DFRWS Europe 2014 Annual Conference – Recap

This article is a recap of some of the main highlights of the Digital Forensics Research Workshop (DFRWS) held in Amsterdam from the 7th – 9th of May; over the next few weeks we will also be bringing you a number of interviews and research updates from the conference.

Conference Highlights

DFRWS brought together academics and digital forensics practitioners from all over the world to provide an overview of current research and future challenges in the field of computer technology.

There was a large amount of research into helping law enforcement officers on the ground; the lack of specialised digital skills within forensics units was a strong talking point throughout the conference. Peter Zinn, the Senior Cybercrime Advisor for the Dutch National High Tech Crime Unit, spoke about how the pace of change within digital forensics makes it difficult for law enforcement agents to keep up to date. He highlighted the difficulty with preventing criminals who are predominantly active online, citing two of the main problems as being the general availability of internet access and the concept of the internet having “no borders”, making it difficult for cases to be built against web-savvy criminals who work across international borders.

Zinn suggested that law enforcement agents could make better use of publicly available or easily accessible data, pointing out that constant web monitoring is expensive and relatively ineffective, and breaking encryption puts everybody at greater risk. However, the amount of data that can be scraped from the open web is not to be underestimated and could probably be used more effectively in criminal investigations.


Get The Latest DFIR News

Join the Forensic Focus newsletter for the best DFIR articles in your inbox every month.


Unsubscribe any time. We respect your privacy - read our privacy policy.

Christian Winter and York Yannikos discussed robust image hashing, specifically the automation of detection of indecent images of children. Whilst several options are currently available, the error rates are too high to allow them to run unattended, meaning that a high level of human interaction is still necessary and the backlog continues to grow. Semi-automated processes such as the prioritisation of images tend to be more effective, and the next step would be working out whether an image is already known. Block hashing is one way of doing this, and this is the team’s focus at present. The improvement of approximate matching efficiency was put forward as an open research concept, along with the question of whether approximate matching could be used to detect variations of known malware.

Interagency communication was another focus of the conference, with several candidates positing this as a way to ease the backlog in criminal investigations. This was one of the main take-aways from the panel discussion on backlogs, which took place on the first day. The volume of digital evidence is constantly expanding and is no longer solely relevant to online crimes. With higher connectivity generally and the proliferation of mobile devices, low-tech and “offline” crimes are increasingly requiring a digital component during the investigation.

The amount of data is growing exponentially; the number of experts isn’t.

Several panel members brought up the difference in backlog between law enforcement and the private sector; often the latter have a far shorter backlog in investigation. It was suggested that this may be because private sector companies can turn cases down more easily, whereas police are required to respond to a call for assistance.

Triage is one of the main areas that needs to be addressed, as well as up-to-date training for digital forensics experts who are employed by law enforcement agencies. Traditional training structures do not generally apply when it comes to digital investigation, but law enforcement employers are not used to constantly updating their employees’ training and may be reluctant to do so due to the time and financial outlay required.

Frans Kolkman from the Dutch National Police expressed the problem succinctly: “If you are a company which is drilling holes and selling drills, then your world is probably not what you think. The customer wants holes, he doesn’t care about drills. We’re all talking about digital forensics, but the people we’re working for want to find stuff, they don’t care about forensics. We have nice tools and expensive equipment, but at the end of the day they don’t care.” Kolkman championed the idea of connecting ‘real life’ with digital forensics; connecting the police databases with the systems used by digital forensics professionals to extract useful and relevant data, rather than allowing some information to lie dormant.

It is often difficult to explain to non-experts how digital evidence is forensically extracted, and how it can back up certain elements of a case. Christiaan Alberdingk Thijm from Bureau Brandijs discussed this problem, adding that it is important to be able to demonstrate that extrapolated data backs up facts rather than theories. Proprietary technology not only makes it more difficult for forensic examiners to extract data, but also for them to explain what the technology is and how it works to a jury made up of members of the general public.

Thomas Gloe of Dence Germany discussed the forensic analysis of digital video formats, specifically semantic interpretation, source/author data and whether a video is original or has been altered. Statistical analysis can help to detect traces of manipulation or post-processing, but there are so many video formats available that determining where a file originated and precisely how it has been altered can be very difficult.

Europol’s Mikael Lindstroem gave an overview of EC3, the European Cyber Crime Center, and how it is structured. Agencies like Europol can be especially helpful in international investigations where certain countries do not want to send data directly to other places; Europol can comply with each territory’s security requirements whilst building an international case.

There are a number of challenges that are specific to international cases; for example, Lindstroem spoke about a case in which two law enforcement agents from separate countries were accidentally “grooming” each other online; the fact that everyone involved was an agent was not uncovered until the investigation reached a critical point. An international database of current criminal investigations and who the investigators are was posited, but the suggestion was struck down due to the likelihood that it would be hacked.

