The October issue is here! As always, we would like to thank you all for your continuous support, without you, the reader, we would have no place here. A great big ‘Thank You!’ goes also to our betatesters and reviewers, who keep us on our toes and help us make the publication better for you, and to the authors, who kindly shared their knowledge in this issue.
This month, in addition to our usual portion of digital forensics, we take a peek outside and see what others are doing. If you haven’t had a chance to go into reverse engineering or malware analysis, haven’t updated your knowledge on cryptography or cryptocurrencies in a while - this issue is for you! You can read up on tools packet capture and analysis of Windows executable files as well, one of the articles will even show you how you can use digital image processing and artificial neural networks to verify handwritten signatures.
We have not forgotten to add some purely forensic content however. Starting with Ryan Duquette and his discussion of use of automation in forensics, through interviews and opinion columns, to, surprisingly, our cover topic of taking GRR beyond forensics with Veronica Berenguer - you’ll have your healthy dose of forensics to take in.
This last month has passed under the sign of IoT-powered DDoS attacks. The October’s almost over, as is 2016, and with the summaries and predictions of the future coming inevitably to our news streams very soon if not already, it seems they’re here to stay. I hope eForensics can be a forum for the discussion on how to deal with it, and we’re counting on you all to take part in it. For now, whether it’s spring or autumn for you right now, stay warm and healthy - see you in November!
Enjoy your reading, Marta Strzelec, your friendly magazine editor, and the whole eForensics team
Table of contents
Unearthing the web. The good, the bad, and the ugly
Christian Berg, Netclean
Technical advances have unreservedly transformed our lives. Technology has changed the way we communicate, travel, learn and even find love. The internet alone has given rise to a worldwide community and a forum for the mass exchange of information. It’s a place people can turn to for inspiration, idea sharing and keeping in contact with friends, regardless of their location. In turn, we perceive it as a force for good, offering overwhelming opportunity for collaboration and education.
Digital Forensic Backlogs and the use of Automation in Digital Investigations
Ryan Duquette, Hexigent Forensics
Leaps in technology over the last 20 years have created some true benefits to society; real-time collaboration, cheap and reliable digital storage, the ability to perform complex processing in a matter of seconds – all things designed to simplify and speed up our lives. Generally speaking, as technology has evolved, it’s allowed us to complete tasks more efficiently, and more cost effectively. While this benefits most individuals and businesses, one area where this evolution is having an adverse effect is in the digital forensic space, especially within the realm of law enforcement.
GRR: Beyond Forensics
Verónica Berenguer, Redborder
Cybercrime has become the order of the day. In this article, we will talk about the role that forensic analysis has in combatting it. Plus, a new tool is introduced that is very useful in detecting malicious behavior and preventing attacks: GRR Rapid Response. After reviewing these initial concepts, a new tool developed by redborder: StateChanges, will also be introduced, which uses the state changes of an end device to detect suspicious activity and create a notification, offering additional protection against connections with the outside.
Deivison Pinheiro Franco and Felipe Dantas Barboza
This article aims to propose the Graphorensics Tool - an automated computational tool for forensic analysis of handwritten signature authenticity verification with optimized verification processes as decision support.
This proposal uses digital image processing and artificial neural networks techniques through the backpropagation learning algorithm with 500 and 901 approaches. Respective results showed an average percentage error of 20% in the first and of 5.83% in the second, while the performance of a trained professional has an average error of 6.67%. As a result, the efficiency of the proposed tool has promising results distinguishing and identifying differences and evolution of approaches.
Cybersecurity: The First Step Is to Know Where You Stand
Interview with Doug Clare, VP for cyber security solutions at FICO
Bitcoin: The Distributed Digital Currency, Malware, And Botnet Threats
Bitcoin is the "first decentralized digital currency" in the world. The peer-to-peer currency is used for instant electronic payment. It is ideal for conducting international transactions, as it can be bought and sold on an exchange in return for the local currency. While it has become easier to buy and sell bitcoins with the influx of bitcoin exchanges across the world over the past couple of years, the availability of access to the currency has been one of the greatest sources of variability in its exchange rate.
An Introdution to Elliptic Curve Cryptography
From a cryptographic standpoint, elliptic curves are the latest big thing. Let us delve a bit into those mathematical objects that are more and more used.
Despite needing smaller keys to achieve the same level of security as other mainstream cryptographic algorithms, the elliptic curve discrete logarithm problem, on which it bases its security, will not perform so well in the post quantum computing world.
If, of course, it is not already flawed by a big American agency backdoor.
Learning the foundation of forensics and the use of two tools
Amber Schroader, Paraben
Many times in an examination process, a digital forensic examiner can feel at odds with the science behind the examination processes. However, the scientific side and the speed side don’t always go hand-in-hand. Since the inception of this discipline, there have always been processes that examiners must go through to properly complete their examination. These processes are tried and true across all types of digital data. As labs have become more and more backlogged with cases, many times these processes fall by the wayside and are not always followed.
Analyzing Windows Executable Files
Knowing what’s normal and abnormal on a Windows host and executables running in it helps to cut through the noise to quickly identify and locate possible intrusion. The success and failure of a forensics investigation/intrusion analysis lies in knowing and locating the normal and abnormal nature of the artifact being investigated. In some situations, we might come across a suspicious executable file that you would like to investigate to get an idea of what it does. Many times, intruders disguise the nature of the file in order to avoid detection. So it’s necessary as an investigator to understand the nature of an executable file and use proper tools and techniques for the purpose.
Reverse Engineering and Malware Analysis
Let's say you downloaded an application/ software from the internet. The application is closed source, which makes it difficult to be trusted as being secure. How do you verify its credibility? Reverse engineering plays a key role in revealing security holes / vulnerabilities in software that may even lead to complete system compromises. Apart from this, you are also not sure whether the software does something malicious disguising itself as an innocent piece of code for the purpose you downloaded it for. Reverse engineering the software can also help you figure out what it does or if it might harm you in any way. With the increasing number of malware these days, reverse engineering and malware analysis helps a lot in keeping the digital environment safe and prevents sensitive data theft.
Tools for Packet Capture
In today’s world, there is a lot of software available to perform packet capturing. In some cases, those packets can be encrypted. We are now in the digital age where incriminating evidence could be found in network traffic itself. In this study, we are able to capture traffic using two packet sniffing programs, Wireshark and Network Miner. These programs work in different ways, but this article will show how packets are displayed and analyzed.