Forensic Blogs

An aggregator for digital forensics blogs

by

Applications of AI and Machine Learning

Enfuse 2018 Reflection – Zach Burnham

Introduction:

This past summer, I had the honor of attending this year’s Enfuse Conference, the first iteration hosted by Opentext. As a rising senior at Champlain College, this opportunity fell at a critical time for me in my professional development. Attending allowed me to build on the knowledge I’ve gathered in my previous courses, and my time at the Leahy Center for Digital Investigation. Through conversations with some of the greatest minds currently in digital forensics and cybersecurity. Besides networking, the conference also allowed all attendees to sign up for an array of classes with pins you could collect from each class. This was aimed to help start conversations with others with the same interests who may have been walking by. One of the classes offered at the conferences this year covered a recent new interest of mine: artificial intelligence (AI).

Top Applications of AI & Machine Learning Session Review

There were two speakers for this session. The first was Alexis Mitchell, a Principal Data Scientists for Opentext with a background in HP, Recommind, and DARPA. The second speaker was Zachary Jarvinen, also from Opentext, who works in their Product Marketing department for Analytics & AI and has a background in Epson, tapClicks, and the United States Department of State. Together, they talked about the implementations of machine learning and AI in the real world. Their primary example was how Opentext’s Magellan and Business Intelligence help law enforcement and members of government do their jobs. They argued that the use of AI can “help connect, blend, and analyze any and all things” to help organize and expedite the use of information.

To my surprise, machine learning and AI can already found in governments around the world. The European Defense Ministry uses this technology to monitor irregularities in tax documents, and the Government of Canada for assisting employees with common searches and predicting where documents may belong. The Alberta Energy Regulator is also using machine learning for predictive pipeline maintenance; predicting possible points of failure before it becomes an incident not only saves lives, but to optimize water usage. Attending this session only reaffirmed my belief that the future will revolve heavily around both machine learning and AI. I believe that as more AI more innovations come to light, the world will continue to grow more efficient.

Conclusion:

If you are studying digital forensics or even have an interest in the field, I highly recommend this conference. This conference really opened my eyes to a world filled with professionals and topics I had never even though of doing before. Seeing how attendees and speakers interacted with one another exposed me to the idea of life post-graduation. Providing me with opportunities and connections to utilize as my network grows. My attendance has only reaffirmed my strong passion for digital forensics, and the benefits the industry’s work brings to the world.

To learn more about the LCDI, take a look at our Facebook and Twitter pages or send an email to lcdi@champlain.edu!   

The post Applications of AI and Machine Learning appeared first on The Leahy Center for Digital Investigation.

by

Ransomware

Introduction

This year, I had the privilege of attending the OpenText Enfuse conference in Las Vegas. While there, I had the opportunity to develop my forensic abilities and build relationships with industry professionals, co-workers, friends, and many other wonderful new people. The breakout sessions provided me with deep level overviews of interesting topics like threat hunting, ransomware, cryptocurrency investigation, and the growth of digital forensics in the insurance industry. The last is of particular interest to me because I’ve worked in that industry for the past two summers. The lectures provided me with a contextual understanding and wide variety of perspectives on the larger ideas that drive digital forensics and cybersecurity. James Comey’s keynote session added a legal context to the benefits and drawbacks of encryption. He presented this in a way that allowed for new discussions to take place about data privacy and digital forensic investigations.

Held Hostage: A Ransomware Primer One session that particularly excited me prior to attending Enfuse 2018 was “Held Hostage: A Ransomware Primer”. Nick Hyatt, a Managing Consultant with Optiv Enterprise Incident Management, presented this breakout session.   The session defined ransomware in easy to understand terms. It then dug deep into how ransomware can infect systems and the impact that such an attack can have on a wide variety of operations. Hyatt traced ransomware from its beginnings in 1989, with the PC Cyborg Trojan,which would encrypt a system after 90 boots, to the current and more sophisticated ransomware attacks that have grown since 2013, such as WannaCry. Hyatt also explained the growth of ransomware as a service (RaaS) criminal organizations can use to hire attackers to launch attacks on specified targets.   The most common ways ransomware infects systems are through bad links in phishing emails and unpatched vulnerabilities in operating systems or software. Healthcare organizations are easy targets for distributing ransomware as their medical technology is often dated. This in turn provides a larger attack surface for dangerous actors. The oil industry is also a large target for ransomware attacks because workers are often remote, so malware is capable of traveling through shared networks across state and country lines.   Hyatt then covered several real world examples of how ransomware affects systems. Two healthcare organizations and a gas company were the targets of these attacks. In each instance, an initial infected system spread malware to shared folders where the damage multiplied, forcing the organizations to deploy backups. Everything regarding the defense against the attacks was reactive, meaning defense measures only began after the incident occurred.

