Forensic Blogs

An aggregator for digital forensics blogs

by

Virtual Currency Investigations: Fear Not the Blockchains

At the Magnet User Summit this year, I listened to a presentation by Eric Huber, Vice President of National White Collar Crime Center (NW3C). With a broad background in digital forensic investigations, he spoke about the changing field in cryptocurrencies and blockchain analysis. He gave a brief overview on different types of cryptocurrencies and how to use them. Then he dove into how cryptocurrencies are evolving and how digital forensics needs to catch up to the changes.

Cryptocurrencies

Cryptocurrencies are a little bit more complicated than just currencies that solely run on the internet or through the cyberspace. Currencies like Ethereum and Bitcoin are purchased and are traded in cyberspace to purchase goods and services just like fiscal currencies, but because of the push back against government control, these currencies can be used to purchase illegal goods and services without being tracked easily. Cryptocurrencies are on the rise and are becoming more popular than ever. With ATMS popping up all over the world, they are becoming even more accessible.

Blockchains

Blockchains are the ledgers of cryptocurrencies. Unlike most banks and budgets, blockchains never list the total cryptocurrency that someone might have. Instead, they list who exchanged it and how much. Cryptocurrency mining is figuring out the hashes or the specific string of characters and numbers to figure out the transaction and post it directly on the ledger. After claiming that position, not only would the miner claim some cryptocurrency, but every time that section of the ledger is referenced to calculate how much an individual has of that cryptocurrency, the miner earns more cryptocurrency.

Public vs Private

Different types of cryptocurrencies have different types of blockchains. The public can openly access public blockchains, like what Ethereum and Bitcoin. Law enforcement can also subpoena them to learn who performed the possibly illegal transaction. However, there can always be more privacy. The more privacy achieved, the more complicated arresting and subpoenas become. Private blockchains involve each individual block becoming private and not available to the public. Not only is the ledger inaccessible, but law enforcement is unable to subpoena individual miners. They would only have parts of the ledger anyways.

With a developing field, digital forensics and incident response is developing blockchain analysis to track backwards after figuring out specific blocks of ledgers to figure out the specifics of transactions and more. This is the changing part of cryptocurrencies and how digital forensics needs to evolve to adapt to accommodate these changes since cryptocurrencies are not fading away anytime soon.

 

Blog written by Champlain College’s Nurit Elber.

Be sure to check us out on Twitter @ChampForensics, Instagram @ChampForensics, and Facebook @Champlainforensics to see other important information pertaining to our project!

The post Virtual Currency Investigations: Fear Not the Blockchains appeared first on The Leahy Center for Digital Investigation.

by

Magnet User Summit Experience

Thanks to Champlain College, I was able to attend this year’s Magnet User Summit. As a first year, I was concerned as to how well I would understand the topics and concepts. However, I found that I was well prepared. My internship this semester at the LCDI helped most of all, as it provided me with knowledge not just of digital forensics, but of the work environment as well. The conference was fascinating, and I was able to learn more about the ever-changing environment of ITS.

Improvise, Adapt, and Overcome

The Improvise, Adapt, Overcome: A New Mantra for Digital Forensics Professionals lecture was presented by Cindy Murphy, president of Gillware Digital Forensics. The talk focused on challenging the unwritten rules and truths of cybersecurity and digital forensics and turning to improvise, adapt, and overcome obstacles. Specifically, it challenged the rules and knowledge of imaging, firmware, and hardware. With imaging, Murphy discussed how an image that shows all zeros it is not actually empty. You’re also not getting a full forensic image from a hard drive. Murphy also mentioned the importance of investigating NAND flash memory, which is often overlooked.

With firmware, Murphy discussed how important its role is as the go-between for hardware and operating systems, and how its role is frequently underestimated. Hardware has this similar issue of being neglected in investigations. In fact, removing chips from damaged hardware to identical functioning hardware can be incredibly helpful with investigations. Most importantly, Murphy argued members of the ITS industry need to learn to keep moving forward in this ever-changing environment.

