Detego Global’s Trevor Wooding on Investigative Challenges and How Detego’s Products Help Overcome Them

Forensic Focus talks to Trevor Wooding, Detego’s Digital Forensics Consultant and Technical Director about his experience in lab-based investigations and training, the challenges faced by investigators, and how Detego keeps evolving their products to give customers an edge in the digital forensics space. 

Trevor, could you tell us a bit about your experience and what got you into digital forensics? 

20 years ago I left university with my eyes set on forensics. In conversation with my godfather, who was a senior officer at SO15, I learned of a private company doing exciting things in the relatively new discipline of digital forensics (computers, phones, cell site, audio, video etc.) who were working with SO15 and other groups.

He contacted them on my behalf, I interviewed and got an analyst job, stayed there for 14 years and worked my way up to managing the digital forensics (DF) division. Along the way I was involved in many exciting high-profile cases; finding and presenting evidence as an expert witness.

Drawing on your extensive experience in lab-based investigations, what would you say are the common challenges faced by investigators? 

Get The Latest DFIR News

Join the Forensic Focus newsletter for the best DFIR articles in your inbox every month.

Unsubscribe any time. We respect your privacy - read our privacy policy.

The biggest challenge is the sheer number of devices present per investigation and the high volumes of data held on each device. Finding the gold (or ensuring there is no gold) in all that dust and presenting it simplistically is key. With this continuing factor, labs have begun to bring front-line officers into the process, which is a good idea and can – and has – reduced device numbers being brought into the lab via the on-scene or pre-lab triage method.

Adopting these methodologies have helped reduce the high volumes of devices sent to labs, but investigation backlogs are still quite prevalent. 

Whenever we move some aspect of analysis away from the ‘experts’ we introduce risk. The challenge is to define, understand and accept such risk. This is a challenge, especially for law enforcement (LE), where analysis of evidence is so fastidiously reviewed in adversarial trials. Things are slowly getting better, but there’s a long way to go. 

What made you choose your role at Detego for your next chapter? Tell us what it entails?  

I was seeking a next chapter that was less analytical and more ‘behind the scenes’ in the realm of DF. I’d had children and this changed how the child sexual exploitation (CSE) material, which is a large part of the role, affected me and therefore how I wished to progress.

I went from a career path solely in analysis and as an expert witness,  to one of driving development and the skills of others; I had already run a number of DF labs, so when I saw this role – a mix of analysis, DF software development, interesting clients and travel – I took the step. 

What I saw when I got there was even better. Detego’s software is much more comprehensive than the DF software I was used to using in my previous roles – it had an imaging speed via Ballistic Imager which I wished I’d had when running the labs. The ability to combine phone and computer and loose media in one suite was also novel and something I could have used daily. 

My day to day includes (but isn’t limited to!):

  • Driving the technical decisions through our software, and training DF investigation and DOMEX teams around the world.
  • Overseeing the outsourcing / analytical work we do in addition to software development – we have a number of contracts with LE and private groups to deliver best evidence reports from digital devices.
  • Leading the standardisation in our work practices – for example, ISO 17025 for our outsource work, and complying with 27001 for data and information security. 

With your experience in training investigators in the military, law enforcement and enterprise environments, would you say there’s a significant variation in the challenges faced across these sectors? 

A core difference across those three fields is the level of forensication applied (although this is changing with military groups applying a more forensic approach to exploiting digital data and enterprise groups becoming more transparent), the speed of expected results and, arguably, the consequences of such analyses. So,  is the potential outcome a criminal record?  A fine? Being fired? Or from the more military perspective being interrogated, or worse?!

A major difference for our military clients over the other two is that DF is unlikely to be their main, everyday job, so their training and software needs to be simple to learn and use – never forgetting, of course, they’re far more likely to need results faster than the other two due to the locations and situations they work in. 

What would you say are upcoming challenges for digital forensics investigators, and what is Detego doing to help overcome them on the product development and training fronts? 

Encryption and privacy – as the consumer asks for, and gets, more security and privacy for their device/platform experiences, the challenge increases for the DF investigator to actually gain access to locked/encrypted devices where the key/code is not supplied, or, if we have access, to acquire the datasets simply and present them clearly for analysis.

Detego and its partners work hard to keep the ability to bypass encryption or passcodes/passwords possible and importantly easy to perform. We take advantage of hardware to make it quick(er) and  use intuitive UI to make it simple to perform.  

Detego is built to be simple, something that not all tools have, for example we’ll detect your hardware and apply as best fits the specification, rather than you needing to set it up manually. We also build it into the core software so there’s no need to export and analyse a file/OS like others, plus you can set the decryption going and carry on with other analysis within the case.

What do you enjoy doing in your spare time? 

I love a good ludicrous Hollywood blockbuster, and like any true nerd I love watching maths, science and tech videos (shout-out to 3blue1brown, computerphile, PBS Spacetime).

I don’t play rugby anymore (I’m old and broken) but I keep involved by assisting in the coaching of my son and daughter’s teams). #AylesfordBulls

I do bootcamp fitness and play tennis to keep active.

Leave a Comment

Latest Videos

Digital Forensics News Round-Up, June 19 2024 #dfir #digitalforensics

Forensic Focus 19th June 2024 2:46 pm

Digital Forensics News Round-Up, June 19 2024 #dfir #digitalforensics

Forensic Focus 19th June 2024 2:14 pm

Digital Forensics News Round-Up, June 12 2024 #dfir #digitalforensics

Forensic Focus 12th June 2024 5:51 pm

This error message is only visible to WordPress admins

Important: No API Key Entered.

Many features are not available without adding an API Key. Please go to the YouTube Feeds settings page to add an API key after following these instructions.

Latest Articles