Cybersecurity Act of 2012 and College Education

Jon Rajewski CyberSecurity

CyberSecurity is a very broad term that could be considered an umbrella expression for a number of areas. In 2009 President Obama declared that the “cyber threat is one of the most serious economic and national security challenges we face as a nation” and that “America’s economic prosperity in the 21st century will depend on cybersecurity.” 

The Department of Homeland Security (DHS) put together a dramatic video highlighting the career of a CyberSecurity professional. Also please note that on the DHS website you can apply for their internship program.

My primary role at Champlain College is to educate students in the areas of digital forensics and CyberSecurity. When I see something like the Cybersecurity Act of 2012 making headway in the US Senate and President Obama writing an article in the Wall Street Journal to support the passing of said Act, colleges across America should be actively preparing to educate the future workforce.

Based on my knowledge of the industry and reading the Cybersecurity Act of 2012, there are going to be a plethora of jobs created/maintained in the following areas:

  1. Ethical Hacking;
  2. Penetration Testing;
  3. Vulnerability Assessment;
  4. Continuity of system operations;
  5. Cyber forensics;
  6. Offensive and defensive cyber operations.
These positions will likely be opened/maintained within the US/local government agencies, government contractors and private industry for years to come. 
Also included in this Act is the opportunity for students to apply for 1 of 1000 scholarships (Pages 127-130 of the Act) towards a program specializing in CyberSecurity.
If you are thinking of entering the world of CyberSecurity as an undergraduate college student or pursuing your career with a graduate/masters degree feel free to reach out to me to discuss. Again as I noted in the above paragraph, my role right now is to help prepare students to be successful in the area of CyberSecurity. If you have any questions please feel free to contact me. 

GPT partitioning scheme resource

Jon Rajewski computer forensics, file system forensics

Finding the right information when you’re looking for it sometimes takes a while. I wanted to share with you some information that I quickly put together on the GPT partitioning scheme.

While doing some course development work for a graduate couse titled “Operating System Analysis“and I wanted to locate a current resource on the GPT partitioning scheme. Of course we could all default back to File System Forensic Analysis by Brian Carrier (of which everyone should have on their bookshelf), but I was hoping for a free resource that students could also reference.

I found a few resources, but the Unified Extensible Firmware Interface Specification paper does an excellent job describing the GPT data structure. Present in the above referenced document you will find technical details as well as visuals to compliment your leaning. It also does somewhat of a comparison of MBR/GPT if you wanted to learn more on that. Most forensicators know about the MBR, but based on conversations with some colleagues few have really examined GPT up close.

Here is a cheat sheet of sorts from the lecture slides building. These include references from the UEFI paper (above) Carrier’s book and Bruce J. Nikkel’s paperForensic Analysis of GPT Disks and GUID Partition Tables which was originally published by Elsevier in Digital Investigation The International Journal of Digital Forensics and Incident Response Vol. 6, No. 1-2 (doi:10.1016/j.diin.2009.07.001)

guid, mbr, forensic, rajewski, data structure
Slide from Rajewski’s lecture on MBR/GPT as it relates to computer forensic investigations


 

It's been a while, but for a good reason…

Jon Rajewski Uncategorized

My wife and I had our first baby in June. I’ve been spending a lot of time with the family so I’ve been pretty much non-existant on social media. I plan on being back full tilt sometime in August. Until then, please enjoy this photo. This has been one of our favorite places to get to know each other.

rajewski digital forensic
Jonathan spending quality time with Elijah

Computer Forensic Failures – File system issues

Jon Rajewski computer forensic failures

I’m very happy to report that I received short story that clearly resulted in the author learning from their actions. The author of this story wished to remain anonymous. The below story has not been edited but a picture was added for those that have never seen an an IBM AIX tower.

