LEARN “HOW TO” – 101 BEST FORENSIC TUTORIALS

Download
File
eForensics_19_2013BEST1.zip

Dear Readers,

Proudly we announce the release of the newest issue of eForensics Magazine Learn „How to” – 101 Best Forensics Tutorials, the best practical pill for everyone who’d like to become an expert in digital forensics field. LEARN HOW TO DO IT!

In front of you is more than 700 pages of practical tips and tutorials for everyone who’d like to dive into digital forensics and learn the practical side of the field. Great tutorials for the best and most popular forensics tools that all of you need!

Lear how to do it!

IF YOU HAVE PROBLEM BUYING THE ISSUE please contact us at [email protected]

TABLE OF CONTENTS
1. DIGITAL FORENSICS IN A NUTSHELL – Barry Kokotailo

“Before 1999, formal dedicated digital forensics toolkits did not exist. Then came the first free open source tool to perform digital forensics: The Coroners Toolkit created by Dan Farmer and Wietse Venema (http://www.porcupine.org/forensics/tct.html). This sparked a massive revolution in the science and art of digital forensics. This article will deal with the stages in a digital forensics examination, the tools used by most forensics people, and some final thoughts on the world of forensics.”

2. A PRACTICAL APPROACH TO TIMELINING – Davide Barbato

“Sometimes we need to investigate a data breach, an identity thief, a program execution or, in a more general way, we need to know what happened on a system on a specific time: to accomplish that, we need to create a timeline of the system activities so we can add context data to our investigation. As it is, timelining refers to the technique used to keep tracks of changes occurred in an operating system by creating a timeline of activities, pulled down from various data sources, as the investigation process requires.”

3. STEGANOGRAPHY: THE ART OF HIDDEN DATA IN PLAIN SIGHT – Priscilla Lopez

“Steganography is the art of hiding messages in plain sight. Different forms of steganography have been used for many years throughout history. Nowadays just about any data type can be embedded with a secret message and the common passerby wouldn’t even notice.”

4. DIGITAL IMAGE ACQUISITION – STEP BY STEP – Thomas Plunkett

“Proper digital image acquisition is key to any forensics practice. Accurate and thorough documentation along with rigorous adherence to procedures and established best practices lead to a successful acquisition process. This article will help the beginner learn what is necessary to successfully accomplish this important part of digital forensics.”

5. FTK IMAGER BASICS – Marcelo Lau & Nichols Jasper

“This article discusses a basic FTK Imager case study. In this case study a pen drive has been found with a suspect, but it appears to be empty. We will show how to image the pen drive’s file system and how the FTK tool can help us to show traces of deleted artifacts in the evidence media.”

6.INTRODUCTION TO NETWORK FORENSICS USING WIRESHARK – Dauda Sule

“Network data is highly volatile and may be easily lost if not captured in real-time; for example, if malicious code is sent to an endpoint, the source or path of the code would be difficult to discover if the traffic data was not captured as it was coming in through the network. There are various tools that can be used to capture and analyze network traffic such as NetworkMiner, tcpdump, snort, windump and Wireshark. This article introduces the use of Wireshark for network analysis.”

7. HOW TO RECOVER FILES FROM THE MEMORY DUMP, SWAP FILE AND HYBERFIL USING DATA CARVER TECHINIQUES – Carlos Dias Da Silva

“There are in the memory dump, swap and hiberfil files a lot of data can help us in a digital investigation. In these places we can find documents, web pages, pictures, executed files and other information can help us in a digital investigation.”

8. FORENSICS ON LINUX – Barry Kokotailo

“The majority of forensics examinations conducted today comprise Windows machines. Considering that the vast majority of desktops in use today are Windows based, this should not be of a surprise. However a good majority of servers and workstations are Linux based and running interesting services such as databases, web and file services. During the career span of a forensics professional you will need to perform a forensic examination of a Linux machine. This article will give you the step by step procedure in order to acquire an image, analysis, and report on the findings.”

9. HOW TO PERFORM FORENSIC ANALYSIS ON iOS OPERATING AND FILE SYSTEMS – Deivison Pinheiro Franco and Nágila Magalhães Cardoso

“With Apple Operation System (iOS) design and the large amount of storage space available, records of emails, text messages, browsing history, chat, map searching, and more are all being kept. With the amount of information available to forensic analysts on iOS, this article will cover the basics to accurately retrieve evidence from this platform and build forensically analysis when applicable. Once the image logically, via backup or physically has been obtained, files of interest will be highlighted for a forensic examiner to review.”

