have escape sequences embedded in it.

Anti-forensics for Your Protection

     Some people might jump to conclusions that by using anti-forensics to protect your information imply that you’re trying to hide illegal information. That is not always the case, sometimes it is useful to use anti-forensic tools in ordinary daily activities to protect against malware that targets devices like smartphones (Storm, 2011). Take for example the mobile forensic solutions offered by the company Cellebrite that are able to extract deleted data from all smartphones and tablets. While most information gleaned is produced from a hardwired connection, it is possible for devices to attach wireless through infrared or Bluetooth signal. The ability to access data remotely from a smart device makes forensic devices dangerous for the general populace because they may be used for criminal activity or spying (Bloomberg 2012).

      Companies like WhisperSystems (www.whispersys.com), make it a little bit harder for government and criminals alike to easily take data from your smart device by providing full disk encryption, network security tools, encrypted backup to the cloud, and selective permissions. Not only will anti-forensics software encrypt you data but it can also encrypt your text messages and voice calls if the other person is using the same software, if they are not it will still encrypt the data on your phone. This protection is not just necessary from a direct attack but also by malware that might disguise itself as an application you really want on you device.

    In the near future, I will be testing mobile digital forensic tools at Ferris State University and will test to see how well at least one of the free anti-forensic tools work during class and plan to come back and add more on forensics and security.

Reference

Berinato, S. (2007, June 8). The rise of anti-forensics. Retrieved from http://www.csoonline.com/article/221208/the-rise-of-anti-forensics

Bloomberg Government, (March, 2012) IPhones to BlackBerrys Cracked by Cops Using Digital Forensics. Cellebrite mobile data secured. Retrieved 4/18/2012. From http://www.cellebrite.com/news-and-events/mobile-data-news/335-iphones-to-blackberrys-cracked-by-cops-using-digital-forensics.html

Fletcher, J. (April, 2012). N.J. investigators track digital ‘fingerprints’ on shared images to nab child pornographers. The republic of Columbus Indiana. Retrieved 4/18/201, from http://www.therepublic.com/view/story/CPT-CHILDPORN_7786030/CPT-CHILDPORN_7786030/

 

Critical Chain Safety

Critical ChainSafety is a necessary CYOA mentality that most project managers need projects can finish on time. Trying to balance time management with resources needed is what it is all about and can be summed up in 3 steps; planning, execution, and monitoring.

1. Planning:

Two durations are entered for each task: a “best guess,” or 50% probability duration, and a “safe” duration, which should have higher probability of completion.

Resources are then assigned to each task, and the plan is resource leveled using the 50% estimates. The longest sequence of resource-leveled tasks that lead from beginning to end of the project is then identified as the critical chain. The justification for using the 50% estimates is that half of the tasks will finish early and half will finish late, so that the variance over the course of the project should be zero.

Recognizing that tasks are more likely to take more rather than less time due to Parkinson’s Law “Work expands to fill (and often exceed) the time allowed.”, Student syndrome, or other reasons, “buffers” are used to establish dates for deliverables and for monitoring project schedule and financial performance. The “extra” duration of each task on the critical chain—the difference between the “safe” durations and the 50% durations—is gathered together in a buffer at the end of the project. In the same way, buffers are gathered at the end of each sequence of tasks that feed into the critical chain.

2. Execution:

When the plan is complete and the project ready to start, the project network is fixed and the buffers size is locked. With no slack in the duration of individual tasks, the resources on the critical chain are exploited by ensuring that they work on the critical chain task and nothing else; multitasking is eliminated. People should be focused on completing the assigned task as quickly as possible, with no distractions.

Because task durations have been planned at the 50% probability duration, there is pressure on the resources to complete critical chain tasks as quickly as possible, overcoming student’s syndrome and Parkinson’s Law.

3. Monitoring:

In some ways is, the greatest advantage of the Critical Chain method. Because individual tasks will vary in duration from the 50% estimate, there is no point in trying to force every task to complete “on time;” estimates can never be perfect. Instead, we monitor the buffers that were created during the planning stage. If the rate of buffer consumption is low, the project is on target. If the rate of consumption is such that there is likely to be little or no buffer at the end of the project, then corrective actions or recovery plans must be developed to recover the loss. When the buffer consumption rate exceeds some critical value (roughly: the rate where all of the buffer may be expected to be consumed before the end of the project, resulting in late completion), then alternative plans need to be implemented.

 

REFERENCE

Critical Chain Project Management – Wikipedia, the free encyclopedia 6/19/2012

http://en.wikipedia.org/wiki/Critical_Chain_Project_Management

Goldratt, Eliyahu M. : Critical Chain, North River Press, Great Barrington, MA. 1997

Open Source Software in Digital Forensics

The purpose of this research paper is to research information on open source digital forensic tools that are assess-able for free, usually online. To review types of digital forensic tools available and what they do. The basic definition of what open source and digital forensics is will be defined, and how Open Source Software (OSS) digital forensic tools can help accomplished data retrieval. The pros and cons of why OSS should be considering as a viable digital forensic tool-set is also covered.

