Following a Trace
File System Forensic Analysis, Brian Carrier. Most digital evidence resides within the computer's file system, but understanding how file systems work is a technically challenging concept for a digital investigator. This reference should serve everyone who wants to understand file system analysis.
The author begins with an overview of investigation and computer foundations, and then gives an overview of contemporary volume and file systems: information for discovering hidden evidence, recovering deleted data, and validating tools. The book also describes data structures, analyzes example disk images, provides advanced investigation scenarios, and uses open-source file system analysis tools—including tools the author personally developed.
The book explores topics such as preserving the digital crime scene and duplicating hard disks for dead analysis; identifying hidden data on a disk's host protected area (HPA); and reading source data: direct versus BIOS access, dead versus live acquisition, and error handling.
The book also discusses using Sleuth Kit, Autopsy Forensic Browser, and related open-source tools. A Web site, http://www.digital-evidence.org contains book updates and up-to-date URLs from the book's references.
Addison Wesley; ISBN 0-321-26817-2; 600 pp.; $31.49.
9th Annual Anti-Virus Asia Researchers Conference
3–5 December 2006
Auckland, New Zealand
The AVAR Conference is an annual event organized by the Association of Anti-Virus Asia Researchers (AVAR) since 1998. The theme for the conference this year is Digital Security—Prevention to Prosecution.
The conference will cover topics such as malware trends; replicative and nonreplicative malware (botnets, rootkits, Trojans, spam, spyware, phishing, and pharming); Internet criminal investigation, tracking, and research; the roles of Internet service providers (ISPs); wireless security; and emerging technologies.
Speakers from government, defense, ISPs, CERT, universities, and commercial companies will make presentations.
15th Annual USENIX Security Symposium
31 July – 4 August 2006
The USENIX Security Symposium brings together researchers, practitioners, system administrators, system programmers, and others interested in computer systems and network security.
This year's conference begins with a two-day training program, which can help attendees learn about measuring security, TCP/IP weapons school, radio frequency ID security and privacy, and practical cryptography. Attendees can choose from eight full-day sessions.
The technical program includes a keynote by former senior White House advisor Richard A. Clarke; invited talks and two panels cover security vulnerabilities, exploits, and attack patterns; signaling vulnerabilities in law enforcement wiretapping systems; turning around the security problem; digital-rights-management wars, the next generation; and surviving Moore's Law—security, AI, and last-mover advantage.
The 22 refereed papers present new research in areas such as intrusion detection, system assurance, static analysis for security, and authentication.
Association of Anti-Virus Asia Researchers
AVAR's mission is to prevent the spread of and damage from malicious software and to develop a cooperative relationship among anti-malicious-software experts in Asia.
The organization is independent and not for profit; its members come from Australia, China, Hong Kong, India, Japan, Korea, the Philippines, Singapore, Taiwan, the UK, and US.
The group's activities include organizing and hosting an annual conference and seminar on anti-virus issues, providing information on computer virus incidents through Asia on its Web site, and operating an AVAR member mailing list to exchange information and opinions among members.
The site claims that the group is planning on issuing an AVAR electronic newsletter on security information; conducting evaluation test for anti-virus products; providing certificates to anti-virus products and technical people for their knowledge about computer virus prevention; and improving communication and cooperation with other international anti-virus organizations.
CERT Coordination Center
The CERT program is part of the Software Engineering Institute (SEI), a federally funded research and development center at Carnegie Mellon University. Following the Morris worm incident, which brought 10 percent of Internet systems to a halt in November 1988, the Defense Advanced Research Projects Agency (DARPA) charged the SEI with setting up a center to coordinate communication among experts during security emergencies and to help prevent future incidents. This center was named the CERT Coordination Center (CERT/CC).
The Coordination Center provides a list of computer virus resources. This page contains links to hoax and chain letter databases, which give visitors a list of resources to help separate the hoaxes from the valid warnings; virus databases, which provide specific information about a particular virus; virus organizations and publications; anti-virus vendors, including a list that has URLs for downloading updates for anti-virus products and definition files; and anti-spyware or adware vendors, including tools for protecting systems from computer spyware and adware.
Along the left-hand side of the page, there are also links to security books and articles, Internet groups and statistics, security-related groups, US government resources, security mailing lists, firewalls, viruses and hoaxes, and Web security.
Windows Forensics: The Field Guide for Corporate Computer Investigations, Chad Steel. Computer forensic analysts rely on scientific principles to combat computer crime in the Windows world. This book helps introduce those contemplating a career in this field, as well as analysts in Unix/Linux environments, to explore ways and tools to help recover sabotaged files, track down sources of threatening e-mails, investigate industrial espionage, and expose computer criminals.
