Nashville Tennessee Computer Forensics

I have recently gotten some questions about what computer forensics work I have been doing in Tennessee, and to contrast it to Florida.  By and large, computer forensics is computer forensics but there does seem to be some different emphasis on the work areas.

I have had a lot of healthcare related work in Tennessee.  This has ranged from the individual doctor’s practice to large clinics.  The work has ranged from data breaches, employee’s stealing data, to data recovery work.   The cases generally haven’t been huge investigations, as in find the unknown bad act.  In interviews, I have generally been able to narrow things down to “X” act happened between these date and times on the specified computer(s).

I have made progress on making contacts with attorneys in Tennessee and Kentucky.  I have been retained in few child pornography cases as an expert witness.  So far, many of the issues in the cases are similar to those I saw in Florida and Virginia.  In Kentucky especially, they seem to be very backed-up on their forensic exams.

I had an investigation in Arkansas where an “ethical hacker” performed some work without having a written contract in place giving him permission.  The events that followed created some confusion and concern for a possible data breach.

Last week, I was at the Tennessee Bar Association’s office in Nashville for a live continuing education presentation.  This presentation was titled “Computer Forensics in a Mobile World.”  This presentation was streamed live throughout the state for attorneys to attend for CEU credit.  They also will be able to view the presentation on-demand for CEUs over the next year.

I hope to do some presentations at the Lebanon, TN chamber of commerce over the rest of the year. I will cover topics that will be of interest to small business owners.  The presentations will probably focus on firewalls, storage, HIPAA, and general security topics.  On the HIPAA/ HITECH act presentation I am hoping to have an attorney participate.

I am also going to do one on utilizing mobile device analysis in traffic accident investigations.  These seems to be a rapidly growing area of interest in litigation.  Not to mention a very real problem…as we have all seen first hand.  It will also serve to gauge interest locally in this area.

Take Back Your Email

Own You Own Email

If you have followed the technology related privacy news at all in the last year, you know that your average free email service now has zero expectation of privacy. This isn’t even “tin foil hat” style speculation now. It is well established that the NSA indexes all the email traveling through the major free email services. Moreover, Google has changed their terms of service to essentially read that you have no expectation of privacy. They routinely scan and index your messages for ads before you even see the message. Now they scan any pictures for child pornography, and proactively report anything found to law enforcement. The follow on question is how long before they start scanning for copyrighted music, pictures, or a plagiarized essay?

I for one have reached the point where I don’t want to wait around in that environment anymore. I have always used my business domain email for major things such as attorney emails, but I have largely quit giving out my gmail address for anything except just total junk mail. In essence, you shouldn’t use your gmail address for anything that you wouldn’t be okay just posting on a public message board.

I know many people reading this will have the thought that you can’t possibly afford to, or know how to move off of gmail.

Well, I will give you a few steps to a simple alternative. I have been using FastMail now for about a year. Their email service is fast, always available, and very responsive. They include a built in function to import your previous email from gmail to FastMail. You can even configure FastMail to keep checking and pulling email from Google’s servers. You can even send using your Gmail address. Obviously, you want to start moving away from that gmail address; but, we all know that will take time.

Fastmail has assurances on their website that their team is entirely Austraila based, and intends to fight any NSA national security letters. They advise that Australia has no parallel to the National Security Letter. Any mass collection in Australia will have to go through the public courts there. There is no U.S. citizen with admin access to their servers.

The basic steps to migrate are as follows:

  1. Buy your own domain. ( GoDaddy is a cheap way to do it.)
  2. Buy a FastMail Account.
  3. Point your DNS at FastMail
    a. If all you doing is using the domain for email, just point your nameserver records at FastMail. They can handle the rest of the DNS then.
    b. If you are hosting a website somewhere else with the domain, then you will have to enter the MX and SPF TXT records.
  4. Migrate your old emails over using FastMails import tool.
  5. After the import finishes, set FastMail to check your old address.
  6. Start using and enjoying you own email that you own.
  7. If you ever decide to use a service other than FastMail, since you own the domain, you just point that domain’s email to end up somewhere else.

I hope this points someone in the direction of getting a little privacy back in their life. The even better system is to have your own server hosting all you email, currently a great server side software application for the average person just doesn’t exist yet. I am watching the Dark Mail project and MailPile. One of them may be the even better answer in time. And no I don’t want to hear about, if you don’t have anything to hide. If that is your position, just make a public bulletin board your email service, and tell people to post there to contact you.

