5 Ways to Get the Most Out of Good Content

Getting good content is difficult enough. It often needs to come from a professional SEO writer, not just a professional writer, and that comes at a cost. However, what does a business do once the content’s there? It can’t promote itself, and this will take some Web savvy. Otherwise, it’s a complete waste of money and that’s something no business wants. Below are some tips.

1. Use Analytics

Google Analytics is a free and very user-friendly tool that every business should be using. It can quickly tell site owners how many bouncebacks are happening, which pages are popular, which pages are sinking and in general how much traffic is coming to a site.

By using Google Analytics integration, owners can ensure that quality content is on all pages and take a closer look at the pages that are really excelling or not performing.

2. Keep it Updated

Even the best content can have a shelf life depending on the company and the content itself. While it’s crucial to invest in quality content at all times, don’t forget about updates and fresh content. This is especially critical for businesses that provide content on changing industries.

Stale content is useless even if it is good.

3. Promote, Promote, Promote

Follow the rules for helping content go viral and make sure the writers are aware of this goal.

4. Use the Right Anchor Text

Anchor text is an important part of SEO. It’s the text that describes what a link is and can make someone click on an article-or not. Anchor text should never be duplicated and should incorporate SEO key phrases as well as marketing tactics.

Consider it the headline for the headline.

5. Turn It Into a White Paper or Best Of

Utilize the best content and get the most out of it. Best of lists, white papers or even mini-books that are sold on Amazon can all squeeze a little extra money out of existing high-quality content. For business owners looking to improve the bottom line, this is a must.

Make sure enough good content is available before starting this endeavor.

Great content is great, but it can’t succeed alone. Put in a little elbow grease to make the most of it.

Online Marketer Photo via Shutterstock

10 Ways to Improve Your Business with Mobile Technology

A recent study shows how reliant small businesses have become on mobile technology. The 2013 AT&T Small Business Technology Poll says 85 percent of small businesses now use some kind of smartphone. And 80 percent of small firms founded less than two years ago use tablets, the survey also showed.

Customers are becoming more mobile too. The International Data Corporation, a global marketing intelligence firm, says the number of smartphones shipped now outpaces the number of “regular” cell phones worldwide. Tablets are on the increase with customers too.

Add Mobile Payment Options for Customer Convenience ~ USA Today

Uyen Nguyen owner of Lemongrass Truck, a growing food truck business, reckons her budding company would be nowhere at all without mobile technology. Her company uses tablets to take credit card payments at points of sales and uses social media to let mobile customers know where their truck will be located from day to day. Mobile technology makes sense to Nguyen because her whole business is mobile.

Arm Your Sales Team With Mobile Tools ~Tweak Your Biz

Zoe Maldonado, blogger at TechBreach, writes about the tools of the modern sales force. These include smartphones, PDAs, laptops and tablets. Smartphones and tablets provide mobile sales teams with constant communications and productivity tools including email, internet scheduling and calendars. Mobile business applications allow teams to do presentations, engage in social collaboration and even prepare invoices.

Use QR Codes to Engage Customers in the Mobile Space ~ Right Hand Planning

Online marketing and SEO consultant Peter Semple gives two case studies showing how small businesses can do this. In one instance, a savvy auto mechanic sent out a direct mail piece with a QR code allowing customers to download his mobile app. In another, a local promotional clothing company offers customers a protective sleeve for wireless credit cards. On the sleeve is printed a QR code to the company’s mobile store.

Add Cloud-Based Software-as-a-Service for Mobile ~ TechCrunch

Companies like T-Mobile have begun offering cloud-based services for mobile customers, including telephony features like voicemail, CallerID, conference bridges and more. Increasingly, these services will now be available for the small business market, too. This latest package is aimed at companies with 20 or fewer employees.

Increase Agility and Reduce Costs ~ Firmology

Boil it all down and the real benefit of mobile technology is agility and efficiency. Sam Frymer, founder of personal consulting firm the Awesomeness Institute, points to the time you save sharing information instantly via email, social media, or other electronic documents from no matter where you are. Add to this eliminating paper from your world completely and you can begin to see the increased efficiency and decreased costs.

