Forensic Focus

Join Si and Desi for another episode of the Forensic Focus Podcast. This week, they discuss the lack of transparency and potential misrepresentation in the cybersecurity industry, particularly regarding the use of open-source tools by companies and the questionable interpretation of data and statistics in marketing and advertising. The conversation also delves into the implications of relying on computer systems and algorithms to make important decisions, such as in the case of the Post Office scandal in the UK and the Centrelink repayment debacle in Australia. They emphasize the importance of human oversight, critical thinking, and considering the human impact of such decisions, rather than blindly trusting the outputs of computer systems. 00:00 – The state of the digital forensics industry 02:30 – Desi’s talk at BSides Brisbane 05:30 – Sweaty Cyber Advice and Strongman 09:40 – Companies integrating open source software 23:00 – Advertising, statistics and logical fallacies 28:00 – The Post Office scandal and computer accountability 49:00 – Security, compliance and regulations 56:00 – Closing thoughts Show Notes Hardly Adequate YouTube - https://www.youtube.com/@hardlyadequate Oxfordshire’s Strongman & Strongwoman - https:\oxfordshire.rocks\ CPS, Computer Records Evidence - https://www.cps.gov.uk/legal-guidance/computer-records-evidence Your Logical Fallacyis - https://yourlogicalfallacyis.com/ British Post Office Scandal - https://en.wikipedia.org/wiki/British_Post_Office_scandal The Guardian, Robodebt Scandal - https://www.theguardian.com/australia-news/2023/mar/11/robodebt-five-years-of-lies-mistakes-and-failures-that-caused-a-18bn-scandal Tyler Vigen, Spurious Correlations - http://www.tylervigen.com/spurious-correlations Forensic Focus Discord - https://discord.gg/97zKvTXHeS

Sophie Powell joins Si and Desi on the Forensic Focus Podcast to discuss various topics including her recent participation in a TryHackMe webinar, the challenges of applying for graduate schemes, and the relevance of the Cyber 9/12 competition to her career in cybersecurity. They also touch on the psychology of conspiracy theories and the implications of deepfake technology. 00:00 – Welcome to the podcast 03:00 – Sweaty Cyber Advice 03:55 – Fitness and forensics 07:00 – Mental health and mindfulness 09:10 – Gamified assessments 17:00 – Video recorded self-assessments 20:10 – Filtering candidates to fill roles 24:25 – Graduate schemes versus graduate jobs 27:40 – Apprenticeships and student loans 33:40 – Starting out on a graduate scheme 37:35 – UK Cyber 9/12 Strategy Challenge 43:55 – Dangers of deepfakes 51:10 – Conspiracy theories and computer psychology 54:40 – Closing thoughts Show Notes Hardly Adequate - https://hardlyadequate.com Try Hack Me - https://tryhackme.com/ UK Cyber 9/12 Strategy Challenge - https://www.ukcyber912.co.uk/

Chris Doman, Co-Founder of Cado Security, joins the Forensic Focus podcast to discuss cloud forensics and incident response. Cado Security provides cloud-based software for collecting and analyzing forensic evidence in cloud environments. Chris discusses the challenges of cloud forensics, such as the constantly changing nature of cloud environments and the need to standardize and normalize data from different sources. Cado Security is working on partnerships with cloud and EDR vendors, as well as IR providers, and is planning to release new features related to SaaS and email compromise investigations. 00:00 – Introducing Chris Doman from Cado Security 03:00 – Starting and growing Cado Security 05:45 – Cado Community 06:30 – Cloud forensics tools 10:40 – Collecting, processing and presenting data 12:00 – Advantages of cloud to cloud 13:50 – Audit logs 16:00 – Automation 20:30 – Training and investigation support 28:00 – Release cycle and managing updates 30:30 – Roadmap 40:30 – Chain of custody 43:00 – Encryption and storage 43:30 – Cado Security at events

