SFScon 22 - Alessandro Farina - Open Source Digital Forensics – wiretapping and defence.pdf

•

0 likes•100 views

Stalkerware is monitoring software or spyware that is used for cyberstalking. The term was coined when people started to widely use commercial spyware to spy on their spouses or intimate partners. (https://en.wikipedia.org/wiki/Stalkerware) TinyCheck allows you to easily capture network communications from a smartphone or any device which can be associated to a Wi-Fi access point in order to quickly analyze them. This can be used to check if any suspect or malicious communication is outgoing from a smartphone. (https://github.com/felixaime/TinyCheck-1) In addition to showing what an excellent defense tool TinyCheck is, in my talk I’ll show how I have modified it for forensic acquisition of messaging application in support for LE, obtaining a tool that users can fully inspect to verify what’s happening in every step of the acquisition.

Software

© D.S.A. S.r.l. SFSCONF 11-11-2022
Open Source Digital Forensics –
Wiretapping and Defence
Open Source digital forensics 104
Alessandro Farina – forensics@dsa.it

Open Source Digital
Forensics
wiretapping and
defence
• Stalkerware
• TinyCheck
• Forensics acquisition of Cloud data for
Apps

Open Source Digital Forensics
wiretapping and defence
Digital Forensics Definition
«What is digital forensics? Digital forensics is the field of forensic science that is concerned with
retrieving, storing and analyzing electronic data that can be useful in criminal investigations. This
includes information from computers, hard drives, mobile phones and other data storage devices.”
(https://www.nist.gov/digital-evidence)
For Italian Law: genuinità, non ripudiabilità, imputabilità ed integrità
Translation: authenticity, non repudiation, attributability and integrity

Open Source Digital Forensics
wiretapping and defence
Stalkerware
“Stalkerware” are software programs, apps and
devices that enable someone to secretly spy on
another person’s private life via their mobile
device.
The abuser can remotely monitor the whole
device including web searches, geolocation, text
messages, photos, voice calls and much more.
Such programs are surprisingly easy to buy and
install.
They run hidden in the background, without the
affected person knowing or giving their consent.
Regardless of stalkerware’s availability, the abuser
is accountable for using it as a tool and hence for
committing this crime.

Open Source Digital Forensics
wiretapping and defence
TinyCheck
TinyCheck is a free and open-source tool, developed and
supported by Kaspersky experts and the IT Security community
(special thanks go to @felixaime, @tenacioustek, @nscrutables
and @Emilien).
The solution was created to help organizations working with
victims of domestic violence. TinyCheck aims to protect privacy
through the detection of stalkerware in a simple, quick and non-
invasive way
SpyGuard is a forked and enhanced version of TinyCheck,
developed by the same author when he was working at Kaspersky.
SpyGuard's main objective is to detect signs of compromise by
monitoring network flows transmitted by a device.
The software is available now on Github
(https://github.com/spyguard)
A short video https://twitter.com/i/status/1331535790392946689
Félix Aimé

Open Source Digital Forensics
wiretapping and defence

Tinycheck + forensics
1. Authenticity
2. Integrity
3. Non repudiation
4. Attributability
?

Some useful links
http://www.linuxleo.com/
(very good introduction to DF)
Alessandro Farina
forensics@dsa.it
https://www.caine-live.net/
ELECTRONIC EVIDENCE GUIDE
www.coe.int/cybercrime https://tsurugi-linux.org/index.php
https://twitter.com/felixaime
https://github.com/SpyGuard

Similar to SFScon 22 - Alessandro Farina - Open Source Digital Forensics – wiretapping and defence.pdf

mobile security.pptx

Tapan Khilar

The Scope of Cyber Forensic.pptx

Applied Forensic Research Sciences

Scope of Cyber forensics

Applied Forensic Research Sciences

The Cyber Forensic Specialist's Toolkit: Strategies for Solving Digital Crime...

Milind Agarwal

Need for cyber security

Jetking

Ethics and privacy ppt 3rd period

charvill

In recent years, the emergence of deepfake technology has captured the attention of both researchers and the general public. Deepfakes, created using advanced artificial intelligence algorithms, have the potential to deceive and manipulate digital content to an unprecedented degree. While their application in entertainment and creative fields is intriguing, the implications for cybersecurity are significant. This article delves into the impact of deepfake technology on cybersecurity, examining the challenges it poses and the need for proactive measures to mitigate its potential risks.

