|eForensics Magazine 2017 06 Linux Memory Forensics PREVIEW|
Welcome to the June edition of eForensics Magazine! Now, we know it’s already July, and first of all we would like to offer our apologies for being a few days late. We hope that the contents of the magazine will make up for it!
We open the issue with an interview with Magda Chelly, who will tell you about how she got started in cybersecurity and how she got to the top. After that you’ll find an introductory article to our upcoming online course, Digital Video Forensics, written by the instructor, Raahat Devender Singh.
The cover topic of this issue, Linux Memory Forensics, comes in an article by Deivison Pinheiro Franco and Jonatas Monteiro Nobre, “How to Perform Memory Forensics on Linux Operating Systems”. In this piece you will learn all about tools and methods needed to perform forensic investigations on Linux! Other technical tutorials of the issue will teach you about how VMs can be recovered, how to perform analysis with Paladin 7 and Autopsy, and how static analysis of modern malware can be improved through statistical characterization of samples.
The rest of the articles will touch on GDPR, phishing, log files analysis, and more. We hope you’ll like all of them, and that everyone finds something new to learn from this publication.
As always, many thanks to all our betatesters and reviewers for their invaluable help, and of course to you, our readers. Without you all of this would be pointless!
Enjoy your reading,
and the eForensics Magazine Team
TABLE OF CONTENTS
Don’t give up and start doing what you are passionate about - interview with Magda Chelly
Interviewed by Paula Grochowska
Digital Video Forensics: Uncovering the truth in the world of distorted realities
by Raahat Devender Singh
Our eternal preoccupation with multimedia technology has caused us to become a civilization replete with astonishing miscellanea of digital audio-visual information, and in today’s world, this information is not just a source of entertainment. The endless proliferation of multimedia content in our everyday lives has been conducive to our eventual dependence on this content to the extent where our perception of reality has become strongly linked to the contents of digital images and videos, and where we expect this digital information to serve as universal, objective, and infallible records of occurrence of events.
How to Perform Memory Forensics on Linux Operating Systems
by Deivison Pinheiro Franco and Jonatas Monteiro Nobre
The importance of memory forensics in malware investigations cannot be overstated. A complete capture of memory on a compromised computer generally bypasses the methods that malware use to trick operating systems, providing digital investigators with a more comprehensive view of the malware. In some cases, malware leaves little trace elsewhere on the compromised system, and the only clear indications of compromise are in memory. In short, memory forensics can be used to recover information about malware that was not otherwise obtainable.
Tackling GDPR: A few simple steps
by Shirin Fahri
As much as we’d all like there to be, there is no tick box exercise we can develop to ensure 100% GDPR compliance come May 2018, nor should there be. If I've taken anything away from the numerous cyber and information security professionals I've discussed the topic with, it's that despite the complex implications for many businesses as a result of the imminent regulation, and apart from the obvious positive of an increase in personal data security, at least organisations will start to become more aware of the importance of security.
Phishing: Cybercriminals Up Their Game With Social Media
by Sharon Knowles
Phishing is the modern world’s version of the ‘snake oil salesman’: make a tantalizing offer to someone on the net, let them ‘click’ to read more and then get them to download malware or Trojans. While phishing warnings have been one of the top alerts, people still fall prey and this is what cybercriminals hope for. Tired of email, the latest phishing has been appearing with great success on social media platforms.
Recovering virtual machines from lost VMFS partitions
by Washington Almeida and Wellington Rodrigues
Recently, whilst having a meeting with my partner “UTI dos Dados” and a big customer, when we were discussing the options for recovering some VMware virtual machines after its server had been formatted inadvertently, I decided to contact the eForensic team to share our experience using the tool called vmfstools that was used to completely recover the environment. As it is not a common situation the technicians experience, we believe this article can bring some help for professionals that may come to face the same scenario.
MalwareStats: Improving Static Analysis of Modern Malware through Statistical Characterization of Samples
by Andrea Melis, Marco Prandini, and Marco Ramilli
The continued growth in number and complexity of malware is a well established fact. Malware are no longer simple pieces of code that rely on unsuspecting users to spread and thrive. They can change, adapt and hide themselves from analysts, using very sophisticated techniques. Static analysis is complex and time consuming, and it could be difficult to deduce every possible malicious behavior, yet it is often very effective because it hinders the capability of malware to detect the analysis environment. The purpose of this work is to illustrate an open web-based project the authors are developing, and to show how its results can provide valuable assistance to the phase of static analysis. The goal is to support analysts in their exploration of code features, enabling them to make more focused, statistically motivated and structured decisions.
Forensics with Autopsy and Paladin
by Petter Lopes
The purpose of this article is to provide an overview of forensic data collection and analysis with the Paladin 7 Linux distribution and the Autopsy analysis tool. As such, the presentation does not have the objective of exhausting the subject. The presentation passes to an example forensic collection procedure using the Toolbox tool of the Paladin 7 distribution, after the Autopsy tool is used to analyze the Windows 10 Operating System. These procedures represent the steps that the Forensic Expert addresses to answer the proposed technical questions. Finally, this presentation also briefly discusses some free tools for computational forensics.
10 Tips for Effective Log Analysis in Digital Forensics Investigations
by Chirath De Alwis
When conducting Digital Forensics investigations, the most time consuming task is the log analysis. In investigations, investigators have to analyze different types of logs with unique log formats, e.g., application logs, server logs, system logs, etc. To analyze these various logs, the investigators should require proper understanding about the structure of the application/system that the log was extracted from, and the format of the log. The weight of the logs also makes the investigation complicated to the investigators. Here are some tips to conduct an effective log analysis in a minimum time period.
Modelling Images through Technical Graffiti
by Anuradha Bhatia
The effects of the various artifacts and their effects on the images are not always visible to the naked human eye. To us, everything seems to be natural and perfect. The images are compressed in size for various artifacts and implementation requirements. The compression of images are needed without distorting the image when I need to transfer the image from one location to another. JPEG compression will result in two forensically significant fingerprints, as DCT coefficient quantization fingerprints and blocking artifacts.