Forensic Focus

Heather Barnhart from Cellebrite joins the Forensic Focus Podcast to discuss combating the rise of AI-generated child exploitation material. Heather shares her extensive experience and insights on the impact of AI and deepfakes on investigations, the challenges faced by law enforcement worldwide, and the importance of education in combating digital crimes. Heather also emphasizes the significance of validating forensic tools and the necessity of educating both professionals and the public about the ethical and legal implications of AI. 00:00 – Introducing Heather Barnhart and her background in DFIR 03:05 – The Evolution of Child Exploitation and AI 07:25 – Challenges in Detecting Deepfakes 12:15 – Reporting and Legislation on AI and CSAM 17:30 – Public Awareness and Education on AI Exploitation 25:49 – Inappropriate Social Media Practices 37:05 – The Role of AI in Digital Forensics 39:20 – Validating AI findings 49:14 – Career Reflections and Future Directions Show Notes ‘Those explicit AI-generated Taylor Swift images, unsurprisingly, came from 4Chan’, The Verge - https://www.theverge.com/2024/2/5/24061985/those-explicit-ai-generated-taylor-swift-images-unsurprisingly-came-from-4chan Take It Down - https://takeitdown.ncmec.org/ Stop NCII - https://stopncii.org/ ‘AI-generated kids draw predators on TikTok and Instagram’, Forbes - https://www.forbes.com.au/news/innovation/tiktok-predators-ai-generated-kids/ The Exodus Road - https://theexodusroad.com/

Chuck Cobb from Magnet Forensics joins the Forensic Focus Podcast to discuss training and certification. Chuck delves into his extensive background, including his tenure in law enforcement and over a decade of experience in forensic training at both Guidance Software and Magnet. He emphasizes the evolution of forensic training, particularly highlighting the challenges and opportunities that have arisen due to technological advancements and the Covid-19 pandemic. The conversation also touches on the generational differences in learners, the rise of microlearning, and the importance of scenario-based training that drives practical outcomes for students in both law enforcement and corporate sectors. Additionally, Chuck explains Magnet Forensics' approach to balancing financial sustainability with providing high-quality training. This includes their strategic use of online self-paced courses, virtual instructor-led sessions, and certifications that ensure examiners are well-equipped to handle various forensic tasks.

Blake Sawyer from Amped Software joins the Forensic Focus Podcast to discuss video and image forensics in the US. He shares insights on the challenges of working with low-quality CCTV footage and how Amped Software has grown and been adopted in the US market. The conversation delves into the role of the Scientific Working Group on Digital Evidence (SWGDE) in developing best practices for the field and how these standards influence product development. It also covers Amped's new DeepPlate technology for license plate recognition and emphasizes the importance of error margins in AI-assisted forensic analysis. Blake goes on to discuss Amped's certification program and how it complements other industry certifications. He shares real-world case examples, including the "Pillowcase Murders" investigation, highlighting the practical applications of video forensics in solving complex crimes.