computer digital forensic failure
IBM AIX Server

I saw your post on one of the forensic forums and thought I would share this, not a failure but lesson learned that delayed my work.  When imaging sometimes matching file system to file system is best.  I was imaging a 1TB RAID’d storage device connected to an old IBM AIX minicomputer.  A logical acquisition was the cheapest option, so that was what the client asked for.  I thought no problem, no external connection such as a USB or firewire, so it was going to be over the 10MB connection.  I had 1.5 TB drives so no problem…..right.  I connected and mounted the drive to my forensic laptop running Linux, and proceeded to pipe all the files via scp from the IBM’s RAID over the network to my laptop, everything was going well for a day, then all of sudden the job would quit no error messages, just stop short.  I checked the drive still room, so I was perplexed.  Tried again with a different drive, same result.  I knew something was up, but not exactly what.  My drives were formatted with NTFS.  Hmmm …Linux, maybe try a Linux file system.   I took another drive reformatted as EXT3 and restarted the process.  Ran without an issue.  What I found out later was the system admins didn’t want to spend money on more storage for that old box, so they kept dropping the cluster size down and down so they could keep adding files.  What I gathered is I hit the NTFS’s maximum file capacity before the scp was done.  So lesson learned was sometimes you need to work apples to apples if you have an unexplained issue.

I followed up with question for this person –


NFTS’s maximum amount of files per volume is 4,294,967,295 (2^32-1), How many files were on the EXT3 partition?


Their response was:

That was what I thought, I didn’t do any research on it, does seem a little out there to be that.  The RAID device ran for many many years and no maintenance was don.  From what I was told, the sys admins, kept lowering the cluster size to pack in more data, until they got down to 1 cluster = 1 sector.  I was thinking I had hit some limitation of NTFS which made it stop copying to the device, since switching to ext3 resolved the issue.   I had plenty of space left on my NTFS drive.

The drive we brought back was used with Encase and we didn’t have any problems exporting out the files to the network and going into our review platform.  Thinking back know and from other experiences, it could  have been a long file name/path issue too since NTFS doesn’t handle those and I had other issues with LFNs  on their SAN that we imaged later. 

In closing, please help this mini project by submitting what you’ve learned. Thank you.

Jonathan Rajewski appeared on Fox44 News

Jon Rajewski Uncategorized

rajewski forensic dnschanger fox44 vermont

On April 23, 2012, Jonathan Rajewski appeared on Fox44’s evening news. The topic of the conversation surrounded the DNSChanger malware and how on/after July 9th, 2012 those infected won’t be “protected” any longer.

We also discussed how one could check to see if they are infected, remediation steps and best practices to avoid these types of malicious tools. Below is a video of the interview.

Operation Ghost Click, the name of the international investigation led by the Federal Bureau of Investigation, included many entities including NASA’s Office of Inspector General (OIG), the Estonian Police and Border Guard Board, and he specially thanked the National High Tech Crime Unit of the Dutch National Police Agency. In addition, the FBI and NASA-OIG received assistance from multiple domestic and international private sector partners, including Georgia Tech University, Internet Systems Consortium, Mandiant, National Cyber-Forensics and Training Alliance, Neustar, Spamhaus, Team Cymru, Trend Micro, University of Alabama at Birmingham, and members of an ad hoc group of subject matter experts known as the DNS Changer Working Group (DCWG).

rajewski forensic fbi dnschanger vermont

I’ve mentioned this in the past, but the most effective way to disable / prosecute these international offenders is via productive/collaborative efforts by the international “good guy/girl” community. Most malicious actors are decentralized which means we need a collective effort to fight these criminals so they can be brought to justice. The Internet doesn’t recognize national borders, therefore laws on one country doesn’t necessarily translate to another. This is just one of the issues when investigating these types of cases.

Looking back at yesterday’s experience, Brittney Hibbs, the Fox44 reporter asked all of the right questions and made the interview flow very well. I really hope that the Vermont community learned from this broadcast and hopefully checked their home/work computers to see if they were infected.

