digital forensics a cybersecurity approach
play

Digital Forensics: A Cybersecurity Approach Hector Rivera Basiru - PowerPoint PPT Presentation

Feb 18, 2023 •174 likes •478 views

Digital Forensics: A Cybersecurity Approach Hector Rivera Basiru Mohammed Michael Marin Robert Malegiannakis Ricardo Justiniano Introduction - What is Digital Forensics? Digital forensics defined - The process of recovering and interpreting

  1. Digital Forensics: A Cybersecurity Approach Hector Rivera Basiru Mohammed Michael Marin Robert Malegiannakis Ricardo Justiniano

  2. Introduction - What is Digital Forensics? Digital forensics defined - The process of recovering and interpreting electronic data where the main goal is to preserve any evidence in it’s most original form while performing a structured investigation by identifying, collecting and validating the digital information for the purpose of reconstructing past events. - In this presentation we will examine three parts Network forensics ○ Mobile forensics ○ USB/Computer forensics ○

  3. Understanding Mobile Forensics ● Torrents of information is stored on mobile phones ● Smartphones store private and sensitive data ● In several developed countries, users are allowed to do mobile banking ● Phones retrieved cannot be analyzed without a warrant Phone Generations Inside a Mobile Phone ● Analog ● Microprocessor ● PCS ● ROM and RAM ● Third Generation (3G) ● Digital signal processor ● Fourth-generation (4G) ● Radio module ● Microphone and Speaker ● Hardware interphases ● LCD display Basiru Speaking

  4. Scenario Suspect A has been monitored by the internal security of a local electronic store fraud department about a large amount of fraudulent activity of gift cards. The local bank has alerted the merchant of questionable transactions which prompted an internal investigation to prove no liability on their behalf. Through the investigation surveillance footage, the transactions were synonymous with the date/time stamps of the bank. In order to solidify their findings to law enforcement, our team was hired to conduct computer forensics analysis to support their findings. With documentation provided by both merchant and bank, our team was able to establish a proper investigation and set time lines to secure search warrants for network, mobile and hardware analysis… Hector Speaking

  5. Network Forensics Applied - Connect to electronics store’s network - Connect to bank’s network - Connect to suspect’s home network - Gathered all information from these network packets using: - Wireshark - CloudShark - Networkminer Robert speaking

  6. Network Forensics Applied Michael speaking

  7. Network Forensics Applied Michael speaking

  8. Network Forensics Applied

  9. Network Forensics Applied Michael speaking

  10. Network Forensics Applied Michael speaking

  11. Network Forensics Applied Michael speaking

  12. Network Forensics Applied Michael speaking

  13. Network Forensics Applied Michael speaking

  14. Network Forensics Applied Michael speaking

  15. Network Forensics Applied Michael speaking

  16. Network Forensics Applied Michael speaking

  17. Network Forensics Applied Michael speaking

  18. Network Forensics Wrap-up 1. Pieces of evidence were found using the cyber security tools 2. Enough evidence was found in the network forensics side of things to prove guilt 3. Wireshark, Cloudshark, and Network Miner were very useful tools towards the goal of obtaining relevant evidence towards the case Michael speaking

  19. Mobile Forensics Applied Acquisition Procedures for Mobile Devices ● Retrieve RAM data before it loses power ● Keep devices off when off ● When on, check the display for battery level and charge ● Isolate phone from all forms of synchronization Tools Used ● AccessData FTK Imager ● Forensic Toolkit 1.81

  20. Mobile Forensics Applied Mobile Phone Brand: LG_600 ● Call log of the suspect obtained ● No SMS ● No saved number from addressbook

  21. Mobile Forensics Applied The only real image obtained from the suspect’s phone.

  22. Mobile Forensics Wrap-up ● Evidence obtained from the suspect’s mobile phone corroborate the fact the he is really interested in the store ● The highlighted number is the Sales Department help line ● Possible image of an accomplice of the suspect obtained to be determined via further investigation

  23. USB/Computer Forensics Applied Step 1: Preserve the data Utilize write blocker to stop the OS from writing to the evidence drive ● Monitor who had access, when, and why ● Hard Drive duplicators to set up a working drive that we can run diagnostics on ● Devices should remain unmounted during investigation ● FTK imager to create hashes of the image as it sits prior to manipulation/investigation of data ●

  24. USB/Computer Forensics Applied • Search for words translated to hex Step 2: Acquiring data Display process\services that where running • Live acquisition ran at the crime scene while ● when memory was dumped host was up and running, to avoid data being • • DiskExplorer - ran on client side - aka the encrypted. inhouse forensic workstation Use Hex workshop ● HDHOST - ran on client server side aka the • evidence drive- for remote acquisition Open .mem file for the live acquisition to view ● files and have full access.

