|eForensics Magazine 2021 06 Intermediate Forensics Tutorials preview.pdf|
You are familiar with the digital forensics industry and working hard to uncover crimes, but need tool support, like Sherlock needed Watson? eForensics Magazine wants to meet your expectations and needs! With our new issue, we provide you with a set of ten practical tutorials for intermediate forensics researchers, that will help you expand your tool base and suggest how to get more use out of the programs you already know for digital forensics.
In the latest issue you will find, among others:
- an analysis of how user privacy can be protected against mass data collection, carried out on the example of network artifacts collected by Chrome;
- how to use the Microsoft Compliance Center to identify a potential internal threat in the corporation and build appropriate evidence for a strong case against a malicious insider,
- techniques for selecting and configuring various open-source capture tools such as Wireshark, Network Miner, MS Windows Netsh, and MS Windows Pktmon, which can be used in network analysis to capture traffic data related to suspicious network behavior;
- techniques, tools and step-by-step global forensic analysis;
- an overview of how to set up your own Paladin USB stick and conduct a live forensic acquisition.
Do not hesitate and reach for this treasure trove of knowledge now!
Check out our Table of Contents below for more information about each article (we included short leads for you).
We hope that you enjoy reading this issue! As always, huge thanks to all the authors, reviewers, to our amazing proofreaders, and of course you, our readers, for staying with us! :)
and the eForensics Magazine Editorial Team
TABLE OF CONTENTS
A Forensic Overview About Data Networking
by Paulo Pereira, PhD
This article continues a forensic investigation about data connection. Now, we are interested in the network artifacts that Chrome creates when the user is internet shopping, seeing any site or just using a day-by-day browser to do a simple download. We create a Windows 10 (x64) virtual machine to run in VMware Workstation 16. This virtual machine can access the internet through NAT interface. The CSI Linux and REMnux are used as a forensic platforms in this investigation of the Raccoon Stealer files. In the main course of our investigation, we are doing static analysis to discover file structures. The Windows virtual machine received these files to live analysis (not completely shown in this article). This article deals with exactly this subject: the realm of Internet of Threats (IoTh) and not Internet of Things (IoT). The concept Internet of Threats is about the background of data security. In other words, IoTh is a field of research that treats the surveillance of data, tracking, counts, traffic of data and data leak. In this area, the most important question is how user privacy can be protected against the massive data collection event, for example, in every single internet session that this user will create when opening their browser and surfing by clicking actions.
Microsoft Compliance Center – Tracing Insider Threats
by Michal Zdunowski
In 1887, Arthur Conan Doyle published his first novel “A Study in Scarlet” introducing the famous Sherlock Holmes, master of deduction. Since then, the ingenious Sherlock Holmes and his magnificent partner Dr. Watson have evolved in many forms, some of which presented them as a modern day consulting detectives. As we know, Holmes was an expert in finding evidence in a very extraordinary way. When solving cybercrime, we can now use multiple solutions that take advantage of machine learning and AI to help us trace the evidence of malicious activities in our organization. Whether it is an attack originated by a scam email or simply an exploit of an unpatched server, these tools provide intelligent maps and build an evidence chain to help contain and break an attack. Technical attacks usually have two results – service disruption or leakage of data. We can deduce that hackers attack to cause harm to an organization or for material benefit of selling stolen data. All of that is very nice until you face another threat that is not exactly coming from outside but from inside. Don’t get me wrong, it doesn’t require AI to solve a puzzle of an angry admin shutting down a system. All of that information can be found in our system logs. But what happens if one of your employees starts selling company data? Of course we trust our users and of course we have built all the fancy need to know access policies to prevent our users of gaining too much information. Corporate espionage is a very sensitive matter to any information security officer and building a strong and solid foundation to prove someone’s guilt is a lengthy and a difficult task. That’s when our internal Sherlock Holmes comes in handy. Knowing where to look for evidence of a crime is one thing but let’s not forget about Watson. In our case, Microsoft Compliance Center (MCC) can be a great sidekick when identifying a potential internal threat and building proper evidence for a strong case against a malicious insider.
