European Interdisciplinary Cybersecurity Conference (EICC) 2023

Si: Okay. So, friends and enemies, welcome to the Forensic Focus podcast. A live, outside broadcast. Not live. Well, it’s live for us. It’s not live for you; you get it pre-recorded. We’re still alive. An outside broadcast today coming from Stavanger in Norway where I’ve been at the European Interdisciplinary Cybersecurity Conference for the last two days and enjoying the very generous hospitality of the Norwegians, which is wonderful. And yeah, it’s been really good.

Everything in Stavanger is uphill. Stavanger is built on granite. I think it’s granite, but it’s volcanic. Whatever it is, it’s heavy, juicy stuff. And at the beginning of the conference they said, “There will be some explosions because we’re doing building work.” And I thought this was perhaps an English thing, because obviously, you know, we speak English fluently and we take it for granted that everybody else in the world speaks English fluently. And I thought, oh, maybe they just mean bangs, you know, just sort of some percussive noises.

No, they are literally blasting the rock away with dynamite to put foundations in. About halfway through someone’s talk, there is an almighty explosion, the room shakes and it’s like a bomb has gone off next door because a bomb HAS gone off next door, literally to blow away the rock for the foundations. Oh, it’s spectacular noises.

Desi: You couldn’t kind of be doing that at an American conference. Everyone would have their guns out.

Si: Yeah. The guys from the university kind of just shrugged and carried on. It’s , this is regular, we’re used to this.


Get The Latest DFIR News

Join the Forensic Focus newsletter for the best DFIR articles in your inbox every month.

Unsubscribe any time. We respect your privacy - read our privacy policy.


Desi: So it’s interesting, the title of the conference … what do they mean by interdisciplinary in cyber? How are they defining that?

Si: I think the key thing here was that mostly it was across all areas of what we would consider to be cybersecurity. I think there was a little bit of interaction from social sciences, especially when we were talking about medical devices. There was a very good talk given about medical devices, medical device security, and the perceptions of risk.

Yeah, in fact, it was actually talking very specifically about the Norwegian system, which was very interesting. And I will link all of the papers and I will put all of the names to the people who gave the talks. And I am not going to try and pronounce them on here cause it would only be offensive in the long run.

Desi: So, leaning into that medical stuff, are they external risks or risk that firmware could be corrupted, and then caused problems?

Si: No, in this case, actually it was very simple. This  was more about just on the simple front, who the hell’s responsible for it? Because the lady who gave it as a social scientist and the consultant in Norwegian Medicare, and we were just talking about the sort of the home alerts type stuff. So the elderly have a bracelet, they can press the button on and it will alert them. But there’s no standardization for their implementation. There’s no consistent rollouts across the States.

They don’t know who’s responsible for it, whether it’s an IT thing, because some of them are IOT devices, or is it a healthcare thing that the responder is responsible for making sure it works. There are a lot of human factors around what one would consider to be the security implications of it, purely on an availability front. But also then getting into the, okay, so it is an IP-based device now typically, it’s on a network, is that network secure? It’s a home network of an individual, who’s responsible for securing that? What level of education should we be putting down? So that was a very interesting discussion.

There was another sub track, which is, he says, looking on,  they’ve conveniently given the acronym, but not the translation. It’s COSH, which was to do with children, anyway. but actually it was more to do with cybersecurity education for children and things  parental control on mobile phones and tablets and things  that. That again, is fascinating. And the idea is essentially that a lot of this parental control software is granular enough, it’s block everything or allow everything. It’s not got that fine tuning capability, especially to allow a child to develop.

You know, locking down a six-year-old is one thing, locking down a 16-year-old is another. And there needs to be a finer understanding of how to better implement this software. And again, you know, they’ve been doing research on that. There was a cybersecurity board game, a different paper about how to better educate on cybersecurity. And interestingly, they’d actually targeted that one at both children and parents.

Si: I think that’s because lots of parents aren’t…

Desi: I think that’s valid though, right? Lids can’t teach themselves everything. And especially contextual safety online. I just looked up COSH: Child Online Safety & Harms is what it says.

Si: Ah, thank you. Yeah. So, that was part of that. And again, you know, very interesting to hear people coming from a social science background and describing the research that they’ve done and how they found the reactions to be. And the interesting thing was , they actually did play testing with this game and with, you know, getting families to come in and sit down and there were examples of the children teaching the parents about information security rather than the other way around, you know, and stuff  that.