Deepfake Technology's Emergence: Exploring Its Impact on Cybersecurity

PC Doctors NET

Managing Cyber Security Risks

David Kondrup

What is Digital Forensics.docx

AliAshraf68199

Profile securitarian

Rupesh Verma

Tecomex Forensics Brochure 2014

Dr. Idris Ahmed

Spyware

Farheen Naaz

The geopolitical conflicts in the Middle East have deepened in the last few years. Syria is no exception, with the crisis there taking many forms, and the cyberspace conflict is intensifying as sides try to tilt the struggle in their favor by exploiting cyber intelligence and using distortion. The Global Research & Analysis Team (GReAT) at Kaspersky Lab has discovered new malware attacks in Syria, using some techniques to hide and operate malware, in addition to proficient social engineering tricks to deliver malware by tricking and tempting victims to open and launch malicious files. The malware files were found on activist sites and social networking forums, some other files were also reported by local organizations like CyberArabs and Technicians for Freedom. All technical details are available in this report ans related blog post at https://securelist.com/blog/research/66051/the-syrian-malware-house-of-cards/. For any inquire please contact intelreports@kaspersky.com

Syrian Malware

Kaspersky

ppt on securities.pptx

muskaangoel15

Noah Maina: Computer Emergency Response Team (CERT)

Hamisi Kibonde

Anti spyware coalition definitions and supporting documents

UltraUploader

Mobile security

Tapan Khilar

Digital forensic science and its scope manesh t

Manesh T

Domain 7 of CEH Mobile Platform, IoT, and OT Hacking.pptx

Infosectrain3

Corporate threat vector and landscape

yohansurya2

Similar to SFScon 22 - Alessandro Farina - Open Source Digital Forensics – wiretapping and defence.pdf (20)

mobile security.pptx

The Scope of Cyber Forensic.pptx

Scope of Cyber forensics

The Cyber Forensic Specialist's Toolkit: Strategies for Solving Digital Crime...

Need for cyber security

Ethics and privacy ppt 3rd period

Deepfake Technology's Emergence: Exploring Its Impact on Cybersecurity

Managing Cyber Security Risks

What is Digital Forensics.docx

Profile securitarian

Tecomex Forensics Brochure 2014

Spyware

Syrian Malware

ppt on securities.pptx

Noah Maina: Computer Emergency Response Team (CERT)

Anti spyware coalition definitions and supporting documents

Mobile security

Digital forensic science and its scope manesh t

Domain 7 of CEH Mobile Platform, IoT, and OT Hacking.pptx

Corporate threat vector and landscape

More from South Tyrol Free Software Conference

The complexity of agricultural droughts requires a consistent, reliable, and systematic method for monitoring and reporting. Amongst the various indices used to monitor this phenomenon, the soil moisture anomaly has been proven to be a more reliable predictor. However, the datasets required for computing this index are often large and computationally demanding. To address this challenge, we have developed SMODEX, a Python package that enables scalable, fast, and open-source standard-compliant computation and visualization of soil moisture anomalies. SMODEX simplifies the computation and visualization of time-series for soil moisture and soil moisture anomalies from high-dimensional climate datasets. It allows for quick and easy parallelization of the computation on a daily, weekly, and monthly timescale. Additionally, SMODEX implements a straightforward workflow for automating the use of FAIR (Findable, Accessible, Interoperable, and Reusable) principles in producing and sharing outputs by leveraging the open source STAC API. The package is extendible and provides information on how to contribute to the project, test suites, test coverage, and a use case for the South Tyrol region, all provided in the package repository. In the future, additional agricultural drought indices and indicators would be included to serve to even larger community of researchers, policy makers, and individual users.

SFSCON23 - Rufai Omowunmi Balogun - SMODEX – a Python package for understandi...

