By David Kalat
For as long as there has been forensics, there has been its inevitable shadow, anti-forensics. Forensic tools enable investigators to uncover incriminating evidence from electronic sources, and anti-forensic tools enable their targets to try to thwart them. Anti-forensics involves any act intended to prevent or impede a proper forensic investigation. It is the digital equivalent of wiping fingerprints off a murder weapon.
Continue reading Anti-Forensics Gets an Upgrade: The Hidden Traps in Today’s Latest Technology
By Christopher Carter
When I was thinking about writing on this topic, it occurred to me that the title should be “How I Learned to Stop Worrying and Love the Cloud.” But Google tells me that’s been taken, and I don’t have a backup title nearly as pithy. So you’ll have to live with “The Transformation of IT – From Builder to Broker.” It captures the heart of what I’d like to discuss.
Continue reading The Transformation of IT – From Builder to Broker
By Adam Cohen
“It’s a mobile jungle out there, and your corporate data is too valuable to just bungle through it.”
Little computers, generically called “mobile devices,” are everywhere, like creatures sharing our environment with non-digital animals and insects. They come in all shapes and sizes: tablets as big as flat-screen TVs; wearable technology such as the Apple Watch, fitness bracelet or Bluetooth headset; and the undisputed king of mobile devices, our inseparable personal parasite — the smartphone. Not only do these devices share our “physical” environment, they permeate our information technology environment. Connected in the atmosphere of the Internet, mobile devices breathe by inhaling and exhaling data, which travels across the globe, nearly instantaneously. Continue reading Mobile Mayhem: Smartphones and Security (Or the Lack Thereof)
By Teresa P. Schoch
In early October, 4,200 companies that have been certified under the U.S. Safe Harbor Framework as having developed processes and procedures to protect the private information of EU citizens were told that their certifications were invalid. Privacy experts have been scrambling to give them advice on next steps, which include utilization of model contractual clauses relating to individual data transfers, or implementation of binding corporate rules requiring the approval of an EU Data Protection Authority, which can take up to a year to accomplish. Whether these actions will also be considered invalid along with the Safe Harbor framework is not clear. However, since both allow for an individual’s ability to question a company’s compliance with the EU privacy directive, it is more likely that they would be considered adequate.
Continue reading An EU Court’s Attempt to Control the U.S. Privacy Protection: Who Will Blink?
By David Kalat
The first problem with mobile device forensics is the name. “Mobile devices” is a catch-all term meant to encompass cell phones, smartphones, tablets, and hybrid “phablets.” But even these terms are inherently misleading—they imply that we are talking about phones. In 2011, physicist Michio Kaku noted that today’s mobile “phones” have more computing power than all of the computers NASA used to land astronauts on the moon. The average mobile “phone” today easily outstrips the power of the Cray, Deep Blue, or any supercomputer of a generation ago. Current models have faster processors, access to more storage, better network connectivity, and more robust software than the average PC from just 10 years ago. We call them “phones” at our peril—they are powerful computers that just happen to be able to place calls as well.
Continue reading The Trouble with Mobile Device Forensics
By Teresa P. Schoch
While recently wandering side streets of London and Paris, I noticed “the cloud” being offered in small storefronts alongside cafes offering baguettes and cappuccinos. The ubiquitous and trusting adoption of this intangible data-storage solution as organizations scramble to protect apparently sacred private information collected from the same individuals buying these cloud services is remarkable. Organizations are simultaneously tasked with addressing burgeoning costs of litigation and other consequences of excess data storage seemingly being alleviated by the cloud.
Continue reading Information Governance and the Cloud – Collecting Value or Hoarding?
By Peggy Daley
In July 2015, hackers calling themselves “Impact Team” announced an unusual data breach. The hackers claimed to have obtained customer and operational data from Ashley Madison, an online social networking site that markets itself as a place for people interested in “casual encounters, married dating, discreet encounters and extramarital affairs.” The hackers claimed to have compromised the website’s approximately 37 million user profiles, corporate financial records, and other confidential information. Continue reading Life Is Short; Affairs Are Expensive: The Ashley Madison Breach and Its Aftermath