Alan Platt, Professional Services Consultant at MSAB, discusses his experience as a former UK police officer working in digital forensics. He talks about the different levels of digital forensics capabilities within police forces and how MSAB products like XAMN and XEC Director are used by frontline officers versus lab analysts. The discussion covers how MSAB partners with law enforcement to develop custom workflows for mobile device acquisitions that facilitate ISO compliance. Alan explains MSAB's managed service offering, where approved MSAB staff can remotely access a customer's XEC Director server to assist with software updates and troubleshooting. He emphasizes the strict data segregation policies enforced by customers to prevent MSAB from accessing any sensitive case data. Looking ahead, Alan mentions MSAB's new CEO and hints at some exciting developments coming down the pipeline. He spotlights recent enhancements to XEC Director's speed and database functionality for managing large estates of networked Kiosks. Alan also plugs the new XEC Director training he created to help users fully leverage the platform's capabilities. 00:00 – Introduction to Alan Platt 07:00 – Training 12:00 – Workflows 17:20 – Ensuring a secure environment 19:45 – Customer training 20:35 – Helping customers comply with ISO accreditation 25:00 – Validation and verification 27:30 – ISO standards 30:00 – MSAB’s pipeline plans 32:40 – XEC Director 43:45 – Privacy of user data

Nick Harvey, a former Detective Inspector in the Metropolitan Police, discusses his transition from law enforcement to his current role as a Customer Success Manager at Cellebrite. He describes his experience in tackling county lines, a form of organized crime in the UK where drug dealers set up operations in smaller towns and cities to expand their business. He also discusses the role of mobile phones in criminal investigations and how data-driven approaches can expedite the justice process. Nick goes on to highlight the challenges of explaining digital evidence to judges and juries and the potential impact of artificial intelligence in forensic investigations. He also emphasizes the importance of communication between digital forensics units and investigators and the need for tools that can handle large data sets and provide actionable insights. Nick shares his thoughts on the impact of regulations on forensic processes and the need for a balance between oversight and efficiency. He concludes by advising investigators to be open to new approaches and to focus on the objectives of their investigations. 00:00 – Introduction to Nick Harvey, Customer Success Manager at Cellebrite 02:40 – Data driven approach to tackling county lines crimes 07:50 – Changing landscape of mobile forensics 11:45 – Operation Venetic and EncroChat crime 15:20 – Ensuring admissibility of evidence 19:50 – Machine learning in crimes and crime detection 24:00 – Machine learning in Cellebrite’s tools 27:10 – Working at Cellebrite 31:30 – Managing large volumes of data 34:40 – Training tool users and empowering investigators to get the most from data 36:00 – Regulations and compliance frameworks 39:55 – Advice for digital investigators

Subscribe to the Forensic Focus Podcast: https://www.forensicfocus.com/podcast/ Keith Lockhart, Vice President of Training at Oxygen Forensics, discusses the evolution of training in the digital forensics industry. He highlights the shift towards online training and the use of technology to deliver courses remotely. He also mentions the importance of gathering feedback from customers and adapting training programs to meet their needs. Oxygen Forensics is focused on providing a range of training options, including on-demand content and hands-on training with shipped devices. Additionally, Keith discusses the company's new technologies, Oxygen Corporate Explorer (OCE) and Oxygen Analytic Center (OAC), which offer collaborative review and data collection capabilities.  00:00 - Keith Lockhart’s career  06:45 – Educational background 09:15 – Technical knowledge and software development 14:55 – Transitioning to a training role 20:05 – Sharing knowledge and presenting evidence in court 24:15 – Products and training from Oxygen Forensics 34:00 – Receiving customer feedback 35:30 – Online versus in-person conferences and training 38:10 – Providing training and tools in different languages 41:00 – Oxygen Forensic Certifications 44:10 – Oxygen Forensics’ focus for 2024

