PREVIEW: OSINT in Forensics

Dear Readers,

We’re happy to share with you the newest issue of eForensics Magazine - OSINT in Forensics.

Open source intelligence has a lot to do with digital forensics, and we’re going to show you how true that is in this edition. Inside you can find articles on How to find missing persons using OSINT, Leveraging Open Source Intelligence for Digital Forensics and Incident Response, and Adopting a Hacker Mindset and Enhancing a Penetration Test through OSINT.

Also, you’ll read about Honeypotting Threats for Security Research and Defense Improvement, learn something about Geolocation Forensics, and come into possession of Autopsy 4.x guide.

That’s not everything, of course, but you should see for yourselves!

As always - we want to thank all authors, reviewers, and proofreaders for participating in this project.

Have a nice read!

Regards,

Dominika Zdrodowska

and the eForensics Magazine Editorial Team

---

INSIDE OF THE PREVIEW: Full article by Brett Shavers "Geolocation Forensics”

---

Subscriber? Click here to download the whole issue

Buy this issue 

---

TABLE OF CONTENTS

---

Using OSINT to locate missing persons

by Joshua Richards

This report will discuss a variety of different OSINT techniques you can use to find information about people online. One example is when a missing person was being investigated. No one could find her, but what could be found was her online identity. An account was found where she had posted just the day before she went missing, stating that she had witnessed something horrible and that she felt her city wasn’t safe anymore. This was a good indicator that she had run away rather than being the victim of a crime.

Honeypotting Threats for Security Research and Defense Improvement - An introduction on how to deploy honeypot instances and benefit from the acquired malicious activity

by Jefferson Souza Macedo

Do you know what a honeypot is, or a honeytoken and their benefits for security industry and business research purposes or even to protect your network against some known and other unknown threats and attackers? This article presents concepts, questions and answers, as well as practical exercises on how to correctly deploy and get benefits while using honeypot resources.

Autopsy 4.x, the GUI forensic analysis suite  

by Marco Alamanni

In this article, we will see an open-source, free and multi-platform program to analyze forensic images, that is Autopsy.

Geolocation Forensics

by Brett Shavers

Everything in this article addresses methods and techniques to place a person (or a device) at an exact physical location, anywhere on the planet. Varying methods have varying degrees of accuracy and varying degrees of reliability. When there is only one source of geolocation data, the reliability may not be as accurate or reliable when there are several sources of corroborating data sources. With that, how close can we get in narrowing down a person or device to a specific physical location?

The issues and difficulties in locating a Cyber criminal

by Jose Alfredo Llerena

Nowadays, with highly advanced technologies and the correct tools, many Cyber crimes can be resolved, those approaches on the other hand are totally opposite. In this article, I will expose the difficulties an independent or freelance digital forensic investigator from a developing country faces during a cyber crime investigation.

Leveraging Open Source Intelligence (OSINT) for Digital Forensics and Incident Response (DFIR)

by Collins Bunde

Malware analysis requires intelligence. Security companies, like Payload Security, provide open source intelligence of malware signatures and patterns through their hybrid malware analysis platform. The ability to gather intelligence from publicly shared information is how digital forensics and incident response leverages on open source intelligence when investigating crime. In this case, DFIR teams use signatures, blacklists, and activity patterns to proactively investigate forensic cases. The approach can either be target centric or actor centric focusing on attacker (TTPs). These results in what incident responders and security analysts would term as proactive DFIR, or intelligence driven Incident response.

Digital Traces of Employee Intellectual Property Theft Through the Cloud

by Tyler Hatch

In reality, the most common threat to many businesses comes from within. Their most trusted resource - its employees. Figures suggest that a surprisingly high number of employees have stolen data, intellectual property and confidential information from their employer. For example, one source states that 56% of employees steal information, data or intellectual property from their employer when departing the organization. While the motivation for the theft ranges from retribution to a desire to compete with their former employer - and everything in between - the sheer volume of workplace theft cannot be denied.

Potential Cyber Forensics Specialties 2025

by Kevin Coleman

We are rapidly moving to a highly connected world. Singularity Hub reported that by 2025 there will likely be 100 billion connected devices. Some even call it the "trillion-sensor economy." Multiple sources have estimated all those connected devices will cause data to explode to between 160 and 170 zettabytes by 2025 - that has so many 0s (zeros). That is about a 10X increase from today. Some believe that over one-quarter will need real-time processing and analytics. This is causing the value of data to increase along with the volumes that need to be protected, as well as the software and systems that produce and analyze all that data. All of these devices and this data will result in forensics becoming far more challenging with an increased emphasis on the damages due to data theft and manipulation. Most of all, the likelihood of hacking and data manipulation that results in the loss of life is a real concern.

Adopting A Hacker Mindset and Enhancing a Penetration Test Through OSINT

by Matthew Kafami

This article will provide a brief overview of how to use open source intelligence (OSINT) to further supplement the process of penetration testing. While standard procedures and tools used in penetration tests work just fine, using data gathered through OSINT collection can assist the process by allowing a penetration tester to tailor messages and payloads for use in phishing attacks as well as creating more customized rainbow tables for password cracking.

Is AI a cybersecurity panacea? Advantages and limitations of AI-driven cyber hygiene

from TechWarn

Artificial intelligence, or AI, is without a doubt the world’s most controversial technology. And with so many wild claims circulating about the power of AI, its potential in the field of cybersecurity is easy to overstate. A report released earlier this year by KPMG Singapore found that 86% of CEOs they surveyed believed that AI will become the silver bullet for cybersecurity.