Use Mobile Apps for Management Tasks ~ Digital Journal

A study by email marketing company Constant Contact finds small businesses are using mobile apps for a host of management activities. The study found small businesses most often used apps for activities like scheduling and time management, customer communications, GPS and mapping and accounting and invoicing.

Do Banking in the Mobile World ~ American Banking

There’s at least one other small business task you can complete using mobile apps, though it’s a task that didn’t show up on the list of popular activities in the Constant Contact study. Small businesses can use mobile apps to do their banking too. Check out the latest feature on Jot, a mobile app Chase provides its business customers.

Use Mobile Video Messaging Apps ~ OurHelix Blog

Mobile video apps aren’t limited to Vine, the 6-second looping video app Twitter acquired while still in development and launched a few months ago. There are also apps like Tout and Viddy. Amy Nedoss, strategic direction and business development leader for OurHelix, takes us through some of the basic differences between these apps and then gives us an overview of what businesses can do with each.

Create a Mobile Friendly Website ~ Entrepreneur

Your website should be easy for mobile users to view. One way to accomplish this is to simplify your web design so it is easier to view on a smaller screen like the one on a smartphone. Another is to create a special mobile version of your site designed specifically with mobile visitors in mind.

Look Into Responsive Design ~ Small Business Trends

When looking into creating a mobile friendly website, one term that keeps coming up is “responsive design.” Simply put, this means creating a website that is not designed for a specific format. Instead, this kind of website resizes itself based upon the screen of the device upon which it is being viewed. In practice, this may be the most versatile solution for the issue of making your site friendly to mobile users.

Have we missed something? Tell us how you’re using mobile technology to improve your business today.

12+ Pinterest Apps and Tools for Pinning While Mobile

Pinterest is not just another copycat social networking site. It focuses on the age-old adage, “A picture is worth a thousand words.”  Who has time to read a thousand words all the time, anyway?  Sometimes a picture is all we have mindshare for.  Pinterest allows you to collaborate and to stimulate your audience by sharing images and visually engaging them.

And today with the growth of smartphones and tablets, more of us are networking socially and consuming content via mobile devices.  Using some of the following Pinterest apps will only make your experience that much more profitable, and they all work on the go with mobile devices.

If you want to post to Pinterest from your smartphone or tablet, you first need to download an app to your mobile device.

iPhone and iPad - The granddaddy Pinterest mobile app of them all is the Pinterest iPhone app.  There used to be a separate iPad app, but now it has been combined into a single iOS app that can also be used on the iPhone, iPad and the iPod Touch.

Android - If you have a device on an Android platform, you will need to download an Android app in order for Pinterest to work.  Although you will not have the same functionality with the Pinterest Android app as you do with the iOS app, each allows  you to pin your pictures, which is the important part.

Pinterest Pin It Button makes pinning easier and greatly improves the functionality of iPhone and Android apps. Just go to the goodies page and drag it to your toolbar. (There are several apps for Pinterest all with this same or a similar name and different functionality, so follow the link to get this one.)

Just today Pinterest announced that it had made its Pin It button available in a number of website-specific mobile apps.    Those apps include:  Behance, Brit+Co, Etsy, Fotopedia, Jetsetter, Modcloth, Snapguide, TED, The North Face, and Zulily.  You have to have switched to the “new” Pinterest look with it’s larger pins, to be able to see these pins.

Windows phones - There’s no official Pinterest app for Windows phones, but one third-party Pinterest app, Scrapbook for Pinterest, is available. It seems to function well, but has the disadvantage of carrying ads or requiring subscription fees. However, if you have a Windows Phone, this may be the only way to be mobile with your Pinterest page currently.  Scrapbook works with Windows Phone 8 and Windows Phone 7.5.

PinHog for Pinterest lets you be mobile, but allows you to minimize extra data charges while you are browsing the Web for pins. Check it out in the Google Play store.  This unique Pinterest app allows you not only to browse while offline, but it also lets you schedule when you would like to pin items to your board.

PinReach is designed to let you know how well you are influencing others. It provides you with a “Klout” score to inform you about trends and let you know when your influence is waning, you know, before it is gone.

