Forensic Blogs

An aggregator for digital forensics blogs

by

Experiences, Accomplishments, and Lessons Learned

Introduction

When people join a new workforce, they often find themselves saying: “I am in way over my head.” I experienced that during my first week as an intern at the Leahy Center for Digital Investigation (LCDI). It was only my second week of my first year of college, and I couldn’t wait to get my foot in the door and start my internship at the LCDI. I was a part of a team of three (Matthew Eckhardt, Jordan Kimball, and Jessica Hunsberger), and immediately I noticed that our project was more complicated than anything we had done before. None of us knew where to begin with an “Automated Network Scanner.” We didn’t have the answers right off the bat. Luckily for us, the LCDI is a place for people who don’t always know all the answers, as the truth is, nobody does. My team and I got to work, and found out we were a lot more capable than we previously thought. The following is the culmination of our work and research into Nmap, port scanning, and Raspberry Pi’s.

What we learned so far

First, we should explain what it is we are actually doing. Our team was tasked with creating an “Automated Network Scanner”—that is, a device that could be plugged into the network at the LCDI and scan it for available ports, hosts, and services, as well as give a report on what it found. In pursuit of this goal, we learned how to use Nmap, an industry staple for scanning and testing a network for vulnerabilities.

This, by itself, was not too difficult. If you do your research, you can download Nmap and figure it out, no problem. The difficulty comes in the “automated” part of “Automated Network Scanner.” We solved this problem with Python 3. It turns out that Nmap can be inserted as a part of a Python script. One of the great boons in this project was that almost everything we were working on was well documented online, albeit small pieces individually. Using this knowledge, we learned we could inject the script into a Raspberry Pi’s startup protocols, and run the script as soon as the Raspberry Pi turned on. Furthermore, using Python allowed us to create a formatted report, and send it to a private email account automatically.

Conclusion

All in all, our research and effort put towards this project have proved successful. Our team has been moving at a steady rate, and our Automated Network Scanner is almost complete. This technology has a lot of widespread utility as this machine could be used by just about any person or organization who is heavily invested in a computer network. Creating a map of your network and potential vulnerabilities is extremely useful, especially in this current digital age. The next step for our team is perfecting our scripts, making sure our scanner is as efficient and informative as possible, and then setting up a mock network out of Raspberry Pi’s and testing the scanner on it, before testing it on the LCDI network.

 

To learn more about this and other blogs of the LCDI visit us here: LCDI Blog.

Stay in the loop on our current and upcoming projects and events by following us on Facebook,  Twitter, or Instagram. 

The post Experiences, Accomplishments, and Lessons Learned appeared first on The Leahy Center for Digital Investigation.

by

One Month of Network Scanning

Welcome to Our Project

Welcome to the official blog of the Automated Network Scanning % Team. Our team includes three interns from the Senator Patrick Leahy Center for Digital Investigation. Liam Barry is a computer networking and cyber security major who wants to learn more about networks and strengthen his skills in python. Alexander Zimmerman is also a computer networking and cyber security major who wishes to strengthen his skills in programming and teamwork. Nathan DiMauro is a computer science and innovation major who hopes to learn more about computer networking throughout his work on the project. Our long term goal is to create an automated network scanner using Raspberry Pi 2’s. The purpose of this blog is to document our progress so far.

Nmap

For a majority of our time this month, we researched goals of our project. None of us had ever made a network scanner before, so we were all completely new to this. The first thing we began researching was Nmap.

Nmap is the go to open source project for network scanners. We looked into how it works and how we can use it in our own network scanner. We came up with a list of scans that Nmap offers that we intend on using in our script. They range from basic port scanning, to version detection on an operating system. With the power of Nmap behind us, we were ready to look into scripting.

Python

Once we had learned about the ins and outs of Nmap, it was time to move on to script writing. Our project supervisors gave us the opportunity to choose between Bash and Python. Because the entire team had worked in python before, we choose to go with that. We started out making some basic scripts to re-familiarize ourselves with the language. From there we set up a GitHub so that we could collaborate on code. We also found a premade python library that allowed us to call Nmap commands directly from a python script. We all read though the source code of the library and started planning on how we could use it. With the majority of our software figured out, it was time to look into our hardware.

Devices

Now that our plan for scripting was complete, we needed to write up a list our devices. Our supervisors provided us with a box of supplies that we would use The box contained 3 raspberry pi model 2’s, an 8GB micro SD card, a micro SD to SD card adapter, a USB WiFi adapter, and a power supply unit. We all were familiar with most of the contents of the box. The only real research we had to do was on installing an OS onto our raspberry pi’s. We decided to go with Raspbian because it seemed the simplest to learn.

In the Next Month

September was a great month for the team. We got a lot of research done and are now very familiar with our tools. Throughout October we will start to actually create our scanner. Step one will be to get our script working. From there the plan is to put that script onto the raspberry pi and automate it. Be sure to come back next month to see our progress on the network scanner!

 

To learn more about this and other blogs of the LCDI visit us here: LCDI Blog.

Stay in the loop on our current and upcoming projects and events by following us on Facebook,  Twitter, or Instagram. 

The post One Month of Network Scanning appeared first on The Leahy Center for Digital Investigation.

by

Mobile Forensics Update 1

Introduction

Frequent readers of this blog will not be surprised to see a new iteration of the Mobile Forensics project. This semester, we are focused specifically on social media apps on Android devices. For the purposes of this project, we have defined social media as any app that allows people to communicate, chat, interact, or exchange information. Most applications that will fit this definition are categorized on the Google Play store as “social”.

This year our devices are two LG G6’s and, as in past projects, the team will be taking advantage of Cellebrite’s UFED 4PC and Android Debug Bridge (ADB) to extract information from the app files. Additionally, we will be investigating if there is any difference between the data collected and stored on Android version 7 and Android version 8.

Current Progress

So far we have created processes and templates for organized data generation. After narrowing down which applications we want to look at, we decided the first application we will be pulling data from is Snapchat. We have been practicing rooting devices and pulling the data to figure out what we will look for on the devices. We need to root the devices to be able to get the information off the apps and look under the hood of them. Our LG G6 devices have just arrived, and we are preparing them for data generation.

Conclusion

After prepping our devices, we will download  Snapchat and start creating data by sending snaps to the LCDI Snapchat. We will then use the app for a day before we pull information off of it. The more we use the app, the more information we could potentially acquire. When we do a pull, we will analyze all the data we have and once that is complete, we will move on to the next application, Telegram.

Stay tuned for more updates to come and follow us on Twitter @ChampForensics, Instagram @ChampForensics, and Facebook @ChamplainLCDI.

The post Mobile Forensics Update 1 appeared first on The Leahy Center for Digital Investigation.