Forensic Blogs

An aggregator for digital forensics blogs

by

SIFT Update 2

Introduction

This month at the Senator Leahy Center for Digital Investigation, we started analyzing our data. As a part of the SIFT research team, we used our knowledge of digital forensics to scan through files in order to find artifacts that would help us put our criminal behind bars. After we found artifacts, we went on to conduct keyword searches where we found very useful evidence for our investigation.

Experience

We have learned so much over the past month about SIFT. SIFT allows for artifact gathering, and keyword searching. Artifact gathering involves going into the imaged drive and gathering potentially incriminating files, or anything that could be useful to a digital investigators analysis. Pair that with keyword searching and a strong case can be built and argued in criminal court.

Originally SIFT had major issues in the srch_strings function within Autopsy. This was a major issue because srch_strings is used for keyword searching, an essential part of a digital investigator’s case.  Being new to SIFT was difficult because as a team we did not know how to fix this problem. Eventually, we learned the issue occurred because SIFT runs an older, unsupported version of Autopsy (Autopsy 2.24). The only way to fix this was to import a new version of srch_strings into SleuthKit. After importing the new version, we managed to get keyword searching to work with up to three characters, and on the letter “e” alone, got 3 million hits.

For our project, our data gen had us searing for “cyanide”. Therefore, a keyword search for “cyanide” would be useful in finding files that contain information about the poisoning.

Conclusion

Finding artifacts and searching for keywords are extremely important to a digital investigator. Within the coming weeks, we are going to be recovering deleted files from the disk image. Stay tuned for our next blog about recovering deleted files.

The post SIFT Update 2 appeared first on The Leahy Center for Digital Investigation.

by

SIFT Tool Evaluation

Introduction:

The Senator Leahy Center for Digital Investigation (LCDI) is an establishment that was created to encourage Champlain College students to gain technical knowledge of an area within their field of study. As a team, interns are expected to communicate and work together in order to finish a project. This is the experience of the LCDI through the eyes of two interns.

 

Our Experience:

Our experience so far at the LCDI  has been exceptional. As first year students, we have learned valuable information about computer and digital forensics that we can actually use in the field. As technical interns, we are compiling information about a digital forensics tool. We are doing this to determine what tool has the greatest functionality and to gain real world experience working with a digital forensic tool. We are working with SIFT, and, so far, everything about it has been thrilling.

 

As interns, we have learned a few new things working with more experienced members. As one might expect, we have honed a large amount of new technical skills while working in a computer lab. But we have also practiced skills newer to us, such as working on a team and working under a team of supervisors. You can attend any amount of hours in a technical course without ever learning the social skills required in a workplace. Our time at the lab has given us great experience in interpersonal relations we’ll need to utilize in our future careers.

 

Before starting our work, we knew very little about digital forensics or the tools used to analyze data. We also didn’t know very much about Linux commands. This was difficult at first because SIFT is a Linux based forensics toolkit, but we have gained exponential knowledge from working with it over these past months.

 

Our experience at the LCDI has thus far been overwhelmingly positive and exciting. The environment the LCDI has allows me to explore the social aspect of a workplace while also exploring the technical aspect. This, to me, is exactly what we were looking for in college, and is unique to Champlain College. We are excited to have the future opportunity to work ever higher positions at the LCDI.

 

Conclusion:

Our next step is analysis of the data that we just finished generating. We’ll keep you posted!

 

 

To learn more about this and other blogs of the LCDI visit us here: LCDI Blog.

Stay in the loop on our current and upcoming projects and events by following us on Facebook,  Twitter, or Instagram. 

The post SIFT Tool Evaluation appeared first on The Leahy Center for Digital Investigation.