This document discusses reasons for disliking digital forensics and identifies areas for improvement. It begins by introducing the author's background and motivation. The document then examines issues with naming conventions, tools/practices, standards/definitions, training/certification, and subfields. Key problems highlighted include a lack of standardization, compatibility issues between tools, outdated mindsets, and insufficient computing foundations in training. The author advocates treating digital forensics as an engineering science and applying best computing practices. Overall, the document critically analyzes challenges currently facing the field and questions how these issues may impact the future if not addressed.
Draft current state of digital forensic and data science Damir Delija
In this presentation we will introduce current state of digital forensics, its positioning in general IT security and relations with data science and data analyses. Many strong links exist among this technical and scientific fields, usually this links are not taken into consideration. For data owners, forensic researchers and investigators this connections and data views presents additional hidden values.
Digital forensics research: The next 10 yearsMehedi Hasan
Today’s Golden Age of computer forensics is quickly coming to an end. Without a clear strategy for enabling research efforts that build upon one another, forensic research will fall behind the market, tools will become increasingly obsolete, and law enforcement, military and other users of computer forensics products will be unable to rely on the results of forensic analysis. This article summarizes current forensic research directions and argues that to move forward the community needs to adopt standardized, modular approaches for data representation and forensic processing.
@2010 Digital Forensic Research Workshop. Published by Elsevier Ltd. All rights reserved
Digital forensics is a branch of forensic science encompassing the recovery and investigation of material found in digital devices, often in relation to computer crime. A Pilot study on methodology and complexity of digital forensics and how digital forensics can be applied in a live environment without the loss or spoilage of valuable data and evidence.
Forensic science is a scientific method of gathering and examining information about the past which is then used in the court of law. Digital Forensics is the use of scientifically derived and proven methods toward the preservation, collection, validation, identification, analysis, interpretation, documentation, and presentation of digital evidence derived from digital devices for the purpose of facilitation or furthering the reconstruction of events found to be criminal, or helping to anticipate unauthorized actions shown to be disruptive to planned operations.
Draft current state of digital forensic and data science Damir Delija
In this presentation we will introduce current state of digital forensics, its positioning in general IT security and relations with data science and data analyses. Many strong links exist among this technical and scientific fields, usually this links are not taken into consideration. For data owners, forensic researchers and investigators this connections and data views presents additional hidden values.
Digital forensics research: The next 10 yearsMehedi Hasan
Today’s Golden Age of computer forensics is quickly coming to an end. Without a clear strategy for enabling research efforts that build upon one another, forensic research will fall behind the market, tools will become increasingly obsolete, and law enforcement, military and other users of computer forensics products will be unable to rely on the results of forensic analysis. This article summarizes current forensic research directions and argues that to move forward the community needs to adopt standardized, modular approaches for data representation and forensic processing.
@2010 Digital Forensic Research Workshop. Published by Elsevier Ltd. All rights reserved
Digital forensics is a branch of forensic science encompassing the recovery and investigation of material found in digital devices, often in relation to computer crime. A Pilot study on methodology and complexity of digital forensics and how digital forensics can be applied in a live environment without the loss or spoilage of valuable data and evidence.
Forensic science is a scientific method of gathering and examining information about the past which is then used in the court of law. Digital Forensics is the use of scientifically derived and proven methods toward the preservation, collection, validation, identification, analysis, interpretation, documentation, and presentation of digital evidence derived from digital devices for the purpose of facilitation or furthering the reconstruction of events found to be criminal, or helping to anticipate unauthorized actions shown to be disruptive to planned operations.
Computer forensics is a very important branch of computer science in relation to computer and Internet related crimes. Earlier, computers were only used to produce data but now it has expanded to all devices related to digital data. The goal of Computer forensics is to perform crime investigations by using evidence from digital data to find who was the responsible for that particular crime.
For better research and investigation, developers have created many computer forensics tools. Police departments and investigation agencies select the tools based on various factors including budget and available experts on the team.
