Liwei Ren, Scientific Advisor, Trend Micro

by

Liwei, you're Scientific Advisor at Trend Micro. Could you tell our readers a bit about your role, and what an average day looks like?

I have multiple responsibilities. Internally, I work with a few R&D teams as an adviser for developing novel security technologies powered by mathematical models and advanced algorithms, and I also help introduce cutting-edge technologies to the company through continuous follow-ups and technology evaluation in relevant fields. I visit other R&D centers in Taipei and Nanjing a few times a year for collaborative projects. During the visit, I always conduct a few seminars at Trend University (an internal education program) to share the most recent technologies since I am based in Silicon Valley. In addition, I own an interesting research project in the area of byte-wise approximate matching that aims at building a framework for byte-wise file matching, searching and clustering.Externally, I reach out to both academic and industrial communities to help establish thought leadership for Trend Micro. That is done by conducting academic seminars at universities, speaking at academic/industrial conferences, and exchanging ideas with academic researchers or industrial experts.

My typical day could be pretty boring… I may start a new day by communicating via email with the co-workers in China, UK or Taiwan for the current research projects. Then I would review some news sent from our news bank to follow up with the most recent security news. I may have a meeting with a co-worker who works with me for the current research project that I own. I would read a few industrial white papers or academic papers in various fields of security, or I may write a proposal for filing a patent… I may prepare a PPT for my next external presentation that happens a few times a year. When I have spare time, I would write a few academic papers that I never get done. 🙂 In the evening, once in a while, I may attend a few technical meet-ups organized by Silicon Valley professionals.

Your PhD was in Mathematics; what first drove you to work in digital forensics?

What drove me was my interest in e-discovery, which is a security field near digital forensics. I have been studying e-discovery in the past few years. There are a few mathematical problems in e-discovery that invite my interest, for example, the problem of near de-duplicate, and predictive coding technique.


Get The Latest DFIR News

Join the Forensic Focus newsletter for the best DFIR articles in your inbox every month.


Unsubscribe any time. We respect your privacy - read our privacy policy.

At DFRWS you presented a theoretic framework for evaluating similarity digesting tools. Could you briefly outline your presentation for our readers?

This presentation is an effort to unify the description of what byte-wise similarity is all about. It is done by providing a mathematical model to describe byte-wise similarity rigorously. A framework based on this model defines similarity in a uniform format so that it gets easier and clearer for us to evaluate various similarity digesting algorithms in terms of pros & cons. Three existing open source tools {ssdeep, sdhash , TLSH} are evaluated under this theoretical framework. The results agree with what I evaluated via data experiment.

TLSH, sdhash and ssdeep are all open source solutions. In your opinion, how do open source tools and solutions in general compare with their commercial counterparts?

I am not aware of any commercial tools for similarity digesting. I am sure there must be some, however, I never evaluated one. As to open source solutions in general, some are very good and some may have annoying bugs that seem to take forever to fix. An open source solution takes many years to arrive at maturity. So one needs cautious evaluation prior to adopting one in products or solutions. Hence, one needs to balance between cost and rapid software development. For critical components in products where I was the architect, I prefer to use commercial software APIs mainly for their stability and support unless the open source software is stable and great.

You also conduct research into big data analysis, which was a topic that came up frequently at DFRWS. In your opinion, what can digital forensics investigators and tool developers do to address the challenges of big data triage and analysis in investigations?

Yes, big data analysis will absolutely be an important practice in the security industry for years to come. For example, a few security startups in Silicon Valley are building next generation SIEM systems based on big data analytics. Yet a few other security companies are applying big data analytics to provide more effective solutions against APT attacks. As to the area of digital forensics, I believe big data analysis can play an important role as well. In the era of cloud computing & big data, the volume of data under investigation may be tremendous, the traditional approaches may take a longer time or just be impossible to carry on. Novel approaches or tools must be developed to overcome the challenges; big data analytics is a rescue. However, the capability of building big data analytics based investigation tools depends on how deeply the developers understand the underlying problems in the big data environment, and how fluently they are able to use mathematical models to describe the problems so that analytical solutions will follow.

What trends do you see currently in forensic computing, and what new challenges do you envisage in the future?

I am not an expert yet in forensic computing so I cannot speak about the trends… however, I do see novel challenges caused by new computing platforms such as clouds, mobile devices and even IoT. Actually, I am using e-discovery as a reference… I am more comfortable talking about e-discovery.

Finally, what do you do in your spare time?

I spend most of my spare time with family, especially with my son for his after-school activities. My family travels a lot in summer time, for example, visiting other countries and US national parks, or camping a few times in state parks in California. I engage in a few local communities as well. As an experienced entrepreneur, I have been invited by local startups or incubators frequently to share my knowledge of building a hi-tech company.

Liwei Ren is a mathematician and entrepreneur, and currently holds the position of Scientific Advisor at Trend Micro, who develop digital security solutions worldwide. Liwei has twenty-three US patents and is a frequent speaker at conferences and seminars in academia and industry.

