Forensic Blogs

An aggregator for digital forensics blogs

by

Top Tech Podcasts Of April 2021

Keeping up to date with all things technology is easy with April’s podcast list! These highlighted podcasts cover a wide range of technology, from discussing the history of cybercrime and what it looks like today, to understanding the best ways to navigate your life in a digital age. They range from short, seven-minute bursts, to full fledged hour and a half deep dives, meaning there is something for everyone. Happy listening!

How I Built This is hosted by Guy Raz, an acclaimed radio and podcast personality. This NPR podcast focuses on the stories from the creators or some of the world’s best known companies, and how they came to be. These entrepreneurs and innovators transparently discuss the ways in which their businesses have come to be over the decades, with ideas and lessons left behind that can be applied to businesses of any size.

The Cyberlaw Podcast is hosted by Stewart Baker, a partner of Steptoe & Johnson LLP. The podcast is a series of weekly interviews and discussions about current events concerning technology, privacy, government, and security. Baker talks with politicians, reporters, academics, and authors, often focusing on where cybersecurity intersects with the law, and offering different opinions and debates on the topics.

Pivot is hosted by Kara Swisher, New York Magazine Editor-at-Large and Co-Founder of Recode, and Scott Galloway, a Marketing professor at NYU. This podcast discusses some of the biggest stories in business, technology, and politics every Tuesday and Friday morning. They offer their insights and opinions on the stories, lending their strong personalities to the case.

Darknet Diaries is hosted by Jack Rhysider, a knowledgeable member of the security world who has previously worked in a security operations center for a Fortune 500 company. This podcast focuses on the dark side of the web, such as stories involving cybercrime and hackers. Darknet Diaries aims to “capture, preserve, and explain the culture around hacking and cyber security in order to educate and entertain both technical and non-technical audiences.”

The CyberWire is a collection of podcasts created by the CyberWire team. These podcasts allow you to keep yourself up to date on all things happening within cyberspace, and to understand the current threats and issues happening within cybersecurity. The collection of podcasts lets you choose your preferred version of information about cybersecurity, whether it be the Daily Podcast which focuses specifically on the news, Career Notes which focuses on cybersecurity professionals, or more.

7 Minute Security is hosted by Brian Johnson, a security enthusiast who’s spent around twelve years working in IT before shifting to focus on information security in 2013. The podcast focuses on helping listeners build a career in security, with information about pentesting, blue teaming, technical security tests, online privacy tips, and more. Each podcast is only around seven minutes long, making it easily digestible content and perfect for people who can’t dedicate an hour or so of their time to listen to a full length podcast.

Back to Work is hosted by Merlin Mann and Dan Benjamin. Their podcast focuses on the convergence between people, technology, and work. Their discussions range from communication, different types of constraints and barriers, productivity, and more.

Smashing Security is hosted by Graham Cluley and Carole Theriault, two veterans of the computer security industry. This podcast takes a lighthearted approach to the news and views of cybersecurity, hacking, online privacy, and more, allowing you to laugh as you take in the helpful and educational information. Despite this different approach from most cybersecurity podcasts, the hosts are still able to handle the weighty topics easily.

Note to Self is hosted by Manoush Zomorodi. The podcast focuses on how to navigate your life in the digital age, and as the podcast’s website describes, it is “your weekly reminder to question everything.” The show focuses on the way technology is impacting different parts of our lives, and how to use it effectively without falling into traps.


Malicious Life is hosted by Ran Levi, an author of three books who’s worked as an electronics engineer and programmer for a few high-tech companies in Israel. The podcast focuses on the evolution and history of the cybersecurity industry, through interviews with experts, politicians, and hackers. This podcast is made for anyone interested in the background history of cybercrime, and the state that it is in today.

The post Top Tech Podcasts Of April 2021 appeared first on The Leahy Center for Digital Forensics & Cybersecurity.

by

Recovery of Data Fall Blog 1

Comic about data recovery Data Recovery Project Goal

This semester, The Leahy Center for Digital Investigation created a project to solve issues related to data recovery. This project shows that the average user often does not truly delete their data, and that it is possible to recover this data without spending money on high end tools, such as EnCase and Axiom. These are tools which range from $1,700 to $4,800 a year. The Data Recovery Team at the LCDI has researched free tools that anyone can use to recover deleted files, whether you are someone who has erased files they need or the next owners of a poorly wiped drive. 

Is data ever “deleted”?

PC hard drives often contain data known as Personally Identifiable Information, or PII. This includes names, credit card numbers, addresses and other information important to one’s personal life. This is why true data deletion is so important. The average user doesn’t understand that they’re not actually deleting their data. The fact that this data is not always deleted is what can lead to the leak of the user’s PII when they sell the drive. One can truly delete their data by using the common standards for wiping drives.  

Visual vs Actual Deletion

Many people assume that they are deleting the file when it is no longer visible (for example, after it is in the recycle bin). This is never the case. After dragging said file to the bin, the user still needs to empty it. Even when the user empties the bin, the user has not actually deleted the file. When a user drags a file to the Recycle Bin, all that does is remove the link to said file from the user. The user has hidden the data, not deleted it. It will stay available on the computer until that part of the hard drive is overwritten by other files.

