DISCLAIMER
The issues addressed in this presentation may be controversial. This is for educational and awareness
purposes only. Do not attempt to violate the law with anything contained here. Neither the author of this
material, nor anyone else affiliated in any way, is liable for your actions.
Some information from the internet and some of personal experience; doesn’t want to hurt anybody,
and please give Feedback
D3PAK KUMAR
DIGITAL FORENSICS | CYBER INTELLIGENCEFORENSICS CHALLENGES
AGENDA
FORENSIC GUIDELINES
CHAIN OF CUSTODY
FORENSICS CHALLENGES
ANTI-FORENSICS
WHAT IS FORENSICS
STEPS OF FORENSICS
TOOLS & QUESTIONS
DIGITAL FORENSICS TRENDS
GOOD THINGS IN FORENSICS
D3PAK KUMAR
DIGITAL FORENSICS | CYBER INTELLIGENCEFORENSICS CHALLENGES
YOU MEAN
• Almost Just Doing Data Extraction & Reporting
• Working On Tools
• Good In Malware Analysis
• Data Recovery From Storage Media
• Running Certain Script Programming
• Rooting / Jailbreak Mobile Phones
• ….
FORENSICS CHALLENGESD3PAK KUMAR
DIGITAL FORENSICS | CYBER INTELLIGENCE
DIGITAL FORENSICS STANDARDS & GUIDELINES
• NIST: National Institute of Standard Technology (CFTT, NSRL, CFReDS)
• NIJ: National Institute of Justice (Several Standards, National Criminal Justice Reference Service)
• IOCE: International Organization on Computer Evidence
• ASCLD/LAB: American Society of Crime Laboratory Directors/Laboratory Accreditation Board
• ASTM: E2678 standard; Guide for Education & Training
• ISO SC 27 CS1: 17025 General requirements for the competence of testing and calibration laboratories
• AES: Audio Engineering Society (Authentication of Analog tape)
• SWGDE & SWGIT: Scientific Working Group on Digital Evidence & Scientific Working Group on Imaging Technology
• ACPO: Association of Chief Police Officers
• DSCI Manual India (Not specific standards but Manual)
FORENSICS CHALLENGESD3PAK KUMAR
DIGITAL FORENSICS | CYBER INTELLIGENCE
FORENSICS CHALLENGESD3PAK KUMAR
DIGITAL FORENSICS | CYBER INTELLIGENCE
CHAIN OF CUSTODY
Lack of integrity in the process of custody and, absence of appropriate documentation in this regard, will not only be detrimental to the cyber crime investigation, during trial but also, expose the IOs to criminal
liability under Section 72 of the ITAA2008
WHICH CYBER SECURITY THREAT ARE YOU "MOST" CONCERNED ABOUT?
• Social Engineering
• Malware
• Data Breach
• Insiders
• Ddos
• Noobs
• Welcome ______To Add Your Option
FORENSICS CHALLENGESD3PAK KUMAR
DIGITAL FORENSICS | CYBER INTELLIGENCE
BIGGEST CHALLENGES IN DIGI FORENSICS
• Encryption
• Cloud Forensics
• Triage
• Legal Challenges
• Growth In Digital Crimes
• Lack Of Resource
• Cross-border Cooperation
• Latest Emerging Technologies
• Lack Of Intelligence
• New Application Artifacts
• SSD Forensics
• Fileless Malware APT
FORENSICS CHALLENGESD3PAK KUMAR
DIGITAL FORENSICS | CYBER INTELLIGENCE
ANTI-FORENSICS
AWESOME
FORENSICS CHALLENGESD3PAK KUMAR
DIGITAL FORENSICS | CYBER INTELLIGENCE
• Basic Tactics
• Data Hidings/ Steg
• Deleting Data
• Cracked Craps VPN Proxy
• Shells (SIEM web logs)
• Renaming Datafile
• Changing Attributes etc
• Misinformation / Honeypot
• Tail, ToR
• Live OS
• Hacked WiFi
• Fileless Malwares/Overflow Exploit
• Bypassing Concept
• DoD Standards etc
BLOWSOME
GOOD THINGS OF TECHNOLOGY
FORENSICS CHALLENGESD3PAK KUMAR
DIGITAL FORENSICS | CYBER INTELLIGENCE
DEEP-WEB / REDDITLEAD (SOCIAL NETWORKING) MOBILE FORENSICS
IOT / Sync
COOKIES INTELLIGENCE
GOOD THINGS OF TECHNOLOGY (Cont)
FORENSICS CHALLENGESD3PAK KUMAR
DIGITAL FORENSICS | CYBER INTELLIGENCE
CTI COMMUNITIES OPEN-SOURCE INTELLIGENCE / GIT
GOOGLEAnd The best : Social Engineering
I f you search for "how do I delete my web history" , and I f ind it in
your web history, you have failed
FORENSICS CHALLENGESD3PAK KUMAR
DIGITAL FORENSICS | CYBER INTELLIGENCE
Don’t believe marketing hype
"oh, we spent $$$ in $Vendor product, so we are safe"
Any "tool", regardless of the price, is still a "tool"
FORENSICS CHALLENGESD3PAK KUMAR
DIGITAL FORENSICS | CYBER INTELLIGENCE
SOME BEST TOOLS
Commercial/Proprietary
• Mobile Forensics : UFED, Oxygen, Santoku
• Composite: EnCase, FTK, NUIX, Belkasoft, CyberCheck, Magnet Axiom, OSForensic
• Writeblocker/Imager : Tableau, Ad Triage, FTK Imager, Encase Imager, DD
Opensource/GPL
• Volatility, Nirsoft, GRR, DFF, Autopsy TSK, Regripper, Caine Distro, Wireshark, JTR, Xplico, Networkminer, Splunk, Arsenal image mounter,
HashMyFiles, Sysinternal, Mimikatz, Metasploit, Git (Tools)
For more list : https://d3pakblog.wordpress.com/2016/12/27/computer-forensic-tools/
Career: https://d3pakblog.wordpress.com/2017/07/16/forensics-as-career/
FORENSICS CHALLENGESD3PAK KUMAR
DIGITAL FORENSICS | CYBER INTELLIGENCE
D 3pa k@Pr otonma i l . c om
R esour c es : w w w .D 3pakb log .w ordpr ess . c om
FORENSICS CHALLENGESD3PAK KUMAR
DIGITAL FORENSICS | CYBER INTELLIGENCE
PARSING GOING ON QUESTIONS