Welcome to the July issue of eForensics Magazine. We hope that those of you who had a chance to visit Las Vegas for all the conferences had a great time – if you have something you would like to share or an experience you would like to talk about, get in touch, we would love to hear about it! Here summer is in full swing, however it did not stop us from working hard on your next publication.
In this issue, we go on a journey to the world of Internet of Things, and how we can apply forensics to it. Our guides will be Deivison Franco, Joice Ribeiro do Rosário Dantas, and Gilberto Neves Sudré Filho. Later on we’ll also take a look at analyzing firmware in embedded devices when pentesting, so we hope you get to grow your IoT muscles with this magazine.
Also in the issue you’ll have a chance to get into antiforensics tools for Android devices, apply machine learning to malware analysis, play with PowerShell, Andriller, and check whether your systems are now safe from WannaCry – the method will work for other things too! There are two interviews in the issue as well, both with amazing people: Davide Cioccia and Jessica Gulick. We recommend you take a look at both!
We hope you find something for yourself in the issue. As always, huge thanks to all the authors, reviewers, to our amazing proofreader, and of course you, our readers – without you this wouldn’t be possible!
Enjoy the reading,
and the eForensics Team
TABLE OF CONTENTS
Cybersecurity is more than a science, it is an art
Interview with Jessica Gulick
Forensics of Things – Digital Forensics in IoT Device Environments
by Deivison Pinheiro Franco, Joice Ribeiro do Rosário Dantas, and Gilberto Neves Sudré Filho
The Internet of Things (IoT) opens up new data-rich opportunities to facilitate forensics processes. From a forensics perspective, keeping as much data as possible from each IoT endpoint can aid in an investigation. Unlike traditional IT security, the assets themselves may not be available (for example, they may be stolen), may not be capable of storing any useful data, or may have been tampered with. Gaining access to the data that was generated by compromised IoT devices, as well as related devices in the environment, gives a good starting point in instances such as this.
Firmware analysis when pentesting embedded devices
by Amit Sharma
Wow. Yes, did you ever imagine what we are today in terms of technology in comparison to what we were 10 years back. You will be astonished!
And to this major change, the largest contribution is from the embedded systems. The computing power of an embedded systems has increased exponentially in the past decade. The size is decreasing and the power is increasing and this trade off is still there: how much more can we increase the computation power while reducing size.
PowerShell for Computer Forensics
by Luca Cadonici
Available on Windows 7 since version 2.0, Windows PowerShell is a Windows command-line shell designed primarily for system administrators which accepts and returns .NET Framework objects. Unlike other shells, Windows PowerShell gives you access not only to the file system on the computer, but also to other data stores, such as the registry, using providers, Microsoft .NET Framework-based programs designed to take data storage and make it look like a disk drive. Windows PowerShell includes more than one hundred basic core cmdlets, simple, single-function command-line tools built into the shell that can be used separately or in combination to perform complex tasks.
What we want is a long-term fix
Interview with Davide Cioccia
Android Antiforensics Tools and Techniques
by Fagner Nonato Habr Ferreira, Rennan Souza da Silva Brito, Luiz Eduardo Marinho Gusmão and Deivison Pinheiro Franco
The increased availability of technology has made it common to use mobile devices with the Android operating system, such as smartphones, tablets and smartwatches, among others, for storing data such as contacts, calendars, call logs, emails, media files and Documents. Due to the growth of the Android system on the market, it became more likely to have a device with that system in a crime scene, and could prove to be a key piece in an investigation. However, despite advances in the field of computer forensics, the transition from antiforensic techniques of computers to mobile platforms has been observed, the main being the deletion, concealment, encryption and falsification that can be implemented through applications that are available free of charge on the market and can be used to make difficult, or even impossible, the expert work during the acquisition of digital evidence.
by Jan Kopia
More and more important information is stored or accessed using a smartphone. Forensic work, therefore, depends on the possibility to access data on mobile phones. The digital forensic world offers a wide variety of tools and solutions for different use cases in the field of mobile device forensics to gather digital evidence. Due to the wide adoption of smartphones, mobile device smartphone forensics becomes an important part of the classical digital forensic field.
MS17-010 has been applied. Are you protected against the WannaCrypt ransomware?
by Washington Almeida
After working with numerous cases of ransomware attacks in Brazil, supporting medium and large companies in dealing with the crypto-ransomware WannaCry and Petya, I talked to the eForensic magazine team about sharing a bit of my experience in order to warn that a computer is not immune to WannaCry’s action even after the critical Microsoft security patch MS17-010 has been installed on the computer.
Next Generation Malware Analysis Using Machine Learning
by Chiheb Chebbi
Nowadays, information security is becoming a more pressing concern. Devices and networks play an important role in every modern organization. But, if the organization does not properly test and secure their solutions and environment, black hat hackers or adversaries can compromise these solutions, damage business functionality, and steal data. Unfortunately, many organizations operate under the mistaken idea that security scanners and antiviruses will reliably discover malware in their systems. In reality, effective cyber defense requires a realistic and thorough understanding of malware analysis techniques. Malware attacks are becoming more sophisticated and dangerous. With millions of malicious programs in the wild, it becomes hard to detect zero-day attacks and polymorphic viruses. That is why the need for machine learning-based detection arises.