Forensic Blogs

An aggregator for digital forensics blogs

by

Social Networking Sites and Digital Forensics

Introduction  

Being able to attend EnFuse 2018 was an amazing experience. This was my first time attending the conference, and it was the first time OpenText Inc. hosted the conference after they acquired Guidance Software Inc. in mid-2017. Not only was the event loaded with hundreds of industry professionals, former FBI director James Comey was a keynote speaker. It was genuinely interesting to hear him weigh in on many topics. Beyond the keynotes, however, there were several information sessions hosted by business owners, industry professionals, and other enthusiasts of the practice, who provided valuable information for those who attended. I am very grateful to have attended Enfuse 2018. I sat in on numerous sessions within my field of interest and networked with other attendees and speakers.

Digital Evidence from Social Networking Sites & Smarthphone Apps Section. The session that resonated most with me was “Digital Evidence from Social Networking Sites & Smartphone Apps.” This session was presented by Julie Lewis, the CEO, President, and founder of Digital Mountain Inc. and David Dang, Senior Solutions Manager at Digital Mountain Inc. This session touched upon what information is available on various social networking applications and sites, and they gave arguments for their relevance and importance. Social media platforms like Facebook, Instagram, and LinkedIn host over 350 million users. The data that this generates can actually be relevant as evidence in many cases. Lewis and Dang emphasized that the simplest of platforms can be home to some of the most potentially viable information and biometric data (fingerprints, iris, and facial scans). Facebook actually has the capability to pull up a full report on a user, including previous posts, “About Me” information, and other logs useful in an investigation. I genuinely enjoyed learning more about how social media plays a role in forensic investigations, and I learned how it directly applies to my field of study. Conclusion

As Enfuse 2018 ended, there was a brief moment of relief as the busiest days were behind me.  With this, came the realization of the amazing information and opportunities provided to me at the event. Networking with industry professionals and attending daily sessions allowed me to expand my knowledge and interest in my field. I truly thank OpenText and Champlain College for providing me with such an opportunity. Not only did I move me leaps and bounds ahead of last year, I also met some amazing individuals along the way. I can’t wait to share and utilize my newly acquired knowledge throughout my studies in the years to come.

 

To learn more about the LCDI, take a look at our Facebook and Twitter pages or send an email to lcdi@champlain.edu!   

The post Social Networking Sites and Digital Forensics appeared first on The Leahy Center for Digital Investigation.

by

Applications of AI and Machine Learning

Enfuse 2018 Reflection – Zach Burnham

Introduction:

This past summer, I had the honor of attending this year’s Enfuse Conference, the first iteration hosted by Opentext. As a rising senior at Champlain College, this opportunity fell at a critical time for me in my professional development. Attending allowed me to build on the knowledge I’ve gathered in my previous courses, and my time at the Leahy Center for Digital Investigation. Through conversations with some of the greatest minds currently in digital forensics and cybersecurity. Besides networking, the conference also allowed all attendees to sign up for an array of classes with pins you could collect from each class. This was aimed to help start conversations with others with the same interests who may have been walking by. One of the classes offered at the conferences this year covered a recent new interest of mine: artificial intelligence (AI).

Top Applications of AI & Machine Learning Session Review

There were two speakers for this session. The first was Alexis Mitchell, a Principal Data Scientists for Opentext with a background in HP, Recommind, and DARPA. The second speaker was Zachary Jarvinen, also from Opentext, who works in their Product Marketing department for Analytics & AI and has a background in Epson, tapClicks, and the United States Department of State. Together, they talked about the implementations of machine learning and AI in the real world. Their primary example was how Opentext’s Magellan and Business Intelligence help law enforcement and members of government do their jobs. They argued that the use of AI can “help connect, blend, and analyze any and all things” to help organize and expedite the use of information.

