Forensic Blogs

An aggregator for digital forensics blogs

by

Application Analysis

Introduction:

The Application Analysis team is a group of technical interns at the Leahy Center for Digital Investigation. The LCDI offers  great opportunities for students to gain knowledge and skills in digital forensics and cybersecurity. This project is how four intern students have gone about testing some consumer mobile tracking & monitoring software.

Experience:

The Application Analysis team has currently been researching four different mobile tracking & monitoring programs available in today’s market. The programs we are looking at are mSpy, FlexiSpy, Mobistealth, and Highster Mobile. We are researching the specifications that each of these applications claims to have. We have five Nexus 7 tablets, four of which are rooted using Nexus Root Toolkit and one that is being used as the control device. A control device is a device that you leave in its original state to compare with other devices so you can see what has changed. Sometimes unexpected things will change and that is how you can confirm that it has been altered. We have a laptop that is being used to monitor the traffic via WireShark and also used as the control panel for the software.   

Our team is using the following apps: Google Hangouts, Facebook, Facebook Messenger, Kik, and Skype. We are generating data by sending information between the rooted device and the control device using these various applications. We are seeing if we are able to view all the information that we generated and are checking on whether any data is not collected.

In addition, we are testing if video calls are recorded and sent to the parents’ account. We have set a keyword to test the capability of specific programs to see if it alerts the parent when the keyword is used. Since the first program that we tested has the capability of Geo-Fencing, we decided to test for this capability as well. Geo-fencing means if a device leaves a certain location, there would be an alert sent to notify the parent that the device has left the specified location.

Conclusion:

We have created a variety of questions that we would like to look further into with each of the programs, including if the software can be hidden on the device. Stay tuned to read further updates on this project and the information we continue to gather from our devices.

 

To learn more about this and other blogs of the LCDI visit us here: LCDI Blog.

Stay in the loop on our current and upcoming projects and events by following us on Facebook,  Twitter, or Instagram. 

 

The post Application Analysis appeared first on The Leahy Center for Digital Investigation.

by

Network Automation Update 1

Network Automation Overview

The Network Automation project team has set out to create a script that scans computer networks and map them in a discrete, speedy, and automatic manner. This will be accomplished with a Raspberry Pi device running the script and several accompanying programs.

network automation

The project’s goal is to create a penetration testing tool that will combine programs like Nmap and Nikto to map networks and propagate automated reports about the discovered information. This program will be launched from a Raspberry Pi 2 Model B microcomputing device. While it lacks the powerful hardware found in most workstations, its customizability and portable size make it a perfect fit for our needs.

Script Overview

These scanners are extremely beneficial to network administrators: they allow you to scan for potential vulnerabilities and “visualize” their network. As of now, our script accomplishes this by monitoring the following ports: 53, 21-23, 25, 80, 88, 443, 110, 135, 137-139, 1433 and 1434. We choose to scan these ports because of their specific functions, such as port 80. Port 80 is where network traffic is often directed, and is also commonly exploited by attackers.

network automation

Conclusion

Now that we have a completed script, we will begin testing it and making sure it works properly. Once we’ve thoroughly tested the script, we will then perform a pen test on the LCDI network and see what we can find! Be on the lookout for our next blog post where we will review our testing phase and discuss any issues we come across.

The LCDI always welcomes feedback! Check us out on Facebook, Twitter, or read our other blogs! We can also be reached by email at: lcdi@champlain.edu.

The post Network Automation Update 1 appeared first on The Leahy Center for Digital Investigation.