|eForensics Magazine 2019 10 Forensic Imaging PREVIEW.pdf|
If you’re into forensics, you’d probably heard about tools like FTK Imager or Autopsy. We have published a lot of materials on those, but it’s the first edition strictly devoted to forensic imaging! We’re proud to present it to you.
The issue opens up with a very complex publication on Forensic Imaging Tools for Storage Media Examinations. It is a very in-depth analysis, which examines tools and techniques in each stage of the forensic process, but everyone even remotely associated with forensics would benefit from reading this article, including beginners. Further, we have a detailed introduction to Hardware Forensics. And then, we’re coming back to forensic imaging tools with an article by Matthew Kafami, which focuses on understanding the core concept of such tools.
This issue also includes a write-up “Volatility and large memory files”, and as the author wrote in the introduction - the purpose of this article is to discuss the modern forensic analysis that investigates captured memory images: how to deal with 64-bit images and robust memory, focusing on open source Volatility framework.
Inside you will also find an article “Crime Scene Investigation of GPS Data in Unmanned Aerial Vehicles (UAV)”. We know you like your drones, guys!
And we have a little surprise! “From Mars to Earth: How Virtual Reality and 360° Imaging Can Transform Crime Scene Investigations” - so forensic imaging, but not exactly the kind that first comes to your mind.
That’s not all! This issue also cover Data Breaches Analysis, OSINT with e-mails, DNS Security and Minimising the digital backlog through children’s education.
Thanks to all authors, reviewers, and proofreaders for participating in this project.
Have a nice read!
and the eForensics Magazine Editorial Team
TABLE OF CONTENTS
Forensic Imaging Tools for Storage Media Examinations
by Deivison Franco, Leandro Trindade and Daniel Müller
Because it is the media type most examined by experts, this article will focus on hard disks, which does not prevent, however, that the techniques and tools presented can be used in the analysis of other types, focusing on postmortem media analysis, rather than live analysis, where the expert would find the computer turned on, where we divided into the first three phases of the media forensics process.
by Deivison Franco, Leandro Trindade and Felipe Hifram
This article aims to provide an overview of Hardware Forensics and embedded computer expert exams (embedded systems) - a very broad category of digital systems, that is, a wide and open class of systems. However, due to its diversity and constant evolution, it is not very easy to systematize expert methods and procedures. Systems that, in fact, are often not exclusively digital and sometimes not exclusively electronic.
Understanding The Concept Behind Forensic Imaging Tools
by Matthew Kafami
To better understand how tools like FTK Imager or Autopsy, we will create our own overly simplified tool to complete the tasks mentioned below, using only the tools native to common Linux operating systems in the form of bash scripting.
Volatility and large memory files
by Paulo Pereira
The purpose of this article is to resume a very important discussion around the modern forensic analysis that investigates captured memory images: how to deal with 64-bit images and robust memory, focusing on open source Volatility framework. Today, it is well known that the excellent team that develops Volatility also sells software (Volexity) with memory capture capabilities, which is not tested here.
Crime Scene Investigation of GPS Data in Unmanned Aerial Vehicles (UAV)
by Chirath De Alwis
This article describes the evidence acquisition from drones and extraction of GPS information from drone artifacts.
From Mars to Earth: How Virtual Reality and 360° Imaging Can Transform Crime Scene Investigations
by Mehzeb Chowdhury
However, with VR and 360° photos and video, investigators could examine and re-examine scenes even without being present, regardless of the time since the original scene processing, and the degradation of the evidential artefacts between the initial crime scene discovery, and evidence presentation in court.
Data Breaches Analysis
Firstly, I picked at random an e-mail published live on a television news channel. This e-mail is popular enough to give me a lot of data breaches that I can analyse. I then decided to put this through various e-mail services and see how much I can grab about this company and its employees by analysing the data breaches this e-mail is in.
OSINT with Emails
by Joshua Richards
This article is going to show you many ways that you can pivot from an email address to find new information to advance your investigation and locate the person behind it.
Minimising the digital backlog through children’s education
By Lauren Nelson & Rachael Medhurst
‘Cybercrime is any kind of crime that involves a computer. That could be hacking, or it could be identity theft or child pornography’. There are three types of crimes; these include cyber dependent crime, cyber enabled crime and traditional crime.
by Ranjitha R
There are a lot of ways that DNS can be abused and misused to gain access into a network, avert the traffic out of a network, or communicate with malware installed inside the network. Because the DNS protocol is so extensively used and critical to the everyday operations of most organizations, it can be hard to protect against all the different threat vectors while still keeping an organization functioning with minimum impact on the users.