One kid was teaching his mum about the padlock icon in the browser and stuff  that. So, you know, for us, we consider that to be a relatively common knowledge, but, you know, out in the real world it’s a different kettle of fish.

It was a really good mix internationally. A few UK universities turned up. There was a representative from Oxford, I didn’t actually speak to him, but there was a guy from Oxford, according to his name tag. A couple of people from the University of Kent here. And then Norwegians, there were from Italian universities and German universities, a couple of Americans as well, which was interesting for a European conference, they had come over.

A few of the delegates not presenting, but there was a guy from Canada who’d come over and had brought his mum with him and they were going off to do a bit of sightseeing and visiting relatives I think, as well. So, yeah, absolutely. Oh yeah, the Croatian guys, they were really good fun. Shout out to them. We had dinner together,  we sat together at the conference dinner and yeah, really good crack. They were fabulous, as was the Irish delegate; she had a good sense of humor, as well. So it was a very pleasant time.

Desi: I was going to say, I love how the international turnout for a Europe conference is, it’s because so many of the countries are only an hour or two away. Yeah. Which is really good for diversity in the conference because each country’s doing their own thing in cyber. So that’s really cool.

Si: Yeah, yeah. And I mean, the research topics were hugely vast. I mean, interestingly, the University of Kent one, they gave two talks: one was on the prevalence of child sexual abuse material on sale, on the DarkWeb, and they had very tried a very careful ethical line about following this up, but they researched two languages: they did English language DarkWeb marketplaces, and they did Chinese, because the student who was doing it was Chinese, thus could handle the language differences. And the findings were fascinating, so much so that they didn’t find any CSAM for sale in English language marketplaces.

Now I need to have a conversation to find out how they chose their marketplaces, because I find it kind of fundamentally unlikely. But, you know, it is a master’s thesis, not an absolute statement about the quality of the world. But the Chinese ones were definitely there. But one of the things they did find, interestingly, was just in the terms and conditions of the marketplaces; all of the English language ones specifically prohibited it, whereas that wasn’t the way in the Chinese marketplaces. It wasn’t a specific prohibition from the terms and conditions to say you cannot upload child sexual abuse material into here. But it was a long…

Desi: I wonder if that’s a, I don’t want to say cultural, but law enforcement thing where in the States and the Western world, it’s hunted after quite a lot and those marketplaces don’t want to be shut down by the FBI and the UK police and the Australian police. Whereas maybe China doesn’t have that body in their legal system to chase that stuff.

Si: Yeah, maybe, the paper. I’ll link again to the papers.

Desi: Yeah, that’d be interesting to read. I’m assuming all the papers are open to read for free, similar to the other?

Si: I believe they are. I will double-check and upload. A lot of them were putting QR codes on their slides to say, you know, come here and download our paper. Which of course none of us followed because none of us followed because none of us had QR codes. But yeah, so many of them were at the other end of the spectrum. There was a guy talking about covert channel communications from very low-bandwidth IOT sensors; and just sensors, so, you know, effectively, temperature sensors or whatever. And how you could sort of compress and stuff stuff into binary floating point representations to get it to transmit covert data across the network, which was fascinating and I’m sure has some very interesting real-world applications out there somewhere. Not particularly related to forensics, but I wouldn’t want to have to reverse-engineer that one particularly because it would be problematic.

So yeah, it was a good mix, a good range of stuff,good range of presenters, and again, you know, you have people standing up and apologizing for their English, and you’re like, you know, feel free to do it in Spanish and I will not understand a single word you say. You are doing me an absolute, you know, standing and there was not a problem with anybody there.

Desi: It reminds me of the meme of,  like, people get up and apologize for their English being poor, but it’s probably better than 70% of English speakers anyway.

Si: Yeah, yeah, exactly. So, you know, it has been an absolute pleasure to sit and listen throughout. Just on a conference level, I have never been to such a well-catered conference. I turned up on day one. I shouldn’t have eaten at the hotel, basically , because there were platters of fruit. I mean, I’ll, I did send those photos onto Twitter,  I think. I’ll be writing this up in a more formal report for Forensic Focus at a later, well, I’ll be doing it on the plane on the way home today. But I’ll put photos in it and, you know, there’s huge platters of fruits there with it. You know, it’s stunning. Coffee was more than palatable, which is rare.

