Author Archives: Madeline Bell

Finding Pirate’s Bounty with IEF

After the long process of generating data through each VM, we used Magnet Forensics’ Internet Evidence Finder to view each browser’s artifacts. For this part of the project, we were able to see how Pirate Browser borrows its features from Portable and Firefox 23.   For Firefox Portable, we tested two images: one of the […]

Continue reading
Explaining the LCDI at parent weekend

Family Weekend at LCDI

Each year, Champlain College holds a Family Weekend in honor of the families of the students who attend the college. To commemorate this annual event, the Leahy Center for Digital Investigation set up tours midday Saturday to show curious parents what students do at the LCDI, where everything is, and provide some insight on how […]

Continue reading
Cloud in a blue sky

Flying High with Cloud Forensics: Part 3

What is the Cloud?   Cloud computing is a growing and emerging model that enables convenient, on-demand access to computing resources, applications, storage, and services. Cloud forensics has more complications than traditional computer forensics. With Cloud forensics, the Cloud service provider becomes a part of the process when it comes to handling legal issues, such as […]

Continue reading
EnCase App Central light blue background

Investigating with the EnCase App

In digital investigations, EnCase is the go-to tool. As Brian Carrier says in his book File System Forensic Analysis, “there are no official numbers on the topic, but it is generally accepted that EnCase is the most widely used computer investigation software.” [ Carrier, Brian. File System Forensic Analysis. Upper Saddle River, NJ [u.a.: Addison-Wesley, 2011. Print.] EnCase is a valid tool for digital investigations, contributing to its popularity. EnCase is a great tool that recently became even more powerful. Continue reading

Destroying data and hard drives

Data Destruction Forensics

Usually we receive data carefully preserved by investigators here at the LCDI; however, receiving intact data is not always possible. In many forensic investigations, data is destroyed or damaged because of an individual trying to hide or destroy the data through various means (such as throwing the hard drive into the lake or smashing the […]

Continue reading

Introducing Plaso

LCDI logo_large

Timeline analysis offers the ability to look at an entire case as a sequential list. The Senator Patrick Leahy Center for Digital Investigation (LCDI) has focused a number of research projects on timeline analysis. This past summer, the LCDI researched the tools associated with timeline creation (insert blog link here) and their specific features. Log2Timeline, written by Kristinn Gudjonsson, has received a lot of praise in the digital forensics community. Recently, Kristinn has ventured to a new project named Plaso. Continue reading

Wickr logo

Working with Wickr

Introduction This project is based on research we are conducting on Wickr, an integrated text messaging application supported by IOS devices. Wickr claims to provide its users with: The power to send the message to specific people with a destruction time of the message A high amount of encryption (AES256, ECDH521, RSA40961) to provide security […]

Continue reading

Pirate Browser Introduction

pirateOne of LCDI’s new projects for this semester is the exploration of The Pirate Bay’s new browser, which aims to circumvent internet censorship.  The goal of our research is to find out what browser artifacts are left behind when using the Pirate Browser.

It was important to first understand as much as we could about the browser itself and what makes it unique.   The official description of the browser onpiratebrowser.com reads as:

PirateBrowser is a bundle package of the Tor client (Vidalia)FireFox Portable browser (with foxyproxy addon) and some custom configs that allows you to circumvent censorship that certain countries such as Iran, North Korea, United Kingdom, The Netherlands, Belgium, Finland, Denmark, Italy and Ireland impose onto their citizens.”

Continue reading

New Case Studies

case-studiesOver the summer, the LCDI had several students working on a whole range of projects. These included studies on routers, which can be critical in criminal investigations, Android phone forensics, and also access points and how they can be used to evaluate criminal activity.

There were even a few detailed tutorials made, with “how-to’s” on Router Marshal Version 1.0.1 and using Log2Timeline with TAPEWORM.

We are very excited to to show the results of all their hard work on the website!

To see the new studies, follow the link: New Case Studies

Cloud in a blue sky

Flying High with Cloud Forensics: Part 2

Since our last blog we have finished gathering data for Google Drive, SkyDrive, and Dropbox. So far we have only analyzed Dropbox and SkyDrive artifacts. Initially we had several hundred thousand results to comb through. Dropbox totaled 193,059 events; SkyDrive totaled 295,037 events; Google Drive totaled 270,107 results. In the end, we were able to narrow them down to only a few hundred artifacts that were definitely related to Dropbox and SkyDrive. Continue reading