Learn more about me on my website DataTriangle, or say Hi next time you are in the Nashville, TN area.

Note I am not affiliated, and make no money from FastMail. They are just an alternative I know and personally use.

Gateway Server and Firewall Options

If you are running a business (or want to protect your home). One of the most important things to do is to secure your network. There are a number of very good and open source (free or low cost) Linux/BSD distributions that can protect your network. These open source servers do require some computer skill to administer. The beauty of it is that you can usually get started for free.

Many of these open source packages have commercial add-ons that you can use to enhance the network security. These paid add-ons are usually enhanced versions of the free/open source elements of the servers. (FYI: Companies in the open source field make their money by providing paid support contracts for the free products)

Regardless of the solution you choose, you will want a local or remote computer support person who can effectively leverage the available solutions in your environment. With the open source solutions available today, you can secure your network with little or no recurring cost. This is true with a home or business. Although, as a business network there are probably some add-ons such as company support and commercial anti-virus that you may want to consider adding to the system. The cost of these add-ons if very reasonable though and will help support your open source solutions so they stay around.

I will quickly run through a few of the options in this field, but first, I will define a few terms for the newbies in the group:

Linux of GNU/Linux is an open source user interface sitting on top of the Linux kernal. Linux has grown to be every bit as user friendly as Windows or Mac. ( I believe it is actually better than them both today.)

BSD- is another open source operating system. It is especially known for having very tight security.

Server- A server is basically a central computer responsible for handling network wide functions in an organization or organization sub-group. (or a home now days)

Firewall- Is an appliance device or an specialized server that is controlling traffic going in and out of the network to the internet as a whole.

GUI- Graphic User Interface. This is all the pretty windows you drag around and click now days. It is what is commonly thought of as an operating system by the average person today. Think what you see when you open a Windows XP desktop.

Untangle Firewall-

Untangle is an open source firewall/gateway solution that has paid add-on’s and support. It is the product that I personally use to protect my business network. It is known for having a very pretty user interface–very “Windows-esque”. Their Graphic User Interface (GUI) resembles a rack of servers like you would see in a server room. ( When I look at the graphic rack, I think about the thousands of dollars I would be spending on a rack of hardware for the same purpose.) Their package of solutions for securing (and accelerating) your network spans almost anything that you can think of needing. It works great for intrusion detection, web filtering, captive portal, virus blocking, and handling DHCP/DNS functions. Each of these individual pieces is configurable through an convienient GUI. All in one excellent easy to use platform.

PFsense-

PFsense is based on BSD. BSD is well known for its security as an operating system. This makes BSD a great platform for a firewall/ gateway solution. PFsense has long had the reputation for being a gateway for the super techy user. PFsense actually does have a very useable GUI. There are not as many easy to use features as untangle, so it would require a more skilled user to administer. There is paid support offered. It is pricey however, starting at $600 dollars for 5 hours.

ClearOS-

ClearOS is an open source distribution that focuses on being an all around server for your network. ClearOS doesn’t just handle the security aspects for your network, but it is designed to handle the duties of file server, web server, and mail server. This package has a network of providers trained in implementing there solution. There is also direct support from the company. This distribution is a great contender to replace a Windows Small Business Server.

Amahi-

Amahi is a Linux server based on Fedora. (Fedora is the open test bed for Red Hat Linux) This server is open source. They have done a great job of pulling together a lot of the features that a small office would need in a server. There product manages files, calendars, backups, disk pooling, wiki’s, database management, and disk monitoring. They also include DHCP, DNS, and VPN capabilities. These later capabilities are probably fine for home user, but for the high security environment I would stick with a firewall speciality distribution.

Amahi is also able to easily plug-in additional functionality. Although, not tons of Apps there is a nice assortment. These are nice one click install of additional functions. Of course being Linux and specifically Fedora based you can add further functionality through RPM packages.

This has been a few ideas to get you started in an affordable and secure fashion. I love open source!

Website and Communication Security through Encryption

A big challenge for a business trying to leverage open source technology for their public website is the security. Like all other industries, doctors and lawyers want to be able to leverage this free technology for appointments, live help, offline contact, sign-up forms, and basically anything with patient data. Despite the need in this arena, there are not a lot of quality/ affordable offerings for the small practice.

For the small practice, cost is no doubt a large factor. Many of the players in the field charge $500 to $1000 dollars per month to secure you data. This is not a reasonable cost for a small practice in my opinion.

