New report shows that Cyber Crime cost UK Organisations the average of £2.1 million per year. The report called Cost of Cyber Crime published by the Ponemon institute shows that the cost of attacks ranges between £400,000 and £7.7m. The report also showed that attacks had become more common (something we all knew) attacks vary from DoS (denial of service) to malicious hacks but what we are asking is what can digital forensic analysis to help the fight?

Digital Forensic Analysis can be used after an attack to great effect when trying to pin point the start of an attack or the perpetrators, post event. X-actForensics Ltd have been instructed on many cases like this in the past.

Much more needs to be done by UK businesses and organisations alike to improve the security they have in place and to constantly update processes and procedures to fall in line with the latest trends and developments otherwise digital forensic analysis will be refereeing the fight and the cyber crime wave will win by a K.O!

Britons are being urged to create passwords made up of short stories or random words linked together rather than the traditional characters and numbers, which will form a “near uncrackable” password according to a security expert.

When conducting computer forensics analysis and mobile phone analysis there have been traditional methods of bypassing security codes and passwords but there has still been the need to decode passwords.

Leading security expert Andi Hindle, director at Ping Identity, a firm which provides cloud identity security solutions, denied the existence of an uncrackable password but did claim there are some which will take “millions of hours” to decode.

He claims that using 4 random words with no apparent link such as Pink, Chesnutt, gin barley. Easy to remember if the user assigns a short story to them but they remain mathematically hard to crack! Some systems however will require numbers and special characters still.

It’s not just passwords being cracked though and Andi underlined that computer viruses that harvest passwords for phishing attacks are the most common ways for systems to become compromised.

As usual computer forensic experts can conduct computer forensic analysis after the event to try to pin point an attack and try to recoup some of the losses, this is no substitute for a solid data protection strategy among business and personal users alike.

It’s now only a matter of a couple of weeks until the start of the 30^th Modern Olympics kicks off in London.

In the run up to the games the Home Office has warned that cyber crime is now as great a threat as terrorism to the UK’s national security.

Hackers have become more aggressive, and according to Richard Clarke (Home Office Security and Counter Terrorism Department Director) the threat is being spread across a wider area than ever and that you don’t need many people to mount a serious threat to the UK.

Ominous sounding words there, the UK has a huge amount of knowledge and experience within digital forensics, which through the use of computer forensics can (after an incident) provide vital information about the source of the attack and provide more clues in tracking the criminals down. More needs to be done in terms of proactive defence and adapting security strategies.

During the Lord Mayor’s annual defence and security lecture chief of MI5 said that the levels of cyber attacks on UK industry is already on an industrial scale and has reached an astonishing level.

Considering the world will be watching London in 2012 and the determination of cyber criminal criminals, UK businesses need to adapt their ongoing security strategies in line with an evolving threat.

Many people believe that when a hard drive is formatted the data on the drive is somehow wiped or irretrievable from the disk. This is certainly not the case. The process of formatting a hard drive simply re-organises the computer’s file structure. If you format a disk you are only changing the file structure not erasing the data on it. In order to bring formatted data back, computer forensic experts would look for “flags” in the raw data that would suggest the start and end of a block of data and then piece this data back together to form a single file. This method is known as “data carving” and proves very successful in recovering data from formatted hard drives.

Imaging is the first step in acquiring digital evidence in any computer forensic investigation. It is highly important that this process is carried out in the first instance, as questions regarding the methodology of a digital investigation can be raised later should the case go to court.
The image itself is an exact copy of the original computer and is created using a combination of hardware and software. The hardware that is involved is known as a “write-blocker”, and the purpose of this device is so that information can only be read and not written to the hard drive when acquired or analysed. Finally, the imaged is verified using an algorithm know as “MD5 Hash” to confirm that the copy is indeed the  same as the original.
Imaging is important so that the data is secured and preserved in it’s original format.