Champlain College ITS Technology Conference April 21, 2012

Jon Rajewski Uncategorized





All systems are go for this weekend’s first ITS technology conference (“CUT”)

More information can be found here: http://champlainTechConf.blogspot.com
Who can attend?   Anyone! (feel free to forward)
Location:                   Champlain College – Hauke 005
Date:                          This Saturday (April 21, 2012)
When:                       9:30am-3:30pm (followed by ITS Capstone presentations from3:30pm-5:00pm in the Hauke Conference Room)
Anyone may attend, but please register at http://cut.eventbrite.com so we have enough snacks and seats.
It looks like it’s going to be a great event!  Hope to see you there!
Worm Propagation                                        XML Database Tools
Social Media APIs                                           LINQ
MBR Malware Analysis                                  Visualizers
Gathering Player Game Data                        Windows Defense
C++ Event System with Delegates                NodeJS
Ecommerce                                                    Raspberry Pi
Windows 8 Forensics                                    Rebuilding for Mobile
OpenAL
Followed by ITS Capstone Poster Sessions!!
Computer Information Technology (CIT)
Web Site for Champlain Valley Down Syndrome Group Jason DaSilva
Comparison Project on Three Content Management Systems Derek Izor
Web Site for Parenting Resource Directo
ry
Bonnie Bohan
Current Cybercrime Legislation Stephen Pinkham
What are the challenges associated with bringing high speed Internet access to rural areas? Andrew Ventre
How are we motivating/using Internet hedonists to solve real world problems currently, and is there anything more that can be done? Erik Warnick
Depression and Pathological Internet Use (PIU) Michael Berry
Technology and Education Nicholas Weible
Enterprise Architecture Jason Eastman
Solar powered computing Jordon Hamilton
Web Site for Radiant Floor Heating Nick Edwards
Web Site for Winooski Natural Resources Conservation District Erik Wallace
Computer and Digital Forensics (CDF)
P2P Computer Forensics: Examiners Guide Timothy Fernalld
Google Chromebook Forensics Stephen Jablonski
Android Memory Forensics Ryan Dixe
Kindle Forensics: A Look at the Amazon Kindle Fire Megan Percy
The Investigation Handbook for System Restore Applications. A look into a forensic analysis o
f Deep Freeze, Returnil, and Toolwiz TimeFreeze
Louis Donalds
An Investigator’s Guide to Basic Malware Analysis Kyle Heath
Quick Response Code Malware. The study of a population’s use of quick response codes for the potential of a distributed malware attack on cellular telephones Jason Hall
Xbox 360 Slim: Network Traffic Analysis. “Jump In” to Network Traffic Analysis Giovanna DiSipio
MBR Malware Analysis: TDL4 & Alworo. They Hide, You Seek Corrie Erk
Biometric Authentication Forensics Conor Shaughnessy
Android OS v. 4.0 Forensics. A forensic look into the new version of
the popular mobile OS
Alexander Caron
Volatile Memory Malware Analysis. Investigation Techniques Focusing on Artifacts in RAM Ben Rogers
Computer Networking and Information Security (CNIS)
ESXi QoS Geoff Altermann
FreeBSD implementation Brennan Connors
Network Design and Enterprise Architecture Ian Davis
Wireless Mapping and Security Daniel Espinoza
XBees Silver Evans
Virtualization of Network Brian Fabiano
Computer Worm Propagation Analysis Jon Ferretti
Small Business IT Infrastructure Taylor Howe
The Onion Router: Performance Patrick Moore
Data Exfiltration Kevin Reilly
Physical Security and Electronic Locking Systems Andrew Smith

Computer & Digital Forensic Failures

Jon Rajewski computer forensic failures, computer forensics, mistakes

Why would one want to study digital forensic failures? The same reason one practices what to do in a sporting game situation – so they’re prepared for the real game. A related reason is when a Football player watches game tape – they can learn from their and others mistakes. Lawyers conduct mock trials etc…

This blog post will be an active placeholder that will be updated as comments and other failures arise in the industry. 
Please note – Failure is part of learning/success. So to hopefully spark readers/contributors interest in this, I will be highlighting a personal failure.