Examining Emerging Drone-Based Delivery Services and Forensic Challenges
by Rhonda Johnson
The growing use of drones in society for commercial, civil, educational, law enforcement and national security requires a discussion of threats and attacks on Drones and the challenge of extracting forensic evidence. In 2021, drone-based delivery services are worth more than $16 billion (Kulp and Mei, 2020). Drone attacks are attacks that target unmanned aerial vehicles (also known as drones). Drone technology in its current form is used to capture live videos and images using a handheld device and these artifacts are then transferred to a server often in the cloud or another remote location.
Digital Forensics Information Gathering Techniques – Collecting Packet-Based Information
by Phill "Sherlock" Shade
This article introduces the techniques of selecting and configuring various open-source capture tools, such as Wireshark, Network Miner, MS Windows Netsh, and MS Windows Pktmon to use in network forensics analysis for capturing traffic data associated with suspicious network behavior.
The Systemic Manipulation Of Video Evidence By Oklahoma Law Enforcement To Alter Viewer Perception During Alcohol And Drug Related Criminal Prosecutions
by Paul Gordon
In recent years there has been public pressure on law enforcement to have more accountability and more transparency in contacts with the public and arrests. One of the ways law enforcement does this is by using video equipment to record arrests. The evidence from a dash mounted camera or body worn camera can help defense attorneys manage a DUI or drug interdiction case. Many times, in alcohol and drug related cases, law enforcement does not provide the video proof that officers describe in their reports. Additionally, the prosecutor’s staff and the assigned district attorneys do not review the video evidence that has been submitted along with filed charges to verify the elements of the alleged crimes are present for prosecution, yet the prosecution will continue to move forward with highly suspect video proof unless the defense attorney requests an analysis from a person who is trained to review the video and follows an established analysis system to determine the validity of the submitted evidence.
How To Run Digital Forensics Cases?
by Daniele Giomo
The main goal of digital forensics is to extract data from the electronic evidence, process the data into useful information and present the findings for prosecution. All processes involved, therefore, should utilize sound forensic techniques to ensure that the findings are admissible. The nature of the cases in which digital evidence is involved is generally borderless and the offence happens in a split second; the findings derived from electronic evidence must therefore follow a standard set of guidelines to ensure that it is admissible in international Cyber Security Teams.
Playing To Be Forensic
by Verónica Berenguer Garrido
The objective of this article is to teach beginners some basic techniques, tools and steps to show a global vision of a forensic analysis. To do this, imagine you have to investigate a possible fraud in an organization. We are going to perform a demo to show how we can preserve, gather and analyze volatile and non-volatile evidence to carry out the forensic investigation step by step.
Digital Forensics Tools
by Kharim H. Mchatta
Digital Forensics is the process of collecting, processing, and analyzing digital evidence and presenting it in a court of law. In this article, we will be discussing the forensics tool being used during a forensics investigation process before the evidence is presented in a court of law.
Forensic Lab On Wheels: A Sample Investigation Using PALADIN
by Arushi Doshi
Most digital forensic examiners may have faced this dilemma at some point – which is the best tool to use in an emergency when you don’t have the cavalry. Alternatively, if you have hundreds of systems and not enough time to connect each one to a write blocker and review using a forensic tool, this is the perfect solution. PALADIN is a modified “live” Linux distribution based on Ubuntu that can perform various tasks in a forensically sound manner via the PALADIN Toolbox. PALADIN has been created by SUMURI, a leading provider of software, hardware, training and services relating to computer forensics and eDiscovery. In this article, an overview of how to setup your own Paladin USB stick and perform a live forensic acquisition has been presented.
by Longinus Timochenco
In short, I come here to share a brief study considering the relevance of digital expertise in connected and running computers, known as live forensics, especially covering the expertise in volatile memory. Provides an overview of the information stored in this type of memory and some specific tools for extracting and analyzing data from memory dumps; highlights important expert procedures for a correct data analysis of these memories.