Tech Guides - Forensics

With cyber-attacks on the rise, strong passwords no longer guarantee enough protection to keep your online profiles safe from hackers. In fact, other security features such as antivirus software, encryption technology, firewall deployment, etc. are also susceptible to being bypassed by hackers when targeted explicitly and dedicatedly. A multi-factor authentication (MFA) system adds another layer of app security to ensure enhanced data safety. According to a survey, hackers use weak or stolen user credentials in a staggering 95% of all web application attacks. MFA implementation can prevent unauthorized access to your personal accounts, even if someone manages to steal your sign-in details. It has  low complexity, and the application does not require significant amount of time or resources. What is Multi-Factor Authentication? Multi-factor Authentication emerged as a reaction to the vulnerability and susceptibility of the existing security systems. It is a method that confirms the users’ identity multiple times, before granting them access. These pieces of evidence validating a user’s identity include: Knowledge factor: something you know (for e.g. a username, password, security question) Possession factor: something you have (for e.g. a registered phone number, hardware or software token that generate authentication code, smartcard) Inherence factor: something you are (biometric information such as a finger, face, or voice recognition, retina scans) When a system utilizes two or more verification mechanisms, it is known as a multi-factor authentication (MFA). The ultimate idea behind MFA is that the more number of steps a user has to take to access sensitive information, the harder it becomes for the hacker to breach the security. One of the most common methods of authentication is a password coupled with a verification code of unique string of numbers sent via SMS or email. This method is commonly used by Google, Twitter, and other popular services. iPhone X’s Face ID and Windows Hello use the latest innovations in advanced biometric scanners for fingerprints, retinas, or faces, that are built-in the devices. Moreover, you can also use a specialized app on your phone called an “authenticator”. The app is pre-set to work for a service and receives the codes that can be used whenever needed. Popular authentication apps include Google Authenticator, DuoMobile, and Twilio Authy. The authentication apps are more secure when compared to receiving codes via SMS. This is primarily because text messages can be intercepted and phone numbers can be hijacked. On the other hand, authentication apps do not rely on your service carriers. In fact, they function even in the absence of cell service. Importance of Multi-factor Authentication System Is MFA worth the hassle of additional verification? Yes, it absolutely is. The extra layer of security can save valuable and sensitive personal information from falling into the wrong hands. Password theft is constantly evolving. Hackers employ numerous methods including phishing, pharming, brute force, and keylogging to break into online accounts. Moreover, anti-virus systems and advanced firewalls are often incompetent and inefficient without user authentication. According to a Gemalto report, more than 2.5 billion data records were lost, stolen, or exposed worldwide in 2017, an 88% increase from 2016. Furthermore, cyber-attacks rake up huge financial losses to the compromised organization and even mere individuals; basically anyone connected to the internet. It is estimated that by 2021, cyber-crime will cause global financial damages of around $6 trillion annually. Despite the alarming statistics, only 38% of the global organizations are prepared to combat a cyber-attack. MFA implementation can mitigate cyber-attacks considerably. Organizations with multi-fold authentication in place can strengthen their access security. It not only will help them safeguard the personal assets of their employees and customers, but also protect the company’s integrity and reputation. Why Multi-factor Authentication System in Apps is good Numerous variables are taken into consideration during the app development process. You want the app to have a friendly user interface that provides a seamless experience. An appealing graphical design and innovative features are also top priorities. Furthermore, apps undergo rigorous testing to make them bug-free before releasing into the market. However, security breaches can taint the reputation of your app, especially if it holds sensitive information about the users. Here is why MFA is a good idea for your app: Intensified security As mentioned earlier, MFA can bolster the protection and reduce the risk associated with only password-protected apps. Additional means of authentication not only challenges the users to prove their identity, it can also provide the security team with broader visibility into a possible identity theft. Moreover, it is not necessary to prompt the user for MFA every time they log into the app. You can use data analytics to trigger MFA for a risk-based approach. Take into account the user’s geographical location, IP address, device in use, etc. before challenging the user’s identity and asking for additional authentication. High-risk scenarios that justify MFA include logging in from an unknown device or new location, accessing the app from a new IP address, or attempting to gain admission into a highly sensitive resource for the first time. Opt for risk-based approach only if your app holds valuable and intimate information about your client that can cause irrevocable personal damage to the user if divulged. Otherwise, such an approach requires complex