10. TWELVE OPEN-SOURCE LINUX FORENSIC TOOLS – Priscilla Lopez

“There are several open-source Linux forensic tool suites and tools such as Kali Linux, DEFT, HELIX, Backtrack, CAINE, Knoppix STD, FCCU, The Penguin Sleuth Kit, ADIA, DFF, SMART, and SIFT. This article will give you a brief overview of the available tool suites. Afterwards, I will show you step-bystep how to install one of the tool suites and run a practice case sample.”

11. FOUR WINDOWS XP FORENSIC ANALYSIS TIPS & TRICKS – Davide Barbato

“To an untrained eye, it could appear that Windows XP is just another Windows operating system family: It behaves completely different, and could lead to misleading conclusions if you are not familiar with XP. Think about a case in which you need to know if a user views a document or a folder, or opened a document and trashed them: Windows XP has different behavior in respect to Windows 7 and this need to be addressed.”

12. A BEGINNER’S GUIDE TO FORENSIC IMAGING – Madeline Cheah

“Are you starting on the road to a career in digital forensics? Or perhaps a student looking to get onto a course in this field? Maybe you just need a refresher after a little time away? This is a simple guide introducing you to one of the fundamentals of digital forensics, with a legislative narrative to set things in context.”

13.EXAMINING EXIF DATA IN DIGITAL PHOTOGRAPHS – Irv Schlanger

“Digital photographs have become common as a source of evidence in forensic investigations. However, pixels alone do not tell the entire story—modern digital cameras also record Global Positioning Satellite (GPS) information as well as date and clock time into photographs using metadata known as EXIF tags. One of the main tasks of a forensic investigator is to extract useful evidence from a photograph and proving this information’s authenticity. EXIF metadata in JPEG photographs can provide proof that a suspect was or was not at the scene of a crime. Because EXIF data can be altered by the very same software and techniques detailed below, law enforcement should take precautions and use established forensic practices when using metadata in investigations.”

14. COMPUTER FORENSICS WHAT, WHY AND HOW – Ahmed Neil

“Computer crimes investigations are based on evidence collection from certain areas in the computer system to be analyzed. Such as Windows Registry, File System, Log file, Internet History, Cookies, and so other potential evidential areas. For deepest concentration Windows Registry evidence Analysis will be introduced. Windows Registry is considered as one of the areas that contains valuable information about the system. It stores all hardware and software configurations, user activities, and transactions. Therefore, Windows Registry forensics is considered as a hot research field.”

15.EXAMINING GOOGLE CHROME ARTIFACTS – David Biser

“The Internet has grown by leaps and bounds over the course of its existence. There are millions upon millions of users who are browsing the Internet on a daily basis. Some of these are good, some of these are ugly and some of these are just plain old bad! Amongst those who are browsing the Internet are the good guys, who are seeking to enforce the law and conduct digital investigations in order to stop the bad things from happening on the Internet. One major program that these digital investigators can turn to in order to locate evidence is Google Chrome!”

16. STEP-BY-STEP TO ASSESS IT SYSTEM CONTROLS – Kevin M. Moker

“Risk management is a discipline that covers many areas. There is financial risk, operational risk, strategic risk, and compliance risk to name a few. Information Technology (IT) poses its own risk to the organization, but what is IT risk? Why should you care about IT risk? How do I measure IT risk? It has been said, “What gets measured, gets done.” Lets look at how to conduct an IT risk assessment from policy to assessment questions to actual compliance measurements against the information security policies. The number one goal is to be able to know if you’re in compliance with your information security policies. This is just one strategy to get there.”

17. HOW TO ANALYZE A TRAFFIC CAPTURE – Javier Nieto Arevalo

“We live in an era where the signature-based Antivirus has less sense if we want to fight against hackers who are creating customized malware only for their targets. This malware is commonly known as Advanced Permanent Threat (APT) and it’s really interesting to research where the host was infected, the connections back to the Command and Control server to get the instructions.”

18. INVESTIGAING A NIGERIAN WEBMAIL AND E-BANKING PHISHING ATTACK – Gilad Ofir & Dvir Levi

“In today’s world, as we all use email for practically everything, from talking to friends, colleagues, bosses, business partners, etc. However, like every good thing, it can be abused by spammers and hackers, and infect is. Since we all use it, it’s important to understand the security issue that rises when ones e-mail is targeted for spamming. and evaluate the damage of the malware. Sometimes it is easier to detect infected hosts in the networks if we analyze the network traffic than using an Antivirus running on the host.”

