Unlocking the Orbital Domain: Digital Forensics in Satellite and UAV Technologies
The evolution of digital technology has significantly broadened the scope of digital forensics, a field traditionally tethered to terrestrial digital systems. The advent of satellite and Unmanned Aerial Vehicle (UAV) technologies has opened up new frontiers, marking a significant stride towards a global digital ecosystem. These technologies are the linchpins in a gamut of critical sectors including global communication, navigation, and surveillance. The imperative to safeguard these systems against burgeoning cyber threats has catalyzed the emergence of satellite and UAV digital forensics. This discourse endeavors to traverse the nascent field of satellite and UAV digital forensics, elucidating on the symbiotic relationship between emerging digital forensic tools, methodologies, and the inherent challenges.
Satellite Forensics
Satellites have become indispensable elements of modern-day life. This technology is playing a vital role in communication, navigation, streaming services, Earth observation, and scientific research. As our dependence on satellite technology grows, the number of vulnerabilities grows with it; so does the need for satellite forensics, a specialized field focused on gathering and analyzing data from satellites to investigate incidents, such as space debris collisions, unauthorized access, or security breaches.
Unlocking Mysteries Beyond Earth from Above: The World of Satellite
Satellites, sometimes called “Digital Television”, orbiting high above the Earth's atmosphere, have become essential tools for communication, navigation, weather monitoring, and national security, but there are also natural satellites. For example, Earth is a satellite because it orbits the sun, and the moon is a satellite because it orbits the Earth. Figure 1 shows the typical satellite architecture. Dotted orange arrows denote radio links; solid black arrows denote ground network links. While their main functions are recognized, they also play a vital role in forensic investigations, helping unravel mysteries from above and provide valued insights into numerous events and occurrences. Satellite forensics, a quite promising field, involves the investigation and analysis of satellite images and data to track information pertinent to legal and investigative processes.
Cyber Threat Intelligence 101
Dear readers, I conclude our journey here with the following thoughts: threat intelligence should provide context to support decision-making, help machines and humans work better together, and provide threat intelligence is for everyone. I hope to have opened a range of study possibilities, feel free to choose your favorite topic and delve deeper. I leave some reading suggestions in the references.

Artificial Intelligence in Digital Forensics
This article explores how AI and AI powered tools and techniques are transforming digital forensics, enhancing its effectiveness, and enabling investigators to navigate the ever-evolving landscape of cybercrime.
Rooting Androids for Forensics
Let’s start out by making sure we understand what the root is. The root is the level of access or control of a device. In general, it is the highest permission level on the device, and sometimes it is referred to as the “superuser.”
Managing Evidence and Investigations with Cellebrite Guardian
Since Guardian is hosted within AWS GovCloud, users are also offered the protection of the cloud service provider’s extensive compliance portfolio. Cellebrite Guardian is a serious contender as it is built for user simplicity and collaboration. Cellebrite has raised the bar with Guardian, and it should be considered for digital forensic laboratories of all sizes.
Forensic Investigation in Docker Environments: Unraveling the Secrets of Containers
In this article, we'll explore the fascinating world of forensics in Docker environments, revealing the essential techniques and tools to unlock the secrets hidden in containers. We'll cover analyzing Docker containers, detecting malicious activity, gathering evidence, and investigating incidents.
Unraveling Digital Mysteries: How AI Copilots can Revolutionize Digital Forensic Investigations
Instead of merely focusing on the limitations or potential pitfalls of Large Language Models (LLMs), we ought to explore their promise. Retrieval-Augmented Generation (RAG) is one such promising frontier. By coupling real-time data retrieval with the robust capabilities of generative models, RAG offers a compelling case for the next evolutionary step in digital forensics. This article emphasizes not just the challenges, but also the transformative potential of AI for forensic experts and investigative detectives alike.
