|eForensics Magazine 2017 03 Archaeology of Live Response PREVIEW.pdf|
Spring is finally here, and we’re ready with the new issue. In this one we’ll spend some time in the live analysis realm, and we think you’ll enjoy taking the journey with us.
The issue starts off with Tom Sela from illusive networks talking about live response. The whole article is available in the preview as well, so don’t miss out! Then we’ll take a little look at how transfer backdoor payloads with Damon Mohammadbagher, and consider malware naming schemes with Fernando Mejia.
After that we’re diving deep into forensic investigations: first, we’ll learn everything there is to know about examining Edge’s InPrivate mode, and Eliézer Pereira will show us how to perform RAM live analysis from start to finish, and finishing off the first half of the issue you’ll be able to enjoy a piece on how Dempster-Shafer’s Theory of Evidence can be applies to video forensics - a must read!
Rob Sommerville makes a guest appearance with his column in the issue as, before the second half of the magazine where you’ll be able to read about forensic case management, tools, techniques, and tricks, as well as analyze a sample malware attack with a social engineering twist, and ponder on passwords and what’s wrong with them.
We appreciate your feedback at all times, so if you have any comments or suggestions, do let us know! You can find us on social media, or write us an email - everyone’s welcome!
Enjoy your reading!
and the eForensics Editorial Team
TABLE OF CONTENTS
The Archaeology of Live Response: Examining the artifacts
by Tom Sela, Head of Security Research, illusive networks
Aa security researcher and a part time Incident Response (IR) analyst, appreciating the finer details becomes paramount. The role requires an understanding of an attacke’s actions on compromised machines via ongoing research. A typical research process requires examining hundreds or even thousands of artifacts to find the needle in the haystack.
Transferring Backdoor Payloads By ICMPv4 Traffic
by Damon Mohammadbagher
This article covers ICMP traffic and a simple technique for transferring Payloads by Ping Traffic (ICMP). I wrote articles about transferring Payloads by DNS (PTR & AAAA records) and ARP traffic but this technique by ICMP is simpler than DNS and ARP techniques.
Malware Classification: a Taxonomic Approach
by Fernando Mejia
Nowadays, there are bunches of varieties and types of tagged malware around formal and informal literature, where most of the malware are interconnected, not only for their behavior but also for their purpose. This is why the traditional and the most usual terms are still linked in general contexts. When the malware terms are analyzed, a controversy might emerge because there is no established consensus about malware nomenclature.
Forensic Analysis of Edge Browser InPrivate Mode
by Shumaila Alam, M.Ammar Aziz, Waseem Iqbal
Web browsers are widely used applications by computer users to perform a variety of activities, such as downloading files, surfing on the internet, using different social media applications, exchanging e-mails and many more. Different cyber crimes are increasing day by day and users who do such malicious activities try not to leave forensic artifacts. Web browser crime scene investigation is an imperative field in digital forensics and it caters to all types of malicious user web activities.
RAM Memory Forensic Analysis
by Eliézer Pereira
The purpose of this article is show how to perform a RAM forensic analysis, presenting some examples of information that can be retrieved and analyzed to help identify indications of security incidents as well as fraud and other illegal practices through an information system.
On the Role of Dempster-Shafer Theory of Evidence in Digital Visual Media Forensics
by Raahat Devender Singh and Naveen Aggarwal
Ever since the invention of photography, digital visual media has continued to play a pivotal role in shaping our community's belief system by continually affecting our perception of reality. Aside from satisfying their usual recreational purposes, digital images and videos have been providing investigative benefits by serving as an evidence repository that can be used for post-incident analysis for quite some time now.
by Rob Sommerville
Deep Dive into digital forensic case management
by Washington Almeida
The choice of appropriate methods and procedures for digital forensic case management takes into consideration several aspects. In the Brazilian digital forensic scenario, it is common for the forensic approach to be based on the knowledge of the forensic professional working in a digital forensic process. But does this approach provide robust support in a forensic work process?
Deep Dive into Digital Forensics Case Management Tools, Techniques, Tricks, and Procedures
by David Capote
Below I will walk you through the basics of a computer forensics investigation and include some of the tools and techniques you’ll need to get started. Cyber Security Forensics is an exciting field and there’s a lot going on so you constantly have to adapt and learn new tools and techniques and it takes years of training to become an expert. Hopefully, this article will give you some of the basics to help you get started on your journey to learning more about cyber forensics.
Social engineering and malware: basic attack scenario and analysis
by Paulo Henrique Pereira, Renato Basante Borbolla, Thiago Geronimo Ferreira, Rubens Louro Vieira
Technically, “social engineering” (SE) is not a direct attack on a computer system, the same way malware is. SE can be, however, used to support several kinds of direct attacks which use diverse techniques, like malicious browser artifacts, malicious attached files, manipulating social media to retrieve information about a person or an enterprise, and so on. It is well known that SE exploits curiosity, ambition, fear and other human psychological sentiments. Because of this, SE is the main gateway to many different attacks.
Fallacy of Passwords and Password Alternatives
by Dhiresh Salian
Here we are in 2017 and passwords have not just survived but they are thriving. Passwords are still the primary form of authentication and in most cases the only form of authentication, even for some online banking applications. As passwords have stayed on for this long, one might argue that they have bucked the trend of technological advances and probably meet the security requirements. Not really; passwords have survived because there hasn’t been any alternative that provides stronger authentication without impacting the user experience.