Google published a blog post last week detailing the new features the company is implementing to allow users more control over their data. The new features will impact their most-used applications including Google Maps, YouTube, and Google Assistant.

First, Google Maps has received an incognito mode feature. When using Google Maps in incognito mode, any location activity on the device won’t be saved to your Google account. This includes directions and places that are searched for. It is important to note that searching while in incognito mode will not update user personalization features and recommendations. Google implemented the incognito mode feature to YouTube earlier this year.

Included in a previous update, Google released a feature allowing users to automatically delete their web browser history and location activity. Now, Google has expanded the feature to include YouTube history. A user will have the ability to set a time period that the user would like their YouTube history available, such as three months. The rest of the history will be deleted automatically.

Google has also addressed privacy issues with Google Assistant. A user is now able to tell Google Assistant to delete recent voice commands. This can be accomplished by saying “Hey Google, delete everything I’ve said to you in the last week.” Additional features to manage user device privacy can be managed inside the Google Assistant application.

Finally, Google is implanting a password protection tool into its Password Manager. The password checkup feature will monitor your password activity and alert you if your passwords aren’t strong enough, if you’ve reused them, or if Google discovers that they have been compromised.

Google mentioned in the post “As technology evolves, so do people’s expectations for security and privacy. We look forward to building protections that aim to exceed those expectations.”

Email: sensei@senseient.com   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics

Earlier this year, we reported on the negotiations set to streamline the process of potential evidence exchange between the United States and the European Union in criminal investigations.

On Thursday, the agreement was reached which will allow law enforcement officers to demand evidence from tech companies residing in the other country. The agreement is set to drastically speed up investigations and allow for a timely collection of digital evidence.

US Attorney General William Barr made a statement about the importance of the deal: “Only by addressing the problem of timely access to electronic evidence of crime committed in one country that is stored in another, can we hope to keep pace with 21st Century threats.”

The deal has been criticized by groups such as the ACLU and the Electronic Frontier Foundation. The groups have concerns about the deal’s potential to allow law enforcement to bypass constitutional protections against unreasonable searches. The two counties have justified the deal by emphasizing the ability to fight serious crime in quick-moving investigations.

The agreement will go into place after a six month review period for from Congress has passed.

Email: sensei@senseient.com   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics

California based health center Wood Ranch Medical will close its doors in December due to a recent ransomware attack that deleted and encrypted the firm’s patient data, according to Health IT Security.

The attack occurred in August, when the clinic’s servers were compromised. As a result, all the patient data stored on the servers was encrypted including the backup hard drives. Officials determined the hackers responsible for the attack had hopes of receiving a ransom payment before unencrypting the data. A review of the systems showed the data was too heavily encrypted and ruled out data recovery as an option. Unable to recover the patient records, Wood Ranch Medical made the decision to close in mid-December. 

Wood Ranch Medical follows previous firms hit with a devastating cyber-attack. In a recent attack on Digital Dental, around 100 dental providers were unable to access health records for their patients for almost a month. In both instances, a digital forensics analysis showed no indication that any patient information, including names, dates of birth and social security numbers, were compromised. 

A history of ransomware attacks show their occurrence on the rise. A recent study has indicated that companies who suffer a ransomware attack are hit with an average 10 days of downtime with an average of around $36,000 in recovery costs.

Email: sensei@senseient.com   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics

A recent post by Doug Austin of CloudNine discusses the various email addresses that one person can have and what that means when performing a search for emails sent and received by a person. We often find that clients are interested in seeing the emails that an employee or ex-employee has sent or received. In a collection of email, it is quite possible to gather thousands upon thousands of emails. Running searches across the collected data set to pull specific information of interest can generate some interesting results depending on the provided search criteria and terms. Austin mentions in the post that he can receive emails from at least three email addresses, not to mention the use of any personal email accounts that may have been used to send or receive emails.

It is important to pinpoint all variations of a certain email address when using an eDiscovery tool or performing a digital forensic examination.

Email: sensei@senseient.com   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics

If you find yourself in a situation where you need to present data from electronic devices in court, it is important to follow best practices involving digital evidence. The first step will be preserving the relevant data. Most forensic software has the capability to create a copy of popular devices including mobile devices, computers, tablets, USBs, CDs, and many more.

Electronic evidence as a whole has the ability to be volatile and can change or update over time. Once you realize the digital evidence may be of value, preserve the data in its original form.

If deleted data is of interest, you will want to limit the amount of new data coming on to the device prior to the preservation. When dealing with deleted data, it is often stored in the free space of the device and has the potential to be overwritten with newer data coming onto the device. Turning the device off, or placing it in airplane mode if the device has that capability, are our recommendations to help prevent overwritten data.

The preservation process begins by making a copy of the data of interest. Any analysis performed is done on the duplicate copy created. It is best to avoid altering the original form of evidence. We do not recommend self-collection. You will want to retain a specialist to have the data preserved in a forensically sound manner.

Once a forensic copy is made of the data, the device may be returned to the owner and the copy can be stored for future analysis, if required.

Email: sensei@senseient.com   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics

Police departments across the US have begun a partnership with the surveillance company Ring, where they can directly request camera footage from device owners. Emails which have  been made public show that Ring will coach law enforcement on how to find actively enrolled Ring devices and pursue device owners to give authorities access to the footage.

