Jonathan Rajewski appeared on Vermont Public Radio

Jon Rajewski cybercrime, in the news

On March 22, 2012, I appeared as a guest on Vermont Public Radio’s Vermont Edition – “Vermont’s Been Hacked” program. Also being interviewed was Dr. Peter Stephenson, the Director of the Norwich University Advanced Computing Center.

We were interviewed for approximately 46 minutes on topics surrounding Hacking, Cyber Security, Cyber Terrorism and Hacktivism. You can listen to the interview on the web here. You can also download the mp3 file here.

rajewski hacking forensic vpr hacktivism
Vermont Public Radio Station – Where the interview took place

Now that its been a day and I’ve had time to reflect on the experience I must say live radio interviews are nerve-racking. However, being in the room with host Mitch Wertlieb and speaking to producer Ric Cengeri before the show definitely made things easier. It was also a great help to have an esteemed colleague on the phone (Dr. Stephenson) to help field the questions from listeners calls/emails.

Anti-Forensics and Network Forensics – Course Update

Jon Rajewski champlain college, SP2012FOR270

So I’ve been very busy doing work, but wanted to spend a few minutes updating this course’s blog.

To date we’ve covered the following:

  1. Metasploit – Slacker/Transmogrify and Temporal data manipulation / and detecting it
  2. Digital Darkroom technologies – manipulation of digital media and detection
  3. Digitalization of data – digital/analog conversion etc
  4. Cryptography Cryptanalysis – learning how encryption / decryption works.
Photo adopted from http://bit.ly/FPSoIv

Each and every lecture has a hands-on / immersive component. I really want students to understand the core foundational knowledge and then have the ability to apply the concepts in the course. A lot of what we do in the classroom is built on a real-world scenario where students, who are multi-disciplinary in nature, work on figuring out the problems.

In the next few weeks we will be covering Steganography / Steganalysis and Network Forensics.

The final project, which is typical to my other classes, involves a major project focusing on proving to me that the students mastered the topics. More to come on the details later.

I wanted to include a sample lecture from a class that I did last week. All you will see here are the slides but please feel free to ask questions in the comments area. Also any suggestions are welcome.

Twitter – A Phishers/Spammers dream

Jon Rajewski social media

My topic of discussion this morning is “Why are Phishers/Spammers easily using Twitter?”

Twitter has it’s benefits, especially for circles of practitioners like the Digital Forensic / Incident Response (hashtag #DFIR) in that we can quickly collaborate in near real time. Apps have been built for multiple platforms (Android/Iphone/Mac/PC etc).

A quick aside: Twitter has taken the commerce arena by storm. Many marketing groups around the world are using Twitter to make informed decisions and to interact with customers.

Gatorade Social Media Command Center

Here is today’s scenario 

This morning I was researching treadmills. I’m a marathon runner that doesn’t like to train outside when there is ice on the ground. In my research process I decided to look to my good friend, Twitter. What I learned is when one attempts to research Twitter for something outside of their trusted feed – for example a NordicTrack treadmill I was presented with a voluminous amounts of posts from what I would consider Phishing / Spamming accounts. 

I see a lot from Twitter on the reactive side of the house. Users can report Spam and block user accounts that they believe to be malicious, but there is little done to prevent the Phish / Spamming accounts from being created in the first place.

This is how you can report an alleged Spammer

That all said and done, I would like to fast forward to a potential solution because this can easily get into a “book long caliber” blog post:

  1. We’ve seen this movie before. One could compare this issue to when malware would automatically create hundreds of Hotmail email accounts to send spam from. Microsoft’s initial response to this was to use Captcha to help thwart off non-human-actual-person account creations. There are many groups doing research into hindering spam accounts on social media sites. Twitter should adopt a more robust account creation process. This will help prevent or hinder the Phish / Spamming accounts from being created in the first place. Currently all one needs to create an account is a valid email address that is able to receive an email so a validation link can be clicked. 
Thank you for reading this. Again, this is a Friday morning, 15 minute blog post on a topic I doubt I have any influence over. But if you know me then you know I like to try to provide solutions and options to make things better. Also if you have any treadmill recommendations please let me know 🙂
Happy Friday 🙂

cstick Cotton Candy – Another device for forensics to consider

Jon Rajewski computer forensics

We’ve all seen USB boot devices running our favorite Linux distros, but what about a standalone device that looks like a normal thumb drive that’s actually a standalone computer?
Meet the csstick Cotton Candy. This device can run Android 4.0 Ice Cream Sandwich/Ubuntu operating systems and can be connected to anything with a HDMI input (TV/monitor etc) and have the ability to connect to wireless /Bluetooth. 

The Cotton Candy – Many colors to choose from

This means a lot for digital forensic investigators tasked with searching for evidence. Not only do we need to find this physical device, but we might need to examine atypical devices such as televisions or home theater equipment for evidence of this device being connected/used.

Here are the details and specifications for the csstick Cotton Candy website

  • Provide consumer-friendly access to the Cloud
  • Accelerate the adoption of “smart screens”
  • Extend the life of consumer hardware like laptops, monitors, TVs, set top boxes, tablets and more by accessing the latest OS, software and apps.
  • Provide a consistent experience across all screens
  • Create a single point of content storage.
  • Consolidation and organization of personal digital content.
  • Share media from mobile devices on large screens and projectors – videos, movies, photos, games and more.
  • Drive down the cost of computing, allowing more people to have a personal, secure computer.

