Forensic Fun with Cryptographic DataFrames using Python

Sep 1, 2023

This is a journey into clever and interesting ways to apply cryptographic DataFrames [1] for forensic/anti-forensic purposes using Python3.

Introduction

I really enjoy the study of digital forensics and Digital Forensics and Incident Response (DFIR) overall as it isn't always so cut and dry or black and white in what must be done to "solve for x"; especially in a time crunch where every second counts. 

In a Security Operations Center (SOC), for example, the cybersecurity team needs to determine if a detected threat is targeting their specific organization, or perhaps a temporal drive-by threat that is on the network block scanning around for one reason or another, or even just a misconfigured device installed by a vendor that didn't read the manual or the organizational policies for networked devices. 

Sometimes it's just noise, sometimes it's a distraction for something else going on deep in the ether of a likely already compromised infrastructure; one which is slowly assembling its factions and communicating amongst its established and growing platform secretly and quietly. The paranoia is real.

Of course, an organization running defense in depth with layers and layers of next-generation security may catch the brunt of would-be-attackers, and even have a short lull-time detection workflow in play. A lot of this is gathered through machine modeled data patterns, sometimes commanded by some type of AI-driven system. Depending on the criticality and sensitivity of the day-to-day operations, there may be a ladder of human-based roles that are used as a second....

Subscribe
Notify of
guest

0 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023