Si interviews Monica Harris from Cellebrite about new products and developments in the field of digital forensics. They talk about the importance of staying connected to the community and understanding their needs. Cellebrite has recently launched several new products, including Endpoint Mobile Now, a SaaS solution for the patent pending remote collection of targeted data on iOS and Android devices. Another new product is Mobile Ultra, a mobile forensics solution that provides access to mobile data on a wide range of iOS and Android devices. Cellebrite aims to develop technology that meets the needs of their customers and provides solutions for the challenges they face in digital forensics. 00:00 – Introduction to Monica Harris and Cellebrite 03:20 – New Cellebrite products and upgrades 05:40 – Cellebrite Endpoint Mobile Now 12:00 – Storage, privacy and ownership of acquired data 13:30 – Bandwidth requirements 15:00 – Targeting specific data 18:45 – Cellebrite Mobile Ultra 22:15 – Cloud collection platforms 26:10 – Collecting data from the cloud 27:05 – Screen share and capture capabilities 29:15 – What’s coming up for Cellebrite? 32:10 – AI and machine learning 36:40 – Final thoughts and invitation to get in touch

Si and Desi interview Rich Frawley from ADF Solutions. They discuss the use of screenshots and screen recording in mobile device investigations. Screenshots and screen recordings can be used to capture evidence that may not be available through logical acquisitions, allowing investigators to add valuable information to their cases. Rich also discusses the limitations of screenshots and screen recording, such as the inability to capture certain types of data or the risk of alerting the other party in a chat conversation. He emphasizes the importance of investigators knowing their cases and making informed decisions about the best methods to gather evidence. Rich also highlights the speed and efficiency of ADF Solutions' tools, which focus on triage and intelligence gathering rather than cracking devices. He mentions the company's training programs and the ability to generate reports and share data with other tools. The conversation touches on the future of mobile forensics, including wearables and emerging technologies like smart glasses.  

Si Biles interviews Sophie Powell, Professor Sarah Morris, and Rob Black about the Cyber 9/12 Strategy Challenge. The challenge is an opportunity for students to experience a simulated cyber crisis and provide advice to senior government decision-makers. The guests discuss the value of the competition in developing multidisciplinary skills and the importance of diversity and inclusion in the cybersecurity field. They encourage students to participate and emphasize the benefits of networking and learning from industry professionals. The guests also highlight the need for more outreach and support for women in cybersecurity at all levels of education, and the work of CyberWomen Groups C.I.C.. Show Notes: Event Recap: The CyberWomen Conference 2023 - https://www.forensicfocus.com/event-info/event-recap-the-cyberwomen-conference-2023/

Si and Desi are joined by Brittany and Ailsa from digital forensics software company ADF Solutions. They discuss how ADF is addressing key challenges for digital forensics practitioners, including handling the massive volumes of data from mobile devices and the cloud. The guests outline ADF's focus on developing their software as an easy-to-use onsite triage tool that can help quickly identify pertinent evidence. Key features include advanced handling of video files, AI-assisted classification of images, and new screen recording capabilities for mobile devices that allow suspects to safely share relevant data. The hosts and guests also explore ADF's ongoing research into areas like facial recognition, handling new device types like games consoles and smart watches, and identifying deepfake media. 00:00 – Introduction to Ailsa and Brittany 03:00 – The challenge of vast amounts of data 05:50 – Recovering data from Chromebooks 08:50 – Triaging using ADF tools 12:30 – Benefits of using ADF Solutions’ tools 15:50 – Limitations in types of apps 17:20 – Keeping up with technological advancements 19:15 – ADF customer base 21:00 - Artificial intelligence in classifying images 30:00 – ADF Solutions’ triaging kit 37:00 – Training with ADF 40:00 – Target user 44:50 – Roadmap of future devices to examine 51:30 – Main focus for ADF Solutions going forwards Show Notes: AI-generated CSAM article on Sky News - https://news.sky.com/story/thousands-of-ai-generated-child-abuse-images-being-shared-online-research-finds-12991727

