All You Need Is This (by Paul W. Smith)
Dealing With Wireshark's TCP Checksum Errors (by Tony Fortunato)

A Great Week – Computer Cache Training and CacheBack (by The Oldcommguy)

A new and easy way to dig into computer internet caches!

As many of you know I teach Cyber Investigation techniques..etc to Law Enforcement plus private and corporate security officers. Thus getting data out of the Internet cache for all the big browers is not an easy task until I was trained on the new CacheBack solution! Very Cool!

Combo browsers and open computer

Two weeks ago, I had the pleasure of being trained, tested and certified on a new software tool for security and law enforcement personnel called CacheBack.

CacheBack is the brain child of John Bradley and even though the newest version is not out it is an awesome visualization tool for cached data from websites to chat. It even allows one to play a chat for court room viewing without using the entire product and suspect database.

He seem to have thought of almost everything from simplicity of operation, speed of acquisition, forensically sound processes to easy to develop sound, focused and yet simple reports on a very complex set of data.

CacheBack opens the suspect information in a simple to use tabular view, you select the evidence needed, it automatically carves out your selections then easily place in a report for evidence. The tool even makes use of Microsoft Excel and Access for custom report building or placing the information into larger reports.

Internet history w case numnber

 

One very cool thing that it does is adjust any time zone issues so all the evidence that is time sensitive has the correct time correlation, which all evidence should be time sensitive.

I doubt if the defense would allow for important evidence of a shell casing found a week after the area had been searched and reopened, so it is the same thing with Cyber Evidence. Remember – Time and Place are very important factors in any criminal or civil trial!

The CacheBack program comes with all the tools one would need for finding and carving data from browsers but the really cool thing is that CacheBack will automatically rebuild cached web pages and examine Internet histories for Internet Explorer, Firefox, Opera, Safari, and Google Chrome. If you have ever even tried to find these pages on a hard drive and decrypt them to rebuild you will know that this is a very major task, especially with Safari, Opera, Chrome and FireFox.

CacheBack web page

Once rebuilt the web pages can be viewed like thumbnails so the correct event can be acquired just as the suspect saw the page and all its pages, references and pictures and hyperlinks,,,,etc. Even if the hyperlinks have been changed the analysis tool rebuilds the one seen when the suspect used it.

One can easily and quickly browse through deep and complex cache histories and large data repositories using their fast, easy to use and visually powerful multi-tabbed, multi-functional WYSIWYG interface. One of the biggest challenges for Law Enforcement is filtering and importing evidence or suspect pictures and movies directly from local hard disks. The CacheBack solution uses a special GrabMedia data mining tool, which is included. This way an investigator can easily Categorize, Group, Bookmark and/or Exclude any quantity of pictures or movies from your case and or suspect file. Further one can eliminate hundreds of thousands of images from the suspect analysis, in just seconds, using their proprietary filtering technology and their Photograph Aspect Ratio Differential algorithm (which was developed by John also) for the proper selection of suspect images, movies ..etc. The PARD helps look for the most common parts of the aspect ratio in suspect photos like skin tones, curves…etc 

Another very cool idea is setting up regular and predefined investigation requests and queries. This very cool tool allows one to setup the usual ways that they want to mine and carve the data, so everytime the results can be compared to previous cases and allof the processes are certified and well vetted. They are ready for any court usage.

The reality – Today almost every serious criminal investigation involves some web-based artifacts such as e-mail, instant chat messages, online e-commerce transactions, and visited websites also cell phones and GPS devices. Having a tool in your forensic toolbox that will transform hours or days of work into minutes is a necessity, especially when planning the next and imperative action items in any case from a homicide to an international child porn ring investigation. I have used and will continue to use CacheBack in my tool arsenal to help prove or vindicate those charged with criminal activity. The Fed’s now say that over 95% of all serious crimes have some sort of Cyber fingerprint that is essential in proving guilt or innocence. Cyber Investigation technology is a very new world and a growing arena for vendors. There are Open Source and or free tools most are for Law Enforcement only but we are now seeing people like John, taking their advanced computer, cell phone and GPS knowledge and building easy to use, forensically sound methods of finding, and presenting the evidence to the people on the juries.

If I was many years younger I would be fully engaged in this new frontier.

Oh yes I did pass and am certified in another acquisition technology to help all.

If you are interested in CacheBack please go to -  http://www.cacheback.ca/  and tell John – Tim sent you!

I wish all the Readers of LoveMyTool a Very Merry and Wonderful Christmas.

 

Comments