Rich, you're a Forensic Specialist at ADF Solutions. Tell us a bit about your role – what does a day in your life look like?
One of the things I love about forensics is every day is different, every day is a different task, a different challenge, a different conversation with a different person, and most of all enjoyable. One day I am researching the newest apps or programs to be integrated into the next release of the ADF software product line, the next day I’m creating new data sets to be used in training or web demonstrations. Next week I could be at one of the CAC (Crimes Against Children) conferences presenting our latest topic “On Scene Investigations” or chatting with the law enforcement community on the latest challenges in digital forensics.Liaising with Sales and Marketing is another function that allows me to take my passion for digital forensics and convey it through webinars, demonstrations, and training. It is here I get to have conversations with the forensic community and more specifically the law enforcement community.
We get to discuss issues that we have encountered on a day to day basis, how the ADF tools can help speed up forensic examinations, and get to relevant evidence and accurate decisions faster. On-Scene decisions and reducing backlog are important to the community and as someone who spent a career investigating, they are important to me.
What's your background and how did you get into digital forensics?
I spent 22 years in law enforcement working for the Milford Police Department in Connecticut. It is here I was given the opportunity to take my passion for computers and focus it on digital investigations and forensic examinations.
In the late 90’s Milford started one of the first computer crime units in the state and I was selected to to be the forensic examiner. This was based on my history of infecting my own computers with viruses to see what happens… and then whether I could get rid of them or not. From that point forward I was taught and learned from within the LE community with entities such as IACIS, SEARCH, NW3C, multiple vendor trainings, and being involved in the community. One of the best ways to learn in this field is to encounter something you do not know, research it, solve it, and share it for review. Without a passion for the thrill of the chase, the drive for the facts, and satisfaction of the results, this would only be a job. It doesn’t matter how many years you have been in the field, you learn every day, and I keep up by volunteering with IACIS, following industry publications and forums, researching new apps and programs, as well as keeping an open dialogue with others in the field.
Tell us about the products and solutions ADF provides for digital forensic investigators.
ADF Solutions’ product line includes Digital Evidence Investigator (DEI)®, Triage Investigator®, and Triage-G2®.
DEI allows you to get to your evidence faster, make decisions sooner, as well as easily associate files to the user via Linked Artifacts. DEI is customizable, allowing you to control what is collected and from where, reducing unnecessary noise in your investigation. An examiner is able to target the evidence based on the facts and information of the investigation using their own unique keyword or hash lists as well as use ADF supplied investigation specific keywords and hash sets. An examiner can conduct a comprehensive scan of the digital evidence in a short amount of time or target the evidence for a quick on scene investigation (Triage) and have results in minutes. Using DEI you can prepare a bootable USB device to conduct live scan, collection of volatile evidence (RAM), or boot a powered off computer, including MAC, Linux, and Windows devices. DEI also allows the booting of closed architecture computers for scanning and imaging of the device.
So using DEI will allow you to customize Search Profiles (artifact captures and file captures), conduct a quick scan looking for the low-hanging fruit, focusing on the user profiles for relevant artifacts and files, or a comprehensive scan focusing on the entire file system. While conducting a scan files can be auto-tagged for faster analysis and reporting. Reporting is streamlined, simplified, and allows for the sharing of the scan results in a portable stand-alone viewer.
The use possibilities are endless, from triaging to conducting on-scene investigations, reducing backlog, child exploitation investigations (using Project VIC and CAID data), missing children, drugs, financial, intelligence, MEDEX, DOMEX, file collection, data leakage, IP Theft, the list goes on and on.
Triage Investigator is the same powerful DEI engine suited for field deployment, giving the investigator a user friendly environment allowing them to work in conjunction with the lab examiner. While not customizable, a Custom profile created with DEI can be imported into Triage Investigator giving even more power to the tool. Triage Investigator is typically used by large organizations and agencies that want to distribute evidence collection.
Triage-G2 is ADF’s award winning media exploitation tool which is deployed by special forces, military and intelligence agencies worldwide for sensitive site exploitation and field intelligence collection.
ADF recently released Digital Evidence Investigator version 4.3 – what are some of the new features in the latest update?
This release uniquely links files of interest with user activities in a precise and customizable timeline, greatly reducing the time and effort to make a decision and build a forensics report. This can assist in putting to rest “the virus did it” and other similar claims by the user.
We are always adding artifact and file collection captures and several from this release are saved credentials (live scans), remote access tool detection, and with proper credentials the ability to decrypt and scan/image BitLocker volumes including those using new AES-XTS encryption algorithm introduced in Windows 10.
Is there a typical user of DEI? What kinds of cases does it suit?
Our customers include those in the Law Enforcement, Military, Federal Government, Corporate Security, and our customers are located around the world.
As mentioned above our line of products will cover a vast array of investigations and forensic needs, and we are very powerful within the child exploitation investigations, ICAC, and Cybertips, with features allowing the auto-tagging and commenting on collected files, easy filtering, sorting and auto classification of VICS data allowing for streamlined analysis of the indecent pictures of children, getting to our results, decisions, and prosecution faster than ever before. When conducting an on-scene investigation the investigator can have a complete up to the minute case, with a comprehensive court ready report in the same day.
What trends are you seeing at the moment in the digital forensic arena, and how is ADF Solutions working to address current challenges?
In addition to an increasing amount of mobile device data, we’re also seeing an influx of requests for investigations across multiple EO1 datasets simultaneously. Given some of the industry challenges around large datasets and our historical focus on triage, we are working on improving the targeted scanning, collection and analysis in an exponentially faster way than exists today.
The addition of new File Systems, cloud storage, the abundance of new apps and programs, and as always, the plethora of potential evidence in each investigation motivates our team to continue listening to our users, the forensic community, and keeping up to date with research and trends. Our dedicated forensic and development teams are evolving and updating our tools to meet these challenges. Personally, I like being affiliated with a team that focuses every day on making software tools that are more efficient and friendly for the user with each release.
Finally, when you're not working, what do you enjoy doing in your spare time?
The ability to separate work from home life has always been important, so when not working I enjoy spending time with my wife and 3 children. My wife is just as passionate about her career and runs her own healthcare consulting business, so our time together is important. We have two grandchildren that we now get to enjoy and watch grow. To relax I read (historical novels are my favorite) and if not watching my youngest play football, I watch sports, mainly football and soccer, but enjoy the thrill of the playoffs or finals of most other sports.