Jason Bailey, Director Of Product Management, OpenText

Jason, can you tell us a bit about yourself and how you got into digital forensics?

Absolutely. I started in the digital forensic industry in 2005 and a friend of mine started a company called Tableau LLC back at the time – not to be confused with Tableau Hardware. He convinced me to leave a stable job in IT security at a healthcare company to come help him grow the company. And the rest was history.So I’ve been in the industry since then. We grew Tableau LLC, and he sold the company in 2010 to Guidance Software. And then just two years ago, Guidance Software was acquired by OpenText and now we’re here.

How long have you been working for OpenText so far?

Two years. One thing I didn’t mention which has actually been more relevant lately: before digital forensics I was in IT security, and then IT infrastructure. That’s been interesting.

About three months ago I took an expanded role, leading product management for all of the security business unit. So that’s basically everything that used to be in software and hardware. That’s my current role: Director of Product Management.


Get The Latest DFIR News

Join the Forensic Focus newsletter for the best DFIR articles in your inbox every month.


Unsubscribe any time. We respect your privacy - read our privacy policy.

So now you're working both on your previous projects like Tableau, and also on EnCase and OpenText's other solutions?

That’s correct. To be specific, this could be EnCase Forensic, Endpoint Investigator and Endpoint Security, and others. Some ancillary products. And it’s been challenging, but also extremely thrilling, to have a great team.

It’s been fun to bring the teams closer together because they’re feeding off each other now. Our goal is to allow the customer to see that we’re a unified product team.

Can you tell us about the latest digital forensics products and solutions from OpenText?

Sure. We announced a few releases at Enfuse 2019, some progress we’re making in a few different areas. For our forensic software, EnCase Forensic, in the new release we’ve made a bit of change in our strategy, we’re proactively doing performance testing and trying to make our product faster. In the past, it’s been more of reactive strategy.

So it’s just a start, but we’ve released a few improvements to three key workflows where examiners can save up to 50% or more of their time doing things like acquiring a drive, previewing and parsing the MFT remotely or locally in NTFS, and then using our enhanced agent, just copying files. I wanted to show the community that we’re dedicated to actually making our products perform better and be more stable.

Some other things in that same release: mounting Apple Time Machine backup, and modifying deleted files from there. And then a number of other features for EnCase forensic and for Tableau Hardware. We just released and talked about one feature at the keynote [during the Enfuse conference].

One of the most exciting things in this release is the pause and resume feature, which gives users the ability to adjust to changing crime-scene conditions, or whatever priorities they have. They can pause a job and resume later. And this even works across power cycles. And it also does forensically sound checkpointing, so that if there is a power loss, they can recover the job.

Another big feature in that same release is the remote web interface. Customers have been asking for that for a long time, and we were finally able to provide it. It’s remote access, secure access, multi-user access. You just have to have network connectivity to the TX1. It’s disabled by default for security reasons, but it’s really easy to enable it. And you get access to everything and it looks exactly like it does on the local interface. It can be used for monitoring. It could be used to deploy or send the TX1 remotely. And if you have a more trained examiner who is just getting remote access to it, they can monitor it or manage data, or whatever they need to do.

What do you think are the current and future challenges in digital forensics?

It’s interesting that in the past 14 years in the industry the theme has not changed: digital evidence is getting larger. There’s more data, and that’s never changed. I don’t think it ever will. It’s funny: it’s a new challenge, but it’s not. So that’s something we’re always struggling with.

But now, in the last few years, as digital evidence is located everywhere, the challenge, I think, is finding ways to allow examiners to find that evidence, to collect it from everything from IoT devices to cloud storage, and on and on. And not just collecting it, but then once you collect it, actually being able to tell a story with that data. So that’s one thing.

Part of data being everywhere, too, is the encryption that’s becoming more prevalent by default in all these devices. So we’re trying to make sure it’s a major theme of ours to both detect when encryption is enabled and then give the user the ability to decrypt it with credentials. And then there are other tools in the industry we partner with.

So that theme of just data everywhere, getting access to it, is very challenging. We have some things we’re trying to do to make that easier. The other thing that’s extremely challenging is that, as always, there aren’t enough good guys to go after the bad guys. And so we are trying to make our products easier to use. EnCase has been known as a deep dive forensic tool, and we don’t plan on changing that. But what we need to do is figure out a way to allow untrained examiners to use our tool and get a little bit of value out of it, without going through extensive training. And the same for trained examiners who don’t have time. So we’ll be looking at ways to add more data, summary views, and triage type capabilities to get people to do that.

