We invite you to take a look at a conversation we had with one of our instructors and long-time collaborators, Ranjitha R. Ranjitha is an excellent professional with a passion for the eForensics field, and we hope you enjoy reading the interview. Hop in!
[eForensics Magazine]: Hello Ranjitha, how are you? Can you introduce yourself to our readers?
[Ranjitha R]: Hi Readers, I am on an awesome career path in my life as one of my most cherished dreams has come true, which was to become an instructor for I love teaching. This I accomplished on a platform like eForensics Magazine, and I am extremely thankful for the opportunity given to me. I am also an active member of a beta-testers group of eForensics Magazine, which keeps me updated about the eforensics world.
[eFM]: What parts of collaborating with eForensics do you find most interesting?
[RR]: My association with eForensics Magazine started when I registered as a ‘free user’ and when I got the opportunity to collaborate on the magazine issue CAR HACKING AND FORENSICS (issue 07/2016) with my article ‘‘Timeline Forensics: An Automated Reconstruction of Events, Timeline, User and Application Activity.’’ Thereafter, I became a member in the beta-testing group. Later, I got an opportunity to contribute another article titled ‘‘Bitcoin: The Distributed Digital Currency, Malware, And Botnet Threats’’ in the issue BEYOND FORENSICS (issue 08/2016). Most recently, I contributed to eForensics Magazine by preparing the tutorial ‘‘Log Files and Attacks and Defenses (W38).” Next, I have prepared yet another article titled ‘‘Forensic Investigation and Financial Auditing’’, which I am eagerly waiting to be published. Each and every way I collaborated with eForensics Magazine has not only being interesting, but also memorable. It not only introduced me into the world of digital forensics, but gave me friends like Joanna Kretowicz, Marta Strzelec, Dominika Zdrodowska, and Marta Sienicka as I acquired lot of qualities by associating with them, and I am indebted to them.
[eFM]: You’re a digital forensics researcher and post-graduate student. How did your journey begin? What drew you into this field?
[RR]: My journey as a student began at ER&DCI-IT(C-DAC), Trivandrum where I post-graduated in Computer Science and Engineering (with specialization in Cyber Forensics and Information Security).
It was under the guidance of very proficient and educated engineers of the Resource Centre for Cyber Forensics (RCCF), which is a pioneering institute, under CDAC Trivandrum that I learned the ABCs of digital forensics.
RCCF is dedicated to the indigenous development of hardware and software tools for Cyber Forensics in the area of Disk Forensics, Network Forensics, Device Forensics, Peripheral Forensics and provide quality services in Cyber Forensics related cases.
It is the meticulous and persevering work culture at CDAC that moulded me or brought out the latent interest to the digital forensic world.
[eFM]: What are some good qualities a teaching institution for cyber forensics should have?
[RR]: In my view, a teaching institution could give students individual guidance according to interests or skill set of the students. Cyber Forensics being a vast field with many divisions, a student should have the freedom and mentality to choose with expert assistance. This would help to sharpen the individual skill set as well increase the scope of research and development.
As it is machines that students are in constant contact with, the instructors should make the tutorials in such a way that students gets the concept and enable them to test it out. For example, finding vulnerabilities in a particular software application, which only a student whose interest has been enhanced in that aspect could achieve.
The teaching institution should be able to guide, as well as mould, a student into a miniature forensic expert with passion for the chosen profession.
[eFM]: You instructed our “Log files attacks and defences”. What do you think is the most important thing to understand about this subject?
[RR]: Every system in the network generates a type of log file. In other words, a log entry is created for each event or transaction that occurs on any machine or a piece of hardware.
A log file acts as a “journal of record”. The Microsoft based systems generate Windows Event Log files, and UNIX-based servers and networking devices use the System Log or Syslog standard.
The Event Log Management is the key or most important aspect that has to be understood about the subject Log Files Attacks and Defenses. One could monitor, audit, and report on file access, unauthorized activity by users, policy changes, or even major changes in organizational roles via group membership.
By setting up an Event and Log Management solution, one can easily manage the periodic overwhelming amount of log information generated by computer systems. The real-time access to log data allows to filter and locate that one “needle in a haystack” event responsible of a security breach.
