Indispensible Need of National CERT in Pakistan

In this advanced era where science and technology have become quite advanced, it leave not be incorrect to state that technology has become an essential component of our life whether it is about communication, medication, or something else. Information technology has earned a great deal of popularity in every developed country of modern age and it can be witnessed everywhere from traffic signs to power stations, from air ticketing to shopping deals, etc. Hence, it can be said that technology has become a basic ingredient of every facilitation available to the world in this high tech era.
In Pakistan, online sale purchase and other types of online jobs are gaining huge popularity with the passing of time. Now people prefer to do online transactions via using their credit cards and bank accounts online facility. Similarly, the recently announced 3G and 4G technology will also give a boost to the use of information technology.

Nevertheless, it is thus unfortunate that whatever has been discovered that is practised against the humankind in one or other form. The worst is now information technology is also being utilized as a weapon against humanity. Applying information technology as an abysmal weapon, the confidential information of the countries is being stolen, which can be applied.

A long list of evidences related to cyber-attacks is present when it comes to Pakistan. For example, various fiscal, educational, and diplomatic institutions of Pakistan Government and Pakistan Army were attacked by Indian Government Backed Hackers, back in 2010. Apart from this, various attacks were being prepared to steal secret information of the country. Almost 50-100 cyber-attacks are reported on Pakistani sites. The news concerned to these cyber-attacks made by international offices is not veiled from anyone, especially when it arrives to steal information via any virus or American NSA's cyber surveillance.

Modern countries of the current era are focusing extensively on cyber war and establishing cyber security research centers for the ultimate prevention of the cyber-attacks. Apart from this, the establishment of computer emergency response units is also in progress. Both of these cyber security research centers and computer emergency response units are of outstanding importance for their nation. The authorities cannot only keep an eye on their country’s Banking sector, but can also communicate with other countries to inform them about new cyber-attacks via these computer emergency response units. Moreover, these units will also become able to send the information related to cyber-attacks to different institutions of the country, especially to the commercial data center to bring these attacks to an end. This is the reason, which is why the secret information about the government and the banking sector of the countries having their computer emergency response units, is quite safe as compare to others, who do not own such units. Moreover, with these units, the effective and efficient cyber-attacks prevention strategies can also be implemented on time.

Everyone is concerned about the information technology and its security. However, its importance in Pakistan is still quite questionable where no one pays attention to the news related to hacking of seven banks in a week. The story does not end here. As per recent estimates, four government websites are receiving cyber-attacks on a daily basis, but no prevention technique is being adopted to stop these attacks. The authorities must understand that by hacking their official websites, the hackers can access to internal network system by infecting administration with their malware which can steal and forward all the significant files from C&C servers. In case of banking sector, they can get access to important credentials, including bank accounts, email passwords, and credit card details. Thus, being aware of the importance of cyber warfare is quite essential for our government and officials, especially in the current age of advance technology.

To avoid these cyber-attacks, the government of Pakistan must focus on the establishment of a computer emergency response unit of high excellence. It has been estimated that till 2020, Pakistan will go one of the secured high tech countries only if the government will establish computer emergency response unit till 2015. With this approach, Pakistan will not only become eligible to safeguard its industry, but will also become capable of protecting other nations from unauthorized access.

Hence, the essential requirement of this advanced era is to have computer emergency response units to eliminate the menace of cyber warfare and to enjoy cyber security. The expectations from PML-N government is quite high that the way they disseminate the network of optical fiber in the country, they introduced 3G and 4G in Pakistan, they will certainly work on the effective and efficient organization of quality computer emergency response units in the nation.

About The Author

This article has been written by "Mansab Chaudry", Chaudry is the founder of a Security company called Refluxes and the lead author at Whogothacked.com, A news blog covering Ethical hacking and Security news. In his free time he actively contributes to RHA with topics related to Cyber Security.

An Introduction To iOS Forensics - Part 1

ABSTRACT

It is known that with the increased use of mobile devices, cyber-crimes in these types of applications have multiplied, forensic science has evolved so that the techniques and tools have become more specific to certain types of platform.

The use of scientific methods for preserving, collecting, restoration, identification, documentation and presentation of digital evidence is what we call computer forensics.

What you should know:

• Readers, for you to understand these items, you just need to have a little knowledge about the rationale behind the technique and analysis of forensic.
• Knowledge of iOS.
• Concepts of "Forensic Investigation".
• Information about the device on which you will apply the method.

What you will learn:

• Dear readers, you will increase your knowledge in the area of preparation and effective methods for applying forensic peripheral.
• Know the best tools for iOS devices.
• Standardized technique to avoid errors.
• Compare software to know which is best for each case.
• Learn the key concepts in a simple manner.
• At the end of the reading, you will understand how to iOS forensic analysis works.

INTRODUCTION

One of the fundamental principles of forensics is the Locard Exchange Principle. According to this principle , anyone or anything that enters a crime scene, carries something of the place and leaves something behind after parting. In the virtual world of computers , the Principle of Exchange of Locard is still mostly valid: wherever the attacker has been, he leaves traces. These traces can be extremely difficult or virtually impossible to be identified and followed, but they exist. In such cases, the process of forensic analysis can become extremely complex and time consuming, requiring the development of new technologies for searching for evidence.

Any digital information able to determine that there was an intrusion or that indicates any link between the attacker and the victim, between the invasion and the attacker, could be considered as evidence.
The researcher must be able to identify the evidence from the information he has previously collected.

DIGITAL EVIDENCE, INTRODUCTION

• Digital evidence is information in digital format, capable of determining if a computer system has suffered a violation, or that provide a connection to the victim or with the attacker.
• Evidence of this nature can be duplicated exactly.
• You can verify that change with the right methods.
• They are highly volatile and may be modified during the analysis if the proper precautions are not taken.

PRINCIPLE OF EXCHANGE OF “LOCARD”

Every person who goes through a crime scene leaves something of himself and takes something with him.

Similarly, any person who commits a digital crime, leaves traces on the compromised system. The tracks can be difficult to follow, but they are still there.

METHODS AND PROCEDURES STANDARDS

•  Simplify the process of collecting, storing and analyzing evidence.
•  Minimize the panic and negative reactions in circumstances in which expertise is conducted on high levels of stress, avoiding a possible involvement of the evidence.
• Contribute to the validation of the evidence collected, in a criminal prosecution
•  Requiring a planning phase for its correct implementation.

METHODOLOGY FOR THE TECHNICAL INVESTIGATION

• Collection of information.
• Recognition of the evidence.
• Restoration, documentation and preservation of evidence found.
• Correlation of the evidence.
• Reconstruction of events.

PREPARATION

• Definitions of policies to be followed and actions to be taken during the expert.
• Preventive measures to avoid compromising the computer system.
• Monitoring to detect incidents when they occur.
• Choose the most appropriate tools for data collection and analysis evidence.

TOP iOS Forensics

• There are other tools that help us in the task of performing a forensic analysis on iOS devices, so I will quote the best:
• AccessData MPE+, iXAM, XRY, Neutrino AccessData Forensic Toolkit, iXAMiner, Lantern,iPhone Backup Analyzer, Neutrino,SecureView,SD Flash Doctor.

TOOLS FOR IOS FORENSICS

Readers, these tools are for better efficacy in forensic computer expertise. I will quote some of the most known and used analysis software and techniques for collecting digital artifacts.

Forensic Toolkit® (FTK®): “Recognized around the World as the Standard in Computer Forensics Software
FTK is a court-accepted digital investigations platform that is built for speed, analytics and enterprise-class scalability. Known for its intuitive interface, email analysis, customizable data views and stability, FTK lays the framework for seamless expansion, so your computer forensics solution can grow with your organization’s needs”.

More information: http://www.accessdata.com/products/digital-forensics/ftk

“BlackLight is a multi-platform forensic analysis tool that allows examiners to quickly and intuitively analyze digital forensic media. BlackLight is capable of analyzing data from Mac OS X computers, iOS devices (iPhone, iPad, iPod Touch) and Windows computers. It is compatible with all leading logical and physical forensic image formats”. BlackBag Technologies
More: https://www.blackbagtech.com/blog/category/blacklight-forensic-software-blackbag-technologies

“Elcomsoft iOS Forensic Toolkit (Enhanced Forensic Access to iPhone/iPad/iPod Devices running Apple iOS). Perform the complete forensic acquisition of user data stored in iPhone/iPad/iPod devices running any version of iOS. Elcomsoft iOS Forensic Toolkit allows eligible customers acquiring bit-to-bit images of devices’ file systems, extracting device secrets (passcodes, passwords, and encryption keys) and decrypting the file system image. Access to most information is provided instantly”.

Cellebrite: “The complete solution for Apple devices running any version of iOS! The Cellebrite UFED Series allows extraction of appropriate data for forensic decryption and technical research and analysis for current and deleted data from these devices.
IOS devices: iPhone 2G, iPhone 3G, iPhone 3GS, iPhone 4, iPhone 4S, iPhone 5, iPod Touch 1G, iPod Touch 2G, iPod Touch 3G, iPod Touch 4G, iPod Touch 5G, iPad Mini, iPad 1, iPad 2, iPad3, iPad 4, others.

Different ways to perform data extraction:

Logical and file system extraction (for jailbroken devices) enabled the UFED Touch.
Physical extraction and file system (for locked devices) enabled the UFED Physical Analyzer”. More: http://www.elcomsoft.com/eift.html

Oxygen Forensic® “is a mobile forensic software that goes beyond standard logical analysis of cell phones, smartphones and tablets. Using advanced proprietary protocols permits Oxygen Forensic® Suite 2013 to extract much more data than usually extracted by logical forensic tools, especially for smartphones”.

More: http://www.oxygen-forensic.com/en/

MPE+ Mobile Forensics “Software Supports 7000+ Devices, Including iOS®, Android™ and Blackberry® Devices, as well as Devices with Chinese Chipsets.

Mobile Forensic Examiner PLUS (R) is AccessData’s market leading stand-alone mobile forensics software solution that delivers an intuitive interface, data visualization and smart device support in a single forensic interface. MPE+ supports even the most challenging mobile device profiles and features advanced carving, deleted data recovery, SQLite database browsing and filtering options. Furthermore, MPE+® images integrate seamlessly with Forensic Toolkit ® (FTK ®) computer forensics software, allowing you to correlate evidence from multiple mobile devices with evidence from multiple computers within a single interface”.
More:http://www.cellebrite.com/mobileforensics?gclid=CIGazMmImL0CFWxp7AodmREAvA

Analysis on mobile devices

• The analysis should be performed on a copy of the original data. the original data must be properly protected. The copy should be bitwise with the aim of preserving and removed files other information.
• The information collected copies thereof shall be certified using cryptographic signatures.
• The analysis of raw data from disk and memory is too slow. The use of tools for recovering files and dump process can streamline the analysis.
•  A testing environment may be prepared to assist in the procedure analysis.

The entire process should be documented.

CONCLUSION

Forensics on mobile devices is one of the aspects of Information Security that draws enough attention from corporations, common users and members of the scientific community. Despite the various tools available that greatly facilitate the action of the expert, the final conclusion still hangs on experience and integrity of the professional who conducted the investigation.

About the Author

This article has been written by Rafael Souza, who is a senior security researcher at Rhainfosec.