19. IPV6 SECURITY – Satinder Sandhu

“Predictions about when the world will end are as consistent as the predictions that when IPv4 internet addresses will finally run out, but some IT security professionals say that it is the least of our worries. A much bigger concern, they say, should be the security holes that will open up in many business organizations as the world moves over to internet protocol version six (IPv6). In this article we are going to discuss and execute the techniques and methodologies which can make the future of internet …. INSECURE!”

20. INTRODUCTION TO WINDOWS FORENSICS USING PARABEN P2 COMMANDER – Dauda Sule

“Microsoft Windows is the most widely used operating system both for business and personal use. Such popularity has made it one of the most targeted operating systems by malicious attackers. As a result, it is often used as a platform to access personal and work place data, or even to commit policy breaches assisting in the commission of criminal acts. Investigations that are based on electronic evidence stand a very high chance of being carried out on a system with one or the other version of Windows operating system. It is therefore one of the most important operating systems anyone going into the field of cyber forensics will need to know how to investigate.”

21. USING JUMP-LIST FEATURE OF WINDOWS 7 FOR EVENT RECONSTRUCTION – Everson Probst

“The identification and understanding of the last actions of a computer user are fundamental during a computer incident investigation. Such activity may be very simple when the assessed system presents organized and centralized registries and logs, such as in the systems based on Unix. However, Windows operating systems do not have these qualities. Therefore, the forensic examiner needs to use several features of the system to be able to reconstruct user events. This article deals with a relevant information-rich resource, the Jump-List.”

22.BUILDING SECURE NETWORK – Davide Barbato

“As the security paradigm shifted from “static” to “dynamic” defense, network companies need to adequate its security arsenal, not only about network security, but also end point protection, monitoring
and backup policies.”

23. USING PEACH TO DISCOVER VULNERABILITIES – Pedro Guillén Núñez, Josep Pi Rodríguez and Miguel Ángel de Castro

“Nowadays, software vulnerabilities are an important risk for the companies. Reverse Engineering is a useful technique but it consumes much time and effort. However, Fuzzing gives good results and can be less expensive in terms of effort. Nowadays, the best approach is using both techniques. It is known that software companies include in their development cycle Fuzzingas the main technique
in order to detect bugs.”

24. WHO IS AN EXPERT…? DAUBERT PRINCIPLE FOR EXPERT WITNESSES – Sagar Rahurkar

“Witnesses are the people or experts with valuable input in a case. It is through witnesses and documents that evidence is placed before the court. Even the genesis of documents can be proved by the witnesses. Thus, the law has to be very clear with regards to certain issues like who is a competent witness? How many witnesses are needed to prove a fact? Can a witness be compelled to answer every question posed? How can the credibility of the witnesses be tested? Whether a witness can refer to notes to refresh his memory and what are the judges standing with respect to the witnesses.”

25.HOW TO USE MIRROR DRIVE FOR BACKUP WITH ZERO-TIME RECOVERY! – Wei Deng

“The safest way to back up important data is to duplicate said data to an external storage device to achieve physically isolated protection. However, the recovery process of traditional backup software is long and tedious, and can negatively affect your business operations. With Mirror Drive technology, you can recover and replace a failed device with close to zero down time. The state-of-the-art technology first converts and compares all files, then clone only the changed data to the hard drive, providing you with a highgrade-speed to complete the Mirror Drive process.”

26. GREP AND REGEX, THE OVERLOOKED FORENSIC TOOLS – Craig S Wright

“This article takes the reader through the process of learning to use GREP and Regular Expressions (RegEx). GREP May not seem to be a tool that relates to the process of data recovery, but we will show that this is an essential tool in recovering data. If you cannot find data, how can you recover it?”

27. INVESTIGATION & eDISCOVERY OF BIG DATA -Vishnu Datt

“Data storage has been a part of our lives since our ancestors first started writing on stone tablets. The advent of the computer accelerated our ability to create data, but this brought a new challenge: Now that we can create data so quickly, how will we store it? FTP hosting on cloud-based systems work to some extent, but is that enough for the massive quantities of data we’re producing?”

28. HOW TO INDEXING DATA WITH KS – Nanni Bassetti

“One of the big problem during a computer forensics analysis is searching many keywords, strings, phrases in big data containers like hard disks or pendrives; it is possible to use tools like strings and grep but they have some limitations.”

