Boost Your DFIR Investigative Mindset!
Brett Shavers With all the hype around Artificial Intelligence (AI) in Digital Forensics and Incident Response (DFIR), you might wonder …
Data Carving Xbox One using Belkasoft Evidence Center X
Viviane Cruz Paraphrasing Edmond Locard, the father of forensic computing: "every action leaves a trace," whether it's on cell phones, …
Navigating Data Recovery: Solutions, Pros, Cons, and Permanent Deletion Tips
Tharaka Singharage In today’s digital age, data recovery has become an increasingly important topic. While everything is functioning smoothly, we …
Getting Started in Cyber Security Forensics with AI and ChatGPT
Cyber security forensics, or digital forensics, is a crucial field within cyber security, focusing on the identification, preservation, analysis, and …
Forensic Investigation in Docker Environments: Unraveling the Secrets of Containers
In this article, we'll explore the fascinating world of forensics in Docker environments, revealing the essential techniques and tools to unlock the secrets hidden in containers. We'll cover analyzing Docker containers, detecting malicious activity, gathering evidence, and investigating incidents.
SOC Maturity Model
The SOC Maturity Model is a comprehensive framework designed to evaluate and enhance the effectiveness of an organization's Security Operations Center. The SOC Maturity Model provides a systematic approach to benchmark an organization's cybersecurity capabilities, enabling them to understand their current level of maturity and strategically advance their cybersecurity posture.
Digital Forensic Analysis Using Autopsy 4.21.0
This article shows a forensic analysis using Autopsy 4.21.0. The SUSPECT.EO1 file is a disk image case study and is evidence used in Belkasoft's X training and CTF challenge. The article is not intended to be a complete analysis of this image because this image has a lot of detail and has an investigative complexity that would require more than one article. In this way, some parts will be analyzed with the intention of showing the use of Autopsy.
Rooting Androids for Forensics
Let’s start out by making sure we understand what the root is. The root is the level of access or control of a device. In general, it is the highest permission level on the device, and sometimes it is referred to as the “superuser.”
History of DevSecOps
Because of the increased requirement for enterprises to emphasize security in an era of regular cyber-attacks and data breaches, DevSecOps has gained prominence in the software development scene. DevSecOps strives to achieve a balance between agility and security by embedding security into the DevOps approach, allowing teams to release software quickly while ensuring it is strong and resilient against potential security vulnerabilities.
Artificial Intelligence in Digital Forensics
This article explores how AI and AI powered tools and techniques are transforming digital forensics, enhancing its effectiveness, and enabling investigators to navigate the ever-evolving landscape of cybercrime.
The Lockbit 3 Black Forensics Analysis (Part I)
This article, Part I, focuses on the Lockbit 3.0 (Black) forensics files analysis. Lockbit 3.0 represents a class of Ransomware as a Service and has increased the attack surface.
Basic and Essential Requirements for Building a Computer Forensic Lab
In this article, we present the basic elements of a standard computer forensic lab as well as the tools associated with it, not only in terms of functionalities and aims but also in terms of hardware and software. For the software part, we present commercial and free solutions.
Imaging an Android Smartphone Logically
Android has a large variety of devices, as well as different versions of Android itself. When you look at the setup steps, they are typical for Android, Android Oxygen, and Android Go. When working with the Android device, remember if your forensic workstation cannot see it, neither can your tool. One of the tips I find helpful is to keep the Device Manager open when working with an Android.
Managing Evidence and Investigations with Cellebrite Guardian
Since Guardian is hosted within AWS GovCloud, users are also offered the protection of the cloud service provider’s extensive compliance portfolio. Cellebrite Guardian is a serious contender as it is built for user simplicity and collaboration. Cellebrite has raised the bar with Guardian, and it should be considered for digital forensic laboratories of all sizes.
Unleashing the Power of Artificial Intelligence in Digital Forensics: Role of Digital Forensics in Fighting Cybercrime
In an era defined by digital innovation and the ever-expanding reach of technology, the field of digital forensics plays a critical role in uncovering evidence, investigating cybercrime, and ensuring justice in the digital realm 1. Digital forensics involves the collection, analysis, and interpretation of digital evidence from various sources, such as computers, mobile devices, networks, and digital storage media. With the surge in data volumes and the complexity of digital crimes, traditional forensic methods have faced significant challenges. However, the emergence of Artificial Intelligence (AI) has brought forth a new era in digital forensics, revolutionizing the way investigations are conducted and enhancing the efficiency and accuracy of the process.
Forensicating Threats in the Cloud
As organizations have shifted to the cloud, it's not surprising that threat actors have followed. Below, we run through some of the most prominent attacks in the cloud today and how to perform cloud forensics and incident response to resolve them.
Hunting for macOS Ransomware Using VirusTotal Enterprise
ARRR-Ransomware for macOS be-out there ‘laddies’, and we are going to find it! Join me as we embark on a wild adventure to sail the deepest and darkest seas on the hunt for macOS ransomware. BONUS: We’ve added a surprise for the latest ransomware for macOS, which occurred during the preliminary writing of this article.
The Lockbit 3 Black Forensics Analysis: Memory Forensics Modern Approach (Part III)
Memory Forensics is one of the greatest developments in the history of digital forensic analysis. In fact, it's a turning point in forensic investigation methodology. The turning point came with development of tools for memory capture (for different operating systems) and tools that extract data from the memory image, such as Volatility and Rekall (officially discontinued).