Digital Forensics and Incident Response and Tools

Digital forensics and Incident Response (DFIR) is the method of investigating and analyzing data information for the purpose of presenting, an ordered report that shows a chain of evidence to find out what happened on a computer and who was responsible, to a court of law. SearchSecurity. (September 2004). DFIR is being more commonly used as more and more people use computers in their daily life, from smart phones, game stations, and laptops. DFIR can help convict anyone of any crime that involved a computer, wither it is prostitution, child pornography or a white collar crime like embezzlement.

DFIR Tools are the free and proprietary applications used by DFIR experts to retrieve the results to hand over to the legal system. They allow investigators the ability to examine the contents of the hard drive without making changes to the data held within. Information that is retrieved can come from deleted files, encrypted, or damaged files SearchSecurity. (September 2004).

Open Source Software

[fusion_builder_container hundred_percent=”yes” overflow=”visible”][fusion_builder_row][fusion_builder_column type=”1_1″ background_position=”left top” background_color=”” border_size=”” border_color=”” border_style=”solid” spacing=”yes” background_image=”” background_repeat=”no-repeat” padding=”” margin_top=”0px” margin_bottom=”0px” class=”” id=”” animation_type=”” animation_speed=”0.3″ animation_direction=”left” hide_on_mobile=”no” center_content=”no” min_height=”none”]

Open Source

Some things are priceless.

Open Source Software (OSS) is a set of practices used to collaborate with software source code that has been made freely available through copywriting laws. It is also commonly known as FOSS (Free Open Source Software), although most OSS is free, not all is but for this research paper I will be covering mostly the free version of OSS. Individuals separated can come from diverse cultural, corporate boundaries, language and other characteristics in order to work together to create complex, non-proprietary software. Software is open sourced when it is free to redistribute, the source code is redistributed with it as well as in compiled mode. The open source licensing was created to make the source code of a program readily available to anyone that requests it. By making the source code available for anyone, it helps in developing stable software because the whole community is able to create changes and redistribute their own version of the software. Open source software protects the original author of the software, does not discriminate in anyway on how it can be used, cannot be specific to a product or software, cannot restrict other software and has to be technology neutral (open source, n.d.). There are several variants of the open source licensing contract that can be reviewed at opensource.org (http://www.opensource.org/licenses/category).

Some of the more widely known open source licenses cover the GNU(Graphic environment of sever Linux desktops), Mozilla (Firefox, Thunderbird), MIT, BSD (like Unix), and Eclipse (Eclipse IDE). Because of the lack of dependency on software vendors, open source software allows the software to transform and morph into potentially anything the users and developers need the software to do. It gives users the freedom to use it when they want, how they want and on their own terms.

Why OSS DFIR Tools

Open Source digital forensic tools addresses specific gap in forensic capabilities of proprietary DFIR tools.  The tools range for analyzing memory dumps, disks, network traces, cell phones, and memory images from game consoles. Besides the fact that some of the tools focus on one specific area of digital forensics of the incident response building, make them invaluable to some investigators who find the complete packaging of some DFIR proprietary tools cumbersome and lacking in some areas.

Financially, companies and governments are always looking for ways to cut budget costs that is the same for DFIR investigators trying to find work. An investigator using DFIR tools can offer a lower price to customers than a person that has to forward the expensive cost of proprietary tools to the customer. Even law enforcement that has an easier time justifying expenses to budget reports in other departments like traffic enforcement, and drug trafficking. Because of the high cost involved in proprietary applications, the follow up cost for updates may be neglected, leaving the software antiquated and not viable in future investigations.

Legally procedures for finding digital evidence need to be defended in court as being testable, published under peer review, show the possible error rate, and are marginally accepted in the relevant scientific community. Because proprietary tools are closed source and the companies offering the tools do not what to acknowledge mistakes in their software, it makes a case all by itself for choosing OSS digital forensic tools during investigation. OSS allows the source code to be evaluated, tested and error rates to be traced. OSS tools are also greatly accepted by the DFIR community (Carrier, 2002). As Brian Carrier, (Carrier, 2002) reported, “The digital forensic market should not be approached in the same way that other software markets are. The goal of a digital forensic tool should not be market domination by keeping procedural techniques secret.” While Carrier may be a little bias since he developed most of the code in Sleuth Kit, Autopsy, and mac-robber, his experience in digital forensic just proves the fact that it is important to keep OSS DGIR tools in mind.

Counterproductive to this paper, it is important to note that there usually is a larger learning curve when dealing with OSS DFIR tools since some run from command prompts and from Nix (Linux, Unix, BSD) operating systems. Also since they usually focus on one component of DFIR, it requires several different applications that need to be tied together to build a report. Because some of the tools take a lot of time to college and arrange data for a report it is sometimes better to use in a lab then in the field.

