This document provides an overview of an Internet of Things forensics training session. It discusses examining various IoT devices including Amazon Echo, Samsung SmartCam, Samsung SmartThings, Wink hub, and Nest products. Forensic artifacts that could be extracted from these devices are described, such as WiFi SSIDs, account information, interactions with voice assistants, videos, and activity logs. The document concludes with a hands-on scenario asking attendees to analyze data from IoT devices installed at a facility to determine what occurred.
This document discusses how Google can be used to find confidential information and vulnerabilities on the internet. It provides examples of Google search queries that can locate sensitive data like personal details, system configurations, and error messages containing passwords. The author advises administrators to regularly patch systems and remove unnecessary details from public pages to prevent exposing vulnerabilities.
The document discusses how to use Google searches and operators to find sensitive information that could be useful for hackers. Some key points discussed include using intitle and inurl operators to find login portals and server configuration files containing passwords. Examples are given of searches to find passwords, credit card numbers, software serial numbers, and even live video feeds from unsecured cameras. The document warns that exploiting any found vulnerabilities would be unethical.
The document discusses Yahoo's open strategy and use of YQL (Yahoo Query Language) to access Yahoo and external data through a SQL-like syntax. It provides code samples for using YQL to retrieve Flickr photo data via 2-legged and 3-legged OAuth authentication with PHP.
Connecting to the Pulse of the Planet with the Twitter PlatformAndy Piper
How the Twitter Web, Data and Mobile platforms enable developers to connect to the real-time pulse of the planet.
Talk given at the PHP Hampshire meetup in Portsmouth, December 2014
The Google Hacking Database: A Key Resource to Exposing VulnerabilitiesTechWell
We all know the power of Google—or do we? Two types of people use Google: normal users like you and me, and the not-so-normal users—the hackers. What types of information can hackers collect from Google? How severe is the damage they can cause? Is there a way to circumvent this hacking? As a security tester, Kiran Karnad uses the GHDB (Google Hacking Database) to ensure their product will not be the next target for hackers. Kiran describes how to effectively use Google the way hackers do, using advanced operators, locating exploits and finding targets, network mapping, finding user names and passwords, and other secret stuff. Kiran provides a recipe of five simple security searches that work. Learn how to automate the Google Hacking Database using Python so security tests can be incorporated as a part of the SDLC for the next product you develop.
The presentation discusses design patterns for ontologies in IoT. It proposes using ontologies to influence software engineering practices for IoT, leverage semantics, and foster reuse. Ontology-based design patterns can provide logic, architectural patterns, usability features, and enable simulation/testing. The presentation provides examples of how ontologies can help with issues like sensor provenance, privacy, standards integration, and forensic analysis of IoT data. It argues that ontologies are important to automate reasoning about IoT data and empower domain experts.
The Internet of Things (IoT) comes with great possibilities as well as major security and privacy issues. Although digital forensics has long been studied in both academia and industry, mobility forensics is relatively new and unexplored. Mobility forensics deals with tools and techniques that work towards forensically sound recovery of data and evidence from mobile devices [1]. In this paper, we explore mobility forensics in the context of IoT. This paper discusses the data collection and classification process from IoT smart home devices in details. It also contains attack scenario based analysis of collected data and a proposed mobility forensics model that fits into such scenarios.
Cite: K. M. S. Rahman, M. Bishop, and A. Holt, “Internet of Things Mobility Forensics,” INSuRE Conference, 2016.
This document discusses how Google can be used to find confidential information and vulnerabilities on the internet. It provides examples of Google search queries that can locate sensitive data like personal details, system configurations, and error messages containing passwords. The author advises administrators to regularly patch systems and remove unnecessary details from public pages to prevent exposing vulnerabilities.
The document discusses how to use Google searches and operators to find sensitive information that could be useful for hackers. Some key points discussed include using intitle and inurl operators to find login portals and server configuration files containing passwords. Examples are given of searches to find passwords, credit card numbers, software serial numbers, and even live video feeds from unsecured cameras. The document warns that exploiting any found vulnerabilities would be unethical.
The document discusses Yahoo's open strategy and use of YQL (Yahoo Query Language) to access Yahoo and external data through a SQL-like syntax. It provides code samples for using YQL to retrieve Flickr photo data via 2-legged and 3-legged OAuth authentication with PHP.
