|Preview eForensics Magazine 2021 12 Trust No One Except Me.pdf|
In December, after a whole year of hardships and struggles with adversities, it is worth finding a moment for yourself and your passions. That is why we have prepared for you - our wonderful readers - 10 excellent texts by our exceptional authors. This month, in our magazine, you will find your favorite article types - the texts on the tools and on cybersecurity and investigative methodology.
The first part of the magazine is devoted to forensic imaging and image analysis. It includes texts describing the survey methodology and presents useful tools such as FTK Imager, dd, Guymager, and Air 2.0.0. The next part covers the subject of steganography: the characteristics of this technique, its differences in encryption, and its functionality in the field of data protection in the process of their transmission are described.
Another section of the magazine is devoted to cybersecurity in general. There you will find a text about a comprehensive approach to ensuring the cybersecurity of an organization using the Zero Trust method. The topic of the cybersecurity mesh is also presented here, which, according to the author, in 2025 will handle more than half of applications for digital access control.
But that's not all, because in the December Magazine you will also find, among others:
- innovative text on clock skew fingerprints in digital forensics,
- information on the use of Windows Sandbox for malware analysis,
- answer to the question of what connects data protection, social media, and drones.
Interested? Do not wait any longer and make yourself a Christmas present!
Check out our Table of Contents below for more information about each article (we included short leads for you).
We hope that you enjoy reading this issue! As always, huge thanks to all the authors, reviewers, to our amazing proofreaders, and of course you, our readers, for staying with us! :)
and the eForensics Magazine Editorial Team
TABLE OF CONTENTS
Imaging forensics analysis
by Daniele Giomo
The article is devoted to a comprehensive presentation of imaging forensics analysis. The author starts with the legal regulations in force in the European Union and then presents how to analyze the evidence according to them. He mentions the necessity and methods of creating copies of digital media and the choice of the operating system to perform such an operation. The text then presents two bitstream activation tools - Guymager and Air 2.0.0. The main functions and advantages of the presented tools and their usefulness in the process of obtaining evidence were discussed.
Using FTK Imager to Capture Physical Memory and Create a Disk Image
by Marcus Fábio Fontenelle
This article will give you an introduction to FK Imager, a well knows tool for capturing physical memory and creating a disk image. FTK Imager is an easy-to-use tool and will be presented step-by-step with an illustrated example.
Forensics Imaging tools
by Kharim H. Mchatta
The article is devoted to imaging tools. It deals with theoretical issues, including explaining the basic issues related to the investigative process and explaining the essence of imaging, i.e. creating copies of the device's content. After the theoretical issues, the author goes on to discuss the tools used in this process. Analyzes FTK Imager, dd, and Guymager. Using screenshots presents how to conduct an analysis using each of these tools.
Steganography - protect your data
by Wilson Mendes
The text is devoted to steganography. The author begins by explaining what this technique is and how it differs from encryption. It then goes on to discuss the tools that can be used to apply the steganography technique. It indicates their functionality, main advantages, and characteristics. All considerations are conducted by the assumption that steganography is an excellent tool for securing data and their transmission.
Trust No One Except Me
by Alexandra Hurtado
The text deals with the approach to cybersecurity. The author presents how the situation has changed over the years, as companies began to use cloud solutions, and then, due to the pandemic, many employees moved to remote work. The author proposes to use zero trust. It presents the basic principles of this approach and the resulting benefits. It also shows that zero trust requires a balance between cybersecurity and customer trust.
Cyber Security Mesh
by Longinus Timochenco
The text is about the cybersecurity mesh. The author begins with a detailed explanation of what a cybersecurity net is and what it is important for ensuring the cybersecurity of an organization. The text shows that this is the future of cybersecurity. Then the text deals with issues related to identity and access management. The definition of the term, the meaning of IAM, and the best practices in its application are presented. The last fragment of the text is devoted to the architecture of the cybersecurity grid, it mentions that it is a much more effective solution for distributed organizations than the expansion of LAN security or the use of separate security measures for specific services.
Cyberspace and its actors
The Author wishes to remain anonymous
The text is devoted to an attempt to draw attention to the negative actors of cyberspace. It presents the general characteristics of cyberspace, and then an attempt was made to demonstrate the classification of actors that threaten the security of the network. Each of the groups was characterized, and then the purpose of such classifications was presented. Despite the seemingly theoretical nature, the text may contribute to the development of a system of response to threats and classification of cybercrimes, including the creation of adequate systems of penalties and classification of crimes.
Clock Skew Fingerprinting in Digital Forensics: Considerations and Methodologies
by Alexander McKee Rzasa
This paper examines clock skew fingerprinting as a technique for positively identifying unique physical devices or virtual machine instances. By exploring the origins and development of clock skew fingerprinting methods, this study provides digital forensics examiners with an overview of the state-of-the-art, as well as an introduction to its practical applications. These practical applications range from device identification and authentication to intrusion prevention and the unmasking of hidden services. Finally, this paper suggests potential methodologies for the use of clock skew fingerprinting in digital forensics examinations.
Using Windows Sandbox For Malware Analysis
by Mathias Sigrist
This article introduces Microsoft Windows Sandbox as a candidate environment for Malware analysis. While Windows Sandbox is not as feature-rich as other solutions such as Cuckoo sandbox or Joe sandbox, it is lightweight, free, and easily available to an analyst or incident responder. Security Operations Centers (SOC) require numerous skills and tools to successfully face the latest threats. With the increase in malware-related attacks, especially ransomware attacks, which can deal devastating blows to an unprepared organization, the ability to analyze suspicious files or URLs to identify malware is crucial. Malware analysis is the process of identifying malicious behavior of files or URLs such as network activity and host activity to determine the intended purpose of the malware. Malware analysis is usually performed in isolated environments to prevent an infection of productive systems.
Social Media Forensics from Drones: New Privacy Challenges?
by Rhonda Johnson
The text deals with challenges related to the protection of privacy in two interesting aspects, namely the use of drones and social media. Both drones and social media have become very popular in recent years and although their use has many benefits, it is also associated with dangers in the area of privacy protection. The text presents specific tools that can be used to explore social media and obtain data on a drone offense. It addresses both ethical and legal aspects in a concise way presenting the challenges for security in the modern, mobile world.