±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 0 Overall: 36115
New Yesterday: 0 Visitors: 131

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Videos

±Latest Jobs

Advanced forensics concepts

Computer forensics discussion. Please ensure that your post is not better suited to one of the forums below (if it is, please post it there instead!)
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
Page Previous  1, 2, 3, 4, 5, 6  Next 
  

jhup
Senior Member
 

Re: Advanced forensics concepts

Post Posted: Oct 30, 13 19:02

You did not answer my questions. Not fair. Surprised

- joachimm
If you ask me to sum up in a couple of sentences what the basic qualifications a digital forensic analyst should have (at every level) is:

* an understanding of fundamental concepts of computer or digital systems
* understand the importance and aspects of data (facts)/evidence preservation
* understand the relevance of digital data (facts) in and outside their context
* understand the relevance experimentation & validation of methodology and tooling
* critical thinker to interpret results

What you dubbed as "advanced" I think are the core fundamentals of digital forensics.

Being at the edge of a knowledge circle (sphere) with expertise in several areas, your perspective as to what is advanced and what is fundamental is different than for someone who is just setting out on forensics.

- joachimm
Most of these are "thinking skills" nothing to do with the digital realm. I guess most of the other forensics sciences, at least the ones I know of, is getting a full degree in that science e.g. psychology with additional training in forensic science and thus acquiring these thinking skills.

And, that is where our field is heading, wouldn't you say? We did not have baccalaureate degrees 10 years ago in digital forensics. Today they are like mushrooms in a damp cellar. Tomorrow it will be a "requirement".

- joachimm
I've learned most about the thinking skills from non-computer science fields and it is these skills what help me in complex cases. Not those from my computer science education. But applying them both in cases is what I think makes one a digital forensic expert or not.

Yet there is no prohibition that the thinking skills cannot be learned while acquiring the "fundamental concepts" in digital forensics.


- joachimm
So my point is not to teach people facts, about a certain technology, but teach them how to think for themselves. Think how to evaluate their findings, their hypothesis, their methods. IMO this is what is forensic science is about. Not the in-and-outs about a file format, if that is information readily available then we should teach them to find it and how to use it. If it is not, we should teach them how to obtain it. Don't get me wrong here the information about the file format is still very valuable but if I'm not working with e.g. PST why should I bother understanding the PST format in much detail. Now when I need to work with it, having this knowledge can be very useful.


I am not sure there is any disagreement here. You just stated what advanced forensics requires.

- joachimm
You only define factual knowledge here. I can search on the Internet for those and become sufficiently knowledgeable about the subject in a day; only because I have an understanding of their fundamentals. The only term here forensic related is "Anti forensics"

My "advanced" word choices where not the best, as I stated before. On the other hand can we agree that each of those "factual knowledge" areas have very specific very defined and very advanced concepts that would not be privy or grasp without "fundamental concepts"?

- joachimm
So what? Does all this digital knowledge make me digital forensic analyst? If I'm a programmer, network admin, systems admin, I'm also getting involved in these areas. And I'll also get more "advanced", a better term is "experienced", over time. But this does not make me digital forensic analyst.
Different topic.

- joachimm
True, so what we need to teach people is fundamentals and thinking skills. So that if they are not sufficiently expert in one area, that they can get sufficiently up to speed. IMO the fundamentals don't change that much.

Thank you. I appreciate you stressing my point of view. Indeed there is a distinction between fundamental and advanced.
- joachimm
Let's start here: What are the basic concepts in your opinion that makes someone a "digital" forensics investigator and not a system administrator for that matter?


By all means do so. I am content with my information as far what I, and already collected feedback indicates what is, and is not "basic concepts".

It very much sounds like you are saying there is no such thing as advanced forensics concepts, but then you turn around and state that we must start with basic concepts. The notion that there are basic concepts implies there are intermediate and advanced concepts.

From my original post, my interest goes back to what individual forensics practitioners consider advanced concepts.  
 
  

athulin
Senior Member
 

Re: Advanced forensics concepts

Post Posted: Oct 30, 13 21:40

- jhup
We classify people as experts; individuals with more knowledge than laymen on a subject. They are aware and understand "advanced concepts" laymen does not.


That sounds almost like a feed-line from a straight man.

Google for 'Niels Bohr's definition of expert' -- an attempt at definition that I find rather refreshing.  
 
  

jhup
Senior Member
 

Re: Advanced forensics concepts

Post Posted: Oct 30, 13 22:07

His quote is funny.

I was thinking more on the line of what qualifies someone as an expert witness in court...
- athulin
- jhup
We classify people as experts; individuals with more knowledge than laymen on a subject. They are aware and understand "advanced concepts" laymen does not.


That sounds almost like a feed-line from a straight man.

Google for 'Niels Bohr's definition of expert' -- an attempt at definition that I find rather refreshing.
 