Learning is important
One of my goals here is not to be the one pointing out issues/failures but to collect stores to share. If you would like to write a guest blog post on something you’ve learned from please contact me. Also, if you want to remain anonymous, you should have the skill-set to send me something in that manner and we can arrange that type of blog post.

Suggested format:
  1. Overview of the situation/issue/case
  2. Issue / Failure / Problem that occurred
  3. How you / your team remedied the situation
  4. Lessons learned – “Monday morning quarterback” “hindsight 20/20” what controls are in place to prevent it / is it preventable in the future?
Please let me know if you have any questions.


Jonathan Rajewski – Computer & Digital Forensic Professor – Recognized as one of the nations "Best 300 Professors" by The Princeton Review

Jon Rajewski award, champlain college, computer forensics, in the news

rajewski professor computer digital forensic princeton review best“It’s all about the students” – This was my answer to the question “Why do you teach?” posed to me few weeks ago by an industry professional. Preparing students for their future careers in the digital forensic / incident response / cyber security industries is something that I really enjoy. It’s also one ways I can contribute to the cyber security / computer forensic / incident response industries. Granted, I still practice digital forensics with Vermont local/state/federal law enforcement and at the Senator Patrick Leahy Center for Digital Investigation but my primary position is to teach. And for the record – for those that I haven’t met in person, I’m not your stereotypical “ivory tower academic” by any means.

In order for students to really get passionate about something, they need to feel that passion from the professors teaching the courses. This is one of my secrets of success – “Do what you love and to the best of your ability and everything will take care of itself”. As a computer forensic professor at Champlain College I’m given the opportunity to mold the minds of the future cyber worriers. The college has allowed me to rewrite most of the undergraduate curriculum to keep standards high, while allowing for cutting edge material to be incorporated into lectures and hands on activities.

On April 3, 2012 the Princeton Review’s Best 300 Professor list was released. I’m very honored to say that I was included on this list as the only Digital Forensic Professor. Needless to say I know there are many (many) excellent professors teaching this area, which is why I’m hoping to see more recognized in the next cycle. For the past five years teaching in higher education I’ve learned a lot from industry experts, students, colleagues including faculty here at Champlain College and others who I collaborate with from across the world. I hope only to continue to help students and others by continuing to collaborate in the future.

rajewski professor computer digital forensic princeton review best
Best 300 Professors Book Cover

Below is what is included as my profile in the The Best 300 Professors book:

Digital Forensics
Jonathan Rajewski, MS, CCE, EnCe, CISSP, CFE
Assistant Professor of Digital Forensics, Champlain College 

“Through our faculty’s ongoing connections to and work with local law enforcement and the digital forensics industry, we’re able to bring the current trends of digital forensics—all those rapid evolutions that are happening outside in the field—into the classroom every day,” says Jonathan Rajewski, an assistant professor of digital forensics at Champlain College in Burlington, Vermont. “And students here are benefitting tremendously from that experience.”


Previously employed as a senior consultant for a global consulting firm where he travelled the world conducting and managing digital forensics investigations, professor Rajewski is not only a faculty member at Champlain, but he is also the co-director/principle investigator of the Champlain College Center for Digital Investigation (C3DI) and an examiner for the Vermont Internet Crimes Against Children Task Force. Recently named the “Digital Forensic Investigator of the Year” by Forensic 4cast, professor Rajewski is as passionate about teaching and empowering students to become leading-edge digital forensics professionals as he is about the exiting work of digital forensics itself.

Despite the relative complexity and unfamiliarity of most people with the field, professor Rajewski is committed to giving his students a complete education in digital forensics from the ground up. “Incoming students don’t need to be ‘techie’-type people,” says professor Rajewski, “they need to be people who love to learn and apply knowledge. So you don’t need to come in as computer expert to be hugely successful in this program—our first-year foundational courses give you all the grounding you need.” His students agree, saying through his classes, “you will NEVER be confused.”