Connecting to the Pulse of the Planet with the Twitter PlatformAndy Piper
How the Twitter Web, Data and Mobile platforms enable developers to connect to the real-time pulse of the planet.
Talk given at the PHP Hampshire meetup in Portsmouth, December 2014
The Google Hacking Database: A Key Resource to Exposing VulnerabilitiesTechWell
We all know the power of Google—or do we? Two types of people use Google: normal users like you and me, and the not-so-normal users—the hackers. What types of information can hackers collect from Google? How severe is the damage they can cause? Is there a way to circumvent this hacking? As a security tester, Kiran Karnad uses the GHDB (Google Hacking Database) to ensure their product will not be the next target for hackers. Kiran describes how to effectively use Google the way hackers do, using advanced operators, locating exploits and finding targets, network mapping, finding user names and passwords, and other secret stuff. Kiran provides a recipe of five simple security searches that work. Learn how to automate the Google Hacking Database using Python so security tests can be incorporated as a part of the SDLC for the next product you develop.
The presentation discusses design patterns for ontologies in IoT. It proposes using ontologies to influence software engineering practices for IoT, leverage semantics, and foster reuse. Ontology-based design patterns can provide logic, architectural patterns, usability features, and enable simulation/testing. The presentation provides examples of how ontologies can help with issues like sensor provenance, privacy, standards integration, and forensic analysis of IoT data. It argues that ontologies are important to automate reasoning about IoT data and empower domain experts.
The Internet of Things (IoT) comes with great possibilities as well as major security and privacy issues. Although digital forensics has long been studied in both academia and industry, mobility forensics is relatively new and unexplored. Mobility forensics deals with tools and techniques that work towards forensically sound recovery of data and evidence from mobile devices [1]. In this paper, we explore mobility forensics in the context of IoT. This paper discusses the data collection and classification process from IoT smart home devices in details. It also contains attack scenario based analysis of collected data and a proposed mobility forensics model that fits into such scenarios.
Cite: K. M. S. Rahman, M. Bishop, and A. Holt, “Internet of Things Mobility Forensics,” INSuRE Conference, 2016.
All your family secrets belong to us—Worrisome security issues in tracker appsPriyanka Aash
The document discusses vulnerabilities found in mobile tracking apps. It begins by providing background on the presenters and their security research work. It then describes how tracking apps work by having an observer monitor a monitored person's location and activities. Several client-side vulnerabilities are shown, including how premium features can be enabled without paying and how authentication can be bypassed. Communication between the app and server is also vulnerable to man-in-the-middle attacks if encryption and authentication are not implemented properly. This exposes sensitive user data to unauthorized access.
Anatomy of Java Vulnerabilities - NLJug 2018Steve Poole
Java is everywhere. According to Oracle it’s on 3 billion devices and counting.
We also know that Java is one of the most popular vehicles for delivering malware. But that’s just the plugin right? Well maybe not. Java on the server can be just at risk as the client.
In this talk we’ll cover all aspects of Java Vulnerabilities. We’ll explain why Java has this dubious reputation, what’s being done to address the issues and what you have to do to reduce your exposure. You’ll learn about Java vulnerabilities in general: how they are reported, managed and fixed as well as learning about the specifics of attack vectors and just what a ‘vulnerability’ actually is. With the continuing increase in cybercrime it’s time you knew how to defend your code. With examples and code this talk will help you become more effective in reducing security issues in Java.
Unraveling Ebola One Tweet at a Time: Dynamic Network Analysis of an Ebola-Re...Paragon_Science_Inc
A sample of 2.5M tweets mentioning "Ebola" was collected during November 5-12, 2014. The titles of the 6227 web pages referenced by the tweets were used to cluster the web pages into roughly 100 topics. Then Paragon Science's patented dynamic anomaly detection software (http://www.paragonscience.com/intellectual_property.htm) then identified the top five most-anomalous topics. This research demonstrates how these techniques allow us to focus attention quickly on viral, emerging topics. A video showing an animation of those anomalous topics and the key related web pages for every hour of that week in November 2014 is available at https://www.youtube.com/watch?v=AEQ02hv4Xjw.
In this talk we’ll cover all aspects of Java Vulnerabilities. We’ll explain why Java has this dubious reputation, what’s being done to address the issues and what you have to do to reduce your exposure. You’ll learn about Java vulnerabilities in general: how they are reported, managed and fixed as well as learning about the specifics of attack vectors and just what a ‘vulnerability’ actually is.