PinPuff lets you track trends and analyze how your Pinterest account is doing. PinPuff also calculates the monetary value of your Pins and what kind of traffic they are generating for you.

Snapito is for you if you prefer surfing the Web and taking screenshots for your Pinterest page. this app gives you a variety of easy ways to pin screenshots to your page, including a Pinterest Bookmarklet that lets you do this from your iPhone.

Wallo Pinterest allows you to use your mobile wallpaper to discover new images and travel destinations.  You can pin things from your Android Live wallpaper, on Android devices.

Reachli (formerly Pinerly) has a user-friendly dashboard interface. It keeps you updated on your pin schedule, helps you locate like-minded users, and unfollow groups.

Wisestamp, while not a Pinterest-specific app, lets you add a follow button for your Pinterest account to the bottom of your emails. It features your latest pins.

Pin4Ever lets you create a backup of your pins on your Android or any storage device by using the Pinterest backup app. They have a simple signup process shown in the screenshot above.

Finally, be sure to check out our Pinterest Start Guide for Small Businesses.  And if you already know how to use Pinterest, you might be interested in Pinterest analytics tools to tell how much traffic is going to your site.

Research reveals reality of password sniffing over HTTP connections

When you load in a login form over HTTP, ‘anything you do after that is a little bit pointless'.

According to a blog post by security researcher Troy Hunt, websites commonly have a login page on an unencrypted page and potentially allow users to have their passwords captured.

Hunt, whose research on security failings by Tesco last summer led to the information commissioner investigating the supermarket chain, claimed that often website owners will say that the password ‘posts' to HTTPS so passwords are secure.

He said: “Loading login forms over HTTP renders any downstream transport layer security almost entirely useless. What people forget about SSL is that it's not about encryption. Well, that's one feature of secure sockets, another really essential one is integrity in so far as it gives us confidence that the website content hasn't been manipulated.

“Anything you load over an HTTP connection can be easily changed by a man-in-the-middle, which is why it's absolutely essential to load those login forms over a secure connection. OWASP is very specific about this in part 9 of its top 10 web application security risks and summarises it well in the transport layer protection cheat sheet.”

Hunt said that he was highlighting this issue, as well as a number of websites he had spotted doing this as "they're high-profile sites yet they all load the login forms over HTTP and post to HTTPS".

He recommended loading a login form over HTTPS, either by linking to a dedicated login page or popping it up in a separate window or even loading a whole site over HTTPS.

“This is all a bit odd really; these sites have gone to the effort of implementing some SSL but then blown it by loading those login forms over HTTP,” he said.

“As we saw with Woolworths (which Hunt used as an example in a video), posting over a secure connection is completely useless if there's no integrity in the login form itself, an attacker may already have the credentials by then if the connection is compromised - which is the very risk they all implemented SSL to protect from in the first place.”

In an email to SC Magazine, Hunt said that the point he was trying to make was in regard to the ubiquity with which this pattern is employed.

He said: “I've seen so many cases where someone has tweeted an organisation about this and received a dismissive response that I wanted to demo the risk as simply as possible. This is not one of those ‘here's all your passwords' risks, it requires effort to weaponise, but as I said in the blog post, that effort protects against exactly the same risk they're concerned about by posting to HTTPS in the first place so it's odd not to do it properly.”

Asked if the reason why HTTPS has not been deployed across websites was because of the impact on the user experience, Hunt said that this was not the case, and there were many places where this is done already.

“I think more websites aren't doing this for the same reasons more weren't protecting authentication cookies before the emergence of Firesheep - the awareness isn't there,” he said.

“Certainly the barriers such as cost and HTTPS support by partners is lowering (and I dare say it's now non-existent in most cases), I put it down more to developers not understanding the risks than anything.”

Sourcefire boosts remediation technology with trajectory and indictators of compromise features

Sourcefire has added file detection and trajectory software to its advanced malware protection portfolio to allow visibility of threats for remediation.

It said that the cloud-based technology gives users detailed visibility into malware attack activity and enables them to detect, remediate and control malware outbreaks.