The Lockbit 3 Black Forensics Analysis: Memory Forensics Modern Approach (Part III)
Memory Forensics is one of the greatest developments in the history of digital forensic analysis. In fact, it's a turning point in forensic investigation methodology. The turning point came with development of tools for memory capture (for different operating systems) and tools that extract data from the memory image, such as Volatility and Rekall (officially discontinued).
VirusTotal’s Code Insight Versus ChatGPT Analysis
In the meanwhile, not too long ago, VirusTotal announced their Generative AI threat analysis feature named Code Insight. With a great-looking future ahead, it starts with humble beginnings. As a matter of fact, such a pivot has occurred with the announcement of ChatGPT that no one is talking about NFT and/or crypto anymore, everything is now AI-centric (again, for now). So this article goes well in hand with my VirusTotal Enterprise Series 12, available at eForensics's site.
Unleashing the Power of Artificial Intelligence in Digital Forensics: Role of Digital Forensics in Fighting Cybercrime
In an era defined by digital innovation and the ever-expanding reach of technology, the field of digital forensics plays a critical role in uncovering evidence, investigating cybercrime, and ensuring justice in the digital realm 1. Digital forensics involves the collection, analysis, and interpretation of digital evidence from various sources, such as computers, mobile devices, networks, and digital storage media. With the surge in data volumes and the complexity of digital crimes, traditional forensic methods have faced significant challenges. However, the emergence of Artificial Intelligence (AI) has brought forth a new era in digital forensics, revolutionizing the way investigations are conducted and enhancing the efficiency and accuracy of the process.
Obfuscating Infiltration and Exfiltration with Code Cave Artifacts
This article covers a handful of fun ways to play with executable binary files instead of just running them like everyone else. We will cover binary files using C, and tools using Python3, which automates our workflow and processes with shell scripts, and running this in a Linux environment, using Linux tooling.
iPhone Forensics
Since the 90s, Apple has used a Hierarchical File System and other advancements in data handling in order to protect user data, not to mention the ability to use passkeys in a recent iOS update. Combined, all of this makes forensic investigations much more difficult, especially if the current advancements are not tracked properly.
How to Better Prepare for a Memory Forensics Investigation
This article will provide insights on how to better prepare for memory forensic investigation by touching on memory forensics methodology, customizing a toolkit manager, and reviewing the current challenges in memory forensics.
History of DevSecOps
Because of the increased requirement for enterprises to emphasize security in an era of regular cyber-attacks and data breaches, DevSecOps has gained prominence in the software development scene. DevSecOps strives to achieve a balance between agility and security by embedding security into the DevOps approach, allowing teams to release software quickly while ensuring it is strong and resilient against potential security vulnerabilities.
OSINT Investigation on a Mobile App or Service
In this article, we will be looking at using an Android emulated phone on a computer to leverage both the mobile device side and still retain the ability to use a number of useful OSINT tools at the same time, along with some basic OSINT preparation for our mobile device investigation.
Remote Video Identification
This technology has applications in various industries, such as government, finance, healthcare, telecom, and intelligence services, just to name a few, revolutionizing processes, such as account onboarding, passport identification, remote transactions, and customer support. The technology combines document verification, face recognition, and liveness detection techniques. Remote video identification offers enhanced security and efficiency, especially in the aspect of remote or security work activities. In this article, we will explore the technologies and methods used in remote video identification and examine their impact on different sectors.
Ransomware Phishing Attacks
This is increasingly becoming the new reality as ransomware is not only easy to initiate but also can be highly profitable. Home users, small businesses, large businesses, government networks, health care, education, everyone is a target. While infection methods can vary from a malicious text message link, an infected USB drive, infected software online, bogus movie downloads, malicious websites, etc., in this article, we will be focusing on email delivery, things to lookout for, and mitigation techniques.
Unusual Emails: Investigating
For this article, we will be performing an OSINT investigation on an email that was sent to see what information we can find by verifying parts of the email’s content. This is a scenario based on real email investigations. As with any investigation, I do recommend exercising precaution (use a VM, sock puppet accounts, VPN, etc.). In terms of this article, you can assume that the previously mentioned precautions are already being exercised.