Recent privacy laws across Europe have also hampered some investigations; for example, Europol now do not keep logs of data extracted from paedophile networks due to the questionable ethics of housing and utilising such data.

The third day of the conference involved several workshops in which participants were split up into groups and asked to conduct investigations. Kelvin Wong from Hong Kong Police led a ‘Real Network Forensics Kungfu’ workshop which tackled questions of counterespionage and Skype forensics.

The next DFRWS conference will take place in Denver, Colorado from the 3rd – 6th of August 2014. Anyone interested in attending should consult the official website for further details.

Leave a Comment

Latest Videos

In this episode of the Forensic Focus podcast, Desi and Si discuss different online programming courses and what they think about the popular platform, Udemy. They also talk about Flipper, Dev boards, and Raspberry Pi, and delve into the fascinating phenomenon of running the classic game Doom on unlikely devices.

Throughout the episode, Desi and Si share their digital forensics expertise, referencing some of the cases they have been working on and highlighting particular methodologies and technologies that have an impact on cybersecurity.

Show Notes:

100 Days of Code: The Complete Python Pro Bootcamp for 2023 - https://www.udemy.com/course/100-days-of-code/

Domestika - https://www.domestika.org/en

MIT OpenCourseWare - https://www.youtube.com/@mitocw 

MasterClass - https://www.masterclass.com/

Raspberry Pi 400 Complete Kit - https://core-electronics.com.au/raspberry-pi-400-kit.html

Flipper Discord - https://discord.com/invite/flipper

Flipper Zero - https://flipperzero.one/

This Programmer Figured Out How to Play Doom on a Pregnancy Test - https://www.popularmechanics.com/science/a33957256/this-programmer-figured-out-how-to-play-doom-on-a-pregnancy-test/

Here’s a dude playing Doom Eternal on his fridge - https://www.polygon.com/2020/10/13/21514933/doom-eternal-refrigerator-door-samsung-smart-refrigerator-xbox-game-pass-richard-mallard

Doom hacker gets Doom running in Doom - https://www.pcgamer.com/doom-hacker-gets-doom-running-in-doom/

Doom Running On A Calculator Powered By Old Potatoes - https://kotaku.com/doom-running-on-a-calculator-powered-by-old-potatoes-1845374069

GoldenEra - https://www.imdb.com/title/tt11753760/

Racing the Beam - https://en.wikipedia.org/wiki/Racing_the_Beam

High Score (TV series) - https://en.wikipedia.org/wiki/High_Score_(TV_series)

Microcontroller Courses (Udemy) - https://www.udemy.com/topic/microcontroller/

The story of Final Fantasy XIV’s renegade do-good modders - https://www.pcgamesn.com/final-fantasy-xiv/ffxiv-modders-renegade-do-gooders

Logical fallacies - https://yourlogicalfallacyis.com/

In this episode of the Forensic Focus podcast, Desi and Si discuss different online programming courses and what they think about the popular platform, Udemy. They also talk about Flipper, Dev boards, and Raspberry Pi, and delve into the fascinating phenomenon of running the classic game Doom on unlikely devices.

Throughout the episode, Desi and Si share their digital forensics expertise, referencing some of the cases they have been working on and highlighting particular methodologies and technologies that have an impact on cybersecurity.

Show Notes:

100 Days of Code: The Complete Python Pro Bootcamp for 2023 - https://www.udemy.com/course/100-days-of-code/

Domestika - https://www.domestika.org/en

MIT OpenCourseWare - https://www.youtube.com/@mitocw

MasterClass - https://www.masterclass.com/

Raspberry Pi 400 Complete Kit - https://core-electronics.com.au/raspberry-pi-400-kit.html

Flipper Discord - https://discord.com/invite/flipper

Flipper Zero - https://flipperzero.one/

This Programmer Figured Out How to Play Doom on a Pregnancy Test - https://www.popularmechanics.com/science/a33957256/this-programmer-figured-out-how-to-play-doom-on-a-pregnancy-test/

Here’s a dude playing Doom Eternal on his fridge - https://www.polygon.com/2020/10/13/21514933/doom-eternal-refrigerator-door-samsung-smart-refrigerator-xbox-game-pass-richard-mallard

Doom hacker gets Doom running in Doom - https://www.pcgamer.com/doom-hacker-gets-doom-running-in-doom/

Doom Running On A Calculator Powered By Old Potatoes - https://kotaku.com/doom-running-on-a-calculator-powered-by-old-potatoes-1845374069

GoldenEra - https://www.imdb.com/title/tt11753760/

Racing the Beam - https://en.wikipedia.org/wiki/Racing_the_Beam

High Score (TV series) - https://en.wikipedia.org/wiki/High_Score_(TV_series)

Microcontroller Courses (Udemy) - https://www.udemy.com/topic/microcontroller/

The story of Final Fantasy XIV’s renegade do-good modders - https://www.pcgamesn.com/final-fantasy-xiv/ffxiv-modders-renegade-do-gooders

Logical fallacies - https://yourlogicalfallacyis.com/

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_5f72B6DD5wk

Programming Languages, Flipper And Gaming

Forensic Focus 24th May 2023 11:43 am

In this episode of the Forensic Focus podcast, Si and Desi talk to Mackenzie Jackson, Developer Advocate at Git Guardian. 