Conclusion

While open source digital forensic  tools are abound, and you can take advantage of all of them while  avoiding paying fees for commercial products, there are several good commercial tools that are available also. Because digital forensics is such a vast field of study, it is important to not rely on just one set of tools and to research and test other methods to discover and fight anti-forensics.

Good luck with any future digital forensic test cases you attempt, please make sure that it is done ethically and legally.

More information on OSS DFIR tools can be found at sites like IEEE, open source references at the National Institute of Technology (NIST), the National Software Reference Library (NSRL) form NIST, and government studies and college studies on OSS alternatives in DFIR. Additionally there is a growing amount of information from personal websites and OSS developers on DFIR that may be useful. I totally agree with Schneier (2010), that we, “would encorage everybody to download and learn the tools not just because they can do forensics but because most of them can also be used for other things such as finding things in memory and hard drives that should not be there which many AV tools cannot do and to help put systems back together again.”


Future Note: I plan to compare and contrast some of the more common tools that I will continue to study.References

References

Carrier B, (2012). Slueth Kit. Retrieved 4/15/2012. From http://www.sleuthkit.org/sleuthkit/index.php

Cmihai. (October 2007). UNIX System Administration: Solaris, AIX, HP-UX, Tru64, BSD. Retrieved 4/27/2012, from http://blog.boreas.ro/2007/10/digital-forensic-tools-imaging.html

DFF (n.d.) Open Source Digital Investigation Framework. Retrieved 4/17/2012, from http://www.digital-forensic.org/

Forristal, J., Shipley G.. January 8, 2001. Vulnerability Assessment Scanners. Network Computing. http://www.nwc.com

LinuxLinks (n.d.) 6 of the Best Free Linux Digital Forensics Tools, retrieved 4/5/201. From http://www.linuxlinks.com/article/20110115103656314/DigitalForensics.html

Nikkel, B. (June 2012) Practical Computer Forensics using Open Source tools, retrieved 4/23/2012, from www.digitalforensics.ch/nikkel08.pdf

Open Source. (n.d.) The Open Source Definition. Open Source Initiative. Retrieved from http://www.opensource.org/docs/osd

Open Source Digital Forensics (n.d.) Tools, retrieved 4/5/2012 

Schneier B.. (December 2010), Open Source Digital Forensics. Retrieved 4/6/2012. From

SearchSecurity. (September 2004). computer forensics (cyberforensics). Retrieved 5/4/2012. From http://searchsecurity.techtarget.com/definition/computer-forensics

[/fusion_builder_column][/fusion_builder_row][/fusion_builder_container]

Geographic Systems in Business

Geographic Information System (GIS) started out as just a proprietary system that used its own standards into a position of using technology standards and technology-based standards to be accepted by the IT community as another form of information technology that could help manage business. It has become one of the newer emerging Business Intelligence (BI) areas that, “has now become a full IT system for integrating all sorts of scientific and geographic information into all human activities” (Mitchell, 2009, p. 2).

[fusion_builder_container hundred_percent=”yes” overflow=”visible”][fusion_builder_row][fusion_builder_column type=”1_1″ background_position=”left top” background_color=”” border_size=”” border_color=”” border_style=”solid” spacing=”yes” background_image=”” background_repeat=”no-repeat” padding=”” margin_top=”0px” margin_bottom=”0px” class=”” id=”” animation_type=”” animation_speed=”0.3″ animation_direction=”left” hide_on_mobile=”no” center_content=”no” min_height=”none”]

