Forensic Blogs

An aggregator for digital forensics blogs

by

Applications of AI and Machine Learning

Enfuse 2018 Reflection – Zach Burnham

Introduction:

This past summer, I had the honor of attending this year’s Enfuse Conference, the first iteration hosted by Opentext. As a rising senior at Champlain College, this opportunity fell at a critical time for me in my professional development. Attending allowed me to build on the knowledge I’ve gathered in my previous courses, and my time at the Leahy Center for Digital Investigation. Through conversations with some of the greatest minds currently in digital forensics and cybersecurity. Besides networking, the conference also allowed all attendees to sign up for an array of classes with pins you could collect from each class. This was aimed to help start conversations with others with the same interests who may have been walking by. One of the classes offered at the conferences this year covered a recent new interest of mine: artificial intelligence (AI).

Top Applications of AI & Machine Learning Session Review

There were two speakers for this session. The first was Alexis Mitchell, a Principal Data Scientists for Opentext with a background in HP, Recommind, and DARPA. The second speaker was Zachary Jarvinen, also from Opentext, who works in their Product Marketing department for Analytics & AI and has a background in Epson, tapClicks, and the United States Department of State. Together, they talked about the implementations of machine learning and AI in the real world. Their primary example was how Opentext’s Magellan and Business Intelligence help law enforcement and members of government do their jobs. They argued that the use of AI can “help connect, blend, and analyze any and all things” to help organize and expedite the use of information.

To my surprise, machine learning and AI can already found in governments around the world. The European Defense Ministry uses this technology to monitor irregularities in tax documents, and the Government of Canada for assisting employees with common searches and predicting where documents may belong. The Alberta Energy Regulator is also using machine learning for predictive pipeline maintenance; predicting possible points of failure before it becomes an incident not only saves lives, but to optimize water usage. Attending this session only reaffirmed my belief that the future will revolve heavily around both machine learning and AI. I believe that as more AI more innovations come to light, the world will continue to grow more efficient.

Conclusion:

If you are studying digital forensics or even have an interest in the field, I highly recommend this conference. This conference really opened my eyes to a world filled with professionals and topics I had never even though of doing before. Seeing how attendees and speakers interacted with one another exposed me to the idea of life post-graduation. Providing me with opportunities and connections to utilize as my network grows. My attendance has only reaffirmed my strong passion for digital forensics, and the benefits the industry’s work brings to the world.

To learn more about the LCDI, take a look at our Facebook and Twitter pages or send an email to lcdi@champlain.edu!   

The post Applications of AI and Machine Learning appeared first on The Leahy Center for Digital Investigation.

by

Beyond Digital Forensics

Introduction

When I first found out I was going to attend OpenText Enfuse 2018, I wondered how my major and minor would fit into the conference. I’m a computer information technology major and have a minor in cybersecurity. I was going to a conference marketed towards digital forensics. I assumed I would have a hard time finding things relevant to my field of studies. Still, I was excited to be exposed to the digital forensics industry. I was counting down the days until the conference started. I didn’t realize the true value in attending Enfuse until I got there.

opentext

More Than Just Digital Forensics I attended a session called “CyberSecurity Challenges in Healthcare and Life Sciences.” I thought it would help me understand more about my minor and apply what I’ve been learning in my classes/coursework to real life situations. One presenter was Edward J. McAndrew, who runs an incident response team. The other was Brian A Coleman, who supports internal forensic investigations for the company Pfizer. The two brought in great perspectives on new threats that are happening in the industry. When asked who we should worry about, they replied, “anyone with heartbeat.” Threats constantly happen both inside and outside of the company. This presentation gave an update on the industry rather than demonstrating a new skill or tool like the other sessions. McAndrew and Coleman explained the latest security threats. Threats such as extortion, cyber fraud, phishing attacks and espionage, all of which affect companies on a daily basis. They also addressed the results of these threats, and the importance of protecting data like health information. If data is breached, it breaks dozens of policies and agreements, such as HIPAA. These breaches could get companies in a lot of trouble.   At the end of their presentation, McAndrew and Coleman talked about new laws and policies that are being introduced as a result of these attacks. This presentation was an in depth overview of the cyber security industry, which applies to my own course of study and will help me in my future career. It is important for everyone in the technology industry to understand the challenges we face every day of threats and attacks. Companies also need to be ready for them in order to prevent devastating loss. This presentation proved to me that now more than ever, we need to be aware of cyber threats in this world so we can take actions to prevent them. It was an amazing experience to hear professionals talk about things that are currently happening in the industry. I walked away from this session feeling more knowledgeable on an unfamiliar topic. Conclusion

Not only was I able to attend awesome cyber security sessions, I was also able to get my feet wet in the digital forensics industry and network with other professionals. I will be forever grateful to Champlain College and OpenText for allowing me to attend such an incredible conference. It gave me opportunities to build my professional network and catch up on the newest technologies in the fields I’m pursuing. It opened my eyes to what this technology has to offer, and I hope to attend this conference again one day!