Readers will discover ways to identify evidence of fraud, electronic theft, and employee Internet abuse; and how to investigate crime related to instant messaging, Lotus Notes, and browsers such as Firefox. The author also presents his perspective on what it takes to become a computer forensics analyst.
The book provides sample forms and layouts as well as case studies, and offers tips on protecting the integrity of evidence. Readers can learn how to compile a forensic response toolkit; assess and analyze damage from computer crime and process the crime scene; develop a structure for conducting investigations; and discover how to locate evidence in the Windows registry.
The author has investigated more than 300 computer security incidents. As an adjunct faculty member, he developed and taught the computer forensics graduate course in Penn State's engineering program and has instructed federal and local law enforcement, commercial clients, and graduate students in forensic analysis. His experience includes serving as head of IT investigations for a Global 100 corporation and as managing director of the systems integration and security practice at Qwest Communications.
Wiley; ISBN 0-470-03862-4; 408 pp.; $25.19.
Implementing Database Security and Auditing: Includes Examples for Oracle, SQL Server, DB2 UDB, Sybase, Ron Ben Natan. This book offers readers methods and techniques for securing, monitoring, and auditing database environments. For database security and auditing, the authors discuss network security, authentication and authorization issues, links and replication, and database Trojans. Readers will also learn of vulnerabilities and attacks that exist within various database environments or vulnerabilities that have been used to attack databases.
Many of the book's sections outline the anatomy of an attack before delving into the details of how to combat such an attack. The author covers the database auditing landscape from business and regulatory requirements perspectives, as well as from a technical implementation perspective.
Despite examples from many well-known products (Oracle, SQL Server, DB2, Sybase and even MySQL), this book offers a broader view of the database environment, one independent of the database platform.
Digital Press; ISBN 1-555-58334-2; 432 pp.; $54.95.
RSA Conference Europe 2006
23–25 October 2006
RSA Conference Europe, now in its seventh year, offers a schedule of sessions, keynotes, and tutorials about information security, plus an exhibition featuring European security vendors.
Special events include a Technology Showcase Theatre (where visitors can see a different vendor present products and services every 30 minutes) and Hackerland Challenge, where attendees can win prizes and test their skills at hunting for Web vulnerabilities.
In addition to sessions and exhibits, the conference also offers networking opportunities, including the first-time attendee orientation; an evening welcome and networking reception; and daily special interest group discussions.
Every year, the conference is built around a different historical theme that highlights a significant use or misuse of information security. In 2006, the theme is centered on ancient Vedic mathematics, and a mathematical Sage named Aryabhatta.
Tracks will include the following:
• Government, Policy, and Regulatory Compliance, which will discuss how various government entities shape the information security landscape through their significant purchasing power, regulatory authority, and fostering of best practices and standards in both the public and private sectors;
• Hackers and Threats, which explores hacking, network forensics, and countermeasures;
• Identity and Access Management, which covers access control, identification technologies, and protocols.
International Conference on Scientific and Statistical Database Management
3–5 July 2006
This international conference will bring together scientific domain experts, databases researchers, practitioners, and developers to present and exchange research concepts, tools, and techniques for scientific and statistical database applications. A forum for original research contributions, the conference also plans a session on practical system design, implementation, and evaluation. With a focus on applications of scientific and statistical databases, the conference will cover data and computing on a grid; data warehousing; registries and integration; ontologies in scientific computing; and the exploratory analysis and modeling of scientific data.
Moving Objects Databases, Ralf Hartmut Guting and Marcus Schneider. The current trends in consumer electronics—including the use of location-aware PDAs, phones, and vehicles, as well as radio frequency ID tracking and sensor networks—require the database support of a specific flavor of spatio-temporal databases. The authors call these moving-objects databases.
With current systems, most data management professionals cannot smoothly integrate spatio-temporal data from moving objects, making data about, say, the path of a hurricane very difficult to model, design, and query. This book's concepts and techniques aim to help solve data management problems associated with difficult-to-model data, like data gathered in fields such as geology, national security, urban planning, or mobile computing.
The authors focus on modeling data from moving objects—such as people, animals, vehicles, hurricanes, forest fires, oil spills, or armies—as well as the storage, retrieval, and querying of voluminous data. They demonstrate how new concepts and techniques can integrate time and space in database applications. The book also provides exercises and solutions in each chapter to enable the reader to explore recent research results in practice.
The book summarizes research of the last decade on spatio-temporal databases, emphasizing approaches that can handle continuously changing geometries. For some objects, only the position in space is relevant, so modeling can represent them as moving points; for others, the time-dependent extent is also relevant, which brings up moving regions.