Students also report that professor Rajewski “cares about what we think of the class and makes changes accordingly,” and he “goes the extra mile to make sure you understand the information being presented.” Very technical topics are broken down into laymen terms, followed by him showing the class “how it actually applies to the subject.” He also gives real-time demonstrations when someone asks a question, then has the students apply that topic to a hands-on activity. “This method reaches all learning styles: visual, auditory and kinesthetic learners,” professor Rajewski says. 

Through this detailed, hands-on approach to learning, his students gain mastery-level understanding of the subject matter. “I want students to become experts,” says professor Rajewski. “The Champlain digital forensics curriculum has been built around what the industry needs. We polled the industry and studied job descriptions to find out what skills the industry is requiring for certain positions in the field, and we’ve created courses to match those needs.” This industry-based curriculum has been highly successful for students and grads alike: last year, recruiters from major consulting firms and government agencies came to Champlain College for the express purpose of interviewing Champlain’s digital forensics majors for summer internships and full-time positions—a high percentage of students were hired as a result of those meetings. “It’s really impressive that the employers come to us seeking out our students,” says professor Rajewski.

Professor Rajewski says that in addition to the depth of forensics course offerings, digital forensic majors get unparalleled experience in the Champlain College Center for Digital Investigations(C3DI) working in a real digital forensics investigation lab. “What our students become capable of doing is tremendous,” he says. “A big part of that is the experiences they have working in C3DI conducting the digital forensics research that helps local law enforcement solve actual cases. It’s also an amazing resume builder.”

Professors Rajewski’s teaching style is as hands-on as his students’ educational experience in Champlain’s digital forensics. program. Each course is presented differently, and Professor Rajewski tends to draw from experience and tell stories about why the
discussion topic is important for the students to understand. By their senior year, students are well prepared to take the Capstone course in which they conduct research into a ‘new’ technology and create a presentation and report of how they would forensically analyze a device or Internet service. “This year, many of our students conducted research that hasn’t been done before, making new discoveries—a number of papers they wrote have a high probability of being published in digital forensic industry publications,” professor Rajewski reports. “Now, that’s truly impressive.”

It’s all about the results with professor Rajewski. And, he’s proud of what his current and former students have achieved already. “Our students come from all over the world,” he says. “And we’ve seen them land positions with local law enforcement, the federal government, the Department of Homeland security and other Department of Defense agencies as well as government contractors and consulting firms from across the country.”

Five other Champlain College professors were recognized in the book. Here is a list of names and links to their college profiles:

  • Eric Ronis: http://www.champlain.edu/directory/ronis-eric.html
  • Alan Stracke: http://www.champlain.edu/directory/stracke-alan.html
  • John Rogate: http://www.champlain.edu/directory/rogate-john.html
  • J.C. Ellefson: http://www.champlain.edu/directory/ellefson-j.html
  • Janice Gohm Webster: http://www.champlain.edu/directory/gohm-webster-janice.html
Here are some links to more of the press on this project:
http://www.princetonreview.com/best-professors-press-release.aspx
http://blogs.burlingtonfreepress.com/highered/2012/04/03/the-best-professors-in-vermont/
http://www.champlain.edu/news-and-events/news/best-300-professors.html

Capstone Update

Jon Rajewski champlain college, computer forensics, SP2012Capstone

The end is near… Only a nine more days until this year’s Champlain College computer forensic senior capstone projects are due. In the past few weeks however, some of them have modified and/or completely changed their projects. The good news is, they are all diligently working on something that is relevant to what they plan on doing after graduation. The reasons for the last minute changes are actually very normal – students discovered that their original plan or research needed to change.

John Pile – Game Programming Professor @ Champlain College

This year, instead of the traditional poster session – Champlain College’s John Pile is hosting our first ever technology conference where any Information Technology student can submit a project to present on. More on this in the coming weeks. We are so happy to be able to showcase the work of our students 🙂