|eForensics Magazine 2022 02 Preview - Network Forensics Data Traffic Analysis.pdf|
probably none of us can imagine the world without access to the Internet. We shop here, talk to our loved ones, share information, and even wage wars. When we do not have access to the network temporarily, we feel uncomfortable, as if we have been deprived of an essential good. Online activity is also an excellent material for forensic work. Therefore, we decided to devote the February magazine to network forensics. In the journal, you will find information about how data is transferred through the network, including a description of the most important protocols. You will also learn how to respond to incidents and identify malware activity based on specific examples. You will find information about what tools are most useful for network forensics (e.g. Wireshark, Network Miner, Volatility) and how to use them in action.
But it is not everything! In the magazine, you will also find texts devoted to:
- Log Analysis and what kind of evidence to look for when investigating security incidents,
- cyberthreats to critical infrastructure,
- elimination of human errors that threaten the cybersecurity of the organization,
- ransomware analysis and tips for forensics investigators,
- the most important information in the field of governance and compliance.
Don't hesitate any longer and reach for our latest magazine to get all this knowledge for yourself.
Check out our Table of Contents below for more information about each article (we included short leads for you).
We hope that you enjoy reading this issue! As always, huge thanks to all the authors, reviewers, to our amazing proofreaders, and of course you, our readers, for staying with us! :)
and the eForensics Magazine Editorial Team
TABLE OF CONTENTS
Network Forensics – The Data Traffic Analysis In Digital Investigations
by Deivison Franco, Cleber Soares and Daniel Müller
With the increase in connectivity in the modern world, computer networks have become fundamental for virtually any type of communication. Military, government and private systems use the Internet to carry out their activities and millions of bytes of sensitive data pass through these computer networks every day. In addition, organized crime also uses the Internet as a means of carrying out the most varied crimes. In this way, extremely important cybernetic traces are traveling through these networks right now. The Forensic Professional's challenge is to collect and examine this vast mass of data and extract evidence relevant to the investigation. Furthermore, the volatility of this type of information is shown to be a major problem to be dealt with by the cyber expert. In this article, techniques and tools for capturing and extracting cybernetic traces in computer networks will be presented.
Log Analysis: What to Look For?
by Marcus Fábio Fontenelle
This article will give you a brief introduction to Log Analysis and what kind of evidence to look for when investigating security incidents. Logs are records of information of events that occurred related to a company's systems and/or its network infrastructure. The centralized architecture is, of course, a much better way to manage the logs. Syslog is a protocol used to send event log messages over the network and centralized storage. The object that receives log messages is called a syslog server, syslog daemon, or syslogd.
Emerging Threats Of Cyber Attack On Critical Infrastructure
by Thomas Mitchell
The challenges of defending national infrastructure are ever evolving and the adversaries are inside and outside the enclave in research done by Pate and the company. The paper will analyze the various countermeasures needed for securing the critical national infrastructure that must be prepared. Repeated, frequent cyber attacks in the last few years have shaken the public’s conﬁdence in the ability of infrastructure managers to protect their systems. Catastrophism tends to dominate the discourse, with comparisons to the Pearl Harbor attack or even a nuclear disaster. Cyber threats have grown with social engineering and business e-mail compromise reported as the two most rising penetration vectors. Advanced Persistent Threats (APTs) are penetration techniques that combine several approaches to access organizational networks. Cybersecurity is all about risk and the choice of management to either accept, transfer, or mitigate. When one designs a new architecture or enhances existing security controls, the security architect must consider the current technologies to guide the decision to have a diverse ecosystem with a standard solution set.
How to make cyberspace safe?
by Wilson Mendes
Network forensics investigates all types of attacks through patterns; it’s like using a time machine, often allowing you to go back to a specific point, analyzing and focusing mainly on the method and recording of evidence used in the attack that occurred at the time of a violation. This is reminiscent of the famous 1966 series by the genius Irwin Allen, “The Time Tunnel”. Data is captured and analyzed by specifying the source of attacks using a combination of tools designed to perform reconnaissance and gather information about what happened. The efficiency of the Internet largely depends on the strength of the protocol used for the connection; vulnerable protocols are easy prey for hackers who aim for breaches putting system security at risk.
