File System Forensics

Dear Readers,

Welcome to our newest issue, dedicated to the topic of file system analysis! File systems are accountable for systematic storage of files on the storage devices of our computers and facilitating quick retrieval of files for usage. Digital forensics has relied on the file system for as long as hard drives have existed. With this issue of the magazine we dive into NTFS, EXT4, and VDFS. 

The edition opens up with the overview of VDFS, then we go with an article “File Renaming Behaviour on The Fourth Extended File System (EXT4)”, prepared by Divya Lakshmanan, who instructed two eForensics online courses devoted to File Systems - EXT4 Forensics and NTFS Forensics. While we’re on the NTFS subject, you can find an article on it inside the issue as well!

What’s more? Linux Malware Analysis, an article on smartphone forensics, a write-up on E-mail Header Traceability, and a great publication prepared by our another instructor, Josh Richards (in cooperation with his friend, who wants to remain anonymous), on privacy issues associated with creating your CV online.

That’s not all, of course! Check our Table of Contents below for more information. 

We hope that you enjoy reading this issue! As always, huge thanks to all the authors, reviewers, to our amazing proofreaders, and of course you, our readers, for staying with us! :)

Have a nice read!

Regards,

Dominika Zdrodowska

and the eForensics Magazine Editorial Team

 

---

Download free preview

---

TABLE OF CONTENTS

---

An Overview of VDFS File System Analysis

by Alex O. Ogbole 

This age of IoT devices, smart TVs, AI and other disruptive technologies and concepts, have brought in their wake of excitement for end-users of these devices. This has also brought in many challenging experiences for digital forensics practitioners . The first challenge is to keep up with the trends. Then, being able to provide the courts, with findings from evidence recovered from these gadgets, is on the rise. The life of a normal user of these gadgets and electronics at the least is to enjoy the promised experiences advertised by the manufacturers of the gadgets. The abstraction underlying the technology and details of supporting securities are left to the geeks. So, to the geeks, in this writing, I intend to analyze the file system called VDFS that runs on the Tizen OS. 

File Renaming Behaviour on The Fourth Extended File System (EXT4)

by Divya Lakshmanan

File Systems are accountable for systematic storage of files on the storage devices of our computers - to facilitate quick retrieval of files for usage. They do a great job! Depending on the Operating System that is running on the computer, the file system used by the storage device varies. Computers running Linux have storage devices commonly formatted with ‘Fourth Extended File System’ (EXT4). This article will focus on a feature of EXT4 file system.

NTFS Forensics

by Florence Love Nkosi

New Technology File System (NTFS) is a proprietary file system developed and introduced by Microsoft in 1995 with Windows NT and has since been used in Windows 2000, Windows XP and Windows Server 2003 (Forensicswiki, n.d.). To successfully conduct a forensic analysis of an NTFS system and extract useful evidence, investigators must understand the overall structure and the unique characteristics of the NTFS file system. Forensic analysis of NTFS can provide useful information such as malware detection.

Basic Linux Malware Analysis

by Matthew Kafami

Checking a device running Windows OS for signs of having been compromised by malware is something one may find many tutorials for. There are several open source tools that will detect changes in Windows Registry Key values, find extraneous and likely malicious running processes, and if you have access to a disassembler, documentation for Windows API function calls is more than enough to help determine what malware is attempting to accomplish. A majority of commonly available open source tools are for Windows, so what about Linux? Fortunately enough, the Linux command line features several built-in tools for a system administrator to uncover enough information about a malware’s activity to determine what is happening on your compromised system. 

Smartphones Need Two-Factor

by Jaret A. Langston, Dale W. Callahan, and Joseph Popinski 

Society generates 2.8 quintillion bytes of new data every day.[1] Much of this data is sensitive information and should be protected from unauthorized access. Sensitive information is defined as information that, if compromised or misused, could adversely affect the privacy of the individual or organization.[2] There are many types of information that fit this definition, but for this discussion we will focus on Personally Identifiable Information (PII) (birth date, social security number, driver’s license, passport, etc.), medical information (insurance, prescriptions, history, etc.), consumer information (credit card, banking, insurance, etc.), and business information (company email, company documents, etc.). NIST (National Institute of Standards and Technology) guidelines recommend access to systems with confidential information be secured with multi-factor authentication (MFA).

Email Header Traceability

by Johan Scholtz 

This article covers:

• Email structure
  - Time stamps
  - Originator
• XML relevance
• Header injections
• Vulnerabilities

Creating your CV online shouldn’t cost you your privacy

by Joshua Richards & Tokyo_v2

With this article, we are looking to raise awareness of the use of online CV templates and what happens to your data when you sign up. We have looked into a variety of free online CV builders and found that 2 out of 5 websites indexed your CVs online, CVs that are now public and accessible to anyone looking for them. 

Is Medical IoT Set to be the Most Hacked Future Industry?

by Sam Bocetta

In this article, we'll look at how the IoT trend is changing healthcare and why medical devices will likely become the most hacked industry in the near future.

Legitimate programs as an Anti-Forensic Technique

By Rachael Medhurst

Digital Forensics is the process of collecting, preserving and examining data that has been located upon digital devices. This data will then be presented in an expert witness statement to be reviewed and presented in court. Illegal material captured from these devices can lead to successful convictions of suspects accused of different illegal activities. However, the use of anti-forensics is becoming more and more common practice within society and the use of legitimate programs to obstruct the case is ever prominent. As criminal law currently states that the jury must have beyond all reasonable doubt before convicting the suspect, the use of legitimate programs is utilised within cases to create doubt in the criminal activity. Therefore, the jury will not be able to determine if the suspect is guilty beyond all reasonable doubt. This is a form of anti-forensics that tries to obscure the case that is currently in process. Due to these open source and legitimate programs, is this causing more cases to be delayed or acquitted because this places doubt on the credibility of evidence?

Image Forensics

by Zainab Khalid

Image Forensics is a branch of forensics that deals with a) source identification of the image, b) forgery detection and c) detection of any photo-realistic images that may have been fashioned on a computer entirely. There are several techniques and ways-about-it that are used to achieve all three of these goals and each depends on the scenario at hand in the digital investigation. Safe to say, a typical scenario in image forensics is passive blind forgery detection where the investigator has no previous information about the image, i.e. what camera model was used to capture it or what processes of alteration it went through over the course of its lifetime. The investigator has the image to work with and that is about it. For that reason, most techniques and tools today are developed around the blind approach.