File | |
---|---|
eForensics Magazine 2020 Your Digital Forensics Toolkit PREVIEW.pdf |
Dear Readers,
Digital forensics tools play a crucial role in providing reliable forensic analysis and digital evidence collection. We’re proud to present our newest edition - “Your Digital Forensics Toolkit”.
Inside you will find an article that evaluates the most popular digital forensics tools (Bulk-extractor, Dumpzilla, Extundelete, Volatility, FTK Imager, Autopsy, etc.). There is also an article fully dedicated to Bulk Extractor (you will go through all the steps to understand how bulk_extractor works and how it can possibly help you), and one fully dedicated to Autopsy (you will see what Autopsy can do, timeline analysis, hash filtering, bad hash sets, keyword search and indexing, web artifacts, data carving, collaborative analysis, central repository, and many use cases of Autopsy).
At your disposal, we have an OSINT Resources Directory - it explains examples of what you can find on the author’s start.me page. There are many websites that store links to useful websites and can be accessed publicly. Using a start.me page is a common way people keep track of helpful links, if not by their own personal website.
What else is covered? A VideoCleaner tutorial and case study, A Linux Caine 11 Review, An Examination of Open Source Anti-Forensics Tools. Everything focused on tools...
For more information about each article, check out our Table of Contents.
We hope that you enjoy reading this issue! As always, huge thanks to all the authors, reviewers, to our amazing proofreaders, and of course you, our readers!
Have a nice read!
Regards,
Dominika Zdrodowska
and the eForensics Magazine Editorial Team
TABLE OF CONTENTS
Evaluating Forensic Tools
by Matthew Kafami
Being successful in digital forensics requires the use of the correct tools. In order to select the correct tool or tools for the task, it’s important to understand the type of data you need to collect. For example, if you just need to recover photos from a corrupted micro SD card for personal use, you may be better off with a simpler tool than a beefier alternative like Autopsy or FTK Imager, which are better suited for whole system recovery and artifact discovery. Thankfully, there are several preconfigured operating systems that come with a variety of tools to help accomplish your goals.
Getting Started with Digital Forensics with Autopsy
By Lohitya Pushkar
Autopsy makes use of The Sleuth Kit. Now what is Sleuth Kit? The Sleuth Kit (TSK) is a library and collection of command line tools that allow you to investigate disk images. The core functionality of TSK allows you to analyze volume and file system data. The library can be incorporated into larger digital forensics tools and the command line tools can be directly used to find evidence. So this enables Autopsy to analyze hard drives, smart phones, media cards, etc. It comes loaded with a variety of useful modules and it also supports third party modules created by the community, easily installed with few clicks. Some of the modules that come with Autopsy are…
Bulk Extractor – Looking within it
by Filipi Pires
In this paper, we went through all the steps to understand how bulk_extractor works and how it can possibly help us.
CyberChef - An introduction
by Cordny Nederkoorn
This article will give you an introduction to CyberChef, an intuitive forensics toolkit, accessible via a web app, on and offline. CyberChef is an easy to use toolkit with quick results as is illustrated with two examples.
VideoCleaner
by Doug Carner and Marc Robinson
VideoCleaner is forensic video enhancement and tamper detection software created for law enforcement, and available to everyone. With the collaboration of thousands of users and programmers, VideoCleaner has become the leading resource for analyzing and enhancing digital images, including cell phone footage, surveillance recordings, in-vehicle and body worn cameras. VideoCleaner’s ubiquitous acceptance within the forensic community and courts is the result of established science, open source code, constant peer review, and proven results.
Open source digital forensics with Linux CAINE
by Maciej Makowski
CAINE 11 is a great solution for on the fly, free and open source digital forensics that can be accessible to everybody. The integration with Autopsy is particularly impressive and really widens the scope of this distro. The fact you can use CAINE 11 as a bootable USB further adds to its use cases.
OSINT RESOURCES DIRECTORY
by Josh Richards
What is an OSINT investigation? There are no real boundaries to this question because open source intelligence can be conducted on almost anything. One day you may need to investigate a person on social media, and the next you may need to find everything you can about a boat or a plane. This makes it important to know what is possible and what tools are available to you to use throughout your investigation.
There are many websites that store links to useful websites and they can be accessed publicly. A common way people do this if not by their own personal website is to use start.me. That is exactly what I did and that is what will be shown in this article.
Creating Situational Awareness for the Digital Forensics Investigator: An Examination of Open Source Anti-Forensics Tools
by Rhonda Johnson
Due to the vast number of criminal cases that involve the use of computers, the threat landscape in which digital forensic investigators operate requires a situational awareness of anti-forensics methods and tools. Anti-Forensics is an extremely important sub-field of study because the astute investigator will need to be aware of any potential tools that could be used to derail a forensic investigation. Like the field of cybersecurity itself, the methods and tools of cyber-criminals to thwart efforts of digital forensic investigations evolve with the complexity of tools created to detect such evasion. The following article will explore some of the most popular anti-forensic methods used by suspects.
Ursnif malware using COM objects
by Siddharth Sharma
I thought to dig more into the Ursnif malware (which was first seen in 2014) and started reversing the malware in my lab. The malware was a Javascript file. Basically, I started by doing dynamic analysis and found the following results…
Digital Forensics - An Evolution Through Time
By Prashant Singh
Digital devices, be it laptops, desktops, hard disks, CDs, smartphones and so many others, have taken a major place in our daily lives with simple tasks like setting an alarm to wake up or doing a complex task like managing a server. Definitely, the evolution of technology has made our lives easier and better, and the digital age is still evolving at a very fast rate. But with the evolving technology, criminals also began to advance in their method of commission of crime. Criminals started to misuse technology and started to fulfill their “Dreaded Desires” for their own benefits. So, with such a threat to masses of people, there was a need to devise a way to prevent such criminals and help the law enforcing authorities to apprehend such criminals, it was time Digital Forensics came into play.
Reviews
There are no reviews yet.