Oxygen Forensics Announces New Director Of Training Hire

Oxygen Forensics has announced the hire of digital forensics expert, Keith Lockhart as its Director of Training.

Lockhart previously served as Vice President of Strategic Programs for AccessData Group for 15 years, leading digital forensics training solutions for Local, State, Federal and International Law Enforcement agencies as well as worldwide corporate entities and law-firms involved in the prevention, investigation, and prosecution of high-technology crime.“We are thrilled to welcome Keith, a former law enforcement officer and expert in the digital forensics industry to Oxygen Forensics as our new Director of Training,” says Lee Reiber, COO of Oxygen Forensics. “Keith is a world-renowned trainer, bringing two decades of experience in digital forensics, e-Discovery, decryption, incident response, mobile device collection, and analysis to the company. His stellar background in training and bold ideas for the future will ensure that Oxygen Forensics clients have the best curriculum and resources in the industry for years to come.”

Lockhart is a member of the High Technology Crime Investigation Association (HTCIA) and has served as the Director of Training and President for the International Association of Computer Investigative Specialists (IACIS) – from which he obtained Certification as a Forensic Computer Examiner. He has instructed at the FBI National Academy, the United States Secret Service, the Dutch National Police Academy, the National Center for Police Excellence in the United Kingdom, the London Metropolitan Police Anti-Terrorist Branch, the Canadian Police College, Australian Federal Police Headquarters and presents regularly for numerous law enforcement agencies and public / private sector organizations around the world.

“I am proud to join Oxygen Forensics as it continues keeping the world safe by providing law enforcement, federal and corporate clients’ with cutting edge solutions to their toughest digital forensics needs,” says Keith Lockhart, Oxygen Forensics’ incoming Director of Training “As a former law enforcement officer, I know first hand the value add that Oxygen Forensics products bring to law enforcement officers across the country. This company is at the forefront of the mobile data forensics industry and it is my honor to join it as we transition to the next phase of mobile and data innovation.”

Get The Latest DFIR News!

Top DFIR articles in your inbox every month.


Unsubscribe any time. We respect your privacy - read our privacy policy.

As Oxygen Forensics Director of Training, Lockhart will be responsible for building a forward-looking training program for the company’s wide array of law enforcement, federal and corporate clients. He will be tasked with ensuring the company’s training infrastructure remains ahead of technologies and trends in the market.

###

About Oxygen Forensics
Oxygen Forensics is a leading global provider of software for digital forensic investigations involving mobile devices, drones, and cloud data. The company’s flagship software, Oxygen Forensic® Detective, enables law enforcement, defense, and enterprise organizations around the world to extract and examine data from thousands of device types and applications to build thorough digital evidence cases for legal and forensic proceedings.

Leave a Comment

Latest Videos

Quantifying Data Volatility for IoT Forensics With Examples From Contiki OS

Forensic Focus 22nd June 2022 5:00 am

File timestamps are used by forensics practitioners as a fundamental artifact. For example, the creation of user files can show traces of user activity, while system files, like configuration and log files, typically reveal when a program was run. 

Despite timestamps being ubiquitous, the understanding of their exact meaning is mostly overlooked in favor of fully-automated, correlation-based approaches. Existing work for practitioners aims at understanding Windows and is not directly applicable to Unix-like systems. 

In this paper, we review how each layer of the software stack (kernel, file system, libraries, application) influences MACB timestamps on Unix systems such as Linux, OpenBSD, FreeBSD and macOS.

We examine how POSIX specifies the timestamp behavior and propose a framework for automatically profiling OS kernels, user mode libraries and applications, including compliance checks against POSIX.

Our implementation covers four different operating systems, the GIO and Qt library, as well as several user mode applications and is released as open-source.

Based on 187 compliance tests and automated profiling covering common file operations, we found multiple unexpected and non-compliant behaviors, both on common operations and in edge cases.

Furthermore, we provide tables summarizing timestamp behavior aimed to be used by practitioners as a quick-reference.

Learn more: https://dfrws.org/presentation/a-systematic-approach-to-understanding-macb-timestamps-on-unixlike-systems/

File timestamps are used by forensics practitioners as a fundamental artifact. For example, the creation of user files can show traces of user activity, while system files, like configuration and log files, typically reveal when a program was run.

Despite timestamps being ubiquitous, the understanding of their exact meaning is mostly overlooked in favor of fully-automated, correlation-based approaches. Existing work for practitioners aims at understanding Windows and is not directly applicable to Unix-like systems.

In this paper, we review how each layer of the software stack (kernel, file system, libraries, application) influences MACB timestamps on Unix systems such as Linux, OpenBSD, FreeBSD and macOS.

We examine how POSIX specifies the timestamp behavior and propose a framework for automatically profiling OS kernels, user mode libraries and applications, including compliance checks against POSIX.

Our implementation covers four different operating systems, the GIO and Qt library, as well as several user mode applications and is released as open-source.

Based on 187 compliance tests and automated profiling covering common file operations, we found multiple unexpected and non-compliant behaviors, both on common operations and in edge cases.

Furthermore, we provide tables summarizing timestamp behavior aimed to be used by practitioners as a quick-reference.

Learn more: https://dfrws.org/presentation/a-systematic-approach-to-understanding-macb-timestamps-on-unixlike-systems/

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_i0zd7HtluzY

A Systematic Approach to Understanding MACB Timestamps on Unixlike Systems

Forensic Focus 21st June 2022 5:00 am

This error message is only visible to WordPress admins

Important: No API Key Entered.

Many features are not available without adding an API Key. Please go to the YouTube Feed settings page to add an API key after following these instructions.

Latest Articles

Share to...