Forensic Blogs

An aggregator for digital forensics blogs

by

AMSec Project Introduction

The U.S. Department of Defense released the highly anticipated Cybersecurity Maturity Model Certification (CMMC) version 1.0 on January 31, 2020. This model serves as a unified standard for implementing cybersecurity controls across the defense industrial base which applies to over 300,000 entities across the country. With the increasing amount of supply chain attacks disrupting and compromising sensitive information concerning national security, the CMMC seeks to rectify major malpractice via this uniformed model.

From the official CMMC Government Portal: “The Cybersecurity Maturity Model Certification framework includes a comprehensive and scalable certification element to verify the processes and practices associated with the achievement of a cybersecurity maturity level. CMMC can adequately protect sensitive unclassified information, accounting for flow down to subcontractors in a multi-tier supply chain.”

The current CMMC framework is based on a variety of pre-existing standards including the highly influential ISO 27001 and NIST SP 800-171, which both pertain to the protection of controlled unclassified information in non-federal organizations as well as general best practices when handling sensitive information of any kind that does not belong to you or the organization you may represent. The idea of a maturity model stems from the tier-based approach to compliance in which 5 total levels of maturity can be reached, each broken up into a variety of best practices and controls:

These best practices make up a total of 17 Capability Domains including Access Control, Risk Management, Media Protection, Incident Response, and more. The CMMC Accreditation Board breaks down these domains into the 171 best practices depicted in the graph I’ve created above.

With the topic of supply chain risk becoming increasingly relevant, and with the new Biden Administration revisiting and amplifying current Cybersecurity controls and measures, such as the CMMC, we will continue to explore the topic of federal compliance over the coming weeks, breaking down these aforementioned controls even further and helping you to understand where you may fall into this complex framework.

STAY UP TO DATE WITH TWITTER, INSTAGRAM, FACEBOOK, AND LINKEDIN SO YOU KNOW WHAT WE’RE UP TO!

Written By: Austin Grupposo'23 // Digital Forensics & Cybersecurity

The post AMSec Project Introduction appeared first on The Leahy Center for Digital Forensics & Cybersecurity.

by

10 Cybersecurity Tips You Should Know!

Stay safe with your devices and while going online by using these cyber tips of the month! Practicing good habits with your devices and your activity online is crucial to keeping you and your information safe, along with others who might be connected to you in some way. Use these tips to put your best foot forward while navigating the digital world!

Don’t click on links without thinking; make sure to inspect links and know they are from a trusted source before clicking, since malicious links can do damage in many different ways to your devices.

Be sure to connect securely when connecting to different networks. Unsecured connections can have negative consequences, so only connect to private networks when you can, especially if you’ll be handling some private and sensitive information.


Make sure your mobile device is secure! A lot of us hold private information on these devices and bring them with us everywhere, so it is important that they are protected from others. A few protective measures to put in place include a strong password, turning off automatic connection to public Wi-Fi, turning your Bluetooth off, and downloading anything with caution.


Never leave your devices unattended! The security of your devices is not only important digitally, but also physically. Lock up any phones, laptops, or tablets so no one can access them. For desktops, lock them or shut them down completely when unattended.


Always be careful with what you plug into your computer. Never use something such as a USB drive if you don’t know where it came from, as it could potentially have malware on it.


Make sure that all of your online shopping is done safely! Don’t shop from a computer and a network that you don’t own, and make sure to be careful about which websites you shop at. It is also smart to make sure you are using a strong password, and that you aren’t saving your card’s details and information in an online account.


Keep your device clean! Regularly remove applications that you don’t use, making sure your device won’t have old, lingering apps that may provide vulnerabilities for criminals to use.


Make sure to use unique passwords for all of your different accounts and devices. The best and safest passwords are at least twelve to fifteen characters and have numbers, letters, and symbols in them. Avoid using common phrases to build your passwords, as well as any type of personal information.


Be careful with what you post online! Social media is a place where criminals can gather and learn a lot of information just from what you post. Consider what you put out there, and also consider who is able to see your page. You can always go in and change your privacy settings too!


Practice good habits online; what you do has the potential to impact others at work, at home, or even somewhere else around the world, so practicing good online habits benefits everyone.

STAY UP TO DATE WITH TWITTER, INSTAGRAM, FACEBOOK, AND LINKEDIN SO YOU ALWAYS KNOW WHAT WE’RE UP TO!

The post 10 Cybersecurity Tips You Should Know! appeared first on The Leahy Center for Digital Forensics & Cybersecurity.

by

Amy Keigwin On Being A Women In Tech And Her Past Intern Experience

Our next Women’s History Month worker spotlight is Amy Keigwin! Keigwin is a second-year Computer and Digital Forensics major from Franklin, Massachusetts. She is currently working on the SOC Tier 1 project and has been an Intern in Research in the past for the Leahy Center. Her other experiences outside of the Leahy Center include being a Conference Intern for the MAVA Connection for Success Conference, and a Data Entry Intern for CTS Services.

What made you choose to major within the information technology field?

I have always been interested in computers and technology from a very young age, so when I went to a vocational high school, that desire to learn computer science just intensified, and led me to pick an area, cybersecurity, and my specific degree.

What was your first experience with technology?

My first experience with technology was as a child using my family’s PC to play flash games, card games, and make drawings for my parents in MS Paint.

Are there any females in tech that you look up to?

Not really. My role models are usually my teachers, especially my high school networking and programming teacher. She worked really hard to make sure that all of her students understood the content, and was a big advocate for me and the other women in my class, always encouraging us to apply for scholarships, certifications, and awards. I was even nominated to go to a few conferences because of her!

What are the pros and cons of being a woman in tech?

A few pros of being a woman in tech are that my opinions about a certain task are taken seriously and that I am generally more marketable to companies, so finding a job isn’t as difficult. A few cons are that I am generally one of, if not the only, woman on my team, and it can be harder to integrate myself into a team that is male-dominated, especially if interests are not shared.

Is it daunting to be working in a male-dominated field?

It can definitely be daunting working in a male-dominated field, especially when I am the newcomer and the team I am joining is already well-established. However, I find that time can lessen a lot of that distance, and knowing a few people from classes before joining my team at the Leahy Center helped make things easier.

What advice would you give to younger women who are interested in getting into the tech field?

Develop a backbone, and learn to stand up for yourself. You’re going to encounter adversaries from colleagues and bosses alike, and learning to say “no” is an incredibly valuable skill. Along the same line, make contacts with people in different departments and learn the people in HR. Having a good reputation keeps your integrity from being as heavily questioned, and makes you a more valuable employee.

Why is it important to have women in the tech field?

I think it’s really important to have women in the tech field not only for the bridging of gender equality but also just for the fact that people have different perspectives based on life experiences. I think women stand to bring a lot of ideas and experience into any field, particularly the tech field, where being innovative is the name of the game. There’s also just the simple fact of giving young girls more female role models to help motivate them into going into fields they may have not previously considered because it doesn’t follow gender stereotypes.

What would you like to achieve in the tech field in the future?

Right now, I want to be a digital forensics examiner working in the public sector. As such, providing evidence to a court and that being integral to a conviction is something I want to achieve. Aside from that, just raising more awareness about women in tech is a goal I would like to work towards, especially if that means I get to work with organizations where I have participated in their competitions, like CyberPatriot.

STAY UP TO DATE WITH TWITTER, INSTAGRAM, FACEBOOK, AND LINKEDIN SO YOU ALWAYS KNOW WHAT WE’RE UP TO!

The post Amy Keigwin On Being A Women In Tech And Her Past Intern Experience appeared first on The Leahy Center for Digital Forensics & Cybersecurity.