 Marcus Carey of SunTzu security firm & founder of DoJoSec | The March 5th DoJoSec was the second one of their monthly briefings I have attended. Although it is almost a three-hour drive from New Jersey, these evening sessions have been worth attending. I had to miss April's session because of schedule conflicts, but plan to attend the upcoming sessions of what has been called "dinner theatre for security geeks." Since the videos of the presentations are available (embedded & linked on this page), I won't bother summarising them in detail. Just watch the videos. Rather, I'll highlight some of the things I found especially interesting in the presentations. iPhone Forensics - Walter Barr and Sean Morrissey I had heard much about iPhone forensics from Jonathan Zdziarski, so I was interested in hearing what these fellows had to say on the subject. One of the interesting aspects of the presentation was the influence of the speakers' different professional background when it came to the issue of "jailbreaking" iPhones in the course of forensic examination. Morrissey came out of law enforcement background while Bar did not. This difference was the most evident when they covered "jailbreaking" iPhones to extract evidence data. Bar saw jailbreaking as an option. Morrissey strongly insistented that jailbreaking should not be used. Besides Apple's claim that jailbreaking iPhones is illegal, the use of "hacker tools" might open up challenges in court where opposing attorneys imply one is using "criminal" or somehow suspect tools. He exhorted the audience to do forensics right so we don't have bad cases and alluded to the forensic problems in the OJ murder case. The "hacker tool" & potential for court challenges stirred up quite a lively discussion during the Q&A. Some people pointed out that valuable security/forensics tools such as Wireshark could be maligned as "[criminal] hacker tools" and yet we use them, so why avoid jailbreaking tools. The problem appears to be that jailbreaking tools don't have as strongly established reputation for constructive uses as do Wireshark, nmap, nessus, and many other dual-/multi-purpose tools. Snort - The Forensics Tool? - David Warren Because I have been dealing with malware and network analyses recently, I was particuarly interested in seeing what Warren had to say. The main thing I got was that Snort's rules features and its support for extensive text and hex pattern searches make it handy for going through packet capture data. Cyberwar is BS - Marcus J. Ranum I looked forward to hearing Marcus Ranum's take on popular cyberwar concepts. I had read his thought-provoking "Six Dumbest Ideas in Computer Security" and saw that even if I didn't agree with everything he said, his ability to make us think more deeply about security was a valuable talent. Ranum's presentation was even better than I had expected. I am not even going to bother summarising anything else from it. Just view the video. enjoy, and think! Cheers. P.S. Dustin L. Fritz has more photos from the March DoJoSec Monthly Briefing on his blog. | |
 Bar & Morrissey speaking on iPhone forensics | ||
DojoSec Monthly Briefings - March 2009 - Wally Barr & Sean Morrissey from Marcus Carey on Vimeo. | ||
 David Warren reminding us of computing in the early 1980s. Remember the TI-99/4A home computer? | ||
DojoSec Monthly Briefings - March 2009 - Dave Warren from Marcus Carey on Vimeo. | ||
 Marcus Ranum speaking on cyberwar | ||
DojoSec Monthly Briefings - March 2009 - Marcus J. Ranum from Marcus Carey on Vimeo. | ||
As police agencies have often been pushing for wider collection and cataloguing of DNA as investigatory helps, now some police officers are finding themselves at the other end of the DNA collection swab.
The New York Police Department (NYPD) is starting what some call a "DNA roundup" of its crime scene investigations detectives. The DNA cataloguing is to quickly spot DNA that may be accidental left by CSI people at a crime scene so the police aren't looking for that person based on DNA found at the crime scene. This is similar to the collection of elimination fingerprints from some crime scenes. (For example, the members of a household that was burglarised might be fingerprinted to help the police eliminate their prints from the prints of suspects. Law enforcement officers prints are also on file and, thus, any prints they accidentally left at the crime scene can be eliminated. [Note 1])
This DNA cataloguing was prompted by the complications in a recent murder investigation as police were seeking for a male suspect whose DNA was found at the crime scene. It turned it to belong to a CSI detective who washed his hands in a sink and left a small drop of his blood.
Despite the practical investigatory reasons for the DNA cataloguing, some police officers are objecting, citing privacy concerns. Rather ironic. But there are some legitimate concerns about the use of DNA for elimination purposes.
Notes:
The New York Police Department (NYPD) is starting what some call a "DNA roundup" of its crime scene investigations detectives. The DNA cataloguing is to quickly spot DNA that may be accidental left by CSI people at a crime scene so the police aren't looking for that person based on DNA found at the crime scene. This is similar to the collection of elimination fingerprints from some crime scenes. (For example, the members of a household that was burglarised might be fingerprinted to help the police eliminate their prints from the prints of suspects. Law enforcement officers prints are also on file and, thus, any prints they accidentally left at the crime scene can be eliminated. [Note 1])
This DNA cataloguing was prompted by the complications in a recent murder investigation as police were seeking for a male suspect whose DNA was found at the crime scene. It turned it to belong to a CSI detective who washed his hands in a sink and left a small drop of his blood.
Despite the practical investigatory reasons for the DNA cataloguing, some police officers are objecting, citing privacy concerns. Rather ironic. But there are some legitimate concerns about the use of DNA for elimination purposes.
- DNA can tell things that fingerprints cannot. Fingerprint can tie evidence to an individual but not tell much about the individual himself. DNA can tell much about the person's physical traits, medical conditions, and such. One concern for CSI people could be adverse impact of some of the information for job promotions or insurance. [Note 2]
- A significant difference between fignerprints and DNA is the prospect of near match familial DNA searches. If one is fingerprinted, that record applies only to oneself. With DNA, that record can place one's blood relatives in a genetic lineup. This differnce can be unsettling to many people.
- Will the original agreement for the collection & cataloguing of the DNA change without notice & consent? Could the genetic information be "repurposed"?
J.D. Abolins
UPDATED 12 Nov 2008 to add more information and notes.Notes:
- Elimination prints and DNA do not mean that the person may never be considered a suspect. They eliminate people known to have legitimately been connected with the crime scene from initial searches for suspects based upon fingerprints and DNA themselves. Should other clues appear indicating that the "eliminated" person may have commited the crime, the person will become a suspect. This could happen, say, in a burglery case where other evidence is found that a household member may have taken the items reported as stolen and comitted insurance fraud.
- The use of genetic infromation for employment and insurance purposes is addressed by some genetic privacy laws, such as the US federal Genetic Information Nondiscrimination Act (GINA) and various state laws. How well are the employment & insurance issues address is a matter I cannot cover in this post.
- Slightly off-topic: As I was searching for more information about this DNA testing, I ran into a strange, novel approach to DNA testing: "DNA spit parties" Think of nucleic acids meet social networking.
- Mood:
awake
![[info]](http://l-stat.livejournal.com/img/userinfo.gif){kind=small}
