The Kumachan

We went hunting over the three day weekend and killed these two plus three smaller ones. I can’t remember how many shots it took, but it was a lot!

Can you believe it? This guy wins 181 million in the lottery on a Wednesday, and then finds the love of his life just 2 days later.

Talk about LUCK!

[Abstract]
The purpose of this document is to provide a basic understanding of computer forensics by identifying five areas in computers and computer applications a forensic investigator can look for digital evidence. Also included within this document are three types of criminal investigations that can utilize the services of computer forensic investigators. Lastly, a description of these three types of criminal investigations can benefit from computer forensics. This document is intended for anybody looking to gain a basic knowledge or understanding of computer forensics and criminal investigations.

[Content]
With as much of technology that is in use today there may be a time that criminal investigative services may be required to collect data as evidence for criminal prosecution. The criminal investigative services may choose to use computer forensic investigators to gather the evidence to be used for prosecution. In order for a forensics investigator to be proficient at their job, they need to know where they can find the evidence they are looking for. The evidence forensic investigators look for is for the purpose of criminal investigation. There are different types of criminal investigations and there are different ways each of these investigations can benefit from forensic investigators.

When digital investigators are looking for evidence there are different areas where they can look. One of the simplest and most obvious place for investigators to look for evidence is on floppy diskettes, CD ROMs, DVD ROMS, Thumb drives, and any other type of removable media (Strickland, 2009). By looking on storage media criminal investigators can get an idea of what type of data is being stored or loaded onto the system. This can prove to be useful in the event that third-party applications are being used to circumvent investigations. By finding an application on a removable storage device, investigators can gather information that may be useful for returning a system back to its original condition when the crime was being committed. It is also possible that storage devices can provide clues or evidence against the suspects that are being investigated.

System storage devices are other places to look for digital evidence. System hard drives can storage mass amounts of data that can be used as evidence, however these mass storage devices may take longer to find the evidence depending on how many different types of applications were used, if anti-forensic software tools were used, and if encryption software was used. System and application log files, as well as, browser history and cache files, e-mails, digital photographs, and global positioning system logs can hold important pieces of data which can identify how the system was being used, what it was being used for, what types of crimes were being committed, and they can also tell an investigator about some of the software applications that were being used on the system (Kennedy, 2006). When a forensic investigator searches a hard drive they may have to use third-party software to search through Meta data that identifies what types of files reside on the system. Meta data is information that is used by the computer to, not only identify what type of file is on the computer, but also what files link to other files. Additional forensic tools may need to be used on a system storage device to look for evidence that is embedded within applications or even hidden. System storage devices can hold critical evidence, however depending on what software was used on the system, the recovery of the evidence can take long periods of time.

Computer memory is a place where forensic investigators can find chunks of data that was stored when the system was being used. As systems use more and more random access memory, this type of memory is used to store data for faster access during the system’s operation. Since RAM is used to store information when the system is being used, it is clearly a good location to find evidence. Although, RAM is used by the computer it is unlikely that the type of information that is found to be stored in RAM is going to be readable by humans, so forensic applications will most likely need to be used in order to find the critical evidence.

Documentation that has been printed out from a computer system is considered original documentation and is permissible as digital evidence. Under the best evidence rule, many judges allow digital printouts to be used as evidence. Digital printouts are considered original forms of work, as it is unique to the printer that was used when the crime was committed. Some printers even are sophisticated enough to have memory built into them and the memory found in the printer may contain digital evidence for forensic investigators.

There are many different types of criminal investigations, however some types of criminal investigations that can greatly benefit from digital forensics are investigations that involve crimes of: sex, hate, theft, narcotics, wrongfully accused, and even kidnapping. For crimes that involve sex, to include sex with minors, many times chat application log files can hold much evidence against the accused. For a crime of theft a spreadsheet that holds information like, items, serial numbers, locations, and other information can prove to be a great asset. Crimes that involve narcotics can benefit from possible chat log information, but more likely e-mail traffic can prove to be a greater asset for evidence. No matter which criminal investigation is being conducted the investigation can greatly benefit from the use of digital forensics.