Two types of trajectory capabilities are offered: Network File Trajectory that it said allows malware to be tracked across the network with detailed information given on point of entry, propagation, protocols used and which users or endpoints are involved; and Device Trajectory, which builds upon existing endpoint file trajectory capabilities to deliver critical analysis of system level activities, file origination and file relationships for root cause and forensic analysis.

Speaking to SC Magazine, Sean Newman, field product manager EMEA at Sourcefire, said that a major problem in remediation is on when malware gets in undetected, knowing what to look for and how it acted.

He said: “We focus on the trajectory within the network and understanding where the files go and keep track of them in future. It is about stopping malware propagation and finding indicators of compromise.

“Often with advanced attacks, you cannot see it and cannot do anything about it. Once you have determined it to be bad, the trajectory can do something about it. The real forensic part is when it is known to be bad, you can look into devices to see what it is doing and specify malware when it starts to run.”

Also added are Indicators of Compromise and Device Flow Correlation capabilities, which Sourcefire claims enable users to correlate seemingly benign and unrelated events, while also monitoring device activity and communications to uncover potential malware. Newman said that the Indicators of Compromise technology works with Sourcefire's cloud and Big Data backend to see what was impacted.

Asked if this was using signatures, Newman said it was not and instead looks for common malware behaviours and correlates it to the backend database. “We use the malware to find a bad file, or the cloud looks at all the files that we know and we can tell the state of the malware and the user will get an alert and can do something about it,” he said.

The device flow correlation technology looks at network-based connections to make a determination of what was compromised. According to the company, this helps determine whether a system may have been compromised by providing users with a prioritised list of potentially compromised devices and helping control malware proliferation on endpoints outside the protections of a corporate network.

Martin Roesch, Sourcefire founder and CTO, said: “Even organisations which are diligent in their security measures realise that breaches are entirely too likely in the face of modern threats and they need solutions that help them deal with malware before, during and after an attack.

“The enhanced trajectory features in our Advanced Malware Protection portfolio provide customers with decisive insight when a breach occurs and extend Sourcefire's innovative retrospective security with the ability to immediately locate and eradicate malicious files everywhere they surface.”

Stay Alive. It’s Good for Business

Entrepreneurs: here’s something to add to the list of things academics have found will enhance the performance of your business.

Staying alive.

In a bit of novel research coming out of the United Kingdom, Professors Sascha Becker of the University of Warwick and Hans Hvide of the University of Aberdeen compared 341 private Norwegian companies where the majority owner passed away within the first ten years of company founding with similar companies started at the same time in which the owner remained alive. They found that the companies where the entrepreneur died performed worse in subsequent years.

The analysis showed that the companies whose founders passed away were 20 percent less likely than the others to be in operation two years later. Moreover, four years after the entrepreneur’s death, those companies whose founders had perished had only 40 percent of the sales of the businesses whose owner-operators were still kickin’.

The authors figured out that poor company performance didn’t kill the founders. (We await some other enterprising academics to explore that question!) The sales and employment of the companies whose founders passed on were just as good as the others before the entrepreneurs died. The death of the founder was the cause of the company’s problems, not the other way around.

The adverse effects of the founder’s demise weren’t the same for all businesses. The performance drops triggered by the founder’s passing were worst for the youngest companies and for the businesses where the deceased entrepreneur had a large ownership stake.

In short, the study shows clear evidence that entrepreneurs matter for the performance of their companies.

But how?

Unfortunately, this study doesn’t tell us about the impact of entrepreneur death. However, other studies suggest the myriad of ways that entrepreneurs matter. In some cases, company founders are very good leaders. Their passing is problematic because it puts someone less charismatic in charge of the company.

In other cases, the entrepreneur is a great sales person. Without him or her, the company just isn’t as good at generating revenue.

In still other businesses, the founder has better control over costs or operations and keeps the business humming along more efficiently than those who follow in the CEO slot.

The performance decline documented in this study, however, needn’t have occurred because the founder was more talented than the people who followed him or her. The founder’s death could simply have disrupted the business in ways that made it hard for the companies to recover. Competitors might have swooped in and taken away customers while the firms were transitioning to new CEOs. Or creditors or suppliers might have become jittery and imposed stricter terms on the companies, raising their costs and hurting their performance.

