Volume 1 Issue 4

E-Crime Reporter

December 2011

From the Editors Desk: Dear Readers, Wishing you all a very Merry Christmas & a Prosperous New Year! Hope 2011 was a great year for you Newsletter Committee and this trend will continue in 2012 as well This is the last issue of Volume Advisory Board one of our newsletters; with this, we reach the end of one whole year. only to start afresh and mark a new beginning We really appreciate the kind support that youve extended all Dr. J. M. Vyas through Thanks so much! This issues theme is: the quite less explored area of CD/DVD Forensics; currently emerging as one of the important aspects of digital investigations. Hope youll enjoy it. Do keep sending us your valuable comments, towards Dr. M. S. Dahiya the betterment of our publications. Wish our bonding will continue to Dr.(Mrs.) S. L. Vaya grow, in times to come Lectura Feliz !! Prof. Y. K. Agrawal - Kajal Singh Dr. M. S. Rao

Mr. Mehul K. Dave

Case of the Tampered CD...

A scientific equipment manufacturing company informed the local police, that they fear an original CD-ROM, containing their clients detail; order details; invoice bills; equipments price information; equipment quotation, was tampered. An FIR was registered and the case was forwarded to a forensic laboratory for analysis. The query was, whether the files contained on the CD were original or modified? The CD-ROM was analyzed using relevant forensic tools and checked for the Directory Entries. Normally Directory Entries for file system ISO9660, contain the Last Modified time for the file. In case of original CDs, ISO9660 file system is not intended to be updated. Therefore, the File Created time of the files on the disc, is always equal to the Last Modified time. Moreover, NO Last Access time is recorded. After checking the above details, it was found that no modification was done in the CD in question. Case Study I This case indicated that things like: CDs/ News/Courses/Tips/Facts II DVDs can act as very important evidentiary R&D/Tricks/Book Review III clues, as far as digital investigations are concerned. Moreover, this also proved that it Conference/Job IV is possible to obtain a lot of information from CDs/DVDs itself and a Hard Disk is not Our Expert & Q/A V required every time. Puzzle VI Courtesy : Directorate of Forensic Science, Gandhinagar

Mr. S. G. Khandelwal Mr. R. N. Guna Mr. H. P. Sanghvi Mr. H. J. Trivedi Mr. S. J. Mistry

Editorial Board

Miss. Kajal Singh

Mrs. Astha Chaturvedi

Mr. Kumar D. Shah Mr. Nilay R. Mistry Mr. Jaismin R. Shah Mr. Nayan P. Dave Miss. Preeti Chandel

 B.Sc. (Hons) in Computer Forensics - University of Sunderland, Sunderland - United Kingdom. Course Mode: Full time Course Duration: 3 or 4 Years. For more details see the Greater Manchester Police in the UK succeed in Online Link: arresting six market traders; suspected of http://www.sunderland.ac.uk/course/617 producing and selling large quantities of /computer_forensics counterfeit CDs and DVDs. The recovered pirated CDs and DVDs were found to be worth MS in Digital Forensics University of Central tens of thousands of pounds and included new Florida, Orlando Florida, USA. music releases, yet to be released in the UK. Course Mode: Full time/Part Time Other items retrieved included: imitation Course Duration: Varies. firearms, knives, and Class A drugs. The suspects For further information, visit: are currently out on bail, pending further http://www.graduatecatalog.ucf.edu/ investigations. These kinds of illegal trading programs/program.aspx?id=1160 affects the livelihoods of legitimate traders and businesses and harm the hard working people, M.Sc. - Electronic Security and Digital Forensics working in the concerned industries. For further Degree, Middlesex University London, UK. information, visit our online reference: Course Mode: Full time/Part Time Course Duration: 1-2 Years. http://www.fact-uk.org.uk/site/latest_news/ For further details, visit: index.htm http://www.mdx.ac.uk/courses/postgraduate/ computing_and_it/elec_secu_digi_forensics_ msc.aspx EFFORTS OF GREATER MANCHESTER POLICE; LEAD TO ARREST OF SIX, INDULGING IN COUNTERFEITING OF CDs AND DVDs 28 Nov 2011, United Kingdom

How to recognize a pirated CD/DVD?

Costs around ten times lesser than original CDs. Low/Poor quality packaging, when compared to the original ones. Track list details, are modified in most cases.

Audio/Video Quality differs from HD. Discs made via process of burning & not pressing. Unlike Original CDs/DVDs; Data on pirated ones can easily be copied.

II

Heard of the tool

CD DVD Inspector (Version 4.1):
Professional software for intensive analysis and extraction of data from CD-R, CD-RW and all types of DVD media - including HD DVD and Blu-Ray. Useful for data recovery, forensics, and law enforcement. Based on the data recovery technology in CD/DVD Diagnostic, it has detailed displays and enhanced media search abilities. It also now includes a flexible report generator; improving its performance and usability. It can generate printed reports containing more than 50 items, in one go. It also has features for printing thumbnails of pictures and can sort reports on the basis of data items.

