±Forensic Focus Partners
New Today: 0
New Yesterday: 4
±Follow Forensic Focus
· Development of Digital Forensic Tools on Mobile Device, a Potential Area to Consider?
· Can You Get That License Plate?
· How To Decrypt WeChat EnMicroMsg.db Database?
· A guide to RegRipper and the art of timeline building
· Recovering Evidence from SSD Drives in 2014: Understanding TRIM, Garbage Collection and Exclusions
· FT Cyber Security Summit 2014 – Recap
· Why Offender Profiling is Changing Thanks to Mobile Forensics and Increasingly ‘Social’ Criminal Activity
· Understanding Cyber Bullying – Notes for Digital Forensics Examiners
· Investigating the Dark Web – The Challenges of Online Anonymity for Digital Forensics Examiners
InterviewsBack to top Back to main Skip to menu
Andrew Rector, Digital Forensics Student, Bloomsburg University
Digital Forensics is the acquisition and analysis of any digital medium for the purpose of finding and reporting evidence to Government agencies, police, and/or private contractors. At Bloomsburg University we are taught first to have a low-level understanding of what we will be looking at (Binary/Hexadecimal, File System Analysis, and Windows Artifacts), and then we are taught how to use our skills to do real Forensics cases using the prevalent Digital Forensics tools (FTK, EnCase, X-Ways). What really drew me to Digital Forensics the most was the investigative mindset you have to have. When you are doing a case, it’s almost like a chess match between you and the “bad guy”. For me, that’s very exciting, every case is different, and has its own brand of excitement.
You’re also Lab Manager at the Pennsylvania Center for Digital Forensics, doing research on GPS devices and mobile telephones. How did you become interested in this area and what can you tell us about your research?
Cell phones and GPS devices were one of my first major areas of research. They interest me a lot because of the challenge they present, cell phones especially. Forensically analyzing a phone is completely different than analyzing a HDD (Hard Disk Drive). For one, the sheer volume of types of phones make it a challenge, not to mention the different operating systems on each one. Each phone is a new challenge. One of my most exciting research projects with the PACDF was the analysis of a Garmin Nuvi GPS. By analyzing the Garmin forensically, I was able to completely retrace a person’s whereabouts, down to the exact time, date, and location. It’s really very amazing the data that can be found on those types of devices.
What do you think are the main challenges faced by students of digital forensics today? What can professionals in the field do to address them?
I think the biggest challenge faced by students in Digital Forensics today is the investigative mindset of it all. I think we are taught very thoroughly on the technical aspect of forensics. However, that is only half of the battle. In Digital Forensics, every case is different. There are some general methods and guidelines you can follow when doing cases, but at the end of the day an examiner can’t be stuck to just those predefined methods; they need to be able to investigate, question, and examine on their own. We cannot learn every situation that we will need to investigate during our time in school, so with that being said we need to be able to constantly adapt to the case at hand. I know if there was a course on this, I would sign up as soon as possible. I think if professionals could share some of the thinking processes they go through when they have a case, on tricks they use for attention to detail, or making conclusions on the more obscure topics, that would be very beneficial for us.
And what advice would you give people who are thinking about studying digital forensics in the future? Do you have any tips for successful study?
I would say that if you like having new and challenging problems presented to you with each case, then Digital Forensics is a great field to study. It’s very technical, but not in the same way that Computer Science is, that is not to say that the fields don’t overlap. It’s certainly important to learn computer science topics outside of Digital Forensics. To be successful in this field you need to be willing to put in work outside of the classroom. The university does not teach us everything. However, they give us a great education, and all the right tools to learn independently.
You’ve worked on the development of an online learning tool for Bloomsburg students. What do you think about the current trend for online learning through MOOCs or similar remote studying techniques?
During my time working on the documentation of BOLT, I found that online learning and distance learning were much more common than I originally thought. I think MOOCs are a good thing. It’s a great service, and it allows more people to further their education. If you have the self-discipline to study remotely, then I see no reason why you shouldn’t.
What do you think the next major developments will be in digital forensics?
I think some of the upcoming developments will be in tools and methods for analyzing cloud environments. With more and more companies transferring their infrastructure to the cloud, it’s only a matter of time before problems occur, and digital forensics investigators will be needed in that area. This will be a very different type of investigation than the typical hard drive analysis. It’s an exciting prospect.
What do you do in your spare time?
In my spare time I enjoy spending time with my girlfriend, friends, and family. I also enjoy training in Mixed Martial Arts, some reading, and watching Netflix.