  25. USB/Computer Forensics Applied Step 3: Analyzing Data Created an Index of the drive to make getting to Hex Workshop / useful for checking files that ● • data items much faster may have been renamed with incorrect extensions to throw off investigators Search - keywords based on the case we are ● working on Use Magic tables to cross reference Hex code • from files/ with this info you can change the Viewed deleted files and restore them ● incorrect file type to the correct one so you can open it Use of report generators to build reports that can ● be used in the legal arena, as well as marking evidence found Ricardo Speaking

  26. Hex Workshop Results ● We observed a suspicious document “secret.jpg” ● Ran HexTool on file to assist with discovery of original file extension. Ricardo Speaking

  27. ● Used Magic tables to match the file type signatures in hex / with this info we can change the incorrect file type to the correct type, enabling us to open it’s contents ● After discovering file type of .DOCX we renamed the file, saved our changes and were able to open it without error. Ricardo speaking

  28. ● After opening the file with the newly appended file type, we discovered the contents of the secret.docx file to containing multiple stole credit card numbers that matched back to to our case, along with multiple other credit card numbers that matched back to other reported fraudulent claims.

  29. USB/Computer Forensics Wrap-up We found even more evidence from the suspects computer of the reported crime. - Data included a .docx file that contained a large list of stolen credit/gift card numbers

  30. Conclusion Our Senior Cyber Security Forensics Analyst were able to verify our findings. Ensuring appropriate measures were taken in the proper tagging and handling of the evidence, they were able to present the case on the merchants behalf to properly submit a arrest warrant through local law enforcement agencies… Hector Speaking

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Malware Forensics Sukwha Kyung The Center for Cybersecurity and Digital Forensics A RIZONA S TATE

Malware Forensics Sukwha Kyung The Center for Cybersecurity and Digital Forensics A RIZONA S TATE

A RIZONA S TATE U NIVERSITY Malware Forensics Sukwha Kyung The Center for Cybersecurity and Digital Forensics A RIZONA S TATE U NIVERSITY Common Types of Attacks Phishing Malware SQLi XSS MITM DoS Brute-force &

858 views • 55 slides
About this presentation : Learning : What is Digital Forensics ? Political : Digital

About this presentation : Learning : What is Digital Forensics ? Political : Digital

An introduction to digital forensics About this presentation : Learning : What is Digital Forensics ? Political : Digital Forensics and Open Sources licensing Tool time : Digital Forensics Framework Presented by Solal Jacob core dev.

444 views • 30 slides
Digital forensics and malware Digital forensics According to Wikipedia, you could be looking

Digital forensics and malware Digital forensics According to Wikipedia, you could be looking

Digital forensics and malware Digital forensics According to Wikipedia, you could be looking for: attribution, alibis and statements, intent, evaluation of source, document authentication File carving ( e.g. , bifragment gap carving)

630 views • 13 slides
Digital Forensics for SSC Solvers Daniel Kouril EGI CSIRT Digital Forensics Methods to

Digital Forensics for SSC Solvers Daniel Kouril EGI CSIRT Digital Forensics Methods to

Digital Forensics for SSC Solvers Daniel Kouril EGI CSIRT Digital Forensics Methods to collect and analyze (digital) evidence Three basic phases Data collection, Analysis, Reporting Triage Various sources of information

307 views • 20 slides
CSN08101 Digital Forensics Lecture 1A: Introduction to Forensics Lecture 1A: Introduction to

CSN08101 Digital Forensics Lecture 1A: Introduction to Forensics Lecture 1A: Introduction to

CSN08101 Digital Forensics Lecture 1A: Introduction to Forensics Lecture 1A: Introduction to Forensics Module Leader: Dr Gordon Russell Lecturers: Robert Ludwiniak Digital Forensics You will learn in this module: The principals of

1.09k views • 34 slides
Preventive Digital Forensics: Creating Preventive Digital Forensics Systems to Proactively

