John Huperetes, Senior Forensics Instructor

John Huperetes is a sub-contractor to the US Department of Defense and any views herein do not represent those of his contractor or of the DoD.

John, please tell us about your current role.

I am contracted to be “senior forensics instructor” and assist in developing and delivering cyber investigation training courses for DoD organizations, Defense Criminal Investigative Organizations (DCIO), military counterintelligence agencies, and law enforcement organizations.

This gives me the opportunity to review and sometimes experiment with bleeding edge digital forensics, and transfer the acquired knowledge to others.I started off tinkering with electronics at a very early age. I was much better at shredding electronics than putting them back together. I moved to programming, first for processors, memory and controllers, thereafter databases and finally networks. A few consulting stints and I shifted to security permanently.

Incident response in security naturally pushes into forensics. A few more permanent and consulting jobs, and about a decade ago I took a job with a large financial firm working on forensics.


Get The Latest DFIR News

Join the Forensic Focus newsletter for the best DFIR articles in your inbox every month.


Unsubscribe any time. We respect your privacy - read our privacy policy.

I got a call from a contractor for my current job, and that is how I ended up here.

What is the most challenging thing about your job? What do you find the most enjoyable?

The most challenging part of my job is always having an open mind toward new techniques and ideas. It is not just a time consuming but also an exhausting process. It is not unusual in our field to learn something, just to later discover that there are caveats galore! I enjoy the camaraderie of the experts, instructors and students, and the new discoveries I get to make.

In your opinion, what are the current hot topics in digital forensics? What should we be looking out for as forensics professionals?

There are many – some are technology related, some are regulatory, some are community and some are just local issues.

I think major overlap of distinct technologies, yet specialization in various areas is one of the hot topics. For example mobile phones and smart devices are getting closer to being general purpose computers. At the same time there are some very special forensic requirements around these devices which are not present (yet) in most computers. Some say specialization is required, and some say existing methodologies can be ported without issue. Some say special training is needed, and some suggest general purpose is sufficient.

Another hot button topic is licensing and certifications. With all the tribulations other forensic branches are going through, it is just time before ours is scrutinized.What licensing should be imposed, if any, on the industry? Who decides what is a valuable certification? Which certifications are worth pursuing?

Finally, push button forensics is a topic that comes up often – the “CSI effect”, whereby waiting for some beeps and blinking lights will resolve everything in just a few minutes. Unfortunately we have some practitioners who lack some fundamental knowledge yet present themselves as experts. We do have some tools that work almost in push-button fashion. Yet, when such a “CSI effect” practitioner is probed further the answers are muddled and cringeworthy. Remember the “caveats galore”? By its very nature, push-button tools cannot and will not account for all the out of norm caveats.

What advice would you give to people who are just starting out in digital forensics? What do you wish you’d known when you first started?

Quit, and become a farmer.

Your labor will be positive, as you will feed or clothe someone. As a forensicator, your work will rarely be about exoneration. As a farmer, your outcome is almost always positive to the humans. As a forensics investigator, the outcome is almost always negative to at least someone. That can grind a person down.

Ever hear of a farmer that needs periodic psychological consultation because they have nightmares from looking at their crops? There are plenty in the digital forensics field that will attest to sleepless nights.

A long time farmer will be able to take a hand shake and trust his fellow man. As a forensics investigator one can become jaded and learn to mistrust most people. A certain mistrust, even paranoia in our field is not unusual.

A farmer can come home and talk to the family about Bessy giving less milk. You will most often not be able to, and would not want to discuss your work at home.

Our field is a vertical market. That is, few buyers and they are in specialized industries. Our industry is jam packed with “experts”, and big name firms with their “experts”. Everyone who has seen a few episodes of CSI and NCIS is an “expert”. Your chances of hitting it big financially is slim.

You will not get $1,000 suits. You will not drive the latest model cars. You will not be working with perfect 10 looking co-workers.

If you still insist on being in digital forensics, make sure you enjoy reading, have the aptitude to do digital track-down of information, then join the military. Once you become a civilian, get several “certifications of the day”, possibly a forensics or security baccalaureate, and join a firm to apprentice. Later down the road you might be able to hang out your own shingle.

I wish I had known in the beginning that it is not necessary to know everything, just to know where to look and whom to ask.

What do you do in your spare time?

I spend time with family, work around the house, hike, cook, and read. I try to stay way from the computer and TV.

John posts in the Forensic Focus forums under the username 'jhup'.

Leave a Comment

Latest Videos

In this episode of the Forensic Focus podcast, Si and Desi explore how artificial intelligence is being leveraged to uncover crucial evidence in investigations involving child sexual abuse material (CSAM) and examine the importance of exercising caution when implementing these tools. 

They also discuss a recent murder case in which cyber experts played a vital role in securing a conviction, and explore the unique challenges associated with using digital evidence as an alibi.

Show Notes:

A Practitioner Survey Exploring the Value of Forensic Tools, AI, Filtering, & Safer Presentation for Investigating Child Sexual Abuse Material (CSAM) - https://dfrws.org/wp-content/uploads/2019/06/2019_USA_paper-a_practitioner_survey_exploring_the_value_of_forensic_tools_ai_filtering_safer_presentation_for_investigating_child_sexual_abuse_material_csam.pdf

Man charged with NI murder ‘faked live stream to provide alibi’ (The Guardian) - https://www.theguardian.com/uk-news/2023/feb/02/man-charged-with-ni-faked-live-stream-to-provide-alibi

A YouTuber accused of murder faked a 6-hour livestream to produce an alibi (Sportskeeda) - https://www.sportskeeda.com/esports/news-a-youtuber-accused-murder-faked-6-hour-livestream-produce-alibi

European Interdisciplinary Cybersecurity Conference (EICC) 2023 - https://www.forensicfocus.com/event/european-interdisciplinary-cybersecurity-conference-eicc-2023/#more-493234

YouTuber reportedly faked GTA livestream to have an alibi while he committed murder (Dexerto) - https://www.dexerto.com/entertainment/youtuber-reportedly-faked-gta-livestream-to-have-an-alibi-while-he-committed-murder-2052974/

Forensic Europe Expo - https://www.forensicfocus.com/event/forensic-europe-expo/#more-493225

In this episode of the Forensic Focus podcast, Si and Desi explore how artificial intelligence is being leveraged to uncover crucial evidence in investigations involving child sexual abuse material (CSAM) and examine the importance of exercising caution when implementing these tools.

