The time has come to share with the world the Spring 2013 Champlain College Senior Capstone projects. This year I asked the students to create a blog and share their research. This way students can interact directly with subject matter experts and start to build their online contribution to the industry. Please feel free to comment here or on the student blogs.
Greg Burns – Volume Shadow Copy – My capstone project is going to research tools such as a program called Libvshadow which contains a library and set of applications to read the volume shadow snapshot volumes, these tools consist of vshadowinfo which shows information about VSS volumes and vshadowmount. Libvshadow can be run from and OSX or Linux. The main part of my research is going to go evaluate the data that is extracted, specifically the metadata.
Bob Buckley – Pinger Forensics – Pinger is a mobile application that offers free communication to users all over the World. The application gives you the power to text, call, leave voice mails and store users contacts. Pinger is offered for free in the Google Marketplace, and also for free in the iTunes app store, and can also be accessed from a computer. I am going to take this application and forensically examine it, and figure out what information the program itself stores, and if any of the communication data is recovered.
Christine Casey – Snapchat Forensics – Snapchat is a mobile phone application that is now the latest trend. The app allows users to send pictures and videos to those on their friends list. It allows the sender to select the amount of time, which is between one and ten seconds, that the receiver can view the photo or video and then it disappears.The goal of my capstone is to see if it is possible to forensically recover the image or video sent through the snapchat app.
Mary Hughes – Data Exfiltration Forensics – I will examine digital forensic data that cloud storage services leave on a system, network information available while these services are running, and any syncing information connected to each individual service.
Nicole Dalbora – Ipad Application Forensics – Research will look into some popular apps on the iPad. So far I have started looking into the Dropbox application. Other apps I plan on possibly looking into are Safari, Facebook, Twitter, and Tumblr – apps I use often.
Dan Doonan Android GPS Forensics – Research will look into GPS data on an Android smartphone generated by specific applications. I plan on being able to generate a table of popular Android applications that show: 1)What causes the application to generate GPS data, 2)Where on the device this data is stored 3) How, if necessary, to parse this data into a readable format. So far I plan on looking into the small number of applications listed below and expanding upon this list as I go. 1) Google Maps Navigation 2) Facebook / Facebook Messenger 3) Twitter 4) Foursquare 5) Evernote.
Ethan Fleisher – Virtual Desktop Environment Forensics – Virtual desktop environments (VDI’s) are quickly becoming more popular as businesses are attempting to cut costs in different areas while increasing productivity. Employing a VDI automates many processes that networks currently undertake, and allows for administration of new machines and machine scalability to increase. There are many popular clients currently used right now, including VMWare, Hyper-V, and Citrix. Though the technology isn’t quite as widespread and implemented in many corporations yet, it is important to realize that it very well could be. It is always better to be proactive and already have a set idea of what measures need to be implemented and what data is retrievable ahead of time. While researching VDI’s, I plan on using Citrix as my main client. My setup will involve a server using Citrix’s XenServer as the hypervisor, Citrix XenCenter controlling the hypervisor, a Windows Server 2008 R2 domain controller primarily for DHCP, and multiple Windows virtual machines. Windows virtual machines are arguably the most common thin-client that will be seen in the work place. I plan on examining what is capable of being obtained from both persistent and non-persistent VDI’s by creating a base scenario/template that will have multiple users accessing different, commonly found, artifacts. Ideally, if my time before the project is due permits, I would like to explore into what information can be found on the XenServer itself, what may be obtainable through the Windows Server, and what potential information may be available through either XenCenter.
James Kellogg – Anti-Forensic Memory Tools – Research will involve reviewing the recently released anti-forensic memory tool called Dementia from a forensic standpoint. This tool is developed by Luka Milkovic, in which it’s able to successfully hide processes, connections, and objects from popular memory extraction tools such as Volatility, Responder from HBGary, and Madiant’s Memoryze.
Kyle McLeod – Siri Forensics – Through my research I hope to learn three things: 1. The exact method used by Siri to handle requests. 2. What information Siri stores on the device, and where. 3. If any information can be extracted and parsed into a form usable by a forensic examiner.
Fred Morey – Internet Browser Forensics – With a simple Google search you can find a dozen or more web browsers built to be run off thumb drives. Many of these browsers are just a different formulation of the browsers we know and love; Mozilla Firefox, Google Chrome, Opera, Avant, and Apple Safari to just name a few. Most of them say that the browser is totally secure and nothing gets saved to computer’s hard disks, everything stays on the thumb drive. Many of the lesser known browsers available for thumb drive install are specifically built for security or anonymity. Throughout my final semester at Champlain College for my capstone project I will hopefully be working with these types of browsers and working both live and after the fact forensics along with memory analysis in Windows. I will hopefully have time to do this work in Windows 7, 8, and XP. I will be firstly starting with Windows 7 and moving through Windows 8 and XP respectively.
Trevin Mowery – Siri Forensics – This project will research Apple’s Siri feature. Research will attempt to determine what is stored on the device as well as what is communicated to remote nodes.
Cat Stamm – Samsung Galaxy Camera Forensics – The Samsung Galaxy Camera is an Android based camera which has the capability of posting pictures and videos to a social media site in real time, it has 3G/4G connections as well as WiFi. My project focus on the digital forensic artifacts recoverable from this device. Since this camera is running Android 4.1, all Android applications are available on the camera. This means users will have access to their email, social networks, video/online chats, web browsers and much more on their camera. Acting just like any other mobile device on the market, the Samsung Galaxy camera is opening the door to new possibilities within digital forensics.
Neil Torpey – An Exploration of Plists – I have decided to take a more in-depth look at how Mac OS Property Lists (thenceforth will be referred to as “plists”) function within several popular applications, and how they have changed between versions. The function of plists is similar to that of the Windows Registry. They are typically stored as XML files and contain data about applications ranging from version and install date to timestamp data and IP addresses.
Jake Veins – Internet Browser Memory Forensics – Internet browsers can be involved in every form of communication, including criminal activity. All activity that is conducted on a computer leaves behind some form of evidence. There are a number of tools that analyze computers for forensic evidence, but all the current tools only look at non-volatile memory. A partial list of tools and research can be found at http://www.dfrws.org/2011/proceedings/12-344.pdf, though I haven’t verified its accuracy. This project will research what evidence can be found in volatile memory from Internet Browsers.
Please remember that these are undergraduate digital forensic students so they do need some direction and are not considered industry experts – so be nice