But at lunch, you know, they took us out to the conference. We walked 200 yards, if that, to the university canteen, and there was a hot meal on the first day, you know, a buffet with some really, really good food. We then, after the conference finished, they’d arranged, so the university owns it seems, they have an Iron Age farm, which they’ve reconstructed, so living archaeology, basically. Which is again, you know, it was what, 500 yards up the hill? And we had a private tour around this Iron Age longhouse after the conference finished before we went to the conference dinner, which was stunning, fascinating, stunning. They took us down to one of the finest hotels in Stavanger. And, you know, Stavanger is, it’s a fairly significant port in the sense that it’s got a lot of the Norwegian oil industry here.

It doesn’t seem to be a particularly big town, but it has a lot of importance, I think. So they were saying that Norway only has about a population of about five and a half million people. So it’s not exactly, you know, London is larger than Norway is. So it’s a fairly small town in that respect, but it’s an important town, and this is the oldest hotel. They have won awards for their French cuisine internationally, beating out the French possibly for their French cooking.

Well, there was a Frenchman sitting next to me at dinner who we more or less mercilessly taunted throughout the entire thing about this fact that Norwegians had better French food than the French did. So, you know, we have been so well looked after here genuinely, I mean, absolutely fantastically and just as a sort of a universal truth, I have found everybody that I have spoken to who is Norwegian; A: perfectly fluent in English; and B: very pleasant, very lovely and immensely helpful. So yeah, I’d recommend it.

Desi: Yeah, the conference itself, so when we were starting this a bit before, I was looking at the website that they have, and it’s actually one of the better websites I’ve seen academic conferences put together in terms of just being able to navigate it. The information is, all of it seems up-to-date, which I rarely find across academic conferences. There’s a conference coming up that I was going to go to and it got postponed, but it wasn’t posted anywhere. So just stuff like that, because it’s not a business there it’s usually not the first thing that people think of, but yeah, it looks really good. But I guess going back to the talks, if you could pick maybe your favorite talk that you saw, and then maybe one that you read about or people were talking about that you wished that you kind of made it to, but there was other stuff that you wanted to go see?

Si: Now, It’s been quite interesting. Although there are three tracks, a majority of the conference was delivered in a single track.

Desi: Okay, yeah. So there wasn’t too much overlap. So that’s pretty good.

Si: So there wasn’t too much overlap. The thing is, is that, you know, I went and listened to the things I wanted to listen to in the tracks. So I did very well on that front. And I went off and I listened to the COSH stuff as opposed to staying for, it was a lot of digital energy stuff.

Desi: DP4I, which is the Digital Privacy for Industry Applications.

Si: Yeah. Now, what was quite interesting is we came out of that and then the DP4I panel session actually was more of a freeform conversation about the concepts of privacy versus the benefits of being part of a digital infrastructure. So, sort of, energy or healthcare or whatever, you know. And because it was a much more open discussion, we actually talked about, I think all of the things that were sort of discussed in those talks sort of live and in person. So it was quite a good way to not have missed out on the topic as a whole for me.

Desi: The last one there, I’m just reading the titles for the digital privacy one, the first two kind of make sense, but then the last one’s titled Cyber Physical Hardening of Digital Water Infrastructure. Just from the title it doesn’t seem to fit with privacy, but maybe there was a core piece in it that did.

Si: Yeah, maybe. I think it may have been more about the infrastructure side of things than necessarily the privacy side of things, if you see what I mean. There was quite an interesting one that was a bit earlier on. Actually, yeah, so just slightly further up in the main track was Privacy Preserving Data Analysis with the Encode, Shuffle, Analyse Architecture in Vehicular Data Sharing. So  that was given by a guy from one of the Germany universities; Gothenburg, I think. And they did some quite interesting analysis of tracking vehicles and how things like EVs and charging data and all sorts of stuff that was there, and how they were able to anonymize personal data in order to still gain benefit from statistical analysis.

Because obviously you want to have the ability to see, okay, where should I put my charging points? You know, where are the cars going that it’s beneficial to meter to know that, you know, it would be better to have more charging points here, or I need to improve infrastructure. So, you do need to track vehicles, you do need to do that. It’s just, how do you do that in a way, and they’re talking about the anonymizing functions that they were applying to data so that they could still maintain the shape of a data set, but without actually necessarily having an individual tracking within that. So that was quite good.