An Introduction to Computer Forensics Field ... Some Information's about the Field .. Some Demos ... How to be a Forensic expert ... Forensics Steps .... Dark Side of Forensics .... and lot more great Information's .....
This is a draft presentation of the 2nd video of the course "Digital forensics with Kali Linux" published by Packt Publishing in May 2017: https://www.packtpub.com/networking-and-servers/digital-forensics-kali-linux
In this presentation, we introduce digital forensics and cover the fundamental concepts that should be learned to fully understand the hands-on part of the course. The first part of the video gives a definition of what digital forensics is, explains which application areas it has and the various sub-branches in which is divided.
The second part covers the different steps of digital forensics: assessment, acquisition, analysis and reporting.
Next, the video explains important concepts like Locard’s principle, order of volatility and chain of custody.
Finally, there is a comparison between commercial and open source tools.
As our digital records are likely to be cyber-breached several times and/or we all have to deal with legal proceedings, learn how to use digital forensics experts efficiently.
[❤PDF❤] The Basics of Digital Forensics The Primer for Getting Started in Dig...AngelinaJacobs2
The Basics of Digital Forensics provides a foundation for people new to the digital forensics field. This book teaches you how to conduct examinations by discussing what digital forensics is, the methodologies used, key tactical concepts, and the tools needed to perform examinations. Details on digital forensics for computers, networks, cell phones, GPS, the cloud and the Internet are discussed. Also, learn how to collect evidence, document the scene, and how deleted data can be recovered. The new Second Edition of this book provides you with completely up to date real world examples and all the key technologies used in digital forensics, as well as new coverage of network intrusion response, how hard drives are organized, and electronic discovery. You'll also learn how to incorporate quality assurance into an investigation, how to prioritize evidence items to examine (triage), case processing, and what goes into making an expert witness. The Second Edition also features expanded resources and references, including online resources that keep you current, sample legal documents, and suggested further reading.Learn what Digital Forensics entailsBuild a toolkit and prepare an investigative planUnderstand the common artifacts to look for in an examSecond Edition features all new coverage of hard drives, triage, network intrusion response, and electronic discovery; as well as updated case studies, expert interviews, and expanded resources and references
Towards Research-driven curricula for Law and Computer Science - Wyner and Pa...Adam Wyner
Slides presented at the British and Irish Law Education and Technology Association (BILETA) 2018 conference. The topic is how to integrate teaching of Law and Computer Science to forward Law and Technology research, development, and exploitation.
Computer forensics is a very important branch of computer science in relation to computer and Internet related crimes. Earlier, computers were only used to produce data but now it has expanded to all devices related to digital data. The goal of Computer forensics is to perform crime investigations by using evidence from digital data to find who was the responsible for that particular crime.
For better research and investigation, developers have created many computer forensics tools. Police departments and investigation agencies select the tools based on various factors including budget and available experts on the team.
An Introduction to Computer Forensics Field ... Some Information's about the Field .. Some Demos ... How to be a Forensic expert ... Forensics Steps .... Dark Side of Forensics .... and lot more great Information's .....
This is a draft presentation of the 2nd video of the course "Digital forensics with Kali Linux" published by Packt Publishing in May 2017: https://www.packtpub.com/networking-and-servers/digital-forensics-kali-linux
In this presentation, we introduce digital forensics and cover the fundamental concepts that should be learned to fully understand the hands-on part of the course. The first part of the video gives a definition of what digital forensics is, explains which application areas it has and the various sub-branches in which is divided.
The second part covers the different steps of digital forensics: assessment, acquisition, analysis and reporting.
Next, the video explains important concepts like Locard’s principle, order of volatility and chain of custody.
Finally, there is a comparison between commercial and open source tools.
As our digital records are likely to be cyber-breached several times and/or we all have to deal with legal proceedings, learn how to use digital forensics experts efficiently.