 
  

joachimm
Senior Member
 

Re: Advanced forensics concepts

Post Posted: Oct 31, 13 09:05

- jhup
From my original post, my interest goes back to what individual forensics practitioners consider advanced concepts.


Then why make the jump to:

- jhup
We consider "advanced forensics concepts" to be technical knowledge which is not readily available and requires validation and experimentation. “Advanced forensics” requires critical thinking to interpret, describe and convey relevance and meaning by itself and in relation to other evidence.


I'm saying what you define here as "advanced forensics concepts" are the essentials of forensics. I repeat:
"Forensic science (often known as forensics) is the scientific method of gathering and examining evidence."

So can you be clear on what you are asking here?

- jhup
You did not answer my questions. Not fair. Surprised


Same here I'll trying to answer your questions as far as I can but if you're not being clear and don't answer my follow up questions. So how am I supposed to answer you questions? I'm trying to get to the core of what you mean with your original question so I'm able to answer it. Alas since the question is so broad and you seem to be adding all kinds of different angles "educating people", "'advanced forensics 'wisdom'", to question, this is a very tedious process.

- jhup
It very much sounds like you are saying there is no such thing as advanced forensics concepts, but then you turn around and state that we must start with basic concepts. The notion that there are basic concepts implies there are intermediate and advanced concepts.


Again you're misinterpreting me and alas missing a vital nuance here. I'm saying there are no "advanced forensics concepts", because that does not make sense in the definition of forensics and advanced. There are however "advanced concepts" but these will be mostly related to the digital domain.

- jhup
My "advanced" word choices where not the best, as I stated before.


As you indicate advanced is a poorly chosen term, highly subjective and diverse. But can you tell me what explanation of advanced are you referring to? Maybe use this as a reference: www.thefreedictionary.com/advanced are you referring to: "being ahead in development, knowledge, progress, etc." or "Highly developed or complex." ? I would say this diversity in the terminology makes for two different discussions.

- jhup
Being at the edge of a knowledge circle (sphere) with expertise in several areas, your perspective as to what is advanced and what is fundamental is different than for someone who is just setting out on forensics.


Also if you want to see the world in circles (spheres) or as binary distinctions, yes there is fundamental knowledge and non-fundamental knowledge. But I don't think this non-fundamental knowledge is always "advanced" (in both terms).

Thinking about fields of knowledge as circles is a limiting thinking model, knowledge nowadays is highly intertwined. The model of the circle over simplifies this.

Also "what is advanced" will vary over the course of your professional career, what "fundamental" is not. That is the core of the point, which alas does not seem to get across. Fundamental knowledge is that type of knowledge that the rest of your understanding will depend. To frame it into your example someone who starts out (assuming an utterly blank person here) does not have fundamental knowledge and will need to learn this knowledge first.

Which you then perfectly address in:
- jhup
Put it in an other way - is it necessary for someone to understand basic addition, subtraction and multiplication first, before tackling ax^2 + bx + c = 0?


So my guess these are largely a mismatches of semantics in our discussion which are taking us nowhere.


- jhup
From my original post, my interest goes back to what individual forensics practitioners consider advanced concepts.


You might have meant the same but you'd asked for:
- jhup
What do you consider "advanced forensics concepts" within the digital forensics realm?


This also did not show from your 'Data-Information-Knowledge-Wisdom Pyramid' recap.


My request to you is to a bit more explanatory in your initial question, maybe give an example of what you mean. Also explain why you are doing a recap. Hence my question: jhup what's the goal of your original question? (which BTW you did not answer Wink )


Since your question (looks to be a bit more clearer formulated) now and assume by advanced you are referring to "being ahead in development, knowledge, progress, etc."

I would say: improving the temporal (as in time) information we can obtain from them, especially in cases where the currently understood time sources do not contain relevant facts.  
 
  

jhup
Senior Member
 

Re: Advanced forensics concepts

Post Posted: Oct 31, 13 17:54

- joachimm

- jhup
From my original post, my interest goes back to what individual forensics practitioners consider advanced concepts.

Then why make the jump to:
- jhup
We consider "advanced forensics concepts" to be technical knowledge which is not readily available and requires validation and experimentation. “Advanced forensics” requires critical thinking to interpret, describe and convey relevance and meaning by itself and in relation to other evidence.



It is simply a feedback from the information provided by others both here, and elsewhere to my original question. No jump, but review of the comments others have provided.

- joachimm

I'm saying what you define here as "advanced forensics concepts" are the essentials of forensics. I repeat:
"Forensic science (often known as forensics) is the scientific method of gathering and examining evidence."

So can you be clear on what you are asking here?


I continue to disagree that it defines "the essentials of forensics". By who's standards are they "essential"? I have no disagreement with your quote on what forensic science is. What I contend with is the presumption that it is a monolithic pool of knowledge. It is not.

