Forensic Focus Forensic Focus: Digital Forensics, Incident Response, DFIR

Join Si and Desi for another episode of the Forensic Focus Podcast. This week, they discuss the lack of transparency and potential misrepresentation in the cybersecurity industry, particularly regarding the use of open-source tools by companies and the questionable interpretation of data and statistics in marketing and advertising.
The conversation also delves into the implications of relying on computer systems and algorithms to make important decisions, such as in the case of the Post Office scandal in the UK and the Centrelink repayment debacle in Australia. They emphasize the importance of human oversight, critical thinking, and considering the human impact of such decisions, rather than blindly trusting the outputs of computer systems.
00:00 – The state of the digital forensics industry
02:30 – Desi’s talk at BSides Brisbane
05:30 – Sweaty Cyber Advice and Strongman
09:40 – Companies integrating open source software
23:00 – Advertising, statistics and logical fallacies
28:00 – The Post Office scandal and computer accountability
49:00 – Security, compliance and regulations
56:00 – Closing thoughts
Show Notes
Hardly Adequate YouTube - https://www.youtube.com/@hardlyadequate
Oxfordshire’s Strongman & Strongwoman - https:\oxfordshire.rocks\
CPS, Computer Records Evidence - https://www.cps.gov.uk/legal-guidance/computer-records-evidence
Your Logical Fallacyis - https://yourlogicalfallacyis.com/
British Post Office Scandal - https://en.wikipedia.org/wiki/British_Post_Office_scandal
The Guardian, Robodebt Scandal - https://www.theguardian.com/australia-news/2023/mar/11/robodebt-five-years-of-lies-mistakes-and-failures-that-caused-a-18bn-scandal
Tyler Vigen, Spurious Correlations - http://www.tylervigen.com/spurious-correlations
Forensic Focus Discord - https://discord.gg/97zKvTXHeS

Sophie Powell joins Si and Desi on the Forensic Focus Podcast to discuss various topics including her recent participation in a TryHackMe webinar, the challenges of applying for graduate schemes, and the relevance of the Cyber 9/12 competition to her career in cybersecurity. They also touch on the psychology of conspiracy theories and the implications of deepfake technology.
00:00 – Welcome to the podcast
03:00 – Sweaty Cyber Advice
03:55 – Fitness and forensics
07:00 – Mental health and mindfulness
09:10 – Gamified assessments
17:00 – Video recorded self-assessments
20:10 – Filtering candidates to fill roles
24:25 – Graduate schemes versus graduate jobs
27:40 – Apprenticeships and student loans
33:40 – Starting out on a graduate scheme
37:35 – UK Cyber 9/12 Strategy Challenge
43:55 – Dangers of deepfakes
51:10 – Conspiracy theories and computer psychology
54:40 – Closing thoughts
Show Notes
Hardly Adequate - https://hardlyadequate.com
Try Hack Me - https://tryhackme.com/
UK Cyber 9/12 Strategy Challenge - https://www.ukcyber912.co.uk/

Chris Doman, Co-Founder of Cado Security, joins the Forensic Focus podcast to discuss cloud forensics and incident response. Cado Security provides cloud-based software for collecting and analyzing forensic evidence in cloud environments.
Chris discusses the challenges of cloud forensics, such as the constantly changing nature of cloud environments and the need to standardize and normalize data from different sources.
Cado Security is working on partnerships with cloud and EDR vendors, as well as IR providers, and is planning to release new features related to SaaS and email compromise investigations.
00:00 – Introducing Chris Doman from Cado Security
03:00 – Starting and growing Cado Security
05:45 – Cado Community
06:30 – Cloud forensics tools
10:40 – Collecting, processing and presenting data
12:00 – Advantages of cloud to cloud
13:50 – Audit logs
16:00 – Automation
20:30 – Training and investigation support
28:00 – Release cycle and managing updates
30:30 – Roadmap
40:30 – Chain of custody
43:00 – Encryption and storage
43:30 – Cado Security at events

