Earlier this year, I was invited to join a group of smart students from DePaul University to conduct some research on the risks associated with buying and selling used electronic equipment. Our research team received over fifty different second-hand devices that were purchased and provided by McAfee, part of Intel Security. For a short video and key findings, please visit the original blog post that was published by McAfee earlier last month.
In this short blog post, I'd like to provide some insight into our group's approach with this project. I'd also like to mention that I am not affiliated with McAfee in any way, but I am a DePaul alumnus. As with any of my past and future blog posts, the views and opinions expressed in this blog are solely my own and do not express the views or opinions of my employer. Now that that's out of the way, let the show begin.
As I mentioned, this project was organized between DePaul University and McAfee. A small group was formed, and I was asked to join if I was interested. I've never really done a lot of digital forensics work in the past, but I was excited to join as I would get an opportunity to work with both hardware and software that I've never used before. To be honest, I was actually really excited to work with both iOS and Android mobile phones. We received over fifty devices that we categorized into the following categories:
- External hard drives
- iOS tablets
- Android tablets
- Printers
- Laptops
- Rack servers
- Android mobile phones
- iOS mobile phones
- Microsoft mobile phones
As you can see, a plethora of electronic devices. Our first task was to organize ourselves as a group, and define realistic goals with respect to our project deadline. This was simple - we decided to collaborate using the different Google products that are available today. The first challenge that we faced after doing some initial research was the challenge of professional tool availability, as well as our deadline. We had several devices and no tools. We didn't have a lot of luck using open-source tools, and it's probably due to lack of knowledge in the area. Nevertheless, the time horizon was still an issue.
As a result, 4Discovery, a Chicago-based digital forensics consulting firm, assisted with providing professional tools that our group learned to use on the various devices. We actually saw results, much faster than we would have performing the analysis by a different means. We managed to extract sensitive information from a cell phone that was previously restored to its original factory condition. Information such as:
- Emails
- Text messages
- Passwords
- Photos
Among other things. It's actually scary because when we buy and sell things, we generally don't think about the risks associated with this process. When it comes to computers, it's obvious - but with mobile phones and tablets for example, we generally don't think about it in the same way. However, just remember - anything that stores data likely leaves a trace somewhere that can be retrieved.
I actually had fun working with the group and specifically on this project. I'd like to thank McAfee for providing the equipment, DePaul University staff and students for providing the opportunity, and 4Discovery for providing the tools that we used for this project.