Marco Fontani joins the Forensic Focus podcast to discuss Amped Software’s latest AI-powered tool, DeepPlate. DeepPlate is a deep learning system designed to read license plates affected by common issues introduced by surveillance systems, making it a valuable asset for forensic video analysts. Marco provides an in-depth overview of DeepPlate, explaining how it currently supports eight countries (France, Germany, Italy, the Netherlands, Spain, Sweden, the UK, and the United States) and how it uses separate models for each country to account for varying license plate formats. He also discusses the synthetic data generation process used for training the models, ensuring privacy and mitigating bias. The conversation delves into the limitations and considerations when using AI-based tools in a forensic workflow, with Marco emphasizing the importance of bias mitigation techniques and proper interpretation of confidence scores. He stresses that DeepPlate is an investigative tool designed to provide a second opinion, rather than a tool for court admissibility. 00:00 – What is DeepPlate and what is its purpose? 02:45 – How many countries does DeepPlate currently support? 09:30 – What are the challenges of diplomatic and personalised number plates? 11:30 – How would a forensic video analyst use DeepPlate as part of their workflow? 13:40 – Can DeepPlate be used in Court? 16:30 – What is Amped Software’s position on AI? 19:00 – What will be the impact of updated models on results? 20:50 – What kind of data is used to train the system? 23:30 – How has the system been tested? 26:15 – What are the access conditions for using DeepPlate? 28:05 – Does Amped Software retain user data for DeepPlate and if yes for how long? 29:45 – Is it possible to buy additional seats for your license? 31:00 – What are the limitations and considerations when using AI-based tools like DeepPlate for forensic and investigative purposes? 35:20 – Does Amped Software plan to use AI in other areas? Show Notes Washington State Judge Blocks Use Of AI-Enhanced Video As Evidence In Possible First-Of-Its-Kind-Ruling - https://www.linkedin.com/feed/update/urn:li:activity:7181308834370494464/ Neural Network for Denoising and Reading Degraded License Plates - https://link.springer.com/chapter/10.1007/978-3-030-68780-9_39 Introducing DeepPlate, Amped’s Investigative Tool for AI-Powered License Plate Reading - https://blog.ampedsoftware.com/2024/02/28/introducing-deepplate-ampeds-investigative-tool-for-ai-powered-license-plate-reading

Join Si and Desi for another episode of the Forensic Focus Podcast. This week, they discuss the lack of transparency and potential misrepresentation in the cybersecurity industry, particularly regarding the use of open-source tools by companies and the questionable interpretation of data and statistics in marketing and advertising. The conversation also delves into the implications of relying on computer systems and algorithms to make important decisions, such as in the case of the Post Office scandal in the UK and the Centrelink repayment debacle in Australia. They emphasize the importance of human oversight, critical thinking, and considering the human impact of such decisions, rather than blindly trusting the outputs of computer systems. 00:00 – The state of the digital forensics industry 02:30 – Desi’s talk at BSides Brisbane 05:30 – Sweaty Cyber Advice and Strongman 09:40 – Companies integrating open source software 23:00 – Advertising, statistics and logical fallacies 28:00 – The Post Office scandal and computer accountability 49:00 – Security, compliance and regulations 56:00 – Closing thoughts Show Notes Hardly Adequate YouTube - https://www.youtube.com/@hardlyadequate Oxfordshire’s Strongman & Strongwoman - https:\oxfordshire.rocks\ CPS, Computer Records Evidence - https://www.cps.gov.uk/legal-guidance/computer-records-evidence Your Logical Fallacyis - https://yourlogicalfallacyis.com/ British Post Office Scandal - https://en.wikipedia.org/wiki/British_Post_Office_scandal The Guardian, Robodebt Scandal - https://www.theguardian.com/australia-news/2023/mar/11/robodebt-five-years-of-lies-mistakes-and-failures-that-caused-a-18bn-scandal Tyler Vigen, Spurious Correlations - http://www.tylervigen.com/spurious-correlations Forensic Focus Discord - https://discord.gg/97zKvTXHeS

Sophie Powell joins Si and Desi on the Forensic Focus Podcast to discuss various topics including her recent participation in a TryHackMe webinar, the challenges of applying for graduate schemes, and the relevance of the Cyber 9/12 competition to her career in cybersecurity. They also touch on the psychology of conspiracy theories and the implications of deepfake technology. 00:00 – Welcome to the podcast 03:00 – Sweaty Cyber Advice 03:55 – Fitness and forensics 07:00 – Mental health and mindfulness 09:10 – Gamified assessments 17:00 – Video recorded self-assessments 20:10 – Filtering candidates to fill roles 24:25 – Graduate schemes versus graduate jobs 27:40 – Apprenticeships and student loans 33:40 – Starting out on a graduate scheme 37:35 – UK Cyber 9/12 Strategy Challenge 43:55 – Dangers of deepfakes 51:10 – Conspiracy theories and computer psychology 54:40 – Closing thoughts Show Notes Hardly Adequate - https://hardlyadequate.com Try Hack Me - https://tryhackme.com/ UK Cyber 9/12 Strategy Challenge - https://www.ukcyber912.co.uk/

