TDFCon 2015 – Recap

This article is a recap of some of the main highlights from TDFCon held at Teesside University, Middlesbrough (UK) on the 15th of May 2015.

Conference highlights

TDFCon presents an opportunity for students from Teesside University and elsewhere to come together and discuss their research with industry professionals, law enforcement representatives and fellow students.

The theme for this year’s programme was ‘The Future of Digital Forensics’, and the topics discussed certainly fulfilled the brief, looking at how current trends in computer crime are informing digital forensics and vice versa, as well as how digital forensics education is changing and shaping the development of future forensic examiners.

The day began with a discussion of SCADA security in the UK and whether it is sufficient to protect against network security breaches. Jack McIntyre spoke about how SCADA is unprotected at the device level, and uses web applications which are often vulnerable to attacks such as authentication bypass or SQL injection. One of the main challenges is that SCADA was not originally designed to be secure; instead, the design was based around connectivity and reliability. Neither of these are bad in themselves, McIntyre elaborated, but new standards such as encryption and a lack of plain text passwords are needed. With the UK sharing one power connection and two gas connections with no backup, the level at which national infrastructure would be affected in the case of a breach could be catastrophic.


Get The Latest DFIR News

Join the Forensic Focus newsletter for the best DFIR articles in your inbox every month.


Unsubscribe any time. We respect your privacy - read our privacy policy.

The following discussion by Rowan Knight centred around cyber warfare and the changes likely to be seen in this area in the future. Highlighting the importance of collaboration between law enforcement, academia and industry, Knight cited recent research into current trends in warfare both online and offline, and recommended that forensic examiners remain alert to the various ways in which an increasingly connected world boosts the potential for crime on an international level.

Some of the subjects Knight called attention to included how the internet can be used as a recruitment tool for extremist groups and how robots and drones, which are currently being developed for use in human battles, could be susceptible to cyber attacks. Other areas of concern included food processing, chemical plants and national infrastructure, taking up the theme of the prior SCADA discussion in the light of potential cyber war.

Do UK law enforcement have sufficient training to engage with cyber warfare threats? This was one of the main questions posed by Knight’s presentation, and it was suggested that particularly in the area of digital forensics, where trends change so quickly from day to day, law enforcement do not often have the time or the budget to sufficiently defend against the threat of cyber warfare.

The conference then broke out into workshops, with attendees splitting up into smaller groups to discuss different aspects of digital forensics in the future.

The first of these was run by Arron Martin Zeus-Brown, who provided a glimpse into the current state of digital forensics education on the whole, then introduced a participatory discussion in which attendees could put forward their suggestions for elements to be included in future courses at Teesside specifically.

One of the main areas of interest was the mismatch between the perceptions students have regarding what potential employers are looking for, and those employers’ actual requirements for graduate job entrants. Due to the ever-changing nature of the tools and methods employed in digital forensics as a discipline, employers often prize a reliable, conscientious personality profile over experience with a specific forensic tool.

Degree classification varies greatly between subjects, and digital forensics is no exception to this rule, Zeus-Brown added. This led to a discussion regarding whether degree classifications ought to be changed, updated or even replaced by qualifications that could break the subject down into more specific modules.

Jordan Madden then led a workshop on Tor malware, including case studies of OnionDuke network attacks, CryptoWall ransomware and Tor-based point-of-sale malware Chewbacca. This was followed by a presentation from Timmi Lee Strand Jaeger, a Norwegian researcher who gave an overview of the Whonix operating system and the forensic challenges it brings. The session covered best practices for users of the Tor network and how these are often ignored even by those who purport to require anonymity, and Jaeger concluded with a discussion of how forensic examiners can make use of Whonix’s Debian base to conduct investigations.

The following session was presented by Jessica Eastell and Peter Lowery, providing an insight into the effect of fictional media on cybercrime, both in terms of criminals’ ambitions and the expectations of a court jury. Case studies were taken from popular television series and video games, with Eastell and Lowery discussing which of the scenarios given in these media were potentially possible or likely to occur, and how investigation of such crimes would differ from the way it is presented in fiction.

The session provoked a significant level of discussion from the audience, and the discussion also turned to how the media in general report on cybercrimes and digital investigations. It was widely agreed that public education in the area was needed, particularly for members of the jury in cybercrime cases.

Big data was the next topic of the day, with Tom Robinson looking into the ethical and security concerns of companies using big data solutions, and of investigations that require big data triage. The presentation covered the more philosophical areas of the subject as well as the usual practical points of discussion; Robinson raised the question of how much data individuals are willing to share, and who is responsible for its safekeeping?

