An Overview to Forensic Enterprise Architecture Design

By George Khalil

Attackers usually follow an attack framework in order to breach an organization’s
computer network infrastructure. In response, forensic analysts are tasked with
identifying files, data and tools accessed during a breach. Attackers follow a
systematic approach in order to compromise their targets that begins by gathering
information and intelligence. After identifying technology and personnel, they direct
their efforts to gaining access to the organization’s internal systems by exploiting
vulnerabilities or through spear-phishing. Once the shellcode or malware has
executed, it downloads additional components to provide the attacker with the
necessary tools to move laterally across the organization and escalates his
privileges. The attacker then extends this by collecting and exfiltrating confidential
data. Each time a file is created or transferred across the network a detectable
forensic signature is left behind. Even memory resident malware must exist as a file
or traverse the network prior to being loaded into memory. Advanced persistent
threat (APT) agents typically traverse the enterprise infrastructure during their
attack and subsequent exfiltration activities. The design of a forensically sound
infrastructure permits the identification of current and past malicious
communications while network intelligence-gathering methods seek to create an
enterprise-wide forensic view to identify the extent of a breach. Early detection of
threats requires proper placement of Intrusion detection and prevention systems.
File analysis, DLP, Syslog, NetFlow logging and behavior analysis provide visibility
of enterprise wide activities from the perspective of multiple systems.

» Read more

Windows ShellBag Forensics in Depth

By Vincent Lo

The problem of identifying when and which folders a user accessed arises often in
digital forensics. Forensicators attempt to search for them in the ShellBag
information because it may contain registry keys that indicate which folders the
user accessed in the past. Their timestamps may demonstrate when the user
accessed them. Nevertheless, a lot of activities can update the timestamps.
Moreover, the ShellBag structure differs slightly between different Windows
operating systems. How to interpret ShellBags correctly has become a challenge.
This paper summarizes the details of ShellBag information and discusses various
activities across Windows operating systems.

» Read more

An Encrypto-Stego Technique Based Secure Data Transmission System

by Neha Sharma, Mr. J. S. Bhatia, and Dr. Mrs. Neena Gupta

Digital communication has become an essential part of infrastructure nowadays, a lot of applications are Internet-based and in some cases it is desired that communication be made secret. Consequently, the security of information has become a fundamental issue. Two techniques are available to achieve this goal: Encryption and steganography is one of them. Using cryptography, the data is transformed into some other gibberish form and then the encrypted data is transmitted. In steganography, the data is embedded in an image file and the image file is transmitted.
» Read more

History of Encryption

By Melis Jackob

Encryption, process of converting messages, information, or data into a form unreadable by anyone except the intended recipient. Encrypted data must be deciphered, or decrypted, before it can be read by the recipient. The root of the word encryption -crypt- comes from the Greek word kryptos, meaning hidden or secret. In its earliest form, people have been attempting to conceal certain information that they wanted to keep to their own possession by substituting parts of the information with symbols, numbers and pictures, this paper highlights in chronology the history of Cryptography throughout centuries.
» Read more

Cryptography 101 with SSL

By Parul Garg

Whenever you are connecting to a site via HTTPS, the complete session is encrypted and all the application data is sent over a secured encrypted channel.HTTPS (Hypertext Transfer Protocol Secure) is not a protocol in itself but the SSL/TLS protocol tied on top of HTTP protocol. So basically, Transport Layer Security (TLS) and Secure Socket Layer (SSL) are the protocols which provide secure communication over the internet between the client and the server.
» Read more

Tunneling, Crypto and VPNs

By Dawid Czagan

The idea of Virtual Private Network (VPN) is to simulate a private network over a public network. A VPN tunnel can be used to securely connect LANs of the company over an insecure Internet (VPN gateways are responsible for making the connection secure). This article describes how tunneling and cryptography can be used to build VPN tunnels without going into the details of existing VPN protocols.

» Read more

Online Resources

By Infosec

There are many subspecialties in Cybersecurity, and these range all of the way from cryptography to penetration testing to biometrics to forensics. But, it is the latter which is probably receiving the most attention at the present time. The primary reason for this is that after a major Cyber threat has been launched and has made its impact, it is the “cleanup” work after this which becomes most important. For example, key questions which need to be asked and answered include some of the following:

» Read more

Padding Oracle Attack

By Rorot

Firstly, this vulnerability is not related to the Oracle database or the Oracle Company in any way. In cryptography, an ‘oracle’ is a system that performs cryptographic actions by taking in certain input. Hence a ‘padding oracle’ is a type of system that takes in encrypted data from the user, decrypts it and verifies whether the padding is correct or not. Before getting into the attack details, the below sections throws light on some of the basic concepts that the user needs to be familiar with in order to understand the exploitation.

» Read more

Defeating Encryption: Security is More than Just Good Crypto

By John C. A. Bambenek

Encryption is good. It helps make things more secure. However, the idea that strong cryptography is good security by itself is simply wrong. Encrypted messages eventually have to be decrypted so they are useful to the sender or receiver. If those end-points are not secured, then getting the plain-text messages is trivial. This is a demonstration of a crude process of accomplishing that.

» Read more

Public Key Cryptography and PuTTYgen – Program for Generating Private and Public Keys

By Jayanthi

In today’s electronic world where everything is done online, “trust” is hard to come by. Conversations can be snooped on, credit card numbers can be stolen, identities can be exchanged and unseen eyes are everywhere. Imagine business emails being maliciously read by competitors, company’s proposals being leaked and even crucial corporate information being tampered with…

» Read more

1 2 3 7