Forensic Blogs

An aggregator for digital forensics blogs

by

Working From Home With Sawyer Zundel

First-year Computer & Digital forensics major Sawyer Zundel discusses his experience juggling life working from home as a Windows team intern and as a full-time Champlain College student.

“Please, tell us about the team you’re on, the project you’re working on and your position on that team.”

“I’m on the Windows team, where we’re creating a training scenario to teach responders how to investigate cyberattacks. To do this, we’re building an entire office network and simulating normal company activity on it. Next, we attack the network with various common hacking tools. This compromised network will be used as the training scenario.

We’re all playing multiple roles in this project. I’m mostly focusing on setting up the security monitoring software used in the fictional office. I’m also playing the role of a business executive in the office as we generate activity on the network.”

“What is your current home life like now as a working college student?” Sawyer sitting at a table with his cat and laptop at home.

“Well, I have returned home to my residents in Maine. I’m living with my parents, my brother, 2 dogs, and 2 cats. Due to the need for social distancing, we’ve been spending a lot of time around each other. Luckily, I have my own room, where I can go for classes and other things that require a quiet space. It felt really strange to have classes and meetings without getting out of my bed. That said, I’m still following a solid routine each day. It lets me get as much done as I was when all of this was in-person.”

“You mentioned following a routine. What does a typical day look like for you now?”

“I usually get up around 9am to get ready for my 9:30 classes. Some mornings, I have several classes and meetings back-to-back, but I usually get a break after a few hours. I use this break to make brunch and relax for a little bit. My afternoons are much more flexible. I usually spend them working on homework, various tasks for work, and video meetings with co-workers as needed.

When the weather is nice, I try to go for a socially distant walk around town before it gets dark. My family takes turns making dinner for the others each evening around 5 or 6pm. After that, I try to wrap up my homework and sometimes watch a movie with the family before getting ready for bed.

I’ve found my lap desk to be incredibly helpful, letting me turn any part of the house into a temporary “office”. Many times I end up doing most of my work from my bed, but I like to mix things up sometimes and also use the dining room table and living room, too. Everyone in my family is pretty understanding of the fact that we’re all still living the same busy lives that we had before, even though it’s all remote now. We’ve all been very respectful of each other’s meetings and deadlines, so if I need to get something done for school or work, we all work together to make sure that I have what I need to make that happen.”

“How has your approach to your research changed since you started working from home?” Sawyer sitting down to work at home from his laptop.

“Personally, I think working remotely is really helpful for my research. I can really take my research at my own pace and spread out my notes as much as I want. I’ve always found that taking handwritten notes is very helpful for me, and working remotely I can spread pages of handwritten notes in front of me without worrying about taking up too much space, like I would in the office. I can also use more video and audio resources without having to find USB headphones first, or worry about not hearing something in the office.

Research for my project while working from home is much more self-driven and has helped me develop much more faith in myself regarding my research skills and technical abilities. While I can always message my supervisor for help if I really need to, working remotely gives me that extra push to put a little more time into trying to solve the problem for myself before turning to my supervisor, thus creating some brand new learning opportunities for me.”

How has your teamwork pattern changed given the shift to remote work? 

“By working remotely, my team has gained a much deeper understanding of each other’s strengths and interests in the project. We’ve each developed a much more specific focus on different parts of the larger goal. I’m primarily focusing on network monitoring while my other teammates have taken on other focuses ,such as networking, endpoint monitoring, and penetration testing. From this, when challenges come up, we know almost always know exactly which teammate to turn to. This has lead to a really nice balance between working independently and relying on each other for help. Even though we’re working remotely, we’re constantly communicating online to keep each other up-to-date with what’s going on and what we need.”

“Anything else you would like to add?” Sawyer working from home while his cat drinks out of his mug.

“It’s really incredible how well that sense of team spirit and camaraderie has carried over to our remote work. Even though we’re all working from our own homes now, my work feels just as immersive as it did before. I’m so thankful for the opportunities that the Leahy Center has given me to explore my field more deeply than ever, and for the fact that I can continue doing so while still working remotely.”

Stay up to date with Twitter, Instagram, Facebook, and LinkedIn so you always know what we’re up to!

