Wonderful news! Our most recent issue is now available, and it is packed with helpful information about Docker forensics. Our expert team has compiled all the crucial data you need to stay ahead of the competition for this highly sought-after skillset, which is in high demand. Hopefully, you will find your favorite article and a new piece of knowledge in this issue. This publication would not have been possible without the contributions of our authors, reviewers, editors, and proofreaders. It has been a pleasure working with you and learning from your insights.
We look forward to continuing to collaborate and inviting others to create more exceptional content with us. Together, let's make a meaningful impact in our field.
Don't miss out on this must-read issue!
Ewa & eForensics Team
There is no PREVIEW for this issue. You can read three selected articles available online in the OFFICIAL section.
Table of Contents
Let's Explore How to Strengthen Cybersecurity Practices
Interview with Jeff Minakata
History of DevSecOps
Chirath De Alwis, Nipuna Manujaya, Singha Dulain, Mohamed Sinan
DevSecOps, which stands for Development, Security, and Operations, integrates security principles into the software development lifecycle. It emphasizes the need of addressing security risks early in the development process, rather than as an afterthought. Because of the increased requirement for enterprises to emphasize security in an era of regular cyber-attacks and data breaches, DevSecOps has gained prominence in the software development scene.
What is DevSecOps?
Chirath De Alwis, Vidusha Shalani, H.M.H Sanjeewa, Jethendri Wathsala Perera, Umeshika De Seram
A software development methodology known as "DevSecOps" combines the principles of development (Dev), security (Sec), and operations (Ops). Instead of considering security as an afterthought, DevSecOps includes security practices into the software development lifecycle from the beginning.
Introduction to DevSecOps Security
Chamith Sandaru, H.A.Neelaka Nilakshana, Sulaksha Punsara Jayawikrama, Chirath De Alwis
DevSecOps solves this problem by integrating security with DevOps. Security becomes an integral, automated part of continuous integration (CI) and continuous delivery (CD) pipelines, and a responsibility shared by all teams. Developers become aware of security practices and implement them from the onset of a development project.
Cloud Storage and CJIS Compliance in the U.S.
In May of 2023, I published research that focused on the use and applicability of cloud storage for digital evidence titled “Cloud Storage & Digital Forensic Evidence”, which can be found here: https://revo4n6.com/docs. In this research, I outlined several security standards, with specific compliance and certifications requirements for digital evidence cloud storage. One of the biggest questions posed by industry leaders in the cloud storage and computing realm is how does the Federal Bureau of Investigations’ (FBI) Criminal Justice Information Services (CJIS) Security Policy apply to digital evidence being stored in the cloud?
Engaging Social Engineering: Extracting Information through Strategic Interactions
Throughout this process, it is important to exercise restraint; failure may result in a backfire of your own method. The method aims to anger or cause great sadness in the target and extract information. Remember, it's not illegal to gaslight or purposefully annoy the threat actor. It is crucial to approach this technique responsibly, ensuring that the methods are employed with good OPSEC and skill.
Obfuscating Infiltration and Exfiltration with Code Cave Artifacts
This article covers a handful of fun ways to play with executable binary files instead of just running them like everyone else. We will cover binary files using C, and tools using Python3, which automates our workflow and processes with shell scripts, and running this in a Linux environment, using Linux tooling.
Docker Forensics for Sustainability:
Unraveling the Environmental Impact of Containerized Systems
In this article, we’ll shed light on the subject, unraveling the environmental impact of containerized systems and emphasizing the importance of implementing eco-friendly practices.
Docker Forensics Secrets within Containers
The goal of this article is to explore the key concepts, challenges, and techniques involved in Docker forensics, highlighting its importance in modern-day digital investigations and some tools involved.
Forensic Investigation in Docker Environments: Unraveling the Secrets of Containers
In this article, we'll explore the fascinating world of forensics in Docker environments, revealing the essential techniques and tools to unlock the secrets hidden in containers. We'll cover analyzing Docker containers, detecting malicious activity, gathering evidence, and investigating incidents.