The personal blog of Jonathan Rajewski
Cybersecurity is becoming the Number 1 concern for General Counsels and Directors. (Law.com)
On Thursday, September 27, 2012 I will be speaking at the Sugarbush Resort on the topic of Cybersecurity. Here is a link to the program on Champlain College’s website. Click here for the PDF.
Below is a visual of the agenda. After the presentation I will post up slides/content.
CyberSecurity is a very broad term that could be considered an umbrella expression for a number of areas. In 2009 President Obama declared that the “cyber threat is one of the most serious economic and national security challenges we face as a nation” and that “America’s economic prosperity in the 21st century will depend on cybersecurity.”
The Department of Homeland Security (DHS) put together a dramatic video highlighting the career of a CyberSecurity professional. Also please note that on the DHS website you can apply for their internship program.
My primary role at Champlain College is to educate students in the areas of digital forensics and CyberSecurity. When I see something like the Cybersecurity Act of 2012 making headway in the US Senate and President Obama writing an article in the Wall Street Journal to support the passing of said Act, colleges across America should be actively preparing to educate the future workforce.
Based on my knowledge of the industry and reading the Cybersecurity Act of 2012, there are going to be a plethora of jobs created/maintained in the following areas:
Finding the right information when you’re looking for it sometimes takes a while. I wanted to share with you some information that I quickly put together on the GPT partitioning scheme.
While doing some course development work for a graduate couse titled “Operating System Analysis“and I wanted to locate a current resource on the GPT partitioning scheme. Of course we could all default back to File System Forensic Analysis by Brian Carrier (of which everyone should have on their bookshelf), but I was hoping for a free resource that students could also reference.
I found a few resources, but the Unified Extensible Firmware Interface Specification paper does an excellent job describing the GPT data structure. Present in the above referenced document you will find technical details as well as visuals to compliment your leaning. It also does somewhat of a comparison of MBR/GPT if you wanted to learn more on that. Most forensicators know about the MBR, but based on conversations with some colleagues few have really examined GPT up close.
Here is a cheat sheet of sorts from the lecture slides building. These include references from the UEFI paper (above) Carrier’s book and Bruce J. Nikkel’s paper, Forensic Analysis of GPT Disks and GUID Partition Tables which was originally published by Elsevier in Digital Investigation The International Journal of Digital Forensics and Incident Response Vol. 6, No. 1-2 (doi:10.1016/j.diin.2009.07.001)
 |
| Slide from Rajewski’s lecture on MBR/GPT as it relates to computer forensic investigations |
My wife and I had our first baby in June. I’ve been spending a lot of time with the family so I’ve been pretty much non-existant on social media. I plan on being back full tilt sometime in August. Until then, please enjoy this photo. This has been one of our favorite places to get to know each other.
 |
| Jonathan spending quality time with Elijah |
 |
| IBM AIX Server |
I saw your post on one of the forensic forums and thought I would share this, not a failure but lesson learned that delayed my work. When imaging sometimes matching file system to file system is best. I was imaging a 1TB RAID’d storage device connected to an old IBM AIX minicomputer. A logical acquisition was the cheapest option, so that was what the client asked for. I thought no problem, no external connection such as a USB or firewire, so it was going to be over the 10MB connection. I had 1.5 TB drives so no problem…..right. I connected and mounted the drive to my forensic laptop running Linux, and proceeded to pipe all the files via scp from the IBM’s RAID over the network to my laptop, everything was going well for a day, then all of sudden the job would quit no error messages, just stop short. I checked the drive still room, so I was perplexed. Tried again with a different drive, same result. I knew something was up, but not exactly what. My drives were formatted with NTFS. Hmmm …Linux, maybe try a Linux file system. I took another drive reformatted as EXT3 and restarted the process. Ran without an issue. What I found out later was the system admins didn’t want to spend money on more storage for that old box, so they kept dropping the cluster size down and down so they could keep adding files. What I gathered is I hit the NTFS’s maximum file capacity before the scp was done. So lesson learned was sometimes you need to work apples to apples if you have an unexplained issue.
I followed up with question for this person –
NFTS’s maximum amount of files per volume is 4,294,967,295 (2^32-1), How many files were on the EXT3 partition?
Their response was:
That was what I thought, I didn’t do any research on it, does seem a little out there to be that. The RAID device ran for many many years and no maintenance was don. From what I was told, the sys admins, kept lowering the cluster size to pack in more data, until they got down to 1 cluster = 1 sector. I was thinking I had hit some limitation of NTFS which made it stop copying to the device, since switching to ext3 resolved the issue. I had plenty of space left on my NTFS drive.
The drive we brought back was used with Encase and we didn’t have any problems exporting out the files to the network and going into our review platform. Thinking back know and from other experiences, it could have been a long file name/path issue too since NTFS doesn’t handle those and I had other issues with LFNs on their SAN that we imaged later.
In closing, please help this mini project by submitting what you’ve learned. Thank you.