GIS layered

Geographical Information Systems

A GIS implements computers to capture data on all forms of geographical referenced information and manages the data for analyses. Visual data produced by GIS systems can be used to show relationships, patterns and trends by reports that can either be shown on a map or in standard reports, graphs and charts. Several available programs can be obtained for free from sites, like opensourcegis.org, to incorporate into businesses Enterprise Resource Planner (ERP) to help develop a company’s business strategy/plan in banking, insurance, logistics, media, real estate, and retail. Corporations are not the only organizations that can/have benefit from a GIS. Government, educational and science, environment and conservation, natural resources and utility organizations can also benefit from implementing geographic information systems to learn best practice by collecting data dealing with Geo-location problem solving. “GIS is a powerful analytical tool. Its benefits to underwriting management are many, in helping to better underwrite risk and control hazardous and catastrophic exposures” (Picture, 2005, p. 10).
Benefits of GIS in BI has evolved to the point were we do not need to know who did what when and why but also solved the 5th piece of the puzzle, where it happened, also known as spatial technology. Gis.com describes several different uses that can be implemented using GIS. The basics of how GIS can be used is to map features on a map and to find patterns on how those features change to make better decisions in market research, by using quantities as a reference with location businesses in sales can easily be informed were there target market is located and which locations on a map have the highest densities for a chosen market segmentation. An additional feature is the ability to shift the location information by time and distinguish patterns in time. A good example would be how meteorologist use GIS to track global trends in weather in order to better predict weather in the future. The realization of how well GIS can help in business is apparent when global organizations like the World Bank make it a priority to “help countries develop national statistical capacity and help mobilize the expertise of the international statistical system” (World, 2011, para 2).
Data collection used for plotting points on a map use to mainly involve businesses questionnaires and government censuses were the primary way to collect data could be inaccurate because of the many steps it takes before the data is digitized and you still had to account for human error. The quality of data was not as accurate as current resources being applied today through smart phones, and other forms of computers that are connected to the Internet and constantly report location through the use of Internet Protocol (IP) addresses. Addition the use of Radio Frequency Identification (RFID) chips, satellites, scalable maps, aerial-photography and Global Positioning Systems (GPS), Geo-tagged pictures, and just about anything that moves have also been tied in with GIS to allowed for tracking of data that can be placed on a map with more accuracy through automation. Time accuracy of data is another quality issue that needs to be addressed. The world is always changing, you usually wouldn’t use last month’s weather report to go on a motorcycle ride, or you friends address from 20 years ago to send a post card. It is important to make sure that the data being used is up to date before making critical businesses decisions on it also.
Challenges and risks of deploying any BI environment process or tool are the same as it has been to deploy any form of decision making platform in the past several decades. Wither implementation is constrained by technical ability, human and financial resources or just the lack of coordination throughout an organization. There are traditional legalities being added to cover privacy rights as more and more Geo-data about consumers is being disseminated throughout the world. Privacy rights are being circumvented by added small disclosure rights to most software that has to be accepted before you can use a service providers services. One way an organization can save resources is to implement low cost external data that is readily available by companies like Google maps but it is a patchy solution and potentially could not be available in the future.
As a BI consultant I would recommend the use of geographic information for any larger company, in any industry, the larger the company the greater the needed to track spacial information in order to reduce risk in decision making. The technology in GIS has developed to the point were anyone can access the Internet and get a general view of spacial data for underwriting, man-made, environmental, infrastructure, facilities and especially in businesses were the sales by location can provide better information on policyholder, and can target potential clients.

References
A Picture is Worth a Thousand Words! (2005, December). Canadian Underwriter: Insurance Technology Guide 2006,10. Retrieved April 17, 2011, from ABI/INFORM Global. (Document ID: 974623161).
Mitchell, R.. (2009, July). Jack Dangermond. Computerworld, 43(24), 13-14. Retrieved April 17, 2011, from ABI/INFORM Global. (Document ID: 1821176221).
World Bank Aids Tanzania to Improve Quality of Statistical Data and Information. (2011, March 26). The Pak Banker. Retrieved April 17, 2011, from ABI/INFORM Global. (Document ID: 2302228461).

[/fusion_builder_column][/fusion_builder_row][/fusion_builder_container]