- joachimm

- jhup
You did not answer my questions. Not fair. Surprised

Same here I'll trying to answer your questions as far as I can but if you're not being clear and don't answer my follow up questions. So how am I supposed to answer you questions? I'm trying to get to the core of what you mean with your original question so I'm able to answer it. Alas since the question is so broad and you seem to be adding all kinds of different angles "educating people", "'advanced forensics 'wisdom'", to question, this is a very tedious process.


The question is still "what do you consider 'advanced forensics concepts' within the digital forensics realm?".

It is asking for individual forensic practitioner's subjective opinion.
It is about concepts used in digital forensics.
It allows the answering practitioner to define for themselves what is, and is not "advanced".

All other material I talked and presented are circumstantial to answer questions, and to elucidate the original question.

- joachimm
. . .There are however "advanced concepts" but these will be mostly related to the digital domain.

Which I clearly indicated in my original question ("within the digital forensics realm").

- joachimm
As you indicate advanced is a poorly chosen term, highly subjective and diverse. But can you tell me what explanation of advanced are you referring to?


I specially left it to self-define by the practitioner ("what do you consider").

- joachimm
Also if you want to see the world in circles (spheres) or as binary distinctions, yes there is fundamental knowledge and non-fundamental knowledge. But I don't think this non-fundamental knowledge is always "advanced" (in both terms).

Thinking about fields of knowledge as circles is a limiting thinking model, knowledge nowadays is highly intertwined. The model of the circle over simplifies this.


It is a model, which I thought was sufficient to express my thought on that specific sub-topic when you asked for explicit definition of "advanced".

- joachimm
Also "what is advanced" will vary over the course of your professional career, what "fundamental" is not. That is the core of the point, which alas does not seem to get across. Fundamental knowledge is that type of knowledge that the rest of your understanding will depend. To frame it into your example someone who starts out (assuming an utterly blank person here) does not have fundamental knowledge and will need to learn this knowledge first.


And, I keep pointing back to my original post. It is to be defined by the responder.

- joachimm
Which you then perfectly address in:
- jhup
Put it in an other way - is it necessary for someone to understand basic addition, subtraction and multiplication first, before tackling ax^2 + bx + c = 0?

So my guess these are largely a mismatches of semantics in our discussion which are taking us nowhere.


That response was to refute your statement that there is no distinction between "advanced forensics" and simply "forensics".

- jhup
From my original post, my interest goes back to what individual forensics practitioners consider advanced concepts.


- joachimm
You might have meant the same but you'd asked for:
- jhup
What do you consider "advanced forensics concepts" within the digital forensics realm?

This also did not show from your 'Data-Information-Knowledge-Wisdom Pyramid' recap.


The DIKW model example was to refute again that there is no such thing as "advanced". It is not the core of the question.

- joachimm
My request to you is to a bit more explanatory in your initial question, maybe give an example of what you mean. Also explain why you are doing a recap. Hence my question: jhup what's the goal of your original question? (which BTW you did not answer Wink )


It was answered:
- jhup
I search for the framework for instructional purposes.

To further elucidate with an example, if you have two books front of you on digital forensics, one of them will be more advanced than the other. How do you determine which is more advanced?

- joachimm
Since your question (looks to be a bit more clearer formulated) now and assume by advanced you are referring to "being ahead in development, knowledge, progress, etc."

I would say: improving the temporal (as in time) information we can obtain from them, especially in cases where the currently understood time sources do not contain relevant facts.


Thank you.

I believe what you were looking for is more definitions to the words within my question. The point of the question was not to force the responder into a very stringent box (specificity is a curse of our field), but to provide a wide channel. However uncomfortable this is, I wanted the question loosely defined.  
 
  

jhup
Senior Member
 

Re: Advanced forensics concepts

Post Posted: Oct 31, 13 17:56

- sgware
Isn't "advanced" or "intermediate" really dependent on the aptitude, drive, and experience required to master the topic? That is where I was going, albeit not clearly, in my post.


Would this answer define "advanced" practitioner more rather than "concepts" themselves? I would like to narrow it to concepts only. Can you rephrase your thought to target concepts?  
 
  

jhup
Senior Member
 

Re: Advanced forensics concepts

Post Posted: Oct 31, 13 17:59

- jaclaz
. . .
But here we are not talking of expert vs. intermediate vs. beginner (as people), we are talking about the topics, we could draw a line saying that anything that is known, documented and taught in college is "basic", that anything that is fully documented and verified and part of an established procedure (or taught in the various post graduate or vendor courses) is "intermediate" and anything that is not obvious or a simple derivative of known approaches, procedures and documented (and verified) theories is "advanced".

Then maybe we could change the term from "advanced" to "innovative" or anyway use this latter as a synonym.

jaclaz

P.S.: Ooops, cross-posting with Jhup


I like the word "innovative", and how you defined "advanced" - anything that is not obvious or a simple derivative of known approaches, procedures and documented (and verified) theories is "advanced" - specially the "not simple derivative on known".  
 

Page 5 of 6
Page Previous  1, 2, 3, 4, 5, 6  Next