|Preview - eForensics Magazine 2022 07 Linux Forensics And Security.pdf|
Holidays are in full swing, but we are not slowing down and have prepared a new magazine for you. We know how essential system solutions are, so this month we have created a set of texts on Linux forensics and security for you. Our wonderful Authors will introduce you step by step to the issues related to the use of tools dedicated to this system and tell you where to look for gaps in its security and how to fix them.
In the magazine you will find, among others:
- how to explore within the Black Arch Linux operating system by Guymager and Dshell,
- file carving - what it is and how to get started,
- how to enhance visibility and detection on Linux with Sysmon;
- if the NBA is related to ensuring the security of the Linux system,
- how to transform traces into evidence!
Do not hesitate any longer and become a true Linux expert thanks to our compendium of knowledge!
Check out our Table of Contents below for more information about each article (we included short leads for you).
We hope that you enjoy reading this issue! As always, huge thanks to all the authors, reviewers, to our amazing proofreaders, and of course you, our readers, for staying with us! :)
and the eForensics Magazine Editorial Team
TABLE OF CONTENTS
Black Arch Linux For Forensics - Dshell And Guymager
by Atlas Stark
Bad actors are constantly developing new ways to break into computer systems and cover their digital tracks on the way out, leaving the general user is none the wiser. Often times after the attack, the victim or organization has no idea when or how the attack was performed, leaving major gaps and important details that would help determine next steps in reporting or remediation. After one of the largest attacks against Citibank, it was determined that the attackers actually had free access to the system for over a year before they were detected. In the end, it was detected by a team of forensic investigators, imagine if Citibank had employed a more prominent forensic presence at all times, maybe the breach would have been discovered a lot sooner making remediation efforts a bit smoother. If it can happen to an organization with limitless resources, just think of the complexities this presents for individuals and organizations that do not have a significant budget to protect their infrastructure.
Enhance Visibility And Detection On Linux With Sysmon
by Sergio Figueiredo
Linux-based systems are the host operating system for cloud hosts, application servers, and a wide variety of internet of things (IoT) devices. Like any other operating system, it is susceptible to attacks. Sysmon for Linux is one of the famous Sysinternals tools available on Linux, improving host-based visibility and making detection and response to threats more efficient.
How To Protect Your Security And Privacy In Linux Environments
by Tauane de Jesus
When we talk about Linux, we automatically associate it with security, so it is easy to have a false sense that we are safe. But since nothing is 100% secure, this also applies to the Linux environment. A survey conducted in 2021 by Crowdstrike (CVE-2022-0847) showed that the number of malware infections to Linux devices increased exponentially, showing a 35% growth in malware - XorDDoS, Mirai and Mozi were the most prevalent malware families, accounting for 22% of all Linux-targeted attacks.
Build Your Dynasty: Elite Defense Strategy For Your Linux OS
by Roland Gharfine
How will we leverage basketball analogy for security? Good question, you’ve been following along very well. The idea that security is situational or temporary is at the heart of countless vulnerabilities and issues. When you do one thing well, but fail to do your due diligence and put in the effort on other areas of the security court, that is often the catalyst of your doom. So let’s get together today, and stop the attackers from scoring points against our team and beating us on the security court, and let’s learn how to do that in a repeatable and operationally excellent way. I will even get down there with you, put on my jersey, and play defense with a couple of small but meaningful demos.
File Carving – What It Is And How To Get Started
by Richard Harding
File carving is a skill any forensic examiner will likely find themselves in need of at some point in their career, whether to recover deleted or damaged files, analyse data within an unallocated area of a storage device or work with fragmented data, understanding this technique is an almost certainty. This article aims to introduce the subject of file carving to forensic examiners, look at the difference between file carving and file recovery, demonstrate basic methods to carve files within a Windows and Linux environment and discuss some of the more advanced elements of file and data carving
by Adam Karim
On September 15, a man was found shot dead; he was found at a popular swimming spot in Liljeholmen in Stockholm. The suspected murder weapon was found in a grove of trees not far from the murder scene. The coroner determined that the victim was murdered on September 13 between 4:00 PM and 6:00 PM. The murder weapon was confiscated by forensic technicians who sent it to the Swedish National Forensic Centre (NFC) for further investigation.
Deleted Chat Case Study
by Nikhil Mahadeshwar
Cybersecurity as a domain is proving to be a lifesaver in various professional and personal aspects today. Cybersecurity offers a range of preventive measures that undeniably protect firms and individuals. However, in many such instances, cybersecurity companies enabled troubleshooting cybercrime cases. We came across one such client under dire duress due to malpractices within an organization that threatened to cost the client their job.
Digital Forensic Triage For Zero-Day Malware Detection And Investigations
by Amrit Chhetri
Digital forensic triage plays a vital role in modern day Security Operation Centres (SOC), and the engineering and designing of agile and open-ended architecture applies to the SOC maturity model the best. Forensic triage practices tuned into complying with the standards of SOC engineering and architectures and incident response hunt, detect and mitigate Zero Day Malware Attacks effectively and establish an industry compliant methodology of Zero Day Threat (ZDT) Detection and Incident Response. Applying correlations of PPT (People Process and Technology) of SOC and modelling patterns-driven frameworks for “Zero Day Malware (ZDM) Detection, Forensic Triage and Investigations Processes'' makes forensic triage fit for intelligent hybrid-SOC, supporting traditional ICT, IOT, AI and OT systems. Integration of Custom Threat Hunting and Detection Engine based on machine learning enhances the working of forensic triage models while working appropriately within required security resilience architecture and following principles of ethics - AI Ethics, Robotic Ethics and Neuro Ethics. The specially designed AI algorithms are trained to detect and generate alerts for Cyber Psychology Elements of malware attacks, which makes the triage process more complete and more accurate.
Transforming Traces Into Evidence: From Forensic Sciences To Computer Forensics
by Deivison Franco, Daniel Müller, Cleber Soares and Joas Santos
This article has the main objective of providing a theoretical basis for the forensic professional. Our intention with this work is to group the main concepts applied, generically, to Forensic Sciences and bringing them, specifically, to Computer Forensics. In this way, the fundamentals involved from the crime scene to the performance of examinations in different types of traces will be presented within the phases of the forensic process, through the general approach to the scientific police, providing an insight into the role of each one of the actors that make up the universe of criminalistics, as well as its scope and legal applicability.
Dangerous Is In Air
by Wilson Mendes
When Richard Stallman started the GNU Project and Linus Torvalds wrote the first version of the Linux kernel, I couldn't have imagined what was to come. In the last two decades, decentralized and distributed information has given freedom to ordinary people, transforming computers and networks, connecting everyone in a ubiquitous way, accelerating the process of learning and sharing content on an incalculable scale. Between 2004 and 2006, Internet connections became faster and cheaper expanding from megabytes to gigabytes, popularizing not only business but also as a means of communication between people around the world, social media sites like Facebook and Twitter will influence in new behaviors giving more freedom, autonomy and power to influence other peoples, including interference in each other's elections in countries around the world.