[❤PDF❤] The Basics of Digital Forensics The Primer for Getting Started in Dig...AngelinaJacobs2
The Basics of Digital Forensics provides a foundation for people new to the digital forensics field. This book teaches you how to conduct examinations by discussing what digital forensics is, the methodologies used, key tactical concepts, and the tools needed to perform examinations. Details on digital forensics for computers, networks, cell phones, GPS, the cloud and the Internet are discussed. Also, learn how to collect evidence, document the scene, and how deleted data can be recovered. The new Second Edition of this book provides you with completely up to date real world examples and all the key technologies used in digital forensics, as well as new coverage of network intrusion response, how hard drives are organized, and electronic discovery. You'll also learn how to incorporate quality assurance into an investigation, how to prioritize evidence items to examine (triage), case processing, and what goes into making an expert witness. The Second Edition also features expanded resources and references, including online resources that keep you current, sample legal documents, and suggested further reading.Learn what Digital Forensics entailsBuild a toolkit and prepare an investigative planUnderstand the common artifacts to look for in an examSecond Edition features all new coverage of hard drives, triage, network intrusion response, and electronic discovery; as well as updated case studies, expert interviews, and expanded resources and references
Towards Research-driven curricula for Law and Computer Science - Wyner and Pa...Adam Wyner
Slides presented at the British and Irish Law Education and Technology Association (BILETA) 2018 conference. The topic is how to integrate teaching of Law and Computer Science to forward Law and Technology research, development, and exploitation.
Legal practice is all about information communication, use and management. The Digital Paradigm enables improved and efficient use of information systems to commoditise basic and repetitive advice common to many legal issues. Legal Expert Systems - a subset of Artificial Intelligence - provide further opportunities to develop advice giving processes and systems. This presentation will discuss how Legal Expert Systems can be deployed, how they can be created and their possible application beyond the law office and in the Court system, thus enhancing access to justice.
Bit by Bit: Effective Use of People, Processes and Computer Technology in the...Jack Pringle
A somewhat updated attempt to offer some practical tips for attorneys in managing technology, change management, process improvement, and many other buzzwords
Video here - https://www.youtube.com/watch?v=6fm_rzIL8gA
The Technology Committee of the Clinical Section continues its Webinar series on Tuesday with a webinar about CALS's A2J Author technology.
So you say you want to teach your students using experiential learning, expose them to technology worthy of modern law practice AND increase their awareness of the access to justice gap? With the Center for Computer-Assisted Legal Instruction’s (CALI) A2J Author, you can do this. A2J Author is a web-based tool that lets lawyers automate legal processes or court forms without having to learn to program. It has been used by legal aid and courts to automate over 1000 forms and processes and has been used by SRLs (self-representing litigants) over 3 1/2 million times ... and .... it's free for US law schools to use in their courses.
During the AALS Clinical Section Technology Committee’s upcoming Technology Tuesdays Webinar on March 14, from 4-5 p.m. EST, John Mayer, CALI's Executive Director will demo A2J Author and talk about how it has been used in legal education courses covering a variety of legal subject areas. A2J Author is also an ideal platform for rapid deployment of automation to assist in immigration and hackathon events. Come learn about CALI's best kept secret.
Keynote talk for VL/HCC 2018. I talk about why developers should care about privacy, what privacy is and why it is hard, some of our group's research in building better tools to help developers (in particular, Coconut IDE Plug-in and PrivacyStreams), and lastly some frameworks for thinking about privacy and developers.
How obedient digital twins and intelligent beings contribute to ethics and ex...Patrick Van Renterghem
Paul Valckenaers explains how intelligence is added to a corresponding reality without introducing limitations into a world-of-interest. The outcome is obedience: a conflict with an obedient digital twin is a conflict with its real-world counterpart. Illustrated by healthcare examples.
