Hacking by Solis Tech: How to Hack Computers, Basic Security and Penetration Testing (2014)
Chapter 22: Introduction to Digital Forensics
Ethical hackers are known to be experts when it comes to knowing where an attack is coming from and identifying types of computer crime. For this reason, it is very important for them to know any possible way to attribute an act of criminal hacking to its perpetrator and also prevent any damage that may occur on their system. Simply put, ethical hackers should know how digital forensics work.
Defining Digital Forensics
Digital forensics is the field of hacking that is dedicated to determining any form of digital intrusion. This area of interest relies on the fundamental hacking concept that any digital crime creates a footprint that can be linked back to a hacker. These footprints may be found in log files, registry edits, malware, traces of deleted files, or hacking software. All these footprints serve as evidence to determine a hacker’s identity. Of course, all collected evidence would point towards a hacker’s arrest and prosecution.
It does not mean, however, that criminal hackers are not aware of how digital forensics work. Like how you have been studying how criminal hackers work, they have also been studying how they could possibly leave any traces or set alarms for detection. That means that ethical hacking and black hat hacking are constantly evolving – both types of hacking are continuously trying to find each other’s vulnerabilities.
Tools for Digital Forensics
Learning how to investigate a hacker’s footprints is best when you are using the same tools that are used by a forensics investigator. Here are some of the most effective and commonly used tools to find a criminal hacker.
1. Kali Linux
Yes, Kali can serve as both a tool to test and exploit vulnerabilities, and also detect any intrusion in both hardware and software. Kali Forensics are divided into numerous categories, which are as follows:
1. Ram Forensics Tools
2. Password Forensics Tools
3. Forensic Hashing Tools
4. Forensic Hashing Tools
5. Forensic Suites
6. Network Forensics
7. PDF Forensic Tools
8. Digital Anti-Forensic Tools
9. Anti-Virus Forensic Tools
10. Digital Forensics
11. Forensic Analysis Tools
12. Forensic Craving Tools
2. The Sleuthkit Kit (TSK)
If you aim to go for commercial-grade digital forensics that are being used by law enforcement and other digital security companies, you can go for the following tools:
1. Guidance Software’s EnCase Forensic
2. Access Data’s Forensic Tool Kit (FTK)
Take note that these tools may require payment for some of their reporting features, and of course, these payments are on top of your subscription. Truth be told though, you are mainly paying for their nice interface and their user-friendliness. At the same time, these tools are also great for training, reporting, and certifying.
All digital forensic tools follow the same logic, whether they are open-source or paid. They would all require you to have better understanding of what a hacker system looks like and how all hacking activities may potentially leave a mark on everything that have been intruded or destroyed. For this reason, it does not matter what tools you are using, as long as you understand how a target and a hacker system works.
What You Can Do With Digital Forensics
If you aim to be an expert in the field of digital forensics, you would be able to do the following in no time:
1. Determine the time when a particular file was modified, created, or accessed
2. Track a location of a cellular phone device, regardless of whether its GPS is enabled or not
3. Determine all the websites that a hacker has visited, along with all the files that he has downloaded
4. Extract any form of data from volatile memory
5. Determine who hacked a wireless network and identify all other unauthorized users of a client network
6. Trace a malware using its components and digital signature
7. Crack passwords of encrypted files, hard drives, or patches of communication that the hacker may have left behind
8. Determine the type of device, computer, or software that may have created a malicious file or have launched an attack.
9. Find out what commands or software that a hacker has used within a client system
10. Find out the device, time, or location involved in a screenshot or a photograph
Digital forensics can achieve more than what’s on this list, and for that reason, hackers are busy trying to build tactics that may counter what a forensics investigator may do to evade punishment. Because of the advancement in digital forensics and law enforcement, hackers have created another field in hacking, which is anti-forensics.
What is Anti-Forensics?
Anti-forensics, as the name implies, is the branch of hacking that specializes in evading all techniques and tools that a digital forensics investigator may use. Some of the techniques that this branch of hacking employs are the following:
1. Trail obfuscation – this is the practice of misleading digital forensics into following another attack source, rather than finding the attack itself
2. Time stamp alteration – this is the practice of changing the timestamp that investigators see when they check when a file was modified, access, or changed
3. Artifact wiping – this practice ensures that all attack fingerprints done by a criminal hacker’s computer is erased from a target computer to prevent detection.
4. Data hiding – this includes encryption of any possible artifact or steganography (the process of hiding a code or a secret message in a file or document that can be easily found)
Now that you have a clearer idea on how you can find attacks and attackers, and you know how they can also counter the tools that you would be using, you should understand that dealing with criminal hackers is not that easy. Your goal is to outsmart them by thinking ahead and having the foresight of knowing what they would probably do next. By being able to predict what they can do to counter your forensic tools, you can switch to a different tactic and prevent any other attack.