Metadata Forensics

Dear Readers,

Welcome to the newest issue of eForensics Magazine! Hope you have a great time during holiday. This month our magazine is related to the topic of metadata in cyber forensics - inside you will find the article on the topic by Cybercopsam, which raises questions such as “why do we need metadata?”, “carving or metadata?” and shows examples of extracting metadata. Moreover, we have also an article for you by Hector Barquero, entitled “Data Carving Corrupt Images to Extract Metadata”. This article’ ll help you understand metadata hex-editors, how to repair a header after corrupt conversion or proprietary file-type disagreements and how to hide your metadata on your next graphic file upload. This article is available to download in the preview. You can read it for free!

But of course that’s not all! The issue opens with an article “Analysing Fileless Malware” by Andrei Modan in which the author as a proof of concept takes Win7 SP1 Virtual Machine, which is infected with Win32/Poweliks. Although there are many methods to perform forensics analysis, in this situation he uses just the memory dump of the infected machine, and investigates it using Volatility framework and some Linux commands. Further, we have a really interesting unit about data exfiltration (which is nowadays widely used to steal information from organizations) by Fabricio Salomao & Paulo Trindade.

In the second section of the issue you will have a chance to read a very captivating interview with Silvio Montanari about his tool: code-forensics. It’s a kind of preview of our next issue connected with digital forensic open-source tools (Stay tuned!).

If you want to find out what else we prepared for you, click the download button! We hope you enjoy the issue - let us know your thoughts if you have any, we’d love to receive a feedback from you!

As always, many, many thanks to our reviewers and proofreaders - you are irreplaceable. We’re extremely grateful!

Hope you’ll have a great read,

Dominika Zdrodowska

and the eForensics Mag
Editorial team

 

---

Buy this issue

 Download free magazine preview

---

TABLE OF CONTENTS

---

Analysing Fileless Malware

by Andrei M. Modan

Things change quickly in the world of cybersecurity. With new threats appearing on a daily basis and attackers continuously evolving their techniques, it can be extremely difficult to keep up. In 2016, Cybersecurity Ventures predicted that cybercrime will cost the world $6 trillion annually by 2021. This represents the greatest transfer of economic wealth in history and risks the incentives for innovation and investment. Cyber attackers are determined to bypass security defences using increasingly sophisticated techniques. Fileless malware boosts the stealth and effectiveness of an attack, as seen in the last year, two devastating ransomware outbreaks (Petya and Wannacry) used fileless techniques as part of their kill chains.

Presenting Evidence in a Digital Forensic Investigation

by Schweta A. Chawla

The digital forensics investigative process is clearly laid out. In generic terms, it starts with identification where the investigator identifies the crime scene as well as the potential sources of evidence; moves to preservation of the scene and the identified evidence sources, transportation of these sources to the forensic laboratory and their secure storage there; with the next stage being the extraction of information from the potential evidence sources; followed by the analysis of the extracted information, the weighing of this evidence and the assignment of evidentiary value to them; and concluding with the presentation of the evidence in the form of a report and if required with the exhibition of this evidence before a court of law.

Metadata in Cyber Forensics

by CYBERCOPSAM

In the computing world, the blocks of information stored in digital or binary format are called files. The location and operation of the file system represents data, which essentially is a file record or index, also known as metadata of that particular file. Every operation in a digital world leads to another operation - when we say “DATA ABOUT DATA IS NAMED METADATA”, we mean that metadata is just data about data created by the application programs. Metadata establishes the pathways to understand the structure of a particular media or file existence. File system analyzers also allow the examiner to acquire all the metadata about the files and folders, such as modified, accessed and created timestamps of deleted and damaged files.

Digital Forensics: Data Carving Corrupt Images to Extract Metadata

by Hector Barquero

The purpose of this document is to understand technical recovery details of graphic files when corrupt header hex values on file type conversions exists, and to determine how metadata is removed from Windows OS.

The use of trojan horses in italian criminal investigation

by Eleonora Colombo

The Italian Legislature has finally provided Legislative Decree 216/2017 of 29 December 2017 for limits and rules regarding the use of Trojans in criminal investigations. However, this legislation has been implemented more than ten years after the use of this instrument, often in an unknown and underhanded manner, both in criminal investigations and for espionage activities. The Trojans are, in fact, more in use as it emerged from the well-known court cases of the Court of Cassation.

Leak Data Companies - Data Exfiltration

by Fabrício Salomao and Paulo Trindade

In the cyber espionage scenario, Data Exfiltration attacks are widely used to steal information from within organizations, whether governmental or private. This practice aims to extract data from the target after the attacker has gained access to the target device, from which it is able to send asset data (files, access credentials and emails) to its machine either inside or outside the network by means of the tunneling used in protocols.

Testimony of the Digital Forensics Expert Witness

by Santosh Khadsare

“The role of a digital forensics expert is to carry out forensic analysis of digital artefacts that come to his lab for analysis and produce an authentic, reliable and legally tenable forensic report that can stand the scrutiny of law.”

Code-forensics

Interview with Silvio Montanari

Silvio Montanari is a software engineer with a lifelong passion for programming and code design. He has Master's degrees in Computer Engineering and Telecommunication Engineering, and over twenty years of software development experience across the European, North American and Australian markets.

Anti-computer forensics techniques

by Adam Karim

Computer Forensic Tools (CFTs) allow forensics investigators to collect evidence by recovering deleted files, Encryption decoding, password cracking and gaining information about a computer’s user. Anti-Forensics (AF) tools and techniques frustrate CFTs by hiding evidence from the examiners and from the forensic tools or erasing and altering information. They work in opposite direction wiping any traces of the attack and attacker.This project is going to explain various anti- forensic techniques and tools available in the market.