Hunting for macOS Ransomware Using VirusTotal Enterprise
ARRR-Ransomware for macOS be-out there ‘laddies’, and we are going to find it! Join me as we embark on a wild adventure to sail the deepest and darkest seas on the hunt for macOS ransomware. BONUS: We’ve added a surprise for the latest ransomware for macOS, which occurred during the preliminary writing of this article.
Ransomware Investigation: The New Challenges
Today, there is a cloud infrastructure and servers for hire on the dark web, and deployment is known as “ransomware-as-a-service” (RaaS). As the cloud service enables multiple ransomware deliveries, the reuse of code from other ransomware is common. For this reason, it is interesting to analyze the artifact to verify if it belongs to any already detected ransomware family.
Imaging an Android Smartphone Logically
Android has a large variety of devices, as well as different versions of Android itself. When you look at the setup steps, they are typical for Android, Android Oxygen, and Android Go. When working with the Android device, remember if your forensic workstation cannot see it, neither can your tool. One of the tips I find helpful is to keep the Device Manager open when working with an Android.
Analyzing Malware Mobile Apps with VirusTotal Enterprise Online and Kali Linux Locally
In this article, we’ll be hunting mobile malware using VirusTotal Enterprise, and analyzing a mobile malware sample found using the tools in the latest version of Kali Linux.
Unlocking the Orbital Domain: Digital Forensics in Satellite and UAV Technologies
The evolution of digital technology has significantly broadened the scope of digital forensics, a field traditionally tethered to terrestrial digital systems. The advent of satellite and Unmanned Aerial Vehicle (UAV) technologies has opened up new frontiers, marking a significant stride towards a global digital ecosystem. These technologies are the linchpins in a gamut of critical sectors including global communication, navigation, and surveillance. The imperative to safeguard these systems against burgeoning cyber threats has catalyzed the emergence of satellite and UAV digital forensics. This discourse endeavors to traverse the nascent field of satellite and UAV digital forensics, elucidating on the symbiotic relationship between emerging digital forensic tools, methodologies, and the inherent challenges.
Satellite Forensics
Satellites have become indispensable elements of modern-day life. This technology is playing a vital role in communication, navigation, streaming services, Earth observation, and scientific research. As our dependence on satellite technology grows, the number of vulnerabilities grows with it; so does the need for satellite forensics, a specialized field focused on gathering and analyzing data from satellites to investigate incidents, such as space debris collisions, unauthorized access, or security breaches.
Unlocking Mysteries Beyond Earth from Above: The World of Satellite
Satellites, sometimes called “Digital Television”, orbiting high above the Earth's atmosphere, have become essential tools for communication, navigation, weather monitoring, and national security, but there are also natural satellites. For example, Earth is a satellite because it orbits the sun, and the moon is a satellite because it orbits the Earth. Figure 1 shows the typical satellite architecture. Dotted orange arrows denote radio links; solid black arrows denote ground network links. While their main functions are recognized, they also play a vital role in forensic investigations, helping unravel mysteries from above and provide valued insights into numerous events and occurrences. Satellite forensics, a quite promising field, involves the investigation and analysis of satellite images and data to track information pertinent to legal and investigative processes.
Cyber Threat Intelligence 101
Dear readers, I conclude our journey here with the following thoughts: threat intelligence should provide context to support decision-making, help machines and humans work better together, and provide threat intelligence is for everyone. I hope to have opened a range of study possibilities, feel free to choose your favorite topic and delve deeper. I leave some reading suggestions in the references.

Deepfake Audio: A Comprehensive Study in Digital Forensics Course Online (W62)
This course is aimed at presenting an elementary yet comprehensive picture of the field of digital audio forensics, with the implied hope that it will afford the participant useful theoretical and practical knowledge of the field and its various aspects.
