|PREVIEW - eForensics Magazine 2021 05 Digital Forensics Starter Kit.pdf|
Would you like to start your adventure with digital forensics, but so far you have not been able to find the right source of knowledge? Or maybe you would like to learn new techniques that you can use in your investigative work? If your answer to any of those is “Yes,” you just found the answer to your needs. Our wonderful authors have prepared 10 tutorials that will guide you step by step through specific operations and explain how to use the right tools.
In the magazine you will find, among others:
- how to examine computer and mobile devices with the use of properly configured hardware and software,
- description of basic techniques for hidden data detection,
- information about what CCleaner is and what it is for,
- how to build a tool called the Forensic Image Mounter leveraging Python 3.8 to assist digital forensics investigators using Linux,
- an overview of digital forensics in the context of key skills in this industry,
- the use of MISP integrated with Maltym, with a focus on tracking the source of threats and investigating the incident after its detection, to acquire and categorize threat intelligence, find hashes related to certain domains, IPs and discover network of threat agents, improve detection automation in anticipation of a possible attack,
- an overview of data extraction techniques from mobile phones.
Do not hesitate even a moment longer and immediately reach for this unique starter kit!
Check out our Table of Contents below for more information about each article (we included short leads for you).
We hope that you enjoy reading this issue! As always, huge thanks to all the authors, reviewers, to our amazing proofreaders, and of course you, our readers, for staying with us! :)
and the eForensics Magazine Editorial Team
TABLE OF CONTENTS
Standard Operating Procedures (Recommendations) - Examination of Computers
by Tom Pahula
The examination of computers will be conducted using properly configured hardware and software. All computers and related media will be examined to determine the original status of the items submitted; to protect against inadvertent media alteration during the course of forensic examination and analysis; and, to identify possible safety and protective measures needed for the examiner. This procedure applies to all types of media, including desktops, laptops, external storage devices, hard drives, floppy drives, USB drives, hardware based currency, etc.
Standard Operating Procedures (Recommendations) - Acquisition And Examination Of Mobile Devices
by Tom Pahula
Mobile device examinations will be performed using properly configured hardware and software. All devices will be examined to determine the original status of the device submitted; to protect against inadvertent media alteration during the course of forensic examination and analysis; and, to identify possible safety and protective measures needed for the examiner. This procedure applies to all types of Mobile Devices, including all types of cellular phones, tablets, GPS, smartwatches, etc.
Hidden Data Sources And Techniques
by Kharim H. Mchatta
In this article, we will be focusing on data hiding techniques as anti-forensics techniques and how you as a digital forensics expert can discover the hidden data. Before proceeding further, we have to understand the meaning of what data hiding is, followed by the types of data hiding techniques and then diving further on how to discover these hidden data.
CCleaner Registry Entries
by Colin S
CCleaner is an application developed by Piriform. It is used to assist a computer user with cleaning unwanted files and invalid registry entries from a computer. It was first launched in 2004 and developed for Windows based operating systems; in 2012, a MAC OS version was released and 2014 saw the release of an Android based version. The testing was focused on trying to understand if CCleaner had been launched and clean operations executed. It did not focus on other user interactions, such as updating the software or using the drive wiper functions.
by Kharim H. Mchatta
A first responder is the person who arrives first or submits the first report in the crime after an incident has occurred. The sole duty of a first responder is to make sure that the crime scene is not tampered with or contaminated. The first responder has the responsibility to make sure that there are no changes made to the crime scene and they should make sure they themselves do not make changes to the crime scene.
Python Forensic Image Mounter
by Justin A. Williams and Douglas A. Orr, Ph.D.
Digital Forensics includes a wide array of tools. Yet, some need to be specifically created in order to assist those who may work in the digital forensics field. For this paper, a tool called the Forensic Imager Mounter will be built leveraging Python 3.8 to assist digital forensics investigators using Linux. Understanding that there is a need for this tool and how it fits into the Data Examination or Data Analysis phase of the Digital Forensics Investigation Lifecycle should increase examiner’s efficiency. Adding another methodology, namely the Abstract Digital Forensic Model, squarely shows where the tool sits between the two methodologies.
Entry Into Digital Forensics: Crossing The Virtual Yellow Tape
by Arushi Doshi
With a cyber-attack happening every 39 seconds, the need for forensic investigations into these incidents has steadily increased in the 21st century. Digital forensics (or computer forensics) deals with the application of proven scientific techniques to investigate digital crimes. Digital forensics professionals can work in law enforcement, the private sector or within a corporation to provide support when a breach occurs in order to identify the source and recover any compromised data. There is a strong demand for skilled, trained and certified forensic investigators who have the knowledge of performing digital forensic tasks such as data collection, preservation of evidence, processing and analysis. The key skill underlying all these tasks is the ability to maintain accurate documentation and attention to detail. In this article, an overview of digital forensics for complete beginners or folks new to the field has been presented.
Digital Forensics Lab
by Kharim H. Mchatta
Digital forensics involves the collecting, analyzing, preserving, and presenting of digital evidence in the court of law. The first responder is the first person to arrive in the crime scene who collects the evidence, preserves it, writes a chain of custody, and then sends the evidence to the forensics lab for analysis. A digital forensics lab is a location or building designated for conducting digital forensics investigations and has storage for storing the evidence received from the crime scene. A digital forensics lab is and should always be restricted from unauthorized access so as to avoid evidence missing or being tampered with. This means that physical security is very important when it comes to digital forensics labs.
Using Maltego And MISP For Incident Hunting And Investigation
by Cleber Soares and Deivison Franco
This article aims to demonstrate the use of MISP integrated with Maltego, with a focus on tracking the source of threats and investigating the incident after its detection in the environment, to acquire and categorize threat intelligence, find hashes related to certain domains, IPs and discover network of threat agents, improve detection automation in anticipation of a possible attack. Incidents are any unexpected occurrences that may compromise the security chain of a computer system or environment, that is, its confidentiality, its integrity or its availability. Thus, using the NIST-CSF  (National Institute of Standards and Technology - Cyber Security Framework), which consists of five levels of activities necessary to manage cybersecurity risk, this topic corresponds to the "RESPOND" moment, where it is necessary to investigate the root cause of the security incident and reduce or prevent the impact.
Beginners Guide: An Overview Of Data Extraction Techniques From Mobile Phones
by Ashish Sutar
The digitization of the world is on the rise and so is cyber crime. Day by day, cyber crimes are rising and law enforcement agencies are on their toes to solve these crimes. They are using sophisticated digital forensics techniques for analyzing and investigating the cyber crimes. However, limited skilled manpower, large number of cases, sophisticated mobile phones with OS with latest security patches are just a few among the various challenges that hinder the progress on LEAs to cover the gap between the rise in cyber crimes and the cases solved. The first hindrance is to extract the data from the mobile phones. In this paper, I would like to provide an overview and available techniques to extract data from mobile devices.