Preventive Digital Forensics: Creating Preventive Digital Forensics Systems to Proactively

FloCon 2015 Conference January 15, 2015 Portland, Oregon Preventive Digital Forensics: Creating Preventive Digital Forensics Systems to Proactively Resolve Computer Security Incidents in Organizations JESUS RAMIREZ PICHARDO (PMP, GCFA,

333 views • 30 slides
Teaching digital forensics in a large class Teaching forensics at of students UL FRI

Teaching digital forensics in a large class Teaching forensics at of students UL FRI

Teaching digital forensics in a large class of students Teaching digital forensics in a large class Teaching forensics at of students UL FRI Generating customized disk images Gaper Fele-or University of Ljubljana, Faculty of

446 views • 23 slides
Introduction Why is the Study of Digital Forensics Relevant? What is Digital/Computer

Introduction Why is the Study of Digital Forensics Relevant? What is Digital/Computer

Introduction to Digital Forensics Introduction Why is the Study of Digital Forensics Relevant? What is Digital/Computer Forensics? What do you Need for a Careers in Computer Digital Forensics? Educational Background

509 views • 29 slides
Digital Forensics Unraveling Incidents one byte at a time Digital Forensics Characteristics of

Digital Forensics Unraveling Incidents one byte at a time Digital Forensics Characteristics of

Digital Forensics Unraveling Incidents one byte at a time Digital Forensics Characteristics of Digital Evidence: Admissible evidence must be related to the fact being proved Authentic evidence must be real and related to the

1.13k views • 68 slides
Image Forensics of High Dynamic Range Imaging 10th International Workshop on Digital-Forensics

Image Forensics of High Dynamic Range Imaging 10th International Workshop on Digital-Forensics

Image Forensics of High Dynamic Range Imaging 10th International Workshop on Digital-Forensics & Watermarking P. J. Bateman, A. T. S. Ho, and J. A. Briffa This research is sponsored by an EPSRC/Charteris CASE Award Image Forensics

703 views • 38 slides
CSN11121/CSN11122 System Administration and Forensics Introduction to Digital Forensic

CSN11121/CSN11122 System Administration and Forensics Introduction to Digital Forensic

CSN11121/CSN11122 System Administration and Forensics Introduction to Digital Forensic 20/10/2011 r.ludwiniak@napier.ac.uk Lecture Objectives 1. History and definition of Digital Forensics 2. Context for an investigation 3. An overview of

1.04k views • 65 slides
Challenges in Digital Forensic Research R.I. Ferguson ian.ferguson@abertay.ac.uk 2 minute

Challenges in Digital Forensic Research R.I. Ferguson ian.ferguson@abertay.ac.uk 2 minute

Challenges in Digital Forensic Research R.I. Ferguson ian.ferguson@abertay.ac.uk 2 minute intro to Digital Forensics Some challenges scale cloud the encryption boundary anti-forensics Digital Forensics in 2 mins

415 views • 7 slides
Massive Threading: Using GPUs to Increase the Performance of Digital Forensics Tools Lodovico

Massive Threading: Using GPUs to Increase the Performance of Digital Forensics Tools Lodovico

Massive Threading: Using GPUs to Increase the Performance of Digital Forensics Tools Lodovico Marziale, Golden G. Richard III, Vassil Roussev Me: Professor of Computer Science Co-founder, Digital Forensics Solutions golden@cs.uno.edu

489 views • 28 slides
A Risk-based Security Program Approach: Security Enables Digital Transformation and Compliance

A Risk-based Security Program Approach: Security Enables Digital Transformation and Compliance

A Risk-based Security Program Approach: Security Enables Digital Transformation and Compliance Michael Gutsche, Cybersecurity Strategy Peter Bronson, Cybersecurity Strategy #MicroFocusCyberSummit This document contains forward looking

245 views • 21 slides
HACKING PARIS 2014 EXTREME FORENSICS RELOADES 2Q /2014 Alvaro Alexander Soto Digital Forensics

HACKING PARIS 2014 EXTREME FORENSICS RELOADES 2Q /2014 Alvaro Alexander Soto Digital Forensics

