|Preview eForensics Magazine 2021 08 INFORMATION GATHERING AND ANALYSIS IN DIGITAL FORENSICS.pdf|
Information is a core of any investigation. It can be used to secure an organization, introduce corrective mechanisms, or as evidence in legal proceedings. Various tools and techniques can be used to gather and manipulate information, including passive data collection and OSINT. This month, we are handing over a magazine to learn how to collect and analyze data for both professional and private use, and we promise you will enjoy it.
In the magazine you will find, among others:
- an overview of OSINT tools with practical tips on how to use them to ensure your own and your organization's cybersecurity;
- tips on how to use OSINT to collect data about people, including how to analyze social media, how to search for threats and analyze metadata,
- how to use machine learning to automate data analysis processes in digital forensics;
- what are the methods and tools for passive data collection.
That's not all, in this month's magazine you will also find information about the forensic analysis of objects printed by 3D printers, about the methods and tools of forensic analysis of a smart TV, and you will find out what security mistakes are most often committed by cybersecurity specialists.
Do not hesitate and read this compendium of knowledge and fun!
Check out our Table of Contents below for more information about each article (we included short leads for you).
We hope that you enjoy reading this issue! As always, huge thanks to all the authors, reviewers, to our amazing proofreaders, and of course you, our readers, for staying with us! :)
and the eForensics Magazine Editorial Team
TABLE OF CONTENTS
DUI Case Videos. Have They Been Altered?
by Paul Gordon
In recent years, there has been public pressure on law enforcement to have more accountability and more transparency in contacts with the public and arrests. One way for law enforcement to satisfy the public is by using video equipment to record arrests. The evidence from a Dash Mounted Camera or Body Worn Camera can also help Defense Attorneys manage a DUI or Drug Interdiction case. Many times, in alcohol and drug related cases, law enforcement officers do not provide the video proof that is described in their reports.
How Machine Learning Can Adapt To Digital Forensics
by Shannan Ilen and W. Chirath De Alwis
Digital forensics is investigating digital evidence of a committed crime. In the early days, digital forensic techniques were not automated, it was all about manual analysis, which took more time. With the time being and the growth of data, tools were developed with the capabilities of allowing the user to create scripts that automate series of actions. Over time and with the concept of big data, software vendors automated complex features and narrow them down to simple clicks on a user-friendly interface with the help of trained ML models to detect accurate evidence depending on the requirement.
From The Diary Of A Digital Forensics Analyst
by Luis Alfonso Núñez Gutiérrez
Do cybersecurity specialists follow the security rules themselves? Do they always use the best security and protect themselves against data loss? These questions seem rhetorical, but you know what they say "the darkest place is under the candle". Find out what mistakes are most often made by specialists from a humorous story by one of them.
OSINT For Forensics
by Khamir H. Mchatta
Digital Forensics is the process of collecting and analyzing digital evidence and presenting the evidence in a court of law. In digital forensics, not all cases are going to be the same. Each case that a forensics investigator will face is going to be different, which will require the use of different techniques and approaches in order to solve the case being conducted. In this article, we are going to see how we can use OSINT in an investigation.
Solving FireEye Flareon7 Challenge 7 (re_crowd) With REW-sploit
by Cesare Pizzi
I recently presented at BlackHat USA 2021 Arsenal my last reverse engineering tool, REW-sploit, built to automate analysis for Metasploit and CobaltStrike frameworks.
You can find the tool on GitHub, together with the slides used for the presentation:
- The tool: https://github.com/REW-sploit/REW-sploit
- The slides: https://github.com/REW-sploit/REW-sploit_docs
Since the 2020 FLARE-ON 7 CTF Challenge #7 was actually built with Metasploit, I thought it could be a great primer to introduce REW-sploit and how it works.
Forensics Analysis Of 3D-printer Objects
by Lee E. Garner and Ali Mansour, PhD
3D-printing has been well highlighted since the criminal element began printing various types of weapons (Harnrahan, 2019). The focus of the research now has shifted to the discovery and awareness of 3D-printing of objects that are used in whole or in part for unlawful acts used in cyber-attacks and in the development of delivery mechanisms (BBC NEWS, 2021).
Passive Information Gathering Of An Organization – An Overview
by Vedant Roy
Passive information gathering is a process to collect information about an organization without actively engaging with an organization. In other words, it involves using the internet resources to gather publicly available information of an organization. This process is the first step used by an ethical hacker while performing a penetration test of an organization. The information gathered can include details like employee emails, company’s network infrastructure, website hosting details, digital assets publicly accessible, sensitive documents leaked, previously exposed information, etc.
Smart TV Forensics: Methods, Analysis And Considerations
by John D. Pena and Douglas A. Orr, Ph.D.
This paper is meant to reevaluate ideas that have been previously discussed, as well as offer newer approaches to digital forensic analysis on smart TV devices. Because of the way in which smart TVs function, there remains an understanding that these devices can be viewed in the same light as an average computer. However, there are aspects of the device that require specific methods and techniques that have not been completely structured due to the lack of studies done on this subject and the limited abilities of current forensic tools regarding their use for these devices. Smart TVs are newer technology that will become more observed in cases over time, as many consumers view these devices as the more optimal option for entertainment use. This paper will seek to provide a methodology that expands upon approaches that found success and support these processes with an updated perspective regarding the tools and steps taken.
OSINT - Tools And Methods
by Longinus Timochenco
Open Source Intelligence or OSINT consists of any type of information about a person or company that we can find online with the tools that the internet offers us (such as Google) without violating copyright or personal data protection laws, but don't forget that a criminal will actually use it against you as well. Primarily, it is necessary to clarify that the activity of intelligence or open source intelligence is not static, as many people might think. It is necessary, however, to break with this type of erroneous imagination, and show the public what needs to be shown. Intelligence services have been undergoing changes for a long time when the question is agility, objectivity and more confidence in the production of knowledge, analysis and dissemination. Confidence that must exist, as information is misinterpreted both by the intelligence agent or police officer who performs an investigation service, and by the analyst who will carry out the analysis of the data in order to transform it into valid information to subsequently advise the decision making about some matter. Today it is different since, if someone needs to get some information about someone, for example, it is usually done in a few seconds or even milliseconds - taking into account the computing power of the equipment. It is important to emphasize that, generally, this information is in the public domain, that is, open to anyone who wants to access it. Taking advantage of these facilities, the various intelligence services around the world, moved in the same direction of evolution, thus, it started to make use of these open sources to perform services.
Fragile States, Blockchain Data, and Terrorism; Oh, My!
by James A (Jim) McCoy, Jr
In this article, my first for eForensics, I chose to expand on a topic that I stumbled upon accidentally while researching something else: correlations between the Fragile State Index (FSI) and the Global Crypto Adoption Index (GCAI). I was writing a blog post on the use of cryptocurrency in the financing of terrorist operations. That is how I came across the Global Crypto Adoption Index (GCAI). Produced by Chainalysis, the goal of the GCAI is “to provide an objective measure of which countries have the highest levels of cryptocurrency adoption”. The objective in compiling blockchain data is to “highlight the countries with the greatest cryptocurrency adoption by ordinary people, and focus on use cases related to transactions and individual saving, rather than trading and speculation.” In other words, where are more people starting to use cryptocurrency as an actual alternative currency versus merely investing in it.