Sunday, July 15, 2012

A quick note on Fraud <-- from the trenches

Just finished an interesting investigation, where millions of dollars have been stolen by a sales person. It turned out that the company has KPI (Key Performance Indicators) based on volume of sale, not how much profit sales team makes for the company. This approach breeds all kinds of corruption.


In this particular case CCleaner and Eraser have been used 4 times before I got the computer. The guy simply didn't think of automatic Apple backups, that were made every time he connected his precious iPad to his work computer.





Lately, I have noticed that it has become more frustrating to navigate the web. Adds have been pushed to my screen from every imaginable place. What's more annoying is that many are showing up before the content of a page that your were urgently looking for, with a little button in some obscured place allowing you to skip or fast forward the add. I wander how many annoyed or naive customers actuall click on this kind of adds and if these adds are doing more damage than good for the advertiser.

To me, this particular advertising model is not dissimilar to the above-mentioned case with all the consequences arising therefrom.

Wednesday, July 4, 2012

Miscellaneous things

AHCI

Windows 7 is finally replacing Windows XP in both, private and corporate areas. According to StatCounter Windows 7 passed 50% threshold in June this year. I have been using Windows 7 almost from day one and started using this OS as a main forensic platform since release of SP1. I found that Windows 7 is more sensitive to hardware changes compared to Windows XP and occasionally would simply refuse to boot after changing settings in motherboard or adding new hardware.

I still use Dell Optiplex 755 for research and development. 8GB of Ram and Quad Core CPU handling most tasks at acceptable speeds. Last week I reinstalled Win 7 OS and this week decided to add two 2TB drives configured in RAID-0. I went to BIOS and changed Drive Operation mode from default AHCI to RAID and configured these two HHD's in Intel Storage Raid controller as RAID-0.

The OS refused to boot. I remembered how sometimes Windows XP would go into 'BSOD' and Advanced Host Controller Interface(AHCI) mode had to be switched off in BIOS. Obviously the issue was related to AHCI/RAID. Win 7 automatic repair option didn't help and I went online looking for a solution. It only took me 2 two minutes to find the fix. I disconnected two RAID-0 drives, changed back to AHCI mode and booted Windows 7. I them edited two registries and changed their VALUE date to 0, changed back to RAID mode and Voila, everything works again.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Msahci

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\IastorV

Don't drop your Thunderbolt cable

Untitled 2

I have been holding back on Thunderbolt technology due to its price and lack of available storage
devices. My focus this year was on USB3. Adding USB3 drivers to WinPE Forensic Live CD for
example is easy to do and Express cards are cheap and extremely useful when imaging laptops that
have no USB3 interface.

Thunderbolt is still expensive technology, even cables are $50 plus. The technology is very promising
though and gaining popularity. Thunderbolt cables are expensive for a good reason.

The aren't just a bunch of interconnected copper conductors anymore. To be able to sustain 10Gbps
bidirectional data transfer rate these 'wires' currently have four integrated circuits at both ends.
Transivers, microcontrollers, 3V power management and voltage regulation chips and 15V power
supply are built into the wire making it a very sensitive and advanced piece of hardware.