29. SUPERVISORY CONTROL & DATA AQUSITION & INDIAN CYBER LAW – Aashish Satpute

“Attacks on these systems can cripple vital infrastructure causing widespread damage. The examples of this are plentiful. In 2011 hackers were able to access critical pumps and cause damage at the City of South Houston‟s water plant Stuxnet, which grabbed headlines for a while was also a SCADA attack, although it is thought to have been designed to target Iranian nuclear plants.”

30. UNDERTAND AND SOLVE PROBLEMS WITH NTFS PARTITION – Carlos Dias da Silva

“There are lots of kind partitions and we will dedicate this article to explain about NTFS partition in a simple way. There for, the objective this article is to show you how it works a NTFS partition and how to recovery it if was excluded or lost.”

31. DATA LOSS TO DATA RECOVERY – Shishir Rajendra

“in todays e-world we are living in, it has become very important to everyone – computer professionals as well as the layman, to keep his/her data safe. Even in any of the information security policies of various organizations, out of the three pillars – CIA, the “Availability” aspect stands out first, before the other two, that is the “Confidentiality” and the “Integrity”. Hence organizations always make it a point to have their information secured and try to abide it by the ISP (Information Security Policy).”

32. RECOVERY OF SYSTEM REGISTRY FROM WINDOWS RESTORE POINTS – Everson Probst

“The first items to be considered in a computer forensic analysis of Windows systems are the registries. However, what to do when the registries have been deleted recently? Currently, the most used alternative to solving this problem is attempting to recover files by using methods known as data carver. Nevertheless, there is a simpler and faster method that can help you in recovering these registries. It is the use of the Windows feature called System Restore.”

33. AUDITING lOGIN  RElATED EVENTS INSQl SERVER – David Zahner

“In this article I will be exploring different methods of tracking and storing the login events that take place on your SQL Server as well as some ideas as to what to do with the information once gathered. With the exception of the extended events example which will only work with SQL Server 2008 and above, the other methods outlined will work with all versions and editions from SQL Server 2005 and beyond. “

34. EXTRAXTING AND USING METADATA FOR A DIGIAL FORENSIC INVESTIGATION – Marc Bleicher

„ Metadata can often contain that needle in the haystack you’re looking for during a forensics investigation; in fact it has helped me out in the past quite a few times. One particular case that stands out the most was an internal investigation I did for the company I was working for at the time. Most of the cases I dealt with in this role related to employee misconduct, which included wrongful use, inappropriate behavior, harassment, etc. In this situation, metadata was the key piece of evidence in the case of a lost smart phone. „

35. HOW TO PERFORM INVESTIGATIONS USING NUIX – Damien Van Oultryve Dydewalle

“In the world of e-discovery there is a need for a good processing engine to process large amounts of data, index text and metadata, perform in depth analysis of communication links, etc. Most email clients can perform content analysis of the email body. With Nuix, searches can be performed through all email metadata as well the attachments, and near duplicates (previous versions or drafts of documents) can easily be found.”

36. RECOVERING IE HISTORY USING PASCO IN LINUX UBUNTU 12.04 – Carlos Cajigas

“Reconstructing and examining web browsing history is a task that is required during most forensic examinations. Luckily, po- pular commercial tools have done a good job of simplifying the reconstruction process for us. While commercial tools simplify the process, the software often comes with a hefty price tag.”

37. CAPTURING INSTANT MESSAGES WITH PACKET CAPTURE TECHNOLOGIES – Nicholas Miter

“Most commercial forensic software packages focus on indexing and intelligently searching data archived in hard drives, networks, and e-mail servers. These tools work well when archived information accurately reports employee communication.  This article provides a simple example of a forensic tool that captures instant messaging traffic and stores it in a Microsoft SQL Database Server. Many forensic toolkits support importing data from commercial database systems.”

38. STATIC MALVARE ANALYSIS –  Ram Shmider

“When you start your journey into malware analysis you need to remember that the files or machine you are working on are infected with real live malware.  With static malware analysis, you can safely gather all kind of information from a suspected file that can give you basic information about the file or files that malware uses.”

39. REVERSE ENGENEERING LARGE JAVA PROGRAMS – Colin Renouf

“The aim of this pair of articles is to convey the techniques and tools of the trade for understanding and reverse engineering large Java applications, and using JavaEE application servers as an example to understand how external interfaces and hosted JavaEE programs interact. This is a complex subject, so only the basics of application servers will be covered, but if there is more interest in the internals further articles can be produced”

40. CREATE PROFFECIONAL WEB INTRUSION ANALYSIS REPORT WITH OPEN SOURSE TOOLS – CF Fong

“During or after a web intrusion, some of the most important tasks of the first incident responders are to understand every bit of details of the web intrusion, and present it to the management for the next course of action. “

41. NTFS RECOVERY USING OPEN SOURSE TOOLS AND SCRIPTING TO RECOVER NTFS ARTIFACTS – Yves Vandermeer

“NTFS is nowadays one of the most often filesystem encountered during IT forensics. Using filesystem properties allows IT forensic experts to enhance and speed up their searches, especially on altered file systems. Beyond results generated by forensic tools, this knowledge helps to look for what should apparently be never recoverable.”