Desi: That’s an interesting topic to talk about with researchers and getting data sets like that, because it’s probably not something that’s talked about much, but it kind of is a Venn diagram of offensive data scientists and open source intelligence. And if you have someone or a team that overlaps the two and you had that data set, same with marketing data, how we’re all meant to be a number, but someone with enough knowledge and will to do it can reverse engineer your marketing number to figure out what your buying patterns are. And probably the same with the cars, right? They could probably heap it out where you live based on your data set.

Si: Yeah.

Desi: Thinking about it, I’ve probably seen a talk probably, on one of those fitness apps kind of things  trying to track people down based on their fitness habits, but I’m sure it’s for all this kind of stuff, especially  the smarter and smarter cars get where they’re reporting back information all the time.

Si: Yeah. In an interesting aside on that, I was talking to one of the delegates about forensics, and they had ended up being roped into doing forensics because the forensics team had basically retired; and not being a particularly large country, there wasn’t an immediate replacement. But they ended up doing quite a significant piece on, they were analyzing car computers in road traffic collisions here.

And there was basically one guy who had been an expert in doing this, who had been falsifying data. And they uncovered this by discovering some anomalies in the data and then going back. And apparently it sort of undid a number of convictions that, you know, some people have been charged with murder, vehicular murder basically, or, you know, death by dangerous driving or whatever that were no longer sound prosecutions on the grounds that this data had been, you know, heavily manipulated. So it is definitely an area of research that has value that the particular…

Desi: Was he purposefully falsifying data?

Si: It seems that way. Yeah. Although that was the impression that I got. The question of why he had done it didn’t come up, unfortunately. Cause I would love to know whether it was in a deliberate attempt to frame people that he thought were guilty or should have been guilty or whether it wasn’t deliberate, but was just he wasn’t as much of an expert as he thought he was and had altered the data in the process in such a way that made it in valid. So, you know, unfortunately I didn’t get to follow up on that one.

Desi: That hits on a lot of talks we’ve done, both us and with guests before about understanding the data and the interpretation of the data, particularly using it in court cases. And if you are kind of considered the only specialist in your field, how does anyone contest that? That is a very hard thing.

Si: Yeah. And again, you know, I spent some time explaining to a few people sort of the way that the English legal system works with regard to the evidence that I give and whether it’s effectively problematic to work for the defense because it isn’t; you know, I tell the truth. I don’t have any obligation to come up with some way of getting people off. It’s just basically a quality control check on the prosecution stuff. And, you know, people were interested to hear that that’s the way that it does work or should work anyway.

Desi: So they don’t don’t have opposing sides over there in terms of reviewing data?

Si: No, I mean, I think it was more along the lines of people don’t really think about criminal justice until it comes to apply to them. And because it was a multidisciplinary conference, lots of people weren’t actually particularly experienced in forensics, so that was interesting. There was quite a lot of research based around malware. That was another thing that we sort of saw from an incident response side.

Probably my favorite paper, or it’s certainly the one that gave me the most thought was to do with malware analysis. They were taking malware binaries and doing a conversion of malware binaries to images. I mean, images as in pictures. So basically figuring out a way to represent the code and presenting it as an image, and then putting them into machine vision systems to allow you to spot malware families and programs by a visual analysis. And the actual paper was about how there could potentially be attacks against doing that, which was interesting in its own right. But just the overall concept was actually remarkably successful. They were getting sort of detection rates at sort of 95%, 96% for different families of malware.

Desi: I’m pretty sure it’s not novel. I think, oh, I forget what is, you can sub-hash functions as well, and that’s a similar type of research. So you can group malware families based on sub hashes of the binary itself to figure out what’s happening. I forget what it’s called, but I’ll find a writeup on it cause I’m pretty sure that stuff’s been around for a while, but they’re probably applying new statistical models or something to it.

Si: Well, it was more against the application of attacks against it in the same way as you can attack computer vision systems.

Desi: Oh okay, and get around detection.

Si: Yeah, yeah. So that was what the actual paper was on, but overall it was an interesting concept. There was quite a good one on, actually it was a very early one, it was the first one in fact, detecting device fingerprinting. So, obviously, you connect to a service or use an application and it has value in the privacy invading sense of identifying you as a singular person and by doing device fingerprinting, you know, battery life and browser version and all of this kind of stuff.