South Tyrol Free Software Conference

The Open Hardware PowerPC Notebook designed around GNU/Linux will be showed at NOI Techpark. We had presented here its motherboard design in 2018. We will updates regarding last developments for u-boot AMD video drivers, re-design of heat pipes, and CE test certification process. We will give future availability milestones of this notebook and details regarding the GNU/Linux distributions or other OS that could runs on it.

SFSCON23 - Roberto Innocenti - From the design to reality is here the Communi...

South Tyrol Free Software Conference

Tracking aeroplanes in real time with Open Source Software is possible. Aircrafts must continuously send their current flight parameters to air traffic controllers on the ground and to other aircrafts. This generates a lot of data, especially when planes are being tracked by multiple sensors. The Open Data Hub on the other hand offers a great backbone for data storing and processing, where the correct datasets have to be identified and filtered. After all transformation on the data is done, it will be exposed via API to be further used by a web application. Bringing together sensor generated data, the Open Data Hub and custom web applications, is a showcase on how the Open Data Hub can be used as a service: OaaS.

SFSCON23 - Martin Rabanser - Real-time aeroplane tracking and the Open Data Hub

South Tyrol Free Software Conference

The transition from Web 2.0 to Web 3.0 has fueled the need for a secure and decentralized cloud storage solution for digital assets. Web 2.0 was characterized by centralized platforms where user data was under the control of companies. In contrast, Web 3.0 aims to empower individuals and foster a decentralized web that supports and benefits the Free Software and Open Data Communities. Blockchain technologies facilitate seamless collaboration and interoperability among diverse stakeholders in the Free Software and Open Data communities. Developers can establish open and transparent ecosystems where data can be shared, verified, and integrated across multiple platforms. Beez, with its own blockchain infrastructure, offers a secure and transparent platform for digital asset exchanges, bolstering transaction integrity and trust. By distributing data across a network of nodes, Beez ensures security and mitigates the risk of single points of failure. Users retain control over their data, safeguard their privacy, and can take advantage of the incentive mechanisms offered by blockchain networks. During our presentation, we will explore the role of AI within Beez's ecosystem, facilitating accelerated data processing, correlation, and intelligent automation. AI unlocks valuable insights from blockchain data, and we will touch upon the use of Inductive Logic Programming (ILP) to enhance programming performance. The integration of Blockchain and AI technologies holds great potential for advancing the safety and efficiency of the Open Data ecosystem. By combining decentralized data storage, trust-building mechanisms, and intelligent data processing, Beez is paving the way for a more secure, transparent, and user-centric digital landscape.

SFSCON23 - Marianna d'Atri Enrico Zanardo - How can Blockchain technologies i...

South Tyrol Free Software Conference

We are becoming more and more dependent on the Internet for our work, education, communication, personal relations and entertainment. Our digital devices conquered an unprecedented level of importance in our life. However, we are facing a loss of control over our smartphones, tablets and other devices for internet connection. It's time to resolve monopolies and re-establish democratic control over the technology we most depend upon. This talk will present the challenges end-users are facing to get more control over their devices and how Free Software is key for a consumer re-empowerement. The talk will present real-life examples of policy demands against gatekeepers on digital markets, such as the struggle for Router Freedom in the last years and how Device Neutrality can serve as an important instrument for pushing forward end-user-oriented digital policies.

SFSCON23 - Lucas Lasota - The Future of Connectivity, Open Internet and Human...

South Tyrol Free Software Conference

MOSH and MOAH are the abbreviation of two groups of chemical compounds found in mineral oils. “MOSH” stands for Mineral Oil Saturated Hydrocarbons. MOAH stands for Mineral Oil Aromatic Hydrocarbons. Both of them are under European deeply evaluation because there are two food contaminants. According to the current state of scientific knowledge, there is no sufficient toxicological evidence to prove a health risk to humans from saturated mineral oil fractions (MOSH). Meanwhile, MOAH are suspected to be carcinogenic (especially PAH-like compounds with 3-7 ring systems), therefore their levels in food should be reduced according to the ALARA-principle (as low as reasonably achievable). Gruppo FOS with CNR ( MOSH and MOAH are the abbreviation of two groups of chemical compounds found in mineral oils. “MOSH” stands for Mineral Oil Saturated Hydrocarbons. MOAH stands for Mineral Oil Aromatic Hydrocarbons. Both of them are under European deeply evaluation because there are two food contaminants. According to the current state of scientific knowledge, there is no sufficient toxicological evidence to prove a health risk to humans from saturated mineral oil fractions (MOSH). Meanwhile, MOAH are suspected to be carcinogenic (especially PAH-like compounds with 3-7 ring systems), therefore their levels in food should be reduced according to the ALARA-principle (as low as reasonably achievable). Gruppo FOS with CNR (Consiglio Nazionale delle Ricerche), Santagata 1907 and Enginius are searching the system for finding and trace their presence in the virgin and extra virgin olive oils by using open fingerprints methods, open hardware and open source blockchain and AI technologies.