42. FORENSICS ANALYSIS WITH FTK –  Omar Al Ibrahim and Majid Malaika

“Digital forensics is the process of recovering, preserving, and examining digital evidence in a way admissible in a court of law. This process is very delicate and requires deep understanding of both legal and technical aspects which includes knowing the right procedures and tools to conduct forensics analysis.”

43. DIGITAL FORENSICS 101: CASE STUDY USING FTK IMAGER – Dauda Sule

“In the information age, virtually everything we do is done through or along with electronic devices and platforms (like PCs, mobile phones, tablets, the Internet and so on). This has greatly affected how we carry on business and live our lives, as a result, getting information and trying to know what had transpired in an event involves use of these digital devices and platforms.”

44. HOW TO DETECT SYSTEM INTRUSIONS –  Almantas Kakareka

“We want to detect system intrusion once attackers passed all defensive technologies in the company, such as IDS/IPS, full packet capture devices with analysts behind them, firewalls, physical security guards and all other preventive technologies and techniques. Many preventing technologies are using blacklisting most of the time, and thus that’s why they fail. Blacklisting is allowing everything by” default, and forbidding something that is considered to be maliclous. So for attackers it is a challenge to find yet another way to bypass the filter. It is so much harder to circumvent a hitelisting system.

45. MEMORY ANALY SIS USING DUMPIT AND VOLATILITY  - Daniel Dieterle

“Want an easy way to grab a memory dump from a live system and search it for forensic artifacts? Look no further than DumpIt and Volatility. In this article we will see how to pull pertinent information from a memory dump and cover some basic analysis with Volatility. We will also look at a memory image infected with Stuxnet.”

46. A PRACTICAL APPROACH TO MALW ARE MEMORY FORENSICS – Monnappa K

“Memory Forensics is the analysis of the memory image taken from the running computer. In this article, we will learn how to use Memory Forensic Toolkits such as Volatility to analyze the memory artifacts with practical real life forensics scenarios. Memory forensics plays an important role in investigations and incident response.”

47. MALW ARE FORENSICS & ZEUS –  Mikel gastesi, Jozef Zsolnai & Nahim Fazal

“During the course of this article you will learn all about the banking Trojan that goes by the name of Citadel. It is important to point out that the sample we are using in this article is an older version of the malware; the current version is V1.3.5.1 we will provide you with high level overview for this piece of code from its inception to its latest incarnation.”

48. DEMYSTIFYING THE MEMORY ON YOUR COMUTER – Amit Kumar Sharma

“Memory Forensics is an art of demystifying the questions that may have some traces left in the memory of a machine and thus involve the analysis of memory dumps of machine that may be a part of the crime. Earlier, memory in question used to be only on hard disks or permanent storage where attackers use to leave traces by mistake and forgot to erase their footprints, but those days are gone and attacks have become more revolutionized as attackers tries to keep everything in the volatile memory
(RAM) thereby reducing chances of being traced.”

49. WHY YOU NEED TO PERFORM MEMORY FORENSICS – Matt Mercer

“Memory forensics has risen from obscure to obligatory over the last 20 or so years. If you aren’t capturing (and analyzing) memory, then you are leaving crucial evidence behind. This article will provide an overview of memory forensics, and a walk-through of some basic techniques and tools. The
principal focus will be a Windows environment and open source or free tools to investigate user activity. So, put away your write-blockers and get ready”

50. STEP BY STEP MEMORY FORENSICS – Boonlia Prince Komal

“In this article I have attempted to take you right from the dumping of memory to the complete analysis of it. I have attempted to include whatever I, as a forensics investigator will do. I have focused only on Windows here.At places it has not been possible to include each and every thing. At such places I have taken few things in detail, few things in brief and left others to be explored by the reader himself.”