Si and Desi interview Emi Polito from Amped about how to become an Amped FIVE Certified Examiner (AFCE). They discuss the exam requirements and format, as well as Amped’s future plans. Emi explains that the certification is aimed at demonstrating competency with the Amped FIVE video analysis software after completing training. The exam consists of multiple choice questions on theory and practical exercises using the software. Emi talks about the online exam format and process for passing or failing. Emi also discusses the broader challenges many organizations face with validation and accreditation. He emphasizes Amped's commitment to developing tools that facilitate that process. The hosts reflect on the confusing accreditation landscape and Amped’s passion for improving training and certification in forensics. This episode provides an overview of Amped's new certification and perspective on challenges in the field of video forensics. Show Notes: Introducing The AFCE Certification (Amped FIVE Certified Examiner) - https://www.forensicfocus.com/news/introducing-the-afce-certification-amped-five-certified-examiner/ Video Evidence Principles With Amped Software - https://www.forensicfocus.com/podcast/video-evidence-principles-with-amped-software/ Digital Image Authenticity And Integrity With Amped Authenticate - https://www.forensicfocus.com/podcast/digital-image-authenticity-and-integrity-with-amped-authenticate/ File Analysis And DVR Conversion Training From Amped Software - https://www.forensicfocus.com/reviews/file-analysis-and-dvr-conversion-training-from-amped-software/ Amped FIVE Speed Estimation 2d Filter And Training From Amped Software - https://www.forensicfocus.com/reviews/amped-five-speed-estimation-2d-filter-and-training-from-amped-software/ Amped Software’s Martino Jerian on Key Challenges and Opportunities for Video Evidence - https://www.forensicfocus.com/podcast/amped-softwares-martino-jerian-on-key-challenges-and-opportunities-for-video-evidence/ LEVA 2023 Training Symposium - https://www.leva.org/ Forensic Collision Investigation & Reconstruction Ltd - https://www.fcir.co.uk/ Amped FIVE Certified Examiner - https://ampedsoftware.com/afce-certification Introducing the Amped FIVE Certification Program - https://blog.ampedsoftware.com/2023/10/04/introducing-the-amped-five-certification-program Amped Software YouTube - https://www.youtube.com/ampedsoftware How to Use the Validation Tool in Amped FIVE - https://blog.ampedsoftware.com/2023/03/29/how-to-use-the-validation-tool-in-amped-five  

Si and Desi talk to Gavin Prue and Selim Kang about their non-traditional paths into cybersecurity careers. They share their diverse educational backgrounds, from vocational college courses to returning to school later in life, and the hands-on training that helped prepare them for incident response roles. Gavin and Selim provide advice for aspiring cybersecurity professionals on the importance of networking, asking questions, having a positive attitude, and being willing to put in extra time learning new skills. They discuss the value of university degrees versus certifications, the pros and cons of accredited cybersecurity programs, and the need for continued education in this rapidly evolving field. Whether starting from scratch or changing careers, their stories demonstrate that resilience and motivation can overcome lack of formal qualifications.