In conclusion, there are many types of criminal investigations that can benefit from the use of forensic investigators. Many of the criminal investigations include crimes of sex, narcotics, hate, wrongfully accused, and kidnapping. When digital forensic investigators are being used to gather digital evidence for a criminal case some of the locations where evidence can be found include: printouts, removable storage devices, internal storage devices, application logs, browser history files, browser cache files, e-mail, random access memory, and possibly even printer memory. No matter what type of criminal offense was committed, as long as a computer was utilized to commit the crime, the different types of criminal investigations can benefit from digital investigators gathering evidence to prove the crime was committed.

References
1. Strickland, Jonathan (2009). How Computer Forensics Works. Retrieved March 29, 2009, from Howstuffworks “How Computer Forensics Works” Web site: http://computer.howstuffworks.com/computer-forensic.htm/printable
2. Kennedy, Ian (2006, August). Looking for foul play – digital forensics Part 2. Retrieved March 29, 2009, from Looking for foul play – digital forensics Part 2 Web site: http://www.bcs.org/server.php?show=ConWebDoc.6231

[Abstract]
The purpose of this document is to provide a basic understanding of computer forensics by identifying five technology-related challenges that digital forensics investigators are faced with. Also included within this document are solutions to resolve each of the challenges. This document is intended for anybody looking to gain a basic knowledge or understanding of computer forensics and challenges investigators face.

[Content]
With the use of technology today there may be a time that criminal investigative services may be required in order to collect data as evidence for criminal prosecution. The criminal investigative services will most likely use computer forensic investigators to gather the evidence to be used. Even though computer forensic investigators may be proficient at their jobs there are still challenges that they are faced with in order to perform their job efficiently and effectively. Even though there are a number of challenges there are also solutions or methods that can aid investigators to gather the evidence they need.

One major challenge that may be encountered is the credibility and proficiency of the technician gathering the evidence. Technicians need to stay up to date on the latest operating systems, data collection procedures, and any additional software that may be utilized in the collection process. In the event a technician is not current on a particular software application or operating system, training courses or certifications may need to be obtained in order to maintain a level of proficiency according to policy and procedures. Technicians also need to gather evidence in accordance with any written policies or standard operating procedures. By following company guidelines, technicians minimize the ability to be discredited.

Standardization of the procedures for gathering evidence, handling evidence, transporting evidence, access to evidence, and even documentation of evidence poses a real challenge for forensic investigators. Prior to embarking on any incident response, technicians need to be current on any company standardization practices to ensure everything from obtaining evidence down to the documentation of evidence is being handled and documented consistently according to company policies. By following standardization practices a technician minimizes the ability to have evidence withdrawn from a case because it is the forensic investigators job to gather the evidence in a proper manner to be used against a defendant in a court of law.
Proper gathering of evidence can be a major challenge for forensic investigators. Forensic investigators need to be thorough in the gathering of evidence and ensure they do not leave anything behind (Kruse & Heiser, 2002). They also need to ensure they mark or tag any evidence as it leaves a crime scene so that it does not get lost in transit. A method for gathering and tagging evidence is by creating a list of every piece of evidence before it leaves the crime scene, ensure everything at the crime scene is gathered, and then upon arrival of where the evidence will be stored validate every piece of evidence was received. The evidence list may need to be verified by more than one person in order to maintain absolute integrity of the evidence that was gathered. By properly marking any and all evidence at a crime scene and then verifying all of the evidence this ensures all evidence is properly gathered and received just as it was when it was at the crime scene so that further investigations can take place on the evidence that was gathered.

Another major challenge that can be faced is the mishandling of evidence. When evidence is being gathered it needs to be treated as evidence and should be secured at all times. Only authorized personnel should have access to the evidence to prevent the possibility of tainting the evidence. By maintaining a written record or log of who is in current possession of the evidence, how the evidence was collected, and from what piece of equipment or hardware the evidence was collected from will ensure the evidence is being handled in accordance to policies, procedures, and with best practices in mind. This will ensure the evidence was handled in the correct manner, by the correct people, and in accordance with any laws.

