Forensic Blogs

An aggregator for digital forensics blogs

by

Mobile Forensics Update 1

Introduction

Frequent readers of this blog will not be surprised to see a new iteration of the Mobile Forensics project. This semester, we are focused specifically on social media apps on Android devices. For the purposes of this project, we have defined social media as any app that allows people to communicate, chat, interact, or exchange information. Most applications that will fit this definition are categorized on the Google Play store as “social”.

This year our devices are two LG G6’s and, as in past projects, the team will be taking advantage of Cellebrite’s UFED 4PC and Android Debug Bridge (ADB) to extract information from the app files. Additionally, we will be investigating if there is any difference between the data collected and stored on Android version 7 and Android version 8.

Current Progress

So far we have created processes and templates for organized data generation. After narrowing down which applications we want to look at, we decided the first application we will be pulling data from is Snapchat. We have been practicing rooting devices and pulling the data to figure out what we will look for on the devices. We need to root the devices to be able to get the information off the apps and look under the hood of them. Our LG G6 devices have just arrived, and we are preparing them for data generation.

Conclusion

After prepping our devices, we will download  Snapchat and start creating data by sending snaps to the LCDI Snapchat. We will then use the app for a day before we pull information off of it. The more we use the app, the more information we could potentially acquire. When we do a pull, we will analyze all the data we have and once that is complete, we will move on to the next application, Telegram.

Stay tuned for more updates to come and follow us on Twitter @ChampForensics, Instagram @ChampForensics, and Facebook @ChamplainLCDI.

The post Mobile Forensics Update 1 appeared first on The Leahy Center for Digital Investigation.

by

Smartphones: The Nexus of Evidentiary Data from Social Media to IoT

Introduction

As a first year cybersecurity student, my application to the OpenText Enfuse conference felt like a long shot. Additionally, seeing how I am a cybersecurity major and the conference is mainly focused on digital forensics, I wasn’t sure how much of the content I would be able to understand. Despite this, I was selected and feel that I learned a significant amount of new information. The session that was most informative to me was “Smartphones: The Nexus of Evidentiary Data from Social Media to IoT” given by Amber Schroader.

 

 

Amber Schroader

Smartphones and Social Media

Amber Schroader is the President, CEO and Founder of the Parabon Corporation, a leading company in the field of forensics for mobile devices, smartphones, computers, email, gaming systems ,and the cloud. Despite her vast experience in a variety of forensic technology, her Enfuse talk focused solely on smartphones. She began the session by laying out three topics she intended to cover. The first: the hurdles of smartphone forensics. The second: the location of valuable data. The third: how smartphones interact with IoT Her presentation was engaging, at times humorous, and heavily aided by actual data she took from her children’s phones. This included logs of Tinder conversations and other text messaging apps. All in all, for a talk on a somewhat complex process, I felt I was able to understand most of the information despite my lack of experience.

 

Conclusion

Enfuse was a great experience for me. I was able to meet and network with many industry professionals and I believe I learned a significant amount and gained a better understanding of what digital forensics really is.

To learn more about the LCDI take a look at our Facebook or Twitter pages or send an email to lcdi@champlain.edu.

 

The post Smartphones: The Nexus of Evidentiary Data from Social Media to IoT appeared first on The Leahy Center for Digital Investigation.

by

Social Networking Sites and Digital Forensics

Introduction  

Being able to attend EnFuse 2018 was an amazing experience. This was my first time attending the conference, and it was the first time OpenText Inc. hosted the conference after they acquired Guidance Software Inc. in mid-2017. Not only was the event loaded with hundreds of industry professionals, former FBI director James Comey was a keynote speaker. It was genuinely interesting to hear him weigh in on many topics. Beyond the keynotes, however, there were several information sessions hosted by business owners, industry professionals, and other enthusiasts of the practice, who provided valuable information for those who attended. I am very grateful to have attended Enfuse 2018. I sat in on numerous sessions within my field of interest and networked with other attendees and speakers.

Digital Evidence from Social Networking Sites & Smarthphone Apps Section. The session that resonated most with me was “Digital Evidence from Social Networking Sites & Smartphone Apps.” This session was presented by Julie Lewis, the CEO, President, and founder of Digital Mountain Inc. and David Dang, Senior Solutions Manager at Digital Mountain Inc. This session touched upon what information is available on various social networking applications and sites, and they gave arguments for their relevance and importance. Social media platforms like Facebook, Instagram, and LinkedIn host over 350 million users. The data that this generates can actually be relevant as evidence in many cases. Lewis and Dang emphasized that the simplest of platforms can be home to some of the most potentially viable information and biometric data (fingerprints, iris, and facial scans). Facebook actually has the capability to pull up a full report on a user, including previous posts, “About Me” information, and other logs useful in an investigation. I genuinely enjoyed learning more about how social media plays a role in forensic investigations, and I learned how it directly applies to my field of study. Conclusion

As Enfuse 2018 ended, there was a brief moment of relief as the busiest days were behind me.  With this, came the realization of the amazing information and opportunities provided to me at the event. Networking with industry professionals and attending daily sessions allowed me to expand my knowledge and interest in my field. I truly thank OpenText and Champlain College for providing me with such an opportunity. Not only did I move me leaps and bounds ahead of last year, I also met some amazing individuals along the way. I can’t wait to share and utilize my newly acquired knowledge throughout my studies in the years to come.

 

To learn more about the LCDI, take a look at our Facebook and Twitter pages or send an email to lcdi@champlain.edu!   

The post Social Networking Sites and Digital Forensics appeared first on The Leahy Center for Digital Investigation.