You know, Apple’s stock price has dropped a lot since Steve Jobs passed away. Maybe that’s just the typical performance effect these authors found, just with a lot more zeros tacked on.

Stay Alive. It’s Good for Business

Entrepreneurs: here’s something to add to the list of things academics have found will enhance the performance of your business.

Staying alive.

In a bit of novel research coming out of the United Kingdom, Professors Sascha Becker of the University of Warwick and Hans Hvide of the University of Aberdeen compared 341 private Norwegian companies where the majority owner passed away within the first ten years of company founding with similar companies started at the same time in which the owner remained alive. They found that the companies where the entrepreneur died performed worse in subsequent years.

The analysis showed that the companies whose founders passed away were 20 percent less likely than the others to be in operation two years later. Moreover, four years after the entrepreneur’s death, those companies whose founders had perished had only 40 percent of the sales of the businesses whose owner-operators were still kickin’.

The authors figured out that poor company performance didn’t kill the founders. (We await some other enterprising academics to explore that question!) The sales and employment of the companies whose founders passed on were just as good as the others before the entrepreneurs died. The death of the founder was the cause of the company’s problems, not the other way around.

The adverse effects of the founder’s demise weren’t the same for all businesses. The performance drops triggered by the founder’s passing were worst for the youngest companies and for the businesses where the deceased entrepreneur had a large ownership stake.

In short, the study shows clear evidence that entrepreneurs matter for the performance of their companies.

But how?

Unfortunately, this study doesn’t tell us about the impact of entrepreneur death. However, other studies suggest the myriad of ways that entrepreneurs matter. In some cases, company founders are very good leaders. Their passing is problematic because it puts someone less charismatic in charge of the company.

In other cases, the entrepreneur is a great sales person. Without him or her, the company just isn’t as good at generating revenue.

In still other businesses, the founder has better control over costs or operations and keeps the business humming along more efficiently than those who follow in the CEO slot.

The performance decline documented in this study, however, needn’t have occurred because the founder was more talented than the people who followed him or her. The founder’s death could simply have disrupted the business in ways that made it hard for the companies to recover. Competitors might have swooped in and taken away customers while the firms were transitioning to new CEOs. Or creditors or suppliers might have become jittery and imposed stricter terms on the companies, raising their costs and hurting their performance.

You know, Apple’s stock price has dropped a lot since Steve Jobs passed away. Maybe that’s just the typical performance effect these authors found, just with a lot more zeros tacked on.

Mac Marshal

Both Mac Marshal Forensic Edition and Field Edition provide user-friendly forensic tool kits. Each allows users to access a computer with ease and flexibility. While these offerings were designed originally for Mac OS X to access data, logs and virtual machines running within the Mac OS, the Forensic Edition for PCs will also work with MS Windows. 

The Mac Marshal Forensic Edition software comes either on a disk or can be downloaded from the company's site and then installed onto the computer. This allows the user to run on a Mac OS X 10.4 or later and Microsoft Windows XP or later. With this tool, one is able to examine the designated drive to a full extent. Users are able to gather data from every Apple device connected to the computer being examined. When used on a Mac's features, the user is able to collect log information from the most common Mac apps, such as Safari, iChat, Mail and Address Book. It provides a simple tool to access drives on a Mac or PC.

The other offering is Mac Marshal Field Edition, which can be used on either a Mac or PC. The software comes on a flash drive and there is no installation to run on the computer. The Field Edition includes everything that the Forensic Edition bundle has, except that it is a live triage tool. Unlike the Forensic Edition, the Field Edition can be used on a computer without having to tamper with the unit. Other features include physical memory acquisition and live-state acquisition tools, helping to preserve the computer data before creating an image.

Both products allow for ease with navigation when viewing the chosen drive(s).

The support for each of the products is basic. Both include electronic manuals that offer a lay description of how to use the products. As for the website, there is not much instruction offered. Customer support is free for the first year, and is then 20 per cent of the licence price. The only type of support available is by email. We found this to be the major downside of the product itself. As a test, we emailed the support staff to see how responsive they were and were pleased to see that our inquiry was answered within 24 hours. 

