Date and Time:
Tuesday, March 19, 11:00 – 13:00
This workshop is hybrid (online and face-to-face).
Description:
AARDWOLF is an EU-funded project with the goal to quickly identify which files are modified, deleted or created due to actions performed on the device, for instance by using an app. The generated files and traces by app will be stored in a reference database to share generated data with other users. The purpose of this database is to allow investigators using Argus to share information from their own experiments and re-use information on experiments already uploaded by others, thereby avoiding duplicate work and speeding up investigations by enhanced cooperation. Additionally, the Aardwolf tool ‘Online Store Scraper (OSS) ‘ periodically downloads installation files and metadata of a specified list of apps from the iOS and Android app stores and stores it in a reference database, thereby creating a historical set of versions of the app. This allows investigators to not only perform reference experiments on the current version of an app, but also on older versions which may be more relevant for the investigation.
Preparation Details:
For the upcoming demo, a Linux or Windows computer is needed with Python (v3.8 – 3.11) installed and added in the Path environment. Each user must request an account using the url https://aardwolfproject.eu/register/ and upon validation of the user, account credentials will be provided. Then the users can navigate to resources tab and get the latest version of Argus according to the OS they want to use. Other essential hardware are rooted Android and jailbroken iPhone devices or a rooted android emulator (Android Studio emulator without Play Store Icon.
Workshop organiser:
Abdul Boztas is a senior digital forensics scientist at the Netherlands Forensic Institute and a part-time lecturer at the University of Applied Sciences in Leiden. He is a registered expert and examiner in the field of digital forensics at the Netherlands Register of Court Experts (NRGD). Abdul received his MSc in Computer Science from the Delft University of Technology. He is the project lead of Aardwolf (www.aardwolfproject.eu)
Christos Hadjigeorghiou has been working at the NFI for the past year. His background is BSc in Computer Science and MSc in Forensic Science with his current job being research assistant and helping the team in the development of the AARDWOLF project.
Angelina Claij is a forensic software engineer at the Netherlands Forensic Institute. She has an MSc in Molecular Life Sciences. Her main focus is on the development of the forensic search engine Hansken, and additionally she collaborates with the AARDWOLF team where she primarily works on developing the OSS tool.
Bouke Timbermont has been working at the NFI since 2019 as a forensic software developer for the forensic search engine Hansken. For Hansken, he focuses maintaining and expanding the support of file formats. For this work, he has developed tools to automate reference experiments. Additionally he has helped the AARDWOLF team in the development of the OSS tool. He has a MSc in Software Engineering from the University of Ghent.