Burning Down the Haystack to Find the Needle: Security Analytics in ActionJosh Sokol
This document discusses security analytics and how analyzing data from multiple security tools can provide greater visibility into threats. It introduces Josh Sokol and Walter Johnson who will discuss how security tools often work in silos and how an ecosystem where they can share data can help answer questions like whether a system is under attack. Network flow data is described as important "glue" that can tie events together to illustrate attack progressions.
The document discusses using honeypots for network security analysis. It begins with background on honeypots, explaining that they are decoy systems meant to attract cyber attacks. The document then discusses threat intelligence gathered from a honeypot including unique source IPs, attacked ports, downloaded scripts and their origins, and affected internal IPs. It notes the top devices targeted were outdated routers and IP cameras. The document concludes with discussing internal analysis and challenges convincing a client they have an issue after honeypot alerts.
Nowadays REST APIs are behind each mobile and nearly all of web applications. As such they bring a wide range of possibilities in cases of communication and integration with given system. But with great power comes great responsibility. This talk aims to provide general guidance related do API security assessment and covers common API vulnerabilities. We will look at an API interface from the perspective of potential attacker.
I will show:
how to find hidden API interfaces
ways to detect available methods and parameters
fuzzing and pentesting techniques for API calls
typical problems
I will share several interesting cases from public bug bounty reports and personal experience, for example:
* how I got various credentials with one API call
* how to cause DoS by running Garbage Collector from API
Linked Data and Search: Thomas Steiner (Google Inc, Germany)FIA2010
- Google is working to make sense of data on the web by structuring it using formats like Microdata, RDFa, and Microformats. This allows them to display rich snippets for certain types of information like reviews, events, recipes, and people.
- The use of structured data on websites is growing, with over 40,000 sites using Microformats and over 2,500 using RDFa. This enables richer snippets in Google search results.
- Google envisions even richer snippets in the future that integrate user social graph data or multimedia semantics to provide more context and direct comparisons.
Collabnix Community conduct webinar on regular basis. Swapnasagar Pradhan, an engineer from VISA delivered a talk on Traefik this January 11th 2020. Check this out.
Rishi Malik - How to write insecure software: It's easier then you think!Rishi Malik
Rishi Malik gave a talk on how to write insecure software. He discussed major security breaches like Equifax that compromised personal data. Malik showed how easy it is to exploit vulnerabilities like remote code execution. He emphasized the importance of security best practices like automated patching, code reviews, and threat modeling based on the type of application and data. The talk demonstrated common vulnerabilities in web applications and dependencies to help engineers avoid mistakes.
The document discusses Amazon Alexa and voice technology. It provides an overview of Alexa's history from the 1970s to present, describes how Alexa works and how skills are developed for Alexa. It also discusses the growth of Alexa and voice assistants, and examples of how voice assistants may be used in the future for applications like smart home control and business productivity.
This document summarizes the key details of the price drop alert service Cheapass.in, which was launched in June 2014. It currently has over 5,000 active users tracking more than 30,000 products. On average, it generates a 4.85% commission from retailers. The founder discusses several lessons learned around building software at scale, including issues with dynamic module loading, updating nested arrays in databases, pulling large amounts of data into memory, spawning external processes, relying on third party systems, and more. He also covers strategies for user growth, like incentivizing user referrals and prioritizing shipping minimal viable products over perfection.
Building machine learning systems remains something of an art, from gathering and transforming the right data to selecting and finetuning the most fitting modeling techniques. If we want to make machine learning more accessible and foster skilfull use, we need novel ways to share and reuse findings, and streamline online collaboration. OpenML is an open science platform for machine learning, allowing anyone to easily share data sets, code, and experiments, and collaborate with people all over the world to build better models. It shows, for any known data set, which are the best models, who built them, and how to reproduce and reuse them in different ways. It is readily integrated into several machine learning environments, so that you can share results with the touch of a button or a line of code. As such, it enables large-scale, real-time collaboration, allowing anyone to explore, build on, and contribute to the combined knowledge of the field. Ultimately, this provides a wealth of information for a novel, data-driven approach to machine learning, where we learn from millions of previous experiments to either assist people while analyzing data (e.g., which modeling techniques will likely work well and why), or automate the process altogether.
