FORENSICS ANALYSIS WITH FTK

We would like to present the latest issue of eForensics Computer.

Check what you will find in that issue!

FORENSICS ANALYSIS WITH FTK: A Case Study Scenario by Omar Al Ibrahim and Majid Malaika

 Digital forensics is the process of recovering, preserving, and examining digital evidence in a way admissible in a court of law. This process is very delicate and requires deep understanding of both legal and technical aspects which includes knowing the right procedures and tools to conduct forensics analysis. In this expository article, we walk through the steps of the forensics process using FTK. We elaborate on these steps using a case study of a hypothetical scenario.

DIGITAL FORENSICS 101: Case Study Using FTK Imager by Dauda Sule

 It is quite remarkable how digital evidence can be used to solve crimes, even if not committed directly using digital devices and platforms. This article tries to give a basic introduction to digital forensics. It focuses on how to retrieve data, covering basic steps on collection digital evidence using simple digital forensics tools.

 FORENSIC APPROACHES TO ENCRYPTED DISKS by Chris Doman

 Did you know that “on the fly encryption” products keep keys in memory? Or that RAM doesn’t clear the second that it loses power? Some novel techniques take advantage of these facts to maintain access to encrypted disks. It’s an old adage that security measures mean little if an attacker has physical access to your machine, however things like disk encryption pose significant forensic challenges. The good news for forensic examiners is that great progress has been made in accessing OTFE disks.

 HOW TO DETECT SYSTEM INTRUSIONS by Almantas Kakareka

We want to detect system intrusion once attackers passed all defensive technologies in the company, such as IDS/IPS, full packet capture devices with analysts behind them, firewalls, physical security guards, and all other preventive technologies and techniques. Many preventing technologies are using blacklisting most of the time, and thus that’s why they fail. Blacklisting is allowing everything by default, and forbidding something that is considered to be malicious. So for attacker it is a challenge to find yet another way to bypass the filter. It is so much harder to circumvent a whitelisting system.

INTERVIEW OF CYBER LAWYER Fernando M. Pinguello by Joanna Kretowicz

 Class actions are one of the hot button cyber issues of the day – or at least the one that seems to grab the headlines. For example, around the time of the Facebook IPO, a class action lawsuit involving Facebook’s improper use of users’ personal data for advertisement purposes dominated the headlines, and was a contributing factor to Facebook’s sluggish stock price.

COMPUTER FORENSIC CERTIFICATIONS EXAMINED by Terrance J. Stachowski, CISSP, L|PT

The computer forensics community, much like every other realm of information technology, places a high value on certifications as one way to validate competency and proficiency with best practices, knowledge of related tools, and computer forensics procedures. This article explores a range of popular certifications applicable to computer forensics. Examined are various types of certifications available, certification bodies, topics covered in the certification exams, requirements for continued certification, and associated costs.