PREVIEW: Cyber Forensics Laboratory

Download
File
1619677111wpdm_PREVIEW eForensics Magazine 2021 04 Cyber Forensics Laboratory.pdf

Dear Readers,

This month we have a real treat for you. Our wonderful authors have created a special set of texts that present how to use specific investigative techniques and tools in forensic work. If you are a lover of cyber investigations, or you conduct them, in the latest magazine you will find a description of how real investigations proceed and you will be able to follow step by step what they did. You will also learn how to use specific tools for forensic work.

In the magazine you will find, among others:

  • how to carry out the procedure of obtaining evidence from memory so that it is not lost,
  • how to manually recover overwritten data using the Hexeditor tool,
  • how to use Volatility to look for malicious software activity,
  • a few tips that can act as a guide to setting up a state-of-the-art CFL that would provide essential tools and equip LEAs to carry out digital and cyber forensics,
  • a deep dive into practical mal-doc analysis.

Do not hesitate even a moment longer and immediately reach for this knowledge compendium!

Check out our Table of Contents below for more information about each article (we included short leads for you). 

We hope that you enjoy reading this issue! As always, huge thanks to all the authors, reviewers, to our amazing proofreaders, and of course you, our readers, for staying with us! :)

Regards,

Michalina Szpyrka

and the eForensics Magazine Editorial Team 


INSIDE OF THE PREVIEW: 

The Importance Of Assertive Education In Information Security by Longinus Timochenco


Buy this issue

Subscriber? Click here to download the whole issue


TABLE OF CONTENTS


Forensics Data Acquisition And Analysis Of A Ransomware 

by Claudio Joel Brito Lóssio

The procedure of acquisition and forensic analysis, carried out through a test investigation on a microcomputer that was frozen, was not possible. The live forensics procedure is what occurs when the device is still in operation, which was not the case. Thus, to perform the procedure it was necessary to perform the restart of the computer.

The PC was infected with ransomware that was in the file "Crypter.exe", but by the time the forensic team tried to handle the equipment, as mentioned in the initial presentation, it was already frozen, possibly due to malware instability.

How Do Police Recover Hidden Files From Formatted Digital Storage Media By Using Hexeditor?

by Adam Karim 

Police IT forensics work with digital crime investigations by recovering deleted and hidden files using several different forensic tools, but unfortunately, forensic tools cannot recover deleted information from formatted storage media all the time, especially when original lost data has been overwritten by new data. The police IT forensic investigator can do this job manually with the help of hexeditor tool.

Memory Forensics - Approach On Volatility

by Daniele Giomo

The term Memory Forensics refers to the study of data captured from the memory of a target system. This is a relatively new sector of Digital Forensics, the branch of forensic science that deals with the preservation, identification and investigation of information found within digital devices, in order to produce evidence concerning cybercrime.

The focus of this article will therefore be the use of Memory Forensics in the context of incident response, rather than the collection of information relating to cybercrime for use in court. The techniques used are the same, we simply won't insist so much on how to collect and preserve evidence.

Setting Up A State-Of-The-Art Cyber Forensics Laboratory

by Ashish Bhagawan Sutar

Since the year 2020, the World has been facing the COVID 19 related pandemic. Countries across the world are trying to overcome this pandemic by applying a lot of measures. One such measure is lockdown and work from home. This has also led to a lot of unemployment and unrest, thereby resulting in a rise of cybercrimes taking new forms around the countries. The nature of crimes is varying sharply with a lot of young talent involved in it.  Law Enforcement Agencies (LEAs) and Investigations officers are finding their skills inadequate to deal with this new wave. Therefore, there is a need to equip them with the latest forensic practices and technologies and, most importantly, infrastructure. 

As cyber related crimes are increasing, LEAs require a proper Cyber Forensic Laboratory (CFL) setup for the investigation. An advanced CFL is a must in carrying out the investigation process to make the task easy.  Expertise is required to set up such advanced lab facilities, procurement of hardware, installation, commissioning of state-of-the-art infrastructure and training. 