Mackenzie discusses the problem of hard-coded and leaked credentials in Git repositories, the task of scanning Git repositories for leaked credentials, and how that’s helped by the setup of GitHub and Git. 

He also looks at some public and private cases of security breaches through Git repositories and recommends tools you can use to combat attackers on Git. 

Show Notes:

Toyota Suffered a Data Breach by Accidentally Exposing A Secret Key Publicly On GitHub (GitGuardian) - https://blog.gitguardian.com/toyota-accidently-exposed-a-secret-key-publicly-on-github-for-five-years/

GitHub.com rotates its exposed private SSH key (Bleeping Computer) - https://www.bleepingcomputer.com/news/security/githubcom-rotates-its-exposed-private-ssh-key/

Conpago - https://www.conpago.com.au/

Source Code as a Vulnerability - A Deep Dive into the Real Security Threats From the Twitch Leak (GitGuardian) - https://blog.gitguardian.com/security-threats-from-the-twitch-leak/

Teenagers Leveraging Insider Threats: Lapsus$ Hacker Group (Forbes) - https://www.forbes.com/sites/emilsayegh/2023/03/15/teenagers-leveraging-insider-threats-lapsus-hacker-group

Lapsus$: Oxford teen accused of being multi-millionaire cyber-criminal (BBC) - https://www.bbc.co.uk/news/technology-60864283

Dynamic Secrets (HashiCorp) - https://developer.hashicorp.com/vault/tutorials/getting-started/getting-started-dynamic-secrets

Crappy code, crappy Copilot. GitHub Copilot is writing vulnerable code and it could be your fault (GitGuardian) - https://blog.gitguardian.com/crappy-code-crappy-copilot/

trufflesecurity/trufflehog (GitHub) - https://github.com/trufflesecurity/trufflehog

gitleaks/gitleaks (GitHub) - https://github.com/gitleaks/gitleaks

Git (Wikipedia) - https://en.wikipedia.org/wiki/Git

awslabs/git-secrets (GitHub) - https://github.com/awslabs/git-secrets

In this episode of the Forensic Focus podcast, Si and Desi talk to Mackenzie Jackson, Developer Advocate at Git Guardian.

Mackenzie discusses the problem of hard-coded and leaked credentials in Git repositories, the task of scanning Git repositories for leaked credentials, and how that’s helped by the setup of GitHub and Git.

He also looks at some public and private cases of security breaches through Git repositories and recommends tools you can use to combat attackers on Git.

Show Notes:

Toyota Suffered a Data Breach by Accidentally Exposing A Secret Key Publicly On GitHub (GitGuardian) - https://blog.gitguardian.com/toyota-accidently-exposed-a-secret-key-publicly-on-github-for-five-years/

GitHub.com rotates its exposed private SSH key (Bleeping Computer) - https://www.bleepingcomputer.com/news/security/githubcom-rotates-its-exposed-private-ssh-key/

Conpago - https://www.conpago.com.au/

Source Code as a Vulnerability - A Deep Dive into the Real Security Threats From the Twitch Leak (GitGuardian) - https://blog.gitguardian.com/security-threats-from-the-twitch-leak/

Teenagers Leveraging Insider Threats: Lapsus$ Hacker Group (Forbes) - https://www.forbes.com/sites/emilsayegh/2023/03/15/teenagers-leveraging-insider-threats-lapsus-hacker-group

Lapsus$: Oxford teen accused of being multi-millionaire cyber-criminal (BBC) - https://www.bbc.co.uk/news/technology-60864283

Dynamic Secrets (HashiCorp) - https://developer.hashicorp.com/vault/tutorials/getting-started/getting-started-dynamic-secrets

Crappy code, crappy Copilot. GitHub Copilot is writing vulnerable code and it could be your fault (GitGuardian) - https://blog.gitguardian.com/crappy-code-crappy-copilot/

trufflesecurity/trufflehog (GitHub) - https://github.com/trufflesecurity/trufflehog

gitleaks/gitleaks (GitHub) - https://github.com/gitleaks/gitleaks

Git (Wikipedia) - https://en.wikipedia.org/wiki/Git

awslabs/git-secrets (GitHub) - https://github.com/awslabs/git-secrets

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_BX15Z_xF8mA

Preventing Data Leaks With Git Guardian

Forensic Focus 3rd May 2023 11:07 am

This error message is only visible to WordPress admins

Important: No API Key Entered.

Many features are not available without adding an API Key. Please go to the YouTube Feed settings page to add an API key after following these instructions.

Latest Articles

Share to...