Dear eForensics readers,
This time we decided to prepare a kind-off “introduction” to JumpStart series. The main focus of this is “What should you know beforehand to start a computer forensics investigation”. You will learn more about forensic education and carrier, secured network, incident response team and disaster recovery plans, about non-technical obstacles, comparison of some open-source tools and software vulnerabilities.
Table of contents:
DIGITAL FORENSIC EDUCATION: WHAT TO DO IN ORDER TO GET WELL PREPARED
by Jose Ruiz
Digital forensics is a very broad line of work. It encompasses multiple areas regarding the recovery and analysis of data contained in digital devices. Many times this analysis goes hand in hand with the process of solving a computer crime. In such cases you need to prove or disprove a hypothesis either on civil, criminal or administrative forums. Also, digital forensics cover areas such as computer forensics, network forensics, mobile forensics, database forensics etc. Typically the process follow a similar structure that goes from seizing the evidence, acquire the image(s) and analyze them to finally produce a report or serve as an expert witness. You can correlate evidence to a crime or a suspect, authenticate documents, discover falsified data etc. For all of this you need a broad area of studies that not only requires forensic analysis methods. You also need to know about legal matters, response protocols, formal investigation procedures, writing quality reports and excellent verbal communication. This article will help the reader discover the various ways of gaining the right type of knowledge to succeed as a digital forensic analyst.
HOW TO PREPARE AN INCIDENT RESPONSE AND DISASTER RECOVERY PLAN FOR YOUR COMPANY
by Candice Carter
Organizations rarely consider disaster recovery and incident response as part of their daily operations. Planning for the unexpected is essential in order to keep mission critical process running during impacting events. This article will outline the basic concepts of disaster recovery and incident response planning and execution that can be applied to various types of industries.
FISHING FOR CYBER FORENSICS TALENT OR HOW TO GET YOURSELF HOOKED INTO THE JOB
by Chris Walker, Agile Precis, LLC
Cyber talent is not as easy as you think to identify and hire. Not only do you have to go through the steps of hiring, but often, it is hard to tell what your candidate really knows and what they need to improve. There are two problems to solve then: how do you know if someone has the talent in cyber security to enter Cyber Forensics; the other is how do you, the potential candidate, enter into the field?
CHERISHING THE CHAIN OF CUSTODY
by David L. Biser
In any digital investigation an often overlooked but extremely important piece of the entire process is the chain of custody. The chain of custody is often the neglected child in the digital investigation and this needs to be corrected. Ensuring that a chain of custody is in place for each piece of evidence is vital to the successful conclusion of any case, whether legal or civil.
BUILDING SECURE NETWORK: AN INTRODUCTION
by Davide Barbato
As the security paradigm shifted from “static” to “dynamic” defense, network companies need to adequate its security arsenal, not only about network security, but also end point protection, monitoring and backup policies.
THREAT INTELLIGENCE: A SYSTEM WITH FORESIGHT
by Deepayan Chanda
Threat landscape is changing, every day organizations are getting attacked, from the first ever known virus “Elk Cloner” in 1982, to the today’s most complex APT based attacks. How can we stay ahead of these advanced attacks, how can we monitor and detect these attacks well in advance? The answer to this is having a better and effective mechanism of threat information collection, analyzing related threats, identify and finally stopping them.
WHAT’S YOUR SECURITY WORTH? EXPLORING THE VULNERABILITIES MARKET
by Eric Vanderburg
Software vulnerabilities are nothing new. The cycle is rather predictable. Bug finders discover vulnerability and report it, receiving the kudos of the community and sometimes a small reward. Next, software companies fix the vulnerability through a patch or hotfix and users and companies are protected once the patch or hotfix is deployed in their environment. The situation has changed. Now companies and governments are willing to pay large sums of money for undisclosed vulnerabilities. Since these vulnerabilities are never disclosed, they are never fixed and the software is exploitable to those who purchased information on the vulnerability.
OH NO—NOW WHAT!?!? MANAGING NONTECHNICAL OBSTACLES TO THE SUCCESSFUL PERFORMANCE OF FORENSIC EXAMINATIONS IN LITIGATION
by Jeff Reed
Forensic examinations can be critical to the success or failure of a lawsuit. But there is an entire world of factors beyond a given set of technical skills that may affect the quality and outcome of an examination. Understanding, identifying and properly managing these factors is just as important as dealing appropriately with the data. Moreover, doing so will help keep the examinations moving in an orderly fashion with a minimum of disruption rather than one series of catastrophes after another.
