Forensic Blogs

An aggregator for digital forensics blogs

by

Network Scanning Version 1.0

New Progress

Welcome back to Automated Network Scanning % teams official blog. We have been up to some exciting things since our last post. The first and most exciting thing that we did this month was get our script working. This was the main focus of the team since the beginning of the semester and we spent the majority of our time working on it. We went above and beyond to make sure our script was fully functional and had no bugs. We also were able to get our Raspberry Pi’s working which included adding some servers onto them to test our scanner.

Our First Script

Our team worked hard this month on creating a basic version of our script. Through a lot of trial and error we ended up creating a pretty in depth script. It allows us to perform many different types of scans including a TCP SYN scan, a UDP scan, a TCP connect scan, and a SCTP INIT scan. We also added a feature that allows us to perform a full comprehensive TCP SYN and UDP scan on all available ports, not just the default 1,000.

From here, the team decided to choose email for our output option in our script. Every time we run a scan using our script, each member gets an email with the results of the scan. This email includes information like the IP address of the scanned host , the scan date and time, how long the scan took, the MAC address of the scanned host , the status of the host, what OS the host is using, which ports are open, what services are being run on those ports, and what OS those services are using. We are very happy with the current state of our scanner. We are farther along with it then we thought we would be at this point. Now, the only aspect of our script that we know needs improvement is automation.  

Raspberry Set Up

In October, the team made a lot of headway into setting up our Raspberry Pi. The first thing we did was configure the SD card. This entailed wiping the card and reinstalling all the services we would need. From there we needed to find a way to get our Pi connected to the internet. Our first idea was to use the USB WiFi adapter to connect to the school WiFi. While this method ended up working, but was extremely slow. We instead decided to connect to the internet using Ethernet. This method proved to be much faster. We used our new internet connection to install server software onto our Pi. We installed an SSH server, a file server using Samba, and a web server using Apache. Our Pi’s are now imaged and ready to go.

www.ebay.com/itm/EEEKit-for-Raspberry-Pi-B-2-3-Model-B-Protective-Enclosure-Box-Shell-Case-Cover-/401175589303.

Image from ebay

In the Next Month

We are making haste towards completing our project goal of creating an Automated Network Scanner. In the next month, we will be testing our script on our Pi and the servers we installed, as well as move to some more advanced networks. We hope that November will see us test our Network Scanner on the LCDI Network itself. We will be tweaking our script while we run these scans to try to get faster scan times and add more automation to it. In the meantime, stay connected to us by tuning into the LCDI twitter feed where we will post weekly updates as we continue working on our project.

The post Network Scanning Version 1.0 appeared first on The Leahy Center for Digital Investigation.

by

Automated Network Scanning + Update

Our Progress So Far

Now midway into our network scanning project, things here at the LCDI are moving right along. Our team has continued to build our script and has completed a solid script to run with. We are now testing the script and getting information on ports, their state, and what service is being hosted. We are continuing to build on this and are hoping to have this finished by Thanksgiving break.

Future Plans

Moving forward, we are focusing the bulk of our time and energy into more scripting. We are also beginning to work on our final report which will detail our work and the project as a whole. Thus far, we have completed the introduction. While writing this, we reflected on the work we did which gave a real perspective of how far we’ve come since the beginning of this project at the start of the semester. Starting with little to no experience, we have both come a long way, and now have at least some idea about what we’re doing. A lot of it is still figuring things out as we go and learning on the fly, but we’re already much more knowledgeable than we were at the start.

With the remaining time we have, we will be building both a file server and an SSH server. We’ll use the file server as a remote location to store the results of our scans. This allows us to have our data stored on a separate location, and not use storage on the primary Pi. We’ll use the SSH server so that we can remotely log on to the primary Pi. This allows us to log in to the Pi off-site and still have access to the results. This is useful because it allows one Pi to monitor activity, record it, and use it as evidence to show illegal activity. Instead of only being able to work on one device when there are two of us, we can both access the Pi at the same time, and monitor scan progress and results from remote locations.

Conclusion

Overall, we are still moving at a solid pace on our project and feel we’re in a decent position. Despite not being as far along in our script as some other teams, we are more than making up for lost time and look forward to completing our work.

To learn more about this and other blogs of the LCDI visit us here: LCDI Blog.

Stay in the loop on our current and upcoming projects and events by following us on Facebook,  Twitter, or Instagram. 

 

The post Automated Network Scanning + Update appeared first on The Leahy Center for Digital Investigation.

by

Application Analysis

Introduction:

The Application Analysis team is a group of technical interns at the Leahy Center for Digital Investigation. The LCDI offers  great opportunities for students to gain knowledge and skills in digital forensics and cybersecurity. This project is how four intern students have gone about testing some consumer mobile tracking & monitoring software.

Experience:

The Application Analysis team has currently been researching four different mobile tracking & monitoring programs available in today’s market. The programs we are looking at are mSpy, FlexiSpy, Mobistealth, and Highster Mobile. We are researching the specifications that each of these applications claims to have. We have five Nexus 7 tablets, four of which are rooted using Nexus Root Toolkit and one that is being used as the control device. A control device is a device that you leave in its original state to compare with other devices so you can see what has changed. Sometimes unexpected things will change and that is how you can confirm that it has been altered. We have a laptop that is being used to monitor the traffic via WireShark and also used as the control panel for the software.   

Our team is using the following apps: Google Hangouts, Facebook, Facebook Messenger, Kik, and Skype. We are generating data by sending information between the rooted device and the control device using these various applications. We are seeing if we are able to view all the information that we generated and are checking on whether any data is not collected.

In addition, we are testing if video calls are recorded and sent to the parents’ account. We have set a keyword to test the capability of specific programs to see if it alerts the parent when the keyword is used. Since the first program that we tested has the capability of Geo-Fencing, we decided to test for this capability as well. Geo-fencing means if a device leaves a certain location, there would be an alert sent to notify the parent that the device has left the specified location.

Conclusion:

We have created a variety of questions that we would like to look further into with each of the programs, including if the software can be hidden on the device. Stay tuned to read further updates on this project and the information we continue to gather from our devices.

 

To learn more about this and other blogs of the LCDI visit us here: LCDI Blog.

Stay in the loop on our current and upcoming projects and events by following us on Facebook,  Twitter, or Instagram. 

 

The post Application Analysis appeared first on The Leahy Center for Digital Investigation.