All of the articles have been written by experts in digital forensics industry and are based on their life experiences.
This issue title is “Let’s Play Forensic Tools”
In this issues of eForensics OPEN, you will find the following topics:
FORENSICS AND HARD DRIVE DATA IMAGING & RECOVERY. THE PERILS AND PITFALLS OF WORKING WITH DEFECTIVE HARD DRIVES
by Jonathan R. Yaeger
This article will discuss some of the details of hard drive operation and failure, as related to digital data recovery or forensics. This will help the investigator to minimize compromises in evidence integrity. The article will also serve as an introduction to best practices when data recovery is required.
RAID 5 DATA RECOVERY – A GUIDE FOR THE RAID OWNER
by Wayne Horner
Your business stores data in a RAID 5 storage array and you just found out that the RAID has failed. Many RAIDs get damaged by the repair attempts. Your job is to keep an eye on well meaning IT consultants and in-a-hurry tech support centers. To do that you need to know whats going on. The purpose of this guide is to arm you with enough knowledge to keep your RAID from being destroyed.
GREP AND REGEX, THE OVERLOOKED FORENSIC TOOLS
by Dr Craig S Wright GSE GSM LLM MStat
This article takes the reader through the process of learning to use GREP and Regular Expressions (RegEx). GREP May not seem to be a tool that relates to the process of data recovery, but we will show that this is an essential tool in recovering data. If you cannot find data, how can you recover it?
Using the GREP command we can search through a variety of information sources. For the forensic analyst, incident handler or system administrator, this means a simplified method of searching for information. Coupled with the use of regular expressions grep is a powerful tool for the IT investigator. In this paper, we look at some uses of grep and regular expressions.
INTERVIEW WITH BRIAN GILL, CEO AT GILLWARE, INC.
by Kishore P.V. and Richard C. Leitz Jr.
WIRE-SPEED CAPTURES WITH PORTABLE DEVICES
by Francisco J. Hens and Vicente J. Bergas
Improvements of storage technology in terms of capacity / speed and continuous optimization of Field-programmable Gate Array (FPGA) integrated circuits are bringing a totally new wave of possibilities in data capture and processing applications. FPGAs are perfectly suited for wirespeed processing of fast data sources and small form factor Solid State Drives (SSD) supply excellent performance, large storage capacity and they are perfectly adapted to operation in portable equipments.
INTRUSION DETECTION SYSTEM AN INTELIGENT STEP TO CATCH THE INTRUDERS
by Deepanshu Khanna
Now-a-days the number of Internet users is growing. Almost everyone around the world is accessing the Internet. E-commerce and E-business are growing rapidly. Therefore, competition is also increasing rapidly. The number of intrusion events have also continued to grow because many companies’ networks use the Internet. So in this article I have focused on how a hacker attacks and on the contrary how can we catch that hacker.
WEB ATTACKS: ERROR BASED ASPX SQL INJECTION
by Rahul Tyagi
ASPX SQL injection is also parallel to a PHP based SQL injection. But here, we don’t use queries that contain order by, union select etc. Instead, we will cheat the server to respond with the information we need. It is called an error based injection technique. We will get the information we need in the form of errors.
THE MOST POPULAR NETWORK FORENSICS PRODUCT IN JAPAN , PACKET BLACK HOLE IS NOW ON SALE IN THE US
INTERVIEW WITH NETAGENT INC. WWW .NET-AGENT .COM
by Aby Rao, Gabriele Biondo and Andrew J Levandoski
A STEP BY STEP GUIDE TO BEGINNING COMPUTER FORENSICS
by David Biser
We live in an era of digital connectivity such as the world has never known. Each age has one symbol that seems to identify it to all other time periods, for instance Roman is known by the Imperial Eagle, the Industrial Revolution by the machines that were developed and used, our age can probably be symbolized by 1s and 0s. Nearly everyone is connected to the Internet in some form or manner, by smart phone, tablet or laptop. With such connectivity comes crime which brings the need for investigators with a specific skill set to be able to investigate, track and apprehend criminals in the digital world. This is where the exciting and ever changing world of computer forensics begins. As a computer forensic examiner you will find yourself tracking child pornographers, cyber thieves and terrorists, responding to the worst of crimes, all in an effort to deter and stop cyber crime. A very exciting field indeed!
DIGITAL IMAGE ACQUISITION – STEP BY STEP
by Thomas Plunkett, CISSP, EnCE, MSIS
Proper digital image acquisition is key to any forensics practice. Accurate and thorough documentation along with rigorous adherence to procedures and established best practices lead to a successful acquisition process. This article will help the beginner learn what is necessary to successfully accomplish this important part of digital forensics.
INTRODUCTION OF NETWORK FORENSICS USING WIRESHARK
by Dauda Sule
Network forensics involves recording, monitoring, capturing and analysis of network traffic in a bid to uncover how incidents occurred (like a breach, attack, abuse or error). Network data is highly volatile and may be easily lost if not captured in real-time; for example, if malicious code is sent to an endpoint, the source or path of the code would be difficult to discover if the traffic data was not captured as it was coming in through the network. There are various tools that can be used to capture and analyze network traffic such as NetworkMiner, tcpdump, snort, windump and Wireshark. This article introduces the use of Wireshark for network analysis.
REVIEW OF “GUIDE TO COMPUTER FORENSICS AND INVESTIGATIONS” 4TH
by Richard Leitz
THE INTERVIEW WITH JAMES E. WINGATE VICE PRESIDENT OF BACKCONE
by Gabriele Biondo and Kishore P.V.