Uvođenje novih sadržaja u nastavu digitalne forenzike i kibernetičke sigurnos...Damir Delija
Sažetak - U ovom radu razmatramo načine kontinuiranog uvođenje novih sadržaja u predmete s područja kibernetičke sigurnosti. Kao primjer navodimo „Osnove računalne forenzike“ u koji se novi sadržaji uvode korištenjem studentskih praktičnih i teoretskih radova, ideje za radove predlažu studenti i predavači. Predloženi postupak se sastoji iz testiranja kroz studentski rad, te ugradnje rezultata u nastavne materijale. Da bi se studentski rad uspješno koristio mora zadovoljiti niz zahtjeva: prilagođenost stupnju znanja studenta i raspoloživoj opremi, raspoloživost alata i sustava, jednostavna implementacija i prenosivost, upotreba alata otvorenog koda i slobodnih alata, te minimalna cijena.
Concepts and Methodology in Mobile Devices Digital Forensics Education and Tr...Damir Delija
One of draft versios of "Concepts and Methodology in Mobile Devices Digital Forensics Education and Training",
Abstract - This paper presents various issues in digital forensics of mobile devices and how to address these issues in the related education and training process. Mobile devices forensics is a new, very fast developing field which lacks standardization, compatibility, tools, methods and skills. All this drawbacks have impact on the results of forensic process and also have deep influence in training and education process. In this paper real life experience in training is presented, with tools, devices, procedures and organization with purpose to improve process of mobile devices forensics and mobile forensic training and education
A Strategic Approach: GenAI in EducationPeter Windle
Artificial Intelligence (AI) technologies such as Generative AI, Image Generators and Large Language Models have had a dramatic impact on teaching, learning and assessment over the past 18 months. The most immediate threat AI posed was to Academic Integrity with Higher Education Institutes (HEIs) focusing their efforts on combating the use of GenAI in assessment. Guidelines were developed for staff and students, policies put in place too. Innovative educators have forged paths in the use of Generative AI for teaching, learning and assessments leading to pockets of transformation springing up across HEIs, often with little or no top-down guidance, support or direction.
This Gasta posits a strategic approach to integrating AI into HEIs to prepare staff, students and the curriculum for an evolving world and workplace. We will highlight the advantages of working with these technologies beyond the realm of teaching, learning and assessment by considering prompt engineering skills, industry impact, curriculum changes, and the need for staff upskilling. In contrast, not engaging strategically with Generative AI poses risks, including falling behind peers, missed opportunities and failing to ensure our graduates remain employable. The rapid evolution of AI technologies necessitates a proactive and strategic approach if we are to remain relevant.
Honest Reviews of Tim Han LMA Course Program.pptxtimhan337
Personal development courses are widely available today, with each one promising life-changing outcomes. Tim Han’s Life Mastery Achievers (LMA) Course has drawn a lot of interest. In addition to offering my frank assessment of Success Insider’s LMA Course, this piece examines the course’s effects via a variety of Tim Han LMA course reviews and Success Insider comments.
Biological screening of herbal drugs: Introduction and Need for
Phyto-Pharmacological Screening, New Strategies for evaluating
Natural Products, In vitro evaluation techniques for Antioxidants, Antimicrobial and Anticancer drugs. In vivo evaluation techniques
for Anti-inflammatory, Antiulcer, Anticancer, Wound healing, Antidiabetic, Hepatoprotective, Cardio protective, Diuretics and
Antifertility, Toxicity studies as per OECD guidelines
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...Levi Shapiro
Letter from the Congress of the United States regarding Anti-Semitism sent June 3rd to MIT President Sally Kornbluth, MIT Corp Chair, Mark Gorenberg
Dear Dr. Kornbluth and Mr. Gorenberg,
The US House of Representatives is deeply concerned by ongoing and pervasive acts of antisemitic
harassment and intimidation at the Massachusetts Institute of Technology (MIT). Failing to act decisively to ensure a safe learning environment for all students would be a grave dereliction of your responsibilities as President of MIT and Chair of the MIT Corporation.
This Congress will not stand idly by and allow an environment hostile to Jewish students to persist. The House believes that your institution is in violation of Title VI of the Civil Rights Act, and the inability or
unwillingness to rectify this violation through action requires accountability.
Postsecondary education is a unique opportunity for students to learn and have their ideas and beliefs challenged. However, universities receiving hundreds of millions of federal funds annually have denied
students that opportunity and have been hijacked to become venues for the promotion of terrorism, antisemitic harassment and intimidation, unlawful encampments, and in some cases, assaults and riots.