Chris Doman, Co-Founder of Cado Security, joins the Forensic Focus podcast to discuss cloud forensics and incident response. Cado Security provides cloud-based software for collecting and analyzing forensic evidence in cloud environments. Chris discusses the challenges of cloud forensics, such as the constantly changing nature of cloud environments and the need to standardize and normalize data from different sources. Cado Security is working on partnerships with cloud and EDR vendors, as well as IR providers, and is planning to release new features related to SaaS and email compromise investigations. 00:00 – Introducing Chris Doman from Cado Security 03:00 – Starting and growing Cado Security 05:45 – Cado Community 06:30 – Cloud forensics tools 10:40 – Collecting, processing and presenting data 12:00 – Advantages of cloud to cloud 13:50 – Audit logs 16:00 – Automation 20:30 – Training and investigation support 28:00 – Release cycle and managing updates 30:30 – Roadmap 40:30 – Chain of custody 43:00 – Encryption and storage 43:30 – Cado Security at events

Alan Platt, Professional Services Consultant at MSAB, discusses his experience as a former UK police officer working in digital forensics. He talks about the different levels of digital forensics capabilities within police forces and how MSAB products like XAMN and XEC Director are used by frontline officers versus lab analysts. The discussion covers how MSAB partners with law enforcement to develop custom workflows for mobile device acquisitions that facilitate ISO compliance. Alan explains MSAB's managed service offering, where approved MSAB staff can remotely access a customer's XEC Director server to assist with software updates and troubleshooting. He emphasizes the strict data segregation policies enforced by customers to prevent MSAB from accessing any sensitive case data. Looking ahead, Alan mentions MSAB's new CEO and hints at some exciting developments coming down the pipeline. He spotlights recent enhancements to XEC Director's speed and database functionality for managing large estates of networked Kiosks. Alan also plugs the new XEC Director training he created to help users fully leverage the platform's capabilities. 00:00 – Introduction to Alan Platt 07:00 – Training 12:00 – Workflows 17:20 – Ensuring a secure environment 19:45 – Customer training 20:35 – Helping customers comply with ISO accreditation 25:00 – Validation and verification 27:30 – ISO standards 30:00 – MSAB’s pipeline plans 32:40 – XEC Director 43:45 – Privacy of user data

Nick Harvey, a former Detective Inspector in the Metropolitan Police, discusses his transition from law enforcement to his current role as a Customer Success Manager at Cellebrite. He describes his experience in tackling county lines, a form of organized crime in the UK where drug dealers set up operations in smaller towns and cities to expand their business. He also discusses the role of mobile phones in criminal investigations and how data-driven approaches can expedite the justice process. Nick goes on to highlight the challenges of explaining digital evidence to judges and juries and the potential impact of artificial intelligence in forensic investigations. He also emphasizes the importance of communication between digital forensics units and investigators and the need for tools that can handle large data sets and provide actionable insights. Nick shares his thoughts on the impact of regulations on forensic processes and the need for a balance between oversight and efficiency. He concludes by advising investigators to be open to new approaches and to focus on the objectives of their investigations. 00:00 – Introduction to Nick Harvey, Customer Success Manager at Cellebrite 02:40 – Data driven approach to tackling county lines crimes 07:50 – Changing landscape of mobile forensics 11:45 – Operation Venetic and EncroChat crime 15:20 – Ensuring admissibility of evidence 19:50 – Machine learning in crimes and crime detection 24:00 – Machine learning in Cellebrite’s tools 27:10 – Working at Cellebrite 31:30 – Managing large volumes of data 34:40 – Training tool users and empowering investigators to get the most from data 36:00 – Regulations and compliance frameworks 39:55 – Advice for digital investigators