SFSCON23 - Giovanni Giannotta - Intelligent Decision Support System for trace...

South Tyrol Free Software Conference

Up-to date measurements of surface meteorological variables are essential to monitor weather conditions, their spatio-temporal variability and the potential effects on a wide range of sectors and applications. Moreover, when included in continuous records of long historical observations spanning several decades, they become essential for assessing long-term climate variability and change locally and on a regional level. Automated pipelines capable of retrieving and processing near-real time meteorological data satisfy the primary prerequisites towards the development and advancement of effective and operational climate services. With a public and operational near real-time monitoring web platform in mind, we present automated pipelines to collect and process up-to-date daily temperature and precipitation records for Trentino South Tyrol (Italy) and surrounding areas, and to derive their spatially interpolated fields at sub-km scale. Our pipelines are composed by multiple steps including data download, sanity checks, reconstruction of missing daily records, integration into the historical archive, spatial interpolation and publication onto online FAIR catalogues as (openEO) “datacubes”. The different APIs, data formats and structure across the various data sources, and the need to merge the data onto harmonized meteorological layers, make this a typical case of the so-called Extract, Transform and Load (ETL) pipelines, and, in order to follow the principles of data reproducibility and Open Science, we embraced open-source automated workflow management through GitLab’s Continuous Integration / Continuous Development (CI/CD) capabilities. CI/CD workflows greatly help the management of the relatively complex graphs of tasks required for our climate application, ensuring seamless orchestration with thorough flow monitoring, application logs, transactions rollbacks, and exception handling in general. Native pipeline-oriented software development also fosters a clean separation of roles among the tasks, and a more modular architecture. This effectively reduces barriers to collaborative development and paves the way for robust operational climate services for researchers and decision makers in the face of the changing climate.

SFSCON23 - Elena Maines - Embracing CI/CD workflows for building ETL pipelines

South Tyrol Free Software Conference

The Open Science movement aims to increase the transparency, reproducibility and inclusiveness of academic research. One of its central goals is therefore to make research outputs broadly available, e.g., manuscripts (Open Access) or research data (Open Data). While software/code created in the course of scientific research is a key artifact of scientific research that is clear distinct from the latter two, it has until recently not received the same attention as manuscripts or data, although it follows its own set of paradigms. In this talk I will present an overview on how the core concepts of Free Software and the FAIR (findable, accessible, interoperable, reuseable) Principles intersect, what this means for managing code as research output and recent initiatives on the European level that will provide support for these issues.

SFSCON23 - Christian Busse - Free Software and Open Science

South Tyrol Free Software Conference

Software freedom can be defined in many ways but in legal terms it is squarely defined by a set of approved FSF and OSI software licenses. Yet everyone realizes that beyond these licenses the goal of software freedom and digital sovereignty cannot be achieved without the ability to master and create hardware components and systems - and beyond that, to rely on open digital infrastructure (servers, datacenters, and resources) . This talk will present the challenges around these topics and what we, collectively in Europe already do and can do to ensure our independence and our freedoms.

SFSCON23 - Charles H. Schulz - Why open digital infrastructure matters

South Tyrol Free Software Conference

EDP-portal is the access point to the Environmental Data Platform of Eurac Research since 2021 to achieve FAIRness of our datasets. It allows to publish data and metadata and provides APIs and web services for data access. In the last 2 years the EDP improved the findability and accessibility of the data collected throughout the curation of metadata that was improved with the DOI registration for datasets. The result is a higher metadata quality where the final user can easily find how to properly cite datasets with a persistent identifier. The portal itself and main data repositories are registered in FAIR-sharing portal with their own DOI. The SW components of the EDP are totally based on open source projects.