Sources of Data for Business intelligence

CassettesRaw data on its own is not very useful, it is just stacks of symbols, sounds, pictures, numbers or words. After data is collected the ability to connect the data, to give it relational meaning is when data becomes useful information. Information can answer questions of who, what, when and where. Once you see the relation in information you can start to see patterns in how the information changes through visual representations. Knowledge is gained from information when businesses can understand the changing patterns of information to answer questions on how items function in the real world; this is the main goal of business intelligence. Unless business information data compromises privacy or security, all data in every activity that can be observed and recorded will eventual become legally obtained business intelligence. Data acquisition helps in making informed business decisions by transforming information into graphs, charts, simulations or datasets to analyze trends and conclude on what businesses decisions should be made. Wither it is for a government or commercial business the optimal amount of data collection that is wanted is unlimited, because once you now everything about your target goal, you can begin to make the most accurate decisions.
Data Collection in Manufacturing
Managers want feedback from the manufacturing equipment they are in charge of, to monitor how machine processes are, how long the machine has been idle, and how many parts per shift have been produced. Equipment can be attached to machines that can monitor all aspects of physical change from several different points. Analog to digital converters can send the information to a management resource planner or process planner for real time updates on the total progress of a manufacturing plant. Events are monitored in real time for information that can help with corrective actions or adjust accountancy billing based on the amount of parts produced. Thousands of data points can be monitored each second for change on equipment, the several samples of variable changes are “critical to process inputs, even from multiple channels, as fast as possible. But there is more to it than that. Inputs must be processed and correlated so that the feedback loop can initiate changes earlier” (Varhol, 2006, para. 7).
Data entry from security entry ways within factories has also been tied into the billable hours for payroll and taxes, by using the same devices that scan your identification card to gain access to the company to also track when a employee logged in or out of work. So you know when personnel entered the building and when they started working to when they finished working and left the building. Their is several additional data points that that when entered and managed can help better manage personnel, production, billing and collections, sales management, customer care, marketing campaigns, supply chains, accounting, decision supports and any other business decisions. Information and data that is collected in a manufacturing company is obvious and usually serves an internal purpose. More and more companies are gleaning data that can be taken without people even realizing it and used for better advertisement.
Data for Online Marketing
More and more data every year is being amassed from companies over the internet. The use of smart phones has probably doubled or tripled the amount of data available for use in marketing campaigns. Websites, interactive applications, emails, and advertisements can incorporate cookies, pixel tags and web beacons to track individuals browsing behavior to better facilitate the effectiveness for advertising and search engine optimization. Online companies also try to track occupation, language, location, and unique device identifier of device when a product is used so that companies can better understand customer behavior and improve products, services, and advertising. Data gathered from Internet enabled devices also help to control the amount of times you see an Internet ad, to help display ads that are similar to your personal interests and help to monitor the effectiveness of an on-line ad campaign. The most recent data mining craze is storing your personal location using the global positioning system (GPS) and your phone.
Wireless Data Collection
Your location is just as important as all the other data previously discussed. Apple even changed there privacy policies in 2010 so the companies “iPhone, iPad and Mac computers collect location information, but do so anonymously in batches and encrypt it before sending the data over a WiFi connection from the devices to Apple’s servers every 12 hours (Apple, 2010, para. 1). Apple’s admitted that the main reason for wanting to track location of there customers is to provide location based services.
More and more governments are pursuing locational data. Companies like Chevron have been able save millions in freight costs with “more efficient routing that cuts the number of hours and miles the boats travel” (Feldman, 2010, para. 3). Companies can also use location based web services and geospatial information systems (GIS) to decide where the next office or store should be built based on actual driving times and traffic patterns. Other companies are using GPS, RFID, and Wi-Fi technologies to control shipments and other logistics in supply chain management, local government can report problems instantly of time sensitive situations like a down power line, government workers can use smart phones to geo-tag a picture and send it to the main office so the correct department can be notified to fix the problem. The United Parcel Service uses GPS to report were your package is during transit and GPS can be used for just socially updating friends were they are by using applications like Foursquare, a social driven location sharing application.
Conclusion
Data collection is being used more in businesses and governments every year. It has saved money in production and shipping because of the ability to monitor production and shipping in real time. Marketing can be used to target individuals on-line and remember who you are for your visit. We have only scratched the surface on how business intelligence will develop in the future. Even small business can take advantages of some of the technology that was to expensive to consider just a decade ago because of the price drop in devices like smart phones and other technological advancements.

Reference
Apple Tells Congressmen it Batches Encrypts Location Data 411968. July 20, 2010 pNAeWeek, p.NA. Retrieved March 17, 2011, from Computer Database via Gale: http://0-find.galegroup.com.libcat.ferris.edu/gtx/start.do?prodId=CDB&userGroupName=lom_ferrissu
Feldman, J. (Nov 1, 2010). [fusion_builder_container hundred_percent=”yes” overflow=”visible”][fusion_builder_row][fusion_builder_column type=”1_1″ background_position=”left top” background_color=”” border_size=”” border_color=”” border_style=”solid” spacing=”yes” background_image=”” background_repeat=”no-repeat” padding=”” margin_top=”0px” margin_bottom=”0px” class=”” id=”” animation_type=”” animation_speed=”0.3″ animation_direction=”left” hide_on_mobile=”no” center_content=”no” min_height=”none”][Location Data] Here And Now. InformationWeek, 1284. p.53. Retrieved March 17, 2011, from Computer Database via Gale: http://0-find.galegroup.com.libcat.ferris.edu/gtx/start.do?prodId=CDB&userGroupName=lom_ferrissu
Varhol, P. (June 26, 2006). Advanced control designs are drowning in data. Electronic Engineering Times, p.39. Retrieved March 17, 2011, from Computer Database via Gale: http://0-find.galegroup.com.libcat.ferris.edu/gtx/start.do?prodId=CDB&userGroupName=lom_ferrissu

[/fusion_builder_column][/fusion_builder_row][/fusion_builder_container]

Tagged

BackTrack Open-Source Penetration Testing Tools

BackTrack for Open-Source Penetration Testing

BackTrack The purpose of this research paper is to research information on the open source tool BackTrack that is used for several network security testing and information systems security testing through various means, and focusing on penetration tools found in BackTrack. BackTrack has hundreds of very complex set of tools and only a few set in the penetration testing section will be covered. Definition of what penetration testing is, and how it can be accomplished using available tools in the BackTrack is discussed. And some of the more common tools are listed with brief explanations about what they do. The topic of why open source software is a great place to start when considering penetration tools is also covered. The only part about ethic that will be covered is the fact that if you attempt to use Backtrack against anyone without there permission it is unethical and depending on the test, it is most likely illegal also.