Micro-drone Warfare: Cybersecurity Implications and Countermeasures (W61)
"Micro-drone Warfare: Cybersecurity Implications and Countermeasures" is an advanced course designed for digital forensics professionals seeking to understand the cybersecurity challenges posed by the increasing use of micro-drones in modern warfare. The course provides an in-depth exploration of micro-drone technologies, their role in cyber threats, and the countermeasures necessary to mitigate these threats. Learners will delve into the various types and capabilities of micro-drones, their communication and networking technologies, and the associated cybersecurity vulnerabilities. The course covers risk assessment and threat modeling for micro-drone systems, analysis of real-world micro-drone warfare scenarios, and the development of defense strategies against potential cyber attacks. Additionally, the course addresses the legal and policy frameworks governing micro-drone warfare cybersecurity, including ethical considerations, privacy implications, and international regulations. The course is led by Rhonda Johnson, a seasoned educator and Ph.D. student specializing in Cybersecurity. Prior knowledge of computer networks, cybersecurity principles, operating systems, basic electronics, and wireless communication is recommended. The course employs tools such as Drone Simulators and Drone Performance Evaluation Tools for practical learning.
Data Integrity And Evidence Handling in Digital Forensics - Course Online (W60)
The course is intended for individuals from the IT industry as well as those outside of it who have some knowledge of cybersecurity. Basic concepts of cybersecurity are required. During the course, participants will acquire skills related to: Understanding digital forensics, including its scope, relevance in investigations, and legal and ethical considerations. Concepts of data integrity and its significance in digital forensics. They will learn about various threats to data integrity and techniques for ensuring its preservation throughout the forensic process. Principles of evidence handling, including chain of custody, documentation, and the importance of maintaining the integrity of evidence. Legal and ethical considerations related to digital evidence handling. This includes understanding privacy and confidentiality considerations and the role of expert witness testimony in courtroom presentations. Data acquisition techniques for different types of digital devices. They will learn about disk imaging, integrity verification, and the use of hash functions in maintaining data integrity. Techniques for analyzing and examining digital evidence, including file system analysis, data recovery, reconstruction techniques, and metadata analysis. The course also includes practical application of various tools and technologies used in digital forensics, such as Autopsy, The Sleuth Kit (TSK), Volatility, Plaso, Wireshark, Bulk Extractor, OSForensics, and Autopsy Browser. At the end of the course, a final exam is planned consisting of multiple-choice questions on the concepts and fundamentals arising from the course outcomes, along with practical tasks.
eForensics Course for eWarfare: Investigations, Threat Detection and Reconnaissance in the Electromagnetic Spectrum (W59)
eForensics for eWarfare: Investigations, Threat Detection, and Reconnaissance in the Electromagnetic Spectrum" is an innovative course designed to introduce learners to the application of digital forensics tools and techniques in electronic warfare. It aims to deepen participants' understanding of electronic warfare, its history, military applications, and how digital forensics is applied in warfare and intelligence. The course also focuses on the significance of electronic warfare in today's world, discussing potential threats and how to mitigate them. COURSE STRUCTURE: This course is structured into several key modules, each focusing on a specific aspect of electronic warfare. The modules are: Introduction to Electronic Warfare Notable Milestones in the Development of Electronic Warfare A Look at Air Force Radar Systems Military Application of Digital Forensics Investigating Incidents on Critical Infrastructure: Industrial Control Systems (ICS) Each module ends with a multiple-choice quiz to ensure understanding, with a pass mark of 75%. EQUIPMENT & PREREQUISITES: To participate, students will need a PC, tablet, or smartphone with an internet connection. Basic knowledge of information systems, cybersecurity, and digital forensics is recommended. ABOUT THE LECTURER: This course is led by an experienced lecturer from the Cyber Security Department of the Air Force Institute of Technology (AFIT), Kaduna. With a background in both training and consulting, the lecturer has considerable expertise in a range of relevant areas, including information and physical management, security, assurance, and control. Furthermore, he has authored numerous articles in well-established journals, including eForensics Magazine and the ISACA Journal, and has led training workshops on digital forensics and eDiscovery.