The post Working From Home With Sawyer Zundel appeared first on The Leahy Center for Digital Forensics & Cybersecurity.

by

Leahy Center Student Showcase: Liam DiFalco

Introduction to the Leahy Center Student Showcase

The Leahy Center for Digital Forensics & Cybersecurity employs students from a wide array of different states, backgrounds, and skillsets. Through this diversity, we can constantly challenge our status quo and stay at the cutting edge of forensic research. Above this, however, we are able to build a fantastic, inclusive community, one that allows anyone to foster their love for digital forensics and cybersecurity into workable skills and make meaningful connections in the workplace. We would like to shine a spotlight on those who help make the Leahy Center the place it is. The student interns that work at the Leahy Center are not only learning the skills they need for a future in digital forensics, but also contribute fresh perspectives and work to make the Leahy Center a lively place.

Our first student is Liam DiFalco, a high school student from Burlington High School. Working with college students and trained professionals is intimidating, so we took a look into how Liam interacts with the Leahy Center to further his education. Thank you, Liam, for allowing us to interview you!

#1: Liam DiFalco

Editor: “Hey Liam, how’s it going?”

Liam: “Pretty good.”

Editor: “So tell us a little about yourself. Where are you from? What do you do, what are your interests?”

Liam: “Well I live in Burlington, Vermont, but I was born in Bristol. I go to school at Burlington High School, and I have interests in computers and cars. In fact, building cars is a hobby of mine. I’m trying to get Digital Forensics as my major going to Champlain College.”

Editor: “Living in Burlington, how easy is it for you to pursue those interests in data recovery and computer stuff?”

Liam: “Well, I mean, it’s certainly not as populated a state as, say, California. There’s not as many tools or resources as there are in very populated cities, but living in Burlington, it’s nice to have access to the Leahy Center and all of these tools, as well as people that know what they’re doing to help teach you how to use them.”

Editor: “How did you hear about the Leahy Center?”

Liam: “Well, I actually have a relative who works in this building, so I’ve been here several times. I’ve seen this place as I go back and forth, and I ask, “What do they do? It looks really impressive.” It wasn’t until last summer, when I heard about DFCS Academy, where I was like, “OK, I want to do this so I can get more involved with whatever is going on over here,” and I learned more about digital forensics and cybersecurity in those two weeks than I have in my entire life.”

Experience at the Leahy Center

Editor: “Speaking of your experience here, what kind of things are you doing? What kinds of projects are you working on?”

Liam: “Even though it’s been a few weeks, I’m still getting a hold of everything that I need to be learning, including using VMWare, learning the lingo, and learning all the different tools I need to use. It’s still pretty fascinating to me. I could spend days on end in that lab, searching through a drive or just doing research on what I need to do. It’s just interesting, there’s so much I could learn from it.”

“I learned more about digital forensics and cybersecurity in those two weeks than I have in my entire life.”

Editor: “Can you go into a bit more detail on the different tools that are available to you here that you might not have access to elsewhere?”

Liam: “Just in data recovery, there’s Axiom, EnCase, all the VMWare tools, thousands of dollars worth of software that I would never be able to use at my house. There are 3-D printers, powerful and expensive computers, write blockers, different kinds of forensic tools that I can delve into, it’s a trove of tools you can use to stop cyber-crime and learn something.”

Editor: “Talk to us about the community here. What is it like working on projects with the people who are on your shift with you?”

Liam: “Working with the people in my group, the data recovery group, is pretty good. They’re very independent. They know what they’re doing. It’s interesting to see and watch what they’re doing through the Trello boards different blog posts we have. During my first couple of days here, I was pretty intimidated. I was a little bit shorter than everyone else, I didn’t really know anybody, but everybody here is extremely friendly, extremely kind. “

Balancing School and Work

Editor: “How does the stuff you’re doing in high school tie in with the stuff you’re doing here at the Leahy Center? Is there any interconnected material between both of them?”

Liam: “Well, surprisingly, yes and no. In almost every class I can bring up something that I learned about here. This is a weird example, but when I’m talking to students about deleting files on your phone or computer, they don’t understand the concept that it’s still there, it’s still gonna be there. It’s kind of interesting to see how much more I know about this stuff than them and seeing all the stuff they know about that I don’t.”

Editor: “You seem pretty driven in your work here. You’re still going to school, how are you balancing coming here and doing your work at the Leahy Center while also being a high school student?”

Liam: “Well, I contacted my advisers through the school. We managed to get it so I could have fewer shifts here, two-hour shifts instead of three or four, and only come into school before or after my shifts. I had my classes picked out for the day to balance this and school. I feel this could be more important than just getting the credits to graduate.”

