These Days, IoT devices are increasing rapidly and are being used everywhere. IoT stands for Internet of Things which are devices ranging from smart homes (thermostats, light switches, etc) to security systems (cameras, locks, etc). Sooner than later these devices will be utilized in digital investigations. Currently, there are over 26 million activated devices used all around the country. Now that there is more interaction between man and computer, there will be more ways to utilize data from IoT devices to help digital forensics analysts with their endeavors. The goal behind this project is to show that IoT devices are still systems and can be investigated through Linux Forensics. 

The Project Starts

My first couple of weeks were catching up on where the other team members left off from. The initial phase of the project was to catalog all the IoT devices in the Leahy Center. Basically, the catalog consisted of Inventory, Open Ports, and Physical Access, and Data Validation. For the inventory section, we noted the device’s serial number, model number, ethernet ports, USB connector, and JTAG Access. We also logged the device name with the mac address and open ports in the Open Ports section. For the Physical Access section, team members Austin Grupposo and Joe McCormack disassembled and performed physical access to the devices listed in the inventory. They each noted the exploit source and collected data through JTAG.

Linux and the Internet of Things

With the initial phase of the project almost complete, I continued their research while Austin and Joe proceeded with physical access to those devices. IoT devices tend to utilize an operating system type called RTOS, or Real-time operating system. Commonly referred to as a not-a-full-featured operating system, RTOS is straightforward and does not rely heavily on resources to run. Because of this, I researched Linux commands and did a small workshop to understand IoT Linux. Austin helped me disassemble IoT devices and explained DUART/JTAG. Furthermore, I researched articles and videos on IoT devices related to Linux.

Next Step For Project

The next phase of the project focuses on data generation. At the time I joined the team, they had already nearly passed this step, so I joined the meetings to get an idea of what data generation is and how it works. I have read Austin’s and Joe’s notes related to this subject. Later on, in the internship, I learned a bit more about data generation and the goal of OSDFCon. I’m excited to take these skills that I’ve learned to continue with the project in the future.

Be sure to look for future posts and stay up to date with @leahycenter on Twitter and Instagram, and @theleahycenter on Facebook!

The post Using Linux to Catalog The Leahy Center’s Devices appeared first on The Leahy Center for Digital Forensics & Cybersecurity.

Over the course of this semester, my team at the Leahy Center worked to create an interconnected smart mirror using Raspberry Pi technology. We started off the semester strong, doing a lot of research into the project. We know that, once we got our hands on Raspberry Pis, we could immediately begin configuring modules for different aspects of the project.

Our Goal

It seemed right off the bat that we all knew exactly what the end goal should look like. The small form factor of the Raspberry Pi made the mirror a possibility. We shared a common vision, and we planned to use a small mirror, multiple Raspberry Pis, and an old touch screen taken from a phone, as well as some other small things to create that vision. 

Transitioning to Online

Meeting solely online was a challenge at first, but the team quickly settled into communicating through Slack. The physical aspects of the project gave us trouble, but the team has worked well through difficult times. 

Be sure to look for future posts and stay up to date with @leahycenter on Twitter and Instagram, and @theleahycenter on Facebook!

The post Building a Raspberry Pi Mirror appeared first on The Leahy Center for Digital Forensics & Cybersecurity.

By Miles Campbell

This year marks my first year here at the Leahy Center, and so far my experience has been great. As a first-year intern, the team here has been nothing but welcoming. Everybody I’ve been working with has been super helpful in getting me on my feet. Because of their help, I’m able to get quality in-field experience and actually contribute as a first-year intern. Even with COVID changing the landscape, I still feel that I’m getting a fantastic experience.

My internship has been conducted entirely remotely, like all of my classes, however, the process of getting set up was seamless. We’re working on comparing many VPNs, trying to see how the common VPNs are similar and different. Being a first-year college student with little experience in networking, I had to do a little research on my own about how networks operate. Duane Dunston, my team’s faculty member was kind enough to do a video class-like session with me to teach me the basics. So far, we have created a scene and recording what features many VPNs advertise, what they really mean, and how common they are amongst other VPNs. While this information is useful for my work going forwards, it’s good knowledge to have for my future classwork here at Champlain.

My First Year Work

The Leahy Center also gives a lot of room for personal freedom in approaching our tasks. Right now I’m comparing Open VPN, an open-source program most of the VPNs we have studied use, with Wireguard, another open-source VPN. I am also trying to turn my Raspberry Pi 4 into a VPN server. I have not had any success yet, but I continue to try new things every shift.

While I don’t feel that I am as up to speed as others, I believe that I’m quickly catching up. I enjoy learning from my teammates and appreciate all they have taught me. Given I’m majoring in Digital Forensics, the experience I’m getting here at the Leahy Center is invaluable. I’m also planning to double major starting my second year, so I’m excited to start working with networks and the data transferred within them. I’m looking forward to more opportunities at the Leahy Center!

The post My First Year at the Leahy Center appeared first on The Leahy Center for Digital Forensics & Cybersecurity.