Software Android 4.0 Ice Cream Sandwich
Ubuntu Linux for ARM
CPU and Memory ARM Cortex A9@1.2GHz
Quad Core ARM Mali-400MP Graphics Processing Unit
1GB DRAM
Up to 64GB memory local storage (microSD)
Media support and Connectivity 480p/720p/1080p decode of MPEG4-SP/H.263/H.264 AVC/MPEG-2/VC1
MP3, AAC, AAC+, Real Audio
JPG, GIF, BMP, PNG
Additional video, audio and image formats can be supported through 3rd party codecs

USB 2.0 male connector for power and connection to devices that supports USB mass storage
HDMI 1.3 Connector with audio
Wifi 802.11b/g/n
Bluetooth 2.1 + EDR

DFIRonline Crypto Presentation Reflection

Jon Rajewski cryptology, DFIR

First off, I want to thank Mike Wilkinson for asking me to present at the February 2012 DFIROnline videocast. The presentation topic was “A hands on (pen/paper) exercise in basic cryptology and cryptanalysis”. We had about 45 people in attendance. The session was interactive and my goal was to really help people appreciate the art of manual ciphertext decryption.

Kryptos – Discussed in the presentation – You can purchase your own here

In hindsight I wish I spent some more development time on this presentation. My current day job duties, spending time with my pregnant wife and training for a marathon left me with about 3 hours to prepare. I think the presentation went well, I just think I could have possibly made it a bit more animated. Cryptology is a very important skill for digital forensic / incident response practitioners to possess.

If you’re interested in viewing this video please view the below:

I did get some great feedback from one of the attendees pointing out some recently declassified documents from the National Security Agency relating to the “renowned mathematician Dr. John Nash wrote a series of letters to NSA in the 1950s proposing a new encryptiondecryption machine. Copies of his letters are on display at the National Cryptologic Museum.”
Here is a screenshot from the released documents.
Here is an abbreviated list of books to read if you’re still interested in cryptology 🙂

Series Introduction – Senior Capstone

Jon Rajewski SP2012Capstone

digital computer forensics is a science jonathan rajewski

Senior Capstone class is a course where students are expected to research into a new or emerging technology topic related to digital forensics. We also ask students to reflect on their general education (we call it the CORE) and provide context to their work.

Video – Champlain College Computer Forensic Professor Jonathan Rajewski and Senior Student Jason Hall on WCAX (CBS Affiliate)

Jon Rajewski DFIR, hands on, in the news, Senator Leahy Center for Digital Investigation

                                                                        

BURLINGTON, Vt.-
Digital data from devices that use it often makes up the modern fingerprints of today’s most devious criminals.

Digital forensics– finding those digital fingerprints– is a growing profession, as companies seek to stop misuse of their digital information and law enforcement aims to stop whoever may be using that technology for illegal activity.
Jonathan T. Rajewski is co-director of Champlain College’s Center for Digital Forensics. Jason Hall is a senior studying at Champlain. They appeared on The :30 to talk about the growing profession.

For more, watch the video from The :30.


http://www.wcax.com/global/video.asp?autoStart=true&topVideoCatNo=default&clipId=6727695

 
* Blog post adopted from Champlain College News 

Jonathan Rajewski to appear on WCAX (CBS Affiliate) tonight

Jon Rajewski champlain college, DFIR, Senator Leahy Center for Digital Investigation

I’m very excited to be featured on WCAX’s “The :30” tonight – the show time is scheduled to begin at 5:30PM. I will be accompanied by Jason Hall – a Champlain College Senior Computer / Digital Forensic Student. I’ve worked with Jason for the past few years as a professor and more recently as the Director at the Senator Leahy Center for Digital Investigation. I’m really looking forward to sharing with the world the amazing things our students are doing for our community. Please feel tune in!

54% of Computer / Digital Forensic Seniors at Champlain College Have Job Offers 6 Months Before Graduation

Jon Rajewski champlain college

In January 2012, when I polled the current computer forensic undergraduate senior class I was very happy to learn that 54% of them had standing job offers. This is a true testament of their hard work and dedication as well as Champlain College’s commitment to offering a career focused education. With an amazing Career Service team and other groups on campus helping students navigate the volatile waters of finding internships and employment, I look forward to seeing how we end up this year.

"Wait, I just found my password"

Jon Rajewski cryptology, curriculum, hands on, SP2012FOR260

In today’s Digital Forensic Tool Evaluation class we were using FTK Imager. I walked the class through the fundamentals and then through some of advanced features. I was very happy with the questions I was getting – this really shows that the students were “getting it”.

That said I wanted to share a fun story from class – When I demonstrated how to dump RAM, the students, who were all Sophomore computer forensic majors, were very excited to use a tool that can so easily gather volatile memory. Dumping all 16GB of RAM from the lab computers took about 5-10 minutes. During this time we discussed the types of artifacts you could uncover from RAM. Considering this is a tools focused class we really don’t get into forensic methodology or analysis techniques but this case we deviated from the normal course plan.

As soon as the RAM dump was complete, we added the memory file into FTK Imager and started string searches. I instructed the students to search for their last name – and all of them were able to find a string that was responsive.. Then it happened – “Hey Professor Rajewski, I just found my password” – And I then smiled at the students and said, “welcome to the fun world of digital forensics”. It was amazing as a Professor to allow the students to explore their first RAM dump and just “find things”. I then gave a brief impromptu lecture on why you would find plaintext passwords in RAM and how it could be a security risk etc. I also connected in the new Passware product and which is related to the concept of cold boot (Lest We Remember: Cold Boot Attacks on Encryption Keys) plus knowing how to directly access ram from FireWire. The cool part is – what Passware is doing is old news to seasoned forensicators – however – it’s  extremely innovative – they bundled up rather complicated process into a nice solution that any digital forensic / incident response professional with some training could accomplish. 

Students left this class very excited and some of them even said they “feel like they need to change their password”. Most of them are taking my Anti-Forensics and Network Forensics course and we will be discussing cryptology in the next few weeks. During this section we will revisit the concept of exploiting RAM for user credentials/full volume encryption keys etc.