Forensic Blogs

An aggregator for digital forensics blogs

by

FTK Tool Evaluation Update

Introduction

In our tool eval team, we are researching and evaluating AccessData’s Forensic Toolkit. This program advertises itself as an all encompassing tool for extracting, analyzing, and compiling digital evidence into a readable format that is acceptable for use in a court of law. Our primary goal is to understand FTK in every aspect possible, with preference given to the searching and efficiency aspects of its use.

Current Progress

Over the past month, we spent a significant amount of time familiarizing ourselves with online FTK manuals and tutorials. We felt it was important to understand exactly which functions and features would help digital investigators the most before trying to run data through FTK’s systems. When we felt we were proficient in our knowledge, we set up our virtual machine with support from the LCDI helpdesk.

More recently, we have been participating in a multi-team effort to generate test data. To do this, we recreated digital footprints of a professor killing another for tenure. We knew that we had to make our test data as realistic as possible, so we threw searches of jazz musicians and golf tournaments into our fictional professor’s data stream. We plan to sift through the test data in Forensic ToolKit to discern how reliable the program is at catching criminal data in a stream of normal internet browsing.

We have been documenting our shift-to-shift progress on a website with updates in a shorter bullet point format. Along with the website, we have created and started maintenance of our twitter handle, @FTKToolEvalLCDI. We have also been researching any and all aspects of FTK that remain beyond the scope of our knowledge. This is a rather time consuming process, made much more difficult by the lack of guides and videos online. Regardless, we appear to be on track for a timely end to this project.

Conclusion

We have already accomplished a lot, but still have a long way to go. Once we get our data gen back, we can begin benchmark tests and can report with more hard data. Getting everything set up on the virtual machine was a small hurdle that we overcame. We are eager to continue our progress and report back with more concrete data on FTK.

After we complete our research, we plan to compare statistics of multiple digital forensic programs, such as Encase and Autopsy, to FTK. Our hope is to provide an accurate comparison of digital forensic tools so digital investigators all over the world can have accurate knowledge and preparation in their own ventures.

 

To learn more about this and other blogs of the LCDI visit us here: LCDI Blog.

Stay in the loop on our current and upcoming projects and events by following us on Facebook,  Twitter, or Instagram. 

The post FTK Tool Evaluation Update appeared first on The Leahy Center for Digital Investigation.

by

Experiences, Accomplishments, and Lessons Learned

Introduction

When people join a new workforce, they often find themselves saying: “I am in way over my head.” I experienced that during my first week as an intern at the Leahy Center for Digital Investigation (LCDI). It was only my second week of my first year of college, and I couldn’t wait to get my foot in the door and start my internship at the LCDI. I was a part of a team of three (Matthew Eckhardt, Jordan Kimball, and Jessica Hunsberger), and immediately I noticed that our project was more complicated than anything we had done before. None of us knew where to begin with an “Automated Network Scanner.” We didn’t have the answers right off the bat. Luckily for us, the LCDI is a place for people who don’t always know all the answers, as the truth is, nobody does. My team and I got to work, and found out we were a lot more capable than we previously thought. The following is the culmination of our work and research into Nmap, port scanning, and Raspberry Pi’s.

What we learned so far

First, we should explain what it is we are actually doing. Our team was tasked with creating an “Automated Network Scanner”—that is, a device that could be plugged into the network at the LCDI and scan it for available ports, hosts, and services, as well as give a report on what it found. In pursuit of this goal, we learned how to use Nmap, an industry staple for scanning and testing a network for vulnerabilities.

This, by itself, was not too difficult. If you do your research, you can download Nmap and figure it out, no problem. The difficulty comes in the “automated” part of “Automated Network Scanner.” We solved this problem with Python 3. It turns out that Nmap can be inserted as a part of a Python script. One of the great boons in this project was that almost everything we were working on was well documented online, albeit small pieces individually. Using this knowledge, we learned we could inject the script into a Raspberry Pi’s startup protocols, and run the script as soon as the Raspberry Pi turned on. Furthermore, using Python allowed us to create a formatted report, and send it to a private email account automatically.

Conclusion

All in all, our research and effort put towards this project have proved successful. Our team has been moving at a steady rate, and our Automated Network Scanner is almost complete. This technology has a lot of widespread utility as this machine could be used by just about any person or organization who is heavily invested in a computer network. Creating a map of your network and potential vulnerabilities is extremely useful, especially in this current digital age. The next step for our team is perfecting our scripts, making sure our scanner is as efficient and informative as possible, and then setting up a mock network out of Raspberry Pi’s and testing the scanner on it, before testing it on the LCDI network.

 

To learn more about this and other blogs of the LCDI visit us here: LCDI Blog.

Stay in the loop on our current and upcoming projects and events by following us on Facebook,  Twitter, or Instagram. 

The post Experiences, Accomplishments, and Lessons Learned appeared first on The Leahy Center for Digital Investigation.

by

Smartphones: The Nexus of Evidentiary Data from Social Media to IoT

Introduction

As a first year cybersecurity student, my application to the OpenText Enfuse conference felt like a long shot. Additionally, seeing how I am a cybersecurity major and the conference is mainly focused on digital forensics, I wasn’t sure how much of the content I would be able to understand. Despite this, I was selected and feel that I learned a significant amount of new information. The session that was most informative to me was “Smartphones: The Nexus of Evidentiary Data from Social Media to IoT” given by Amber Schroader.

 

 

Amber Schroader

Smartphones and Social Media

Amber Schroader is the President, CEO and Founder of the Parabon Corporation, a leading company in the field of forensics for mobile devices, smartphones, computers, email, gaming systems ,and the cloud. Despite her vast experience in a variety of forensic technology, her Enfuse talk focused solely on smartphones. She began the session by laying out three topics she intended to cover. The first: the hurdles of smartphone forensics. The second: the location of valuable data. The third: how smartphones interact with IoT Her presentation was engaging, at times humorous, and heavily aided by actual data she took from her children’s phones. This included logs of Tinder conversations and other text messaging apps. All in all, for a talk on a somewhat complex process, I felt I was able to understand most of the information despite my lack of experience.

 

Conclusion

Enfuse was a great experience for me. I was able to meet and network with many industry professionals and I believe I learned a significant amount and gained a better understanding of what digital forensics really is.

To learn more about the LCDI take a look at our Facebook or Twitter pages or send an email to lcdi@champlain.edu.

 

The post Smartphones: The Nexus of Evidentiary Data from Social Media to IoT appeared first on The Leahy Center for Digital Investigation.