|eForensics Magazine 04 2016 - Antiforensic Techniques Preview.pdf
Welcome to April’s issue! We’re very happy we can share with you this publication and we hope you enjoy reading it as well. As always, a great big “THANK YOU!” goes to our reviewers and proofreaders. We wouldn’t be able to do this without you!
Remember, if you would like to join that awesome, awesome crowd, just drop us a line, you know where to find us.
We open the issue with a tutorial on how to perform logical and physical analysis with Magnet Acquire, and it’s something every forensic specialist should know, so take a look. After that, one of you favorite authors, Dennis Chow, will show you how to use Splunk for threat intelligence, and he will use geopolitics as an example. To cap of the first part of the issue we’ll take a look at research coming straight from Brazil, and see a simulation of fileless malware. There are code samples and lab reports, make sure you check it out.
After all that technical articles there’s a little breather waiting for you next: we interviewed Jason Green from Hexigent Consulting. We talked about what needs demystifying in digital forensics, differences between professionals coming from the private sector and law enforcement, and more.
Next we move to the theme of this issue: anti-forensic techniques. First, Deivison Franco, Diego Fuschini, and Tony Rodrigues will introduce the topic, show you plenty of examples, both using those techniques and detecting them. Second, Javier Garcia will present a case study, based off of a real-world case, showing you how anti-forensic techniques are used in practice and how investigators detect them.
In the rest of the issue you’ll be able to learn about trends in recruitment, digital forensics in social media, building a secure web application and using ELK stack as a SIEM - all great stuff!
When you’re finished with your reading don’t forget to let us know how you liked it. Your feedback is very important to us, we really do publish this magazine for you. Let us know if there is something you would like to see more (or less), or if we should change something.
Thank you for reading, we’ll see you around!
eForensics Magazine Team
Download free magazine preview
Table Of Contents
Performing Logical And Physical Extraction From Android Devices With Magnet Acquire
For quite a long time, there have not been any free tools for imaging smartphones and tablets. Thanks to Magnet Forensics, now any digital forensic examiner or analyst is able to extract data from Android and iOS devices quickly and easily with their new acquisition tool – Magnet ACQUIRE, that is available at no cost.
Applying Geopolitical Events to Threat Intelligence with Splunk
Our goal in this article is to leave you with a basic model, method, and a brief tutorial in acquiring and monitoring key indicators, data sets, and analytic considerations for practicing geopolitical cyber threat intelligence using the Splunk Enterprise tool.
Using n1n3 to simulate an evasive “fileless” malware
Paulo Henrique Pereira, Thiago Geronimo Ferreira, Rubens Louro Vieira, Renato Basante Borbolla
This article is part of research called Forensics Malware with the use of reverse engineering and is still in progress at the University Nove de Julho (Uninove, Brazil), under the coordination of Dr. Paul H. Pereira. Initially, the project structure comprised only of penetration testing. However, the project was expanded to forensic analysis of malware with the development of n1n3 to fill a gap: the research needed to move forward in terms of creating a dynamic analysis environment of self-destructive malware in a simulated and controlled environment of the virtual laboratory. With the proposed theme by eForensics, we decided to share some of the preliminary results and evaluate what can be improved in the next steps of our malware research.
Don’t Hide Behind The Mystery
Marta Strzelec, Marta Sienicka, Marta Ziemianowicz
Interview with Jason Green from Hexigent Consulting.
How To Detect Anti-Forensic Techniques
Deivison Franco, Diego Fuschini and Tony Rodrigues
Forensic computing faces a number of challenges during the analysis of materials, such as increasing capacity of storage devices. However, this is not the biggest, nor by far the most complex of challenges. Data analysis and technical tools developed new approaches to knowledge dissemination from which Anti-forensic Techniques evolved. These techniques aim to derail, evade or make it difficult for the investigative process to produce confirmed results.
Anti-forensic Techniques Case Study
Case History: Towards the end of 2014, a bank requested a data collection investigation from mobile communication devices; three computers were investigated in this digital forensics analysis. During this process, identification and collection of digital data were obtained, which allegedly contain incriminating digital information. The bank reported that two irregular transactions were made through electronic banking. Operations were generated within the bank, using its internal infrastructure through a Web Services application.
U.S. Business Recruits Government Experts To FIll Cyber Talent Void
The year 2014 saw the term “data breach” become part of the broader public vernacular and quickly move from the social to corporate consciousness. Boards of directors, facing significant liability, business interruption or loss, have been heard to cry “Defend Our Shores.”
Digital Forensic Investigations On Social Networks
Deivison Franco and Nágila Cardoso
Social networks have become almost indispensable in almost everyone’s life - and often many of them are accessed at once. Whether by mobile devices, such as smartphones or tablets, or by computers, all kinds of information can be shared through social networks. That has become a useful tool for criminals, such as drug dealers, pedophiles, fraudsters, kidnappers, murderers, thieves, and other criminals.
How To Build A Secure Web Application
There is a rising need for business to transit from desktop application to web application because of the emergence of technologies. It is unfortunate that most of these applications today are vulnerable to different kinds of attacks, such as Code Injection, XSS Attacks, and so on, as a result of bad security practices. Developers and Architects do not consider security at the very early stage of the Software Development Life Cycle (SDLC) as security flaws can be introduced at any stage of the SDLC.
ELK stack as a SIEM
“Security information and event management (SIEM) software products and services combine security information management (SIM) and security event management (SIEM), and provide real-time analysis of security alerts generated by network hardware and applications.” (cit. Wikipedia). The term Security Information Event Management was coined by Mark Nicolett and Amrit Williams of Gartner in 2005 and it’s now used to describe the range of products with capabilities that consists of: Data Aggregation from many different sources like networks, servers, databases, applications; Data Correlation that enables to link different events into a meaningful bundles; Alerting and notifying recipients of an immediate issue; Data Compliance to security, governance and auditing processes; Data Retention in order to store data for compliance requirements and to facilitate correlation of data over time; Dashboards to visualize data with; Forensic Analysis capabilities like the ability to search across logs on different nodes and time periods based on specific criteria.
Download free magazine preview