And there are a number of libraries currently available that allow you to put into your code that will allow you to do device fingerprinting, but they’ve come up with basically a generic way of detecting device fingerprinting programs as a whole through API hooking to see what is being called. And they have found, and to a certain extent, fairly logically, you see a program call a lot of API hooks to do with a lot of the system very quickly after initialization. But actually, it’s good work. It shows that this is the way that they function, and it is detectable. You would have to deliberately be stealthy about your collection and spread it out, but even then, you would be calling way more APIs than an average program would. So it would still be quite obvious that you were doing some sort of device fingerprinting.

Desi: Yeah, you would then be going into the realms of code obfuscation where malware itself causes a lot of, talking about just Windows systems will call a lot of APIs and there are ways around to obfuscate it, but it’s more work for the author to do that. So yeah. I guess if companies are like, well, you have to sign up for our service and we’re going to fingerprint you anyway, they’re not going to worry about obfuscation.

Si: Yeah. It’s an interesting area and it’s always the thing, isn’t it? It’s either you are paying for a service or you are paying for the service by providing your data so that they can sell it on to somebody else.

Desi: Or in the case with Apple, both.

Si:  Yes. Yeah, indeed. What else was there that was good?

Desi: Are there any people that we’re going to talk to coming out from what we’ve talked about that we can get them on the podcast and talk more about their research?

Si: Yeah, possibly. I’m not going to commit to it yet, because I haven’t got enough time to talk to them. But probably a couple of the ones from the University of Kent. And we’ll see about that malware piece, the image one – I’d quite like to have a conversation about further. Because I think it’s an interesting application going forward.

I think because the research was based around the avoidance of it, I think that there are wider implications for things like the triage work that we consider part of forensics and how we could manipulate CSAM images, for example, in a way that would make them fail triage tests. We are moving towards an AI-based or machine-learning-based triage, and if we are able to obfuscate images in a way that doesn’t fundamentally change the way that they look, but changes their perception to a machine learning, that’s actually quite a big problem. So that’s something to consider going forwards.

So, we’ll see. I’ve got a few contacts. One of the other interesting talks was actually to do with again, machine learning, lots of machine learning stuff. But these were the Croatians; their paper was on age classification from images from yeah, just like this: a screenshot of me, you know, how old am I? And the answer is clearly 150. But yeah, they had massive data training sets; 600,000 images that they were using that had, you know, assigned ages on. And what they found when I rather unfairly cross-examined them after their talk in the questions, but their results on average across the entire thing were about six years out.

Now, if you’re talking about a 15-year-old between being 21 and nine, that’s bad. But actually what they found was that from the 0-25, they could get it within a year. Is just that the average across the entire space, basically, if you’re a man, once you’re over 75, they haven’t got a clue, you might as well take a guess. 75+ is it. They found that basically women 25-45, they couldn’t really tell because, I don’t know why. I mean, that was the finding. I guess it probably has something to do with makeup.

Desi: Do they have any statistical significance on ethnicity? Cause I know usually a big problem with image recognition software is the difference between African-American versus Caucasian versus Asian descent background, etc. They struggle a lot.

Si: It didn’t come up in any of the questions, and I don’t recall this in the paper, but yeah, absolutely.  I’ve seen that as well because again, the data training sets tend to be biased towards Caucasians. What was quite interesting was that they found that there was a mark, well, I say it kind of makes sense when you think about it, but there’s a marked improvement if you are looking at a female and you train only on female images and if you are training on a male and train only on male images rather than using either gender with a mixed data set, which makes sense when you consider it, but actually it’s a valid finding to say, okay, well if we’re going to try and use this in an age categorization sense for a useful purpose, and to be fair, rather pleasantly they went instead of, you know, the usual CSAM, they went selling cigarettes.

I was like, oh, countries that still smoke. And yeah, so that was my, that was my question: hang on, you’ve got a seven-year age gap and you wanted to stop under-15s from buying cigarettes? That’s not really going to pan out, is it? And they were like, no, it’s about a year in the age groups that match. So, that was cool. So yeah, that was good. I really enjoyed that one. So yeah, it was good.

Stavanger University is running another conference later in the year. It’s a bit more general IT research, and although there are security and there are pedagogical in the sense of teaching tracks in it, I mean, as much as I would love to come, cause I’d love to come back here, it’s not one that I think we can really justify attempting.