HACKING PARIS 2014 EXTREME FORENSICS RELOADES 2Q /2014 Alvaro Alexander Soto Digital Forensics Lab Director HTCIA/ICFP/ACM/IEEE/ACIS/ISSA asoto@asoto.com INTENDED AUDIENCE Forensic lab directors / analysts - Law enforcement - Researchers -

568 views • 36 slides
Andrew Case Who Am I? Security Analyst at Digital Forensics Solutions Also perform wide

Andrew Case Who Am I? Security Analyst at Digital Forensics Solutions Also perform wide

Linux Memory Analysis Workshop Session 1 Andrew Case Who Am I? Security Analyst at Digital Forensics Solutions Also perform wide ranging forensics investigations Volatility Developer Former Blackhat, SOURCE, and DFRWS speaker

1.64k views • 162 slides
A Default Logic Patch for Default Logic { ECSQARU09 Verona, Italy July 1-3, 2009 }

A Default Logic Patch for Default Logic { ECSQARU09 Verona, Italy July 1-3, 2009 }

A Default Logic Patch for Default Logic { ECSQARU09 Verona, Italy July 1-3, 2009 } Ph. Besnard 1 egoire 2 E. Gr S. Ramon 2 1 IRIT CNRS UMR 5505 Toulouse, France 2 Universit e dArtois CRIL CNRS UMR 8188 Lens, France A

670 views • 47 slides
Promotion Test 2020 When is Promotion Test? Promotion Test would be held on the 20th of October

Promotion Test 2020 When is Promotion Test? Promotion Test would be held on the 20th of October

Promotion Test 2020 When is Promotion Test? Promotion Test would be held on the 20th of October 2020 for ALL batches. 2 16th Batch Promotions Test Ranks to be Taken All cadets in 16th Batch would be taking the test to promote to the rank of

160 views • 14 slides
Linux and Law Enforcement Challenges and Opportunities Dr. Joshua I. James Digital Forensic

Linux and Law Enforcement Challenges and Opportunities Dr. Joshua I. James Digital Forensic

Linux and Law Enforcement Challenges and Opportunities Dr. Joshua I. James Digital Forensic Investigation Research Laboratory SoonChunHyang University Joshua@cybercrimetech.com http://forensics.sch.ac.kr whoami Dr. Joshua I. James

399 views • 36 slides
The Developments of Brazils Operation Car Wash and Business Opportunities in connection

The Developments of Brazils Operation Car Wash and Business Opportunities in connection

The Developments of Brazils Operation Car Wash and Business Opportunities in connection with Petrobras New Investment Plan William Michael Jr. Salim Jorge Saud Neto Partner Partner +1 312 701 7653 +55 21 2127 4210

767 views • 38 slides
Digital Forensics Research is Investigator- Centric Robert J. Walls Brian Neil Levine Marc

Digital Forensics Research is Investigator- Centric Robert J. Walls Brian Neil Levine Marc

Effective Digital Forensics Research is Investigator- Centric Robert J. Walls Brian Neil Levine Marc Liberatore Clay Shields University of Massachusetts Amherst Georgetown University rjwalls@cs.umass.edu 1 forensics.umass.edu

578 views • 39 slides
New Findings in SPI Chip Coldren & Vivian Elliott (facilitators) Lt. Det. Darrin Greeley

New Findings in SPI Chip Coldren & Vivian Elliott (facilitators) Lt. Det. Darrin Greeley

New Findings in SPI Chip Coldren & Vivian Elliott (facilitators) Lt. Det. Darrin Greeley & Desiree Dusseault (Boston SPI) Commissioner Robert Haas (ret.) & Dr. Julie Schnobrich- Davis (Cambridge SPI) Deputy Chief Dennis Kato &

928 views • 44 slides
If you would like to ask a question please use the chat feature . Please remember to select Host,

If you would like to ask a question please use the chat feature . Please remember to select Host,

This webinar is being audio cast via the speakers on your computer. If you would like to join using the phone, the call-in number can be found: - At the end of your registration email - In the Event Info tab on the top left hand side of

699 views • 54 slides
Forensic Inves,ga,ons in Cyberspace: what about big data? Katrin

Forensic Inves,ga,ons in Cyberspace: what about big data? Katrin

Computa*onal Forensics Forensic Inves,ga,ons in Cyberspace: what about big data? Katrin Franke Norwegian Information Security Laboratory (NISlab), Department of Computer Science and Media Technology,

587 views • 35 slides

More recommend