The House of Representatives will not countenance the use of federal funds to indoctrinate students into hateful, antisemitic, anti-American supporters of terrorism. Investigations into campus antisemitism by the Committee on Education and the Workforce and the Committee on Ways and Means have been expanded into a Congress-wide probe across all relevant jurisdictions to address this national crisis. The undersigned Committees will conduct oversight into the use of federal funds at MIT and its learning environment under authorities granted to each Committee.
• The Committee on Education and the Workforce has been investigating your institution since December 7, 2023. The Committee has broad jurisdiction over postsecondary education, including its compliance with Title VI of the Civil Rights Act, campus safety concerns over disruptions to the learning environment, and the awarding of federal student aid under the Higher Education Act.
• The Committee on Oversight and Accountability is investigating the sources of funding and other support flowing to groups espousing pro-Hamas propaganda and engaged in antisemitic harassment and intimidation of students. The Committee on Oversight and Accountability is the principal oversight committee of the US House of Representatives and has broad authority to investigate “any matter” at “any time” under House Rule X.
• The Committee on Ways and Means has been investigating several universities since November 15, 2023, when the Committee held a hearing entitled From Ivory Towers to Dark Corners: Investigating the Nexus Between Antisemitism, Tax-Exempt Universities, and Terror Financing. The Committee followed the hearing with letters to those institutions on January 10, 202
The French Revolution, which began in 1789, was a period of radical social and political upheaval in France. It marked the decline of absolute monarchies, the rise of secular and democratic republics, and the eventual rise of Napoleon Bonaparte. This revolutionary period is crucial in understanding the transition from feudalism to modernity in Europe.
For more information, visit-www.vavaclasses.com
Operation “Blue Star” is the only event in the history of Independent India where the state went into war with its own people. Even after about 40 years it is not clear if it was culmination of states anger over people of the region, a political game of power or start of dictatorial chapter in the democratic setup.
The people of Punjab felt alienated from main stream due to denial of their just demands during a long democratic struggle since independence. As it happen all over the word, it led to militant struggle with great loss of lives of military, police and civilian personnel. Killing of Indira Gandhi and massacre of innocent Sikhs in Delhi and other India cities was also associated with this movement.
Palestine last event orientationfvgnh .pptxRaedMohamed3
An EFL lesson about the current events in Palestine. It is intended to be for intermediate students who wish to increase their listening skills through a short lesson in power point.
Embracing GenAI - A Strategic ImperativePeter Windle
Artificial Intelligence (AI) technologies such as Generative AI, Image Generators and Large Language Models have had a dramatic impact on teaching, learning and assessment over the past 18 months. The most immediate threat AI posed was to Academic Integrity with Higher Education Institutes (HEIs) focusing their efforts on combating the use of GenAI in assessment. Guidelines were developed for staff and students, policies put in place too. Innovative educators have forged paths in the use of Generative AI for teaching, learning and assessments leading to pockets of transformation springing up across HEIs, often with little or no top-down guidance, support or direction.
This Gasta posits a strategic approach to integrating AI into HEIs to prepare staff, students and the curriculum for an evolving world and workplace. We will highlight the advantages of working with these technologies beyond the realm of teaching, learning and assessment by considering prompt engineering skills, industry impact, curriculum changes, and the need for staff upskilling. In contrast, not engaging strategically with Generative AI poses risks, including falling behind peers, missed opportunities and failing to ensure our graduates remain employable. The rapid evolution of AI technologies necessitates a proactive and strategic approach if we are to remain relevant.