Network Forensics: Identify Malicious Activity From A Network Perspective During Incident Response
by Sergio Figueiredo
Every investigation must start somewhere, be it in the form of a formal request or because of an adverse event. An event is any observable occurrence in a system or network. Events include a user connecting to a file share, a server receiving a request for a web page and a firewall blocking a connection attempt. Adverse events are events with a negative consequence, such as system crashes, unauthorized use of system privileges, and execution of malware that destroys data. Those adverse events are commonly detected and analyzed by the Security Operations Center (SOC). The SOC is a centralized function within an organization employing people, processes, and technology to continuously monitor and improve an organization's security posture while preventing, detecting, analyzing and responding to cybersecurity incidents. If there’s a Computer Security Incident Response Team (CSIRT), the SOC will aid the CSIRT in gathering all the necessary information to respond effectively to a threat.
Cyber Security Human Errors Recurrence
by Longinus Timochenco
Cyber Security, what are the responsibilities and what are its borders? We know that the human factor is one of the main layers, “OTHERWISE THE MAIN”, to be integrated into this challenge. What if we stop with the complexity, come together and focus on the basics well done?! Sound like an excellent idea? Or are we going to keep fooling ourselves thinking we're really safe!? Shifting responsibility and always blaming people for security incidents, does this happen often? I believe this is an area where the field of cybersecurity still needs to mature, because simply saying that this is human error will get us nowhere, there is a huge opportunity for all of us.
Hive Ransomware – Tips For Forensic Examiners And First Responders
by Leandro de Souza Oliveira and Eddie Casimiro Dutra
Large corporations, electric, energy and retail companies are, at this very moment, having to deal with malware threats, the Hive Ransomware being one of the latest and most harmful. Hive has an organization behind it and it’s considered Ransomware as a Service (RAAS). Figure 1 shows a victim’s login page provided by a server available at the deep web. The Hive gang uses multiple techniques to compromise networks. The group is known to exploit phishing e-mails to access critical systems and use many techniques to move horizontally across the network. The final step is to drop a piece of software in the infected machine responsible for the encryption of sensitive data but also for terminating backup processes, to make it harder to recover from the attack.
Wireshark And Volatility
by Atlas Stark
The world of forensic investigations is ever changing as new technologies come online, thus creating new and exciting niches and voids that desperately need attention. With these splintering areas of concern, we need new approaches and techniques to masterfully and surgically extract the data, as well as a fresh way to interpret the information. Evil adversaries are constantly changing their tactics and adopting inventive ways to wreak havoc, it’s high time the world of digital forensics catch up. This article features two tools that are widely used by investigators and security researchers within the field of memory and network forensics. In this article, we will explore some of the high-level options and functions of which these platforms are capable. Obviously, we will not be able to explore them as in-depth as we would like, however, I have provided some extra resources in the links section at the end of this article for additional information. If you are just starting out in the field of forensics or are already an experienced investigator, then this article will be right up your alley. Please refer to each organization’s website for more information and supporting documentation.
Ransomware: Analysis, Growth And Development
by Daniele Giomo
For years now, ransomware attacks have been the result of automated and industrialized campaigns, which do not follow any real planning, and whose only real purpose is to hit as many targets as possible, looking for an entrance into information systems. The evolution of malware is constantly improving, we intend to start by describing what a Ransomware is and how the attack works, trying to warn people by trying to prevent and avoid paying the ransom. Their evolution will be illustrated, illustrating the earliest known attack and some of the largest attacks, such as WannaCry. The concept of RAAS is illustrated, and how criminal organizations benefit from selling ransomware on a large scale. I will write my ransomware, called "Some", where the techniques used in making it will be illustrated and a more or less truthful environment in which it is possible to be deceived to download and run it. Possible future developments of it will be illustrated, perhaps preventing the reverse engineering of the executable or obfuscating the code.
The Need-To-Know Of Legal GRC In 2022
by Simon Whitburn
Governance risk and compliance (GRC) is undoubtedly considered critical to businesses today. The selection of appropriate technologies will serve to support legal teams in their newly expanded roles, acting as the ideal toolkit from which increasingly complex operational requirements can be managed. And there is no shortage of such solutions. A new class of enterprise software that has been specifically created to seamlessly orchestrate key tasks and activities needed to implement processes and address critical business challenges has emerged, and continues to evolve, with many of its modules dedicated to legal GRC or similar functions. Achieving excellence in each of these areas will ensure legal GRC frameworks can become agile, flexible and scalable so that they are not just suitable for today’s requirements, but equally the requirements of tomorrow.