Forensic Blogs

An aggregator for digital forensics blogs

by

Wearable Forensics Team 1

Smart Watches Can Solve Crimes

This semester, The Senator Patrick Leahy Center for Digital Investigation at Champlain College (LCDI) is continuing research from the spring of 2016 about wearable technology and the impact devices like the Apple Watch and Fitbit have on forensic investigations. The team hopes to create a guide law enforcement and forensic analysts can use to find information that could aid a criminal investigation. This could include data on the user’s location, movement, heart rate, and more.

Why Wearables?

These devices have exploded in popularity in recent years, with over 102 million wearable smart devices sold in 2016. As a result, forensic investigators and law enforcement have used data from these devices, especially Fitbit, to aid investigations and prosecute criminals in homicide cases.

Despite these successes, there is still little information available on how to pull information from the wearable devices themselves. Most often, investigations utilize data pulled from the paired phones or the account information stored in the cloud. The research team at the LCDI hopes to directly image the devices and see what information is available. This would provide a standard for cases where the phone isn’t available or information can’t be released by the company.

However, if the team is unable to pull information directly from the wearable devices, they will continue the research from the 2016 wearables team and investigate data available on the paired phones and information stored by the company in the cloud. These devices and accounts include various different databases with valuable information that can aid in criminal investigations.

Four Devices to Test

The team will work with four smart watches with fitness capabilities: the Samsung Galaxy Watch, the Fitbit Versa, the Garmin Fenix 5, and the Apple Watch Series 4.  These four devices are the top smartwatches currently available. This week, the team began with datagen for the Galaxy Watch and the Fitbit Versa. This included testing the movement and heart rate sensors, GPS, and third party applications. Beyond testing each device as a smart watch, a team member took the first two devices home for a night. Check back on the team’s next blog post to see what artifacts they were able to find!

The post Wearable Forensics Team 1 appeared first on The Leahy Center for Digital Investigation.

by

Mobile App Intern Final Blog Post

Project Wrap Up

The Mobile App Intern team chose 3 travel apps to analyze. Kayak, Expedia, and Google Trips. All three apps stored their data within the internal storage of each device it was downloaded onto. However, Expedia proved to show very little artifacts that could be useful for forensic analysts. Most of the data kept by Expedia is not data meant for the user or analysts’; it is meant for the app itself (data logs etc). Google Trips saved the most user data out of all three of the apps. It kept user info (username and password hash), trip details (title, locations, etc), and location data. Kayak mainly stored location data, the names of hotels, and rental company information. For example, if one were to use Kayak in order to rent a Mercedes-Benz for $60 USD a day, they can set what dates to rent said car and Kayak will keep all of that information about the car and company stored. The same was true for plane and bus tickets. Company, price, dates of departure/arrival, and user timestamps are all stored.

Final Thoughts

The Mobile App Intern Team is grateful to the LCDI to have been given the chance to utilize their devices in order to perform projects and research. The team was able to acquire new skills (like rooting Android devices) and read many useful journal articles relating to mobile forensics. 

The post Mobile App Intern Final Blog Post appeared first on The Leahy Center for Digital Investigation.

by

SIFT Update 3

Introduction

As we are coming to an end working at the Senator Leahy Center for Digital Investigation, we are closer to completing our final report. Our last post was about recovering artifacts and keyword searches. Due to time issues and inexperience, our team couldn’t recover deleted files.

Experience

Throughout the semester, working at the LCDI with the SIFT-workstation has been a refreshing challenge. Coming into the Center has always been a fun and engaging experience. We’ve learned vital information, especially in regards to digital forensics. We’ve even been exposed to the Linux Command Line.

Researching the SIFT-workstation from SANS  also exposed us to quite a bit of information about SANS. The more we have learned, the more we have realized how exciting the digital forensics field can be. From a first year student’s perspective, technical jargon and new information can be daunting. With the amount of easy-to-read information that SANS has put out, our team agrees that learning becomes simpler.

In regards to the Linux Command Line, our team was subjected to the experience of learning syntax, system commands, and other programs. Both my partner and I have heard from our professors that these skills are integral as investigators. Having that experience is important to us as aspiring students.

Since we are nearing the end of our time on this project, our team has focused on learning how to generate timelines and search clusters. We’ve also looked into bulk extraction and learned that these are typical and required tasks in this field.

Conclusion

In the end, our experience at the LCDI has been overwhelmingly positive and beneficial. We were exposed to and learned from largely important topics which is an opportunity we’ll always be grateful for. Although our team didn’t meet every expectation we had, we still experienced much more than we expected out of the internship.

The post SIFT Update 3 appeared first on The Leahy Center for Digital Investigation.