The Verge has reported that over 200 police departments have reportedly begun a partnership with this company, where they have access to an interactive map called the “Law Enforcement Neighborhood Portal.” While inside the portal, police have the ability locate active Ring devices and request specific footage. However, in order for a device to be present on the interactive map, the operator of the security camera must enroll into the program.

In emails to law enforcement, Ring correspondents are advising agencies to push enrollment in the program into their local communities by having an active presence on social media, speaking at town meetings, and spreading information via word of mouth. Law enforcement hopes having more users enroll in the program will allow for more neighborhood security, and more evidence sources if a crime is committed. In the emails, a Ring employee states, “When you put a video request out it goes to ring device owners who have footage during the timeframe the incident occurred. The more users you have the more useful information you can collect.”

Currently, Ring has a neighborhood surveillance program available on IOS and Android devices. The application, named “Neighbors”, allows users to report crimes within their neighborhood and upload photo and video evidence to notify the local community.

Email: sensei@senseient.com   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics

Multiple teams of digital forensics experts are to begin work at six regional labor administrations across South Korea to assist in preventing labor violations in the workplace, according to the Korea Bizwire.

Plans introduced on September 10, 2019 plan to use “big data” analysis to narrow down lists of businesses that require further inspection for possible violations. Big data examinations involve the analysis of data sets that are too large to use traditional data-processing methods. Examining  large sets of data requires the use of advanced software solutions. This practice is popular with large corporations when they analyze large sets of data produced by customers in order to make business decisions. In this instance, the government hopes the big data analysis will allow for a more efficient labor inspection process and highlight businesses of concern.

Previous inspections by the South Korean government focused on businesses found guilty of violating labor restrictions, while the new program focuses on actively monitoring large businesses deemed most likely to commit violations based on the data analyzed.

The Korean government plans to add additional digital forensics teams and updated software to support continued operations in the future.

Email: sensei@senseient.com   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics

Google’s efforts to ensure its Play Store is free from malicious applications continued last week when 24 applications were removed from the site. The purged applications, infected with the new “Joker” malware, had the ability to charge for subscription accounts and collect various data from the device.

Security researcher Aleksejs Kuprins discovered the virus, and noted its capability to charge for premium subscriptions services and access the device’s text messages. Prior to their removal, they had been downloaded an estimated 472,000 times.

Below is a list of the 24 applications infected with the virus. If at any point you installed any of these apps, it is best to check your Google Play account for any unauthorized subscriptions. Additionally, reviewing credit card and bank statements will assist in determining if this affects you.

• Advocate Wallpaper
• Age Face
• Altar Message
• Antivirus Security – Security Scan
• Beach Camera
• Board picture editing
• Certain Wallpaper
• Climate SMS
• Collate Face Scanner
• Cute Camera
• Dazzle Wallpaper
• Declare Message
• Display Camera
• Great VPN
• Humour Camera
• Ignite Clean
• Leaf Face Scanner
• Mini Camera
• Print Plant scan
• Rapid Face Scanner
• Reward Clean
• Ruddy SMS
• Soby Camera
• Spark Wallpaper

Email: sensei@senseient.com   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics

In the early morning hours of Monday September 2, residents of West Medford, Oregon were alarmed by a shooting that took place, Jennevieve Fong of CBS News 10 reports. A 17-year-old shot two individuals who were attempting to break into his home that morning. In a later article, Fong reports that the Medford Police Department (MPD) are continuing their investigation into the shooting and looking into potential digital evidence.

The MPD are searching to obtain any prior threats made between the parties involved. MPD Lt. Budreau said that they are looking at not only threats that could have been made in person, but also looking at threats that came from electronic communications, such as text messages, social media, and instant messaging applications.

Electronic evidence gathered from cellphones, computers and social media has become a new norm for many investigations as it provides investigators with additional information. The MPD has enlisted the help of the Southern Oregon High-Tech Crimes Task Force to assist in collecting electronic evidence, and it said that the digital evidence obtained will be included in their investigation.

Email: sensei@senseient.com   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics

According to Expatica, Spain’s conservative Popular Party  has been acquitted of all charges in its alleged role in the destruction of evidence. Spain’s Popular party (PP), was undergoing trial for the destruction of evidence in a case dating back to 2013 involving the party’s former treasurer, Luis Barcenas. Trial for the PP began in June, the first time Spain has had a political party on trial.

The party had been accused of taking the hard drives of the former treasurer, Barcenas, before the investigators had been able to access them. The hard drives were then allegedly wiped clean by one of the defendants, Jose Manuel Moreno, an IT Specialist for the PP. It is alleged that the hard drives contained information about an illegal funding racket within the PP. The court deemed that was unclear as to whether the hard drives stored any data when they were wiped, and no proof that they were cleaned to obfuscate evidence.

Defense counsel argued that the drives were wiped to be in compliance with Spain’s data protection laws. When the drives were wiped, the former treasurer was under investigation and was eventually found guilty in May of 2018 for having benefitted from funds that were illegally obtained. Barcenas was sentenced to 33 years in jail and the PP was fined the Euro equivalent of $268,000.

Email: sensei@senseient.com   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics