EnFuse 2016 Conference

Jon Rajewski Uncategorized

Jonathan Rajewski IOT Forensics


On May 24, 2016 I had the pleasure to speak twice at Guidance Software’s EnFuse confrence.

The first session was a panel on the topic of “The Five Mistakes You Don’t Want to Make when Providing Forensic Testimony” with James Vaughn, Managing Director, iDiscovery Solutions, Sheryl Falk Attorney, Winston Strawn, Christopher Novak, Managing Principal, Verizon, David Cowen, Partner, G-C Partners, LLC / SANS and Suzanne Widup Senior Analyst, Verizon. This session was a sold out and we had a lot of fun engaging with the audience. We really look forward to next year’s session. The slides from this talk can be seen here.

The second session was another sold out session on “Internet of Things Forensics”. This was a year long effort of research with a team of students at the Leahy Center for Digital Investigation. We worked hard to reverse engineer how data is generated, stored and used by over 10 IoT devices. The slides from my presentation can be found here.


Do you need help any Digital Forensic/CyberSecurity research?

Jon Rajewski capstone projects, champlain college, computer forensics

I see a lot of questions on Twitter, email listserves, Google+ etc about technical challenges Digital Forensic/Incident Responders are dealing with on a daily basis. I know that we’re all very busy at our jobs and sometimes we just don’t have time to conduct research into a particular project.

champlain college view library

Champlain College (Burlington, VT) overlooks Lake Champlain

I would like to offer a solution – a class of eager undergraduate Digital Forensic students from Champlain College.

Read More

Think before you ReTweet that Anonymous post…

Jon Rajewski Uncategorized

rajewski anonymous logo hacking forensic dfirBarrett Lancaster Brown, a journalist who posted a hyperlink in an IRC chat was indicted on December 7, 2012 by the US Department of Justice. According to the press release”By transferring and posting the hyperlink, Brown caused the data to be made available to other persons online, without the knowledge and authorization of Stratfor and the card holders”

Read More

Hello world!

Jon Rajewski Uncategorized

Welcome to WordPress. This is your first post. Edit or delete it, then start blogging!

Mobile Device Forensics – Course Update

Jon Rajewski champlain college, curriculum, FA2012FOR310, mobile device forensics

It’s been a few weeks since the last update, but things have been busy. The Fall 2012 term is now in Week 5 (wow, the semester is flying by). We’ve covered the following topics:

  1. Cell phone usage and data
  2. Cell phone network architecture / infrastructure
  3. Carriers and how they play a role (or not using a carrier all together – create your own)
  4. Procedures
I’m teaching two sections of this class – each has about 14 students so there is a great teacher/student ratio.
Students are still using their issued Android cell phones to generate data. For those new to this blog series – each and every student, the first week of class, was handed a cell phone to use for a month. We will later use these devices to extract/analyze data in the second half of the course. Also – we’re still using the Ipad 3’s which will be analyzed in a few weeks.
I’m looking forward to the next few weeks when we tackel the topics of Impediments then Comercial Mobile Forensic Forensic tools. We have purchased both the Cellebrite UFED and XRY devices so students get experience with the leading comercial tools being used in the industry.
cellebrite ufed champlain college forensic rajewski
Cellebrite UFED
XRY forensic champlain college rajewski
Using the XRY
After we complete the Comercial Forensic Tools section, we will shift gears to something we’re really looking forward to – 8 weeks of Android and iOS forensics. These weeks will be spent using a lot of open source tools (specifically Santoku for droid) as well as preparing students for the final project – which I don’t plan to publicize, but it involves many aspects of mobile device investigations. I’ve been known to build some really exciting assessments that prove if students mastered the content or not – and this project might just be the best yet. Stay tuned.

Engage Digital Forensic / Incident Response Students. Why is this a good idea?

Jon Rajewski champlain college, computer forensics, Professors

In the ever growing field of digital forensics / incident response there is a great need for professionals to mentor/assist those currently trying to break into the industry. Some of you reading this are literally the “rock stars” of DFIR community – and students know this.

rajewski expert cybersecurity mentor

We all have mentors and people that we aspire to be like. In the above video, you will see Ajay Bhatt (actor Sunil Narkar is actually in the video), who was one of the inventors of USB and is being treated with rock star status.

This blog post also is motivated by a few of my students attending the 2012 Open Source Digital Forensic Conference this October.. Several of them already came to my office excitedly saying, “we’re bringing our textbooks to get signed by [insert forensic rock start names here]”

Sooo why should you help mentor / assist students – they are the future generation of digital forensic / incident responders. A lot of us in the industry are also looking for good college graduates to add to our ever-evolving teams. In my opinion (which is one of my reasons I teach) it’s our duty as professionals to help grow the industry by sharing knowledge and experience – and by helping students we are helping to grow the industry as a whole.

If this motivated you at all and now you’re interested in helping mentor students please let me know.

Jonathan Rajewski to speak at the University of New Hampshire at Manchester

Jon Rajewski computer forensics, cybercrime

I’ve been asked to give a presentation at the University of New Hampshire at Manchester on November 1, 2012. Here is a link to the program. Below is a description of what I will be presenting on.

unh manchester rajewski forensic

Computing Showcase in Digital Forensics

Event Details

Public Program
Date: November 1, 2012
Time: 6:00 pm – 8:00 pm
Venue: Third floor auditorium

Learn about current trends in computer and digital forensics, cybersecurity, mobile device forensics and malware analysis. At the end of the presentation we will conduct a “real-world” cyber investigation that will demonstrate how all of the previously mentioned disciplines can be used to investigate cybercrime.

A presentation by Jonathan T. Rajewski, Assistant Professor of Computer & Digital Forensics at Champlain College, and Computer Forensic Examiner with the Vermont Internet Crimes Task Force in Burlington, Vermont

Funding provided by the Saul O Sidore Memorial Foundation

If you have any questions or would like me to address anything specifically please contact me as soon as possible 🙂

Below is a Google map of the campus. Here is a link to visitor parking on campus.  

View UNH Manchester Campus in a larger map

Operating System Forensics – Week 1 Overview

Jon Rajewski champlain college, computer forensics, curriculum, FA2012FOR340

The first week of classes went well for this course. One of the questions I love ask students after I go over the course schedule is “what would they like me to present on in addition to what I planned?”.

The overwhelming response from students (mostly junior / senior –  Computer Forensic / Computer Networking and Security) was Malware Analysis. Typically I present Malware Analysis in our FOR430 Advanced Topics course – we spend about 6 weeks delving into the basics through some very entry level static/dynamic analysis techniques.

So malware analysis – it’s hard. it’s not something you can completely learn in one course. Take it from Patrick Olsen’s blog post review of the highly regarded Sans FOR610 course “Reverse-Engineering Malware: Malware Analysis Tools and Techniques”. While this couse is lead by an expert in the field, typically Lenny Zeltser, and I’ve only heard amazing things about it, it takes a lot of technical preparation (in my opinion having some considerable computer science background for the static analysis and OS internals/network analysis for dynamic analysis) to be ready to take the course. It also requires you to be committed to the specific area of study. I’ve always said, Digital Forensic Incident Response (DFIR) teams are like a puzzle, everyone will have their niche expertise, but everyone will need to work together during an incident to reach success. 

rajewski dfir forensic malware analysis
Digital Forensic/Incident Response professionals are apart of a larger collective of experts. We need everyone to work together to fight evil. 

That said, due overwhelming interest from the students, in this Operating System Forensics course we will cover some of the basic static and dynamic analysis techniques. However, students will need to master all of my planned content including file system analysis/operating system analysis. Also, as an aside, malware analysis is the buzzword – what professionals are actually doing is a behavioral analysis of code/software. We focus on “malware” because that’s whats negatively impacting our networks/computers.

Series Introduction: Operating System Forensics

Jon Rajewski champlain college, computer forensics, FA2012FOR340

This is the first post for the 2012 Fall Operating System Forensics course at Champlain College. This course is focused on teaching students how to extract and analyze information from some of the most commonly seen operating systems.

We will explore aspects from basic analysis all the way through some of the most leading edge analysis methodologies that will help students prove if a particular computer was involved in the cybercrime. This course is very much “hands on” and students are expected to spend a considerable amount of time working alone and in teams to complete their projects.In this course I focus on students being able to complete the technical aspects, but also able to communicate the technical results verbally/in reports. By the end of this course students will be able to conduct an analysis on computers involving common crimes (theft of intellectual property, inappropriate use of systems, data destruction, AUP violation etc) and write a report /testify to the work that should stand up in a court of law.

volatility forensics memory analysis Frank Boldewin

We will be using many open source/freeware/commercial tools to analyze evidence. We focus very much on students not blindly relying on the tools, but understanding what’s happening within the evidence regardless of which tool is being used. That said, we do teach students the very same tools that are being used by major consulting / government agencies including but not limited to EnCase 6.x/7.x, FTK 4.x, regripper, volatility and many,many more. We will have access to virtual machines that we will use to build operating systems, create “evidence” and examine that evidence. Students will also explore many hands on investigation scenarios that will help them strengthen their skills. Students leave this class feeling comfortable conducting digital forensic exams on digital devices.

champlain college forensic encase guidance software rajewski
To read full article please visit  http://www.guidancesoftware.com/DocumentRegistration.aspx?did=1000018034

At the same time this course is offered, I will be teaching a graduate course in Operating System Analysis – if we have time at the end of this class I want to intergrate a lecture or two on some of the advanced topics discussed in the graduate course.


Series Introduction: Mobile Device Forensics

Jon Rajewski champlain college, computer forensics, FA2012FOR310, mobile device forensics

This is the introduction post for my Fall 2012 Mobile Device Forensics course. This is a brand new course and will be actively developed over the semester.

During this course students will learn about cell phone / mobile device / embedded system technologies. Over the next 15 weeks we will delve into everything from how cell phones and their respective networks work, how information is stored on mobile devices, how to investigate a case involving mobile devices and what information is stored with a service provider.

This course will rely heavily on hands on activities that will require a lot of work outside of the classroom. We will be using both of Andrew Hoog’s books – Android Forensics and IOS and Iphone Forensics. I plan on using many of the open sourced tools discussed in these texts to help the students understand what’s actually going on in these books.

Champlain College has graciously provided IPads/Iphones/Androids/Kindle devices for our class to use. Each and every student will have at least one week with these devices to add data to it, then as a class we will all learn how to properly extract/analyze data from them. We also will have access to a Cellebrite UFED and XRY Complete – this allows students to use some of the leading products in the industry right in the classroom.

Champlain college forensic mobile device
Mobile devices we’re using in class

Needless to say, I’ve very excited about this class. I don’t know of any other undergraduate courses offering such a class like this but if there is one out there please let me know. I would love to collaborate with other professors to make this course even more exciting.