Wrapping Up

Editor: “Where do you see yourself in the future after college, after you take these classes at Champlain? How do you feel your experience here helps you with that?”

Liam: “Well, I hope to see myself getting into a fairly decent job after college, ideally within the first few months, maybe working with the Leahy Center or a private firm. I don’t know the path that’s waiting for me after college. With this job, it could be anything, from a small business to a firm or corporation, but I hope to be able to use these skills to my advantage every single day.”

Editor: “Fantastic. I just have one more question for you: how do you like it here?”

Liam: “If I had to come up with one word, I would say it’s very comfortable here. I feel like this is the place where I’m supposed to be during the day. I’m relaxed, people around me know what they’re doing, and I’m learning what I’m doing. I don’t feel like I’m stressed out coming here, or glad that I’m leaving; I’m kind of sad when I leave. I think it’s a pretty great place.”

Editor: “Cool, well it was nice talking to you!”

Liam: “Yeah, thank you!”

*As of 11/20/19 Liam has accepted to the Computer & Digital Forensics program at Champlain College and will be attending as a full-time student in the fall of 2020.

All Photos by Deja Miller, ‘22 // Marketing

Stay up to date with Twitter, Instagram, and Facebook by following @ChampForensics so you always know what we’re up to!

 

The post Leahy Center Student Showcase: Liam DiFalco appeared first on The Leahy Center for Digital Forensics & Cybersecurity.

by

Application Analysis Blog 1

What is Application Analysis?

Artifacts are a subject of fascination, full of information from their time and location.  An application leaves markers on systems that often go undetected by the user. These digital artifacts are small bits of information, ranging from profile icons to private messages. This information could be a threat, and it’s crucial that any consumer be aware of their app’s security. This means that if someone else gets into your system, they might be able to unearth info that could allow them to steal from or impersonate you.

The goal of this project is to find out what information remains after one removes an app from the system. Through this, we can learn what programs are secure and prevent any security risks.

Image stating

Browsers and User Privacy

In the first few weeks of the semester, we spent time examining the artifacts left by internet browsers. Through this, we uncovered a treasure trove of information in the “Appdata” folder. This folder is where every desktop application stores it’s information. Because it’s deemed unnecessary for user interaction, the Appdata folder is full of user input for most programs. If a normal consumer stumbled upon this, it wouldn’t mean much to them. However, this is all the juicy bits of data that were part of your account on a program. This could be very useful for someone trying to take control of your accounts.  For example, one of the files within this folder holds your Cookies, small temporary files that are responsible for holding small, session-long pieces of data.  

We took a look at the browser Firefox, made by the company Mozilla. There are three folders under Appdata: Local, LocalLow, and Roaming. The browser stores data that it accesses in a local server so that it can access it again, like your browser homepage.

Your credit card information that was put into Amazon is held in that file, as is your Facebook password. This is a risk for everyone and it needs to be addressed to make users more aware of their safety online and offline.

An image of the information under the Firefox tab in Roaming

An image of the information under the Firefox tab in Roaming

What types of applications will we be looking at? 

After working with browsers, we started researching other applications to investigate.  We decided to investigate Steam, Google Drive, Dropbox, Viber, and Twitter. Steam is a popular gaming PC gaming platform that, as of April 2019, has a billion accounts and 90 million users. It’s important that such a giant in the video game industry keeps its users’ information private. Google Drive is similar to Dropbox, but is better funded and more used. We are curious to see how much of a difference this makes security-wise for each user. Viber is a small Peer-to-Peer (P2P) application for smartphone and desktop use. P2P gives users equal permissions, allowing for fast data movement. Finally, Twitter is a large worldwide social media application that has had a history of insecurity in its system.

Conclusion

During the course of this semester, we will these desktop applications on our virtual machines. Doing this will generate data from the program into the Appdata folder. After this, we will completely uninstall the applications from the system, and investigate the data leftover, analyzing the trail of data to see if one could abuse it.

We will start next week with analyzing our first application, and we will be sure to let everyone know the verdict on our next blog!

 

Stay up to date with Twitter, Instagram, and Facebook by following @ChampForensics so you always know what we’re up to!

 

The post Application Analysis Blog 1 appeared first on The Leahy Center for Digital Forensics & Cybersecurity.