Subscribe to the Forensic Focus Podcast: https://www.forensicfocus.com/podcast/ Keith Lockhart, Vice President of Training at Oxygen Forensics, discusses the evolution of training in the digital forensics industry. He highlights the shift towards online training and the use of technology to deliver courses remotely. He also mentions the importance of gathering feedback from customers and adapting training programs to meet their needs. Oxygen Forensics is focused on providing a range of training options, including on-demand content and hands-on training with shipped devices. Additionally, Keith discusses the company's new technologies, Oxygen Corporate Explorer (OCE) and Oxygen Analytic Center (OAC), which offer collaborative review and data collection capabilities.  00:00 - Keith Lockhart’s career  06:45 – Educational background 09:15 – Technical knowledge and software development 14:55 – Transitioning to a training role 20:05 – Sharing knowledge and presenting evidence in court 24:15 – Products and training from Oxygen Forensics 34:00 – Receiving customer feedback 35:30 – Online versus in-person conferences and training 38:10 – Providing training and tools in different languages 41:00 – Oxygen Forensic Certifications 44:10 – Oxygen Forensics’ focus for 2024

Si interviews Monica Harris from Cellebrite about new products and developments in the field of digital forensics. They talk about the importance of staying connected to the community and understanding their needs. Cellebrite has recently launched several new products, including Endpoint Mobile Now, a SaaS solution for the patent pending remote collection of targeted data on iOS and Android devices. Another new product is Mobile Ultra, a mobile forensics solution that provides access to mobile data on a wide range of iOS and Android devices. Cellebrite aims to develop technology that meets the needs of their customers and provides solutions for the challenges they face in digital forensics. 00:00 – Introduction to Monica Harris and Cellebrite 03:20 – New Cellebrite products and upgrades 05:40 – Cellebrite Endpoint Mobile Now 12:00 – Storage, privacy and ownership of acquired data 13:30 – Bandwidth requirements 15:00 – Targeting specific data 18:45 – Cellebrite Mobile Ultra 22:15 – Cloud collection platforms 26:10 – Collecting data from the cloud 27:05 – Screen share and capture capabilities 29:15 – What’s coming up for Cellebrite? 32:10 – AI and machine learning 36:40 – Final thoughts and invitation to get in touch

Si and Desi interview Rich Frawley from ADF Solutions. They discuss the use of screenshots and screen recording in mobile device investigations. Screenshots and screen recordings can be used to capture evidence that may not be available through logical acquisitions, allowing investigators to add valuable information to their cases. Rich also discusses the limitations of screenshots and screen recording, such as the inability to capture certain types of data or the risk of alerting the other party in a chat conversation. He emphasizes the importance of investigators knowing their cases and making informed decisions about the best methods to gather evidence. Rich also highlights the speed and efficiency of ADF Solutions' tools, which focus on triage and intelligence gathering rather than cracking devices. He mentions the company's training programs and the ability to generate reports and share data with other tools. The conversation touches on the future of mobile forensics, including wearables and emerging technologies like smart glasses.  

Si Biles interviews Sophie Powell, Professor Sarah Morris, and Rob Black about the Cyber 9/12 Strategy Challenge. The challenge is an opportunity for students to experience a simulated cyber crisis and provide advice to senior government decision-makers. The guests discuss the value of the competition in developing multidisciplinary skills and the importance of diversity and inclusion in the cybersecurity field. They encourage students to participate and emphasize the benefits of networking and learning from industry professionals. The guests also highlight the need for more outreach and support for women in cybersecurity at all levels of education, and the work of CyberWomen Groups C.I.C.. Show Notes: Event Recap: The CyberWomen Conference 2023 - https://www.forensicfocus.com/event-info/event-recap-the-cyberwomen-conference-2023/

