A round-up of this week’s digital forensics news and views:
Exploring Host-Based Digital Forensics with Memory Analysis
Forensic experts are turning to memory analysis as a critical tool in uncovering sophisticated cyber attacks. By examining running processes, network connections, and loaded modules in system memory, investigators can detect fileless malware and other threats that leave minimal traces on disk, providing crucial insights for incident response and system remediation.
Army CID Supports NATO Digital Evidence Course
U.S. Army CID agents led a NATO digital forensics course in Poland, training investigators from 12 countries on handling digital evidence in joint operations. The collaboration highlights the importance of international partnerships in combating cybercrime, with the CID-developed course now officially NATO-approved.
A review of research in forensic investigation of cryptocurrencies
Cryptocurrency adoption has surged in recent years, presenting new challenges for digital forensics and law enforcement. A comprehensive review of existing research reveals forensic artifacts for six cryptocurrencies across 30 wallet types, identifying 49 distinct forensic artifacts and 25 investigative tools. The study also explores seven cryptocurrency visualization and analysis tools, highlighting the evolving landscape of digital currency forensics while pointing out areas requiring further research.
Read More (Inderscience Online)
Unlocking The Power Of Digital Forensics Training And Certification With Magnet Forensics
Chuck Cobb from Magnet Forensics joins the Forensic Focus Podcast to discuss training and certification. Chuck delves into his extensive background, including his tenure in law enforcement and over a decade of experience in forensic training at both Guidance Software and Magnet. He emphasizes the evolution of forensic training, particularly highlighting the challenges and opportunities that have arisen due to technological advancements and the Covid-19 pandemic.
Google Drive Forensics
Google Drive, with over a billion users, offers built-in forensic capabilities without the need for specialized tools. Investigators can access crucial information such as file timestamps, access history, and user permissions directly through the platform’s interface. The article demonstrates how to view folder details, track document changes, monitor user activity, and examine sharing permissions. This native functionality allows for basic digital forensics analysis, potentially useful in scenarios like detecting academic cheating or investigating collaborative document histories.
Get ready for AI-supercharged hacking
AI is enhancing the capabilities of hackers, making phishing attacks more sophisticated and harder to detect. This is due to AI’s ability to create highly personalized and convincing messages using stolen data, as well as the extensive access AI tools require to personal information on devices. To combat this growing threat, individuals and organizations need to exercise increased vigilance, particularly when handling emails and text messages, while governments are urged to raise awareness about these evolving cyber risks.
WIUCG unveils digital forensic laboratories
The Minister of Education in Ghana has praised Wisconsin International University College for establishing digital forensic laboratories to combat cybersecurity threats. He emphasized the importance of these facilities in equipping students with practical skills to analyze digital evidence, develop cybersecurity measures, and safeguard digital systems. The minister also highlighted the government’s commitment to advancing STEM education and digital literacy across Ghana, including the construction of STEM laboratories in schools nationwide.
CISA Advises Against Paying Ransom, But Rules Out a Ban
CISA and cybersecurity experts generally discourage paying ransomware demands, but stop short of advocating for an outright ban due to potential negative consequences for small businesses and threat intelligence gathering. The decision to pay ransom depends on factors like backup integrity and data exfiltration, with experts emphasizing the importance of having a comprehensive incident response plan. Organizations are advised to consult with cyber insurance carriers, legal counsel, and specialized negotiators when facing ransomware attacks.
Eldorado Ransomware Strikes Windows and Linux Networks
Researchers have uncovered details about Eldorado, a new Ransomware-as-a-Service (RaaS) targeting both Windows and Linux systems using advanced encryption methods and Golang programming. The malware’s sophisticated features, including lateral movement capabilities and customization options for affiliates, along with its successful attacks on multiple industries, indicate a well-resourced and technically skilled criminal operation, reflecting a broader trend of increasing RaaS activities on dark web forums.
Read More (Infosecurity Magazine)
Police embrace modern tech for criminal investigations
Bihar police are set to modernize their investigative processes by equipping investigating officers with laptops and smartphones for collecting digital and technical evidence in cognizable offences. This initiative aims to enhance and expedite criminal investigations using modern technology. According to senior police officers, this move could potentially make Bihar the first state in India to provide such advanced technological support to its investigating officers.