Malicious Document Analysis

by Collins Bunde

The dynamic nature of the cybersecurity landscape has increasingly culminated into sophisticated cyber attacks. Attackers are employing complex tactics in exposing organizations spanning different industries. A number of high profile cyber attacks happened in 2020 but the key highlight of the year was the SolarWinds supply chain breach, which opened a Pandora’s box of cybersecurity implications, especially because  revelations of the breach appeared to be much bigger in scope than earlier thought. 

In this article we will focus on the general approaches to document analysis, the different document types and finally, an analysis walkthrough – a deep dive into a practical mal-doc analysis.

Data Hijacking: Ransomware And Doxware Attacks

by Verónica Berenguer Garrido

In the last decade, the boom of security threats has significantly increased, especially ransomware attacks. If we mention Wannacry or Cryptolocker, sure you know them. All of them have a common objective: data hijacking to get compensation but do you really know what there is behind ransomware?

The idea of this article is to explain with a real example how to create ransomware and doxware attacks with Python and how they work in detail. For that, we will develop a ransomware and a doxware and we will show how the attacker’s server and the victim’s PC communicate to carry out the attack.

Windows ShellBags From An Offline Hive

by Stella Magana

This is a continuation of the Windows ShellBags article published in the eForensics Magazine March Issue here. Let’s do a quick recap; Microsoft Windows records the view preferences of folders and Desktop. 

Therefore, when the folder is visited again, Windows can remember the location of the folder, view and positions of items. Microsoft Windows stores the view preferences in the registry keys and values known as “ShellBags”.

The properties of a folder contained within Windows ShellBags can be significant to a computer forensic investigation. It allows for an assessment on whether the content of the folder could have been viewed simply from the user accessing it. It also allows you to determine whether the user had changed the default settings of the folder, which can be compelling in a case where the folder contains documents or unlawful images, for example.

Windows ShellBags can also provide evidence of access of external or removable devices that are no longer connected to the computer.

In this issue, we shall tackle offline registry analysis of the ShellBags. In this scenario, a digital forensics investigator only needs to confirm the connection of a removable device from a suspect machine.

Malware Attacks

by Longinus Timochenco

Dear readers, with your permission before we start reading, I’d like to reinforce some things so that we can start from the same principle and objective.

It is important to highlight that Information Security is everyone's responsibility. Security is part of our virtual education, respecting the limits and preserving the credibility, integrity and availability of information!

If we follow these basic security principles, not only for our companies but for our lives, you can be sure that we would all save a lot of money and time. It is the same thing as having freedom with security, that would be great, so reflect and reeducate their teams and their family.

Cybersecurity must exist to protect us and not limit and intimidate us, but for that we must collaborate with education, discipline and rules, to avoid losses, damages, unnecessary exposure and even our lives.

A Primer To Android Memory Forensics

by Divya Lakshmanan

Have you ever encountered a scenario where you had to acquire the memory of an Android device? It might have been to investigate the behaviour of an application, most commonly in an event involving malware. It has been widely debated if acquiring the memory from an Android device would be forensically sound. This operation is justifiable when acquisition of Android device memory is crucial to an investigation.

This article details the steps taken to dump the RAM from an Android device and analyse the memory dump using volatility. An Android Virtual Device was used for this exercise.

The Importance Of Assertive Education In Information Security

by Longinus Timochenco

Dear Readers, with your permission before we start reading, I like to reinforce some things so that we can start from the same principle and objective.

It is important to highlight that Information Security is everyone's responsibility. Security is part of our virtual education, respecting the limits and preserving the credibility, integrity and availability of information!

If we follow these basic security principles, not only for our companies but for our lives, you can be sure that we would all save a lot of money and time. It is the same thing as having freedom with security, that would be great, so reflect and reeducate their teams and their family.


Download
File
1619677111wpdm_PREVIEW eForensics Magazine 2021 04 Cyber Forensics Laboratory.pdf

May 5, 2021
Subscribe
Notify of
guest

This site uses Akismet to reduce spam. Learn how your comment data is processed.

0 Comments
Inline Feedbacks
View all comments
© HAKIN9 MEDIA SP. Z O.O. SP. K. 2013