51. STEP BY STEP TO WORK WITH YOUR OWN MEMORY DUMPS – Javier Nieto Arevalo

“In our personal live or in our business live (sometimes they are joined) we hear a lot of news about security problems. Some days we can experiment these troubles in our computers or in our business networks. If your computer is alive and it is connected to the Internet, you are in risk of been attacked… You can bet you will be infected some day… Every week in the news you can check that huge companies like Google, Juniper, Adobe, and RSAeNvision… have been hacked because an advanced persistent threat (APT) was installed in their systems and their information was stolen. At this moment it’s essential to have a great team able to make a good forensics analysis in order to detect the modern malware, evaluate the damage, check out what data was thieved and learn about it in order to
avoid the same problem or another similar in the future.”

52. MEMORY FORENSICS, ANALYSIS AND TECHNIQUES – Rafael Souza

“With the evolution of technological resources and the popularity of the Internet, it has become impractical to maintain only the traditional approach, due to the large volume of information to be analyzed and the growth of digital attacks. In this context, the analysis of data stored in volatile memory comes up with new techniques, it is necessary to check the processes that were running, established connections, or even access keys encrypted volumes, without causing the loss of sensitive information to the investigation, thus allowing the recovery of important data to the computer forensics.”

53. EXTRACTING FORENSIC ARTIFACTS USING MEMORY FORENSICS – Monnappa K A

“Memory Forensics is the analysis of the memory image taken from the running computer. In this article, we will learn how to use Memory Forensic Toolkits such as Volatility to analyze the memory artifacts with practical real life forensics scenarios. Memory forensics plays an important role in investigations and incident response. It can help in extracting forensics artifacts from a computer’s memory like running process, network connections, loaded modules etc. It can also help in unpacking, rootkit detection and reverse engineering.”

54. WINDOWS MEMORY FORENSICS & MEMORY ACQUISITION – Craig S. Wright

“This article takes the reader through the process of imaging memory on a live Windows host. This is part one of a six part series and will introduce the reader to the topic before we go into the details of memory forensics. The first step in doing any memory forensics on a Windows host involves acquisition. If we do not have a sample of the memory image from a system we cannot analyze it. This sounds simple, but memory forensics is not like imaging an unmounted hard drive. Memory is powered and dynamic, and changes as we attempt to image it. This means it is not a repeatable process. Not that there is a requirement at all times for the results of a forensic process to provide the same output; in this it is not necessary to be able to repeat a process and obtain exactly the same results. It does not mean we cannot use a variable process in a forensic investigation. What it does mean is we have a set of steps that will allow us to image memory but that every time we do those the results will change.”

55. iOS MOBILE DEVICE FORENSICS – FOR BEGINNERS – NCIS Solutions Team

“What we are hoping to do is give an overview to any new mobile device forensicators on how we would run an iOS forensics task when delivering a service to a client on a particular handset. Similar techniques would also be used when exploiting media devices. For instance, if our ‘Red Team’ is tasked by a client, to run a full security assessment at their residence or business address. The techniques shown in this article can also be added and run for Android devices in the same way, as long as you have the native cable of the mobile device you want to extract data from.”

56. HOW TO PERFORM A LOGICAL ACQUISITION OF ANDROID DEVICES – Paolo Dal Checco

“When dealing with digital investigations, mobile devices are as important evidences as personal computers, but the way their examination takes place is completely different and much more complex. Reading the content of a smartphone can be challenging in some cases but recently some tools – commercial and free/open source – have been developed to help out investigators. With a little time examiners can learn how to use free tools to extract evidences from Android devices.”

57. HOW TO PERFORM LOGICAL ACQUISITION OF IOS DEVICES – Paolo Dal Checco

“During investigations, mobile devices are as important evidences as personal computers, but the way their examination takes place is completely different. Reading the content of a smartphone can be a challenge but there are methodologies and tools that can help investigators. Some of these tools are free and Open Source, mainly when it comes to logical acquisition of data.”

58. iPHONE ANALYZER: EFORENSICS FROM A TESTER’S VIEW – Cordny Nedercoorn

“A softwaretester makes a diagnosis about the quality of the software, and a forensic investigator makes a ‘forensic’ diagnosis by collecting evidence for a crime committed.
Also the system under investigation shows similarities. Both systems must be separate and not tampered with.
This article is the first of a series where I will show how I look at a particular eforensics software application as a tester and show possible risks when using it. Starting with the iPhone analyzer developed by CrypticBit.”

