When you google my name, you get some weird results. Case in point:
The reason my name comes up next to such unsavoury subjects is because I’m a digital forensic analyst and a cybercrime investigator. That means I come up against stuff like this all the time, and that I’m interested in current research in the field. The reason behind this particular result was a post I published recently on my other blog, talking about some research that’s just been conducted into different types of sexual offenders and their corresponding personality profiles.
Another thing I get to do as a forensicator is go to a load of conferences all around the world. Recent trips have included Amsterdam, Dublin and London, with Middlesbrough coming up this week. So far, so pedestrian. But at the end of May I’m heading to Myrtle Beach, South Carolina, to attend the Techno Security & Forensics Investigations Conference, which may not have the catchiest name but does have an interesting programme. I’m also sticking around for an extra few days at the end of the conference to do some networking, join the IEF User Summit and take in the local scenery. But what’s exciting me?
Is it the beaches?
The beautiful walk along the coastline from the conference venue to my hotel?
The fact that the place I’m staying has a free pool for guests?
What really excites me – the thing that had me practically jumping up and down in my seat when I read about it in full for the first time this morning – is the conference programme.
Yes, I am genuinely that much of a geek.
There’s so much cool stuff going on though! For example:
David Vargas from VATG is talking about Tor forensics and the Dark Web. Anonymous browsers are a forensic investigator’s nightmare, and were a big subject of discussion at DFRWS in Dublin a few weeks ago, so I’m excited to see what Vargas has to say about onion routing architecture. There will also be case studies of the FBI’s takedown of Eric Marques, a distributor of indecent images of children, and of Dread Pirate Roberts, the founder of Silk Road.
Jad Saliba, an excellent presenter and the founder of Magnet Forensics, will be looking at how investigators can overcome anti-forensics techniques and find the evidence that suspects have tried to hide. His talk will cover Tor (it’s getting obvious where my interests lie, isn’t it?), private browsing features, disc cleaners, Bitcoin, and covert webmail.
Jeff Spivey from Security Risk Management is going to talk about the darknet as well, with a look at the risks of darknet applications and just how anonymous darknet activity is. I’m actually also quite excited about the ‘Budget Friendly Forensics’ talk which is happening on the second day of the conference, because on the whole I’m a lone practitioner and that means budget requirements are strict, to say the least.
As a research psychologist in one of my other lives, the effects of the ever-evolving digital world on people’s minds fascinates me, especially “digital natives”, the new generation of teens who are growing up surrounded by internet-connected devices all the time. There’s a presentation at TSFIC about how this immersive use of technology actually changes the architecture of the brain, essentially “rewiring” the next generation of individuals (and therefore by extension the future of humanity). Fascinating.
One of the things we’ve been looking at as part of WePROTECT, a technology think tank and research group I’m part of, is how biometric identification techniques can aid child protection investigation enquiries. So I’m excited to see that this is going to be a subject of discussion on Monday afternoon at TSFIC, led by John Bradley from SiQuest.
Ryan Lynn will be preaching to the choir a little bit, considering that a lot of us came into cyber forensics from a background in less official areas, but I’m still interested to hear his perspective; he’ll be presenting a discussion about sniper forensics from a hacker’s perspective, teaching the audience to “think like a hacker”, apparently.
So far in my psychology research I’ve only covered comparative religion, with a focus on Catholics and Pagans. However, one thing I’d like to do in the future is to conduct a comparison of cult members and terrorists, looking at the psychology of brainwashing and deprogramming, and seeing if either (or indeed both) of these fields can learn from each other.
I’m also fascinated by international relations: it’s such a fraught topic, and as someone from a multi-cultural family who speaks several languages, it’s also one I relate to on a personal level.
So I can’t wait to hear from David Vargas again when he looks at the emergence of the “cyber cold war”, something digital forensics practitioners have been talking about for a while now. Looking at the major groups of “patriotic hackers” from Russia, Syria, China and the USA, it’ll describe how these self-appointed online soldiers are using their knowledge and skills to fight on behalf of their nations. I’m particularly interested in the case studies we’ll be looking at, which include the Syrian Electronic Army, the online battles between Chinese and Filipino hackers, and “The Jester” in America.
And that’s only some of the stuff that’s happening on the first two days. Once I reached this point of the programme I messaged my BFF and said “You know how I normally end up working 20+-hour days at conferences and there are normally like 15 things going on each day? This one has 35.”
I’m going to collapse. But I’ll collapse happy and full of forensics information, so it’ll be a pleasant collapse, probably.
The other things that excite me include a discussion of cross-border collaboration (one of the main challenges of digital investigations), a conversation about whether today’s national security agencies are built to deal with cyber threats, and a look at how technology is used in terrorism and counter-terrorism. That last one will use examples from Boko Haram, ISIS, al-Shabaab and the Taliban, so it promises to be both topical and really interesting.
Tim Moniot from Nuix will be talking about the sheer amount of evidence you end up with when you’re investigating people who create and distribute child abuse images, and what investigators can do to triage that evidence (i.e. to work out which bits they actually need to investigate in order to put together a case that will stand up in court).
And then it’s the final day, and the main thing I’m excited about there is the panel discussion about the Internet of Things and the implications it’s having for forensic investigations. It’s bad enough dealing with triage and backlog requirements as it is, now that we have to take into account people’s phones and smart TVs, let alone when we’ll have to also investigate their bloody toasters.
So anyway, that’s what I’m up to in late May and early June. Just your average conference, then.
I can’t wait.
And maybe I am a little bit excited about those beaches, too…