Best practices for defending against ransomware lie in educating employees about the different ways ransomware can get into a network, patching out of date software, network segmentation to prevent spread, frequent backups, and email extension filters to prevent the delivery of unwanted file types. When employees are aware of these attack vectors, then they may begin to recognize the signs of obvious danger. Hyatt noted that the most important part of security awareness training is to explicitly explain what signs of suspicious activities look like. Show them! Hyatt stressed, “Security is about learning, not shaming.”

Conclusion

OpenText Enfuse 2018 allowed me to explore a wide variety of security topics in a very short amount of time, but if you ask me, too short. I could’ve spent another week attending sessions like these to get my finger on the pulse of conversations happening now in the security and digital forensics fields. The experience was invaluable from every perspective imaginable.

To learn more about the LCDI  or our projects.  Follow us on our Facebook and Twitter pages or send an email to lcdi@champlain.edu!   

The post Ransomware appeared first on The Leahy Center for Digital Investigation.

by

Bits Behind the Coin

:  Following the Trail of a Cryptocurrency Investigation

This year at Enfuse, John Wilson, a digital investigator from Discovery Squared, LLC presented “Bits Behind the Coin: Following the Trail of Cryptocurrency Investigation.” This session presented a lot of valuable information regarding the ins and outs of blockchain and cryptocurrency. I will be breaking down some of the content learned and will apply it to how blockchain technology can support a forensic investigator.

Blockchain and cryptocurrency: two technologies that have forever changed how the world views money, peer-to-peer communication, and even processing power. These terms can be a little overwhelming for readers, but I’ll be breaking down how these technologies work. Lets get started!

What is peer-to-peer networking?

Peer-to-peer (P2P) networking is not a new concept. It has been around way before the internet when computing was first new and exciting. It allowed people to share information between one computer and another. This was the most basic type of network, but since the spread of the internet throughout the world, we have seen a comeback of P2P sharing with torrenting and also music services such as Limewire. It is important to note that these technologies use P2P to allow users to download and access files. There is no central place where the shared files are stored, but these devices communicate directly to transfer data. P2P networking is also difficult to stop, and there is no central authority who can take action to prevent files from spreading.

What is blockchain?

Blockchain uses P2P networking to send immutable data to a group of users. This can be information such as files, pictures, text, or even raw data. All data that is sent to blockchain cannot be changed, and everyone who sends new data to the blockchain must always be up-to-date with the latest block. It is important to re-state that blockchain is decentralized, so once the information is released, there is no way to remove it from the clients it’s shared with. There are many modern-day uses for blockchain. Large corporations such as Maersk and Walmart use blockchain to keep track of product shipments. Blockchain has many uses but cryptocurrency marks only one modern use.

What is cryptocurrency?

Cryptocurrency is a virtual currency which utilizes blockchain technology. With the rise of Bitcoin, using this technology has sparked a lot interest with decentralized currency. There is no central authority that has access to bitcoin wallets — only their owner. Due to the decentralized nature, this makes transactions nearly anonymous, and only a finite amount of information can be gathered from forensics. At Enfuse this year, John Wilson taught about how you can investigate cryptocurrency wallets to see past transactions and even how you can use this information with tools to see the flow of money. This is a very challenging task because of the anonymized nature of cryptocurrency.

Conclusion

Using forensics to gather information about cryptocurrency transactions is not an easy task. Unfortunately, the anonymity of cryptocurrency makes it more difficult, and the only investigation that can truly be done is gathering data. Butwait – there’s more! Before I mentioned that blockchain is “immutable.” This means that information within the blockchain cannot be changed. However, this also means that every client with the blockchain on it can see the information that has been transferred in the past. One of the problems we face is if the information contained is illegal or contains contraband. This can make investigations extremely difficult if the source of the contraband cannot be determined. Mostly relying on the past can help put pieces together. Blockchain in the future, if used in a non-anonymized fashion, will speed up the amount of time an investigation will take due to its ability to keep track of the past.

There is so much complexity to cryptocurrency that Wilson spoke about, it truly revealed a lot of the challenges faced when dealing with it. Thank you to Mr.Wilson and Enfuse for providing the opportunity to learn about these new technologies, and the challenges we face moving forward in digital forensics.

To learn more about the LCDI  or our projects.  Follow us on our Facebook and Twitter pages or send an email to lcdi@champlain.edu!   

The post Bits Behind the Coin appeared first on The Leahy Center for Digital Investigation.