59. HOW TO PERFORM A FORENSIC ANALYSIS OF A SMARTPHONE WITH OXYGEN FORENSIC SUITE 2013 – Fabio Massa

“The growing technological development in the field of smartphones and mobile devices of communication, is strictly proportional to the implication of the same nature in forensic investigations in order to obtain evidential information useful to the identification and resolution of crimes, involving the use of such devices. Among many opportunities and various tools developed for this purpose, this article argued the Oxygen Forensics Suite 2013 software that allows logic forensic analysis, in some cases, even physical of numerous brands and models of mobile phone. The informations that can be restored by Oxygen are numerous and allow to reconstruct the timeline of criminogenic events. Some of these have the ability to recover phone information and sim card, contact list, missed calls / outgoing / incoming text and multimedia messages (also canceled in some cases), data, LifeBlog, GPS and XMP, Iphone Backup password-protected information Skype, Wi-Fi and IP connections and much more.”

60. THE ENEMY INSIDE THE GATES – A GUIDE TO USING TOOLS FOR NETWORK FORENSIC ANALYSIS – Phill Shade

“The presence of cybercrime and cyber terrorism is on the rapid increase as we depend more and more on computers and the Internet. These changes revel an emerging requirement for Law Enforcement and Corporate Security personnel to work together to prevent, and solve increasingly more complex cases of the computer networks being utilized for criminal and terrorist activities.”

61. STEP BY STEP ANALYSIS OF FACEBOOK AND TWITTER DATA ON ANDROID DEVICES – Massimo Barone

“A recent study published by Mashable (http://mashable.com/2013/01/29/twitter-fastest-growing- social-platform) shows that across all the social networking platforms, including Facebook and Google+, it is Twitter that holds the crown for the fastest growing number of active users. The growth of social networks is heavily influenced by the burgeoning numbers of smartphones which allow access to these platforms at any time and from any place.”

62. HOW TO PREPARE ORACLE FOR EXAMINATION IN THE FORENSIC LAB – Todd Markeley

“The Oracle database can present many opportunities for gathering important evidence, but it can also include serious obstacles for the forensic examiner.”

63. WAYS TO DETECT BIOS CLOCK ANTI-FORENSICS – David Sun

“The ultimate purpose of any forensic computer investigation is to correlate activities on a computer with real world actions by an individual. Accomplishing this can help a trier of fact decide what actually happened in a given situation.”

64. DIY REMOTE NETWORKED OS X MONITORING – Israel Torres

“Remote access to a machine (or more so machines) is status quo these days; we are creatures of convenience and if we can operate as easily from a remote location as we can at the office we’ll take it.”

65. CHROME FORENSICS HOW TO TRACE YOUR INTERNET ACCESS BEHAVIOR – Marcelo lau, Nichols Jasper

“This article describes computer forensic procedures for discovering Internet Browsing habits, and compiling computer user profiles. This paper suggests useful information regarding the type of information, and how Chrome defaults’ directories are used, and what kind of browsing information.” may be recovered from computers. Simplifying collection and some reporting tools are described.

66. HOW TO AVOID SECURITY FLAWS IN APPS USING IOS WEB VIEWS – Maria Davidenko

“iOS is considered the most secure touch OS because of its closed nature. However, that doesn’t mean that there is no place to worry about your data safety and integrity, or, to be more precise, about your user’s data safety. There are plenty of tools developers get with the iOS SDK to provide a great user experience within their apps, there are, however, few tools you may use to provide safe Internet browsing within your apps. UIWebView is one of them.”

67. DISCOVERING RECONNAISSANCE ACTIVITY THROUGH NETWORK FORENSICS – Shashank Nigam

“Port scanning is the process of analyzing a target machine’s ports in order to determine whether they are open and the types of service running on system. It also allows an attacker to fingerprint the active services and determine their versions. Such analysis forms a solid base for crafting a more focused attack before actually attacking a target.”

68. DIGITAL FORENSICS TUTORIAL: KEYWORD SEARCHES – Patrick Oulette

“When we hear people talk about forensics, we typically imagine scenes from Crime Scene Investigation (CSI) or Crime Scene Unit (CSU) shows or movies so popularized in recent years. Although glamorized and using shortened time-frames for processes involved, these shows do adequately represent standard criminal and crime scene investigative and analytical processes.However, the reality of a digital crime is a much more complex one and involves a much broader spectrum of knowledge and skills related to technologies, non-localized criminal element that may not even be human in nature, and potential theories.”

69. HOW TO FORENSIC USB DEVICES – Carlos Castro

In this article there is a description of difficulties added to computer forensic by the diversity of devices that were included at investigation scope after the creation and popularization of USB interface. The principal focus will be the investigation at Windows environment, describing some characteristics of this operational system, how it deals with USB devices and the attention points for the forensic image acquisition.