They also discuss a recent murder case in which cyber experts played a vital role in securing a conviction, and explore the unique challenges associated with using digital evidence as an alibi.

Show Notes:

A Practitioner Survey Exploring the Value of Forensic Tools, AI, Filtering, & Safer Presentation for Investigating Child Sexual Abuse Material (CSAM) - https://dfrws.org/wp-content/uploads/2019/06/2019_USA_paper-a_practitioner_survey_exploring_the_value_of_forensic_tools_ai_filtering_safer_presentation_for_investigating_child_sexual_abuse_material_csam.pdf

Man charged with NI murder ‘faked live stream to provide alibi’ (The Guardian) - https://www.theguardian.com/uk-news/2023/feb/02/man-charged-with-ni-faked-live-stream-to-provide-alibi

A YouTuber accused of murder faked a 6-hour livestream to produce an alibi (Sportskeeda) - https://www.sportskeeda.com/esports/news-a-youtuber-accused-murder-faked-6-hour-livestream-produce-alibi

European Interdisciplinary Cybersecurity Conference (EICC) 2023 - https://www.forensicfocus.com/event/european-interdisciplinary-cybersecurity-conference-eicc-2023/#more-493234

YouTuber reportedly faked GTA livestream to have an alibi while he committed murder (Dexerto) - https://www.dexerto.com/entertainment/youtuber-reportedly-faked-gta-livestream-to-have-an-alibi-while-he-committed-murder-2052974/

Forensic Europe Expo - https://www.forensicfocus.com/event/forensic-europe-expo/#more-493225

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_7QiFTiuY7Vw

AI In CSAM Investigations And The Role Of Digital Evidence In Criminal Cases

Forensic Focus 22nd March 2023 11:44 am

Throughout the past few years, the way employees communicate with each other has changed forever.<br /><br />69% of employees note that the number of business applications they use at work has increased during the pandemic.<br /><br />Desk phones, LAN lines and even VOIP have become technologies of the past workplace environment as employees turn to cloud applications on their computers and phones to collaborate with each other in today’s workplace environment.<br /><br />Whether it’s conversations in Teams, file uploads in Slack chats, or confidential documents stored in Office 365, the amount of data stored and where it is stored, is growing quicker than IT and systems administrators can keep up with.<br /><br />Corporate investigators and eDiscovery professionals need to seamlessly collect relevant data from cloud sources and accelerate the time to investigative and discovery review.<br /><br />With the latest in Cellebrite’s remote collection suite of capabilities, investigators and legal professionals can benefit from secure collection with targeted capabilities for the most used workplace applications.<br /><br />Join Monica Harris, Product Business Manager, as she showcases how investigators can:<br /><br />- Manage multiple cloud collections through a web interface<br />- Cull data prior to collection to save time and money by gaining these valuable insights of the data available<br />- Collect data from the fastest growing cloud collaboration applications like Office365, Google Workspace, Slack and Box<br />- Login to a single source for workplace app collection without logging into every app and pulling data from multiple sources for every employee<br />- Utilize a single unified collection workflow for computer, mobile and workplace cloud applications without the need to purchase multiple tools for different types of collections – a solution unique to Cellebrite’s enterprise solution capabilities

Throughout the past few years, the way employees communicate with each other has changed forever.

69% of employees note that the number of business applications they use at work has increased during the pandemic.

Desk phones, LAN lines and even VOIP have become technologies of the past workplace environment as employees turn to cloud applications on their computers and phones to collaborate with each other in today’s workplace environment.

Whether it’s conversations in Teams, file uploads in Slack chats, or confidential documents stored in Office 365, the amount of data stored and where it is stored, is growing quicker than IT and systems administrators can keep up with.

Corporate investigators and eDiscovery professionals need to seamlessly collect relevant data from cloud sources and accelerate the time to investigative and discovery review.

With the latest in Cellebrite’s remote collection suite of capabilities, investigators and legal professionals can benefit from secure collection with targeted capabilities for the most used workplace applications.

Join Monica Harris, Product Business Manager, as she showcases how investigators can:

- Manage multiple cloud collections through a web interface
- Cull data prior to collection to save time and money by gaining these valuable insights of the data available
- Collect data from the fastest growing cloud collaboration applications like Office365, Google Workspace, Slack and Box
- Login to a single source for workplace app collection without logging into every app and pulling data from multiple sources for every employee
- Utilize a single unified collection workflow for computer, mobile and workplace cloud applications without the need to purchase multiple tools for different types of collections – a solution unique to Cellebrite’s enterprise solution capabilities

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_g6nTjfEMnsA

Tips And Tricks Data Collection For Cloud Workplace Applications

Forensic Focus 20th March 2023 11:00 am

This error message is only visible to WordPress admins

Important: No API Key Entered.

Many features are not available without adding an API Key. Please go to the YouTube Feed settings page to add an API key after following these instructions.

Latest Articles

Share to...