MongoDB World 2019: DIY Glucose Monitoring with Open Source, MongoDB, and GCPMongoDB
Monitoring daily glucose is a hobby for some and a necessary life skill for others. In this talk, I will give a quick tutorial on continuous glucose monitoring solutions for yourself using GCP free tier, Atlas free tier, and open source software. We'll also spend a bit of time talking about mobile solutions in this space, and alerting with Stitch.
The document discusses open source, shareware, and freeware software. It defines each term and explains their differences, particularly regarding access to source code and ability to modify. It also summarizes key benefits of open source like reliability, stability, and cost benefits. Common misconceptions about open source are addressed. The document provides an overview of areas to consider when adopting open source in schools, such as using it first for backend systems before moving to other areas like course management, productivity software, and operating systems.
Your adversaries continue to attack and get into companies. You can no longer rely on alerts from point solutions alone to secure your network. To identify and mitigate these advanced threats, analysts must become proactive in identifying not just indicators, but attack patterns and behavior. In this workshop we will walk through a hands-on exercise with a real world attack scenario. The workshop will illustrate how advanced correlations from multiple data sources and machine learning can enhance security analysts capability to detect and quickly mitigate advanced attacks.
Your adversaries continue to attack and get into companies. You can no longer rely on alerts from point solutions alone to secure your network. To identify and mitigate these advanced threats, analysts must become proactive in identifying not just indicators, but attack patterns and behavior. In this workshop we will walk through a hands-on exercise with a real world attack scenario. The workshop will illustrate how advanced correlations from multiple data sources and machine learning can enhance security analysts capability to detect and quickly mitigate advanced attacks.
Nicolas Grenie's presentation from HTML5 Dev Conf. 2014:
There is currently a major shift sweeping over the software industry. With each passing day the world is becoming more and more API-driven. When building an API there are many design options and Hypermedia is the new emerging way of designing APIs. Hypermedia APIs are widely used by companies such as Paypal and Amazon. In this session I will discuss the principles of Hypermedia APIs and the different ways to implement one in Node.js. I will first introduce you to a basic implementation using Express and then move on to a more advanced solution using a dedicated framework: Fortune.js. I will also share my experience of building APIbunny (http://apibunny.com), an API-driven easter game.
SXSW2018 - Designing & Building for a Data Science FutureDan Chuparkoff
Data science, machine learning, and neural nets are changing the way people make decisions. Regardless of your industry, the future of your business depends on the power of these technologies. This talk breaks data science down into simple terms that we can all understand and shows you how to design and build great products that drive exponential growth. It's time to leverage the power of algorithms, build innovative products, & drive customer excitement! This talk will show you how.
More Related Content
Similar to Enfuse_2016_Internet_of Things_Rajewski
All your family secrets belong to us—Worrisome security issues in tracker appsPriyanka Aash
The document discusses vulnerabilities found in mobile tracking apps. It begins by providing background on the presenters and their security research work. It then describes how tracking apps work by having an observer monitor a monitored person's location and activities. Several client-side vulnerabilities are shown, including how premium features can be enabled without paying and how authentication can be bypassed. Communication between the app and server is also vulnerable to man-in-the-middle attacks if encryption and authentication are not implemented properly. This exposes sensitive user data to unauthorized access.
Anatomy of Java Vulnerabilities - NLJug 2018Steve Poole
Java is everywhere. According to Oracle it’s on 3 billion devices and counting.
We also know that Java is one of the most popular vehicles for delivering malware. But that’s just the plugin right? Well maybe not. Java on the server can be just at risk as the client.
In this talk we’ll cover all aspects of Java Vulnerabilities. We’ll explain why Java has this dubious reputation, what’s being done to address the issues and what you have to do to reduce your exposure. You’ll learn about Java vulnerabilities in general: how they are reported, managed and fixed as well as learning about the specifics of attack vectors and just what a ‘vulnerability’ actually is. With the continuing increase in cybercrime it’s time you knew how to defend your code. With examples and code this talk will help you become more effective in reducing security issues in Java.