Guest Keynote on the Evolution of the Digital World

The guest keynote was presented by Ovie Carroll, director of DOJ CCIPS Cybercrime Lab, SANS instructor, and author. He reflected on the evolution of the digital world and segued into the newest innovations of the modern day and what’s to come. This included Bluetooth stones and other similar devices, which currently serve as miniature hotspots that relay information to smartphone-clad passerby and clouds. Carroll explained how clouds add value to the pre-search phase of investigations. Cloud storage is becoming more common, lessening the value in seizing hardware and increasing obtaining data before it’s deleted remotely. He also discussed the rising frequency of encrypted computers, and the importance of RAM images, encryption, and hard drive images. We were reminded and provided digital examples of Locard’s evidence transfer principals.

Discussions relating to mental health and self-confidence were brought up as well. We were reminded there’s no such thing as a full forensic investigation and that you will always miss an artifact. As a result, the investigator shouldn’t feel disheartened when their data is passed to a second pair of eyes. In fact, a collaborative approach to forensics analysis was recommended and was echoed by many in the following talks.

Powershell vs Python

The Leveraging Powershell and Python for Incident Response and Live Forensic Applications lecture was presented by Chet Hosmer, author of Python Forensics. The fundamentals, integration, and applications of both Powershell and Python were discussed. Hosmer presented Powershell as a great acquisition engine that provides digital investigators with a set of cmdlets and access to the internals Windows, Linux, and Mac desktops and cloud services. He presented Python as a relatively straight forward, understandable, and object-oriented scripting language. Its environment allows for the rapid development of new tools, deep analysis, automation, and the correlation of evidence. Hosmer then demonstrated two different integrations live. Both of these integrations allow for better solutions for incident response, live forensic investigation, and e-Discovery.

I was able to attend many other lectures as well, such as the Magnet Forensics keynote, the Panel of Corporate Forensics Experts, and the Axiom Essentials Lab. The conference covered a wide range of fascinating topics, yet provided a consistent environment that was friendly and inviting. Other participants were eager to speak with Champlain students and viewed us as  equals, sharing tips and engaging in discussion. It’s a community myself and other students are excited to participate in, and hope to again at the next conference!

 

Blog written by Champlain College first year Hayley Froio.

Be sure to check us out on Twitter @ChampForensics, Instagram @ChampForensics, and Facebook @Champlainforensics to see other important information pertaining to our project!

The post Magnet User Summit Experience appeared first on The Leahy Center for Digital Investigation.

by

Magnet User Summit 2019

Introduction

During the first week of April, I had the chance to go to the Magnet User Summit in Tennessee. During the trip I met many Champlain students that I wouldn’t have known if I hadn’t gone. I also had the chance to talk with upperclassmen within my major who told me about their experience at Champlain. They gave me pointers on opportunities that I should take advantage of while at Champlain.

During this conference, I learned about many topics within the digital forensics field. Specifically, I had the chance to learn more about how to leverage Python within PowerShell and how I could further my knowledge about PowerShell and Python. I was also able to learn about IoT and the artifacts that someone could find within devices that people use every day.

One of the sessions that stood out the most to me was the session called “IOC Easy as 1-2-3”. During this session, the presenters talked about the term IOC referring to the Indicator of Compromise. Attackers easily breached a leading company’s software because nobody looked in the file where it was located. There ended up being multiple files with funny names like “totallynotavirus” within a folder containing software from the company FireEye. The files clearly contained malware from attackers who had access to the system. The presenters also mentioned that the IT team at the business was compromised and was quite embarrassed about this happening. It goes to show that even a company like FireEye software may have vulnerabilities even though it’s meant to protect a computer system.

Conclusion

Overall, I believe that going to the Magnet User Summit was a great learning experience. I was able to learn about many new things in the field of digital forensics. I also was able to meet new people, both from Champlain and industry professionals. It was a great experience for me and I hope to be able to attend more in the future. I highly recommend MSU to anyone interested in going to a conference. Learn as much as you can and have fun!

Blog written by Champlain College’s Liam Barry.

Be sure to check us out on Twitter @ChampForensics, Instagram @ChampForensics, and Facebook @Champlainforensics to see other important information pertaining to our project!

The post Magnet User Summit 2019 appeared first on The Leahy Center for Digital Investigation.