We have moved. See CybercrimeTech.com
2017-01-25
2017-01-09
[How to] GPG and Signing Data
GNU Privacy Guard (GPG) uses public and private keys to secure communications (public-key cryptography). Many people use it to encrypt their email or other documents. An email encrypted with a user's public key can then only be decrypted with the same user's private key. This provides end-to-end encryption of the message, meaning that it is impractical for anyone that is listening in on the conversation to get the message in transit.
This is, of course, good and bad. For example, Google and other email providers use email text to gain intelligence about the user, sell user information and do better ad targeting. This revenue stream keeps these services free, but users pay for it in terms of 'sold' privacy. Email using end-to-end encryption cannot be analyzed for useful marketing information. Because of this, these providers don't want to make it easy for mass encryption.
On the other hand, criminals also use Cloud-based email services. Making encryption somewhat difficult means that sloppy criminals are less likely to use encryption. If so, they may be easier to detect and catch.
Whether you are paranoid and want all your emails encrypted (good luck), or you are trying to implement a personal or business data classification policy, GPG can help with encryption requirements.
Beyond encryption, GPG is useful for signing data. This is not exactly a signature that you would put on a document. Instead it is a signature that verifies that the data is correct. The video below describes how to sign data.
Signing data lets your contacts know that the data has not been modified from the time it left your possession. Signing is NOT encryption. Everyone could see the contents. Singing just allows your contact to know the data came from you, and it is in it's original state.
2017-01-02
[How to] Beginner Introduction to The Sleuth Kit (command line)
Today we will give a beginner-level introduction to The Sleuth Kit from command line. If this video is helpful, I highly recommend reading The Law Enforcement and Forensic Examiner's Introduction to Linux.
2016-12-26
[How to] Installing and updating Linux in Virtualbox
Today we are going to install and update a Debian-based operating system in VirtualBox as a guest operating system.
The first video goes through creating a virtual machine in VirtualBox, and installing an operating system from an ISO disk image.
The next video uses apt-get to update the software in the system, as well as ifconfig and ping to check if the network is working.
The final video shows how to install VirtualBox Guest Additions to allow multiple features inside the guest operating system.
The first video goes through creating a virtual machine in VirtualBox, and installing an operating system from an ISO disk image.
The next video uses apt-get to update the software in the system, as well as ifconfig and ping to check if the network is working.
The final video shows how to install VirtualBox Guest Additions to allow multiple features inside the guest operating system.
2016-12-19
[How To] Digital Forensic Memory Analysis - Volatility
This week we will begin with a very basic introduction into the memory analysis framework Volatility. We will use volatility to collect information about a memory image, recover the processes that were running in the system at the time of acquisition, and try to find malicious processes within the memory image. We will cover volatility in more depth in a later video.
2016-12-15
What I'm Reading: Robust bootstrapping memory analysis against anti forensics
Today we are talking about 'Robust bootstrapping memory analysis against anti-forensics' by Lee Kyoungho, Hwang Hyunuk, Kim Kibom and Noh BongNam. This paper deals with anti-forensics techniques against memory analysis, as well as using KiInitialPCR as a more tamper-resistant data structure for OS fingerprinting and process list extraction.
K. Lee, H. Hwang, K. Kim, and B. Noh, “Robust bootstrapping memory analysis against anti-forensics,” Digit. Investig., vol. 18, Supplement, pp. S23–S32, Aug. 2016.
Science Direct: http://www.sciencedirect.com/science/article/pii/S1742287616300408
DFRWS Archive: https://www.dfrws.org/file/712/download?token=sWs0HHYB
K. Lee, H. Hwang, K. Kim, and B. Noh, “Robust bootstrapping memory analysis against anti-forensics,” Digit. Investig., vol. 18, Supplement, pp. S23–S32, Aug. 2016.
Science Direct: http://www.sciencedirect.com/science/article/pii/S1742287616300408
DFRWS Archive: https://www.dfrws.org/file/712/download?token=sWs0HHYB
2016-12-12
[How To] Digital Forensic Memory Analysis - strings, grep and photorec
This week we will show how to use basic data processing tools strings, grep and photorec to start an analysis of a Random Access Memory (RAM) image, even if we currently know nothing about the image. These methods are extremely basic types of analysis, but they are also fast and can produce some interesting results.