Forensic Blogs

An aggregator for digital forensics blogs

by

Application Forensics Update 2

Introduction

Over the past fifteen weeks, the App Forensics team investigated several pieces of mainstream monitoring software. We are now focusing on new software, getting it operational, and investigating its internal workings. Examining how the software interacts with the device is central to our larger motive of understanding the programs. For example if they’re safe, and what a company can access.

Progress

The App Forensics team is working hard on investigating the newest monitoring software, FlexiSpy. We are currently combing through data pulled from a tablet with the software and comparing it to a normal tablet that did not have the software installed. By doing this, we hope to find specific changes and additions made by the software that clues us into the program’s operations. In addition to this our team has also performed several network captures of data transferred to and from the tablets. This shows us which servers the software is talking to and what it’s sending and receiving.  

Conclusion

Once we go through the data, we should be able to get a good handle on what the software is doing. We will continue to analyze the data collected from the tablets and look for changes and behaviors in the tablets to better understand what the software is changing.  Moving forward, we will compare the data we generate on this software to the others we analyzed and draw conclusions about what they have in common.

Stay tuned for more updates to come and follow us on Twitter @ChampForensics, Instagram @ChampForensics, and Facebook @ChamplainLCDI.

The post Application Forensics Update 2 appeared first on The Leahy Center for Digital Investigation.

by

LCDI Intern Blog Series: All About My Internship

With Thanksgiving break getting closer and closer, I have been thinking a lot more about my internship and how it came to be after I got accepted. The first step to the internship process was attending a Town Hall for the LCDI. This was an orientation meeting for the entire workforce where we went over the in’s and out’s of the Center. This took place about a week after finding out that I got the internship. Later that week was my first day, where I was immediately thrown into the mix. There was’t much direction on what I was supposed to do, but some students who’d worked at the LCDI for awhile helped me get down to business.

Tools of the Trade

Some essentials when working at the LCDI are being able to use Trello and Slack, two apps used for all communication purposes. Trello is like a team checklist for staying on task. Cards are placed in different sections depending on urgency and the order they need to be completed. Slack is a messaging app that helps keep work talk within the workplace. There are different channels for different groups of people, and it’s how everyone stays in contact.

Slack is essential to my team, Tool Evaluation, because many of us do not work on the same shifts. I have a partner who I work most shifts with and we’re assigned to the same tool, Autopsy, an open source digital forensics tool used to analyze data sets. Every group has the same set of data, but a different tool to use for analysis. We can communicate our updates on our specific tool through messages, links, files, and even gifs! Our final product is a collaborative report the eight of us contribute to, so updating each other is vital.

Finding a Balance

To help with the transition from students to young professionals, there is a class that is paired with my internship. The Information Technology & Sciences’ Career Coach, Mark Zammuto, teaches the class on Wednesday mornings at 8 am. I personally hate waking up early, but the classes are short, informative, and honestly really helpful. Mark has encouraged us to accomplish important tasks including updating our LinkedIn profiles, creating email signatures, and updating our resumes. The class is designed to give us the tools we’ll need for our futures and I know I’m gaining valuable knowledge I’ll utilize for years to come.

The most interesting part of this process has been connecting my current coursework outside of Mark’s class and my internship. My Laws of Digital Evidence class helps me gain insight to the legal side of gathering evidence, while my Intro to Cybercrime gets into the technical side of acquiring and analyzing evidence. In my Technical Writing class, I learn how to write in a more clear and concise way for technical reports. I learn new things in these courses everyday that help me with the internship, and vice versa. It’s insightful to be able to make these connections and get a more well-rounded learning experience my first semester. I’m looking forward to the next steps of my project and completing my internship at the end of the semester.

The post LCDI Intern Blog Series: All About My Internship appeared first on The Leahy Center for Digital Investigation.

by

Application Analysis

Introduction:

The Application Analysis team is a group of technical interns at the Leahy Center for Digital Investigation. The LCDI offers  great opportunities for students to gain knowledge and skills in digital forensics and cybersecurity. This project is how four intern students have gone about testing some consumer mobile tracking & monitoring software.

Experience:

The Application Analysis team has currently been researching four different mobile tracking & monitoring programs available in today’s market. The programs we are looking at are mSpy, FlexiSpy, Mobistealth, and Highster Mobile. We are researching the specifications that each of these applications claims to have. We have five Nexus 7 tablets, four of which are rooted using Nexus Root Toolkit and one that is being used as the control device. A control device is a device that you leave in its original state to compare with other devices so you can see what has changed. Sometimes unexpected things will change and that is how you can confirm that it has been altered. We have a laptop that is being used to monitor the traffic via WireShark and also used as the control panel for the software.   

Our team is using the following apps: Google Hangouts, Facebook, Facebook Messenger, Kik, and Skype. We are generating data by sending information between the rooted device and the control device using these various applications. We are seeing if we are able to view all the information that we generated and are checking on whether any data is not collected.

In addition, we are testing if video calls are recorded and sent to the parents’ account. We have set a keyword to test the capability of specific programs to see if it alerts the parent when the keyword is used. Since the first program that we tested has the capability of Geo-Fencing, we decided to test for this capability as well. Geo-fencing means if a device leaves a certain location, there would be an alert sent to notify the parent that the device has left the specified location.

Conclusion:

We have created a variety of questions that we would like to look further into with each of the programs, including if the software can be hidden on the device. Stay tuned to read further updates on this project and the information we continue to gather from our devices.

 

To learn more about this and other blogs of the LCDI visit us here: LCDI Blog.

Stay in the loop on our current and upcoming projects and events by following us on Facebook,  Twitter, or Instagram. 

 

The post Application Analysis appeared first on The Leahy Center for Digital Investigation.