|eForensics Magazine 2020 05 Unveiling the hidden content on YouTube PREVIEW.pdf|
There isn’t a more famous and widely used source of video content on the whole Internet than YouTube. You, as eForensics readers, should know how to use this platform to conduct an investigation. In our newest issue we are unveiling hidden content on YouTube, showing you what info you can find there, and introducing some tools and techniques for collecting YouTube video artifacts.You can’t miss it!
The edition opens up with Tokyo_v2’s paper in which she shows what YouTube has on us, how to find it, and what to look for in a video to get the most information out of it. Then, Rhonda Johnson will explore tools that are available for extracting evidence from YouTube. Maciej Makowski will complete this topic with his article by discovering what has not yet been discovered on this platform..
Inside, there is also a very interesting and current article by Lina Maharon, ‘OSINT on Video Conferencing Applications’. The author studied the most commonly used video conferencing platforms (like Zoom, Skype, GoogleMeet) and the way they can be misused by malicious attackers for the purpose of hacking, OSINT, personal data gathering and social engineering. Using these apps is more common than ever nowadays, so it’s very important to be aware of the danger.
If you liked our last month issue, Malware and Cyber Attacks during COVID-19, you will be definitely interested in Johan Scholz’s paper on COVID-19 malware attacks.
Of course, that’s not all, but I will leave the rest for your exploration :).
Thanks to all our contributors!
Have a nice read!
and the eForensics Magazine Editorial Team
TABLE OF CONTENTS
Finding information on YouTube
This article will look at what YouTube has on us, how to find it and what to look for in a video to get the most information out of it. This will only show a small glimpse of what is publicly available and where it is coming from.
Tools and Challenges for Collecting YouTube Video Artifacts During Social Media Forensic Investigations
By Rhonda Johnson
The following article will explore some of the tools that are available for extracting evidence from the YouTube platform and a brief discussion of the technical and legal challenges of preserving YouTube video artifacts.
Determining Location Through Reverse Image Searches
By Matthew Kafami
Whether for an official purpose such as an investigation or just out of curiosity, there may come a time where you need to determine the location where filming has taken place. Usually the title and comments section of a video will provide that information. It could also be in the metadata for the video, which is used to help promote the video, making it easier to find. However, there may be times where the video is posted without making this information available, or the way in which the video was posted may not provide enough information to easily determine a location just from the footage. This is where reverse image tools become useful.
Unveiling the hidden content on YouTube
by Maciej Makowski
There isn’t a more famous and well regarded source of video content on the whole Internet than YouTube – this is a commonly known fact. What is also commonly known is that some videos on YouTube are not accessible to the general public and are uploaded in secrecy, to be shared only with a precisely defined audience. Investigators often limit their searches to searching by keywords or to utilising advanced Google operators to maximise potential keyword results. However, when searching for hidden content on YouTube, keyword searches don’t work in most cases. Sometimes when we know the exact date range, we might be able to uncover some content, especially if it was copied or shared amongst several profiles and it was not deleted from every single one. But this often depends on being able to locate and source the videos from sources other than the YouTube platform. So what can we do on YouTube itself?
OSINT on Video Conferencing Applications
By Lina Maharon
In this paper, we will study the most commonly used video conferencing platforms and the way they can be misused by malicious attackers for the purpose of hacking, notably for open source intelligence (OSINT), personal data gathering and social engineering.
(Covid19) Malware Attacks
by Johan Scholtz
This article describes how malware disrupts normal network and computer accessibility – especially during the latest challenges we all face with regard to the social panic relating to Covid 19. Keep in mind that cyber-attacks are more than ever likely to happen during times of hardship when opportunistic infiltrators attack home based networks. Most people would probably anxiously read any information that relates to the Covid 19 threat. This unbalanced urge to read about a life threatening situation opens a platform for opportunistic hackers to penetrate an already frail system. It is, however, regrettable that the world succumbed to the frantic lockdown mode. Nevertheless, let’s look at how hackers use this opportunity to de-construct any given system’s weaknesses.
Reversing ATM malware
by Siddharth Sharma
An Automated Teller Machine, or Cash Dispenser, we all know, allows us to take out money using cards from our respective banks. These ATM machines are configured with Windows (mostly) and, at times, weaknesses exist in these machines. For adversaries, it’s a great opportunity to make maximum use of it, either through exploitation or by some kind of malware for their own gain and profit. That malware could be either installed through physical access to the machine or they can be installed through a network (though this technique requires access to the bank’s corporate network first). In this article, we will reverse one such type of malware first known as tester.exe in April, 2019, which was believed to be active since 2017.
Chain of Custody: A Mainstay in an Investigation
by Shweta A. Chawla
What is the chain of custody? Is it a document, a process, an audit trail or a part of the documentation process of an investigation? I believe that the chain of custody is all four and is crucial to the successful presentation of a case in a trial court. In many ways, the chain of custody is a legal manifestation of the methodology in the study of history of establishing time, place and authorship, in order to ascertain the authenticity of a document. While originally a part of criminal proceedings, the chain of custody is now used in multiple scenarios ranging from civil cases to tracking the transfer of goods, to certifying that the chocolate that we eat deserves the ‘Fair Trade’ label.
Review of ‘Forensic Notes’: A Note-Taking Application
by Shweta A. Chawla
Forensic Notes is a cloud-based application that operates at two levels – the Simple Mode Web Application, which is designed for mobile devices and renders properly on all mobile devices and desktop computers, and the Advanced Mode Web Application, which aims at more complex investigations and is designed for desktop computers only.
Reading the Mind of an Attacker Through the Study of Criminological Psychology to Predict Future Attacks
by Chirath De Alwis
Throughout the past years, researchers have conducted much research and come up with many detective and preventive mechanisms to minimize the cyber-attacks. But still, adversaries target the organizations by evading many of the latest technologies and mechanisms. Therefore, there is a gap between the security mechanisms and adversary attacks. In order to address this gap, it is required to understand the mindset of the adversary. This article explains how to understand the mindset of the adversary’s mind through criminological psychology.