SFSCON23 - Andrea Vianello - Achieving FAIRness with EDP-portal

South Tyrol Free Software Conference

This lightning talk will explore the transformative potential of integrating Internet of Things (IoT) and Artificial Intelligence (AI) in Mass Customization (MC). There is a significant collective impact of these technologies on businesses, enabling the delivery of personalized products and exceptional customer experiences. Besides giving an overview of MC and the potential ways of integrating IoT and AI, the focus will be on the process of real-time data collection and facilitation of the customization process by IoT on one hand, and on the role of AI in data analysis and generation of personalized recommendations on the other hand. By presenting real-world case studies to demonstrate the practical implementation of IoT and AI in providing customized products and seamless customer experiences, attendees will gain insights into the future of customization and learn actionable strategies to effectively leverage IoT and AI.

SFSCON23 - Thomas Aichner - How IoT and AI are revolutionizing Mass Customiza...

South Tyrol Free Software Conference

SFSCON23 - Stefan Mutschlechner - Smart Werke Meran

South Tyrol Free Software Conference

As open source software becomes the foundation to build digital products, to run the backbones of ICT infrastructure and to ensure digital sovereignty and cyber resilience, both the technology as well as the communities that develop it inevitably move into the focus of regulators. The European Union is advancing a number of policy initiatives that regulate liability, cyber security, data handling and AI applications in digital products, among others. This is a challenge for the still quite decentralised and globally operating open source community. How could the open source community participate in legislative processes, and what may be the potential impacts of the upcoming regulation on the open source development process and community dynamics?

SFSCON23 - Mirko Boehm - European regulators cast their eyes on maturing OSS ...

South Tyrol Free Software Conference

SFSCON23 - Marco Pavanelli - Monitoring the fleet of Sasa with free software

South Tyrol Free Software Conference

AICS is the Italian Agency for Development Cooperation that started operating in 2016 with the ambition of aligning Italy with the main European and international partners in the commitment to development. KNOWAGE Labs are developing for AICS a platform that is probably unique in the world and will allow both the Agency and the public to access all the major indicators on the UN Sustainable Development Goals provided by international sources (World Bank, WTO, ILO..) and easily compare them. The solution will allow analysis to start from 3 different touch points: the infographic of SDG goals, the advanced search criteria, and the virtual assistant. Then, a customized dashboard will be provided to the user, allowing to further expand the analysis by interacting with charts, maps, tables, etc. This talk will show the state of art of the solution, highlighting objectives and expected results of the project, but also the new developments of KNOWAGE related to AI.

SFSCON23 - Marco Cortella - KNOWAGE and AICS for 2030 agenda SDG goals monito...

South Tyrol Free Software Conference

Interoperability is a core element of the ongoing digitalisation of Europe. With the Interoperable Europe Act, the EU is aiming to create a dedicated legal framework for interoperability and to enhance cross-border digital public services across the European Union. This talk will give an overview of the state of play of this proposed regulation in the ongoing EU legislative process, some of its flaws, and the important role that Free Software and its community can play in it.

SFSCON23 - Lina Ceballos - Interoperable Europe Act - A real game changer

South Tyrol Free Software Conference

How to sharpen the demand for public code across Europe and monitor progress with TEDective For six years, the Free Software Foundation Europe has been calling with a broad alliance for publicly funded software to be published as Free Software. This initiative has become a great success: Our demand "Public Money? Public Code!" has found its way into government strategy papers, party programs, as well as coalition treaties, and is being discussed in public administrations across Europe. At the same time, we see less progress than expected and vendor lock ins remain a crucial issue. Digital sovereignty is redefined bypassing Free Software. There is openwashing in publicly funded companies, and government projects in favour of Free Software remain empty words. Public statistics on the procurement of Free Software are largely unavailable. It is therefore no longer enough to promote the idea of "Public Money? Public Code!". We as the Free Software community should be even more vigilant than before – continuing to praise small steps in the right direction, but pointing out and criticising omissions and lack of implementation. We should become more like watchdogs. In the talk we will look at some examples of lack of implementation of Free Software policies. We will discuss how we, as civil society, can identify such shortcomings and how to deal with them. We will present our initiative TEDective – a free-software solution that makes European public procurement data explorable for non-experts, aiming to provide you with a powerful tool to keep an eye on real progress towards "Public Money? Public Code!" across Europe.