On April 23, 2012, Jonathan Rajewski appeared on Fox44’s evening news. The topic of the conversation surrounded the DNSChanger malware and how on/after July 9th, 2012 those infected won’t be “protected” any longer.
We also discussed how one could check to see if they are infected, remediation steps and best practices to avoid these types of malicious tools. Below is a video of the interview.
I’ve mentioned this in the past, but the most effective way to disable / prosecute these international offenders is via productive/collaborative efforts by the international “good guy/girl” community. Most malicious actors are decentralized which means we need a collective effort to fight these criminals so they can be brought to justice. The Internet doesn’t recognize national borders, therefore laws on one country doesn’t necessarily translate to another. This is just one of the issues when investigating these types of cases.
Looking back at yesterday’s experience, Brittney Hibbs, the Fox44 reporter asked all of the right questions and made the interview flow very well. I really hope that the Vermont community learned from this broadcast and hopefully checked their home/work computers to see if they were infected.
All systems are go for this weekend’s first ITS technology conference (“CUT”).
| Computer Information Technology (CIT) | |
| Web Site for Champlain Valley Down Syndrome Group | Jason DaSilva |
| Comparison Project on Three Content Management Systems | Derek Izor |
| Web Site for Parenting Resource Directo ry |
Bonnie Bohan |
| Current Cybercrime Legislation | Stephen Pinkham |
| What are the challenges associated with bringing high speed Internet access to rural areas? | Andrew Ventre |
| How are we motivating/using Internet hedonists to solve real world problems currently, and is there anything more that can be done? | Erik Warnick |
| Depression and Pathological Internet Use (PIU) | Michael Berry |
| Technology and Education | Nicholas Weible |
| Enterprise Architecture | Jason Eastman |
| Solar powered computing | Jordon Hamilton |
| Web Site for Radiant Floor Heating | Nick Edwards |
| Web Site for Winooski Natural Resources Conservation District | Erik Wallace |
| Computer and Digital Forensics (CDF) | |
| P2P Computer Forensics: Examiners Guide | Timothy Fernalld |
| Google Chromebook Forensics | Stephen Jablonski |
| Android Memory Forensics | Ryan Dixe |
| Kindle Forensics: A Look at the Amazon Kindle Fire | Megan Percy |
| The Investigation Handbook for System Restore Applications. A look into a forensic analysis o f Deep Freeze, Returnil, and Toolwiz TimeFreeze |
Louis Donalds |
| An Investigator’s Guide to Basic Malware Analysis | Kyle Heath |
| Quick Response Code Malware. The study of a population’s use of quick response codes for the potential of a distributed malware attack on cellular telephones | Jason Hall |
| Xbox 360 Slim: Network Traffic Analysis. “Jump In” to Network Traffic Analysis | Giovanna DiSipio |
| MBR Malware Analysis: TDL4 & Alworo. They Hide, You Seek | Corrie Erk |
| Biometric Authentication Forensics | Conor Shaughnessy |
| Android OS v. 4.0 Forensics. A forensic look into the new version of the popular mobile OS |
Alexander Caron |
| Volatile Memory Malware Analysis. Investigation Techniques Focusing on Artifacts in RAM | Ben Rogers |
| Computer Networking and Information Security (CNIS) | |
| ESXi QoS | Geoff Altermann |
| FreeBSD implementation | Brennan Connors |
| Network Design and Enterprise Architecture | Ian Davis |
| Wireless Mapping and Security | Daniel Espinoza |
| XBees | Silver Evans |
| Virtualization of Network | Brian Fabiano |
| Computer Worm Propagation Analysis | Jon Ferretti |
| Small Business IT Infrastructure | Taylor Howe |
| The Onion Router: Performance | Patrick Moore |
| Data Exfiltration | Kevin Reilly |
| Physical Security and Electronic Locking Systems | Andrew Smith |
Why would one want to study digital forensic failures? The same reason one practices what to do in a sporting game situation – so they’re prepared for the real game. A related reason is when a Football player watches game tape – they can learn from their and others mistakes. Lawyers conduct mock trials etc…
 |
| Learning is important |
“It’s all about the students” – This was my answer to the question “Why do you teach?” posed to me few weeks ago by an industry professional. Preparing students for their future careers in the digital forensic / incident response / cyber security industries is something that I really enjoy. It’s also one ways I can contribute to the cyber security / computer forensic / incident response industries. Granted, I still practice digital forensics with Vermont local/state/federal law enforcement and at the Senator Patrick Leahy Center for Digital Investigation but my primary position is to teach. And for the record – for those that I haven’t met in person, I’m not your stereotypical “ivory tower academic” by any means.
In order for students to really get passionate about something, they need to feel that passion from the professors teaching the courses. This is one of my secrets of success – “Do what you love and to the best of your ability and everything will take care of itself”. As a computer forensic professor at Champlain College I’m given the opportunity to mold the minds of the future cyber worriers. The college has allowed me to rewrite most of the undergraduate curriculum to keep standards high, while allowing for cutting edge material to be incorporated into lectures and hands on activities.