What is the best way for an examiner to keep their knowledge up to date in such a constantly evolving field?

I’m definitely not an expert on that. However, just being in the industry, I think if someone is a forensic examiner, they’re there because they like to learn. If they don’t like to learn, they’re probably eventually not going to be good enough.

With constant learning, the challenge is, how do you keep up? One thing that’s interesting is that 15 or 20 years ago, there weren’t classes in universities for digital forensics: now there are. So I obviously encourage people to try to get either certifications or maybe even a full degree. There are so many opportunities for higher education. Myself, I really enjoy the online free learning, like the classes on Coursera. There are countless quality classes there, even for digital forensics.

And then just attending these industry events, like Enfuse and many others. One thing we’re going to start doing is bringing back user groups. You know, where did the user forums go, that used to exist? Guidance Software has them, but they’re not marketed. This kind of goes along with the theme, I think, of socializing and sharing knowledge, because the vendors can’t always do it. The community needs to do it. So I think learning from your peers through forums.

And there are a lot of great books out there that again, you can learn a lot from. And the last thing would be forensic journals.

What advice would you give to a young person who wants to become a digital forensic investigator?

That’s a good question. I think having a technical background helps. But I tell people, don’t let a lack of that stop you, because you can learn how to do anything, and you can be valuable at many different levels. I think just fundamentally, if you want to do it, set a goal and make sure you decide how to work towards that goal, and work back from there. Start taking classes; start with free classes. If you don’t have the money to pay for more classes, read as much as you can. You can find a mentor in the industry, I think that’s great as well.

When you're not working, what do you enjoy doing in your spare time?

I always love reading: forums, journals, publications, just even historical non-fiction books if it’s not technical or business related. I have four children in high school, which pretty much takes up all the extra time.

I love the outdoors; I live in Wisconsin, so I spend as much time outdoors as I can. I do a lot of volunteering with children: organizations and sports teams and technology committees, and things like that.

Leave a Comment

Latest Videos

In this episode of the Forensic Focus podcast, Si and Desi explore how artificial intelligence is being leveraged to uncover crucial evidence in investigations involving child sexual abuse material (CSAM) and examine the importance of exercising caution when implementing these tools. 

They also discuss a recent murder case in which cyber experts played a vital role in securing a conviction, and explore the unique challenges associated with using digital evidence as an alibi.

Show Notes:

A Practitioner Survey Exploring the Value of Forensic Tools, AI, Filtering, & Safer Presentation for Investigating Child Sexual Abuse Material (CSAM) - https://dfrws.org/wp-content/uploads/2019/06/2019_USA_paper-a_practitioner_survey_exploring_the_value_of_forensic_tools_ai_filtering_safer_presentation_for_investigating_child_sexual_abuse_material_csam.pdf

Man charged with NI murder ‘faked live stream to provide alibi’ (The Guardian) - https://www.theguardian.com/uk-news/2023/feb/02/man-charged-with-ni-faked-live-stream-to-provide-alibi

A YouTuber accused of murder faked a 6-hour livestream to produce an alibi (Sportskeeda) - https://www.sportskeeda.com/esports/news-a-youtuber-accused-murder-faked-6-hour-livestream-produce-alibi

European Interdisciplinary Cybersecurity Conference (EICC) 2023 - https://www.forensicfocus.com/event/european-interdisciplinary-cybersecurity-conference-eicc-2023/#more-493234

YouTuber reportedly faked GTA livestream to have an alibi while he committed murder (Dexerto) - https://www.dexerto.com/entertainment/youtuber-reportedly-faked-gta-livestream-to-have-an-alibi-while-he-committed-murder-2052974/

Forensic Europe Expo - https://www.forensicfocus.com/event/forensic-europe-expo/#more-493225

In this episode of the Forensic Focus podcast, Si and Desi explore how artificial intelligence is being leveraged to uncover crucial evidence in investigations involving child sexual abuse material (CSAM) and examine the importance of exercising caution when implementing these tools.

They also discuss a recent murder case in which cyber experts played a vital role in securing a conviction, and explore the unique challenges associated with using digital evidence as an alibi.

