The summer is most definitely over, everyone is back to work, and so are we! This issue will present you with a great selection of authors and topics, we hope you’ll enjoy reading it as much as we enjoyed putting it together.
First, as always, we want to thank all our authors, reviewers, and proofreaders - everyone who helped make this issue a reality. Our betatesters put in a lot of extra effort this month, working on tight schedules, so let us reiterate once again: we appreciate your help immensely.
We kick off the issue with an anonymous submission, titled “Ten lessons for Incident Response”. It’s a cautionary tale of an unfortunate series of events, peppered with lessons that you can learn from. Then we have Kris Kaspersky’s piece on 64 bit XOR Payloads, definitely a must-read!
Next we go into the cover topic of this issue, car hacking and forensics, with an article co-written by one of our regular authors, Deivison Pinheiro Franco, followed by an interview with him about his latest book.
We continue the technical streak to the very end of this publication - you’ll have a chance to read about spoliation cases, creative techniques to get information out of an iPhone (turns out, Siri IS a big snitch!), JTAG and chip-off, PDF forensics, endpoint security and timeline analysis. A full issue worth of reading right there!
Have a great October and enjoy your reading, eForensics Magazine Editorial Team
Table of Contents
Ten Lessons for Incident Response
The author of the article requested to remain anonymous. During the presented events they were holding the position of System Infrastructure Manager.
It started with an email. There was an odd amount of traffic from our Primary Data Center to the IP of some non-descript website. I had a Blackberry at the time and felt safe checking out the site to see if it was obviously malicious. It was a Sunday, I was in the car with the family and the website didn’t seem threatening at first blush. I replied that this could wait until Monday morning to dive deeper and find out what was wrong.
Rapture of the depth and evolution - 64 Bit XOR PAYLOAD
By Kris Kaspersky
Exploits and exploit-kits have a long history of xor'ing, evolving from 8-bit keys to 64-bit. This paper not only shows the timeline of their evolution, but also offers reliable real-time detection techniques with a very low false positive rate, applicable for IDS/IPS and Gateway appliances.
Car Hacking and Forensics
By Pedro Luiz Próspero Sanchez, Deivison Pinheiro Franco, and Arthur Feliz Dantas
This article deals with the expert examination of a broad category of digital systems, i.e., a varied and open class system that is of great forensic interest, but its diversity and constant evolution is not very amenable to systematization of methods and forensic procedures. Systems that, in fact, often are not exclusively digital and sometimes even exclusively electronic.
Like research, like studying, like challenges, never settle for the obvious Interview with Deivison Pinheiro Franco
Interviewed by eForensics Magazine
Forensic Analysis of Spoliation and Other Discovery Violations
By Steve Bunting
When the police investigate a crime and they execute a search warrant for digital evidence, the charged party usually isn’t aware that the police are coming with warrant in hand. In essence, the search of the digital media is often achieved by surprise and the suspect has little or no time to dispose of evidence. Even if the defendant had some prior warning and subsequently deleted or secreted digital evidence, from a practical sense, there’s no crime or penalty for doing so. Furthermore, the criminal defendant enjoys the right not to self-incriminate.
Siri is a Big Snitch: Creative Techniques to Glean Information from an iPhone
By Kevin DeLong
One of the great challenges law enforcement agencies face worldwide is that cybercriminals are finding new ways to go undetected. Many of them slip into private online groups and use mobile apps to target children, women, the elderly and vulnerable people of all ages. Then by the time investigators catch on to one of their methods, another one has been implemented.
Practical JTAG and Chip-Off
By Kelvin Wong
Forensics analysis on mobile devices is becoming much more complicated as the developers attempt to prevent data leakage by OS based protection or data encryption. It is a significant challenge to the forensics examiners and investigators. Although the digital forensics vendors provide the latest and newest forensics applications for the ease of analysis, these are often limited to logical based approach or work under a simple assumption that the device is ready for analysis. To deal with the physical acquisition, apart from the unofficial ‘Root’ and ‘Jail Break’, JTAG and Chip-off are the alternative approaches to solve the problem. Also it is an effective way if the device is locked or physical damaged.
PDF Forensics and Analysis
By Kapil Soni
This short guide is specially designed for beginners and forensics professionals because this guide provides them a good opportunity of a good startup on PDF (Portable Document Format) Forensics and Analysis. Yes !! You can say the main aim of this guide is to provide “LESS THEORY – MORE PRACTICE” knowledge of PDF Forensics.
Endpoint Security Audit: Key Function of Information Security
By Omkar Prakash Joshi
Endpoint security is not only focusing on BYOD policy, but deals with the Endpoints, network devices, security patch updates/management, Information Security Policy, etc. It mainly protects the network in terms of whether it’s being accessed/connected to by remote devices such as PCs, Smartphones, other devices, etc.
Timeline Forensics: An Automated Reconstruction of Events, Timeline, User and Application Activity
By Ranjitha R
Due to the increase in the number of computer and internet users, there is also a potential increase in cybercrime and, therefore, the need for digital forensics. Timely reporting on digital crimes is an integral part of digital forensics.
A detailed event chronology helps law enforcement to map suspects’ actions during a crime. By using it correctly, intelligence and law enforcement agencies may save investigation time and focus on inspecting metadata, which is normally time-consuming and tied to manual analysis.