Lastly the use of anti-forensic tools or encryption can pose a major challenge for forensic investigators. Anti-forensic tools can change header information of files found on a computer making files appear to be a different type of file which could cause a forensic investigator overlook critical evidence (Strickland, 2009). Encryption can also be a major challenge to forensic investigators because encryption uses a key to hide or conceal information on a computer system or during transit of information. It is a forensic investigator’s job to present the evidence gathered in the state it was when the crime was being performed. In order to return the evidence back to the state it was previously in a forensic investigator many need to use software applications or hash checking applications to do so.

In conclusion, due to the relatively new age of computer forensic investigative services there are many challenges that can be faced by a forensic investigator. By an investigator maintaining a current, up-to-date, technical proficiency in conjunction with following all company policies, procedures, and standardization practices an investigator greatly increases their ability to gather evidence in a proper fashion. Investigators also need to thoroughly document and handle evidence in a proper manner to include gathering and tagging all evidence so that a proper investigation can be conducted.

References
1. Kruse, W & Heiser, J. (2002). Computer Forensics Incident Response Essentials. Indianapolis, IN: Lucent Technologies
2. Strickland, Jonathan (2009). How Computer Forensics Works. Retrieved March 29, 2009, from Howstuffworks “How Computer Forensics Works” Web site: http://computer.howstuffworks.com/computer-forensic.htm/printable

Today I took a train for 1 hour to a little place called Tsutsujigaoka. This is in Tokyo, but it is probably a part of Tokyo that I would not normally go to. When I got there I was met by a nice German guy who works for a bank. We went to a coffee shop, even though I can’t stand coffee, and we filled out all the necessary paperwork and started talking a bit about security and what each of us does. It was really cool to meet a guy who has very similar interests and it is neat to see how the financial industry deals with security. We talked for about 10-15 minutes and then I ventured my way back home, taking another hour to get back. Unfortunately I did not take any photos on this trip.

Two hillbillies walk into a restaurant. While having a bite to eat, they talk about their moonshine operation. Suddenly, a woman at a nearby table, who is eating a sandwich, begins to cough, and after a minute or so, it becomes apparent that she is in real distress.

One of the hillbillies looks at her and says, ‘Kin ya swallar? The woman shakes her head no. Then he asks, ‘Kin ya breathe?’

The woman begins to turn blue and shakes her head no.

The hillbilly walks over to the woman, lifts up her dress, yanks down her drawers and quickly gives her right butt cheek a lick with his tongue. The woman is so shocked that she has a violent spasm and the obstruction flies out of her mouth. As she begins to breathe again, the Hillbilly walks slowly back to his table.

His partner says, ‘Ya know, I’d heerd of that there ‘Hind Lick Maneuver’ but I ain’t niver seed nobody do it!

Today I took the train for about an hour and stopped at Kawasaki to meet a Japanese guy who worked at IBM. We filled out the necessary forms right there in the train station and then I had to fight rush hour traffic for an hour to get back home. That was my first time to Kawasaki and it was neat to meet another person with the same interests, but our conversation did not get too deep because he didn’t speak English and my Japanese speaking abilities doesn’t really get into technical words. It was an experience and now I’ve only got 90 more points to go in order to become a notary myself. Along the train ride I passed a place Shitte, I can’t say that I would want to live in Shitte town. Below is a photo of that. The second photo is inside Kawasaki train station. As you can see, it was pretty busy.

I have recently embarked on a new venture and it is to obtain a Thawte web of trust notary status. In order to obtain this status I have to accumulate 100 points by meeting with different people face to face and filling out paperwork that verifies we met face to face and showing my identification to prove I am who I say I am. The notary who is validating my identity must maintain a record that we have met in person and protect this information for up to 5 years. Different notaries are able to give different amounts of points based on how many people they have notarized with a maximum of 35 points. This venture will give me my name on my digital certificate as well as notary status so that I will be able to assist others with getting their names on their digital certificates too. It may not be too impressive to most people, however having private data being protected when transmitted via electronic mail usually makes me feel a little bit safer. At first I didn’t think this was going to be very much fun at all, but once I met a couple different people, it is actually pretty fun to go places I probably normally would not go and meeting other people with the same interests as me. I will keep a log and track each place I go on upcoming posts.

In a small town in Tennessee, Big Bubba decides it’s time for his son, 14 year old Billy Bob, to learn the facts of life. He takes him to the local house of ill repute, which is fronted by a beauty parlor.