Backtrack

BackTrack is a Linux distribution that was created from a mix between WHAX and Max Moser’s Auditor Security Collection. Both distributions focused on penetration testing. WHAX had more features and Auditor was more of a stable system.

Auditor had a good Graphical User Interface (GUI) with over 300 tools for trouble shooting, and strengthening network and information systems. Because of the user friendliness of the operating system, it created a better usable environment for penetration testing that lead to the creation of the BackTrack security testing distribution named after the search algorithm backtracking (BackTrack, n.d.).

WHAX gets its name from a combination of White-Hat and SLAX, it was distribution for security tasks. WHAX grew out of from Whoppix (White Hat Knoppox), part of the Knoppix distribution and was a distribution that was based on security. When Whoppix changed parent distributions from Knoppix to SLAX, the name WHAX was created to reflect the change. WHAX made it possible to do penetration testing and verify security measures of a network for computers located in multiple different locations (BackTrack, n.d.).

Backtrack was first released to the public in the beginning of 2007. Compared to the other security penetration testing toolkits available, it was a major advancement. Since 2007, Backtrack’s releases have become a standard, as a penetration toolkit throughout the world. SANS, FBI, and the National Institute for Science and Technology (NIST), have either referenced BackTrack or have used the distribution (BackTrack, n.d.). Currently BackTrack is on release version 5, packaged with the very popular distribution known as Ubuntu GNU/Linux. Possibly one of the best additional features in Backtrack 5 is the ability to go into stealth mode, where no visible network traffic is generated. Additionally users have the option during download to choose 32 or 64-bit installation with either the KDE or Gnome graphical environment. Backtack can also be installed on a bootable USB thumb drive, instead of a bootable DVD. The drive can keep changes as it is moved from one computer to the next and is easier to conceal than a bootable disk.

Open Source Software

Software is open sourced when it is free to redistribute, the source code is redistributed with it as well as in compiled mode. There are several variants of the open source licensing contract that can be reviewed at opensource.org (http://www.opensource.org/licenses/category). Some of the more widely known open source licenses cover the GNU(Graphic environment of sever Linux desktops), Mozilla (Firefox, Thunderbird), MIT, BSD (like Unix), and Eclipse (Eclipse IDE). The open source licensing was created to make the source code of a program readily available to anyone that requests it. By making the source code available for anyone to access it help in developing stable software because the whole community is able to create changes and redistribute there own version of the software. Open source software protects the original author of the software, does not discriminate in anyway on how it can be used, cannot be specific to a product or software, cannot restrict other software and has to be technology neutral (open source, n.d.).

Because of the lack of dependency on software vendors, open source software allows the software to transform and morph into potentially anything the users and developers need the software to do. It gives users the freedom to use it when they want, how they want and on their own terms.

The advantages of having source code that is open spreads not just to software that is being attacked, but also covers most vulnerability assessment scanners. Vulnerability assessment scanners lie penetration testing, intentionally look for vulnerabilities in configured systems. A Network Computing evaluation found that the best scanner (which, among other things, found the most legitimate vulnerabilities) was Nessus, an open source scanner (Forristal, 2001). Since Nessus version 3 it is now a closed source version.

Penetration Testing

Part of vulnerability assessment of an information systems or network security assessment involves analysis that is easily and often accomplished through the use of penetration testing. By having security system administrators preform controlled attacks on a system or network to try and either compromise or disrupt their systems by exploiting as many documented vulnerabilities as possible. Penetration testing is usually performed on a network from outside a network from a hacker’s point of view. If you fail to look at your own system from an attackers view point, you are failing to maintain readiness standards. The best tools to use are the same tools that are available to the hacker community (Whitman & Mattord, 2005, p. 67).

“There are a number of common problems also. People tend to complete a security test and then believe that they are secure, and do not need to do another test for a prolonged time. People lock systems down prior to test and as soon as test is complete the systems are opened up again” (Would your system survive, 2002). When considering using these tools in the real world it is also important that you get the proper legal paperwork out of the way so that you are not committing any felonies by accident. Let customers know about the attacks and preferably what IP addresses will be used, also an agreed time window that you are allowed to test a corporations security (Would your system survive, 2002).

Hackers that hack for a monetary value, usually do so because of the lack of money. The best way for a hacker to begin is with the same free open source tools that are available to everyone, and that is just another reason why Backtrack has grown in popularity.

Available Tools

There are several tools in Backtrack. Some tools are to review networks by using network sniffers and file integrity checkers. Analyze and identify targets by using application security testing, vulnerability scanning, wireless scanning and network port/service identifiers. Other tools that are used in BackTrack are for finding vulnerable targets with tools that crack passwords, test remote access and use penetration testing.

