by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
GCN : January and February 2017
GCN JANUARY/FEBRUARY 2017 • GCN.COM 5 The world of the computer foren- sics investigator should get a lot easier with the recent introduction of thousands of mobile apps to NIST’s National Software Reference Library (NSRL), which has become a vital tool for digital detectives. Officials added 23,000 Android and Apple iOS apps to the library in Decem- ber 2016 and expect to add as many as 200,000 more apps this year. NSRL creates “digital fingerprints” for every file in its database — some 50 million so far — and publishes those hashes in a reference data set that’s updated every three months and available to whoever wants to use it. Because only legitimate files are in the RDS, investigators can use it to eliminate files that are of no interest to them and focus on illicit data, such as child abuse images, for which no hashes exist. It’s also occasionally used to find files, even if they have been altered. For instance, after Malaysia Airlines Flight 370 disappeared nearly three years ago over the Pacific Ocean, the FBI asked NIST to provide every hash of every file associated with the flight simulators NIST had ac- cess to, so the FBI could determine which flight paths the plane’s pilot might have practiced on and thereby deduce where he might have been heading. By adding mobile apps to NSRL, the government should also be able to better secure the apps its employees use. The Depart- ment of Homeland Security-funded Cyber Forensics Tool Testing Program, for instance, hosts vari- ous programs that capture changes over an app’s lifetime and test them against known vulnerabilities. NIST said NSRL offers a unique re- source for investiga- tors because of its size and because it keeps files under evidence-locker conditions. Software is either dis- tributed physically using disks or distributed online via secure servers. Therefore, the initial status of the software can be verified, if that’s needed for legal purposes. Researchers who want to develop and test forensic and security tools can also go to NIST to use the whole of NSRL’s resources. Given the rapid advances in app versions, the ad- dition of mobile apps should make NSRL an increasingly important re- source for both forensic and security tool developers. • Mobile apps added to NIST database BY BRIAN ROBINSON [BrieFing] To help address the cyber workforce shortage, the National Initiative for Cybersecurity Education has released a tool that aims to help employers more effectively identify, recruit, develop and retain talented cyberse- curity professionals by providing a common language to categorize and describe cybersecurity work. The draft NICE Cybersecurity Work- force Framework includes definitions for 50 work roles, including cyber le- gal adviser and vulnerability analyst. “When identifying their cyber- security staff, many organizations overlook cybersecurity tasks being performed by lawyers, auditors and procurement officers,” said Bill New- house, lead author of the framework and deputy director of NICE, which is led by the National Institute of Stan- dards and Technology. “The NCWF can help an organi- zation identify cybersecurity tasks within a work role that are vital to its mission and then examine if its current staff can perform those tasks and, if not, hire staff who can.” Terminology from the framework has already been incorporated into two new online resources. The Cyber- Seek interactive map illustrates cyber- security job demand and availability for each state, and the Career Path- way shows key jobs in cybersecurity, common ways to transition between them, and detailed information about the salaries, credentials and skills required for each role. • A framework for cyber talent BY MATT LEONARD NIST said its library offers a unique resource for investigators because of its size and because it keeps files under evidence-locker conditions. 0217gcn_005-007.indd 5 2/1/17 10:08 AM
October and November 2016