Si and Desi are joined by Brittany and Ailsa from digital forensics software company ADF Solutions. They discuss how ADF is addressing key challenges for digital forensics practitioners, including handling the massive volumes of data from mobile devices and the cloud. The guests outline ADF's focus on developing their software as an easy-to-use onsite triage tool that can help quickly identify pertinent evidence. Key features include advanced handling of video files, AI-assisted classification of images, and new screen recording capabilities for mobile devices that allow suspects to safely share relevant data. The hosts and guests also explore ADF's ongoing research into areas like facial recognition, handling new device types like games consoles and smart watches, and identifying deepfake media. 00:00 – Introduction to Ailsa and Brittany 03:00 – The challenge of vast amounts of data 05:50 – Recovering data from Chromebooks 08:50 – Triaging using ADF tools 12:30 – Benefits of using ADF Solutions’ tools 15:50 – Limitations in types of apps 17:20 – Keeping up with technological advancements 19:15 – ADF customer base 21:00 - Artificial intelligence in classifying images 30:00 – ADF Solutions’ triaging kit 37:00 – Training with ADF 40:00 – Target user 44:50 – Roadmap of future devices to examine 51:30 – Main focus for ADF Solutions going forwards Show Notes: AI-generated CSAM article on Sky News - https://news.sky.com/story/thousands-of-ai-generated-child-abuse-images-being-shared-online-research-finds-12991727

Si and Desi interview Emi Polito from Amped about how to become an Amped FIVE Certified Examiner (AFCE). They discuss the exam requirements and format, as well as Amped’s future plans. Emi explains that the certification is aimed at demonstrating competency with the Amped FIVE video analysis software after completing training. The exam consists of multiple choice questions on theory and practical exercises using the software. Emi talks about the online exam format and process for passing or failing. Emi also discusses the broader challenges many organizations face with validation and accreditation. He emphasizes Amped's commitment to developing tools that facilitate that process. The hosts reflect on the confusing accreditation landscape and Amped’s passion for improving training and certification in forensics. This episode provides an overview of Amped's new certification and perspective on challenges in the field of video forensics. Show Notes: Introducing The AFCE Certification (Amped FIVE Certified Examiner) - https://www.forensicfocus.com/news/introducing-the-afce-certification-amped-five-certified-examiner/ Video Evidence Principles With Amped Software - https://www.forensicfocus.com/podcast/video-evidence-principles-with-amped-software/ Digital Image Authenticity And Integrity With Amped Authenticate - https://www.forensicfocus.com/podcast/digital-image-authenticity-and-integrity-with-amped-authenticate/ File Analysis And DVR Conversion Training From Amped Software - https://www.forensicfocus.com/reviews/file-analysis-and-dvr-conversion-training-from-amped-software/ Amped FIVE Speed Estimation 2d Filter And Training From Amped Software - https://www.forensicfocus.com/reviews/amped-five-speed-estimation-2d-filter-and-training-from-amped-software/ Amped Software’s Martino Jerian on Key Challenges and Opportunities for Video Evidence - https://www.forensicfocus.com/podcast/amped-softwares-martino-jerian-on-key-challenges-and-opportunities-for-video-evidence/ LEVA 2023 Training Symposium - https://www.leva.org/ Forensic Collision Investigation & Reconstruction Ltd - https://www.fcir.co.uk/ Amped FIVE Certified Examiner - https://ampedsoftware.com/afce-certification Introducing the Amped FIVE Certification Program - https://blog.ampedsoftware.com/2023/10/04/introducing-the-amped-five-certification-program Amped Software YouTube - https://www.youtube.com/ampedsoftware How to Use the Validation Tool in Amped FIVE - https://blog.ampedsoftware.com/2023/03/29/how-to-use-the-validation-tool-in-amped-five  

Si and Desi talk to Gavin Prue and Selim Kang about their non-traditional paths into cybersecurity careers. They share their diverse educational backgrounds, from vocational college courses to returning to school later in life, and the hands-on training that helped prepare them for incident response roles. Gavin and Selim provide advice for aspiring cybersecurity professionals on the importance of networking, asking questions, having a positive attitude, and being willing to put in extra time learning new skills. They discuss the value of university degrees versus certifications, the pros and cons of accredited cybersecurity programs, and the need for continued education in this rapidly evolving field. Whether starting from scratch or changing careers, their stories demonstrate that resilience and motivation can overcome lack of formal qualifications.