Additional tools that do not pertain to penetration testing that Backtrack also offers covers privilege escalation, maintaining access, reverse engineering, Radio Frequency Identification (RFID) tools, stress testing, forensics, reporting tools, network services, and other miscellaneous tools. For this research paper we will identify some of the more commonly used penetration tools that come with Backtrack. Most of the tools in Backtrack are available for individual use on most common operation systems. The purpose of using Backtrack is to have a common distribution for communities to come together and learn how to use them in a same environment. Backtrack’s ability to be free, and run strait from removable media like a USB, or DVD allows and run on almost any computer also gives it a ease of use that cannot be found with closed source non-free operating systems. Some of the more common tools used for penetration testing on Backtrack are listed below:

Metasploit:

• Of all the penetration tools that have the ability to be used as a weapon,, Metaspliot would have to be at the top of the list. Metasploit combines several of the listed penetration testing software into one tool that can be utilized by black or white hats. While it was designed to audit a networs security, it can just as easily be used to launch real attacks on a defenseless network. It was first launched in 2003 before ever being packaged and developed as part of the BackTrack distribution to find network exploits (Bradbury, 2010, para 1).

• Armitage is a GUI extension of Metasploit that allows the ease of use of Metasploit to help security analyst work with Metasploit (Armitage, n.d.).

Nmap

• According to Kaven, (2003) “Nmap lets you perform stealthy half-open TCP SYN (synchronization) scans to emulate what a hacker using that type of scan might see”, and “bypass your firewalls and intrusion detection systems. You can enhance both scanning methods by using fragmentation scanning, a technique that splits the TCP header over several packets, making it harder for packet filters to detect a hacker’s intentions”.

• When connected to a service database, Nmap can attempt to figure out the version and type of communication going through a port and by using something called O/S fingerprinting can all determine the type of operating system that is running on the remote system through any port that is open.

Wireshark

• Like most penetration applications Wireshark is known for running on any operation platform available: Linux, Windows, Mac and BSD. Wireshark allows you to examine data from a live network or from a capture file on disk.

• It is so such a robust platform that the SANS institute offers a self paced course to full comprehend what can be done with Wireshark. “Intrusion Detection In-Depth,” www.sans.org/training/description.php?mid=43.

Driftnet

• As described in the Driftnet manual, it is a horrific invasion of privacy and shouldn’t be used by anyone, anywhere. It takes tcp packets and assembles then into the pictures that are being viewed by the user. While it is classified as penetration software, the only information that a hacker could possibly take, or use are limited (driftnet, n.d.).

• Driftnet also can capture MPEG audio data from the network and play it (driftnet, n.d.). Once Backtrack is installed all you have to do is type, man driftnet, from a command prompt to read the manual yourself. From a Linux command prompt this will work on most software packages that are non-graphical.

NTOP

• Started out as a Unix tool like most of the penetration tools in Backtrack but sice then has been exported to Windows, Macs, BSD, and Linux. It is a network probe that shows network usage in a way similar to what the command top does to view computer usage of memory and processes, except with internet traffic (ntop, n.d.).

• Besides sorting traffic by network protocols it can also identify e-mail addresses of employees through a GUI dashboard to see who is on the network and what kind of information is being sent (Dubie, 2007).

Ettercap

• Man in Middle Attacts – Ettercap works by putting the network interface into promiscuous mode and by Arp poisoning the target machines. Then unleash various attacks on the victims. Ettercap has plugin support so that the features can be extended by adding new plugins (Mati, 2003).

• Password that an be collected by Ettercap, include: TELNET, FTP, POP, IMAP, rlogin, SSH1, ICQ, SMB, MySQL, HTTP, NNTP, X11, Napster, IRC, RIP, BGP, SOCKS 5, IMAP 4, VNC, LDAP, NFS, SNMP, Half-Life, Quake 3, MSN, YMSG (Mati, 2003). Newer internet applications like Facebook, Google+ and Twitter can also be compromised.

Kismet

• Not only is Kismet a wireless network detector and intrusion detection application, it can also help hacker attack a 802.11 network to take control of a browsers cache, to poison it with false information in order to serve false web pages or steal a persons data at a later time using JavaScript files. (Messmer, 2010)

SinFP

• A application that allows for the active and passive OS fingerprinting or a remote computer. It is capable of surpassing the limitations fo nmap but can also detect computers inside a network that is using a Network Address Translation (NAT) protocol. SinFP can usually guess the O/S on the remote side through one open TCP port and usually with only one to three tests done on the port (SinFP, n.d.).

SMB Sniffer

• Part of the combination of Metasploit packages, it is an application that is also useful when conducting penetration testing. SMB Sniffers allow hackers to capture files communicated within a LAN by SMB protocol.

Dsniff

• Is capable of capturing passwords from several different protocols while they are being used. “A hacker can use Dsniff to “read all of your e-mail, watch all of your instant messages and even synchronize his browser with yours so that it displays the Web pages you visit as you visit them” (.

