Chuck, tell us a bit about yourself. What does a day in your life look like?
Well I stay very busy. I am always working on a new book or paper. I travel all over the world consulting and conducting training on a variety of computer security related topics.
You've recently published a paper on how graph theory can be used to model forensic examinations. What is graph theory?
Graph theory is a part of discrete mathematics and it is used to study the relationship between objects. It has been widely used in network optimization.Can you give us an overview of your paper's aims and methodology?
This is actually the third in a series of papers. I have also presented this research at numerous conferences including Secure World Dallas (2016), IAFLS in Cairo (January 2017), Enfuse (May 2017), and will be presenting it at ISC2 Security Congress later this year.
The concept is to completely model a digital forensics investigation using graph theory. In complex cyber breaches, there are often multiple possible perpetrators. It can be quite difficult to determine who actually committed the breach. Having a complete, mathematical model of all the elements in the case can provide a clearer view of what suspect is more likely. And this is not just applicable to criminal investigations. It can be used in incident response to completely model an incident and determine if it closely matches other incidences.
What conclusions did you reach in the course of your research?
Conclusions might not be the right way to describe this. This a new proposed methodology. So far, the response to both papers and presentations has been overwhelmingly positive. This methodology provides a tool to completely map an investigation and thus have a better idea of who committed the crime.
Has graph theory been used in digital forensic investigations in the past?
Only in limited, narrow instances. For example, while it is not digital forensics it is forensics: there was a case where a researcher used graph theory to trace cutting agents in heroin seized by police officers in order to determine the origin. My methodology is a new approach. It involves using graph theory in a very broad, general way, to completely model an investigation.
In your opinion, how important is it to apply pure mathematical models to digital forensic investigation, and how can we encourage this?
Whenever it is possible to apply a mathematical tool to an investigation, I think it should be done. Of course, not every tool is appropriate for every investigation, and my methodology is no exception. I think this is part of a broader need in digital forensics: more science is needed. We are the only field of forensics wherein many practitioners lack a good scientific background.
For example, if you meet someone who does DNA forensics, it is a given that this person has a solid background in biology and chemistry. If you encounter a forensic accountant, he or she will have an accounting degree with many years of accounting experience. But in digital forensics, it is very common to meet practitioners with little or no computer science training. This is the broader problem and the more we can include scientific methodology, such as mathematical modeling, the more we can improve the situation in digital forensics.
One of the common challenges we come up against in digital forensics is trying to get academia, corporate and law enforcement to work together. How important do you think this is, and what can we as practitioners do to make it happen?
I think it is important. There are two real problems: academics whose work is far removed from practical applications and practitioners who lack a strong scientific background. Attending conferences is one way to start interacting. And to seek out those on ‘the other side’ of the issue.
Finally, when you're not working, what do you enjoy doing in your spare time?
I am mostly an obsessive compulsive, that is always working on something.
About Chuck Easttom
Chuck is a computer scientist, inventor, consultant, and author with over 25 years' experience in the industry. He conducts research into digital forensics, computer science and mathematics. Previous papers and presentations, as well as tutorials on graph theory, can be found on Chuck's website.