SFSCON23 - Johannes Näder Linus Sehn - Let’s monitor implementation of Free S...

South Tyrol Free Software Conference

The Internet today forms the backbone of the digitisation of our society and economy. As connectivity increases, the boundaries between the real and digital world get increasingly blurred. However, there has been an erosion of trust in the Internet following revelations about the exploitation of personal data, large-scale cybersecurity and data breaches, and growing awareness of the proliferation and impacts of online disinformation. What can be done to improve the Internet as a platform for future generations? What initiatives are currently in place to build key technological blocks of an Internet that supports human-centric values, such as privacy, security, and inclusion, while reflecting the values and norms all citizens should enjoy in Europe? This talk will explore why the current state of the internet must be re-imagined and re-engineered in order to support healthy societies, the existing European Commission initiative to work towards doing so, and the role of Free Software in accomplishing these goals.

SFSCON23 - Gabriel Ku Wei Bin - Why Do We Need A Next Generation Internet

South Tyrol Free Software Conference

2023 saw the launch, after a long and well-structured revision and development process, all based on a fruitful collaboration between several departments of the Autonomous Province of Bolzano, most of the township in South Tyrol, Informatica Alto Adige (SIAG - Technical partner) and the Consortium of Municipalities of the Province of Bolzano, of the new version of the integrated geographic data management system IGis Maps. In use for years in South Tyrol, has in the Consortium one of its most enthusiastic contributors and supporters. The very first version was released about eight years ago and its implementation was based on the idea of creating a multi-purpose GIS management system that could support different types of users, that was highly customizable, and, above all, that could be widely shared among the various management entities, both public and private, present within our territory. After years of use and ad-hoc developments, we can finally present the new version of the IGis Maps system, which incorporates all the technical and technological improvements we realized the system needed. It was not just a major update together with new functionalities combined inside the previous software structure, but a true re-engineering that led, among other things, to a new and more efficient user interface, a major advancement regarding the internal security, an optimization and improvement of the entire editing section as well as an optimization of the section regarding the automatic geo-processes. A mobile version is currently under development to better support any field activities, for which a very powerful option will be included, the possibility of creating special work sessions in off-line mode so as to be able to operate even in areas without a proper cellular line network coverage. Other very important peculiarities concern that the system is developed using a totally free software code and infrastructure, that a detailed documentation has been produced to ensure sustainability to any further future evolution, even in case of technical partner turnover, and finally, that by taking advantage of the high standards and levels of security access can be guaranteed to any type of user. From professional users, through dedicated access and qualifications or, using the ordinary SPID, to the private citizen. We will show examples of how different types of users and stakeholders now permanently use the system for the management of a variety of tasks related to their activities, and how it was possible to customize IGis Maps to create visualization and data management contexts that best meet their needs. We will also present a related project concerning the updating and the correction of the new technical basal cartography, built upon the new Basic Core specification, achieved through the automatic conversion implemented by the SIAG team starting from the previous National Core cartography. With the new IGis Maps it was possible to create an a

SFSCON23 - Edoardo Scepi - The Brand-New Version of IGis Maps

South Tyrol Free Software Conference

KNOWAGE is the open source analytics and business intelligence suite made in Italy. KNOWAGE aims to provide company and organizations with analytical capabilities to exploit data to increase their efficiency and sustainability. Also thanks to the open source community support, the suite is constantly evolving combining the reliability of the most popular business intelligence solutions with the security and the transparency guaranteed by open source. This talk will show the last year advancements and new features towards a more mobile, accessible and user-friendly product, focusing on the newly rewritten dashboarding tool.

SFSCON23 - Davide Vernassa - Empowering Insights Unveiling the latest innova...

South Tyrol Free Software Conference

More from South Tyrol Free Software Conference (20)