2. A few reasons for the title
• Proposal for lecture arrived just after I finally get my long overdue vacation …
• Since 2008 I have experience with digital forensics a lot of things that annoy
me and makes me think about …
• Just finished one EnCase v7 training and one Linux and Mobile training too,
that puts me in the mood, since I’m an old grumpy unix sysadmin
• I’d like to put up some thoughts and maybe it will start some process about
fixing it …
Sources
• all around from Internet
• NIST
• SANS
• Porcupine web site
2
3. Lets start - what to talk about
It will be about digital forensics and:
• naming - real name has power, remember Lord of the Rings
• its tools and practices,
• its community,
• practitioners,
• standards and definitions,
• trainings, certificates, curriculums
• people using its results,
• subfields,
• relations with other computing science fields
• ideas of future would looks
• my oppinion
3
4. Forensics definitions
• Forensics is “The application of scientific knowledge to legal problems"
(Merriam-Webster)
• Includes forensic medicine, physics, chemistry, dentistry, fingerprints, DNA,
firearm analysis, accounting, ....
• Forensic sciences widely tied to Locard's Exchange Principle "Every contact
leaves a trace" (Prof. Edmond Locard, c. 1910)
• This is from my favorite source:
• Is Mobile Device Forensics Really "Forensics"?, NIST Mobile Forensics Workshop,
Gaithersburg, June 2014, Gary C. Kessler
4
5. Naming – techie side
The term itself, name, what is correct?
• We have evolution since beginning, comes from debugging …
• Forensic Computing:
• V.Venema, D.Farmer late 1990’s: „Gathering and analyzing data in a manner as
free from distortion or bias as possible to reconstruct data or what has happened
in the past on a system.” this is also SANS definiton
• Digital forensics and Computer forensics (Wikipedia /technical):
• Computer forensics, sometimes known as computer forensic science is a branch
of digital forensic science pertaining to evidence found in computers and digital
storage media. The goal of computer forensics is to examine digital media in a
forensically sound manner with the aim of identifying, preserving, recovering,
analyzing and presenting facts and opinions about the digital information.
• Cyber forensics
• new buzzword or extension into cybernetics in a sense as N. Weiner define
cybernetics or into something more like S. Lem ideas ?
• just read “Tragedy of washing machines” or “Invincible” and think about Internet
of things
5
6. Naming – legal side
• Comes from usage in legal process
• combination of concept of digital evidence and forensic computing gives
current legal definition
• Digital evidence or electronic evidence is any probative information
stored or transmitted in digital form that a party to a court case may use
at trial.
• Judd Robbins: Computer Forensics is simply the application of computer
investigation and analysis techniques in the interest of determining
potential legal (digital) evidence
6
7. Definitions - topics to think about
• Digital forensics is an engineering science, which is again part of a
computer science
• The profession of digital forensics requires continued education,
training, and practice
• Two communities:
• computing science
• law enforcement / legal
• Some discrepancies and rough interfaces because of different
definitions, meanings, terms
• Important concepts like case, evidence etc. comes from law
enforcement but lacks in technical implementations
7
8. Standards and definitions
• Standard exists?
• In theoretical sense yes, but:
• Are tools, data formats, procedures
standardized? NO
• Different legal system has wide
implications
• Compatibility is nonexistent - more in
tools , just try to combine and
compare results from commercial
tools
• What about digital forensic language
which can describe tasks, procedures,
results, data?
• automatisation ?
• results comparation as automated
controls ?
8
9. Current standards and definitions are they correctly
understood?
• In theoretical sense yes, but:
• what about meaning of write-blocking procedures (holly grail almost) in
modern systems
• is it forensically acceptable or perfect?
• remeber what computer is now and what was than
• same for mobile, live acquisition, data analyses, etc.
• What about legal boundaries?
• Locard's “Exchange Principle“ works for Internet perfectly but data is not
available
• In that sense Internet is a big flat room but each spot has it custodian and
different rules
9
10. Relations with other computing science fields
• Because of fast development always something new, undefined,
unbaked
• Prime example mobile forensics
• Gary Kessler, Gary Kessler Associates, ”Is Mobile Device Forensics Actually
"Forensics“”?
• That is why I’m for “Forensic Computing” approach in general, but with
size of data we have to deal with, its more like data mining
• do we apply anything what was learned in data mining and data science to
practical digital forensics?