In my work with setting up sites for some of these professionals, here are the solutions that I have combined with great effectiveness. I have used LuxSci secure email and forms. In order to maintain HIPAA compliance, I have used Gazzang to encrypt the MySQL databases which allows the data to be encrypted at rest. Of course I am using the tried and true SSL encryption to encrypt the data in transit.

The negative to this approach is it is not a “do-it-yourself” security approach for the average doctor or lawyer. It is going to require you to have a skilled web administrator on board. To be totally effective it is going to require securing computers that you use to access the data.

LuxSci is company that provides a host of services. The two biggest for lawyers and doctors is their email and secure form products. These two pieces are easily (for a skilled web admin) customized for your domain and business needs. Their secure email solution is to the end-user just a different webmail program. All the magic of securing your email happens in the background. LuxSci also has the ability deliver the email securely to mobile devices.

Something that really stood out for me about LuxSci is their customer service. They go above and beyond to make their solution work for you. While securing some very large and complex pdf forms for one counseling practice, I ran into some errors in their form submission environment. This isn’t a negative on them at all, this was some pretty non-standard stuff. They immediately starting working on the issue. It was a problem that required some back end recoding of how the software actually handles data. They were able to very quickly find the bug and fix the code.

If you have done a lot of work around software and hosted web services, you know how unique this ability has become. There are so many platforms out in the market place that are redeploying the code of others and can’t really fix core problems. This company can fix it. I have had other occasions to need their support for issues and I can’t say enough positive things about their customer service.

Gazzang EzNcrypt is the solution I use to encrypt my MySql database. What this solution does is break out specific tables out of your MySQL database that need to be encrypted. These tables are then encrypted utilizing a key on their servers (or yours alternatively). This encryption is transparent to the software needing to access it. The ability to encrypt MySQL databases at rest fills a big piece in being able to use open source software to your needs while still maintaining high security and HIPAA compliance.

While installing the Gazzang solution in my environment, I hit a couple of snags from my own lack of understanding of all the details of the install. (Note that this is a command line install. –that means old fashioned DOS interface like we used in the early 90s. You will need a web admin to do this.) Gazzang was very responsive when I contacted them. In a very brief time I got email responses from one of the design team. He was quickly able to help me though the issues I was having.

I have had follow-up contacts with both of these businesses since I selected them for my needs. I can tell you that both companies are very customer service oriented. Both companies are striving fill a niche with a significant need at an affordable price. I truly wish both companies the best and rapid growth. As a note: I have not been compensated in any way by either company.

DiskAnalyzer Pro

I recently received a courtesy upgrade to a software product I already owned and used, DiskAnalyzer Pro.  I am excited to review the software because it has really come a long ways.  The version I am reviewing is 3.4.

From their website: “The software helps you to find largest folders and files on your hard drive.  Get hard disk space consumption report grouped by file size, file types, ownership, file date and attributes.   Quickly drill down to folders consuming most of your hard disk space.”

As soon as the program launches, it asks you which drive you would like to analyze.  Once you pick the drive it quickly analyzes it.  It did my 500GB drive I chose in about 20 seconds.  The program then presents its main work interface.  The primary area is a row of tabs that lets you sort the files by different criteria.

DiskAnalyzer Pro Tabs

DiskAnalyzer Pro Tabs

You can click any of those tabs to quickly sort/ group files by that criteria.    For instance, you can click file types to quickly see how much storage is being taken up by every file type on your drive (by extension).  Wondering why you have so many rich text files?  Just double click the “rtf” extension folder.  A new window opens called the “File Viewer and Explorer.”  This view list all the rtf files on the drive with the associated metadata.  To the left is a window to quickly sort further by any of the file attributes.  Date searching even has a handy pop-up calendar to assist in choosing the dates you need.  (Very useful when you are lost in programming, and lost your orientation to time and place!!)

File Explorer View

File Explorer View

Double-Clicking any of the files in the file viewer will launch the associated program to view the file.  For some of the simpler file types there is the option to launch and internal pre-view within the application.

A very nice feature if you need to report to someone else what is where, is the ability to export an HTML or CSV report of files located.  This is very useful for quick inventories after a data recovery or computer forensics job.  The same can be done with computer forensics software, but it is more time consuming to set up.

I can also see it be very useful for network IT professionals trying to find out what or who is taking up all the space on the server!

Overall, I find this to be a very easy to use and cost-effective utility.

Phone: (615) 208-6565 1633 W. Main St, Suite 902, Lebanon, TN