Janice Rafraf continued the afternoon sessions with an exploration of cloud environments and how digital forensic analysts can come up against new legal challenges when investigating them. Jurisdictional issues were of particular interest, with cloud hosting often not being tied to one specific legal territory. Lack of system activity logs and storage elasticity can also bring challenges: whilst it may be difficult even in the case of analysing a home computer to verify whether a particular individual was using a device at any given time, the problem is amplified in cloud environments, and this challenge will only grow larger as more and more people move their data onto the cloud.

The next TDFCon will be held in Middlesbrough on the 13th of May 2016. Anyone interested in attending should consult the official website for details.

Leave a Comment

Latest Videos

Si and Desi interview Emi Polito from Amped about how to become an Amped FIVE Certified Examiner (AFCE). They discuss the exam requirements, format, timeline for certification, and Amped’s future plans. Emi explains that the certification is aimed at demonstrating competency with the Amped FIVE video analysis software after completing training. The exam consists of multiple choice questions on theory and practical exercises using the software. Emi talks about the online exam format and process for passing or failing.

Emi also discusses the broader challenges many organizations face with validation and accreditation. He emphasizes Amped's commitment to developing tools that facilitate that process. The hosts reflect on the confusing accreditation landscape and Amped’s passion for improving training and certification in forensics. This episode provides an overview of Amped's new certification and perspective on challenges in the field of video forensics.

Show Notes:

Introducing The AFCE Certification (Amped FIVE Certified Examiner) - https://www.forensicfocus.com/news/introducing-the-afce-certification-amped-five-certified-examiner/

Video Evidence Principles With Amped Software - https://www.forensicfocus.com/podcast/video-evidence-principles-with-amped-software/

Digital Image Authenticity And Integrity With Amped Authenticate - https://www.forensicfocus.com/podcast/digital-image-authenticity-and-integrity-with-amped-authenticate/

File Analysis And DVR Conversion Training From Amped Software - https://www.forensicfocus.com/reviews/file-analysis-and-dvr-conversion-training-from-amped-software/

Amped FIVE Speed Estimation 2d Filter And Training From Amped Software - https://www.forensicfocus.com/reviews/amped-five-speed-estimation-2d-filter-and-training-from-amped-software/

Amped Software’s Martino Jerian on Key Challenges and Opportunities for Video Evidence - https://www.forensicfocus.com/podcast/amped-softwares-martino-jerian-on-key-challenges-and-opportunities-for-video-evidence/

LEVA 2023 Training Symposium - https://www.leva.org/

Forensic Collision Investigation & Reconstruction Ltd - https://www.fcir.co.uk/

Amped FIVE Certified Examiner - https://ampedsoftware.com/afce-certification 

Introducing the Amped FIVE Certification Program - https://blog.ampedsoftware.com/2023/10/04/introducing-the-amped-five-certification-program

Amped Software YouTube - https://www.youtube.com/ampedsoftware
How to Use the Validation Tool in Amped FIVE - https://blog.ampedsoftware.com/2023/03/29/how-to-use-the-validation-tool-in-amped-five

Si and Desi interview Emi Polito from Amped about how to become an Amped FIVE Certified Examiner (AFCE). They discuss the exam requirements, format, timeline for certification, and Amped’s future plans. Emi explains that the certification is aimed at demonstrating competency with the Amped FIVE video analysis software after completing training. The exam consists of multiple choice questions on theory and practical exercises using the software. Emi talks about the online exam format and process for passing or failing.

Emi also discusses the broader challenges many organizations face with validation and accreditation. He emphasizes Amped's commitment to developing tools that facilitate that process. The hosts reflect on the confusing accreditation landscape and Amped’s passion for improving training and certification in forensics. This episode provides an overview of Amped's new certification and perspective on challenges in the field of video forensics.

Show Notes:

Introducing The AFCE Certification (Amped FIVE Certified Examiner) - https://www.forensicfocus.com/news/introducing-the-afce-certification-amped-five-certified-examiner/

Video Evidence Principles With Amped Software - https://www.forensicfocus.com/podcast/video-evidence-principles-with-amped-software/

Digital Image Authenticity And Integrity With Amped Authenticate - https://www.forensicfocus.com/podcast/digital-image-authenticity-and-integrity-with-amped-authenticate/

File Analysis And DVR Conversion Training From Amped Software - https://www.forensicfocus.com/reviews/file-analysis-and-dvr-conversion-training-from-amped-software/