[eFM]: What’s in your opinion the biggest challenge when you’re starting out in digital forensics?
[RR]: In my opinion, as a beginner, the biggest challenge is the identification and study about malware and their behavior in digital forensics.
Two categories; the static analysis techniques and the dynamic analysis techniques.
The static techniques involve looking into the binaries directly or reverse engineering the code for patterns in the same.
The dynamic analysis techniques involve capturing the behavior of the malware sample by executing it in a sandboxed environment or by program analysis methods and then use that for extracting patterns for each family of virus.
[eFM]: And why do you think that’s difficult for beginners? Is it a topic that’s hard to learn on your own?
[RR]: It is a project taken up by MTech students based on research papers published in the field of Cyber Forensics and Information Security after inputting innovations from their side with expert guidance. So, a beginner would certainly struggle if attempted single handedly.
[eFM]: Which one - static or dynamic - was more difficult for you to grasp? How did you overcome it?
[RR]: I would say I found the dynamic analysis techniques quite tedious. I had a project evaluation of MTech junior students, and it was then I found the effort that was put in by the students to get it done. They implemented the PHMM (Profile Hidden Markov Model, it is a probabilistic technique that is widely used in the field of Bioinformatics) in the field of malware detection.
[eFM]: In your view, what’s something that universities could be doing better when teaching information security?
[RR]: The Information Security teaching should emphasize technical issues in software, computer system, and network security. This would enable the students to have better hands-on knowledge and experience as how to overcome a system breach in a corporate working environment.
[eFM]: What tools would you recommend anyone starting out in digital forensics should learn?
- Data Acquisition Tools: ProDiscover, EnCase, X-ways Forensics, R-Tools, F-Response.
- Digital Hash Tools: FTK Imager, WinHEx,WinMD5.
- Extraction Tools: DataLifter, Davory.
- Password Recovery Tools: AccessData Password Recovery Kit (PRTK)
- Reconstruction Tools: SafeBack, SnapBack DatArrest
- Reporting Tools: Ilook
[eFM]: What are your favourite news sources for information security and DFIR?
[eFM]: You’re working and studying in India. It’s a huge market! For people in digital forensics is it more popular to go with law enforcement, or work in the market sector?
[RR]: I agree that the digital forensics market in India is huge. There is lot of space for growth and advancement in the market sector. Frequent data breaches are bleeding many Indian companies as per studies done by IBM Security and Ponemon Institute, an American firm. Between April 2017 and January 2018, over 22,000 Indian websites were hacked, including 114 government portals. Indian companies are struggling to cope with such risks.
Much of the digital forensics investigations are still carried out by law enforcement itself, with the support of pioneers in the field like CDAC.
[eFM]: What differences are there in India when working for LE and private companies? Do you think they’re the same everywhere else?
[RR]: In India, law enforcement is a rewarding career field. It’s able to truly affect people’s lives and help them get their lives back in order. These jobs are more secure as compared to private companies. When appointed by government, you retire at an age of 58-65 depending upon the nature of work.
In private companies, the work atmosphere is totally different; one can learn various skills, improve your pay, save up money, and retire by 40-50. One can go for a startup business even after retirement.
In law enforcement, one doesn’t have this freedom. Once you are in, you have to burn all your bridges to get out.
If you are in the private sector, you have to work a lot to survive. But at the end of the day, the person will turn into a better human being, a better professional, and a positive contributor to society.
I think this is the same everywhere else.
[eFM]: What’s one rule more people should follow when working on investigations?
[RR]: Information security's primary focus is the balanced protection of the confidentiality, integrity, and availability of data (also known as the CIA triad). This has to be safeguarded in any ongoing investigations by the people involved in it.
[eFM]: Do you have any advice for our readers?
[RR]: In this information age that is evolving with advancement in technology, knowledge is now thought of as being like a form of energy, as a system of networks and flows; something that does things, or makes things happen. It is produced, not by individual experts, but by collective intelligence, i.e., groups of people with interdependent expertise who collaborate for specific purposes. These changes have major indications to our education system. So all of you readers out there, let’s merge into this ever-growing advancement of the human race by contributing, and being a part in this Knowledge Age for the good of mankind.