Unraveling Digital Mysteries: How AI Copilots can Revolutionize Digital Forensic Investigations
Instead of merely focusing on the limitations or potential pitfalls of Large Language Models (LLMs), we ought to explore their promise. Retrieval-Augmented Generation (RAG) is one such promising frontier. By coupling real-time data retrieval with the robust capabilities of generative models, RAG offers a compelling case for the next evolutionary step in digital forensics. This article emphasizes not just the challenges, but also the transformative potential of AI for forensic experts and investigative detectives alike.
Dark Web File Sharing: Basic Forensics Using CSI Linux
Paulo Pereira, PhD/DFIR “Oh I've just come From the land of the sun From a war that must be won …
Magnet Forensics, Magnet Axiom - A First Look
Magnet Axiom comprises Magnet Axiom Process and Magnet Axiom Examine, and Magnet.AI is also incorporated into Magnet Axiom for examiners to take advantage of when analysing evidence. This article aims to introduce readers to Magnet Axiom, how to process computer and mobile sources with Axiom Process, discuss the processing options Axiom provides as well as cover some of the more important features relevant to a forensic examination offered with Axiom Examine.
iPhone Forensics
Since the 90s, Apple has used a Hierarchical File System and other advancements in data handling in order to protect user data, not to mention the ability to use passkeys in a recent iOS update. Combined, all of this makes forensic investigations much more difficult, especially if the current advancements are not tracked properly.
Ransomware Investigation: The New Challenges
Today, there is a cloud infrastructure and servers for hire on the dark web, and deployment is known as “ransomware-as-a-service” (RaaS). As the cloud service enables multiple ransomware deliveries, the reuse of code from other ransomware is common. For this reason, it is interesting to analyze the artifact to verify if it belongs to any already detected ransomware family.
Obfuscating Infiltration and Exfiltration with Code Cave Artifacts
This article covers a handful of fun ways to play with executable binary files instead of just running them like everyone else. We will cover binary files using C, and tools using Python3, which automates our workflow and processes with shell scripts, and running this in a Linux environment, using Linux tooling.
Boost Your DFIR Investigative Mindset!
Brett Shavers With all the hype around Artificial Intelligence (AI) in Digital Forensics and Incident Response (DFIR), you might wonder …
Data Carving Xbox One using Belkasoft Evidence Center X
Viviane Cruz Paraphrasing Edmond Locard, the father of forensic computing: "every action leaves a trace," whether it's on cell phones, …
Navigating Data Recovery: Solutions, Pros, Cons, and Permanent Deletion Tips
Tharaka Singharage In today’s digital age, data recovery has become an increasingly important topic. While everything is functioning smoothly, we …
Getting Started in Cyber Security Forensics with AI and ChatGPT
Cyber security forensics, or digital forensics, is a crucial field within cyber security, focusing on the identification, preservation, analysis, and …
Deepfake Audio: A Comprehensive Study in Digital Forensics Course Online (W62)
This course is aimed at presenting an elementary yet comprehensive picture of the field of digital audio forensics, with the implied hope that it will afford the participant useful theoretical and practical knowledge of the field and its various aspects.
DFIR in AWS (W63)
This course provides a crucial skill set in securing AWS environments. In today's digital landscape, understanding digital forensics, incident response, and automation in AWS is essential for safeguarding data and infrastructure. This course offers hands-on experience, making it an invaluable asset for those eager to enhance their cybersecurity expertise and stay ahead in the dynamic field of cloud security.
Micro-drone Warfare: Cybersecurity Implications and Countermeasures (W61)
"Micro-drone Warfare: Cybersecurity Implications and Countermeasures" is an advanced course designed for digital forensics professionals seeking to understand the cybersecurity challenges posed by the increasing use of micro-drones in modern warfare. The course provides an in-depth exploration of micro-drone technologies, their role in cyber threats, and the countermeasures necessary to mitigate these threats. Learners will delve into the various types and capabilities of micro-drones, their communication and networking technologies, and the associated cybersecurity vulnerabilities. The course covers risk assessment and threat modeling for micro-drone systems, analysis of real-world micro-drone warfare scenarios, and the development of defense strategies against potential cyber attacks. Additionally, the course addresses the legal and policy frameworks governing micro-drone warfare cybersecurity, including ethical considerations, privacy implications, and international regulations. The course is led by Rhonda Johnson, a seasoned educator and Ph.D. student specializing in Cybersecurity. Prior knowledge of computer networks, cybersecurity principles, operating systems, basic electronics, and wireless communication is recommended. The course employs tools such as Drone Simulators and Drone Performance Evaluation Tools for practical learning.
Data Integrity And Evidence Handling in Digital Forensics - Course Online (W60)
The course is intended for individuals from the IT industry as well as those outside of it who have some knowledge of cybersecurity. Basic concepts of cybersecurity are required. During the course, participants will acquire skills related to: Understanding digital forensics, including its scope, relevance in investigations, and legal and ethical considerations. Concepts of data integrity and its significance in digital forensics. They will learn about various threats to data integrity and techniques for ensuring its preservation throughout the forensic process. Principles of evidence handling, including chain of custody, documentation, and the importance of maintaining the integrity of evidence. Legal and ethical considerations related to digital evidence handling. This includes understanding privacy and confidentiality considerations and the role of expert witness testimony in courtroom presentations. Data acquisition techniques for different types of digital devices. They will learn about disk imaging, integrity verification, and the use of hash functions in maintaining data integrity. Techniques for analyzing and examining digital evidence, including file system analysis, data recovery, reconstruction techniques, and metadata analysis. The course also includes practical application of various tools and technologies used in digital forensics, such as Autopsy, The Sleuth Kit (TSK), Volatility, Plaso, Wireshark, Bulk Extractor, OSForensics, and Autopsy Browser. At the end of the course, a final exam is planned consisting of multiple-choice questions on the concepts and fundamentals arising from the course outcomes, along with practical tasks.