Unraveling Ebola One Tweet at a Time: Dynamic Network Analysis of an Ebola-Re...Paragon_Science_Inc
A sample of 2.5M tweets mentioning "Ebola" was collected during November 5-12, 2014. The titles of the 6227 web pages referenced by the tweets were used to cluster the web pages into roughly 100 topics. Then Paragon Science's patented dynamic anomaly detection software (http://www.paragonscience.com/intellectual_property.htm) then identified the top five most-anomalous topics. This research demonstrates how these techniques allow us to focus attention quickly on viral, emerging topics. A video showing an animation of those anomalous topics and the key related web pages for every hour of that week in November 2014 is available at https://www.youtube.com/watch?v=AEQ02hv4Xjw.
In this talk we’ll cover all aspects of Java Vulnerabilities. We’ll explain why Java has this dubious reputation, what’s being done to address the issues and what you have to do to reduce your exposure. You’ll learn about Java vulnerabilities in general: how they are reported, managed and fixed as well as learning about the specifics of attack vectors and just what a ‘vulnerability’ actually is.
Burning Down the Haystack to Find the Needle: Security Analytics in ActionJosh Sokol
This document discusses security analytics and how analyzing data from multiple security tools can provide greater visibility into threats. It introduces Josh Sokol and Walter Johnson who will discuss how security tools often work in silos and how an ecosystem where they can share data can help answer questions like whether a system is under attack. Network flow data is described as important "glue" that can tie events together to illustrate attack progressions.
The document discusses using honeypots for network security analysis. It begins with background on honeypots, explaining that they are decoy systems meant to attract cyber attacks. The document then discusses threat intelligence gathered from a honeypot including unique source IPs, attacked ports, downloaded scripts and their origins, and affected internal IPs. It notes the top devices targeted were outdated routers and IP cameras. The document concludes with discussing internal analysis and challenges convincing a client they have an issue after honeypot alerts.
Nowadays REST APIs are behind each mobile and nearly all of web applications. As such they bring a wide range of possibilities in cases of communication and integration with given system. But with great power comes great responsibility. This talk aims to provide general guidance related do API security assessment and covers common API vulnerabilities. We will look at an API interface from the perspective of potential attacker.
I will show:
how to find hidden API interfaces
ways to detect available methods and parameters
fuzzing and pentesting techniques for API calls
typical problems
I will share several interesting cases from public bug bounty reports and personal experience, for example:
* how I got various credentials with one API call
* how to cause DoS by running Garbage Collector from API
Linked Data and Search: Thomas Steiner (Google Inc, Germany)FIA2010
- Google is working to make sense of data on the web by structuring it using formats like Microdata, RDFa, and Microformats. This allows them to display rich snippets for certain types of information like reviews, events, recipes, and people.
- The use of structured data on websites is growing, with over 40,000 sites using Microformats and over 2,500 using RDFa. This enables richer snippets in Google search results.
- Google envisions even richer snippets in the future that integrate user social graph data or multimedia semantics to provide more context and direct comparisons.
Collabnix Community conduct webinar on regular basis. Swapnasagar Pradhan, an engineer from VISA delivered a talk on Traefik this January 11th 2020. Check this out.
Rishi Malik - How to write insecure software: It's easier then you think!Rishi Malik
Rishi Malik gave a talk on how to write insecure software. He discussed major security breaches like Equifax that compromised personal data. Malik showed how easy it is to exploit vulnerabilities like remote code execution. He emphasized the importance of security best practices like automated patching, code reviews, and threat modeling based on the type of application and data. The talk demonstrated common vulnerabilities in web applications and dependencies to help engineers avoid mistakes.
The document discusses Amazon Alexa and voice technology. It provides an overview of Alexa's history from the 1970s to present, describes how Alexa works and how skills are developed for Alexa. It also discusses the growth of Alexa and voice assistants, and examples of how voice assistants may be used in the future for applications like smart home control and business productivity.
This document summarizes the key details of the price drop alert service Cheapass.in, which was launched in June 2014. It currently has over 5,000 active users tracking more than 30,000 products. On average, it generates a 4.85% commission from retailers. The founder discusses several lessons learned around building software at scale, including issues with dynamic module loading, updating nested arrays in databases, pulling large amounts of data into memory, spawning external processes, relying on third party systems, and more. He also covers strategies for user growth, like incentivizing user referrals and prioritizing shipping minimal viable products over perfection.