To learn more about the LCDI  or our projects.  Follow us on our Facebook and Twitter pages or send an email to lcdi@champlain.edu!  

The post Beyond Digital Forensics appeared first on The Leahy Center for Digital Investigation.

by

Exploration Forensics Update 2

Introduction

This semester, the exploration forensics group is researching hardware and software that tests for paranormal activity. The team will test the devices and corresponding apps. Through these tests, they will discover how the devices gather readings and interact with a user’s data. In addition, the team will gather evidence on how the devices and applications operate and examine the accuracy of the sensors. If you haven’t read the team’s first blog post, find it here.

The last few weeks involved jail breaking the tablets, testing the devices, and becoming familiar with Radare2.

Radare2 and Testing on Free Apps

A large part of the last two weeks involved the team learning how to use Radare2. The ARM assembly language used for this software can be difficult to make sense of.

Figure 1: Radare2 interface

There are many free programs available to interpret IOS applications, but the team chose Radare2 because of its reputation as a respectable open-source disassembler. The first few days with the software was exploratory and experimental. The team tried “challenges” found online to gain understanding of the language and the program.

When the team felt ready to begin testing on the freeware IOS apps, there were problems locating the .ipa file. An .ipa file is an IOS archive file that stores the application information and data in binary. Due to this roadblock, no testing was done with the free applications before last week. The team instead focused efforts on figuring out how to extract the .ipa files from the iPad. Previous research indicated that extracting the files through iTunes would not be difficult. When the team tried to get the .ipa file for the apps Ghost Sensor and EMF recorder, the folder needed did not exist.

The team spent several days researching alternate ways to extract the .ipa files, but most tutorials use the previous versions of iTunes. Due to this, the team explored other programs used to decompile and extract information from apps.

The last shift before spring break was spent surfing various forums to find alternate ways into the .ipa files. Cydia, which was used to jailbreak the device, has additional add-ons available. The software “ipainstaller” allows for backup and management of ipa files on IOS devices. The team found a forum that explains how to use the extension. Once the extension was downloaded, finding the .ipa files were straightforward and the team was able to make copies of them.

Figure 2: The team used PuTTY and ipainstaller to extract the .ipa file

This week, the team will be investigating the .ipa files in Radare2 to examine the sensors and permissions.

Preliminary Testing

The team also began tests on the Ovilus V this period. While the original plan was to observe packets sent by the Ovilus, the newest Ovilus model does not have networking capabilities. This model replaced the network card with a larger speaker. Because of this, the team is investigating the capabilities of the device’s sensors instead.

The first test on the Ovilus attempted to create false-positives through the use of magnets. The Ovilus tests for many environmental factors, including temperature, humidity, barometric readings, electromagnetic fields, and movement. The device converts these readings into words, according to DigitalDowsing.com. The team hopes to cross-reference the measurements on the Ovilus to a second measurement to confirm accuracy. They also hope to try to spoof these readings to see the effect on the sensors.

The team took a magnet out of a broken hard drive in the lab to use in experimentation on the Ovilus. These powerful magnets should disrupt any magnetic field measurement, and we’re hoping to create false-positives to see how much these magnets can affect the sensors on the Ovilus.

Figure 3: Breaking open an old hard drive to salvage magnets Conclusion

Despite the roadblocks the team has experienced, there are many alternatives to the original research plan. Currently, investigation into alternate ways of accessing the iPad’s file system seems promising. In addition, the team plans to continue experimenting with the Paranormal Puck device and app, and testing on the Ovilus. Post any feedback, questions, or general comments in the comment section below! Interested in our research? Follow the Leahy Center for Digital Investigation (LCDI) on Twitter @ChampForensics, Instagram @ChampForensics and Facebook @ChamplainLCDI.

The post Exploration Forensics Update 2 appeared first on The Leahy Center for Digital Investigation.