Si and Desi talk to Eva Galperin, Director of Cybersecurity at the Electronic Frontier Foundation, and Emma Pickering, Head of Tech and Economic Abuse at Refuge. They discuss the impact of digital forensics and incident response (DFIR) in cases of domestic abuse. They highlight the prevalence of tech-enabled abuse, such as the use of stalkerware, and the need for comprehensive support and safety plans for survivors. They also talk about the challenges faced by law enforcement in investigating and prosecuting these cases, as well as the importance of training and awareness in addressing tech-enabled abuse. The conversation emphasizes the need for collaboration between organizations, tech developers, and law enforcement to effectively combat domestic abuse. Show Notes: Apple Support: How Safety Check on iPhone works to keep you safe -  https://support.apple.com/guide/personal-safety/how-safety-check-works-ips2aad835e1/web IBM: Five Technology Design Principles to Combat Domestic Abuse - https://www.ibm.com/policy/five-technology-design-principles-to-combat-domestic-abuse/ EFF: Today The UK Parliament Undermined The Privacy, Security, And Freedom Of All Internet Users - https://www.eff.org/deeplinks/2023/09/today-uk-parliament-undermined-privacy-security-and-freedom-all-internet-users Wesley Mission: More support to help escape family violence - https://www.wesleymission.org.au/about-us/what-we-do/helping-people-most-in-need/housing-and-accommodation/wesley-emergency-relief/more-support-to-help-escape-family-violence/ Refuge: How we can help you - https://refuge.org.uk/i-need-help-now/how-we-can-help-you/ Electronic Frontier Foundation - https://www.eff.org/

Si and Desi interview Lee Reiber, CEO of Oxygen Forensics. Lee provides an overview of Oxygen's tools for extracting data from mobile devices, cloud services, and computers to aid digital investigations. He talks about Oxygen's training program that is now included with their software to train examiners to become skilled investigators. Lee also shares insights on overcoming hurdles like encryption and multifactor authentication in mobile forensics. He stresses that there is always a way to get needed data from mobile devices. Lee additionally talks about the vetting process Oxygen uses to ensure their tools are used ethically and explains how Oxygen adapts quickly to help law enforcement with urgent cases.

Join Desi and Si as they chat with Rob Fried, a digital forensics expert, author, and licensed private investigator. In this episode, Rob discusses the upcoming 2023 E-Crime Symposium: Cutting Edge Topics in Digital Forensics, taking place virtually on 31st October 2023. The symposium will feature keynote talks and panel discussions exploring e-crimes and criminal investigations. Topics include Mobile Device Investigations, Cryptocurrency Investigations, and Forensic Fundamentals in Innovation. Rob also discusses his background, career, and passion for writing and sharing knowledge in the forensics field. He talks about the value of collaboration and giving back through events like the symposium and authoring books for students and practitioners. Show Notes: 2023 E-Crime Symposium: Cutting Edge Topics In Digital Forensics - https://www.eventbrite.com/e/2023-e-crime-symposium-cutting-edge-topics-in-digital-forensics-tickets-698455237417?aff=oddtdtcreator Rob Fried's website - https://forensicsbyfried.com PI Magazine - https://pimagazine.com    

Ryan joins Si and Desi to discuss his research into SS7 hacking and cell phone tracking. As someone passionate about radio technology, Ryan became interested in cell networking and eventually discovered he could intercept calls and texts by building fake cell towers. He learned that phone users have virtually no ability to opt out of their locations and identifiers being commercially available via simple API calls. Ryan hopes to put this knowledge to good use by developing a system to warn domestic abuse shelters if an offender's phone is near by tracking SS7 data. During the technical discussion, Ryan demonstrates querying an API with his own phone number to retrieve subscriber data and location. The hosts consider how individuals could possibly protect themselves from SS7 exploits, such as avoiding SMS authentication. They also discuss Ryan's other projects exploring radio hacking tools and a magazine shining light on digital counterculture topics.