Forensic Blogs

An aggregator for digital forensics blogs

November 15, 2019 by LCDI

Application Analysis Blog 1

What is Application Analysis?

Artifacts are a subject of fascination, full of information from their time and location.  An application leaves markers on systems that often go undetected by the user. These digital artifacts are small bits of information, ranging from profile icons to private messages. This information could be a threat, and it’s crucial that any consumer be aware of their app’s security. This means that if someone else gets into your system, they might be able to unearth info that could allow them to steal from or impersonate you.

The goal of this project is to find out what information remains after one removes an app from the system. Through this, we can learn what programs are secure and prevent any security risks.

Image stating

Browsers and User Privacy

In the first few weeks of the semester, we spent time examining the artifacts left by internet browsers. Through this, we uncovered a treasure trove of information in the “Appdata” folder. This folder is where every desktop application stores it’s information. Because it’s deemed unnecessary for user interaction, the Appdata folder is full of user input for most programs. If a normal consumer stumbled upon this, it wouldn’t mean much to them. However, this is all the juicy bits of data that were part of your account on a program. This could be very useful for someone trying to take control of your accounts.  For example, one of the files within this folder holds your Cookies, small temporary files that are responsible for holding small, session-long pieces of data.  

We took a look at the browser Firefox, made by the company Mozilla. There are three folders under Appdata: Local, LocalLow, and Roaming. The browser stores data that it accesses in a local server so that it can access it again, like your browser homepage.

Your credit card information that was put into Amazon is held in that file, as is your Facebook password. This is a risk for everyone and it needs to be addressed to make users more aware of their safety online and offline.

An image of the information under the Firefox tab in Roaming

An image of the information under the Firefox tab in Roaming

What types of applications will we be looking at? 

After working with browsers, we started researching other applications to investigate.  We decided to investigate Steam, Google Drive, Dropbox, Viber, and Twitter. Steam is a popular gaming PC gaming platform that, as of April 2019, has a billion accounts and 90 million users. It’s important that such a giant in the video game industry keeps its users’ information private. Google Drive is similar to Dropbox, but is better funded and more used. We are curious to see how much of a difference this makes security-wise for each user. Viber is a small Peer-to-Peer (P2P) application for smartphone and desktop use. P2P gives users equal permissions, allowing for fast data movement. Finally, Twitter is a large worldwide social media application that has had a history of insecurity in its system.

Conclusion

During the course of this semester, we will these desktop applications on our virtual machines. Doing this will generate data from the program into the Appdata folder. After this, we will completely uninstall the applications from the system, and investigate the data leftover, analyzing the trail of data to see if one could abuse it.

We will start next week with analyzing our first application, and we will be sure to let everyone know the verdict on our next blog!

 

Stay up to date with Twitter, Instagram, and Facebook by following @ChampForensics so you always know what we’re up to!

 

The post Application Analysis Blog 1 appeared first on The Leahy Center for Digital Forensics & Cybersecurity.

Read the original at: The Leahy Center for Digital Forensics & CybersecurityFiled Under: Digital Forensics, Uncategorized Tagged With: Analysis, application, Application Analysis, Champlain College, Internship, Projects, Student, Student Work, Students, Uncategorized, Update, windows

December 14, 2018 by LCDI

Mobile App Intern Final Blog Post

Project Wrap Up

The Mobile App Intern team chose 3 travel apps to analyze. Kayak, Expedia, and Google Trips. All three apps stored their data within the internal storage of each device it was downloaded onto. However, Expedia proved to show very little artifacts that could be useful for forensic analysts. Most of the data kept by Expedia is not data meant for the user or analysts’; it is meant for the app itself (data logs etc). Google Trips saved the most user data out of all three of the apps. It kept user info (username and password hash), trip details (title, locations, etc), and location data. Kayak mainly stored location data, the names of hotels, and rental company information. For example, if one were to use Kayak in order to rent a Mercedes-Benz for $60 USD a day, they can set what dates to rent said car and Kayak will keep all of that information about the car and company stored. The same was true for plane and bus tickets. Company, price, dates of departure/arrival, and user timestamps are all stored.

Final Thoughts

The Mobile App Intern Team is grateful to the LCDI to have been given the chance to utilize their devices in order to perform projects and research. The team was able to acquire new skills (like rooting Android devices) and read many useful journal articles relating to mobile forensics. 

The post Mobile App Intern Final Blog Post appeared first on The Leahy Center for Digital Investigation.

Read the original at: The Leahy Center for Digital InvestigationFiled Under: Digital Forensics, Uncategorized Tagged With: Android, Blog Post, Champlain College, intern, Internship, iOS, iPad, LCDI, Mobile, Mobile App Analysis, Projects, Student Work, travel, Update

December 13, 2018 by LCDI

Automated Network Scanning + Final Experience

With our time here and finals week approaching fast, we are working to tie up all loose ends. Our final report is now complete, and we’ve done as much as we can with our scanner. The script scans the network, prints out some information, and sends it to an email address. We only got around to collecting the ports and services hosted on the network. If we had more time, we would have added more features, like OS detection or complete automation. As it is, we only managed to get the basics complete in time.

 

This is due to both a lack of time, and the many obstacles encountered throughout the course and scan of our project. If we had started with more experience, we would have been able to finish much more than we did. We spent a good amount of time figuring out how to actually use the tools instead of working on the project itself. In the end, we were unable to do as much as the other teams. Naturally, we are now much more experienced than we were at the start. Our work here at the LCDI has taught us a lot, and it has been a very positive experience for both of us.

 

Moving forwards, our primary goal is to wrap up last-minute objectives. First among these will be editing our final report once the Tech Writers have reviewed it for more time. This will more than likely take up our final shifts. Once we’ve completed this task, we will be all but done with our project.

The post Automated Network Scanning + Final Experience appeared first on The Leahy Center for Digital Investigation.

Read the original at: The Leahy Center for Digital InvestigationFiled Under: Digital Forensics, Uncategorized Tagged With: Blog Post, Champlain College, Digital forensics, Internship, LCDI, network scanning, Projects, script, Student, Student Work, Update

  • « Previous Page
  • 1
  • 2
  • 3
  • 4
  • 5
  • …
  • 8
  • Next Page »

About

This site aggregates posts from various digital forensics blogs. Feel free to take a look around, and make sure to visit the original sites.

  • Contact
  • Aggregated Sites

Suggest a Site

Know of a site we should add? Enter it below

Sending

Jump to Category

All content is copyright the respective author(s)