Morgan Kaufmann; ISBN 012-088-799-1; 416 pp.; $59.95
International Advanced Database Conference (IADC 2006)
27–29 June 2006
San Diego, Calif.
The 2nd International Advanced Database Conference aims to bring together researchers and professionals from industry, academia, and government to discuss database systems; it encourages collaboration between academia and industry. IADC 2006 will present papers on different forms of database systems and database technologies. The conference includes keynote speeches, technical sessions, professional development courses, and vendor exhibits. A special track will cover software engineering and data engineering.
Conference topics include distributed-database-systems design, temporal database systems, software and data engineering, cooperative information systems, distributed query processing, data encryption, and security in wireless database systems.
Intelligent Enterprise Database InfoCenter
The Intelligent Enterprise site focuses on how technologies mesh to form strategic business applications, and addresses issues for business application strategists, such as how to integrate systems and gain market or customer insight in real time, provide a framework for information (via databases, data warehouses, and data marts), what applications should run the business. It also covers how to make systems work together for better, more automated processes; how to access and deliver information for better business decisions; and how to grow revenue by harnessing a company's intelligence.
The Database InfoCenter, one of seven different InfoCenters managed on this Web site, specifically addresses database issues, including links to new articles, resources, and books.
Some of the new articles on the main page include "Breakthrough Analysis: A Data Space for Information Coexistence," which discusses how such a data space might allow disparate information to coexist rather than trying to force conformity; "Dashboard: Oracle Speaks—But Can It Lead In Business Intelligence?" an article that considers whether Oracle could take over the market from Business Objects, Hyperion, and other business intelligence companies; and "The Eighth Annual Editors' Choice Awards," which includes the site's take on what the editors believe are the dozen most influential vendors driving the intelligent enterprise. This last article also examines what the editors consider to be the 48 companies to watch for business intelligence and enterprise applications.
This site is a knowledge base about the database industry, database management systems, database application development, data warehousing, and data mining.
Besides containing a list of links to commercial database vendors, the main page also contains links to subcategories of database-related topics. Each link opens up a new section containing relevant news articles and tutorials specific to the subsection.
Database Modeling and Design: Logical Design, Toby J. Teorey, Sam Lightstone, and Tom Nadeau. Database systems and database design technology have changed. The relational data model and relational database systems dominate business applications; in turn, practitioners have enhanced them with other technologies, like data warehousing, online application processing, and data mining. Readers who need help modeling and designing a database application to account for new technology or new business needs will find this book useful.
The authors provide explanations, examples, and an illustrative case study about design rules applicable to any system based on SQL. Readers will also learn how to develop industrial-size systems.
The authors provide a look at the Unified Modeling Language (UML 2) as well as the entity-relationship approach for data requirements specification and conceptual modeling—with examples throughout the book for both approaches. The book also offers details and examples of how to use data modeling concepts in logical database design, and the transformation of the conceptual model to the relational model and to SQL syntax. Readers can learn about fundamentals of database normalization through the fifth normal form and how to use CASE tools to handle complex data modeling problems. Exercises test the understanding of all material and the book includes solutions for many exercises.
Morgan Kaufmann; ISBN 012-685-352-5; 296 pp.; $49.95.
Fundamentals of Database Systems, 5th edition, Ramez Elmasri and Shamkant B. Navathe. In revising this widely used textbook a fifth time, the authors have developed entirely new problem sets for each chapter and a new online lab manual. By combining explanations of theory and real systems, they cover the basic modeling and design of databases as well as the manifestation of theory in modern database systems.
Starting with the relational approach, the book also discusses enhanced entity-relationship models, object-oriented databases, and emerging combinations of databases with newer technologies such as PHP and the Extensible Markup Language. Practical topics—such as data recovery and security—also find a place here.
The last chapter describes emerging database technologies and applications, including databases for mobile, multimedia, geographic information, and genome data.
Addison Wesley; ISBN 0-321-36957-2; 1168 pp.; $100.
Open Source Database Conference 2006
6–8 November 2006
The second annual Open Source Database Conference will take place in Frankfurt, Germany from 6–8 November. Last year's conference attracted more than 500 IT professionals interested in open-source databases and the businesses related to them.
The conference aims to provide a chance for the community to meet experts and peers, and for businesses to network with potential partners and showcase their products. The event expects to draw delegates from a diverse set of backgrounds that include IT influencers, database developers, database architects, database administrators, and project managers.
Attendees will have the option of choosing from a set of sessions dealing with developments in open-source databases. The conference will also provide tutorials about database technology through tutorials.