Overall, this is a product that is worth investing in. It is easy to view a disk and gather data based on what is found. Both products are reasonably priced and worth every penny - with the caveat that the customer service is limited. However, that does not affect the value of the product itself. These are both useful in forensics on Macs and PCs, providing access to dual-boot Macs and common applications found on these types of operating systems. Mac Marshal Forensic and Field Edition are each a worthy investment for any forensics investigator.

[Editor's note] To help avoid confusion, there are four versions of this offering: a Mac version, a PC version, a Forensic Edition and a Field Edition. Mac works just with Mac. PC works just with PC. The other two work with both. 

Forensic ComboDock v5

Forensic ComboDock is a read/write blocker. It makes it impossible to unintentionally turn off write blocking. Every time it is turned on, it asks the user to choose either write blocking or read/write mode, avoiding problems that can occur when the user forgets to change the mode to write blocking. Its LED indicator light and a screen menu also clearly identify the work mode. 

We found setup straightforward. The solution comes with an array of accessories for multiple types of drives, including world-compatible AC adapter, FireWire 800 and 400 cables, eSata host cable, USB 3.0 cable, cables for Sata drive and cables for IDE drive. All were tested and proven effective, none of which affected the speed of the unit when different wires were used. 

The device performed as advertised. We tested by connecting several hard drives to it, and attempting to write-block them. One feature that stood out was when we tried to delete a file. The ComboDock appeared to delete it from the hard drive, but then when we turned the tool back on, the deleted file showed up back in the original file location. There is no prompt that tells users that files cannot be deleted. It is important to be aware that the ComboDock is hardware, and has minimal interaction with the software provided.

Documentation provided was minimal. Forensic ComboDock came with a two-page guide that explained the steps needed to properly operate the unit. It was basic and covered the necessary procedures for operating this device, but it did not give solutions to problems. It did mention the Forensic Software Utility - needed to access hidden areas found on the attached drives. If more in-depth information is needed to operate the device, users are directed to a more detailed online manual that contains diagrams to guide the novice user to a more complete knowledge of the solution. We found the manuals were complete and easy to read.

Support was helpful, and provided us with the information we requested. The personnel we spoke with were responsive and as efficient as possible. Any questions we had about the use and implementation of the product were quickly clarified by the support team - demonstrating their familiarity with it. CRU WiebeTech can be reached through email or by phone. The FAQ section on the website was beneficial in answering some of the more common questions that came up along the way. The company posts about the tool's capabilities and possible solutions to common problems. Unfortunately, it does not provide a carrying case for its array of cables, making travel difficult. 

Overall, at c£194, Forensic ComboDock is perhaps, a bit pricey for the limited number of features it provides, but what it does, it does well. It was originally promoted to us as a write blocker/disk imager, but after talking to tech support, the company edited its site to reflect the ComboDock's further capabilities. Perhaps its biggest advantage is a polite and knowledgeable technical support team willing to walk one through any problems or questions.

Lima Forensic Case Management Software

Lima Forensic Case Management Software from IntaForensics is a complete, end-to-end case management system that offers an easy way to organise every aspect of a digital forensic investigation.

The standout feature for Lima is its ability to tailor the system to the needs of the organisation. Whether it is being used for public or private sector use, Lima provides enough functionality and customisation capabilities to meet demand. 

Perhaps more importantly, this system can be used to establish case management procedures that follow industry regulations, legal requirements and digital forensic best practices. This will help to ensure that if a case goes to court, or the process is audited by a regulatory agency, that there is a defensible and repeatable process in place.

Additionally, Lima provides some out-of-the-box functionality that can be useful. It can be configured to use an SMTP server, allowing alert and update emails to be sent to designated users throughout an investigation. Lima also allows the use of custom-report templates. These can be populated at the click of a button with data from the case in those instances where a physical document needs to be produced. 

Another key strength of the system is extremely granular security controls, which allow user access to be locked down by modules, cases and even individual aspects of a case. It ties into Microsoft Active Directory for user access management, allowing user access provisioning to be integrated into existing processes. A log is generated of all activity that takes place within a case, making identifying which investigator made a change a simple task. 