data analytics, machine learning, and contextual recognition that can be difficult and time-consuming to program. Simplified login process You may consider MFA implementation as complicated and cumbersome. However, if you have multiple apps under your helm, you can offer more advanced login solutions like single sign-on. Once the user identity is validated, they can access multiple apps covered under the single sign-on. This practice provides practicality to the MFA process as the users are saved from the fatigue and stress of repeated logins. Increased customer satisfaction A customer’s satisfaction and trust is one of the biggest driving factors for any organization. When you offer MFA to your users, it builds a sense of trustworthiness amongst them and they are more at ease when sharing personal details. Compliance with standards In addition to the benefits to the users, there are certain compliance standards, mandated by state, federal or other authorities, which specify that companies should implement MFA in explicit situations. Moreover, there are fixed guidelines from the National Institute of Standards and Technology (NIST) that help you choose the right verification methods. Therefore, it is imperative that you do not only comply with the regulations but also implement the recommended MFA methods. The key is to deploy an MFA system that is not too laborious but offers optimal steps of authentication. Given the sheer number of methods available for MFA, choose the most appropriate options based on: Sensitivity of the data and assets being protected Convenience and ease of usability for the customers Compliance with the specific regulations Expediting implementation and management for IT department Summary MFA can strengthen the security of sensitive data and protect the user’s identity. It adds another layer of shield to safeguard the client’s online accounts, obstructing the efforts of dedicated hacking. Moreover, it allows you to comply with the standard guidelines proposed by the authorized officials. However, individual MFA implementation across different user environments and cloud services can be inconvenient to the users. Deploy single sign-on or adopt risk-based approach to eliminate security vulnerability while facilitating user access. Author Bio Mehul Rajput is a CEO and co-founder of Mindinventory which specializes in Android and iOS app development and provide web and mobile app solutions from startup to enterprise level businesses. He is an avid blogger and writes on mobile technologies, mobile app, app marketing, app development, startup and business. 5 application development tools that will matter in 2018 Implement an API Design-first approach for building APIs [Tutorial] Access application data with Entity Framework in .NET Core [Tutorial]

Who here hasn’t watched the American TV show, Mr. Robot? For the uninitiated, Mr. Robot is a digital crime thriller that features the protagonist Elliot. Elliot is a brilliant cyber security engineer and hacktivist who identifies potential suspects and evidences of any crime hard to solve. He does this by hacking into people’s digital devices such as smartphones, computers, machines, printers and so on. The science of identifying, preserving, and analyzing the evidences through digital media or storage media devices, in order to trace a crime is Digital Forensics. A real world example of digital forensics helping solve crime is the case of a floppy disk that helped investigators to solve the BTK serial killer case in 2005. The killer had eluded police capture since 1974 and had claimed the lives of at least 10 victims before he was caught. Types of Digital forensics The Digital world is vast. There are countless ways one can perform illegal or corrupt activities and go undetected. Digital Forensics lends a helping hand in detecting such activities. However, due to the presence of multiple digital media, the forensics carried out for each is also different.  Following are some types of forensics which can be conducted over different digital pathways. Computer Forensics refers to the branch of forensics that obtains evidences from computer systems such as computer hard drives, mobile phones, a personal digital assistant (PDA), Compact Disks CD, and so on. The digital police can also trace suspect’s e-mail or text communication logs, their internet browsing history, system or file transfer, hidden or deleted files, docs and spreadsheets, and so on. Mobile device Forensics recovers or gathers evidence from the call logs, text messages, and other data stored in the mobile devices. Tracing one’s location info via the inbuilt GPU systems or cell site logs or through in-app communication from apps such as WhatsApp, Skype, and so on on is also possible. Network forensics monitors and analyzes computer network traffic, LAN/WAN and internet traffic. The aim of network forensics is to gather information, collect evidence, detect and determine the extent of intrusions and the amount of data that is compromised. Database forensics is the forensic study of databases and their metadata.The information from database contents, log files and in-RAM data can be used for creating timelines or recover pertinent information during a forensic investigation. Challenges faced in Digital Forensics Data storage and extraction Storing data has always been tricky and expensive. An explosion in the volume of data generation has only aggravated the situation. Now data comes from different pathways such as social media, web, IoT, and many more.  