intern Archives | Forensic Blogs

Interning at the LCDI: Madi’s Journey

About one year ago, I found myself setting foot on Champlain College grounds after a tiring fifteen hour drive from Charlotte, North Carolina. My dad miraculously agreed to visit this random college that I found on the internet with me. I discovered Champlain has an actual Digital Forensics major, which is rare across the country (especially in North Carolina), so I knew I had to make the journey to see it in person. The major itself got me to visit, but what really hooked me was the Leahy Center for Digital Investigation, or as I now know it: the LCDI.

Our visit to the LCDI was a stop-off in our final minutes of the day, right before we were about to start our long drive back. Inside I discovered an opportunity to get real world experience in the digital forensics field while in college. And even more, I was told I could start my first year! This locked in Champlain as my first pick, and I finished my application and submitted it later that very same week.

Needless to say, I got in and am now almost halfway through my first semester at Champlain. A couple of weeks before I started, I received an email with information on how to apply to be an intern at the LCDI during my first semester. I completed the application and interviewed for the position my second day of school. A week later I was thrilled to hear that I was accepted and placed on the Tool Evaluation team. I’d work eight to ten hours a week, in addition to completing occasional assignments for an internship class that’s paired with the work experience. This brought my total credits for this semester to eighteen, which, to be honest, seemed daunting at first. But in my experience so far, it’s all been very manageable.

My internship at the LCDI is just one of the factors that’s made my experience at Champlain different from most of my friends. In high school I went to a middle college, which allowed me to complete my Associate’s Degree in Information Technology Fundamentals during my junior and senior years. Forty-four of my sixty credits transferred to Champlain, so on paper, I technically came in as a sophomore. Because of this status, I’m already taking upper level courses. It has been fascinating working with students of every level, and each of my classes has a different dynamic.

The biggest difference I have noticed so far between home and Burlington is the amount of people who walk everywhere. In Charlotte, everyone drives to get anywhere because most of the city is spread out. It’s nice having a downtown area within walking distance I can visit whenever I want while here at Champlain. One thing I still have to get used to is the cold, but I’m definitely on the fast track to acclimate soon enough.

The post LCDI Intern Blog Series: Meet Madi! appeared first on The Leahy Center for Digital Investigation.

Introduction:

Over the past five weeks we have been researching and gathering information on Opentext software EnCase 8, readying ourselves to begin dissecting evidence in our mock investigation. As the EnCase 8 intern team, we have been spending large amounts of time watching YouTube videos and diving deep into the manual provided by Opentext software. Most recently, we have spent time running through our mock story, completing final checks of the data generation and finally starting our data generation in the VM. We are a team of two first year interns trying to get our foot in the door of the digital forensic world. This is our story….

Our Story:

Since day one, we have been slowly figuring out the ins and outs of EnCase 8 and its usability in our investigation. Hours have been spent watching “how to” videos and trying to replicate the actions in EnCase on a flash drive full of files. We have also been doing a heavy amount of reading from the manual, taking notes, and highlighting important commands that will become necessary when using EnCase. One of the main features we needed to know how to do first was imaging drives. To learn how to image a drive, we used a write blocker hooked up to a hard drive and then we followed our notes to image the drive. This was just one of the many important features we will be using with Encase.

Upon completion of our never ending quest to better understand EnCase, we begin to familiarize ourselves with the story we generated as a team of 8 that we’d be using for our investigation. This involved reading through the story day by day and testing the actions from the script that we wrote. Once this was all completed, our team member Matt was the first to run the final data generation in the VM for the first time. He started with opening the tool evaluation VM and began to work his way through the day one script for our mock investigation. Matt followed the script closely while taking detailed notes of anything he added to the script to beef up day one of our data generation. He also took detailed notes on what was displayed on the screen including the time and action that occurred.

Conclusion:

Next up, we will begin to use EnCase by doing keyword searches and gathering artifacts.We are very excited to get our hands on the mock evidence and truly begin our professional digital forensic experience. Expect us to slowly but surely harness the powers of EnCase 8 and dive head first into this investigation evaluating Encase as we go. We will take detailed notes and begin the process of compiling our report on EnCase 8. Stay tuned to hear more about our ups, downs, and everything in between here at the Leahy Center for Digital Investigation. Check in on Instagram @champforensicslcdi and Twitter @ChampForensics!

To learn more about this and other blogs of the LCDI visit us here: LCDI Blog.

Stay in the loop on our current and upcoming projects and events by following us on Facebook, Twitter, or Instagram.

The post Encase Tool Evaluation appeared first on The Leahy Center for Digital Investigation.