As most of you know by now, I’m currently training to be a psychotherapist, because I don’t have enough strings to my bow already. I know I want to practise existential psychotherapy but I’m not yet clear on whether there’s a particular group of clients I’d like to work with. I’ve recently been thinking, however, about working with law enforcement officers, particularly those who are engaged in investigating cases of child exploitation, human trafficking and counter terror. I have the advantage of understanding these industries from the inside, and hopefully with the benefit of psychotherapy training I’ll be able to make a difference to the field by helping people to deal with some of the things they’re seeing. Read more
I don’t really go in for “New Year, New Me,” partly because I think it’s probably futile and also because there’s not a lot about myself I’d like to fundamentally change. I do have some plans for the year, and a couple of things I’d like to do more of, but no resolutions as such.
Relatedly: I’ve been thinking about this tweet. Read more
In digital forensics news recently, I’ve posted a couple of things over at Forensic Focus.
Firstly, a recap of ICDF2C 2018, which took place in New Orleans a few weeks ago. An interesting conference, pleasantly small and with a strong focus on academia, it’s definitely one to watch. Read my full round-up here. Read more
The other day I sat down with the guys at Magnet to take a look through some of the new features in the latest update of AXIOM, and how it compares both to previous updates and to their IEF tool.
This review will focus on AXIOM 2.5. The current version at the time of writing is 2.6; with new versions coming out every month, it’s worth keeping an eye on the new features in each release. One of the main ideas behind version 2.5 was to focus heavily on improving speed performance.
IEF has a similar workflow to AXIOM’s, but it is just an artifacts tool, whereas AXIOM is a full forensics tool. In IEF you choose your evidence sources, fill in the case details and hit ‘Find Evidence’. It will then process your evidence and give you a report on the artifacts. The point of IEF is to have everything in front of you in a format that is easy to analyse, making it simpler to find the most important things and deal with those as a priority.
One big difference between IEF and AXIOM is that AXIOM performs acquisitions, whereas IEF will just load sources that have already been acquired.
I met Chet Hosmer at DFRWS in Providence, Rhode Island, earlier this year. Over lunch I explained my upcoming digital forensics book to him, and he was very supportive. When I arrived back in England a copy of one of his books was waiting for me, along with an encouraging note.
Well, the DFIR book project has taken a backseat over the last few months due to me taking on a new psychology of religion research project, but maybe it’ll come back. In the meantime I thought I’d take a look at Chet’s book and write a quick review of it. Read more
The hottest topic in digital forensics at the moment, standardisation is on the tip of everyone’s tongues. Following various think pieces on the subject and a plethora of meetings at conferences, I spoke to Angus Marshall about his latest paper and what he thinks the future holds for this area of the industry. You can find the interview here.
When I had a meeting with BlackBag a while ago, I was pleasantly surprised by how knowledgeable and enthusiastic the representatives seemed about their products. Not only were they open to showing me all sorts of things the tools could do, they also knew the back stories to how they were created, and why they’re necessary for the field.
So when I got the chance to review the latest version of BlackLight, I decided to go for it. Read more
In one of my day jobs, I edit Forensic Focus, which includes writing articles, interviewing key industry figures, and spending far too much of my life at conferences.
Recently I’ve interviewed a few people about their areas of forensic expertise, so I thought I’d share them here in case you missed them. Read more
Those of you who know about my work in digital forensics will probably be aware that I got into the field because I’m very passionate about child protection, so anyone who champions that cause is someone I’m probably going to like. Magnet Forensics has been doing this for years, but recently I became aware of Griffeye, whom I somehow hadn’t heard of before.
Controversy has been raging around ISO 17025 ever since the standard was adopted for digital forensics back in October 2017. Although many people who work in the industry agree that standardisation is advisable and probably necessary if we are to keep moving forward, there have been many criticisms of ISO 17025 and its effectiveness when it comes to digital forensics.
The baseline of the problem seems to be that ISO 17025 was not specifically designed for digital forensics; instead, it takes the standards of ‘wet’ or traditional forensics and applies them to computing devices. This has a number of issues, not least the fact that technological advances are constantly happening; in a field where most large apps are being updated a couple of times per month as a minimum, it becomes very difficult to properly standardise tools and methodologies.
Another concern for many people is the cost associated with accrediting a lab and keeping up with ISO 17025. Reports of accreditation costing in excess of £50,000 have made some practitioners nervous about applying.