http://m-net.net.nz/content/view/614/373/ By Keith Newman 11 September 2006 A new breed of forensic tools, designed with the help of Whangarei-based Thackray Forensics, can now access and clone the full contents of a mobile phone or PDA within seconds. Managing director John Thackray is one of a handful of qualified instructors in the use of the .XRY toolkit worldwide and is the only qualified instructor in the Southern Hemisphere. Since the launch of the range of products from Micro Systemation (MSAB) he has trained specialists in government and corporate organisations including the FBI, the British Secret Service, Scotland Yard and the Italian police. However he says the majority of New Zealand's law enforcement and corporate agencies are still lagging in this area of technical investigation. To date only the Customs Services and one other service that cannot be named are using the technology other than Thackray Forensics. Thackray, a former British policeman, was originally imported to New Zealand over a decade ago as the first full-time New Zealand Police computer forensics expert and has not only helped develop the toolkit but has also come up with operational procedures that are now being adopted worldwide. He has just returned from teaching the Italian police how to use the technology in their detection of terrorism and for forensic investigation. In August he is off to train the Royal Canadian Mounted Police on how to use the new electronic crime fighting tools. He says the cellphone is taking over from the computer as the modern criminal's preferred tool of trade with organised crime, drug dealing and fraudsters using text messaging as their main means of communication. The major problem recovering information from cellphones in the past has been the inability to access the myriad of models, operating systems and protocols used by different manufacturers. "Even the same manufacturer may have a variety of phones with diverse systems and there are up to 50 models released globally every month," says Thackray. The new approach can access all models and operating systems to harvest physical information from SIM cards and memory cards. "It is phenomenal the amount of information that can come from cellphones including deleted SMS messages, contact lists, and historical information about the phone owner from a deep level on the computer chips." In the corporate sector the toolkit is useful in detecting everything from inappropriate text messaging on company phones to uncovering industrial espionage and the theft of intellectual property. "It is not uncommon now for a cellphone with a camera to have a 2Gb SD card to store photographs, videos and data. You could steal a company's whole database. The cellphone is becoming a high priority on the list of things to get at a crime scene and is streamlining investigations." However he warns people who're upgrading or selling their old cellphone to be wary even though they may think they have wiped the memory data. "I purchased six cellphones from a second hand outlet in Malaysia as part of an exercise teaching their customs people. We got text messages, contact lists and some very personal photographs. This is a real concern in terms of privacy," says Thackray. "Even after you have wiped your hard drive there's still information there that people with the right tools and knowledge can retrieve and you can buy cracked versions of these tools on the internet already." _________________________________ HITBSecConf2006 - Malaysia The largest network security event in Asia 32 internationally renowned speakers 7 tracks of hands-on technical training sessions. Register now: http://conference.hitb.org/hitbsecconf2006kl/
This archive was generated by hypermail 2.1.3 : Tue Sep 12 2006 - 00:44:36 PDT