Intelligent Algorithms and Forensic Investigation: The Meeting between Sherlock Holmes and the Digital Age
This article delves into the exciting world of forensic investigation technology, exploring how technological innovations have revolutionized the field, from analyzing images and videos to recovering data from electronic devices. Throughout this article, you will discover how artificial intelligence, computer forensics, and other high-tech tools are redefining the limits of case solving and contributing to the relentless pursuit of justice.
Forensicating Threats in the Cloud
As organizations have shifted to the cloud, it's not surprising that threat actors have followed. Below, we run through some of the most prominent attacks in the cloud today and how to perform cloud forensics and incident response to resolve them.
Digital Forensic Lab Management Made Easy with Monolith
There are multiple areas to focus on when managing a digital forensic laboratory. Some of the important items to track are physical evidence like mobile devices or hard drives. However, how do we keep on track with other devices or evidence? In a forensics laboratory, for instance, there is hardware, software and other equipment that needs to be tracked. Some laboratories use spreadsheets, or inventory management systems, but these methods are seldom cohesive in relation to documenting evidence and building reports. A company called Monolith Forensics created a solution for this called Monolith.
Hunting Hackers Using Autopsy on a macOS Image
In this scenario, we've received an image of a USB thumb drive (orig_128mb_image.dd) confiscated from the hacker's backpack. It was literally sewn in the lining of the backpack, which makes it even more interesting. The primary investigators did not want to plug it into any of their field laptops (they learned from the last time – another story, another time), and kicked it back here to our basement team for further analysis. You will learn clever forensic concepts to use in the field and investigations.

Forensicating Threats in the Cloud
As organizations have shifted to the cloud, it's not surprising that threat actors have followed. Below, we run through some of the most prominent attacks in the cloud today and how to perform cloud forensics and incident response to resolve them.
Autopsy: The Digital Forensics Toolkit
Autopsy is an open-source, cross-platform digital forensics toolkit that offers a wide range of features and capabilities to aid investigators in the retrieval and analysis of digital evidence according to the project page (Autopsy, n.d.). This essay explores Autopsy, its significance in digital forensics, and its key features, from starting a case to managing the contents of artifacts and everything in between.
Digital Forensic Analysis Using Autopsy 4.21.0
This article shows a forensic analysis using Autopsy 4.21.0. The SUSPECT.EO1 file is a disk image case study and is evidence used in Belkasoft's X training and CTF challenge. The article is not intended to be a complete analysis of this image because this image has a lot of detail and has an investigative complexity that would require more than one article. In this way, some parts will be analyzed with the intention of showing the use of Autopsy.
Autopsy 4.21 Version
This article shows you how to start a case with the new version 4.21.0 of Autopsy, one of the pioneering tools responsible for the digital change in forensic investigation in recent years. The article itself does not claim to be a complete guide for a person to use Autopsy. For this, there are several sources on the web. However, an introduction is made on how to start a case in Autopsy, using an image called SUSPECT_LAPTOP, which was used in Belkasoft training and for which I received permission to use.
Hunting Hackers Using Autopsy on a macOS Image
In this scenario, we've received an image of a USB thumb drive (orig_128mb_image.dd) confiscated from the hacker's backpack. It was literally sewn in the lining of the backpack, which makes it even more interesting. The primary investigators did not want to plug it into any of their field laptops (they learned from the last time – another story, another time), and kicked it back here to our basement team for further analysis. You will learn clever forensic concepts to use in the field and investigations.
The Two-Tool Process in Digital Forensics. Step 1 Selection
With such a large variety of digital data available, the tool selection process will depend greatly on what type of data you seek and how much of a budget you must spend. Many organizations opt to minimize costs by relying on open-source technology for their investigative needs. However, choosing this method can result in a shortfall when it comes to finding all the critical data. To prevent missing critical data, every investigator should have a secondary tool to use to cross-validate their findings. No single tool can process and capture all the available data, nor does every tool parse the data the same way. That's why employing a two-tool process is a fundamental cornerstone in the field of digital forensics. The selection process outlined below lists steps to follow to maximize your tool selection.
Digital Forensic Lab Management Made Easy with Monolith
There are multiple areas to focus on when managing a digital forensic laboratory. Some of the important items to track are physical evidence like mobile devices or hard drives. However, how do we keep on track with other devices or evidence? In a forensics laboratory, for instance, there is hardware, software and other equipment that needs to be tracked. Some laboratories use spreadsheets, or inventory management systems, but these methods are seldom cohesive in relation to documenting evidence and building reports. A company called Monolith Forensics created a solution for this called Monolith.
Unlocking the Orbital Domain: Digital Forensics in Satellite and UAV Technologies
The evolution of digital technology has significantly broadened the scope of digital forensics, a field traditionally tethered to terrestrial digital systems. The advent of satellite and Unmanned Aerial Vehicle (UAV) technologies has opened up new frontiers, marking a significant stride towards a global digital ecosystem. These technologies are the linchpins in a gamut of critical sectors including global communication, navigation, and surveillance. The imperative to safeguard these systems against burgeoning cyber threats has catalyzed the emergence of satellite and UAV digital forensics. This discourse endeavors to traverse the nascent field of satellite and UAV digital forensics, elucidating on the symbiotic relationship between emerging digital forensic tools, methodologies, and the inherent challenges.
Satellite Forensics
Satellites have become indispensable elements of modern-day life. This technology is playing a vital role in communication, navigation, streaming services, Earth observation, and scientific research. As our dependence on satellite technology grows, the number of vulnerabilities grows with it; so does the need for satellite forensics, a specialized field focused on gathering and analyzing data from satellites to investigate incidents, such as space debris collisions, unauthorized access, or security breaches.
