Forensication Education: Towards a Digital Forensics Instructional Framework

By J. Richard “Rick” Kiper

The field of digital forensics is a diverse and fast-paced branch of cyber investigations. Unfortunately, common efforts to train individuals in this area have been inconsistent and ineffective, as curriculum managers attempt to plug in off-the-shelf courses without an overall educational strategy. The aim of this study is to identify the most effective instructional design features for a future entry-level digital forensics course. To achieve this goal, an expert panel of digital forensics professionals was assembled to identify and prioritize the features, which included general learning outcomes, specific learning goals, instructional delivery formats, instructor characteristics, and assessment strategies. Data was collected from participants using validated group consensus methods such as Delphi and cumulative voting. The product of this effort was the Digital Forensics Framework for Instruction Design (DFFID), a comprehensive digital forensics instructional framework meant to guide the development of future digital forensics curricula.

» Read more

A Forensic Look at Bitcoin Cryptocurrency

By Michael Doran

The increased use of cryptocurrencies such as Bitcoin among private users and some businesses has opened a new avenue of research in the field of digital forensics involving cryptocurrencies. Since the creation of Bitcoin in 2008, cryptocurrencies have begun to make a presence in the world of ecommerce. Cryptography serves as the underlying foundation for Bitcoin, which gives it the benefits of confidentiality, integrity, nonrepudiation and authentication. Having been designed and built upon the foundation of these four objectives makes Bitcoin an attractive alternative to mainstream currency and provides users with the benefits of payment freedom, security, very low fees, and fewer risks for merchants. Tools such as Internet Evidence Finder have the capability to recover some Bitcoin artifacts. However, because the cryptocurrency technology is relatively new, very little research has been dedicated to what other forensic artifacts are left on a user’s system as a result of Bitcoin, what those artifacts mean and how to recover them in order to build a successful case involving Bitcoin. This research seeks to ascertain what forensic artifacts are recoverable from a user’s system with Bitcoin wallet applications installed and actively used. Furthermore, this research seeks to recover any evidence of Bitcoin mining that would be present on a user’s system due to the use of such software or applications.
» Read more

Automated Analysis of “abuse” mailbox for employees with the help of Malzoo

By Niels Heijmans

For most companies, e-mail is still the main form of communication, both internally and with customers. Unfortunately, e-mail is also used heavily by cyber criminals in the form
of spam, phishing, spear-phishing, fraud or to deliver malicious software. Employees receive these kinds of messages on a daily basis, even though strict security measures are
implemented. Sometimes an employee will fall for the scam but often they will know when it is a false e-mail, especially after good awareness programs. Instead of letting
them delete the e-mail, let them share it with you to learn and see what is coming through your security measures or what employees see as “fishy”. But what should you do with
the e-mails that are forwarded to this special “abuse” mailbox? Malzoo can be used to analyze this mailbox by picking up the e-mails, parsing them and sharing the results with
the CERT team. By using the collected data, you can find new spam runs, update spam filters, receive new malware and learn in what parts of the company awareness is highest
(and lowest). This paper explains the benefits and drawbacks of letting employees have a central point to report suspicious e-mail and how Malzoo can be used to automate the analysis.

» Read more

Beats & Bytes: Striking the Right Chord in Digital Forensics (OR: Fiddling with Your Evidence)

by Ryan D. Pittman, Cindy Murphy, and Matt Linton

This paper will present results from a recent survey of DF/IR professionals and seek to provide relevant observations (together with published psychological, sociological, and neurological research) to discuss the similarities and intersections of DF/IR and music, as well as identify potential correlations between being a successful DF/IR professional and playing music. It will also discuss numerous challenges facing DF/IR professionals today and how learning to play and enjoy music can help DF/IR personnel both overcome some of those challenges and be more effective in their chosen field.
» Read more

The Efficiency of Context: Review of WireX Systems Incident Response Platform

by Jerry Shenk

WireX Systems officials think they have found the way to slash the time it takes to spot an intruder by making it easier for mere mortals to read and understand network traffic and identify early signs of a breach. Contextual Capture, a key feature of the WireX Network Forensics Platform, is designed to turn every SOC member into a valuable analyst by providing easy-to-use forensics history (for periods of months) using a unique and intuitive query interface. WireX NFP also creates investigation workflows that can be used by the entire security team to accelerate alert validation and incident response.
» Read more

1 2