Amped FIVE Speed Estimation 2d Filter And Training From Amped Software - https://www.forensicfocus.com/reviews/amped-five-speed-estimation-2d-filter-and-training-from-amped-software/

Amped Software’s Martino Jerian on Key Challenges and Opportunities for Video Evidence - https://www.forensicfocus.com/podcast/amped-softwares-martino-jerian-on-key-challenges-and-opportunities-for-video-evidence/

LEVA 2023 Training Symposium - https://www.leva.org/

Forensic Collision Investigation & Reconstruction Ltd - https://www.fcir.co.uk/

Amped FIVE Certified Examiner - https://ampedsoftware.com/afce-certification

Introducing the Amped FIVE Certification Program - https://blog.ampedsoftware.com/2023/10/04/introducing-the-amped-five-certification-program

Amped Software YouTube - https://www.youtube.com/ampedsoftware
How to Use the Validation Tool in Amped FIVE - https://blog.ampedsoftware.com/2023/03/29/how-to-use-the-validation-tool-in-amped-five

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_VKk-mhlae1c

Becoming An Amped FIVE Certified Examiner (AFCE)

Forensic Focus 1st December 2023 4:25 pm

Subscribe to the Forensic Focus Podcast: https://www.forensicfocus.com/podcast/

Si and Desi are joined by Brittany and Ailsa from digital forensics software company ADF Solutions. They discuss how ADF is addressing key challenges for digital forensics practitioners, including handling the massive volumes of data from mobile devices and the cloud.

The guests outline ADF's focus on developing their software as an easy-to-use onsite triage tool that can help quickly identify pertinent evidence. Key features include advanced handling of video files, AI-assisted classification of images, and new screen recording capabilities for mobile devices that allow suspects to safely share relevant data. 

The hosts and guests also explore ADF's ongoing research into areas like facial recognition, handling new device types like games consoles and smart watches, and identifying deepfake media.

00:00 – Introduction to Ailsa and Brittany
03:00 – The challenge of vast amounts of data
05:50 – Recovering data from Chromebooks
08:50 – Triaging using ADF tools
12:30 – Benefits of using ADF Solutions’ tools
15:50 – Limitations in types of apps
17:20 – Keeping up with technological advancements
19:15 – ADF customer base
21:00 - Artificial intelligence in classifying images
30:00 – ADF Solutions’ triaging kit
37:00 – Training with ADF
40:00 – Target user
44:50 – Roadmap of future devices to examine
51:30 – Main focus for ADF Solutions going forwards

Show Notes:
AI-generated CSAM article on Sky News - https://news.sky.com/story/thousands-of-ai-generated-child-abuse-images-being-shared-online-research-finds-12991727

Subscribe to the Forensic Focus Podcast: https://www.forensicfocus.com/podcast/

Si and Desi are joined by Brittany and Ailsa from digital forensics software company ADF Solutions. They discuss how ADF is addressing key challenges for digital forensics practitioners, including handling the massive volumes of data from mobile devices and the cloud.

The guests outline ADF's focus on developing their software as an easy-to-use onsite triage tool that can help quickly identify pertinent evidence. Key features include advanced handling of video files, AI-assisted classification of images, and new screen recording capabilities for mobile devices that allow suspects to safely share relevant data.

The hosts and guests also explore ADF's ongoing research into areas like facial recognition, handling new device types like games consoles and smart watches, and identifying deepfake media.

00:00 – Introduction to Ailsa and Brittany
03:00 – The challenge of vast amounts of data
05:50 – Recovering data from Chromebooks
08:50 – Triaging using ADF tools
12:30 – Benefits of using ADF Solutions’ tools
15:50 – Limitations in types of apps
17:20 – Keeping up with technological advancements
19:15 – ADF customer base
21:00 - Artificial intelligence in classifying images
30:00 – ADF Solutions’ triaging kit
37:00 – Training with ADF
40:00 – Target user
44:50 – Roadmap of future devices to examine
51:30 – Main focus for ADF Solutions going forwards

Show Notes:
AI-generated CSAM article on Sky News - https://news.sky.com/story/thousands-of-ai-generated-child-abuse-images-being-shared-online-research-finds-12991727

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_4z-EgH54KZk

The Power Of Digital Forensics: How ADF Solutions Is Revolutionizing The Digital Forensics Industry

Forensic Focus 30th November 2023 2:57 pm

This error message is only visible to WordPress admins

Important: No API Key Entered.

Many features are not available without adding an API Key. Please go to the YouTube Feed settings page to add an API key after following these instructions.

Latest Articles