Building machine learning systems remains something of an art, from gathering and transforming the right data to selecting and finetuning the most fitting modeling techniques. If we want to make machine learning more accessible and foster skilfull use, we need novel ways to share and reuse findings, and streamline online collaboration. OpenML is an open science platform for machine learning, allowing anyone to easily share data sets, code, and experiments, and collaborate with people all over the world to build better models. It shows, for any known data set, which are the best models, who built them, and how to reproduce and reuse them in different ways. It is readily integrated into several machine learning environments, so that you can share results with the touch of a button or a line of code. As such, it enables large-scale, real-time collaboration, allowing anyone to explore, build on, and contribute to the combined knowledge of the field. Ultimately, this provides a wealth of information for a novel, data-driven approach to machine learning, where we learn from millions of previous experiments to either assist people while analyzing data (e.g., which modeling techniques will likely work well and why), or automate the process altogether.
MongoDB World 2019: DIY Glucose Monitoring with Open Source, MongoDB, and GCPMongoDB
Monitoring daily glucose is a hobby for some and a necessary life skill for others. In this talk, I will give a quick tutorial on continuous glucose monitoring solutions for yourself using GCP free tier, Atlas free tier, and open source software. We'll also spend a bit of time talking about mobile solutions in this space, and alerting with Stitch.
The document discusses open source, shareware, and freeware software. It defines each term and explains their differences, particularly regarding access to source code and ability to modify. It also summarizes key benefits of open source like reliability, stability, and cost benefits. Common misconceptions about open source are addressed. The document provides an overview of areas to consider when adopting open source in schools, such as using it first for backend systems before moving to other areas like course management, productivity software, and operating systems.
Your adversaries continue to attack and get into companies. You can no longer rely on alerts from point solutions alone to secure your network. To identify and mitigate these advanced threats, analysts must become proactive in identifying not just indicators, but attack patterns and behavior. In this workshop we will walk through a hands-on exercise with a real world attack scenario. The workshop will illustrate how advanced correlations from multiple data sources and machine learning can enhance security analysts capability to detect and quickly mitigate advanced attacks.
Your adversaries continue to attack and get into companies. You can no longer rely on alerts from point solutions alone to secure your network. To identify and mitigate these advanced threats, analysts must become proactive in identifying not just indicators, but attack patterns and behavior. In this workshop we will walk through a hands-on exercise with a real world attack scenario. The workshop will illustrate how advanced correlations from multiple data sources and machine learning can enhance security analysts capability to detect and quickly mitigate advanced attacks.
Nicolas Grenie's presentation from HTML5 Dev Conf. 2014:
There is currently a major shift sweeping over the software industry. With each passing day the world is becoming more and more API-driven. When building an API there are many design options and Hypermedia is the new emerging way of designing APIs. Hypermedia APIs are widely used by companies such as Paypal and Amazon. In this session I will discuss the principles of Hypermedia APIs and the different ways to implement one in Node.js. I will first introduce you to a basic implementation using Express and then move on to a more advanced solution using a dedicated framework: Fortune.js. I will also share my experience of building APIbunny (http://apibunny.com), an API-driven easter game.
SXSW2018 - Designing & Building for a Data Science FutureDan Chuparkoff
Data science, machine learning, and neural nets are changing the way people make decisions. Regardless of your industry, the future of your business depends on the power of these technologies. This talk breaks data science down into simple terms that we can all understand and shows you how to design and build great products that drive exponential growth. It's time to leverage the power of algorithms, build innovative products, & drive customer excitement! This talk will show you how.
Similar to Enfuse_2016_Internet_of Things_Rajewski (20)
SXSW2018 - Designing & Building for a Data Science Future
Enfuse_2016_Internet_of Things_Rajewski
1. 1
Internet of Things Forensics
Jonathan T Rajewski
Director – Senator Patrick Leahy Center for Digital Investigation
Associate Professor – Champlain College
2. 2
• We will cover a lot of devices today
• This will be a “learning lab”
Internet of Things Forensics
Overview
4. 4
Speaker
Jonathan Rajewski
Professional Certifications
EnCe, CCE, CISSP, CFE
Professional Associations
Board Chair - BTV Ignite, DFCB – Digital Forensic Certified Practitioner
“Founder”, CDFS -Consortium of Digital Forensic Specialists, ISFCE –
International Society of Forensic Computer Examiners, ACFE –Association
of Certified Fraud Examiners, HTCC – High Tech Crime Consortium
Recent Awards/Recognition
2014 US Ignite Application Summit Best Public Safety Application
2014 Honored by FBI director James B. Comey
2013 4 under 40 -Hilbert College
2013 C. Bader BrouiletteAlumni Leadership Award -Champlain College
2012 Top Digital Forensic Professor –Digital Forensics -Princeton Review
2012 Best 300 Professors in the United States - Princeton Review
2011 Digital Forensic Examiner of the Year - Forensic 4cast Awards
@jtrajewski
5. 5
"Behind this glass
is incredible talent
and this country in
general and the
FBI in particular
needs those
folks,"
-FBI Director
James Comey
Overview
6. 6
A Special Thank You to our student research teams (Echo and Iot)
Christopher Antonovich
Jason Ehlers
Matthew Lantange
Mary Braden Murphy
Tyler Nettleton
Zachary Reichert
Emily Shelton
Kelsey Ward
LCDI Research Assistants
11. 11
Data accessibility
Device
• Native application
• App files (json/sqlite/cache)
• Physical extraction - JTAG/Chip off etc.)