To my surprise, machine learning and AI can already found in governments around the world. The European Defense Ministry uses this technology to monitor irregularities in tax documents, and the Government of Canada for assisting employees with common searches and predicting where documents may belong. The Alberta Energy Regulator is also using machine learning for predictive pipeline maintenance; predicting possible points of failure before it becomes an incident not only saves lives, but to optimize water usage. Attending this session only reaffirmed my belief that the future will revolve heavily around both machine learning and AI. I believe that as more AI more innovations come to light, the world will continue to grow more efficient.

Conclusion:

If you are studying digital forensics or even have an interest in the field, I highly recommend this conference. This conference really opened my eyes to a world filled with professionals and topics I had never even though of doing before. Seeing how attendees and speakers interacted with one another exposed me to the idea of life post-graduation. Providing me with opportunities and connections to utilize as my network grows. My attendance has only reaffirmed my strong passion for digital forensics, and the benefits the industry’s work brings to the world.

To learn more about the LCDI, take a look at our Facebook and Twitter pages or send an email to lcdi@champlain.edu!   

The post Applications of AI and Machine Learning appeared first on The Leahy Center for Digital Investigation.

by

Ransomware

Introduction

This year, I had the privilege of attending the OpenText Enfuse conference in Las Vegas. While there, I had the opportunity to develop my forensic abilities and build relationships with industry professionals, co-workers, friends, and many other wonderful new people. The breakout sessions provided me with deep level overviews of interesting topics like threat hunting, ransomware, cryptocurrency investigation, and the growth of digital forensics in the insurance industry. The last is of particular interest to me because I’ve worked in that industry for the past two summers. The lectures provided me with a contextual understanding and wide variety of perspectives on the larger ideas that drive digital forensics and cybersecurity. James Comey’s keynote session added a legal context to the benefits and drawbacks of encryption. He presented this in a way that allowed for new discussions to take place about data privacy and digital forensic investigations.

Held Hostage: A Ransomware Primer One session that particularly excited me prior to attending Enfuse 2018 was “Held Hostage: A Ransomware Primer”. Nick Hyatt, a Managing Consultant with Optiv Enterprise Incident Management, presented this breakout session.   The session defined ransomware in easy to understand terms. It then dug deep into how ransomware can infect systems and the impact that such an attack can have on a wide variety of operations. Hyatt traced ransomware from its beginnings in 1989, with the PC Cyborg Trojan,which would encrypt a system after 90 boots, to the current and more sophisticated ransomware attacks that have grown since 2013, such as WannaCry. Hyatt also explained the growth of ransomware as a service (RaaS) criminal organizations can use to hire attackers to launch attacks on specified targets.   The most common ways ransomware infects systems are through bad links in phishing emails and unpatched vulnerabilities in operating systems or software. Healthcare organizations are easy targets for distributing ransomware as their medical technology is often dated. This in turn provides a larger attack surface for dangerous actors. The oil industry is also a large target for ransomware attacks because workers are often remote, so malware is capable of traveling through shared networks across state and country lines.   Hyatt then covered several real world examples of how ransomware affects systems. Two healthcare organizations and a gas company were the targets of these attacks. In each instance, an initial infected system spread malware to shared folders where the damage multiplied, forcing the organizations to deploy backups. Everything regarding the defense against the attacks was reactive, meaning defense measures only began after the incident occurred.

Best practices for defending against ransomware lie in educating employees about the different ways ransomware can get into a network, patching out of date software, network segmentation to prevent spread, frequent backups, and email extension filters to prevent the delivery of unwanted file types. When employees are aware of these attack vectors, then they may begin to recognize the signs of obvious danger. Hyatt noted that the most important part of security awareness training is to explicitly explain what signs of suspicious activities look like. Show them! Hyatt stressed, “Security is about learning, not shaming.”

Conclusion

OpenText Enfuse 2018 allowed me to explore a wide variety of security topics in a very short amount of time, but if you ask me, too short. I could’ve spent another week attending sessions like these to get my finger on the pulse of conversations happening now in the security and digital forensics fields. The experience was invaluable from every perspective imaginable.

To learn more about the LCDI  or our projects.  Follow us on our Facebook and Twitter pages or send an email to lcdi@champlain.edu!   

The post Ransomware appeared first on The Leahy Center for Digital Investigation.