Show Notes:

A Practitioner Survey Exploring the Value of Forensic Tools, AI, Filtering, & Safer Presentation for Investigating Child Sexual Abuse Material (CSAM) - https://dfrws.org/wp-content/uploads/2019/06/2019_USA_paper-a_practitioner_survey_exploring_the_value_of_forensic_tools_ai_filtering_safer_presentation_for_investigating_child_sexual_abuse_material_csam.pdf

Man charged with NI murder ‘faked live stream to provide alibi’ (The Guardian) - https://www.theguardian.com/uk-news/2023/feb/02/man-charged-with-ni-faked-live-stream-to-provide-alibi

A YouTuber accused of murder faked a 6-hour livestream to produce an alibi (Sportskeeda) - https://www.sportskeeda.com/esports/news-a-youtuber-accused-murder-faked-6-hour-livestream-produce-alibi

European Interdisciplinary Cybersecurity Conference (EICC) 2023 - https://www.forensicfocus.com/event/european-interdisciplinary-cybersecurity-conference-eicc-2023/#more-493234

YouTuber reportedly faked GTA livestream to have an alibi while he committed murder (Dexerto) - https://www.dexerto.com/entertainment/youtuber-reportedly-faked-gta-livestream-to-have-an-alibi-while-he-committed-murder-2052974/

Forensic Europe Expo - https://www.forensicfocus.com/event/forensic-europe-expo/#more-493225

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_7QiFTiuY7Vw

AI In CSAM Investigations And The Role Of Digital Evidence In Criminal Cases

Forensic Focus 22nd March 2023 12:44 pm

Throughout the past few years, the way employees communicate with each other has changed forever.

69% of employees note that the number of business applications they use at work has increased during the pandemic.

Desk phones, LAN lines and even VOIP have become technologies of the past workplace environment as employees turn to cloud applications on their computers and phones to collaborate with each other in today’s workplace environment.

Whether it’s conversations in Teams, file uploads in Slack chats, or confidential documents stored in Office 365, the amount of data stored and where it is stored, is growing quicker than IT and systems administrators can keep up with.

Corporate investigators and eDiscovery professionals need to seamlessly collect relevant data from cloud sources and accelerate the time to investigative and discovery review.

With the latest in Cellebrite’s remote collection suite of capabilities, investigators and legal professionals can benefit from secure collection with targeted capabilities for the most used workplace applications.

Join Monica Harris, Product Business Manager, as she showcases how investigators can:

- Manage multiple cloud collections through a web interface
- Cull data prior to collection to save time and money by gaining these valuable insights of the data available
- Collect data from the fastest growing cloud collaboration applications like Office365, Google Workspace, Slack and Box
- Login to a single source for workplace app collection without logging into every app and pulling data from multiple sources for every employee
- Utilize a single unified collection workflow for computer, mobile and workplace cloud applications without the need to purchase multiple tools for different types of collections – a solution unique to Cellebrite’s enterprise solution capabilities

Throughout the past few years, the way employees communicate with each other has changed forever.

69% of employees note that the number of business applications they use at work has increased during the pandemic.

Desk phones, LAN lines and even VOIP have become technologies of the past workplace environment as employees turn to cloud applications on their computers and phones to collaborate with each other in today’s workplace environment.

Whether it’s conversations in Teams, file uploads in Slack chats, or confidential documents stored in Office 365, the amount of data stored and where it is stored, is growing quicker than IT and systems administrators can keep up with.

Corporate investigators and eDiscovery professionals need to seamlessly collect relevant data from cloud sources and accelerate the time to investigative and discovery review.

With the latest in Cellebrite’s remote collection suite of capabilities, investigators and legal professionals can benefit from secure collection with targeted capabilities for the most used workplace applications.

Join Monica Harris, Product Business Manager, as she showcases how investigators can:

- Manage multiple cloud collections through a web interface
- Cull data prior to collection to save time and money by gaining these valuable insights of the data available
- Collect data from the fastest growing cloud collaboration applications like Office365, Google Workspace, Slack and Box
- Login to a single source for workplace app collection without logging into every app and pulling data from multiple sources for every employee
- Utilize a single unified collection workflow for computer, mobile and workplace cloud applications without the need to purchase multiple tools for different types of collections – a solution unique to Cellebrite’s enterprise solution capabilities

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_g6nTjfEMnsA

Tips And Tricks Data Collection For Cloud Workplace Applications

Forensic Focus 20th March 2023 12:00 pm

This error message is only visible to WordPress admins

Important: No API Key Entered.

Many features are not available without adding an API Key. Please go to the YouTube Feed settings page to add an API key after following these instructions.

Latest Articles

Share to...