|eForensics Magazine 2019 09 Mail Forensics PREVIEW.pdf|
We’re proud to present to you the newest issue of eForensics Magazine - Mail Forensics!
E-mail has become a primary communication medium for many official and non-official activities. We use e-mail for communication, but also for banking, sharing official messages, or confidential files. And that’s why they’ve become an important source of evidence.
In this issue you can read about techniques and tools for e-mail forensics, phishing for data and e-mail header forensics.
Our newest issue is dedicated not only to e-mails, but also to traditional mail forensics. Inside you can find an article by the instructor of our OSINT for Forensics Online Course, Josh Richards, which touches on aspects of post and package tracking codes, and shows a lot of examples of how people expose them through social media. You will see how easy it is to find such information and you’ll understand the consequences of such activities better.
This edition also contains two articles on malware analysis - “Building A Home Malware Analysis Lab” and “Malware Memory Forensics – using Volatility Framework”, and a write-up on “Electronic Evidence Search and Seizure Procedures”. Of course… that’s not all - have a look at the Table of Contents to learn more!
Thanks to all authors, reviewers, and proofreaders for participating in this project.
Have a nice read!
and the eForensics Magazine Editorial Team
TABLE OF CONTENTS
by Joshua Richards & Tokyo_v2
Most people will knowingly post their tracking codes on various means of social media for different purposes, such as a complaint to the delivery company, and not understand the consequences; other people won’t even know they are revealing this information and the tracking code may be unnoticed somewhere in a picture, for example. You will see a lot of ways that people expose their private information both knowingly and unknowingly throughout this article.
Phishing for Data: Digital Forensics Integrity
By Rachael Medhurst
‘Phishing is a cybercrime in which a target or targets are contacted by email by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details and passwords’ (Phishing.org, 2019). Unfortunately, businesses and employees are often the target of phishing emails, which target four appeals, fear, greed, obedience and helpfulness, to enable a successful cyber-attack against the company. The four appeals are utilised because this targets the human element of the employee; for example, if the employee doesn’t complete the requested task then they have not fulfilled their job role successfully, which brings fear of receiving disciplinary action within the workplace. By the employee completing the task out of fear, this may provide information to the attacker or install malware on their system to enable them to conduct criminal activity.
Techniques and tools for email forensics
by Florence Love Nkosi
Emails have also become an important source of evidence, allowing investigators to use email evidence to corroborate other pieces of evidence in an investigation. Thus, e-mail forensic analysis is used to study the source and content of e-mail messages as evidence, identifying the actual sender, recipient and date and time it was sent in order to collect credible evidence to bring criminals to justice (Lazic, 2018), allowing investigators to analyse the source and content of emails for evidence that can be presented in a court of law. Without doubt, email forensics has become an essential element in digital investigations, requiring digital investigators to stay abreast of how to investigate and analyse email evidence. This article looks into email forensic investigation techniques and then various software tools for forensic email analysis.
Email headers – a crucial source in digital metadata discovery
by Johan Scholtz
Email is rarely regarded as a prime source of digital information, and thus holds valuable information for tracking a user or potential interference. This article presents a brief overview of alternative methods and processes in discovering email data which have crucial information regarding specific events. This is a broad overview of a basic semantic ontology with relevant elements that contribute to the semantic interpretation of email forensics.
Building A Home Malware Analysis Lab
By Matthew Kafami
Malware analysis, the in-depth analysis of malicious code used to gain unauthorized access to a system or cause harm to a system, can be vital to understanding just how much damage was done to a network. Malware has become a household term over the past decade or so thanks to reports of malware such as Stuxnet, WannaCry, ZeuS, and Mirai. Stuxnet is the infamous code responsible for attacking machines used in Iran’s nuclear program. The WannaCry ransomware made headlines throughout 2017 by utilizing an exploit developed by the United States National Security Agency to encrypt hard drives and demanding Bitcoin in exchange for the files to be decrypted. ZeuS, a keylogger, compromised user credentials in the banking industry. Finally, Mirai compromised IoT devices by adding them to a botnet used to conduct large-scale Distributed Denial of Service attacks. Numerous experts have analyzed all of these malware mentioned above, and samples of the code can be found online with a bit of research.
Malware Memory Forensics – using Volatility Framework
by Sudharshan Kumar
Cyber Attacks in recent times have adopted a lot of evasion techniques and are becoming unimaginably sophisticated every single day. Any new feature introduced to an application needs a thorough review for security vulnerabilities as there are a lot of Black-Hats in the wild waiting to crack a way and breach into the system by finding a weakness that can be exploited.
Dark times for forensic technology
by Jorge García Acosta
With the advances made in technology in recent years, a gap is reforming between technology used on a daily basis and technology applied for forensic purposes. This situation means that those of us who work in forensic technology find increasingly more limitations when processing evidence. Below, I will discuss what, in my opinion, are the main limitations that we are suffering.
Electronic Evidence Search and Seizure Procedures
by Anthony Lee
I have served dozens of Anton Piller Court Order (aka Search and Seizure (S&S) order) across my 30 years of fieldwork, and would like to share my experience with eForensics readers. I am contributing this article as an individual and not representing any company. In the field of digital forensics practise, performing search and seizure (S&S) for electronic evidence at defendant premise according to a court order is a challenging process. Every step must be documented, and extra precaution must be taken to prevent allegations from the defendant. Below are some important pointers (Do’s & Don'ts) for those who are new in performing S&S exercise.
Incident Response and Honeypots
by Nikhil Singhvi S
An Incident response is the organized approach to address and manage the aftermath of a security breach, also known as an IT incident, computer incident or security incident. The goal is to handle the situation in a way that limits damage and reduces recovery time and costs.
A honeypot is a security resource whose value lies in being probed, attacked, or compromised. This means that whatever we designate as a honeypot, our expectations and goals are to have the system probed, attacked, and potentially exploited. It does not matter what the resource is (a router, scripts running emulated services, a jail, an actual production system). What does matter is that the resource's value lies in its being attacked. If the system is never probed or attacked, then it has little or no value. This is the exact opposite of most production systems, which you do not want to be probed or attacked.
E-Banking – Potentials & Pitfalls
by Mary Jeyanthi & Himanshu Goyal
Banks act as crucial players in the economy. The present and future of a country depends on the banking sector beyond measure. And currently, they are under an evolution from the IT (Information Technology) sector. E-banking is the branch that uses I.T. based banking. With the I.T. framework, the banking services are conveyed to customers by a method for a Computer-Controlled mechanized System. A few of the services under E-banking include Automated Teller Machines (ATM), POS (Point-of-Sale), Internet Banking, Home banking and many more.