FUTURE TECH CORE PROGRAM (2023 - 2026) / Multifunctional portable unit for combating digital crime

Multifunctional portable unit for combating digital crime

Project Coordinator: Deniss-Bogdan Onofrei-Riza

General objectives of the project

  • Development of integrative modules of commercial solutions but also proprietary solutions developed for this project that provide support for forensic investigations related to the computer spectrum (desktop or server);
  • Development of integrative modules of commercial solutions but also proprietary solutions developed for this project that provide support for forensic investigations related to the spectrum of mobile devices;
  • Development of integrative modules of commercial solutions but also proprietary solutions developed for this project that provide support for forensic investigations related to the spectrum of equipment and data that make up a computer network;
  • Development of integrating modules of commercial solutions but also proprietary solutions developed for this project that provide support for forensic investigations related to the spectrum of data stored in "cloud" structures;
  • Development of integrative modules of commercial solutions as well as proprietary solutions developed for this project that provide support for forensic investigations related to the data spectrum and encrypted devices;
  • Development of integrating modules of commercial solutions but also proprietary solutions developed for this project that provide support for forensic investigations related to the spectrum of wireless flows and equipment;
  • Development of integrative modules of commercial solutions but also proprietary solutions developed for this project that provide support for forensic investigations related to the spectrum of GSM flows and equipment;
  • Development of integrative modules of commercial solutions but also proprietary solutions developed for this project that provide support for forensic investigations related to the spectrum of cryptocurrency transactions.

Project description

Preventing and protecting against attacks targeting IT&C components, complex IT&C infrastructures and emerging technologies remains a difficult task. The complexity of heterogeneous collections of hardware and software components is rooted in the diversity of development contexts and maturity levels, in the massive exchange of information and data, and in the various programs related to the life cycle of systems that generate very dynamic behaviors. The rise of encrypted flows over the Internet (or proprietary networks) requires the adoption of new techniques for detecting suspicious cyber activity and traffic patterns (for classifying flows), while maintaining confidentiality.

Technological progress certainly has many benefits, but it also undoubtedly represents a new challenge in terms of the application of laws and regulations in the field, as the increase in cybercrime and digital fraud has evolved proportionately upwards.

The use of different methodologies to intelligently recover and outline data (in all its complexity and from any type of medium) for legal purposes is limited in obtaining these "samples" due to rapid changes in technology and the evolution of devices. With different operating systems and a wide range of models being released on a monthly basis (both in the PC component environment and in the mobile device industry) it is increasingly difficult to develop traditional data "extraction" mechanisms. Digital evidence is especially relevant in situations where the device(s) (or its owner(s) may be the subject (subjects) of criminal, civil, accidental (informational) or corporate investigations. The extraction of this information, as well as the "intelligent cataloguing" of data in order to transform it into solid and complex evidence constitute the final results of the application of "advanced algorithms for data acquisition and analysis in order to generate the artifacts necessary for the main sectors of digital crime".

In an attempt to cover and supplement through full support the concrete activities of combating and preventing digital crime (during the course of judicial investigations and/or the taking of evidence), this project aims at the development and implementation of a complex system of software-assisted hardware equipment capable of covering (in a portable/field form) the vast majority of the needs generated by the main sectors of the "cybercrime" field: forensic investigation of computers, forensic investigation of mobile devices, forensic investigation of data transiting a computer network, forensic investigation of data stored in cloud structures, forensic investigation of encrypted flows, data and/or devices, forensic investigation of wireless flows and equipment, forensic investigation of GSM flows and equipment and forensic investigation of cryptocurrency transactions. This advanced solution for preventing and combating digital crime and fraud also involves (by its nature) the development of an innovative integration platform that facilitates access to the information resources of the "cybercrime" and "cybersecurity" sectors, while offering the possibility of acquiring, processing and storing all the information related to the mentioned sectors and devices that may contain sensitive artifacts.

Results

  • Software solution for diagnosis, data extraction and storage, primary data analysis and advanced analysis of artifacts contained in devices that can take the shape of computers;
  • Implementation of data recovery equipment from logical and/or physical support with the possibility of recovering and regenerating sensitive files of the analyzed operating system;
  • Development of a hardware/software solution capable of collecting data related to the same case (from different storage media);
  • Elaboration and implementation of methodologies for collecting, investigating and evaluating the data contained in mobile devices;
  • Implementation of the data recovery module related to Android and iPhone devices, as well as the specific analysis of the data contained by the main digital messengers;
  • Implementation and testing of third-party ways of recovering the data contained by SIM cards, with the possibility of applying specific techniques to the cloning processes of these components;
  • Development of components capable of collecting data trafficked in third-party IT environments and analyzing them in real time;
  • Generating methodologies for preventing or detecting flows that define possible malicious attacks (as well as identifying the emitting viral bodies);
  • Development of equipment capable of computer auditing two main components of data traffic: network and web structures;
  • Implementation of solutions capable of generating traffic in order to test "cloud" structures;
  • Implementation of a module that interfaces the access of personal data contained in "cloud" structures (by using credentials or trying to generate them);
  • Development of protocols capable of unifying encrypted data recovery algorithms for devices running under Android and iOS mobile operating systems;
  • Development of solutions that provide support for recovering the credentials of office documents as well as PDF documents;
  • Identification of algorithms capable of selecting encrypted files in order to establish the complexity related to decryption as well as to extract any encryption keys (FileVault2, True Crypt, Vera Crypt, Symantech, PGP, LUKS, Bitlocker);
  • Development and implementation of viral bodies in order to detect security breaches related to certain mobile operating system kernels;
  • Dedicated Wireless, Bluetooth or GSM pentesting services (sustained IT audit);
  • Discovery of vulnerabilities in the algorithms that generate wireless security keys through attack methods, captivity portals or advanced traffic analysis (in order to identify the elements necessary for these types of operations);
  • Development of solutions capable of detecting and monitoring the GSM spectrum with the help of collecting and analyzing certain attributes that define mobile equipment in the targeted area;
  • Implementation of security policies regarding the remote operation processes of this portable multifunctional unit;
  • Services for identifying the position of GSM equipment in a predefined area;
  • Development of working tools specific to the investigation of cryptocurrency transactions (including at the level of the main trading exchanges);
  • Elaboration of a protocol for verifying transaction links, as well as for tracking and verifying the money flow transiting blockchain structures;
  • Integration of OSINT tools and techniques in order to identify Bitcoin-specific services and generate the reports necessary for computer searches;
  • Development of algorithms (possibly by implementation) that offer the possibility of identifying and correlating certain events from the past or present with the help of complex analysis applied over the collected data sets.
Short description

The main goal is the design and implementation of a complex system of software-assisted hardware equipment capable of covering (in a portable / field form) the vast majority of the needs generated by the main sectors of digital crime: computer forensics, mobile device forensics, forensics of data transiting a computer network, forensic investigation of data stored in cloud structures, forensic investigation of encrypted flows, data and / or devices, forensic investigation of wireless flows and equipment, forensic investigation of GSM flows and equipment, and forensic investigation of cryptocurrency transactions.