There is a bit of a learning curve when it comes to installing this product and using it to its full potential, so IntaForensics highly recommends the optional training sessions they offer for new users. 

The server installation process required that an SQL database be created for the program. User accounts then had to be created and granted access to it. In addition, case-related configuration settings need to be entered during installation. This can be a daunting task for a less-experienced user. 

Fortunately, IntaForensics provides a detailed, step-by-step installation guide in the Lima Server help file, and has bundled all of the necessary tools to get the SQL database up and running. Once installed, the server administration interface is straightforward, and organisation-specific configuration of the case management system can be accomplished quickly. 

During our testing, we did not experience any significant performance or stability issues. The client and server interfaces and the included modules launched quickly. Processing time while using the system was negligible. 

The base price is £3,495, which includes a perpetual licence for the server and two clients, as well as one year of support and all updates. Training, additional client licences, optional modules and additional years of support are available as extra costs. The capabilities are well worth the price. Lima would be of value to any organisation that is struggling to manage a heavy caseload.

EnCase Forensic v7

Encase Forensic v7 is a tool for computer investigation that both searches a computer system for information, as well as aids in the process of developing this information into a complete report. This software can decrypt high-level forms of encryption, create an image of the physical drive, and then generate reports on the evidence.

After some initial challenges - the package we received did not include all necessary information - we were able to contact Guidance Software and receive the files necessary to install the software. The customer service was helpful in getting us through the install process after we encountered problems getting the software fully functional. We must say it took a lot of time to finally get all of the necessary information for the installation process.

We determined that the software had trouble running on a network of computers using multiple CodeMeter dongles. The EnCase software would run and display an error message claiming it did not have all proper licence certificates. Forensic v7 uses a secure key from the CodeMeter dongle so when operating on a network with multiple dongles, it had trouble identifying which secure keys related to the product. To get it to run on our network, we had to disable all our other tools that used a similar secure key. Otherwise, it would try to identify these keys as its own and fail to run. This means that while the software ran very well once it had its licence identified, it might prove to be a nuisance on systems with many tools running that use CodeMeter dongles. Disabling the other secure keys would be both time-consuming and prevent one from using multiple tools in tandem. Therefore, our installation was time-consuming and we had to jump through hoops to get the software to operate on our network, though it dideventually work - and work very well, indeed.

EnCase Forensic v7 claims to be a comprehensive, industry-standard computer investigation solution - and it does not disappoint. The user interface is a clean, simple and comfortable platform from which to work. The flexibility and versatility of the interface is one of the product's greatest strengths, as it creates a more valuable experience for the user. The features also help to make it an attractive option. It provides the capability to analyse Linux, Unix and Mac systems, as well as major phone and tablet operating systems, such as Android, Apple iOS and more. The evidence processor is customisable and efficient. 

The interface of the program is easy to use and user friendly. The software is well organised. The search results becoming available as they load is also a useful feature, as is the ability to create a report of the evidence and findings. While the software encountered minor difficulties when beginning the installation process, the support staff were so helpful and were able to help us develop a workaround for our particular network.

EnCase is, arguably, the grandparent of computer forensic tools and this legacy of experience shows in each new release. This one is no exception. Version 7 has a good combination of ease of use for the novice and comprehensive capability for the power user.

AccessData Forensic Suite

There are three products in AccessData's forensic suite that every digital forensic investigator needs: Mobile Phone Examiner (MPE) Plus, Forensic Toolkit (FTK) and AD Triage. The compatibility of the three tools enables the user to complete a thorough and organised investigation. 

MPE Plus is a software solution for mobile phone extraction and analysis. It supports more than 6,800 devices, including the iPhone, iPad, Android, BlackBerry and MediaTek (MTK) Chinese devices. 

The installation process is simple and took us only about 20 minutes. The interface is organised with three well-labelled menus, and tools that are graphically displayed cleanly. The interface allows the user to manipulate and examine data with a host of tools, allowing for a functional, effective approach. The automated results are generated from the app and can be exported or printed. 