But what I do have to say is that, you know, being here has been fantastic. Apparently this is the best weather they ever have, which I’m not going to complain about. It is about 20, 23, 24, maybe 25 degrees outside. It’s beautiful, sunny. But for me, the biggest thing is we are far enough north that basically the sun sets somewhere close to midnight and is up again at 4:00 AM. So I flew into the airport at about 11 o’clock and it was daylight, it was broad daylight, you could see everything. I drove to the hotel, I got taxied to the hotel, and I got through customs who were astonishingly strict. Where are you going? Why are you here? When are you leaving? Okay, hang on.

And yeah, I got to the hotel and first of all, you know, you’ve been to England I’m sure, but I don’t know what Australian licensing laws are like, but in England, pubs close at 11. That’s it. You can’t get a drink after that. Forget it. Turned up at the hotel, bar’s still full, people are still drinking. I got myself a drink and I checked in, went to my room, put my bags down, came back downstairs, got a drink, went and sat outside and it was daylight. It was gone midnight. Okay. It was twilight, you know, but it felt like half past six in the UK, and it was just like, this is so bizarre.

Desi: That sounds awesome.

Si: It’s great, because, you know, we went out and had the conference dinner and then went and sat outside on the harbor and had another drink as if it was mid-afternoon. But the conference coming up is in September and they’re like, nah, it’s starting to get a bit dark and cold then. That’s more like Norway that I had in mind.

Desi: Yeah. I guess on the flip side, winter would be miserable where it’s just dark when you get up, dark when you get home. Limited sunlight.

Si: I think the only mitigating factor is at least here you get proper snow unlike England where it’s dark when you get up, dark when you get home and it’s miserably wet the rest of the time and cold, as opposed to actually having something nice to look at when the sun is out.

But I’ll probably finish off. There were two keynotes, one on each day. The first one, the first keynote, and again, I’ll put the names in because I’ll get it wrong. I know his name was Tor, the first name was Tor. I sat next to him at the conference dinner. But he’s actually a very famous Norwegian mathematician. I know no mathematicians and therefore this unfortunately means very little to me.

But he was actually talking about the history of cryptography in Norway. And that was utterly fascinating and very good to listen to because it was a historical lecture. The mathematics of it was less, and therefore it wasn’t as painful for me as it could have been. The second talk, the second keynote, again, I won’t try with the names but it was given by a Greek gentleman. He couldn’t make it to the conference because he’s been appointed the interim minister for something in Greece apparently, so he gave the talk over a video link.

But again, that was an interesting one talking about machine learning and cybersecurity. So again, a topic that you and I have talked about quite a lot and the risks of attack against it. So I have a copy of that video and I will see if I’m allowed to distribute it, but if not, I will make a more thorough appraisal of its contents and write it up.

Desi: Sounds good. It looks like a really good conference.

Si: It is. I mean, I’ve really enjoyed it. It was incredibly well run and very smooth and, you know, explosions aside: seamless. The people were pleasant, it was fun, everybody was interesting. Yeah, it’s been good, it was interesting. Next year it’s in Greece, so I may attend again. Somewhere in Macedonia. So we’ll see. But I valued it, I learned things. I came away with new ideas and you know, I have been very well looked after while I’ve been here.

All the flyers that I put out disappeared. All the lens cloths I put out disappeared. had a few LinkedIn requests and things like that. So yeah, it’s been worthwhile, I’d say. Jamie, it was value for money.

Desi: So. just quickly for the listeners, if they don’t know, we made flyers for potential speakers that we can give out at conferences and just information on the podcast, right?

Si: Yeah. Yeah, actually we can link to that, can’t we? We must have a digital copy somewhere and we’ll put the link in the show notes.

Desi: Oh yeah. If it’s not we’ll get someone to chuck it on the podcast page,

Si: It’ll be Zoe.

Desi: When she gets back. It won’t be me; when she gets back from holiday.

Si: It’s so expensive here. That’s the only thing. After dinner I bought one round of drinks, four drinks and that was about £40, so €45. I don’t know what that translates to in Australian dollars, but it’s a lot.

Desi: That’s about how much it would cost you to buy a round in Australia in major cities. I’ve been out and it’s like AUS$19 a beer.

Si: 19?. Okay. Oh, well. I just obviously live a reclusive life, that’s all.

Desi: Yeah. I only buy bottles and drink at home now. Work remote, go out remote, party remote. The only time I’m out is at conferences and usually there’s some kind of free grogg.