Conclusion

BackTrack can be considered an all in one tool for penetration testing and network monitoring. While it is a pretty extensive set of tools for a security information systems manager to use, it is also necessary to look into other tools to test the security of your systems also. While open source security tool’s are abound, and you can take advantage of all of them, and avoid paying fees for commercial products, there are several additional tools that are available also. Because information security is such a vast field of study, it is important to not rely on just one set of tools and to research and test other methods to discover and/or remove security vulnerabilities.

Another set of free open source tools that can be utilized is on another Linux distribution called Knoppix STD. There is some several of the same tools on Knoppix STD that are on Backtrack, but it also has some tools that are not that can be used to work on cryptography, computer forensic and other sniffing tools.

All the tools discussed were created for use in a Unix or Linux based operating system. A lot of the tools have been ported to other operation systems, including Windows systems, to allow anyone to download the tools independent of what O/S that is being used and learn how to ethically or unethically hack a system.

Good luck with any future penetration testing you do, please make sure that it is ethical hacking (white hat), because if caught, the fines for hacking could leave in in prison for a long time, and you may be forbidden to even touch a computer again. Even if it doesn’t seem that the punishment fits the crime, even the simplest attacks for no monetary gain can leave you in a heap of trouble. Currently in the U.S. there are no crimes against scanning but attempt it at you own risk.

References

Armitage – Metasploit Free Management GUI. (n.d.) Retrieved from http://www.commonexploits.com/?p=243

BackTrack. (n.d.). In Remote Exploit. Retrieved. from http://www.remote-exploit.org/?page_id=160

Bradbury, D.. (2010). Hands-on with Metasploit Express. Network Security, 2010(7), 7-11. Retrieved October 16, 2011, from ABI/INFORM Global. (Document ID: 2106533531).

Driftnet(1) – Linux man page. (n.d.) Retrieved from http://linux.die.net/man/1/driftnet

Dubie, D.. (2007, October). Free tools ease IT management. Network World, 24(39), 32. Retrieved October 16, 2011, from ABI/INFORM Global. (Document ID: 1521955171).

Forristal, Jeff, and Greg Shipley. January 8, 2001. Vulnerability Assessment Scanners. Network Computing. http://www.nwc.com/1201/1201f1b1.html

Mati Aharoni. (2003). EtterCap – ARP Spoofing And Beyond. Retrieved from http://www.securitypronews.com/securitypronews-24-20030623EtterCapARPSpoofingandBeyond.html

Messmer, E.. (2010, February). IE browser, iPhones exposed at Black Hat. Network World, 27(3), 14. Retrieved October 16, 2011, from ABI/INFORM Global. (Document ID: 1966410851).

Nicholas Petreley. (2002, October). Two sides to every dsniff story. Computerworld, 36(42), 34. Retrieved October 16, 2011, from ABI/INFORM Global. (Document ID: 210363951).

Ntop. (n.d.). Retrieved from www.ntop.org

Oliver Kaven. (2003, December). Nmap ; Nmap (free download) is a sophisticated port scanner with versions available for Linux, Unix, and Windows platforms. [fusion_builder_container hundred_percent=”yes” overflow=”visible”][fusion_builder_row][fusion_builder_column type=”1_1″ background_position=”left top” background_color=”” border_size=”” border_color=”” border_style=”solid” spacing=”yes” background_image=”” background_repeat=”no-repeat” padding=”” margin_top=”0px” margin_bottom=”0px” class=”” id=”” animation_type=”” animation_speed=”0.3″ animation_direction=”left” hide_on_mobile=”no” center_content=”no” min_height=”none”][review of the PC Magazine, 22(23), 127. Retrieved October 16, 2011, from ABI/INFORM Trade & Industry. (Document ID: 480376901).

Open Source. (n.d.) The Open Source Definition. Open Source Initiative. Retrieved from http://www.opensource.org/docs/osd

SinFP – a Perl module to do active and passive OS fingerprinting. (n.d.). Retrieved from http://www.gomor.org/bin/view/Sinfp/DocOverview

SMB File Sniffer. (n.d.). Retrieved from http://www.microolap.com/products/network/smbfilesniffer/

Whitman, M. E., & Mattord, H. J. (2005). Principles of information security (3rd ed.). Boston: Thomson Course Technology.

World Bank Aids Tanzania to Improve Quality of Statistical Data and Information. (2011, March 26). The Pak Banker. Retrieved April 17, 2011, from ABI/INFORM Global. (Document ID: 2302228461).

Would your system survive a tiger attack? (2002, August 29). Sunday Business Post. Retrieved October 16, 2011, from ABI/INFORM Dateline. (Document ID: 2171602031).

[/fusion_builder_column][/fusion_builder_row][/fusion_builder_container]