[nsp-sec] Team Cymru's latest forensics tool for Law Enforcement

[Dave Monnier]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Team Cymru is proud to be able to today announce the availability of a
new, no cost tool to assist worldwide Law Enforcement in cyber
investigations:

The Legal Investigation Hash Table (LIgHT) consists of a bundle of the
entire set of malware hashes that can be queried individually via our
existing command line tools.

Law Enforcement Officers can download and import these hash tables into
their forensic software and thereby identify all the known malware on a
victim or suspect machine much faster than ever before.

This is a tool that we hope will free up their time and enable them to
concentrate on making cases against the people that abuse internet users
everywhere.

The malware database is available in the hashkeeper file format via Team
Cymru's existing BATTLE portal for law enforcement.

THERE IS NO COST FOR THE USE OF THIS DATA.

ACCESS IS RESTRICTED TO CURRENTLY SERVING LAW ENFORCEMENT OFFICERS
(LEO's) WITH CREDENTIALS ISSUED BY THEIR GOVERNMENT.

Users should take careful note of the disclaimers on the site - in
particular the fact that this data is intended for lead purposes only
and may not be used in evidence in a way that may ever enter the
public domain.

Law Enforcement Officers can apply for an account at
<http://www.team-cymru.org/BATTLE/> using the username: "battle" and the
password: "p1nsm4p" without the quotes.

We'd like to express our appreciation to a number of police officers in
Hong Kong and Australia who have assisted us with this project.

More details, including instructions on how to load the hash files into
Encase can be found on the BATTLE site and in a separate email being
sent to registered BATTLE users.

Please note that, as with the rest of the data that is made available to
users of the BATTLE portal, malware hash data in this format is only for
Law Enforcement use. Law Enforcement Officers may not, under any
circumstances, provide this data to anyone outside of their own law
enforcement agency and doing so, you may jeopardize our ability to
continue to provide this service to law enforcement and may also result
in individual BATTLE accounts being withdrawn.

If you have any questions you can reach us at investigations at cymru.com
or use the chat function on the BATTLE portal if you have access.

We look forward to sharing further new tools and services with the
community throughout 2009.

Cheers,
- -Dave

- --
Dave Monnier, Senior Systems Engineer, Team Cymru
http://www.cymru.com/  | +1 312 924 4042 | dmonnier at cymru.com

-----BEGIN PGP SIGNATURE-----

iEYEARECAAYFAkl+FpEACgkQ+29txnwarlVfHQCdGk92vH5NbLh+YBI9RnHoBNb6
4rUAn1wK2+VlO/BWwmouajHT3s3yb20/
=vOxZ
-----END PGP SIGNATURE-----