Si: Yeah. Well there’s, again, you know, the conference dinner, we had champagne to start and red and then white with the meal and yeah, no, it ran out too quickly, but, you know what it’s like. So yeah, only one other piece of news that I came across this morning to share with you: Apparently we are doing better as a podcast than Meghan Markle and Harry.

Desi: That’s not surprising.

Sui: They have finalized their agreement with Spotify and they’re leaving and the $20 million that Spotify put down for them appears to have gotten them 12 episodes. I feel that, you know, we are definitely doing better there.

Desi: I mean, feel free for Spotify to reach out and give us that kind of money.

Si: Yeah, I’ll take it. We have to keep the branding; we do care. But if Spotify doesn’t want to come, that’s fine.

Desi: For Spotify for that amount of money, I reckon we can convince for just the podcast to turn the Forensic Focus icon green, just to match Spotify. But we keep Forensic Focus.

Si: Yeah, absolutely. That sounds good. Cool. So anything exciting?

Desi: Sorry, go ahead.

Si: We only said the other day how much better we were getting at not talking over each other.

Desi: With guests on, because we have a system when it’s just us, it’s nuts and it’s banter and it’s, yeah.

Si: Yeah.

Desi: And we haven’t done one of these for a while: just us two.

Si: No. And I quite like this conference update at site, I think it’s one where we’ll have to make sure we keep.

Desi: Yeah because you don’t forget stuff, because I forgot heaps after I came back when I was trying to write the review, but yeah, doing the update while I was there was really good.

Si: Yeah, yeah. If nothing else, you can go back and listen to it and refresh your own memory. Yeah, what can we say to close out on? Well, actually we’ve got quite a few recordings coming up in the near future. I discovered another one dropped into my inbox this morning though which is nice.

Desi: Chris Vance from Magnet Forensics is coming on to talk about mobile forensics. you have one coming up.

Si: Yeah, I’ve got one with Amped and Martino Gerian coming up talking about EU and video or the EU parliament and video evidence being given. We have Professor Sarah Morris coming on to talk about all sorts of interesting things. She’s very much an up-and-coming rockstar of forensic computing in the UK academic community. She’s brilliant as well, has a great sense of humor and is fantastic to talk to and has done some very interesting things with devices that are non-standard, shall we say. So we’ll save those for when she actually comes on. Yeah, so we’ve got a couple of really interesting guests.

Desi: The last one coming up is the, I guess, students’ experience in education system coming up. Both Si and I have managed to make some friends and we have one each coming on the show. So there’ll be four of us talking through, I guess, the mature learning pathway for cybersecurity in a couple of different formats and from different countries’ perspectives, which will be really cool.

Si: Yeah, yeah, that’ll be good. I’m looking forward to that, that’ll be fun. Intriguingly, the friends that we both made seem to work for the same company in different countries.

Desi: Yeah, yeah. We won’t mention it too much just in case they don’t want to reveal it, but yeah, it was funny how it worked out. And then they both had interesting pathways, which would be really cool to dig into to figure out how they got there as well. So that’d be really cool.

Si: So yeah, so there’s plenty to come back and listen to in future, even if you think us yacking on about conferences isn’t that great. I think it’s great. It’s cool. So it’s living vicariously through somebody else’s conference attendance.

Desi: I’m just really hungry and I feel like a drink now after listening to you talk about that conference.

Si: Well, yeah, I’m off to spend my last day here. Stavanger is a major enough city to have its own airport, but it’s not a major enough city to have regular flights to and from London. So I have most of the day to look around before I have to worry about getting on a plane. So I’m off to take a look around the old town and visit a couple of museums hopefully before having to head off to the airport. It’s such beautiful weather here.

Desi: Yeah, it looks like it in the background, nice and sunny still. And it’s morning over there, right?

Si: Yeah, it’s just coming up to nine o’clock here. According to my watch, it’s just coming up to eight o’clock, which was the reason I was late to this podcast, being an hour ahead of the UK. So yeah, I’ve got most of the day, which will be fantastic to head off till my flight late afternoon, so awesome.

Desi: Well mate, enjoy the rest of your trip in Norway and safe travels back and thank you all for listening. Hope you’ve enjoyed the Forensic Focus podcast where we covered a conference that Si has recently gone to. If you’ve liked this, please like, subscribe, leave a comment, let us know what else you want to hear about and we’ll catch you guys next time. See you.

Si: See you. Thanks, guys.

Leave a Comment