Thomas, tell us a bit about yourself – what's your background, what are you studying at the moment, and how did you become interested in digital forensics?
I have always been interested in engineering, electronics, and computing from a young age. By the time I reached sixth form I knew I wanted to go into computing, but still had no direction. I saw a lot of people interested in gaming, coding and networking, but none of it really appealed to me. It was at a careers fair, I heard the words “digital forensics”, which caught my attention, and for a project I did an investigation into the extraction of data from used electronics.That was 4 years ago now, and I recently completed my undergrad BSc Forensic Computing at CCCU with a few publications on top while at university, and have not looked back.
You've recently published a paper about the forensic analysis of secure messaging apps on Android. Could you outline the aims and results of your research for us?
In our initial research we found that the use of secure messaging applications for criminal activities, such as coordinating the terror attacks in Europe and worldwide, was rampant. Security services had a hard time both capturing and analyzing evidence and intelligence from devices running these applications, complicating investigations. We wanted to bring these apps into a lab and see if we could analyze them ourselves. The analysis was challenging, but in the end we established some clear methods for dealing with secure messaging applications, and were happy to publish them in their respective papers.
What are some of the main challenges involved with analysing messaging apps?
These applications are designed with security in mind. They appear as simple applications but under the surface they hide an array of anti-forensics functions that use methods such as obfuscation, encryption and data erasure to make it as hard as possible to recover artefacts. Without constant updates and added support, forensics tool-kits break down in the face of these applications, meaning investigators have to resort to custom methods and tools.
There seems to be a public shift in the direction of default end-to-end encryption; how concerned do you think digital forensic investigators should be about this, and what can be done to address it?
Personally, I am a supporter of end-to-end encryption and similar methods because I believe privacy is important. Times certainly have changed in the last 10 years especially where increases in data security are concerned. As forensic investigators, it is not up to us to try to hold back the progress of technology to suit our own ends, but rather to adapt, developing new methods and strategies to deal with future challenges.
Was there anything you uncovered in the course of your research that surprised you?
If anything it was the extreme lengths developers of some secure messaging applications had gone to to ensure the security of their products. Trust me, when they mention “military” level security, they aren’t joking. Be warned though, not all apps are what they say they are, and I found proper security to be the exception rather than the norm.
Do you have any plans for the near future, research-wise? Are you working on anything at the moment?
I have more publications coming out soon on the forensic analysis of drones (UAVs) which is a highly compelling subject. The forensic implications of any emerging technology interests me a lot.
Can you share any words of advice for people who are thinking of studying digital forensics?
If you haven’t chosen yet, think wisely. Digital forensics is profoundly more technical than other more creative disciplines like application development. If you have chosen to study digital forensics, whatever you do, get into developing your own tools and methods for forensic analysis. Don’t just rely on a forensics toolkit to do the work for you. Sure, they help in reducing the time of large investigations, but always know what’s going on beneath the surface!
Finally, when you're not studying or researching, what do you enjoy doing in your spare time?
I mainly like to exercise. It’s nice to get away from the lab and be outside for a while, otherwise I start to get restless. My two favorites are martial arts and mountain biking. If I’m not outside, I like to make music.
Thomas Barton is a graduate in Digital Forensics at Canterbury Christ Church University, specializing in the forensic analysis of emerging technologies as well as cyber security. He is also a supporter of the open source digital forensics movement. You can find out more and keep up to date with Thomas' research on ResearchGate.