Bubba introduces Billy Bob to the madam, and explains that it’s time for his indoctrination to sex.”

The madam says, “Bubba you’ve been such a good customer over the years, I’m going to see to this personally.”

So the madam takes Billy Bob by the hand and leads him upstairs, where she completes his deflowering.

Later, as they are walking downstairs the madam says, “Since this is your first time, I’m going to see that you get the full treatment before you leave, I’m going to give you a manicure.”

Two weeks later Bubba and Billy Bob run into the madam on the main street. Billy Bob is acting a little shy. so the madam smiles and says,

“Well, Billy Bob, don’t you remember me?”

“Yes ma’am the boy stammers, “You’re the lady that gave me the crabs and then cut off my fingernails so I couldn’t scratch ‘em.”

Abstract
The purpose of this document is to provide a basic knowledge and understanding of the Internet Protocol Security otherwise known as IPSec to include additional protocols that are used as part of the IPsec suite. This document is intended for anybody looking to gain a basic knowledge and understand of what IPSec is and how it works.

Content
In order to ensure the confidentiality of data on a network there may be a need to use different forms of encryption or encryption techniques. The Open Source Interconnect (OSI) model can be used as a guideline to know how data is being protected and at which layer of the OSI model the data is being protected at (Teare, 1999). The seven layers of the OSI model are:

Application
Presentation
Session
Transport
Networking
Data link
Physical

One of those methods to ensure data is secure is by using Internet Protocol Security, otherwise known as IPsec. IPsec functions at the Networking Layer, which is the same layer of the OSI, model that the Internet Protocol works at. Because IPsec works at the Networking Layer all of the Layers above the Data Link Layer are being protected. Other security systems like SSL, TLS, and SSH, function at higher levels of the OSI model and a system needs to be designed to incorporate these security systems, however due to IPsec functioning at the Networking Layer it is more flexible and systems do not need to be designed to use IPsec.

IPsec uses different protocols to authenticate and encrypt each packet within a data stream. IPsec is a framework of open standards that uses protocols like Inter Key Exchange (IKE and IKEv2), Authentication Header (AH), and Encapsulation Security Payload (ESP) to ensure secure communications. During the beginning of a session of communications between hosts, the IKE protocol establishes a mutual agreement of which shared secret key will be used during a session. The sessions of secure communications can be established between different hosts, gateway and hosts, and gateway and firewall. Once two hosts establish which cryptologic key will be used secure communications can begin. When a packet is sent from one host to another the receiving host uses the AH protocol, which ensures the integrity of a packet and that the packet is being sent from an authenticated host. The authentication header protects against replay attacks by using a “sliding window technique” that discards any aging packets (Network Sorcery, Inc., 2004). The Encapsulation Security Payload (ESP) transforms the data by encrypting it with an encryption algorithm key and then repackaging the datagram to include and ESP header, ESP trailer, and ESP authenticated data. Even though IPsec sounds like one form of encryption it is actually a suite of protocols that are used in conjunction with each other by using their own methods to ensure the data is being transferred from one host to another securely.

In conclusion, IPsec is actually a suite a protocol that function at the network layer of the OSI model to ensure data is being transferred from one host to another securely. As part of the IPsec suite the inter key exchange, authentication header, and the encapsulation security payload each perform their own function and build upon each other. The inter key exchange protocol is responsible for negotiating from one host to another to come to a mutual agreement on which shared secret key will be used. The authentication header protocol is responsible for ensuring the integrity of the data and protecting against replay attacks. The encapsulation security payload is responsible for encrypting the data and transforming the datagram so that the remote host can successfully decrypt the datagram and read the data.

References
1. Teare, Diane (1999). Internetworking Technology Handbook – Internetworking Basic – Cisco Systems. Retrieved March 13, 2009, from Internetworking Technology Handbook – Internetworking Basic – Cisco Systems Web site: http://www.cisco.com/en/US/docs/internetworking/technology/handbook/Intro-to-Internet.html#wp1020580
2. (2004, June 7th). AH, Authentication Header. Retrieved March 13, 2009, from Network Sorcery, Inc. Web site: http://www.networksorcery.com/enp/protocol/ah.htm