Forensic Blogs

An aggregator for digital forensics blogs

by

Application Analysis

Introduction:

The Application Analysis team is a group of technical interns at the Leahy Center for Digital Investigation. The LCDI offers  great opportunities for students to gain knowledge and skills in digital forensics and cybersecurity. This project is how four intern students have gone about testing some consumer mobile tracking & monitoring software.

Experience:

The Application Analysis team has currently been researching four different mobile tracking & monitoring programs available in today’s market. The programs we are looking at are mSpy, FlexiSpy, Mobistealth, and Highster Mobile. We are researching the specifications that each of these applications claims to have. We have five Nexus 7 tablets, four of which are rooted using Nexus Root Toolkit and one that is being used as the control device. A control device is a device that you leave in its original state to compare with other devices so you can see what has changed. Sometimes unexpected things will change and that is how you can confirm that it has been altered. We have a laptop that is being used to monitor the traffic via WireShark and also used as the control panel for the software.   

Our team is using the following apps: Google Hangouts, Facebook, Facebook Messenger, Kik, and Skype. We are generating data by sending information between the rooted device and the control device using these various applications. We are seeing if we are able to view all the information that we generated and are checking on whether any data is not collected.

In addition, we are testing if video calls are recorded and sent to the parents’ account. We have set a keyword to test the capability of specific programs to see if it alerts the parent when the keyword is used. Since the first program that we tested has the capability of Geo-Fencing, we decided to test for this capability as well. Geo-fencing means if a device leaves a certain location, there would be an alert sent to notify the parent that the device has left the specified location.

Conclusion:

We have created a variety of questions that we would like to look further into with each of the programs, including if the software can be hidden on the device. Stay tuned to read further updates on this project and the information we continue to gather from our devices.

 

To learn more about this and other blogs of the LCDI visit us here: LCDI Blog.

Stay in the loop on our current and upcoming projects and events by following us on Facebook,  Twitter, or Instagram. 

 

The post Application Analysis appeared first on The Leahy Center for Digital Investigation.

by

LCDI Intern Blog Series: Meet Madi!

Interning at the LCDI: Madi’s Journey

About one year ago, I found myself setting foot on Champlain College grounds after a tiring fifteen hour drive from Charlotte, North Carolina. My dad miraculously agreed to visit this random college that I found on the internet with me. I discovered Champlain has an actual Digital Forensics major, which is rare across the country (especially in North Carolina), so I knew I had to make the journey to see it in person. The major itself got me to visit, but what really hooked me was the Leahy Center for Digital Investigation, or as I now know it: the LCDI.

Our visit to the LCDI was a stop-off in our final minutes of the day, right before we were about to start our long drive back. Inside I discovered an opportunity to get real world experience in the digital forensics field while in college. And even more, I was told I could start my first year! This locked in Champlain as my first pick, and I finished my application and submitted it later that very same week.

Needless to say, I got in and am now almost halfway through my first semester at Champlain. A couple of weeks before I started, I received an email with information on how to apply to be an intern at the LCDI during my first semester. I completed the application and interviewed for the position my second day of school. A week later I was thrilled to hear that I was accepted and placed on the Tool Evaluation team. I’d work eight to ten hours a week, in addition to completing occasional assignments for an internship class that’s paired with the work experience. This brought my total credits for this semester to eighteen, which, to be honest, seemed daunting at first. But in my experience so far, it’s all been very manageable.

My internship at the LCDI is just one of the factors that’s made my experience at Champlain different from most of my friends. In high school I went to a middle college, which allowed me to complete my Associate’s Degree in Information Technology Fundamentals during my junior and senior years. Forty-four of my sixty credits transferred to Champlain, so on paper, I technically came in as a sophomore. Because of this status, I’m already taking upper level courses. It has been fascinating working with students of every level, and each of my classes has a different dynamic.

The biggest difference I have noticed so far between home and Burlington is the amount of people who walk everywhere. In Charlotte, everyone drives to get anywhere because most of the city is spread out. It’s nice having a downtown area within walking distance I can visit whenever I want while here at Champlain. One thing I still have to get used to is the cold, but I’m definitely on the fast track to acclimate soon enough.

The post LCDI Intern Blog Series: Meet Madi! appeared first on The Leahy Center for Digital Investigation.

by

Tool Evaluation: Autopsy Blog

Introduction

For this intern project, we have chosen to research and analyze the digital forensics tool Autopsy. This tool is open source and the graphical interface for a set of command line tools called the Sleuth Kit. We chose Autopsy because neither of us were familiar with the tool, and we both wanted to learn more about it. By researching Autopsy, taking notes, and testing it out, we have become very familiar with the tool.

Personal Experiences Joint Experience

Before working on this Tool Eval project, neither of us had worked with Autopsy before. It was a completely new experience to use the open source tool and experiment with everything it could do. As we started to research and practice using Autopsy, we learned that it was one of the more user friendly tools based on design and a number of other features. Even if the tool didn’t have all of the exact same capabilities as a tool like EnCase v.8.07, it still got the job done. We found out that Autopsy is a shell for a set of command lines. This helps us because it makes the Sleuth Kit, which is a very useful tool, more accessible to the average person.

Lyall’s Personal Experience

As a Second Year (or Sophomore in the rest of the world) at Champlain College, I had encountered Autopsy only by name, having primarily used EnCase in my classes. Autopsy was totally different than what I was expecting. It offered a good layout, but kept the features in the same locations across the different versions. These locations also made sense as to where they were located in the entire program.

Since working on this project, I have downloaded Autopsy for my personal use to complete my assignments at home. This extra practice has really cemented the fact that Autopsy offers similar tools in a great format. The fact that it also provides different formats to get reports and saves evidence from an E01 format and a Dd/Raw format means that I can see the same data in whatever format I need in that moment.  

Right from the beginning, Autopsy provided me with a positive user experience. Without even using my notes, I was able to figure out how to use it appropriately the first time around. It’s really allowed me to become more familiar with how the digital forensics process works.

Madi’s Personal Experience

This is my first year at Champlain College. Before interning at the LCDI, I never touched a digital forensics tool. I did not even fully know what a forensic image was, or that there were certain file types associated with images. Having the opportunity to conduct independent research, as well as working with a partner, has allowed me to become very familiar with this tool in a short amount of time. My partner, Lyall, is on her second year at Champlain. With the help of someone who is more experienced in how these tools work, I have been able to learn by doing instead of being limited to YouTube guides and other online resources.

The Future

After doing extensive research on our tool, it is now time to get our hands dirty using Autopsy. As a larger group with the entire Tool Eval team, we have been working on creating a scenario to test our tools and put them through their own version of the Hunger Games. The past couple weeks have been dedicated to data generation and extensive research. Since generating that data, our next step is to analyze it using the forensic processes that we learned about from our research. The main goal will be to find out the full capabilities of our tools and compare them, since we already know what the data is. We look forward to sharing our results in the near future!

 

To learn more about this and other blogs of the LCDI visit us here: LCDI Blog.

Stay in the loop on our current and upcoming projects and events by following us on Facebook,  Twitter, or Instagram. 

The post Tool Evaluation: Autopsy Blog appeared first on The Leahy Center for Digital Investigation.