Application Forensics Update 2

Introduction

Over the past fifteen weeks, the App Forensics team investigated several pieces of mainstream monitoring software. We are now focusing on new software, getting it operational, and investigating its internal workings. Examining how the software interacts with the device is central to our larger motive of understanding the programs. For example if they’re safe, and what a company can access.

Progress

The App Forensics team is working hard on investigating the newest monitoring software, FlexiSpy. We are currently combing through data pulled from a tablet with the software and comparing it to a normal tablet that did not have the software installed. By doing this, we hope to find specific changes and additions made by the software that clues us into the program’s operations. In addition to this our team has also performed several network captures of data transferred to and from the tablets. This shows us which servers the software is talking to and what it’s sending and receiving.  

Conclusion

Once we go through the data, we should be able to get a good handle on what the software is doing. We will continue to analyze the data collected from the tablets and look for changes and behaviors in the tablets to better understand what the software is changing.  Moving forward, we will compare the data we generate on this software to the others we analyzed and draw conclusions about what they have in common.

Stay tuned for more updates to come and follow us on Twitter @ChampForensics, Instagram @ChampForensics, and Facebook @ChamplainLCDI.