• since I mentioned “practice”, again more in tools
10
11. Tools and practices
• Tools – plenty
• Usual story about open / commercial and corporate policy
• Commercial
• mostly based on evolution of a tool someone from law enforcement
developed ages ago
• by law enforcement – for law enforcement
• Free
• development from good computing theory but lacking development pace
• mostly not for “law enforcement forensics” but for incident response and
analyses
• for engineer type of mind-set
11
12. Commercial tools
• Preferred in legal part / law enforcement (why?)
• What about reliability – a lot of talk about in legal
circles in EU
• Stephen Mason: challenges of international
investigations (search and seizure) and other trial
considerations (methods of presentation, admissibility
tests)
• Mostly based on evolution of a tool someone from law
enforcement developed ages ago for his usage
• In commercial constant development but a lot of
misfires
• Last story about encase v7 is perfect horror example,
many about others tools too ..
• Not well funded theory (better to say not taken into
account)
• Not best computing practices also taken into account
• Lack of standardization
• Physical evidence files are standardizes but nothing after
that
• Lack of cross compatibility
• Just try to combine mobile forensics tools
• Just try to use logical evidence files
• Very expensive and inflexible
• All bad choices of MS philosophy of computing
incorporated
• No chance of automatization or piping tools
• Scripting practically no existing
• Practically no UNIX platform in mainstream forensics
12
13. Free / open source tools and practices
• Again plenty of tools
• Usual story for open source
• Special commercial – free versions
• Some wonderful tools like FTKimager
• Free / test versions
• Venema, Farmer, Carrier developed good tools, but for mass usage
community knowledge and skills are missing
• Developed in sense as forensic science is extension of ordinary science
• You have to be very good in medicine to become forensic pathologist – this
is the same attitude for these tools and missing from ordinary curriculums
• Most recent python development very promising
• But I'll say in current state of mind we need “forensic python” which works
forensically sound on all supported OS platforms
13
14. Its community and practitioners
• Trainings, certificates, curriculums
• There is a lot but not well defined and profiled
• Computing and other basics (often) missing
• Some horrible side effects as “hexadecimal fetish” in training
• My opinion is that knowledge and skillset is needed,one which ages ago
described system programmer, with some modern add-ons
• Often no careere path
• Continuous learning is a problem too, because of organisationa issues,
• Some interesting initiatives like OLAF but again quality of materials and
tools are questionable
14
15. People using its results
• Again lack of understanding and different mindsets
• An classical communication problem among experts
• Some definitions are outdated
• What is forensically acceptable ?
• What is forensically correct today?
• When we are talking about computer as network of subsystems
• Write-blocking on disk which is a computer itself or SD disk
• Live forensics
• Mobile devices
• How to cooperate, how to trust, how to precisely define tasks and
results?
• Things get complicated because of mindset issues
• Computer is a bit untrusted
• Computer can’t do work alone
• Labs and communication chains are not set by common computing sense
15
16. Subfields
• Subfields – what are subfields?
• Can we even list subfields of digital forensics/cyberforensics ?
• Some subfields are not even clear what they are
• “mobile forensics” is perfect example
• starting with “what is mobile device ?”
• How a subfield can be defined?
• Skills and practices than …?
• Who defines new rules (theory sets one thing)?
• From engineers of law enforcement?
• Remember - it’s application of science in legally acceptable way
16
17. Future?
• Grim of glorious ?
• Here in Balkans its a grim ....
• World?
• All around the world a lot of glorious
opportunities?
• But IT security which forensics is part of, is in very
bad shape
• Just read reports and do some analyses
• In IT security we don't have technical problems but
organizational and management problems
• Something's sounds almost religious
• … Oh lord give us a security Messiah who’ll expel
evil from our corporate / governmental networks
and IT systems ...
• What about elementary hygiene and practices?
• Its attitude that should be changed!
17
18. Conclusion and Questions?
• Since IT penetration is unstoppable it should be safe and controlled
• Lets think about all this
• How we can help to fix this issues?
• How this kindergarten type of problems will influence future?
18