OPEN
VOL.
2
NO.
2
THE
ENEMY
INSIDE
THE
GATES
analysis
and
detection
PACKET
ANALYSIS
USING
WIRESHARK
TO
AID
IN
NETWORK
FORENSIC
INVESTIGATIONS
CREATING
AN
INCIDENT
RESPONSE
PROCESS
FINDING
ADVANCED
MALWARE
USING
VOLATILITY
THE
EVOLUTIONARY
APPROACH
TO
DEFENSE
COCKPITCI
APPROACH
Issue 2/2014 (7) April ISSN 2300-6986
Developing
for
Amazon
Web
Servi
ces?
Attend Cloud DevCon!
June 23-25, 2014
San Francisco
Hyatt Regency Burlingame
www.CloudDevCon.net
Attend
Cloud
DevCon
to
get
practical
training
in
AWS
technolog
ies
Develop and deploy applications to Amazon’s cloud Master AWS services such as Management Console, Elastic Beanstalk, OpsWorks, CloudFormation and more! Learn how to integrate technologies and languages to leverage the cost savings of cloud computing with the systems you already have
Take your AWS knowledge to the next level – choose from
Register Early and SAVE!
A BZMedia Event
more than 55 tutorials and classes, and put together your
own custom program!
Improve your own skills and your marketability as an AWS expert
Discover HOW to better leverage AWS to help your organization today
May
27-30,
2014
Register
Early
and
SAVE!
Sheraton
Boston
Get
the
best
real-world
Android
developer
training
anywhere!
·Choose frommore than75 classesand in-depthtutorials ·Network with speakers and otherAndroid developers · Checkout more than40 exhibitingcompanies
Take
your
Android
development
skills
to
the
next
level!
Find
out
why
you
should
go
to
AnDevCon!
Watch
the
videos
at
www.AnDevCon.com
Register
Early
and
Save
at
www.AnDevCon.com
AnDevCon™isatrademarkofBZMediaLLC.Android™isatrademarkofGoogleInc.Google’sAndroidRobotisusedundertermsoftheCreativeCommons3.0AttributionLicense.
A BZMedia Event #AnDevCon
TEAM
Editors:
Joanna Kretowicz
Betatesters/Proofreaders:
Gabriele Biondo, Mark Dearlove, Olivier Caleff, Johan Scholtz, Kishore P.V., Alex Rams, Daniel Sligar, Luca Losio, Salvatore Fiorillo, Martin Baader, James Fleit, Dave Nash, JI PB, M1ndl3ss, Nicolas Villatte, Jacob Heilik, Leighton Johnson, Danny Lavardera, M1ndl3ss, Johan Scholtz, Robert Vanaman
Senior Consultant/Publisher:
Paweł Marciniak
CEO: Ewa Dudzic
Production Director: Andrzej Kuca
Marketing Director: Joanna Kretowicz
Art Director: Ireneusz Pogroszewski
DTP: Ireneusz Pogroszewski
Publisher: Hakin9 Media Sp. z o.o. SK
02-676 Warszawa, ul. Postępu 17D Phone: 1 917 338 3631
www.eforensicsmag.com
DISCLAIMER!
The techniques described in our articles may o nly be
used in private, local networks. The editors h old no
responsibility for misuse of the presented techniq ues or
consequent data loss.
Dear
Readers,
roudly we would like to present you the new
est
issue of eForensics OPEN, so free download
zone,
chance to see what’s going on on our shelve
s as
well as open access for everyone interested in th
e topic.
Like we did it last time,also with 7th edition of e
Foren-sics Open we decided to divide the edition into t
wo
sec-tions – newtopics and samples of our few latest i
ssues.
For those who downloadall ourteasers, don’t wo
rry
– you will find something for your here! We count
on
your feedback here!
The cover topic is ourenemy that unfortunately i
s
in-side the gates.we encourage you too seewhat’s
hidden
under that metaphor. Who’d like to analyze,dete
ct and
go for hunting? We present you various topics st
arting
from Wireshark, going through Network Forensic
tools
and techniquesas well as malware forensics. Bes
ides
– will concentratefor a while on Information Secu
rity
Governance issues. And it comes time for new art
icles –
a bit of mash up but still keeping up with the topi
c, you
will have a chance tomeet some of our old autho
rs one
more time. So don’t wait any longer – new eForen
sics
Open is waiting for you.
The main aim of this issueis to present our publi
cations
to a wider rangeof readers, show you how respo
nsibly
we treatyou and remind you why did you choose
our
magazine. Of course, with free account you have
to all the teasers, but we believe that you’
d like to take
further steps and fully enjoy our publicatio
ns.
Remem-ber that our premium subscription contain
s access to
our whole archivesso our library is waitin
g for you.
We have a new blog? Did youhave achanc
e to check it?
Do it now and we are waitingfor yourfeed
back! http://
blog.eforensicsmag.com
We would alsolike to thank you for all you
r feedback
and support and invite you to follow us on
Twitter and
Facebook, where you can findthe latest newsab
out
our magazine and great contests. Do you like our
maga-zine? Likeit, shareit! We appreciate yourevery c
om-ment as for us eForensics means you and your ne
eds,
and we are here for our readers. We would bemo
re
than pleased if you couldlet us know whatyour e
xpec-tations towards the magazine are? Whichtopics a
re
you most interested in? I repeat it every time but
it is
You whoshape eForensics!
Joanna Kretowicz
and eForensics Team