A CAREER IN FORENSICS: FORMULATE A CAREER PROGRESSION PLAN, SELECT A SCHOOL, COMPLETE AN EDUCATION PLAN, AND FIND AN ENTRY LEVEL JOB
by John Harwell
Unemployment figures today show that finding a good job is not an easy task. The Economy is in distress, which makes it difficult to enter the job market and to find a position that will ensure that a person will be working tomorrow. The desired result of any search is to be able to a find job where there will always be work and that the position will not be eliminated. No one wants to end up being laid off. The goal people strive for is to make a life for oneself and to be able to raise a family in a comfortable lifestyle. Finding the proper results will require some thought, a few hours of research. Then some serious planning is in order to make certain the choice is correct. This effort is made to keep from ending up homeless and having to stand in long lines applying for General Relief, unemployment benefits, or welfare, just to be able to feed and clothe a family.
INVESTIGATE AND MITIGATE: UNAUTHORIZED SOFTWARE, HARDWARE AND CLOUD ACTIVITY. EFFECTIVELY HELP YOUR BUSINESS FACE THE CHALLENGES OF UNAUTHORIZED RISK IN YOUR ENVIRONMENT
by Lori Denzer, CISSP
With aggressive and more active efforts being launched by big software to crack down on copyright infringement and unauthorized use of software, businesses are taking notice. Businesses ranging from small to large are increasingly under fire for use of unauthorized software and it does not appear to be lessening anytime soon. Big software easily has the dollars to put behind a very methodical approach to stopping software from being used without appropriate licensing. Organizational approaches to deterring this behavior vary but below are some appropriate measures to deter this from occurring in your environment.
HOW TO FORM A PROFESSIONAL AND SUCCESSFUL INCIDENT RESPONSE TEAM? IN A WORLD OF HEROS AND VILLANS, THE WELL-EQUIPPED INCIDENT RESPONSE TEAM PREVAILS
by Michiel M. Crombeen
Incident response team members are like super heroes working on the front lines of legal technology. Equipped with hard-to-find skills, knowledge and technology, operating under harsh and difficult conditions completing often-impossible tasks, under extremely tight deadlines. How do these teams manage to cope with these challenges? What does it take to form a team of forensic super heroes? This article gives you a quick-peek into the skills that a professional incident response team needs.
COMPARISON OF SOME PUBLIC DOMAIN COMPUTER FORENSIC TOOLS AND HOW TO USE THEM
by Dr. Mukesh Sharma and Dr. Shailendra Jha
This article will survey and demonstrate some key computer forensics procedures, tools and techniques. Tools include data backing, authentication, decryption, file auditing, IP tracking, data recovery and system examination.
USING PEACH TO DISCOVER VULNERABILITIES: FROM FUZZING TO EXPLOIT IN 5 STEPS
by Pedro Guillén Núñez, Josep Pi Rodríguez and Miguel Ángel de Castro
Nowadays, software vulnerabilities are an important risk for the companies. Reverse Engineering is a useful technique but it consumes much time and effort. However, Fuzzing gives good results and can be less expensive in terms of effort. Nowadays, the best approach is using both techniques. It is known that software companies include in their development cycle Fuzzingas the main technique in order to detect bugs.
BEST METHODS AND TOOLS TO CREATE DIGITAL EVIDENCE: PROVEN METHODS AND TOOLS FOR TODAY’S FORENSICATOR
by Quinn North
Digital forensics is as much Science as it is art. A good artist always has a canvas and a vision before they start a project and so should you! With a sound forensic methodology at hand, you can have a repeatable, reliable and defensible process to govern your digital evidence collection thus adding to your status as a subject matter expert.
WHY METADATA IS YOUR MOST CRITICAL ASSET AND HOW TO USE IT TO SOLVE YOUR INVESTIGATION
by Timothy Keeler
Since the revelation of the NSA Prism program, the term ‘metadata’ has exploded in the media. Security & forensics professionals are plagued understanding what metadata exactly is and how to mine the plethora of information at their disposal. Understanding the types of metadata, the tools available, and how to use it properly are essential to solving your problem – whether it’s an investigation, hacking incident, or securing your infrastructure.