Unlocking Mysteries Beyond Earth from Above: The World of Satellite
Satellites, sometimes called “Digital Television”, orbiting high above the Earth's atmosphere, have become essential tools for communication, navigation, weather monitoring, and national security, but there are also natural satellites. For example, Earth is a satellite because it orbits the sun, and the moon is a satellite because it orbits the Earth. Figure 1 shows the typical satellite architecture. Dotted orange arrows denote radio links; solid black arrows denote ground network links. While their main functions are recognized, they also play a vital role in forensic investigations, helping unravel mysteries from above and provide valued insights into numerous events and occurrences. Satellite forensics, a quite promising field, involves the investigation and analysis of satellite images and data to track information pertinent to legal and investigative processes.
Cyber Threat Intelligence 101
Dear readers, I conclude our journey here with the following thoughts: threat intelligence should provide context to support decision-making, help machines and humans work better together, and provide threat intelligence is for everyone. I hope to have opened a range of study possibilities, feel free to choose your favorite topic and delve deeper. I leave some reading suggestions in the references.

Deepfake Audio: A Comprehensive Study in Digital Forensics Course Online (W62)
This course is aimed at presenting an elementary yet comprehensive picture of the field of digital audio forensics, with the implied hope that it will afford the participant useful theoretical and practical knowledge of the field and its various aspects.
Micro-drone Warfare: Cybersecurity Implications and Countermeasures (W61)
"Micro-drone Warfare: Cybersecurity Implications and Countermeasures" is an advanced course designed for digital forensics professionals seeking to understand the cybersecurity challenges posed by the increasing use of micro-drones in modern warfare. The course provides an in-depth exploration of micro-drone technologies, their role in cyber threats, and the countermeasures necessary to mitigate these threats. Learners will delve into the various types and capabilities of micro-drones, their communication and networking technologies, and the associated cybersecurity vulnerabilities. The course covers risk assessment and threat modeling for micro-drone systems, analysis of real-world micro-drone warfare scenarios, and the development of defense strategies against potential cyber attacks. Additionally, the course addresses the legal and policy frameworks governing micro-drone warfare cybersecurity, including ethical considerations, privacy implications, and international regulations. The course is led by Rhonda Johnson, a seasoned educator and Ph.D. student specializing in Cybersecurity. Prior knowledge of computer networks, cybersecurity principles, operating systems, basic electronics, and wireless communication is recommended. The course employs tools such as Drone Simulators and Drone Performance Evaluation Tools for practical learning.
Data Integrity And Evidence Handling in Digital Forensics - Course Online (W60)
The course is intended for individuals from the IT industry as well as those outside of it who have some knowledge of cybersecurity. Basic concepts of cybersecurity are required. During the course, participants will acquire skills related to: Understanding digital forensics, including its scope, relevance in investigations, and legal and ethical considerations. Concepts of data integrity and its significance in digital forensics. They will learn about various threats to data integrity and techniques for ensuring its preservation throughout the forensic process. Principles of evidence handling, including chain of custody, documentation, and the importance of maintaining the integrity of evidence. Legal and ethical considerations related to digital evidence handling. This includes understanding privacy and confidentiality considerations and the role of expert witness testimony in courtroom presentations. Data acquisition techniques for different types of digital devices. They will learn about disk imaging, integrity verification, and the use of hash functions in maintaining data integrity. Techniques for analyzing and examining digital evidence, including file system analysis, data recovery, reconstruction techniques, and metadata analysis. The course also includes practical application of various tools and technologies used in digital forensics, such as Autopsy, The Sleuth Kit (TSK), Volatility, Plaso, Wireshark, Bulk Extractor, OSForensics, and Autopsy Browser. At the end of the course, a final exam is planned consisting of multiple-choice questions on the concepts and fundamentals arising from the course outcomes, along with practical tasks.
eForensics Course for eWarfare: Investigations, Threat Detection and Reconnaissance in the Electromagnetic Spectrum (W59)
eForensics for eWarfare: Investigations, Threat Detection, and Reconnaissance in the Electromagnetic Spectrum" is an innovative course designed to introduce learners to the application of digital forensics tools and techniques in electronic warfare. It aims to deepen participants' understanding of electronic warfare, its history, military applications, and how digital forensics is applied in warfare and intelligence. The course also focuses on the significance of electronic warfare in today's world, discussing potential threats and how to mitigate them. COURSE STRUCTURE: This course is structured into several key modules, each focusing on a specific aspect of electronic warfare. The modules are: Introduction to Electronic Warfare Notable Milestones in the Development of Electronic Warfare A Look at Air Force Radar Systems Military Application of Digital Forensics Investigating Incidents on Critical Infrastructure: Industrial Control Systems (ICS) Each module ends with a multiple-choice quiz to ensure understanding, with a pass mark of 75%. EQUIPMENT & PREREQUISITES: To participate, students will need a PC, tablet, or smartphone with an internet connection. Basic knowledge of information systems, cybersecurity, and digital forensics is recommended. ABOUT THE LECTURER: This course is led by an experienced lecturer from the Cyber Security Department of the Air Force Institute of Technology (AFIT), Kaduna. With a background in both training and consulting, the lecturer has considerable expertise in a range of relevant areas, including information and physical management, security, assurance, and control. Furthermore, he has authored numerous articles in well-established journals, including eForensics Magazine and the ISACA Journal, and has led training workshops on digital forensics and eDiscovery.