Proper Data Recovery Services

To achieve proper data deletion, one needs to use common drive wiping standards, such as US DoD 5220.22-M. This standard implements a three pass system, working as follows:

First pass: Overwrite all addressable locations with binary “zeroes”. Second pass: Overwrite all addressable locations with binary “ones”. Third pass: Overwrite all addressable locations with a random bit pattern Verify the final overwrite pass.

Another common standard for deleting data is the NIST method. This method describes different types of sanitation for drives, and recommends using more than one type.

Who Cares?

Net collecting black, yellow and white squares symbolizing data.

One of the most important questions that we at the Data Recovery Team ask is: why does any of this matter? This information can serve to help the user protect their PII. Whether it is by teaching the user how to delete their data, or teaching them how to recover it. This means that a normal user could recover their data without having to spend a lot of money. We understand that sometimes accidents happen and data may get erased unintentionally. Hopefully, with the information that this project will provide, users can retrieve their own lost data. 

Be sure to look for future posts and stay up to date with Twitter @ChampForensics, Instagram @ChampForensics, and Facebook @ChamplainLCDI!

 

The post Recovery of Data Fall Blog 1 appeared first on The Leahy Center for Digital Forensics & Cybersecurity.

by

Leveraging PowerShell & Python MUS 2019

Leveraging PowerShell & Python for Incident Response & Live Investigation With Chet Hosmer

Recently, I had the great opportunity to attend the 2019 Magnet User Summit hosted by Magnet Forensics in Nashville, Tennessee. Presenters at the Magnet User Summit dedicate their time to presenting new research, demonstrating new techniques, and teaching users in the fields of digital forensics and investigation. There were many great presentations and labs that I attended and learned so much from!

As someone who uses Windows PowerShell and Python for scripting, I took notice in a presentation called “Leveraging PowerShell & Python for Incident Response & Live Investigations” presented by Chet Hosmer, founder of Python Forensics. I was excited to find new ways to expand my knowledge of PowerShell and Python and increase my proficiency.

PowerShell and Python

Windows PowerShell is a command shell and scripting language created by Microsoft. It provides more features and functionalities than Windows basic command line. System and network administrators use PowerShell for automation and also forensic investigators. PowerShell excels at automation and acquiring evidence and artifacts from the system. It has recently been made available for other operating systems including Linux and OSX. Making it even more powerful and useful. Python is an object oriented scripting and programming language. It’s a simple language that’s easy for beginners but still powerful enough for the more experienced users. It’s been integrated into many popular tools for digital forensics, cybersecurity, and incident response.

One point that Hosmer highlighted is that Microsoft’s PowerShell really excells at evidence and artifact acquisition, while Python is good at analysis and examination of data. Therefore, combining these two programs would create a powerful platform for DFIR. To accomplish this, he has created two methods of integration between the two programs.

Image taken from Chet Hosmer

Integrating PowerShell and Python

The first method involves creating a Python script that would accept PowerShell parameters as input, launch PowerShell, and pass those parameters to a PowerShell script. That would then read, analyze and present the results. The second method begins with a PowerShell script. The PowerShell script would launch Python and run through the PowerShell scripts, piping its results to a Python script for it to analyze and organize the data. Both methods will work equally, but if one is more experienced in PowerShell, they may want to use the second method and vice versa. Using the ‘subprocess’ command in Python allows for variables to pass through a PowerShell script. PowerShell can input to Python using a standard pipe, like “| & $Python $Script”. Users can then use he piped data with “stdin” in Python.

With the rise of cloud infrastructure and international use, Hosmer also demonstrated that PowerShell is capable of interacting with and accessing Microsoft Azure logs. Azure is Microsoft’s cloud platform created for large businesses and enterprise. Cloud has become a large source of data and potential evidence for digital investigators, but is often harder to access and difficult to integrate into programs. In order to interact with azure, the user installs a PowerShell module called ‘AzureRM’  using the ‘Install-Module’ cmdlet in PowerShell. Once installed, PowerShell will have access to thousands of more powerful cmdlets dedicated to Azure.

Conclusion

Over my two days at Magnet User Summit, I met with many professionals and had a great time attending presentations on new technologies and techniques. I also learned how to use the tools created by Magnet and improve my forensics skills. While I really did learn a lot from the summit and had plenty of fun too. I am glad I got this great opportunity to learn and network with industry professionals. Thank you to both the Leahy Center for Digital Investigation and Magnet Forensics for giving me this great opportunity.

 

Blog written by Champlain College sophomore Chris Mathieson

Be sure to check us out on Twitter @ChampForensics, Instagram @ChampForensics, and Facebook @Champlainforensics to see other important information pertaining to our project!

The post Leveraging PowerShell & Python MUS 2019 appeared first on The Leahy Center for Digital Investigation.