Let me welcome you to the last issue of eForensics Magazine in 2016. I am really happy that we could spend another year providing you the best magazine on digital forensics and we at the eForensics Team are so grateful for the opportunity. Month after month and year after year you are what drives us forward – the magazine is published only because you read it.
Our thanks go to everyone who published in the magazine as well – it was a pleasure working with you all! We really appreciate that you want to share your expertise and that you chose us to do that.
Finally, I would like to express my gratitude to our reviewers and proofreaders. Without you publishing this magazine would be so much more difficult! Your help and feedback is invaluable, you are the best.
In this issue you can enjoy a wide variety of topics. We have the second part of Stephen Bunting’s series on spoliation, Alessandro Bonu’s overview of WIN-UFO, Neethu Prakash’s look into surveillance video authentication and enhancement, and Chirath the Alwis presenting in his article a tool for volatile browser based data analysis. Finally, you should really check out Mo Khalilov’s article on wireless attacks, which will tell you how to detect and analyse them.
In addition to that, we have prepared two interviews for you – one is with Adam Belsher from Magnet Forensics and second one with Monnappa, representing Cysinfo. Both are very much worth a read! You will also find that Bob Monroe is back with his reviews – this time he takes a look at a Linux Security course from Pearson. We wish you all the best in the new year. May 2017 be the time when users are smart, cybercriminals sloppy, budgets big, and clients plenty!
and the eForensics Team
TABLE OF CONTENTS
Cybersecurity Skill Predictions for 2017
by Ricki Burke
2016 has been an interesting year in the Information Security world. I feel like it was the year hacking became normalized. We have seen a variety of attacks and victims range from a single person suffering from ransomware, to the DDos attacks that took down a chunk of the Internet for most of the Eastern seaboard, to the U.S. election where the Senate Republican leader is now backing an investigation into whether Russian hackers influenced the results.
WIN-UFO for Live Forensic analysis
by Alessandro Bonu
Win-UFO (Ultimate Forensics Outflow) is a collection of programs for data acquisition and real-time information. It is very useful for forensic analysis of a computer and allows you to collect important information on the Windows system on which it is used. The concept of “live forensics” stems from requirements related to the analysis of real-time electronic artifacts that can store information found in a functional state, which is lit during the investigations in which you are involved.
Today my goal is to give an overview of various wireless attacks, both active attacks and passive (via social engineering aspect over wireless network) and explain in detail how enterprise organizations can be compromised even if they have WPA2 enterprise set up. The reason for picking WPA2 enterprise network is due to its flexibility and strength if it is set up correctly. WPA2 Enterprise introduces stronger encryption CCMP  and radius server for authentication mechanism, which is achieved using one of the EAP protocols  to gain access into the network and having employees connect to corporate network over wireless.
Forensic Analysis of Spoliation Cases: Windows Examinations (Part 2 of the spoliation series)
by Stephen Bunting
As a quick refresher, in part one of this two-part series, we defined spoliation as the intentional, reckless, or negligent withholding, hiding, altering, fabricating, or destroying of evidence relevant to a legal proceeding. Thus, in simple terms, withholding, deleting, or hiding evidence are forms of spoliation. To add legal specificity to this definition, we quoted an Arkansas court ruling, referencing Black’s Law Dictionary, in which they defined spoliation as “the intentional destruction of evidence and when established, [the] fact finder may draw [an] inference that [the] evidence destroyed was unfavorable to [the] party responsible for its spoliation.” Thus, spoliation carries with it a very specific penalty in that the aggrieved party may legally infer the destroyed evidence was unfavorable, which often has a devastating impact on the party who destroyed the evidence.
There is great need, and there is great opportunity
Interview with Adam Belsher, Magnet Forensics
Trying our best to bridge the gaps
Interview with Monnappa K A, Cysinfo
Linux Security Complete Video Course
Reviewed by Bob Monroe
My first instinct on reviewing the Linux Security Video Red Hat Server Hardening was to complain about how stiff the presenter, Sander Van Vugt, was during the course. I could easily complain about the lack of background images, pretty colors and lack of cinematic music. The funny thing is, all that doesn’t matter because Mr. Vugt is a guru of the highest magnitude when it comes to Linux. That dude knows his Linux and shows his viewers plenty of eye-catching material.
Draft Convention Of Electronic Evidence
Reviewed by Dauda Sule
The draft convention of electronic evidence was drawn up by the Convention on Electronic Evidence in recognition of the growing importance of digital evidence in legal proceedings, and in light of digital forensic investigations and eDiscovery. It is a maiden treaty governing the issue of digital evidence from foreign jurisdictions. The draft seeks to set up a standard as to how digital evidence is proved to be evidence (authenticated) and buttress its uniqueness compared to other previously existing forms of evidence.
Surveillance Video Authentication and Enhancement
by Neethu Prakash
Nowadays, video and audio evidence are admissible as evidence in a court of law. But in numerous cases, the video evidence that is collected from various surveillance systems are of low quality. Further processing of this video may make it either blurred or distorted. This paper introduces a novel technique for detecting the tampered frames and enhancement of video acquired under challenging conditions or poor lighting conditions, such as haze, low light, fog, etc. The main aim is to improve the visual appearance of the video. Along with the video enhancement, this paper also introduces techniques to automatically detect the input impairments from the video evidence, object detection and license plate detection. Histogram equalization technique is used to detect the input impairment, so that we get an idea about whether the distortion in the input video is due to any artificial activity or any natural conditions. This video enhancement helps to analyze background information that is essential to understand object behavior without requiring expensive human visual inspection.
by Deivison Franco
The cybernetic sector contemplates the use of technological means destined to the transit of information, even those dedicated to strategic sectors, and to protect them is fundamental for the maintenance of the stability and security of the society, since we live in the information age, in which the dependence on technology increases every day and the risks inherent in the lack of security grow exponentially. In this way, cybersecurity and security emerge as knowledge of extreme relevance not only in computer science, but also in the military and intelligence areas, which are usually in charge of the protection and defense of a nation. In this context, the actions of Cyber Security are essential, since it is through them that incident response and intrusion detection services are implemented, along with content verification and forensic computing, which is responsible for the analysis of all traces and records related to an incident, enabling the preservation, collection, processing and analysis of cybernetic traces.