Thomas Barton, Research Associate, Canterbury Christ Church University

Thomas, tell us a bit about yourself – what's your background, what are you studying at the moment, and how did you become interested in digital forensics?

I have always been interested in engineering, electronics, and computing from a young age. By the time I reached sixth form I knew I wanted to go into computing, but still had no direction. I saw a lot of people interested in gaming, coding and networking, but none of it really appealed to me. It was at a careers fair, I heard the words “digital forensics”, which caught my attention, and for a project I did an investigation into the extraction of data from used electronics.That was 4 years ago now, and I recently completed my undergrad BSc Forensic Computing at CCCU with a few publications on top while at university, and have not looked back.

You've recently published a paper about the forensic analysis of secure messaging apps on Android. Could you outline the aims and results of your research for us?

In our initial research we found that the use of secure messaging applications for criminal activities, such as coordinating the terror attacks in Europe and worldwide, was rampant. Security services had a hard time both capturing and analyzing evidence and intelligence from devices running these applications, complicating investigations. We wanted to bring these apps into a lab and see if we could analyze them ourselves. The analysis was challenging, but in the end we established some clear methods for dealing with secure messaging applications, and were happy to publish them in their respective papers.

What are some of the main challenges involved with analysing messaging apps?


Get The Latest DFIR News

Join the Forensic Focus newsletter for the best DFIR articles in your inbox every month.


Unsubscribe any time. We respect your privacy - read our privacy policy.

These applications are designed with security in mind. They appear as simple applications but under the surface they hide an array of anti-forensics functions that use methods such as obfuscation, encryption and data erasure to make it as hard as possible to recover artefacts. Without constant updates and added support, forensics tool-kits break down in the face of these applications, meaning investigators have to resort to custom methods and tools.

There seems to be a public shift in the direction of default end-to-end encryption; how concerned do you think digital forensic investigators should be about this, and what can be done to address it?

Personally, I am a supporter of end-to-end encryption and similar methods because I believe privacy is important. Times certainly have changed in the last 10 years especially where increases in data security are concerned. As forensic investigators, it is not up to us to try to hold back the progress of technology to suit our own ends, but rather to adapt, developing new methods and strategies to deal with future challenges.

Was there anything you uncovered in the course of your research that surprised you?

If anything it was the extreme lengths developers of some secure messaging applications had gone to to ensure the security of their products. Trust me, when they mention “military” level security, they aren’t joking. Be warned though, not all apps are what they say they are, and I found proper security to be the exception rather than the norm.

Do you have any plans for the near future, research-wise? Are you working on anything at the moment?

I have more publications coming out soon on the forensic analysis of drones (UAVs) which is a highly compelling subject. The forensic implications of any emerging technology interests me a lot.

Can you share any words of advice for people who are thinking of studying digital forensics?

If you haven’t chosen yet, think wisely. Digital forensics is profoundly more technical than other more creative disciplines like application development. If you have chosen to study digital forensics, whatever you do, get into developing your own tools and methods for forensic analysis. Don’t just rely on a forensics toolkit to do the work for you. Sure, they help in reducing the time of large investigations, but always know what’s going on beneath the surface!

Finally, when you're not studying or researching, what do you enjoy doing in your spare time?

I mainly like to exercise. It’s nice to get away from the lab and be outside for a while, otherwise I start to get restless. My two favorites are martial arts and mountain biking. If I’m not outside, I like to make music.

Thomas Barton is a graduate in Digital Forensics at Canterbury Christ Church University, specializing in the forensic analysis of emerging technologies as well as cyber security. He is also a supporter of the open source digital forensics movement. You can find out more and keep up to date with Thomas' research on ResearchGate.

Leave a Comment

Latest Videos

Throughout the past few years, the way employees communicate with each other has changed forever.

69% of employees note that the number of business applications they use at work has increased during the pandemic.

Desk phones, LAN lines and even VOIP have become technologies of the past workplace environment as employees turn to cloud applications on their computers and phones to collaborate with each other in today’s workplace environment.

Whether it’s conversations in Teams, file uploads in Slack chats, or confidential documents stored in Office 365, the amount of data stored and where it is stored, is growing quicker than IT and systems administrators can keep up with.

Corporate investigators and eDiscovery professionals need to seamlessly collect relevant data from cloud sources and accelerate the time to investigative and discovery review.

With the latest in Cellebrite’s remote collection suite of capabilities, investigators and legal professionals can benefit from secure collection with targeted capabilities for the most used workplace applications.

Join Monica Harris, Product Business Manager, as she showcases how investigators can:

- Manage multiple cloud collections through a web interface
- Cull data prior to collection to save time and money by gaining these valuable insights of the data available
- Collect data from the fastest growing cloud collaboration applications like Office365, Google Workspace, Slack and Box
- Login to a single source for workplace app collection without logging into every app and pulling data from multiple sources for every employee
- Utilize a single unified collection workflow for computer, mobile and workplace cloud applications without the need to purchase multiple tools for different types of collections – a solution unique to Cellebrite’s enterprise solution capabilities

Throughout the past few years, the way employees communicate with each other has changed forever.

69% of employees note that the number of business applications they use at work has increased during the pandemic.

Desk phones, LAN lines and even VOIP have become technologies of the past workplace environment as employees turn to cloud applications on their computers and phones to collaborate with each other in today’s workplace environment.

Whether it’s conversations in Teams, file uploads in Slack chats, or confidential documents stored in Office 365, the amount of data stored and where it is stored, is growing quicker than IT and systems administrators can keep up with.

Corporate investigators and eDiscovery professionals need to seamlessly collect relevant data from cloud sources and accelerate the time to investigative and discovery review.

