|Preview-eForensics Magazine Vol. 10 No. 09 ISSUE 125 October 2022 ISSN 2300 6986_compressed.pdf|
I hope everything is going well for you. In my dream, I imagined you eagerly awaiting the next issue of eForensics Magazine. The idea of this issue was to present as many digital forensics tools as our authors, reviewers, the Internet ;) and I found for you. I hope you find them useful in your daily work. I hope that I managed this task. However, I think you will find more interesting topics.
Inside the issue, there are many technical details about the tools itself. You will find articles that were created to introduce not only the tools but you will also find articles into which you will dive deeply in the areas of digital forensics matters.
I would like to remind you what the editorial schedule for the next three months looks like: Corporate Forensic Investigations, Advanced Digital Forensic Analysis, Mobile Device Forensics.
My kindest regards,
Ewa & eForensics Mag Team
Let’s have a glimpse of what our experts prepared for you.
TABLE OF CONTENTS
Memory Analysis Using Volatility Framework To Identify Malware Activities In The Windows Systems
by Adalberto Batista da Silva, Enizaldo Severino da Silva Filho, Paulo Henrique Pereira, Regis Proença Picanço, Rodrigo Ferreira Marques
This article presents the memory analysis of a case of a company attacked by ransomware, presenting the process enumeration combined with YARA rules for the identification of malware activities. The results found were: the process used by the ransomware, the execution of hidden processes in the system, and the identification of the files created by the artifact.
Introducing FTK Central: Helping to transform digital forensics at West Midlands Police
by Jon Cook
Forensics toolkits have come a long way in a relatively short period. At the turn of the millennium, we were still navigating the early days of Windows, where small computer hard drives of around 150 megabytes were the norm. Back then, law enforcement digital forensics was in its infancy. Forensic toolkits were used to support the recovery of deleted files, but a lot was still done manually and relied heavily on the knowledge of examiners.
How to Start in Digital Forensics
by Kharim.h Mchatta
In this article, we discuss the forensics processes, mainly focusing on the forensics tools used under each process. This is going to equip the reader with knowledge of not only the available tools that forensics experts use, but also an understanding of where in the forensics process the tools are being used. Most of the tools discussed in this article are focused mainly on computer forensics, but you will see different tools also mentioned in this article.
Reverse Engineering: Static Analysis Using Rabin2 & DnSpy
by Tahaa Farooq
Reverse engineering is the analysis of a device or program to determine its function or structure, often with the intent of re-creating or modifying it. Malware analysis is the art of dissecting malware to understand how it works, how to identify it, and how to defeat or eliminate it. In this article, Tahaa Farooq will be explaining and demonstrating how malware reverse engineering is done with one technique in play, namely: Static Analysis.
Memory Acquisition on Windows and Linux
by Ricardo Alves da Silva
Following the incident response lifecycle defined by NIST 800–61r2, the evidence collection and treatment process begins in the “Containment, Eradication, and Recovery” phase. This is a crucial phase, as it is necessary to measure the actual and potential impacts of a particular incident and, above all, to understand its root cause, so that it is possible to carry out the necessary containment effectively and definitively eradicate the environment. This article will discuss how to perform memory collection procedures in Windows and Linux operating systems.
Processing iOS Devices for Digital Forensics
by Amber Schroader
The imaging process for most iOS devices is logical imaging. Physical imaging of these devices is only available once a device has gone through the Jailbreak process. That process will unlock the limitations of the file system from access, and standard forensic tools can then image the device physically. For this workflow, the logical process and evaluation will be reviewed with common issues that can cause pitfalls to get a proper logical image. In this article, you will read how to start with this matter.
SOCMINT WITH SHERLOCK
by Gabriel Sousa Carvalhaes
Social Media Intelligence (SOCMINT) is a type of Open-Source Intelligence (OSINT) focused on finding publicly available information on social websites. In other words, SOCMINT techniques can track the data that travels through social media. Therefore, it is important to understand that one of the best ways to gather information on social media is to keep track of accounts, and it is possible to do that through searching of usernames.
Tracking Usernames Across the Internet with Maigret
by Jeff Minakata
Do you need to find different sites that use a particular username? I have the perfect tool for you to use. In situations such as this, one of the programs that I turn to is Maigret. A fork of the popular tool Sherlock, Maigret has proven to be a valuable time saver that has helped me on several occasions when performing OSINT searches (also very useful for pentesting). In this article, I will be detailing how to install Maigret onto a Linux (CSI Linux) system (Debian, Mint, Tracelabs Linux, Kali Linux, etc., will all install the same way) and also show an example of scanning a username along with verifying the results.
XProCheck: When Necessity is the Mother of Reinvention
by Israel Torres
XProCheck is currently in its infancy and, in my opinion, headed in the right direction and really beating Apple to the punch, of where only the future may tell. It is a new tool named XProCheck that gets better with each version and is being actively worked on, and rapidly. The awesome part about this tool is that it encapsulates another tool named Apple XProtect Remediator (formerly XProtect) that is embedded in the macOS system and pretty much undocumented by most standards to the public. You learn what XProCheck is and how it benefits a macOS user forensically to identify malware activity on their local systems.
Catching Phish with Splunk Stream
by Thomas Mitchell
This article provides an overview of what is required to deploy, configure, and manage Splunk Stream in a distributed environment. A deployment can consist of many Splunk Universal Forwarders running on endpoints throughout the environment. When the first Splunk Stream Technology Add-On (TA) is first installed from the central deployment server, the SS configuration is pulled from the central Splunk Stream server. You can run two Splunk roles on the same host - Deployment Server and Splunk Stream Server. Splunk Stream enables the capture, filtering, indexing, and analysis of streams of network event data.