|eForensics Magazine 2022 03 Preview Forensics Investigations Case Studies and Tools.pdf|
What are forensic tools? The answer to this question leads our thoughts to Hollywood productions where we see the yellow tape and jumpsuit-clad technicians collecting evidence with spatulas. But is that all? Well ... no, because today, as our readers and digital forensics specialists know perfectly well, more and more evidence is obtained from mobile devices and digital data carriers. So what tools to use or choose to analyze them? You will find the answer in our magazine! This month, we have prepared for you a set of texts about digital forensics tools and how to use them in practice.
In the magazine you will find, among others:
- tips on how to analyze Xbox using SmartGlass and Xbox App,
- how to analyze the memory dump of an infected computer using the Volatility tool,
- what AI can do for media forensics, its impact and limitations, and the current round-up of industry-accepted AI software applications,
- how to perform memory forensics during incident response using Redline,
- what Spiderman has to do with building an enterprise cyber security system.
Interested? Don't miss out on this unique toolbox.
Check out our Table of Contents below for more information about each article (we included short leads for you).
We hope that you enjoy reading this issue! As always, huge thanks to all the authors, reviewers, to our amazing proofreaders, and of course you, our readers, for staying with us! :)
and the eForensics Magazine Editorial Team
TABLE OF CONTENTS
The Missing Piece: An Exploration Of Digital Artifacts Found Using The SmartGlass and the Xbox App
by Jessica Kimmel-Freeman and Douglas A. Orr, Ph.D.
Since the release of the Xbox in 2001, there has been a desire to understand what digital treasures gaming consoles hold locked inside them. Unfortunately, the evolution of these devices has stopped the best Digital Forensics investigators from cracking them open due to unique operating systems, complex file structures, and proprietary encryption. The Xbox One and Xbox Series X are no different. Over the last ten years, Digital Forensics has focused on trying to understand the physical devices, and how to get the data off them. This has been minimally successful. In 2012 when Microsoft introduced the first companion application, SmartGlass, they were providing a backdoor into some of that hidden data. Through an experiment using virtual machines, the companion apps SmartGlass and Xbox App, and traditional forensics tools, valuable data has been shown to be present within the Windows operating system for computers that have been connected to the Xbox App or SmartGlass application. Traditional forensics methods can be used to gain end-user data from these companion applications that may be valuable to Digital Forensics investigations.
Memory Analysis Of Stuxnet Malware
by Sumit Kumar
In this article, we will discuss analyzing the memory dump of an infected computer using the Volatility tool. Volatility is one of the best open-source memory forensics frameworks for Incident Response and Malware Analysis. It is based on Python and supports analysis for Linux, Windows, Mac OS, and Android systems. It can analyze raw dumps, crash dumps, VMware dumps (.vmem), virtual box dumps, and many others.
The Benefits And Risks Of Artificial Intelligence As Legal Evidence
by Doug Carner
The term Artificial Intelligence can invoke fears of a dystopian robotic world devoid of human restraint. The term artificial Intelligence (AI) is ubiquitous, and while its most nefarious applications receive the greatest attention, AI routinely improves the quality of our daily lives. AI helps train surgeons and business professionals by creating visuals that never existed in the real world. But AI is also being used by governments for facial recognition, and solving crimes, with potential questions of ethics and privacy. In this article, we will examine what AI can do for media forensics, its impact and limitations, and the current round-up of industry accepted AI software applications. Let’s first understand how media AI works.
Forensic Tools? Elementary, My Dear Watson
by Wilson Mendes
Currently, with the increasingly present amount of data hosted in clouds, through systems and applications, information technology, driven by the easy access to billions of leaked user data, also becomes attractive to a multibillion-dollar global industry of fraud, theft, kidnappings, blackmail, fake news and so on. Reaching all criminal fields, it becomes more and more part of almost everything around us.
Redline: Analyze Memory Image Files To Find Signs Of Malicious Activity
by Sergio Figueiredo
When collecting digital evidence, an analyst should consider data volatility in order to prioritize what will be first collected and analyzed. The data loaded in memory, like running processes, network connections and credentials, for example, can provide unique insights; but when a computer is powered off, this data is lost, which makes a memory dump of a compromised machine one of the most important steps during incident response. FireEye’s Redline is an incredible tool that can help you to perform memory forensics during incident response.
Tools Of The Forensic Trade
by Byron Gorman
With the current threat in cybersecurity, along with the deployment of wipers and ransomware, Digital Forensics has become a necessity. The increased compromises have become unquestionably more serious and growing over time. The damage has cost both the consumer and the government more than 11.5 billion and will grow expediently. Attacks on the government and corporations happen every 14 seconds and several have happened in the time that you have taken to read this article. The solution is to use different forensic tools and techniques. I have worked in the fields of both forensics and cybersecurity and have deployed several different tools that are necessary to achieve that task, depending on the situation. Some of the tools are open source and others are paid tools.
XDR: The New Way To Save The Day Through A Web Of Impediments
by Alexandra Hurtado
Introducing yet another acronym to the IT world of surplus acronyms. There seems to be an acronym for everything these days with the widespread adoption of gears and tools to cover with public cloud, edge computing, IoT, keeping on top of it all can be exhausting and for some downright impossible.
Who Or What Is OSCAR The Modular Body? An OSINT Investigation Into The Legitimacy Of This Story
by Jeff Minakata
In this article, we will be exploring and investigating a story that was brought to me by a friend who, let’s just say, indulges in some fringe news sites. The story was originally believed to be true, a remarkable new breakthrough in medical science, a modular 3D printed organic tissue! In typical fashion, I was skeptical and wanted to verify how true this story was. When it comes to news, it’s even more important to be able to verify how true a story is. In this article, I will be walking you through one method that you can use in tracking down and validating a story. So let’s see if OSCAR is a science breakthrough or science fiction. Normally, I recommend (strongly recommend) the use of a VM and a VPN when conducting an OSINT investigation. For this particular investigation, the risk is extremely low, we are simply going to use a web browser and our OSINT skills to dig in.
Forensic Disc Imaging Options From Bootable To Remote Imaging
by Amber Schroader
The need for flexibility when creating forensic images has always existed. From the use of hardware for direct drive to drive imaging to the use of software to create a DD image, investigators have always needed options when it comes to imaging computer-related data for forensics. This imaging is a key part of the forensic process and can be the difference in finding, or not finding, the data you need for incident response, insider threat investigation, or even a straightforward discovery request.
Cyberwar The New Kind of Warfare Of The 21st Century
by Deivison Franco, Cleber Soares, Daniel Müller and Joas Santos
The technological evolution brought with it the Internet and the Information Age, giving way to the Knowledge Age. Despite the benefits brought by the circulation of information in real time and on a global scale, this scenario makes people, organizations and nations highly vulnerable to a new type of threat: the cybernetics. This threat exploits cyberspace, knows no borders and has the potential to cause great financial damage, paralyze vital critical structures of nations and even claim lives.