FTK is a digital investigation platform built for speed, analytics and scalability. Known for its intuitive interface, email analysis capability, customisable data views and stability, it lays the framework for seamless expansion so one's computer forensic solution can grow with an organisation's needs. Additionally, FTK integrates with optional expansion modules to provide malware analysis capability and state-of-the-art visualisation.

AD Triage is an easy-to-use, forensically sound triage tool for the on-scene preview and acquisition of computers that are live or have been shut down. AD Triage is ideal for users who are inexperienced with computer forensic software, but need to preserve evidence in the field. Installation of this component is simple and requires only three steps. Triage is segregated into two different interfaces: administrator and receiver. The administration interface is used to manage and configure removable media devices and to review and store all collected data. The receiver interface is employed for target systems to collect data to a USB device or to a network-connected computer.

Once licences have been obtained and the devices installed, one can access the data essential to an investigation. The profile is published and assigned to the removable device desired. The device can then be plugged into the computer from which the information will be extracted by running the Triage agent application file. If the computer is not in active state, then the user should use a bootable CD/DVD or USB. The run process will activate the interface and the extraction process is started. All of the files that were required when creating the profile of the device are going to be sorted and can then be exported to the device or a remote destination that is specified. 

Finally, the file collection from the field can be reviewed and a report generated and stored to the investigator's lab computer. The AccessData suite offers support and documentation in a variety of forms: via phone, email, web, discussion forums and a user guide. 

Each of the products has to be purchased separately as these applications are not bundled together as a suite. However, at a total price of just over £4,600 for all three tools, the simplicity, functionality and management capabilities that can be applied to the analysed data well justify the expense.

APT infrastructure infecting a wide range of sectors detected in India

A large attack infrastructure has been detected as having originated in India.

According to the report by Norman Shark's security analyst team, the infrastructure appears to have originated from India and began three years ago and is still ongoing. The report said that the attacks showed no evidence of state sponsorship but the primary purpose of the global command-and-control network appears to be intelligence gathering from a combination of national security targets and private sector companies.

Based on an analysis of IP addresses collected from criminal data stores discovered during the investigation, it appears that potential victims have been targeted in more than a dozen countries. Attribution to India was based on an extensive analysis of IP addresses, website domain registrations and text-based identifiers contained within the malicious code itself.

The report claimed that the campaign named ‘Operation Hangover' relied on well-known previously identified vulnerabilities in Java, Word documents and web browsers, which suggests that the targeted government, military and business organisations were not up-to-date on patches.

The discovery began on 17th March, when a Norwegian newspaper reported that telco Telenor had filed a criminal police case for an unlawful computer intrusion and the amount of malware found by Norman Shark analysts revealed that the intrusion was not a single attack, but part of a continuous effort to compromise governments and corporations worldwide.

Norman Shark deemed the primary purpose of this attack to be surveillance against national security interests, with potential victims targeted in over a dozen countries, particularly Pakistan, Iran and the United States.

The intrusion was achieved by spear phishing attacks, with the report claiming that "the attackers went to great lengths to make the social engineering aspects of the attack appear as credible and applicable as possible".

It said: “In many cases, decoy files and websites were used, specifically geared to the particular sensibilities of regional targets including cultural and religious subject matter. Victims would click on what appeared to be an interesting document, and begin the long-running infection cycle.

“Favoured methods include documents infected with malicious code, along with direction to malicious websites with names deliberately similar to legitimate government, entertainment, security related and commercial sites. Often the user would be presented with a legitimate document or software download they were expecting to see, along with an unseen malicious download.”

Snorre Fagerland, head of research at Norman Shark labs, said: “The data we have appears to indicate that a group of attackers based in India may have employed multiple developers tasked with delivering specific malware.

“The investigation revealed evidence of professional project management practices used to design frameworks, modules and subcomponents. It seems that individual malware authors were assigned certain tasks, and components were 'outsourced' to what appear to be freelance programmers. Something like this has never been documented before.”

Fagerland also said that what was surprising was the extreme diversity of the sectors targeted, which included natural resources, telecommunications, law, restaurants and manufacturing.  “It is highly unlikely that this organisation of hackers would be conducting industrial espionage for just its own purposes - which makes this of considerable concern,” he said.