Si and Desi talk to Eva Galperin, Director of Cybersecurity at the Electronic Frontier Foundation, and Emma Pickering, Head of Tech and Economic Abuse at Refuge. They discuss the impact of digital forensics and incident response (DFIR) in cases of domestic abuse. They highlight the prevalence of tech-enabled abuse, such as the use of stalkerware, and the need for comprehensive support and safety plans for survivors. They also talk about the challenges faced by law enforcement in investigating and prosecuting these cases, as well as the importance of training and awareness in addressing tech-enabled abuse. The conversation emphasizes the need for collaboration between organizations, tech developers, and law enforcement to effectively combat domestic abuse. Show Notes: Apple Support: How Safety Check on iPhone works to keep you safe -  https://support.apple.com/guide/personal-safety/how-safety-check-works-ips2aad835e1/web IBM: Five Technology Design Principles to Combat Domestic Abuse - https://www.ibm.com/policy/five-technology-design-principles-to-combat-domestic-abuse/ EFF: Today The UK Parliament Undermined The Privacy, Security, And Freedom Of All Internet Users - https://www.eff.org/deeplinks/2023/09/today-uk-parliament-undermined-privacy-security-and-freedom-all-internet-users Wesley Mission: More support to help escape family violence - https://www.wesleymission.org.au/about-us/what-we-do/helping-people-most-in-need/housing-and-accommodation/wesley-emergency-relief/more-support-to-help-escape-family-violence/ Refuge: How we can help you - https://refuge.org.uk/i-need-help-now/how-we-can-help-you/ Electronic Frontier Foundation - https://www.eff.org/

Si and Desi interview Lee Reiber, CEO of Oxygen Forensics. Lee provides an overview of Oxygen's tools for extracting data from mobile devices, cloud services, and computers to aid digital investigations. He talks about Oxygen's training program that is now included with their software to train examiners to become skilled investigators. Lee also shares insights on overcoming hurdles like encryption and multifactor authentication in mobile forensics. He stresses that there is always a way to get needed data from mobile devices. Lee additionally talks about the vetting process Oxygen uses to ensure their tools are used ethically and explains how Oxygen adapts quickly to help law enforcement with urgent cases.

Join Desi and Si as they chat with Rob Fried, a digital forensics expert, author, and licensed private investigator. In this episode, Rob discusses the upcoming 2023 E-Crime Symposium: Cutting Edge Topics in Digital Forensics, taking place virtually on 31st October 2023. The symposium will feature keynote talks and panel discussions exploring e-crimes and criminal investigations. Topics include Mobile Device Investigations, Cryptocurrency Investigations, and Forensic Fundamentals in Innovation. Rob also discusses his background, career, and passion for writing and sharing knowledge in the forensics field. He talks about the value of collaboration and giving back through events like the symposium and authoring books for students and practitioners. Show Notes: 2023 E-Crime Symposium: Cutting Edge Topics In Digital Forensics - https://www.eventbrite.com/e/2023-e-crime-symposium-cutting-edge-topics-in-digital-forensics-tickets-698455237417?aff=oddtdtcreator Rob Fried's website - https://forensicsbyfried.com PI Magazine - https://pimagazine.com    

Ryan joins Si and Desi to discuss his research into SS7 hacking and cell phone tracking. As someone passionate about radio technology, Ryan became interested in cell networking and eventually discovered he could intercept calls and texts by building fake cell towers. He learned that phone users have virtually no ability to opt out of their locations and identifiers being commercially available via simple API calls. Ryan hopes to put this knowledge to good use by developing a system to warn domestic abuse shelters if an offender's phone is near by tracking SS7 data. During the technical discussion, Ryan demonstrates querying an API with his own phone number to retrieve subscriber data and location. The hosts consider how individuals could possibly protect themselves from SS7 exploits, such as avoiding SMS authentication. They also discuss Ryan's other projects exploring radio hacking tools and a magazine shining light on digital counterculture topics. 

Si and Desi are joined by Professor Sarah Morris, Digital Forensics Academic and Practitioner, to talk about DFIR at Southampton University, and Sarah’s innovative approach to lecturing.  They explore a range of topics, from electronic storage detection using robots, to strength-testing Faraday bags. They also venture into the realm of forensics in unexpected places, like unravelling mysteries hidden within a washing machine. Plus, Sarah offers a rare insider's perspective on the biometrics and forensics ethics group, an advisory non-departmental public body sponsored by the Home Office.