Network
• HTTP / HTTPS – Both are used by devices
• Protocol Analysis (BT/SDR to profile which
devices are available.)
Cloud
• Web Interface/Subscriber email account
• IDE/API
• Subpoena/Search Warrant/Court Order
12. 12
A baby change table that’s connected to the internet
Hatch Baby
21. 21
Forensic Artifacts
WinkHub
As devices are provisioned with Wink, an entry is populated in PersistanceDB
com.quirky.android.wink.wink/databases/PersistanceDB
SQLite database
35. 35
Make all lights red.
Light 1 in persistence DB has the
following x and y values
Using the CIE 1931 color graph to
plot these values, the resulting color
is in the red area of the graph and
thus matches with the user action of
changing lamp 1 to red.
37. 37
Zoomed in on the CIE 1931 graph, there is a
curved black line that represents these
values on the color spectrum.
The “color_temperature” value in the data
represents the Kelvin number [2000 .. 6500]
38. 38
She doesn’t record your voice until you say her name
Alexa is always listening…
Amazon Echo
39. 39
Account information
Timestamps of what Alexa heard during the period activated
The actual text of what Alexa heard
The given response
The URL of the file location on Amazon server
The actual audio of the last played response (via the app)
Forensic Artifacts
Amazon Echo
40. 40
Account information
com.amazon.dee.app/cache/org.chromium.android_webview
Step 1 - Decompress the gziped files
Step 2 - search for the following:
{"accounts":[{"email": -This will give you the base account as well as the
Amazon customer ID
customerEmail":” - This will give you the Amazon Prime Music email
account and customer ID
Forensic Artifacts
Amazon Echo
42. 42
Interactions with Alexa
com.amazon.dee.app/cache/org.chromium.android_webview
§ Step 1 - Decompress the gziped files
§ Step 2 – Find your favorite Json viewer and/or forensic tool J
§ Step 3 – Search for the following:
▫ Alexa heard: or playbackAudioAction -This will show you the location of “cards” that contain text Alexa heard from the user
▫ primaryActions – This is what Alexa did with the query (backend)
▫ "descriptiveText": or "title": - This will show you the response from Alexa – what was said out
loud or played.
▫ ,"cardType": - This is present in all “cards”, will yield more results
Forensic Artifacts
Amazon Echo
43. 43
Interactions with Alexa
com.amazon.dee.app/cache/org.chromium.android_webview
Forensic Artifacts
Amazon Echo
Alexa heard: or playbackAudioAction -This will show you the location of
“cards” that contain text Alexa heard from the user
primaryActions – This is what Alexa did with the query (backend)
"descriptiveText": or "title": - This will show you the response from Alexa
– what was said out
loud or played.
,"cardType": - This is present in all “cards”, will yield more results
47. 47
Username and password in plaintext
• Username and password
• The SSID that the phone was connected to can also be seen
• The log no longer exists after an the version 2.71 update
Samsung SmartCam
58. 58
We just found this on our air-gapped
network
Hands-on Scenario
Can you use data from the IOT
devices installed at this facility
to determine what happened?
59. 59
Amazon Echo
Samsung Camera - SamsungSmartCam_SDCard.Ex01
Samsung Smartthings
Wink
Email me your answer
Data for you to review
Hands-on Scenario
60. 60
Thank You
Jonathan Rajewski | Director | Senator Patrick Leahy Center for Digital Investigation
@jtrajewski | rajewski@champlain.edu | jtrajewski@gmail.com