RFID Cloning with the ChameleonMini and Powershell

ChameleonMini RevG

During Citrix Synergy 2017 Remko Weijnen and Geert Braakhekke presented session SYN712: Analysis of a Hack: How to Defend and Protect with Citrix. Although it could be argued that this session was more about hacking and security than protecting Citrix implementations specifically, the information provided was extremely entertaining and informative.

One demo shown during the presentation that intrigued me the most was cloning RFID cards utilizing the ChameleonMini RevG from Kasper Oswald. Remko showed a demonstration utilizing the ChameleonMini to clone hotel key cards, public transportation passes, and even the Citrix Synergy attendee badge.  I knew I had to give it a try. Continue reading

WiebeTech Media Write Blocker

Hardware write blockers are key pieces of equipment for any forensic examiner when acquiring a forensic clone of any data.  This is true for analysis of memory cards and USB devices as well.

CRU Inc. offers another hardware write blocker to assist in the acquisition of data from memory cards and USB devices known as the WiebeTech Media WriteBlocker.  Continue reading

WiebeTech Forensic UltraDock v5.5 and VMWare Workstation 12.5

I am currently running my forensic workstation as a virtual machine within VMware Workstation 12.5.  I chose to do this for multiple reasons, some of which include snapshots to roll back the workstation, ability to test different forensic tools, test OSs for the workstation (Windows vs Linux), etc. Not to mention the cost associated with VMWare Workstation compared to having several machines running different OSs as well as the portability of it all

So far this setup has worked well as test bed for the start of my expedition.  There have been a few performance hurdles but nothing that a little patience wouldn’t take care of.  However today I ran into an issue that, although I was able to overcome is disappointing to say the least. Continue reading