70. HOW TO PERFORM FORENSICS ON USB MASS STORAGE DEVICES  PART 3 – Phil Polstra

“USB mass storage devices have become the standard for backup and transfer of files. The popularization of this media has led to challenges for forensic specialists trying to find data on fixed memory storage media instead of traditional magnetic media. This article in a multi-part series will demonstrate how to construct cheap and compact USB mass storage device forensic duplicators.”

71. HOW TO PREVENT YOUR CORPORATE ENVIRONMENT FROM BEING INTRUDED BY INFECTED USB DEVICES PART 4 –  Wimpie Britz

“In today’s ever evolving computer landscape; employees are constantly bombarded by new technologies aimed at speeding up and improving the way that they conduct business. USB Devices are no exception to the rule, but can the corporate environment afford the risks associated with USB Devices.”

72. HOW TO PERFORM FORENSICS ON USB MASS STORAGE DEVICES – Phil Polstra

“USB mass storage devices have become the standard for backup and transfer of files. The popularization of this media has led to challenges for forensic specialists used to traditional magnetic media. This first article in a multi-part series will provide a necessary overview of how USB devices work at a low level.”

73. HOW TO DETECT A FILE WRITTEN TO AN USB EXTERNAL DEVICE WINDOWS FROM MRU LISTS – Carlos Dias da Silva

“Today one of the principal company asset is the digital information. The digital information can be used of a lot of methods and also can be copied using different modes. To know and to control what files were sent to out of the company is a problem nowadays and never is a little the investment to guarantee the data secure.”

74. HOW TO PERFORM FORENSICS ON USB MASS STORAGE DEVICES 4 –  Phil Polstra

“USB mass storage devices have become the standard for backup and transfer of files. The popularization of this media has led to challenges for forensic specialists trying to find data on fixed memory storage media instead of traditional magnetic media. This article in a multi-part series will demonstrate how to construct a cheap and compact write blocker for USB mass storage devices.”

75. USING SYNCBEE TO SYNCHRONIZE YOUR COMPUTER WITH A PORTABLE HARD DRIVE – Chen, Jun-Cheng (Jerry)

“To avoid computer crashes and data loss, people jump on the “online backup” bandwagon to store their data to the Cloud in this data-booming era. Online backup is a good method for saving data. However, we need to be aware of problems when our data is stored in a risky remote space environment. Also note that Internet bandwidth can drastically slow down our backup time and work efficiency.”

76. HOW TO PERFORM FORENSICS ON USB MASS STORAGE DEVICES  PART 5 –  Phil Polstra

“USB mass storage devices have become the standard for backup and transfer of files. The popularization of this media has led to challenges for forensic specialists trying to find data on fixed memory storage media instead of traditional magnetic media. In this firth part of a multi-part series a simple and inexpensive device for bypassing some endpoint security software by allowing any USB mass storage device to present itself as an authorized (whitelisted) device is presented.”

77. HOW TO PERFORM FORENSICS ON USB MASS STORAGE DEVICES  PART 6 – Phil Polstra

“USB mass storage devices have become the standard for backup and transfer of files. The popularization of this media has led to challenges for forensic specialists trying to find data on fixed memory storage media instead of traditional magnetic media. In this sixth article of a multi-part series we will examine how to leverage open source software in order to perform forensics on USB devices.”

If you are not a subscriber and want to buy this magazine click here


Download
File
eForensics_19_2013BEST1.zip

July 30, 2021
Subscribe
Notify of
guest

7 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Levi Ackerman
6 years ago

is there any similar magazine for free account? :D

[STAFF MEMBER]
Admin
6 years ago
Reply to  Levi Ackerman

Hi,

I’m afraid there’s notthing with this much content. The closest I can think of is the 2016 compilation: https://eforensicsmag.com/download/eforensics-open-2016-compilation/

Nurul Huda Mustaqim
7 years ago

hiks, my account is not permitted to download above file

[STAFF MEMBER]
Admin
7 years ago

Hi! This is a premium issue of the magazine, so you would have to join our subscription plan to download it. If you’re interested drop me a line, we’ll talk!

Laguna_7
8 years ago

How can we buy this book without having to subscribe for an entire year?

[STAFF MEMBER]
Admin
8 years ago
Reply to  Laguna_7

Hi, you have to go to this link HERE

You can do that now with every issue that has the “If you are not a subscriber and want to buy this magazine click here” link at the bottom of the page.

Don’t forget to give it a review when you are through!

Molly
9 years ago

Pretty! This was a really wonderful article. Thanks for providing these details.

© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023