I met Chet Hosmer at DFRWS in Providence, Rhode Island, earlier this year. Over lunch I explained my upcoming digital forensics book to him, and he was very supportive. When I arrived back in England a copy of one of his books was waiting for me, along with an encouraging note.
Well, the DFIR book project has taken a backseat over the last few months due to me taking on a new psychology of religion research project, but maybe it’ll come back. In the meantime I thought I’d take a look at Chet’s book and write a quick review of it. (more…)
The hottest topic in digital forensics at the moment, standardisation is on the tip of everyone’s tongues. Following various think pieces on the subject and a plethora of meetings at conferences, I spoke to Angus Marshall about his latest paper and what he thinks the future holds for this area of the industry. You can find the interview here.
When I had a meeting with BlackBag a while ago, I was pleasantly surprised by how knowledgeable and enthusiastic the representatives seemed about their products. Not only were they open to showing me all sorts of things the tools could do, they also knew the back stories to how they were created, and why they’re necessary for the field.
So when I got the chance to review the latest version of BlackLight, I decided to go for it. (more…)
In one of my day jobs, I edit Forensic Focus, which includes writing articles, interviewing key industry figures, and spending far too much of my life at conferences.
Recently I’ve interviewed a few people about their areas of forensic expertise, so I thought I’d share them here in case you missed them. (more…)
Those of you who know about my work in digital forensics will probably be aware that I got into the field because I’m very passionate about child protection, so anyone who champions that cause is someone I’m probably going to like. Magnet Forensics has been doing this for years, but recently I became aware of Griffeye, whom I somehow hadn’t heard of before.
A while ago they asked me to review their Analyze DI Pro solution as part of my work over at Forensic Focus, so I did. (more…)
Controversy has been raging around ISO 17025 ever since the standard was adopted for digital forensics back in October 2017. Although many people who work in the industry agree that standardisation is advisable and probably necessary if we are to keep moving forward, there have been many criticisms of ISO 17025 and its effectiveness when it comes to digital forensics.
The baseline of the problem seems to be that ISO 17025 was not specifically designed for digital forensics; instead, it takes the standards of ‘wet’ or traditional forensics and applies them to computing devices. This has a number of issues, not least the fact that technological advances are constantly happening; in a field where most large apps are being updated a couple of times per month as a minimum, it becomes very difficult to properly standardise tools and methodologies.
Another concern for many people is the cost associated with accrediting a lab and keeping up with ISO 17025. Reports of accreditation costing in excess of £50,000 have made some practitioners nervous about applying.
Read the full article on Forensic Focus
A few weeks ago I met up with a representative from BlackBag Technologies in a Breather room in London. He showed me how MacQuisition works and talked me through some of its capabilities.
Then I flew off to various conferences around Europe and the USA, and I finally got back last week so I have posted my review of the product. You can find it on Forensic Focus.
Also, sorry for the lack of posts recently. I’m trying to do about a million things but it’s 35 degrees in London today and they’re predicting it’ll reach 37 on Friday. I cannot brain in this heat.
SQLite forensics is an important part of many digital forensic investigations. Most smartphones and computer operating systems use SQLite, with each device often including hundreds of databases. Despite this extreme proliferation, SQLite forensics is often overlooked in conversations about current trends in digital forensics. Paul Sanderson’s book attempts to redress the balance and bring attention to the importance of SQLite forensics. (more…)
Mobile forensics is a growing subsection of digital forensic investigation. With the proliferation of devices, applications and operating systems available nowadays, it’s increasingly becoming a vital and complex field. The skillset needed to accurately acquire evidence from mobile devices may seem dauntingly wide-ranging, especially when so many of us are dealing with backlogs in the first place. How are we supposed to keep up to date with this ever-evolving challenge?
Luckily we have books like this to help us out. (more…)
Flashpoint, a business intelligence agency specialising in the deep and dark web, recently published a report on the economy of criminal networks online. The report looks not only at where criminals go to communicate on the internet, but also how their communications are structured, and the ways in which online communication has changed the criminal landscape.
Far from the kind of jack-of-all-trades portrayed in TV dramas, today’s cybercriminals structure their operations much like a business, each person having their own specialisms and reporting to the people above them. This helps to ensure that every member of the network takes on tasks that don’t overwhelm them, and often also ensures that the level of communication is kept to a minimum. Each party is only in contact with the level directly above, thus decreasing the likelihood of breaking up the entire network if a single individual’s identity is uncovered by law enforcement.
Read the full article on ForensicFocus
From the 6th-8th of December 2016, AccessData ran a Windows course in a training centre overlooking Trafalgar Square in London, UK. The aim of the course was to familiarise forensic investigators with the Windows operating system and give an in-depth understanding of its potential for analysis in digital forensic investigations.
The other day I interviewed John Patzakis, Executive Chairman at X1 Discovery, about an article he’s written about a new amendment to Federal Rule of Evidence 902.
Subsection (14) will come into play this December, and will mean that all electronic data will be required to be “self-authenticating”.