Nicole, you started out in chemistry and biological sciences before moving from orthopedics to digital forensics. What prompted you to pivot into the cyber world?
I actually get asked that question quite frequently, as my background has a little bit of everything; however, all of my experiences are centered on some type of science. I have always enjoyed researching and building from small ideas, so I knew that I wanted to pursue science in my undergraduate studies. Chemistry was the most inviting because it was so hands-on, and I knew I could focus on something I really enjoyed while taking the extra classes that would allow me to pursue the medical sciences. Once I graduated, I looked for a job in medical research and got the opportunity to experience the human-related aspect; however, I quickly realized that I wanted to go back to school and pursue a degree that allowed me to work in a setting where every day is different within the lab. It was actually a friend who told me that I should look into the forensic sciences because he felt like it was right up my alley, and I’m so grateful for his push.Forensic science was always on my radar, but I never actively pursued it prior to my master’s degree from Marshall University. Their forensic science graduate program allows you to come in and study four different disciplines within the forensic sciences, and through this I was able to feel out the different areas and decide what I wanted to pursue. They have an amazing digital forensics emphasis as part of their Master of Science in Forensic Science (MSFS) degree, in addition to a separate graduate certificate in digital forensics. From the very beginning, both the classes and the experiences that I was able have as a graduate assistant in the digital forensics discipline really pulled me into the cyber world and allowed me to practice a different kind of science than I was typically used to working in. The fact that there are so many variables you can encounter that are constantly changing and advancing on a day-to-day or case-by-case basis makes this discipline and field of work so enjoyable, I really had no choice but to take the plunge.
Tell us about your current role at the Virginia Department of Forensic Science. What does a typical day look like for you?
Up through July of 2019, I was employed as a Forensic Scientist Trainee at the Virginia Department of Forensic Science (DFS) in the Digital & Multimedia Evidence (DME) Section with a focus on computer, mobile, and data storage device analysis. This role involved studying up on the techniques utilized here in the DME laboratory, completing mock casework through the examination and analysis of datasets from mobile device proficiency tests, and performing research projects pertaining to different methods we utilize or various applications from mobile devices in an effort to build upon our techniques.
At the end of July, I successfully completed my training program at the Virginia DFS and became a qualified examiner in Digital & Multimedia Evidence. The day-to-day tasks in my new role as a Forensic Scientist are very similar to when I was a trainee except that now I am actively receiving and processing forensic evidence, performing examinations and analyses, as well as interpreting results, preparing reports of my findings, and providing expert witness testimony related to these analyses as needed.
You presented an investigation of wearable devices at Techno Security in Myrtle Beach earlier this year. How did your background prepare you for doing this research?
This project took a lot of forethought and preparation to ensure that one part didn’t negatively impact another, so having experience planning and documenting research projects which involved a high amount of variability was a great help during this research.
I think it also prepared me to expect the unexpected. I’ve realized that research never really goes the way you want it to from the beginning. There are usually setbacks and obstacles to navigate; so having prior knowledge of the different complications that might arise, or additional questions that may need to be answered along the way, was a valuable tool to have during this venture.
When you introduced your research at Techno, you talked about wanting to find an extraction methodology without relying on rooted or jailbroken devices. Why did you see that as important to the existing body of IoT forensics research?
Rooting, and other bypassing techniques, definitely have their place in digital forensics. More and more you see examiners accepting these methods as necessary in their everyday work. However, some labs require a lot of special permissions or thorough documentation to be able to take advantage of these techniques, especially if they aren’t natively built into the commercial software being utilized to acquire the devices; and with IoT devices becoming a major player in this field, methodologies need to be explored that are effective and appropriate for every lab. This is one major reason why we wanted to pursue this type of methodology.
Another reason is simply that I wanted to explore the “limited” methods in order to determine what data was able to be accessed and acquired, and the significance of any data unable to be acquired. I feel it’s important to answer these questions and gain a better understanding of these methods before adding any unnecessary elements into a forensically sound technique.
How did you scope the project? Was there a point where the "rabbit hole" would've been counterproductive, or was the whole point to go as deep as you could?
I definitely wanted to explore as much as was feasible in an effort to present different acquisition options, if possible; however, at a certain point you do have to reign yourself in and realize that perhaps you’re trying too many things.
In the beginning of this research, I specifically laid out the goals that I had in regards to the chosen devices and what questions I wanted to be able to answer. From there, the project developed as I progressed through each experimental method, starting from the most easily attainable and cost-effective to more advanced or laboratory-dependent techniques. I knew that some methods such as building my own cable or even attempting to SSH into a secure device were unlikely to be successful, but I wanted to be able to completely rule them out or spur ideas for future research; and through some of these methods, I was able to quickly map out the limits to my experimentation.
When a failed method was encountered, and troubleshooting was ineffective in finding a solution, I made the decision to move on to a different technique. Ultimately, I think this prevented me from straying too far off the path or falling down the rabbit hole in an effort to attain my goals and answer my original questions. Additionally, the failed methods allowed for some questions to be tackled which I didn’t initially recognize needed an answer, so I think they were beneficial to explore.
You talked about future research inclusive of rooted/jailbroken devices, along with PC artifacts from a mounted device, a GearGadget GUI, etc. Have you started work on any of that research?
I have had quite a bit on my plate since the completion of this research. From taking on a new job with the Virginia Department of Forensic Science and all of the necessary training that comes along with it to being a full-time graduate student and presenting at conferences on this work, I haven’t been able to get started on the future research aspect as fully as I would have liked. I only recently graduated with my MSFS in May of 2019, so my schedule is just starting to free up again.
However, recently I have been noticing other work being published about these devices, which is very exciting! At the time my research was underway, not much work had been either performed or published about these devices, so to now be able to read more about how other people are accessing the data and seeing things that we did or didn’t do similarly within our work is something that I have been actively looking into at the moment. Because of this, my next goal concerning future research is to take a further look at these newly published methods and rework my previous future goals to align with some of the accomplishments in this line of research thus far.
What's next for you? With this breadth of experience in different areas of science, where are you looking to take your career?
Currently, I am really enjoying my position at the Virginia Department of Forensic Science. I’m fresh out of school and doing what I love, and I think that’s a real privilege, so I’d say that working in the field and gaining valuable experience is the next chapter in my story. However, that’s not to say that I wouldn’t love to be building upon and pursuing different avenues through research during my personal time. Ultimately, I see myself doing casework for a long while, putting my skills to good use and seeing where that takes me!