ArcPoint Newsletter, December 2021
DF Industry Happenings
The holiday season is upon us! There are a number of ways to give back throughout the year; however, if you find yourself struggling to figure out how to give back to your community, here is what ArcPoint is doing to help out! ArcPoint has donated to a local Toys for Tots this holiday season. The Marine Toys for Tots gifts toys to help bring the joy of Holiday Season and send a message of hope to America's less fortunate children. You can locate your Toys for Tots participant here. Another way ArcPoint is giving back to their local community is by supporting the Florida Sheriff Association! Our support helps provide Law Enforcement with education and training.
Our industry always has a number of events and conferences taking place during any given month and December is no exception. First, the Open Source Digital Forensic Conference was virtual this year and took place on December 1st. Don’t worry if you missed it! You can register for the event and get access to the archived materials at no expense. OSDFCon brings together developers and users within the digital forensics and incident response communities. Examiners get the chance to learn about the latest tools while Developers share knowledge about their work.
ArcPoint Forensics' “The New Kids on the Block” - presented at the CyberSocialCon 2021 - discusses the challenges surrounding the ever-increasing amount of data being processed as well as some potential solutions. If you missed the virtual event, you can still register and watch the recording!
ArcPoint Company and Product News
ArcPoint Presents: Unallocated Space
Last month we launched our first episode of the Unallocated Space podcast with guest speaker Jessica Hyde. During the episode, we discussed DFIR resources, training, and other ways to become more involved in the DFIR community. If you missed the episode, no worries! It is on our Youtube channel and hosted on Spotify, Google Podcast, and Amazon Music. Join us this month, December 16th, when our second episode goes live with guest speaker John Pizzuro. We dive into the “Suitcase Killer” case and how IoT devices could have impacted the investigation by providing Law Enforcement with compounding evidence against Melanie McGuire. Check it out on our YouTube channel or your podcast platform of choice.
Welcome to the Team!
This month, we welcomed two new team members to the ArcPoint Family!
Jason Hogan joins the team with more than 10 years of offensive and defensive cyberspace operations experience and 10 years of Intelligence Community work. He has an MBA in IT Management and is a graduate of the NSA's 3-year, nominative internship; Junior Officer Career Cryptologic Program (JOCCP), the National Security Agency's Tailored Access Operations Certified Analyst Program (TCAP), and Digital Network Analysis Immersion Program. Jason's expertise is technical, organizational leadership, and team building. Please help us welcome Jason to the team as part of ArcPoint's Skillsbridge Program, supporting him as a Business Development Specialist.
Glenn Snead has more than 30 years of DoD and Intelligence Community technical and leadership experience, including nearly 10 years as an Air Force Communications Officer and 20 years supporting the nation’s highest priority national security customers. He has both offensive and defensive cyber experience including certifications as a Certified Ethical Hacker and a Certified Cyber Incident Handler. Glenn brings expertise in software development, system integration, product delivery, and developing strong customer solutions to the ArcPoint team.
Check out our Blog
Once a month ArcPoint releases a blog to help individuals within the community grow and expand their skillsets. Our content is intended to be used as a refresher to experienced examiners and help individuals just getting started to expand their skillsets to make investigations easier. Check out Working with Virtual Machines on our website!
Want a Demo? Just Ask!
ATRIO™ is an all-in-one digital forensics hardware/software solution that performs full physical imaging and data exploitation. It is designed to be intuitive and easy to use. Output is immediately accessible in universally-compatible, non-proprietary format that can be viewed on any computer. There are no additional software programs, dongles, or other peripherals required to operate ATRIO™. Interested in getting demo? Sign up on the ArcPoint website.
Monthly Tech Tip
If you ever come across an E01 image that has no identifiable file name or it didn't come with the handy info text file, then there are a few Linux commands you can use to read the internal Case/File information.
In this example, I was given some E01s with numbers for names…. great.
The first command we can use is “img_stat”. This simple command will at minimum show the size of the data and the MD5 hash for the image. Here I used it on ‘1.E01’.
$ Img_stat imagename
For a more detailed description, we can use the “ewfinfo” command. This utility is part of the libewf package and can show all the metadata stored within the E01.
$ ewfinfo imagename
After running these commands, we found out that this E01 is a 16GB Kington that Bob NoName made for us, along with a few more important details.
It's inevitably going to happen, but when it does you are now ready to identify each file and continue on with the examination!