CD and DVD Forensics By Paul Crowley

Publisher: Syngress; 1st edition (November 28, 2006) Language: English
This is one of the very few books on the subject; a must read, which covers all facets of handling, examining, and processing CD and DVD evidence. Data forensics has recently emerged as an integral requirement of law enforcement, and corporate security agencies. This book provides readers with knowledge regarding different tools that can be used to open CDs & DVDs, in order to obtain any evidentiary clues that it may contain. It is divided into four basic parts: (a) CD and DVD physics dealing with the history, construction and technology of CD and DVD media, (b) file systems present on CDs and DVDs and how these are different from that which is found on hard disks, floppy disks and other media, (c) considerations for handling CD and DVD evidence to both recover the maximum amount of information present on a disc and to do so without destroying or altering the disc in any way, and (d) using the InfinaDyne product CD/DVD Inspector to examine discs in detail and collect evidence.

III

Computer Forensics Intern

SAIC, McLean Virginia, USA. Job Type: Full Time Application Deadline: See Link. To View details & apply, visit: http://jobs.saic.com/job/McLeanComputer-Forensics-Intern-Job-VA22101/1474852/

Computer Forensic Analyst

IntaForensics, Nuneaton - Warwickshire UK. Job Type: permanent, Application Deadline: See Link. To View details & apply, visit: http://www.intaforensics.com/ Careers.aspx

ICDF 2012: The Eighth International

Conference on Digital Forensics at Pattaya Thailand. Between March 12-13, 2012. For further information, See: http://www.waset.org/conferences/2012 pattaya/icdf/index.php

CSCFE - Cyber Security & Computer Forensics

Exchange at Fort Lauderdale, Florida USA. Between May 14-16, 2012. For more information, Visit: https://www.exchangeevents.net/cscfe/p index.php

CYBER SEC12: The First International Conference

on Cyber Security, Cyber Warfare and Digital Forensic at University Putra Malaysia, Kuala Lumpur - Malaysia. Between June 26 - 28, 2012. For further details, Refer: http://www.sdiwc.net/CyberSec2012/ page.php?id=2

IV

Mr. Yogesh Khatri has 7 years of experience practicing Digital Forensics in the US and has been involved in working on cases worldwide, in places like US, Canada, South Korea, Japan, Taiwan and Singapore. He holds a Bachelors degree (BE) in Electronics from Mumbai University, a Masters degree (MS) in Computer Engineering from Syracuse University in New York, USA and a number of industry recognized certifications in forensics and security like EnCE, SANS GREM, GCIA and GPEN. He has been a speaker at several conferences and a trainer to corporates and police officers. He is the Founder of Swift Forensics, now operating out of Mumbai and can be reached at yogesh@swiftforensics.com. Hell answer our readers queries in the section below.

Q1 - Some of my CDs have many scratches and have become unreadable. Is there any way to FIX this?
Ritu Singh, Vishakhapatnam - India.

Expert Says - If the CD has many scratches and does not read properly, it may need treatment to

remove those scratches. CDs are read by a laser which penetrates the plastic layer from the bottom and is reflected back from the data layer. Theoretically, when a drive tries to read a CD with a scratch, the laser hits the scratch, think of it is a tiny dent or crack and does not reflect back correctly. If the scratch is filled with a suitable substance which flattens out the dent, so the laser can reflect cleanly, the CD at the very least becomes workable. Think of it as filling a pot hole on a road; its no longer a bumpy ride now. There are some off the shelf products available to do these, all of which require filling the scratch with some gel like substance. Also there are many home remedies which people have figured out that work with mixed results, just Google for "remove scratches from CDs" Whatever you do, never rub/clean any CD or DVD in a circular motion. Always clean in straight lines from the center of the disc outwards.
Q2 - Is the serial number on a CD guaranteed to be unique?
Nicholas Jonathan, Florida - USA.

Expert Says - The number found on the clamping area (near the center) of a CD is commonly mistaken to be a unique serial number by forensic examiners. CDs are manufactured by a number of independent companies and there is no specified standard for this number. As a result most of the CDs just have a batch number or lot number, a number that helps them trace the CD back to its batch for quality control. Not every CD is tested, just a few in a batch, so when a CD from a batch goes bad, that batch can be marked as bad. Should forensic examiners still note down the numbers? Yes, but don't be surprised if once in a while some other CD in the same case also has the same number.

Q 3 - Are CD/DVDs a good medium for archiving or backup of data? Elias Wayne, Manchester - UK.

Expert Says - CDs and DVDs burned in regular CD/DVD burners in laptops and desktops are generally not a good idea for long term storage of important data. It is often heard that disks lose their burn after a year or so, although there are no scratches or cracks on the CD. This phenomenon occurs more frequently in cheap low quality CDs, however it occurs even in the more expensive branded media. CDs are affected by heat and humidity. Extreme heat, temperatures in excess of 48 oC will damage the dye in CD-R disks which is used as the recording substrate. But even prolonged exposure to lesser heat, usually because of improper storage of CDs can damage and ultimately destroy the data on the CD. Ideally CDs must be stored in as cool a place as possible and away from moisture.

Down : 1. Dataarea, 3. Rewritable, 5. CDPiracy, 6. Decoding, 8. Caddy Across : 2. Bootable, 4. Sector, 6. Disk, 7. EPRom, 9. Crystalline

VI

Key: