I thought I would share this as I always seem to have the need to install Operating Systems without a CD ROM drive.

-Insert 4 GB USB flash hard drive
Open Command Prompt and if using Windows Vista or 7, make sure you run as Administrator
in command prompt, type diskpart and then list disk (it will then list the available drives, make sure you select the correct one!)

-Now format the drive by typing the following:
select disk 1 (or which drive is correct, check size it helps)
clean
create partition primary
select partition 1
active
format fs=NTFS
assign
exit

Mount your Windows 7.iso with Magic ISO or similar. The drive letter below might be different so just check first and replace below.

Now you need to type the following:
d:
cd d:\boot\bootsect /nt60 G:
- Close the command prompt window now
- Copy the contents of the Windows 7 ISO was mounted before into your USB or flash drive
- Set your BIOS to boot from USB now.

Over the last 3 months I have been devoting a large number of hours towards the art of Penetration Testing (Pen Testing). I thought I would write a post about this subject to explain what it is. It is one of the new services I offer my clients.

A penetration test is the process of actively evaluating your information security measures by simulating an attack from a malicious source.

Data Systems, applications, websites and any other software can be tested remotely. Physical security, wireless networks and personnel security audits are normally conducted on-site.

Examples of areas that are commonly tested:

- Software (OS, applications, databases, networks etc)
- Bespoke development (dynamic websites, in-house apps etc)
- Wireless (WIFI, Bluetooth, IR, GSM, RFID etc)
- Personnel (screening process, social media etc)
- Physical (access controls, rubbish diving etc)

The remote penetration test is normally the first stage of a larger security audit (1 and 2 above). Initially I conduct the test in “black box mode”, meaning that we require no information other than the company name. I will then search for all IP addresses and routes into the organisation, forcing my way into the internal network and website. Thereafter, I duplicate my tests with low-level usernames and basic permissions.

Once I have completed the test, I provide a full report of all the risks and appropriate solutions. The report is divided into three chapters. Firstly a management report outlining our findings without technical complications. Secondly, I will provide the technical details required for the IT department and thirdly, I will detail the process. Thereafter, I can quote to implement recommendations, or advise on organisations that may be better placed to action my implementations.

For more information about my services, please visit MVI Data Recovery.

Photographic forensics or image analysis is the interrogation of digital images to extract meaningful information; mainly from digital photographs by means of digital image processing techniques. Forensic analysis allows us to compile reports to support criminal or civil claims, where photographs are critical evidence. We use a number of techniques to analyse digital images:

- Image Error Level Analysis. Using specialist software, we can highlight differing error levels throughout an image, to detect digital manipulation after an image was recorded.

- Photoshop Forensics. Adobe Photoshop can be an excellent tool to interrogate images for pixel aspect ratios, colour codes, enhancements, measurements and digital manipulation.

- Electronic Discovery of Meta Data. Using Data Recovery techniques, we can recover meta data to determine exact creation, access and modification dates, even where attempts have been made to hide evidence.

We comply with the strict guidelines imposed by the Association of Chief Police Officers (ACPO) and Electronic Evidence Procedures. Our image analysis reports are admissible in legal hearings and we often testify as expert witness in photography, image analysis, video analysis, and latent fingerprint examination.

Before undertaking any image analysis, we will give you a guideline price. Once we receive your media, we will then undertake an assessment and provide a definitive price. At this stage you are under no obligation.

For more information or just a chat, contact us.

Toshiba has developed a new technology on their self encrypting hard drives that wipe and destroy all data when you remove or switch the device off. It sounds crazy, but it does make sense.

Instead of over-writing the data,which takes hours or using a physical method that requires time and effort the new drives will automatically invalidate the data in just a few seconds by erasing its HDD security key when the power is completely off. This means that any confidential documents stored in the hard drive, like an office printer will be safe in case someone extracts the HD or the device is stolen and disconnected from the power outlet.

Many data recovery tools are universal regardless of the HDD manufacturer. So it has been relatively simple to get data back regardless of whether the affected disk was built by Maxtor, Seagate or Hitachi.

This compatibility era is now coming to end end with the introduction of the Solid State Disk (SSD). Wear-leveling and other types of performance-boosting algorithms have made each disk unique, built on very complicated controller technology. The proprietary algorithms are difficult to obtain for data recovery and forensics, which creates problems when mapping an address to the physical media. Therefore data recovery tools must be manufacturer specific.

What is good about SSD is that they contain no moving parts – dramatically reducing the potential for data loss. Nevertheless, SSDs are by no means infallible.

Many data recovery companies categorize SSD data loss as non-recoverable. MVI Data Recovery Services, we have invested in tools from leading manufacturers, assuring you the best results from any data loss situations in SSD.

For more information or just a chat, please contact us.

I was recently asked by a solicitor to examine images to determine if they have been digitally manipulated. There are a number of processes I use including Photoshop forensic techniques and Error Level Analysis.

Error level analysis can help you work out if a photo has been digitally altered. Photos in a jpeg file format actually lose quality each time they are re-saved. I can take advantage of this to try and work out if an image has been digitally manipulated.

For instance, if you have a jpeg photo at 90% quality, and resave it, again at 90% quality, you will end up with an image at 90% of 90% (so, 81% quality). If now, you were to copy and paste an element from a different photo into your current photo, you can end up with sections of the image at differing quality levels. This happens because some parts have been resaved three times, whilst some parts may have only been saved once.

If the image has had no alterations to it, all parts of the photo will be at the same quality.

Error level analysis allows you see to see the difference in quality level, represented by brightness. Things which are very bright have been edited most recently, whilst duller parts have been resaved multiple times. This allows you to see not just which parts of the image have been changed, but in what order the changes occurred.

I have used this technique, in conjunction with other forensic tools to support many claims, where the integrity of an image is in dispute.

For more information about our services, please contact us.

Applications

I will be discussing the world’s largest social networking platform and also the most targeted by hackers and cybercriminals. This site is known as Facebook and has some serious problems with its app systems.

All users have access to create or develop an application, giving the user a wide range of powers to access data stored on user profiles and over-site messaging systems, like fake news articles or changing security settings, can then be run on any Facebook user’s page.

I have thought about how this problem can be tackled and found an IT term known as a “walled garden”, this approach could just be suitable. Basically it is a closed or exclusive set of information services made available to users, in contrast to giving open access to applications and content. This is the way apple app store runs, all new apps need approval or grading before shared or uploaded. A survey revealed it was a effective way to safeguard users from maliciously designed apps.

A second approach could be to give users with security concerns the options to secure their own pages, allowing only approved applications. This approach may only safeguard the more wary and cautious user, who may be less likely to engage with the social engineering tricks anyway. Inevitably, a full, cross the board control system is the way forward. I am not suggesting it is full proof, I am sure the occasional slip up will happen.

My follow up post I will discuss Privacy Settings. Please feel free to contact us for more information or just a chat.

A commercial organisation asked me to investigate a series of suspicious emails they had received. I will not divulge the details of the case, but can reveal the processes involved.

Every email received contains email headers, containing information about the sender and the route from sender to receiver. The steps to view an email header vary between mail clients. Email headers should be read from the bottom up, for that is the order in which they pass through the mail system to their ultimate destination.

The email in question was from a Gmail client and had been cloaked. This raised two complications for us.

Firstly Google’s Gmail service omits the sender’s IP address information from all headers. Instead, only the IP address of Gmail’s mailserver is shown in [Received: from]. This means it is impossible to find a sender’s true IP address in a received Gmail. Secondly, a senders IP address can be cloaked by using a proxy server. This is simply a web-based intermediary, that can send emails anonymously on behalf of their client.

Further investigations of an employee’s laptop, together with a Norwich Pharmacal Order requesting details from Gmail, revealed evidence supporting my client’s suspicions. My evidence was comprehensive and resulted in a positive outcome for our client.

For more information about our services, please visit
MVI Data UK
MVI Data SA

Just to follow up on my post “HOW TO AVOID BEING FOOLED BY SOCIAL ENGINEERING TECHNIQUES”

1. That old saying, how does it go? “If something is too good to be true, it probably is”.

2. A important question to ask yourself would be , “Why am I being singled out for special treatment or a winnings from millions of other people on the internet” If you cant find the answer, it probaby is a scam.

3. Please dont believe all that you read, scammers will present you with attractive websites, but that does not indicate that it is being truthful.

4. Please be patient! I find so many users being victims of online crimes because they act on impulse, clicking on every link that is presented in a “sexy” or appealing attachment.

5. Make sure you are certain of the organisation or persons identity and authority to request such information, never provide if in doubt.

6. Never give out personal and financial info in email.Be careful when a email asks you to follow a link to enter this type info.

7. Do some research, if you feel the information in the email is not legitimate, contact the company or organisation directly. Don’t use the contact details in the email, but rather look them up online using the yellow pages, then call them to confirm the email details.

8. Some phising site look and feel the same as genuine website, but are subtly different, double check before you visit.

9. Take great care not to send sensitive info over the internet if not confident about the security on a website.

10. Be suspicious of unsolicited phone calls and emails that ask for information about your employees or other information. It could be a scammer calling.

I hope the above points will help users to think before acting and save a lot of headaches. My next post I will discuss Spam. If you have any questions, please contact us.