Forensic Blogs

An aggregator for digital forensics blogs

by

Internet of Things at Magnet User Summit 2019

INTRODUCTION

During the first week of April, I had the privilege of attending the Magnet User Summit in Nashville, Tennessee. Previously held as a separate training right before or after EnFuse in Las Vegas, the Magnet User Summit is a two day conference put on by Magnet Forensics. It features talks and hands on labs covering a wide gamut of topics within the field of digital forensics. I’m grateful for the chance to attend as the keynotes and lecture sessions were all enjoyable. I learned so much about the field of digital forensics directly from industry professionals.

INTERNET OF THINGS FORENSICS

One of the favorite sessions I attended was actually my first session, which was “Internet of Things Forensics”, presented by Jon Rajewski, the director of the LCDI. During the roughly hour long talk, Jon talked about a number of popular Internet of Things (IoT) devices, including the Amazon Echo, Facebook Portal, and the Nest suite of smart home devices. Jon went into detail about each of the devices and his findings about them as a forensic investigator.

One of the more intriguing products Jon discussed was the Facebook Portal.  Jon found that the Facebook Portal ran Android and accessed Facebook via a web portal rather than an application like on our phones. He went into detail about several IoT devices and showed the findings from the LCDI. The culmination of this work is an IoT artifact reference which they’ll release for open use. Through attending Jon’s talk, I learned a lot about the inner workings of IoT devices and their true security.

CONCLUSION

As the Magnet User Summit drew to a close, it was bit bittersweet to leave. Besides the fact that Nashville neared 75 degrees unlike Burlington, I had an incredible opportunity to learn. I gained more knowledge about digital forensics and networked with industry professionals! I am incredibly thankful to Champlain College, the LCDI, and Magnet Forensics for the opportunity to attend this year’s summit. Hopefully I’m able to attend another conference next year!

 

Blog written by Champlain College‘s Jackson Wajer.

Be sure to check us out on Twitter @ChampForensics, Instagram @ChampForensics, and Facebook @Champlainforensics to see other important information pertaining to our project!

The post Internet of Things at Magnet User Summit 2019 appeared first on The Leahy Center for Digital Forensics & Cybersecurity.

by

Exploring Axiom 3.0 and the Child Protection System at MUS 2019

Introduction:

This past April, I had the opportunity to attend the Magnet User Summit 2019 as a representative of Champlain College. This year marked my first year attending a conference in addition to being a first-year student. I couldn’t be more grateful for this opportunity, and I consider myself lucky to have networked with industry professionals and learn from them as an undergraduate student.

Session Review:

Child Exploitation: Collaboration to combat online child sexual exploitation

One of my favorite session from this year’s conference was “Child Exploitation: Collaboration to combat online child sexual exploitation”. Bill Wiltse and Patrick Beaver, two professionals from Child Rescue Coalition, presented the session. Wiltse and Beaver gave a compelling presentation on how people use Magnet Forensics’ new launch of the Axiom 3.0 in collaboration of the release of the new site to help catch sex offenders.

The new site is CPS, also known as Child Protection System. This originally started in 2004, but redone as of 2019. CPS site monitors nine systems that sex offenders frequent and what happens if that they bring all the data back and put in a joint centralized data. It then examines the results and stories it in a document as evidence. On average 20-30 million records go into this database a day. CPS is a centralized database of all the targeted sex offenders in a region. In 2010 it was discovered that this database is so trustworthy, law enforcement officers use it as the sole basis for search warrants, its original purpose.

Axiom comes into play here as it highlights IP addresses using key words linked to child exploitation. This program can detect how many files are on a predator’s computer, the profile make-up of the victims, and intent to distribute or cause physical harm.  

Conclusion:

My biggest takeaway from this session was how useful Axiom is with the centralized database to catch sex offenders. Both professionals highlighted how this database is constantly providing useful information to law enforcement to make decisions about threats.

MUS provided me with opportunities to broaden my understanding of the digital forensic and cybersecurity industries. I also got to connect with others who are just as passionate about these fields as I am. Even more, I was able to explore and experience Nashville with my friends! I’d like to thank Magnet Forensics and Champlain College for affording me the opportunity to attend Magnet User Summit 2019. I can only hope to attend another conference next year!