On April 3, 2012 the Princeton Review’s Best 300 Professor list was released. I’m very honored to say that I was included on this list as the only Digital Forensic Professor. Needless to say I know there are many (many) excellent professors teaching this area, which is why I’m hoping to see more recognized in the next cycle. For the past five years teaching in higher education I’ve learned a lot from industry experts, students, colleagues including faculty here at Champlain College and others who I collaborate with from across the world. I hope only to continue to help students and others by continuing to collaborate in the future.
 |
| Best 300 Professors Book Cover |
Digital Forensics
Jonathan Rajewski, MS, CCE, EnCe, CISSP, CFE
Assistant Professor of Digital Forensics, Champlain College
“Through our faculty’s ongoing connections to and work with local law enforcement and the digital forensics industry, we’re able to bring the current trends of digital forensics—all those rapid evolutions that are happening outside in the field—into the classroom every day,” says Jonathan Rajewski, an assistant professor of digital forensics at Champlain College in Burlington, Vermont. “And students here are benefitting tremendously from that experience.”
Previously employed as a senior consultant for a global consulting firm where he travelled the world conducting and managing digital forensics investigations, professor Rajewski is not only a faculty member at Champlain, but he is also the co-director/principle investigator of the Champlain College Center for Digital Investigation (C3DI) and an examiner for the Vermont Internet Crimes Against Children Task Force. Recently named the “Digital Forensic Investigator of the Year” by Forensic 4cast, professor Rajewski is as passionate about teaching and empowering students to become leading-edge digital forensics professionals as he is about the exiting work of digital forensics itself.
Despite the relative complexity and unfamiliarity of most people with the field, professor Rajewski is committed to giving his students a complete education in digital forensics from the ground up. “Incoming students don’t need to be ‘techie’-type people,” says professor Rajewski, “they need to be people who love to learn and apply knowledge. So you don’t need to come in as computer expert to be hugely successful in this program—our first-year foundational courses give you all the grounding you need.” His students agree, saying through his classes, “you will NEVER be confused.”
Students also report that professor Rajewski “cares about what we think of the class and makes changes accordingly,” and he “goes the extra mile to make sure you understand the information being presented.” Very technical topics are broken down into laymen terms, followed by him showing the class “how it actually applies to the subject.” He also gives real-time demonstrations when someone asks a question, then has the students apply that topic to a hands-on activity. “This method reaches all learning styles: visual, auditory and kinesthetic learners,” professor Rajewski says.
Through this detailed, hands-on approach to learning, his students gain mastery-level understanding of the subject matter. “I want students to become experts,” says professor Rajewski. “The Champlain digital forensics curriculum has been built around what the industry needs. We polled the industry and studied job descriptions to find out what skills the industry is requiring for certain positions in the field, and we’ve created courses to match those needs.” This industry-based curriculum has been highly successful for students and grads alike: last year, recruiters from major consulting firms and government agencies came to Champlain College for the express purpose of interviewing Champlain’s digital forensics majors for summer internships and full-time positions—a high percentage of students were hired as a result of those meetings. “It’s really impressive that the employers come to us seeking out our students,” says professor Rajewski.
Professor Rajewski says that in addition to the depth of forensics course offerings, digital forensic majors get unparalleled experience in the Champlain College Center for Digital Investigations(C3DI) working in a real digital forensics investigation lab. “What our students become capable of doing is tremendous,” he says. “A big part of that is the experiences they have working in C3DI conducting the digital forensics research that helps local law enforcement solve actual cases. It’s also an amazing resume builder.”
Professors Rajewski’s teaching style is as hands-on as his students’ educational experience in Champlain’s digital forensics. program. Each course is presented differently, and Professor Rajewski tends to draw from experience and tell stories about why the
discussion topic is important for the students to understand. By their senior year, students are well prepared to take the Capstone course in which they conduct research into a ‘new’ technology and create a presentation and report of how they would forensically analyze a device or Internet service. “This year, many of our students conducted research that hasn’t been done before, making new discoveries—a number of papers they wrote have a high probability of being published in digital forensic industry publications,” professor Rajewski reports. “Now, that’s truly impressive.”
It’s all about the results with professor Rajewski. And, he’s proud of what his current and former students have achieved already. “Our students come from all over the world,” he says. “And we’ve seen them land positions with local law enforcement, the federal government, the Department of Homeland security and other Department of Defense agencies as well as government contractors and consulting firms from across the country.”
Five other Champlain College professors were recognized in the book. Here is a list of names and links to their college profiles:
The end is near… Only a nine more days until this year’s Champlain College computer forensic senior capstone projects are due. In the past few weeks however, some of them have modified and/or completely changed their projects. The good news is, they are all diligently working on something that is relevant to what they plan on doing after graduation. The reasons for the last minute changes are actually very normal – students discovered that their original plan or research needed to change.
 |
| John Pile – Game Programming Professor @ Champlain College |
This year, instead of the traditional poster session – Champlain College’s John Pile is hosting our first ever technology conference where any Information Technology student can submit a project to present on. More on this in the coming weeks. We are so happy to be able to showcase the work of our students 🙂