The real-time analysis of data from IoT devices and other networks also contribute to the data heap. Due to this, investigators find it difficult to store and process data to extract clues or detect incidents, or to track the necessary traffic. Data gathering over scattered mediums Investigators have to face a lot of difficulty as evidence might be scattered over social networks, cloud resources, and Personal physical storage. Therefore, increased tools, expertise and time is a requirement to fully and accurately reconstruct the evidence. Automating these tasks partially may lead to deterioration of the quality of investigation. Investigations to preserve privacy At times, investigators collect information to reconstruct and locate an attack. This can violate user privacy. Also, when information has to be collected from the cloud, there are some other hurdles, such as accessing the evidence in logs, presence of volatile data, and so on. Carrying out Legitimate investigations only Modern infrastructures are complex and virtualized, often shifting their complexity at the border (such as in fog computing) or delegating some duties to third parties (such as in platform-as-a-service frameworks). An important challenge for modern digital forensics lies in executing investigations legally, for instance, without violating laws in borderless scenarios. Anti-forensics techniques on the rise Defensive measures for digital forensics comprise of encryption, obfuscation, and cloaking techniques, including information hiding.Therefore new forensics tools should be engineered in order to support heterogeneous investigations, preserve privacy, and offer scalability. The presence of digital media and electronics is a leading cause for the rise of digital forensics. Also, at this pace, digital media is on the rise, digital forensics is here to stay. Many of the investigators which include CYFOR,  and Pyramid CyberSecurity strive to offer solutions to complex cases in the digital world. One can also try to seek employment or specialize in this field by improving the skills needed for a career in digital forensics. If you are interested in digital forensics, check out our product portfolio on cyber security or subscribe today to a learning path for forensic analysts on MAPT, our digital library. How cybersecurity can help us secure cyberspace Top 5 penetration testing tools for ethical hackers What Blockchain Means for Security

Connected physical devices, home automation appliances, and wearable devices are all part of Internet of Things (IoT). All of these have two major things in common that is seamless connectivity and massive data transfer. This also brings with it, plenty of opportunities for massive data breaches and allied cyber security threats. The motive of digital forensics is to identify, collect, analyse, and present digital evidence collected from various mediums in a cybercrime incident. The multiplication of IoT devices and the increased number of cyber security incidents has given birth to IoT forensics. IoT forensics is a branch of digital forensics which deals with IoT-related cybercrimes and includes investigation of connected devices, sensors and the data stored on all possible platforms. If you look at the bigger picture, IoT forensics is a lot more complex, multifaceted and multidisciplinary in approach than traditional forensics. With versatile IoT devices, there is no specific method of IoT forensics that can be broadly used.So identifying valuable sources is a major challenge. The entire investigation will depend on the nature of the connected or smart device in place. For example, evidence could be collected from fixed home automation sensors, or moving automobile sensors, wearable devices or data store on Cloud. When compared to the standard digital forensic techniques, IoT forensics portrays multiple challenges depending on the versatility and complexity of the IoT devices. Following are some challenges that one may face in an investigation: Variance of the IoT devices Proprietary Hardware and Software Data present across multiple devices and platforms Data can be updated, modified, or lost Proprietary jurisdictions for data is stored on cloud or a different geography As such, IoT Forensics requires a multi-faceted approach where evidence can be collected from various sources. We can categorize sources of evidence into three broad groups: Smart devices and sensors; Gadgets present at the crime scene (Smartwatch, home automation appliances, weather control devices, and more) Hardware and Software; the communication link between smart devices and the external world (computers, mobile, IPS, and firewalls) External resources; areas outside the network unders investigation (Cloud, social networks, ISPs and mobile network providers) Once the evidence is successfully collected from an IoT device no matter the file system, operating system, or the platform it is based on, it should be logged and monitored. The main reason behind this is IoT devices data storage are majorly on Cloud due to its scalability and accessibility. There are high possibilities the data on Cloud can be altered which would result to an investigation failure. No doubt Cloud forensics can equally play an important role here but strengthening cyber security best practices should be the ideal motive. With ever evolving IoT devices there will always be a need for unique practice methods and techniques to break through the investigation. Cybercrime keeps evolving and getting bolder by the day. Forensics experts will have to develop skill sets to deal with the variety and complexity of IoT devices to keep up with this evolution. No matter the challenges one faces there is always a unique solution to complex problems. There will always be a need for unique, intelligent, and adaptable techniques to investigate IoT-related crimes and an even greater need for those displaying these capabilities. To learn more on IoT security, you can get you hands on a few of our books; IoT Penetration Testing Cookbook and Practical Internet of Things Security. Why Metadata is so important for IoT Why the Industrial Internet of Things (IIoT) needs Architects 5 reasons to choose AWS IoT Core for your next IoT project  