 

Blog written by Champlain College first year Angel Gallien.

Be sure to check us out on Twitter @ChampForensics, Instagram @ChampForensics, and Facebook @Champlainforensics to see other important information pertaining to our project!

The post Exploring Axiom 3.0 and the Child Protection System at MUS 2019 appeared first on The Leahy Center for Digital Forensics & Cybersecurity.

by

Magnet User Summit Experience

Thanks to Champlain College, I was able to attend this year’s Magnet User Summit. As a first year, I was concerned as to how well I would understand the topics and concepts. However, I found that I was well prepared. My internship this semester at the LCDI helped most of all, as it provided me with knowledge not just of digital forensics, but of the work environment as well. The conference was fascinating, and I was able to learn more about the ever-changing environment of ITS.

Improvise, Adapt, and Overcome

The Improvise, Adapt, Overcome: A New Mantra for Digital Forensics Professionals lecture was presented by Cindy Murphy, president of Gillware Digital Forensics. The talk focused on challenging the unwritten rules and truths of cybersecurity and digital forensics and turning to improvise, adapt, and overcome obstacles. Specifically, it challenged the rules and knowledge of imaging, firmware, and hardware. With imaging, Murphy discussed how an image that shows all zeros it is not actually empty. You’re also not getting a full forensic image from a hard drive. Murphy also mentioned the importance of investigating NAND flash memory, which is often overlooked.

With firmware, Murphy discussed how important its role is as the go-between for hardware and operating systems, and how its role is frequently underestimated. Hardware has this similar issue of being neglected in investigations. In fact, removing chips from damaged hardware to identical functioning hardware can be incredibly helpful with investigations. Most importantly, Murphy argued members of the ITS industry need to learn to keep moving forward in this ever-changing environment.

Guest Keynote on the Evolution of the Digital World

The guest keynote was presented by Ovie Carroll, director of DOJ CCIPS Cybercrime Lab, SANS instructor, and author. He reflected on the evolution of the digital world and segued into the newest innovations of the modern day and what’s to come. This included Bluetooth stones and other similar devices, which currently serve as miniature hotspots that relay information to smartphone-clad passerby and clouds. Carroll explained how clouds add value to the pre-search phase of investigations. Cloud storage is becoming more common, lessening the value in seizing hardware and increasing obtaining data before it’s deleted remotely. He also discussed the rising frequency of encrypted computers, and the importance of RAM images, encryption, and hard drive images. We were reminded and provided digital examples of Locard’s evidence transfer principals.

Discussions relating to mental health and self-confidence were brought up as well. We were reminded there’s no such thing as a full forensic investigation and that you will always miss an artifact. As a result, the investigator shouldn’t feel disheartened when their data is passed to a second pair of eyes. In fact, a collaborative approach to forensics analysis was recommended and was echoed by many in the following talks.

Powershell vs Python

The Leveraging Powershell and Python for Incident Response and Live Forensic Applications lecture was presented by Chet Hosmer, author of Python Forensics. The fundamentals, integration, and applications of both Powershell and Python were discussed. Hosmer presented Powershell as a great acquisition engine that provides digital investigators with a set of cmdlets and access to the internals Windows, Linux, and Mac desktops and cloud services. He presented Python as a relatively straight forward, understandable, and object-oriented scripting language. Its environment allows for the rapid development of new tools, deep analysis, automation, and the correlation of evidence. Hosmer then demonstrated two different integrations live. Both of these integrations allow for better solutions for incident response, live forensic investigation, and e-Discovery.

I was able to attend many other lectures as well, such as the Magnet Forensics keynote, the Panel of Corporate Forensics Experts, and the Axiom Essentials Lab. The conference covered a wide range of fascinating topics, yet provided a consistent environment that was friendly and inviting. Other participants were eager to speak with Champlain students and viewed us as  equals, sharing tips and engaging in discussion. It’s a community myself and other students are excited to participate in, and hope to again at the next conference!

 

Blog written by Champlain College first year Hayley Froio.

Be sure to check us out on Twitter @ChampForensics, Instagram @ChampForensics, and Facebook @Champlainforensics to see other important information pertaining to our project!

The post Magnet User Summit Experience appeared first on The Leahy Center for Digital Forensics & Cybersecurity.