With the latest in Cellebrite’s remote collection suite of capabilities, investigators and legal professionals can benefit from secure collection with targeted capabilities for the most used workplace applications.

Join Monica Harris, Product Business Manager, as she showcases how investigators can:

- Manage multiple cloud collections through a web interface
- Cull data prior to collection to save time and money by gaining these valuable insights of the data available
- Collect data from the fastest growing cloud collaboration applications like Office365, Google Workspace, Slack and Box
- Login to a single source for workplace app collection without logging into every app and pulling data from multiple sources for every employee
- Utilize a single unified collection workflow for computer, mobile and workplace cloud applications without the need to purchase multiple tools for different types of collections – a solution unique to Cellebrite’s enterprise solution capabilities

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_g6nTjfEMnsA

Tips And Tricks Data Collection For Cloud Workplace Applications

Forensic Focus 6 hours ago

In this episode of the Forensic Focus podcast, Si and Desi explore the cutting-edge technology of deepfake videos and image manipulation. In addition to discussing the latest technological developments and efforts being made to detect manipulated media, they also examine the associated legal and ethical implications.

Show notes:

Boris Johnson image - https://www.theguardian.com/politics/2023/jan/10/spot-the-difference-boris-johnson-appears-scrubbed-from-photo-posted-by-grant-shapps

Deep Fake Neighbour Wars - https://m.imdb.com/title/tt21371376/

Stalin image - https://www.history.com/news/josef-stalin-great-purge-photo-retouching

Nvidia eye contact AI - https://www.polygon.com/23571376/nvidia-broadcast-eye-contact-ai and https://www.youtube.com/watch?v=xl87WTDrReo

Birthday problem - https://en.wikipedia.org/wiki/Birthday_problem

Same frightening woman in AI images - https://petapixel.com/2022/09/09/the-same-frightening-woman-keeps-appearing-in-ai-generated-images/

Inherent mysogeny of AI portraits - https://www.theguardian.com/us-news/2022/dec/09/lensa-ai-portraits-misogyny

Midjourney - https://www.midjourney.org/

Deepfake porn legality - https://www.theverge.com/2022/11/25/23477548/uk-deepfake-porn-illegal-offence-online-safety-bill-proposal and https://www.technologyreview.com/2021/02/12/1018222/deepfake-revenge-porn-coming-ban/

AIATSIS - https://aiatsis.gov.au/cultural-sensitivity

Fake tiger porn story - https://www.dailydot.com/unclick/tiger-porn-britain-law/

Group photo with no blinking - https://www.countrylife.co.uk/comment-opinion/curious-questions-group-photo-179102

Emma Watson deefake audio - https://www.thetimes.co.uk/article/ai-4chan-emma-watson-mein-kampf-elevenlabs-9wghsmt9c

Domestika - https://www.domestika.org/en/courses/981-introduction-to-interviewing-the-art-of-conversation

Investigative Interviewing - https://www.amazon.co.uk/dp/0199681899?ref=ppx_pop_mob_ap_share

Forensic Focus events calendar - https://www.forensicfocus.com/events/

Si Twitter - https://twitter.com/si_biles

In this episode of the Forensic Focus podcast, Si and Desi explore the cutting-edge technology of deepfake videos and image manipulation. In addition to discussing the latest technological developments and efforts being made to detect manipulated media, they also examine the associated legal and ethical implications.

Show notes:

Boris Johnson image - https://www.theguardian.com/politics/2023/jan/10/spot-the-difference-boris-johnson-appears-scrubbed-from-photo-posted-by-grant-shapps

Deep Fake Neighbour Wars - https://m.imdb.com/title/tt21371376/

Stalin image - https://www.history.com/news/josef-stalin-great-purge-photo-retouching

Nvidia eye contact AI - https://www.polygon.com/23571376/nvidia-broadcast-eye-contact-ai and https://www.youtube.com/watch?v=xl87WTDrReo

Birthday problem - https://en.wikipedia.org/wiki/Birthday_problem

Same frightening woman in AI images - https://petapixel.com/2022/09/09/the-same-frightening-woman-keeps-appearing-in-ai-generated-images/

Inherent mysogeny of AI portraits - https://www.theguardian.com/us-news/2022/dec/09/lensa-ai-portraits-misogyny

Midjourney - https://www.midjourney.org/

Deepfake porn legality - https://www.theverge.com/2022/11/25/23477548/uk-deepfake-porn-illegal-offence-online-safety-bill-proposal and https://www.technologyreview.com/2021/02/12/1018222/deepfake-revenge-porn-coming-ban/

AIATSIS - https://aiatsis.gov.au/cultural-sensitivity

Fake tiger porn story - https://www.dailydot.com/unclick/tiger-porn-britain-law/

Group photo with no blinking - https://www.countrylife.co.uk/comment-opinion/curious-questions-group-photo-179102

Emma Watson deefake audio - https://www.thetimes.co.uk/article/ai-4chan-emma-watson-mein-kampf-elevenlabs-9wghsmt9c

Domestika - https://www.domestika.org/en/courses/981-introduction-to-interviewing-the-art-of-conversation

Investigative Interviewing - https://www.amazon.co.uk/dp/0199681899?ref=ppx_pop_mob_ap_share

Forensic Focus events calendar - https://www.forensicfocus.com/events/

Si Twitter - https://twitter.com/si_biles

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_i41eg24YGZg

Deepfake Videos And Altered Images - A Challenge For Digital Forensics?

Forensic Focus 13th February 2023 10:30 am

This error message is only visible to WordPress admins

Important: No API Key Entered.

Many features are not available without adding an API Key. Please go to the YouTube Feed settings page to add an API key after following these instructions.

Latest Articles

Share to...