Si is joined by Martino Jerian, CEO and Founder of Amped Software, and Eugene Liscio, 3D Forensic Analyst at ai2-3D. They discuss Martino’s recent presentation on video evidence principles to the European Parliament. Martino explains the difference between authenticity and integrity when it comes to video evidence, and explores the often necessary role of editing in producing a more accurate representation of reality, such as when correcting lens distortion. In this complex field, our guests emphasize the critical need for maintaining a precise, repeatable, and reproducible workflow, aligning with best practices and established guidelines. They also discuss how judges and juries can easily be mislead by expert witnesses, and the resultant importance of presenting technical information in an accurate but accessible way. Furthermore, for those curious about a career in video forensics, the trio provides practical insights into the qualifications, training, and experience that can guide you on this path. Show Notes: Video Evidence Principles: Presentation at the European Parliament - https://blog.ampedsoftware.com/2023/06/01/video-evidence-principles-presentation-at-the-european-parliament 3D Forensics | ai2-3D | Ontario - https://www.ai2-3d.com/ 3D Forensics YouTube - https://www.youtube.com/@3Dforensics Digital Image Authenticity And Integrity With Amped Authenticate - https://www.forensicfocus.com/podcast/digital-image-authenticity-and-integrity-with-amped-authenticate/ Amped Software’s Martino Jerian on Key Challenges and Opportunities for Video Evidence - https://www.forensicfocus.com/podcast/amped-softwares-martino-jerian-on-key-challenges-and-opportunities-for-video-evidence/ Amped Replay Explained: A Detective’s Review Of The Enhanced Video Player For Forensic Investigations - https://www.forensicfocus.com/reviews/amped-replay-explained-a-detectives-review-of-the-enhanced-video-player-for-forensic-investigations/ Amped FIVE Speed Estimation 2d Filter And Training From Amped Software - https://www.forensicfocus.com/reviews/amped-five-speed-estimation-2d-filter-and-training-from-amped-software/ File Analysis And DVR Conversion Training From Amped Software - https://www.forensicfocus.com/reviews/file-analysis-and-dvr-conversion-training-from-amped-software/ Liverpool John Moores University - https://www.ljmu.ac.uk/study/courses/postgraduates/2023/36596-audio-and-video-forensics-msc  

Si and Desi recap the European Interdisciplinary Cybersecurity Conference (EICC) 2023, which hosted a range of talks and discussions on fields related to cybersecurity.  Si highlights some of the talks he found most interesting, including those on the following topics:  Research conducted at the University of Kent on the prevalence of child sexual abuse material (CSAM) in the DarkWeb, including differences between English- and Chinese-language marketplaces Tracking vehicles and anonymising personal data in a way that still allows useful statistical analysis Conversion of malware binaries into visual images, allowing for the detection of malware families and programs by visual analysis Detecting device fingerprinting on iOS with API function hooking Age classification from images, including potential challenges, theoretical uses and current accuracy levels Machine learning and cybersecurity The duo also discuss what's coming next on the Forensic Focus podcast.  Show Notes:  European Interdisciplinary Cybersecurity Conference: https://www.fvv.um.si/eicc2023/ Proceedings of the 2023 European Interdisciplinary Cybersecurity Conference: https://dl.acm.org/doi/proceedings/10.1145/3590777 Conference program: https://www.fvv.um.si/eicc2023/static/docs/EICC2023_program.pdf Improving file-level fuzzy hashes for malware variant classification: https://www.sciencedirect.com/science/article/pii/S1742287619300283  

Si and Desi talk to Ryan Parthemore, Product Evangelist at Cellebrite, and Robert Fried, Senior Vice President and Global Head of Forensics Investigations at Sandline Solutions. They discuss best practices and compliance frameworks to ensure the admissibility of digital evidence at trial. They highlight the foundational principles of repeatability, reproducibility, and justifiability in the field of digital forensics. Drawing on their own real-life experiences, they emphasize the importance of defensible investigations and illustrate how proper methodologies can protect the chain of custody and ensure the reliability of the digital evidence.