Jonathan T Rajewski » Microsoft

Microsoft Phone Data Manager = a happy digital forensic examiner

admin — Sat, 13 Sep 2008 01:58:10 +0000

So, stay with me here…

A cell phone gets tossed into the lake when a suspect was being taken into custody (in the civil world, the suspect “lost” their corporate cell phone when a discovery request came in). The call records/subscriber information are still theoretically recoverable – because that information is retained by the cell phone carrier.. But what about the other data on the phone – like contacts/videos/pictures etc..

Microsoft just released (currently in beta) a product designed to help customers keep their important “mobile phone data” backed up. If a user is lucky enough to have a supported phone they can sync music, contacts, video, pictures between their phone and computer (and the web).

The potential data that could reside on a digital data source just increased.

Microsoft’s Wireless Keyboard Encryption Cracked

admin — Wed, 05 Dec 2007 16:13:40 +0000

This article details how researchers from Dreamlab broke the encryption on several models of Microsoft’s wireless keyboards.

Here is a video demonstration

Microsoft Brings Social Networking Style Feature To The XBox 360

admin — Wed, 28 Nov 2007 00:11:29 +0000

This article highlights Microsoft’s plans to launch an enhanced social networking feature to Xbox Live. This is just another data source to consider.

A New Digital Data Source to Consider

admin — Thu, 08 Nov 2007 18:25:36 +0000

Somewhere in the hills of Seattle, Microsoft has developed a new product called Windows Home Server. This new product aims to centralize digital data in the home setting. Microsoft has partnered with several hardware manufacturers including Iomega, HP and Fujitsu to distribute the home server solution. Digital forensic examiners and/or investigators that conduct on-site acquisitions or physical collections of digital devices should familiarize themselves with the branded hardware so they know what they are looking for. Typically, Windows Home Server physically sits on the network as a Network Attached Service (NAS), so in other words, there won’t be a keyboard/mouse or keyboard. It’s noteworthy to mention, that this software is just like any other Windows operating system, specifically relating to its capability to be installed on any IBM compatible computer/server. One of the features that should raise a red flag to forensic examiners/investigators is users can remotely access a home network. In this technical brief, the author writes: “Users can download files and folders, and they can upload one or more files to the shared folders on the home server while they are away from home. They can also search through the Shared Folders when they are trying to find a specific file.” ”Users can connect remotely to the computers in your home. You can run an application or print to your home printer, just like you can when you are sitting in front of your home computer.” What does the above mean to examiners – a user can very easily remotely connect into a home network and perform normal computing tasks from afar. Now, with that being said, remote connection software has been around for a while but the “point and click” functionality that this operating system beings to the table, opens the door to the everyday user to manipulate data on their home networks from afar. Future examiners encountering a Windows Home Server must be conscious of the “complete” picture when analyzing for evidentiary data. The user friendly “features” that this server has will rekindle the “some hacker put those files on my computer” defense. Examiners must be ready and able to competently verify/dispute that claim.