Ah, the old worm and hook routine. To be honest if I was a student I'd probably go for this since it's a pretty sweet toy to have if you're on a low budget. Right now I'd probably decline.

That said, how are they tracking the holder's usage and location? If they are not using anything over and above what's install on a regular smartphone who's to say we're not already being monitored in this fashion? The phorm debacle demonstrates we should not rely on the law or agreements with service providers that this kind of behaviour will not take place.

Jimbob

One such lower-tech approach might include lock bumping.

http://en.wikipedia.org/wiki/Lock_bumping

High security assets ought not be secure with yale locks IMHO.

Jimbob

Warzapping could also apply to certain mobile phones. I've seen a feature on some Symbian phones to lock the phone on reciept of a text message with a predetermined keyword. As far as I can see SMS message can originate from anywhere. So spam a whole load of phones with the message 'lock' and see how far you get 

Jimbob

Using nmap is not safe, most scan will send packets to the target IP address. What the remote system does with these packets is up to them but logging, port scan detection and other techniques may be used to identify the scan.

Jimbob

Frying an egg
*clicks iTunes Genius button*

My playlist now contains:
* bacon
* sausage
* toast
* baked beans
* brown sauce
* cholesterol test

The focus of their wrath seems to be on the use of bittorrent, one of the few P2P networks that actually sees significant non-piracy use. I guess they would like to hobble all users and the consequences to the law-abiding be damned. So no change there.

Jim

Thanks pseud0, I think you pretty much summed up the feeling behind this attitude to defense expert witnesses. What leaves a sour taste in my mouth is the notion that those who put forensic practice under scrutiny are at fault. That's not how I understand justice to work.

Jimbob

Hi,
The first thing to do is stop any more writes happening to the disk. Power off the system so that no further data will be lost. Make an image of the disk and work on a copy so you don't risk losing any more data.

There are tools to recover deleted files. Check out The Sleuth Kit (TSK) and autopsy for a free way of examining file systems. A reinstall of the OS probably means that you've formatted the system volume, so this won't be a simple case of finding deleted files in the current file system. A data carving tool like foremost might be your best bet in recovering files.

Can you let us know the OS, file system type (before and after installation) and the type of files you are trying to recover?

Regards,
Jimbob

Hi,
I've noticed a significant prejudice against computer forensic professionals who work for the defense. Some professional bodies will deny you admission if you have ever worked for a defendant and you may find a lot of other doors closed to you if you do this. Certain tools for example are only available to law enforcement.

I believe computer forensics to be an extension of forensic science. I also believe that justice cannot be served by making the forensic process a closed system not open to scrutiny. In science peer review is important to ensure the validity of the scientific process and it's conclusions.

Does this attitude exist, and if so does it hold back the progress of computer forensics?

Jimbob

Hi,
Kind of an open question; how can all the good people gain some experience with computer forensics? I know there is a lot of good training material out there but how can you gain real world experience, particularly if you've no previous field experience or already have a part/full-time job?

Are there opportunities to gain work experience by volunteering with law enforcement or private companies? There are lots of people here who would be interested to share your experiences.

Jimbob

One important point when it comes to discussing disposal of hard disks is the ever-present issue of risk. If you are a poor student and getting $50 for a used hard drive is big deal then destructive disposal seems a poor choice. If you're a multinational company then hit your old disks with a hammer. A big hammer.

The student's solution would be to use something like Darik's Boot and Nuke.

http://www.dban.org/

Regardless of who is disposing of their old computers it's worth erasing the disks, even if the machine is going to be scrapped. I've seen plenty of scavengers trying to take dumped kit from refuse dumps and recycling centres.

Jimbob

Hi,
I'm not certain that I understand your issue completely, so bear with me. Given your description what is currently happening goes something like this.

1. Your web page as a login form
2. The form makes a HTTP request to a script which you use for authentication
3. You want to defend against a form from another site calling this script

The situation you describe is like a phishing attack where a fake login page is used to harvest login credentials. There is not a lot you can do to prevent this scenario in the real world.

You could issue a session cookie and only allow requests to be processed if a valid cookie is found. A phishing site could easily send it's own HTTP request, get a valid session cookie and request authorization. Filtering on the HTTP referer
header can easily be worked around since this header is sent by the client.

If you can be a bit more specific as to what you need to do then perhaps you'll get some other ideas thrown your way.

Regards,
Jimbob

Hi,
The information you're looking for is in the documentation.

http://metasploit.org/framework/support/

Check out the user guide and the developers guide and you should get what you need.

Jimbob

It may also be of use to enumerate any DNS hostnames you can find and see where they resolve to. This could help define the size of the network. You can start by trying reverse lookups of the IP addreses you think are in the network. Results for an unexpected domain might indicate you are beyond the network boundaries.

If you can do a zone transfer then check the addresses where the hostnames point to. Check out DNS records such as MX and NS. Using data from separate sources and queries can help build a better understanding and increase your confidence in the results.

Jimbob

Hi BillV,
In my experience what you'll get in response to this sort of solicitation is a fake PayPal receipt email. The scammer will then ask the goods shipped. Asking for the PayPal details is just a way to customise the email template they will send you in an attempt to con you.

Other modalities might include offering to overpay for the goods and asking you to forward the difference by western union. Fake or stolen cheques are sometimes used, but forged PayPal emails are by far the most common due to the ease of use.

Jimbob