Forensic Focus interviewed Liwei at DFRWS, the annual Digital Forensics Research Workshop, which took place in Dublin from the 23rd-26th of March. The next workshops will be held in Philadelphia in August 2015, and Switzerland in March 2016. You can find out more and register here.

Leave a Comment

Latest Videos

Forensic Focus

Forensic Focus
Read more on all these stories at https://www.forensicfocus.com/news/digital-forensics-round-up-april-17-2024/ #digitalforensics #dfir

Read more on all these stories at https://www.forensicfocus.com/news/digital-forensics-round-up-april-17-2024/ #digitalforensics #dfir

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_wY4_T8IUuxY

Digital Forensics News Round Up, April 17 2024 #digitalforensics #dfir

Forensic Focus 17th April 2024 5:30 pm

Read more at https://www.forensicfocus.com/news/forensic-focus-digest-april-12-2024/

Read more at https://www.forensicfocus.com/news/forensic-focus-digest-april-12-2024/

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_DTjUBPIzVNs

Forensic Focus Digest, April 12 2024 #digitalforensics #dfir

Forensic Focus 12th April 2024 2:31 pm

Join Si and Desi for another episode of the Forensic Focus Podcast. This week, they discuss the lack of transparency and potential misrepresentation in the cybersecurity industry, particularly regarding the use of open-source tools by companies and the questionable interpretation of data and statistics in marketing and advertising. The conversation also delves into the implications of relying on computer systems and algorithms to make important decisions, such as in the case of the Post Office scandal in the UK and the Centrelink repayment debacle in Australia. They emphasize the importance of human oversight, critical thinking, and considering the human impact of such decisions, rather than blindly trusting the outputs of computer systems. 00:00 – The state of the digital forensics industry 02:30 – Desi’s talk at BSides Brisbane 05:30 – Sweaty Cyber Advice and Strongman 09:40 – Companies integrating open source software 23:00 – Advertising, statistics and logical fallacies 28:00 – The Post Office scandal and computer accountability 49:00 – Security, compliance and regulations 56:00 – Closing thoughts Show Notes Hardly Adequate YouTube - https://www.youtube.com/@hardlyadequate Oxfordshire’s Strongman & Strongwoman - https:\oxfordshire.rocks\ CPS, Computer Records Evidence - https://www.cps.gov.uk/legal-guidance/computer-records-evidence Your Logical Fallacyis - https://yourlogicalfallacyis.com/ British Post Office Scandal - https://en.wikipedia.org/wiki/British_Post_Office_scandal The Guardian, Robodebt Scandal - https://www.theguardian.com/australia-news/2023/mar/11/robodebt-five-years-of-lies-mistakes-and-failures-that-caused-a-18bn-scandal Tyler Vigen, Spurious Correlations - http://www.tylervigen.com/spurious-correlations Forensic Focus Discord - https://discord.gg/97zKvTXHeS

Join Si and Desi for another episode of the Forensic Focus Podcast. This week, they discuss the lack of transparency and potential misrepresentation in the cybersecurity industry, particularly regarding the use of open-source tools by companies and the questionable interpretation of data and statistics in marketing and advertising.

The conversation also delves into the implications of relying on computer systems and algorithms to make important decisions, such as in the case of the Post Office scandal in the UK and the Centrelink repayment debacle in Australia. They emphasize the importance of human oversight, critical thinking, and considering the human impact of such decisions, rather than blindly trusting the outputs of computer systems.

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_LtdulCL39AU

Cyber Scandals And When (Not) To Trust Computers

Forensic Focus 10th April 2024 6:40 pm

Load More... Subscribe
This error message is only visible to WordPress admins

Important: No API Key Entered.

Many features are not available without adding an API Key. Please go to the YouTube Feeds settings page to add an API key after following these instructions.

Latest Articles

Alex Beddard, Investigator, Chainalysis
Interviews

Alex Beddard, Investigator, Chainalysis

ByForensic FocusApr 18, 2024
Digital Forensics Round-Up, April 17 2024
News

Digital Forensics Round-Up, April 17 2024

ByForensic FocusApr 17, 2024
Magnet Forensics Announces Magnet One, A Revolutionary Platform For The Pursuit Of Justice
News

Magnet Forensics Announces Magnet One, A Revolutionary Platform For The Pursuit Of Justice

ByMagnetForensicsApr 16, 2024
UPCOMING WEBINAR – Fireside Chat: Navigating The Cloud – Expert Insights On Emerging Cloud Threats And Complexities
News

UPCOMING WEBINAR – Fireside Chat: Navigating The Cloud – Expert Insights On Emerging Cloud Threats And Complexities

ByCado SecurityApr 16, 2024
Maltego Acquires PublicSonar And Social Network Harvester To Propel Vision Of An All-in-One Investigation Platform
News

Maltego Acquires PublicSonar And Social Network Harvester To Propel Vision Of An All-in-One Investigation Platform

ByForensic FocusApr 15, 2024
Filip Kachnic, Business Development Manager, Eyedea Recognition Ltd
Interviews

Filip Kachnic, Business Development Manager, Eyedea Recognition Ltd

ByForensic FocusApr 15, 2024