All-in-One: Digital Forensics Tutorial Compilation

Dear Readers,

Each month we put a lot of effort into making sure you get the best issue possible, and out of each we choose one article to release for free to everyone. Those pieces are available in issue previews every month, as we hope to keep the magazine useful for all of you, whether you’re subscribed to a premium plan or not. 

This year has been a challenge for everyone, the current situation touching all aspects of our lives, work included. We are extremely grateful you still find time to take a look at what we do - but we also understand you might not have the time or energy to keep up with EVERYTHING. Keeping that in mind, this month we have chosen the best articles from magazine previews in the last couple of years and gathered them in one pdf for your convenience. Inside you’ll find a broad selection of topics from all corners of digital forensics - and, as our previews, it’s all free for download. We hope you like it! If any article catches your eye, please let us know in the comments and on social media - this would be a special gift to all the wonderful authors who make this publication what it is. 

We have some great content planned for you for the rest of the year, and we’re hard at work, gearing up for 2021. How crazy does that number seem? If you have any wishes for topics we should cover in the future, get in touch - we want to hear from you! 

Enjoy the issue, 

Marta Strzelec 

and the eForensics Mag Team

---

This magazine is free to download, just register as a free user and enjoy your reading! 

---

TABLE OF CONTENTS

---

Determining Location Through Reverse Image Searches

by Matthew Kafami

Whether for an official purpose such as an investigation or just out of curiosity, there may come a time where you need to determine the location where filming has taken place. Usually the title and comments section of a video will provide that information. It could also be in the metadata for the video, which is used to help promote the video, making it easier to find. However, there may be times where the video is posted without making this information available, or the way in which the video was posted may not provide enough information to easily determine a location just from the footage. This is where reverse image tools become useful. 

How to conduct an OSINT Company Risk Assessment 

by Adrian Podgorski

The purpose of this article is to explain the processes, methods and techniques used to passively capture information on a company or organization. Attention must be brought to the passive nature of this article; OSINT is not an active activity and as such no active exploitation techniques will be discussed within. Some techniques mentioned in this article may be translated into other types of investigations, such as person-based digital footprint assessments, however, these will be only lightly touched on. Techniques you can expect to see below include; subdomain enumeration, Google dorking, credential harvesting and social media intelligence (SOCMINT).

Are you ready to hand your mobile in for questioning?

by Tokyo_v2

Without the need to touch any social media accounts on a phone, an investigator can gather a lot of crucial information on a case. The phone holds sensitive data everyone needs to be reminded of, and can be aware of, in case of mobile theft. The list of information that can be grabbed off a mobile phone is large but I will be focusing on one of the first places someone will look once they have your phone. 

One of the Many Approaches to Memory Forensics on Windows

by Divya Lakshmanan

This article will discuss how memory can be captured from a Windows 10 system using Dumpit.exe and how the acquired memory image can be analysed using Volatility.

A Practical Guide to Detecting Hidden Cameras

by Maciej Makowski

This article contains some practical techniques of detecting the hidden cameras I covered in my initial posting.

Techniques and tools for email forensics

by Florence Love Nkosi

Emails have also become an important source of evidence, allowing investigators to use email evidence to corroborate other pieces of evidence in an investigation. Thus, e-mail forensic analysis is used to study the source and content of e-mail messages as evidence, identifying the actual sender, recipient and date and time it was sent in order to collect credible  evidence to bring criminals to justice (Lazic, 2018), allowing investigators to analyse the source and content of emails for evidence that can be presented in a court of law. Without doubt, email forensics has become an essential element in digital investigations, requiring digital investigators to stay abreast of how to investigate and analyse email evidence. This article looks into email forensic investigation techniques and then various software tools for forensic email analysis.

When Theory Meets Reality - A UAV Forensic Case Study

by Alan Roder

When I was approached to write this article, I considered the formal approach. Possibly the examination of some of the less publicised UAVs we have had in our possession, or potentially re-visiting the UAV forensic guidelines I co-authored in 2018 to determine if they had maintained their robustness with the advance in technology. In the dynamic field we work in it is important that we provide to our peers a realistic and honest insight into the successes, challenges and obstacles we face in the field of Digital Forensics. As a result of this, the following article is a first-hand approach to what Digital Forensics means to me, which is the search for new challenges and the belief that any examiner has the capability to overcome any obstacle if given the opportunity.

Geolocation Forensics

by Brett Shavers

Everything in this article addresses methods and techniques to place a person (or a device) at an exact physical location, anywhere on the planet. Varying methods have varying degrees of accuracy and varying degrees of reliability. When there is only one source of geolocation data, the reliability may not be as accurate or reliable when there are several sources of corroborating data sources. With that, how close can we get in narrowing down a person or device to a specific physical location?

Digital Forensics: Data Carving Corrupt Images to Extract Metadata

by Hector Barquero

The purpose of this document is to understand technical recovery details of graphic files when corrupt header hex values on file type conversions exist, and to determine how metadata is removed from Windows OS.

Point-of-Sale Malware: A Case Study

by Siddharth Sharma

In the article we will be looking into dynamic analysis of POS samples, static analysis of POS samples, Luhn’s algorithm, previous POS malware panels, and countermeasures.