"The autopsy report details that the victim was wearing a Google Glass at the time of death." "So it looks like we're through the looking glass on this one!" "Be respectful detective, a man just died." CSI: Miami-esque exchange aside, the continual advancements made in wearable smart technologies, such as the Google Glass, smart watches, and other peripherals mean the expertise and versatility of professional analysts working in the digital forensics space will face ever greater challenges in the future. The original innovation of smartphones steepened the learning curve for forensic investigators and analysts, who have been required to adapt to the rapid development of mobile systems approaching the computing power and intelligence of desktop computers. Since then, this difficulty has only escalated with the constant iteration of new mobile hardware capabilities and updates to mobile operating systems. The velocity at which mobile technology updates makes it a nightmare for analysts to keep up to speed with system architectures (whether Android, iOS, Windows, or Blackberry) so they have the ability to forensically examine devices in a range of critical, sometimes criminal, investigations. That’s even before considering knock-off phones and those that may have been on the wrong end of a baseball bat. For forensic experts, the art of data extraction is an imperative one to master, as crucial evidence lies in the artefacts stored on devices, and encompasses common system files such as texts, emails, call logs, pictures, videos, web histories, passwords, PINs, and unlock patterns, but also less typical objects stored on third-party applications. Geolocation data, timestamps, and user accounts can all provide key evidence to working out the what, where, when, how, why for an investigation. "Perishable" or anonymous messaging services such as Snapchat and Whisper add another dimension to the discoverability of data that is intended to be temporary or anonymous (although Whisper has come under fire recently for storing confidential data, contrary to the application’s anonymity promise). In cases where app data has been "destroyed" or anonymised, forensic technicians need to extract deleted data through manual decoding and even piece together the evidence, Columbo-style, to unravel the perpetrators and the crime. The sophistication of numerous third-party applications and the types of data they are capable of storing adds a considerable degree of complexity and demands a lot in terms of forensic method and data analysis. Mobile forensics is a developing discipline, and with the rise of smart wearables, there is yet another dimension for analysts to get to grips with in the future. The smartwatch is still in the infancy stage of sophistication and adoption among consumers, but the impending release of the Apple Watch, along with the already available Samsung Gear and Pebble Steel ranges indicate that the market is going to expand in the next few years, and this makes it likely that smartwatches will become another addition in the digital (mobile) forensics space. The interesting kink in smartwatch technology is the paired interface they must share with phones, as the devices must effectively be synced in order to function, so that the watch receives notifications (texts, calls) pushed from the phone. The event logs stored on both devices when phone and watch interact may prove to be an important forensic artefact should they ever be the cause of investigation, and while right now, native apps on smartwatches are on the limited side (contacts, calendar, media, weather), greater sophistication in the realm of smartwatch apps cannot be far away. A hugely intriguing layer for mobile forensics is brought by the Google Glass and its array of functionalities, as once it eventually becomes globally available it will become an important device for analysts to understand how to image and pull apart. The Glass can be used for typical smartphone activities, such as sending messages, making calls, taking pictures, and social media interaction, but it's the ability to enable on-the-fly navigation and translation out in the real world, along with voice commanded Google search and access to real-time information updates through Google Now that make it particularly fascinating from a forensics standpoint. Even considering the familiarity experts will have with Android systems, the unique properties of the Glass in its use of voice commands and the search and geospatial information it collects will potentially provide crucial artefacts in investigations. Examiners will need to know how to pull voice command event logs and parse timeline data, recover deleted visual data, analyse GPS usage and locations, and even determine when in time a Glass was on or off. A student in digital forensics has even begun attempting to forensically examine the Glass. At this point in time, Glass wearers are those select few chosen for the Explorer beta program, but we should fully expect—when the device becomes completely publically available—for it to become popular enough for it to make another significant addition to the field of smart device forensics. Apparently Google Glass carriers are split into two camps—‘Explorers’ and ‘Glassholes’. Whatever the persuasion, forensic investigators may be required to look through a glass, darkly, sooner than they think.