Alan Platt, Professional Services Consultant at MSAB, discusses his experience as a former UK police officer working in digital forensics. He talks about the different levels of digital forensics capabilities within police forces and how MSAB products like XAMN and XEC Director are used by frontline officers versus lab analysts.
The discussion covers how MSAB partners with law enforcement to develop custom workflows for mobile device acquisitions that facilitate ISO compliance. Alan explains MSAB's managed service offering, where approved MSAB staff can remotely access a customer's XEC Director server to assist with software updates and troubleshooting. He emphasizes the strict data segregation policies enforced by customers to prevent MSAB from accessing any sensitive case data.
Looking ahead, Alan mentions MSAB's new CEO and hints at some exciting developments coming down the pipeline. He spotlights recent enhancements to XEC Director's speed and database functionality for managing large estates of networked Kiosks. Alan also plugs the new XEC Director training he created to help users fully leverage the platform's capabilities.
00:00 – Introduction to Alan Platt
07:00 – Training
12:00 – Workflows
17:20 – Ensuring a secure environment
19:45 – Customer training
20:35 – Helping customers comply with ISO accreditation
25:00 – Validation and verification
27:30 – ISO standards
30:00 – MSAB’s pipeline plans
32:40 – XEC Director
43:45 – Privacy of user data

Nick Harvey, a former Detective Inspector in the Metropolitan Police, discusses his transition from law enforcement to his current role as a Customer Success Manager at Cellebrite. He describes his experience in tackling county lines, a form of organized crime in the UK where drug dealers set up operations in smaller towns and cities to expand their business. He also discusses the role of mobile phones in criminal investigations and how data-driven approaches can expedite the justice process.
Nick goes on to highlight the challenges of explaining digital evidence to judges and juries and the potential impact of artificial intelligence in forensic investigations. He also emphasizes the importance of communication between digital forensics units and investigators and the need for tools that can handle large data sets and provide actionable insights.
Nick shares his thoughts on the impact of regulations on forensic processes and the need for a balance between oversight and efficiency. He concludes by advising investigators to be open to new approaches and to focus on the objectives of their investigations.
00:00 – Introduction to Nick Harvey, Customer Success Manager at Cellebrite
02:40 – Data driven approach to tackling county lines crimes
07:50 – Changing landscape of mobile forensics
11:45 – Operation Venetic and EncroChat crime
15:20 – Ensuring admissibility of evidence
19:50 – Machine learning in crimes and crime detection
24:00 – Machine learning in Cellebrite’s tools
27:10 – Working at Cellebrite
31:30 – Managing large volumes of data
34:40 – Training tool users and empowering investigators to get the most from data
36:00 – Regulations and compliance frameworks
39:55 – Advice for digital investigators

Subscribe to the Forensic Focus Podcast: https://www.forensicfocus.com/podcast/
Keith Lockhart, Vice President of Training at Oxygen Forensics, discusses the evolution of training in the digital forensics industry. He highlights the shift towards online training and the use of technology to deliver courses remotely. He also mentions the importance of gathering feedback from customers and adapting training programs to meet their needs.
Oxygen Forensics is focused on providing a range of training options, including on-demand content and hands-on training with shipped devices. Additionally, Keith discusses the company's new technologies, Oxygen Corporate Explorer (OCE) and Oxygen Analytic Center (OAC), which offer collaborative review and data collection capabilities. 
00:00 - Keith Lockhart’s career 
06:45 – Educational background
09:15 – Technical knowledge and software development
14:55 – Transitioning to a training role
20:05 – Sharing knowledge and presenting evidence in court
24:15 – Products and training from Oxygen Forensics
34:00 – Receiving customer feedback
35:30 – Online versus in-person conferences and training
38:10 – Providing training and tools in different languages
41:00 – Oxygen Forensic Certifications
44:10 – Oxygen Forensics’ focus for 2024