Nuix’s Aidan Jewell On Mac Forensics And Cross-Border Case Collaborations

Christa Miller: Solution consulting for a digital forensics vendor demands a deep knowledge, not just of digital forensics practice, but also of the people who are doing the practice. This month’s special vendor edition of the Forensic Focus podcast brings Nuix’s Aidan Jewell, head of solution consulting in Europe, the Middle East and Africa.

Aidan started working in digital forensics in January 2005 with a law enforcement agency in England, coming to specialize in Apple Macintosh forensics. Later, he joined Nuix as a solutions consultant, responsible for providing technical assistance and advice to customers. Aidan, welcome. 

Aidan Jewell: Thank you very much for having me.

Christa Miller: Of course, our pleasure. So tell us more, Aidan, about how your career in digital forensics began. How did you first become interested, and what led you to specialize in Mac and live forensics investigations? 

Aidan Jewell: Sure. So, well, it was definitely luck for a start, classic case of right place at the right time. I’d graduated university in 2004 with a degree in philosophy.

Get The Latest DFIR News

Join the Forensic Focus newsletter for the best DFIR articles in your inbox every month.

Unsubscribe any time. We respect your privacy - read our privacy policy.

Unfortunately in 2004, the job market for philosophers is pretty dry, but a friend of mine worked for an IT consultancy firm called CCL who were moving into computer forensics and were hiring complete newbies to start their career and to start the labs that they were building. I was able to persuade the interviewer that my degree was at least vaguely relevant because it taught me the importance of a critical mindset and a well thought out argument. Diving into the forensic image and finding the smoking gun is only part of the job. You then have to also find supporting evidence and construct a report that states the facts in an objective manner, but also anticipates and pre-answers any potential rebuttals.

It also helped that we got talking about computers and I kind of geeked out a bit and talked about building and repairing them. So I kind of ticked that box, I guess, being able to dismantle, take an image out, knew the difference between the various drives and that sort of thing. And, it was back in the day where, as far as education goes, there wasn’t that much in the way of computer forensics degrees. In fact, I didn’t know of any at the time. So whereas today there’s quite a few different courses out there and some excellent material and candidates coming through. But yeah, back in the day it was more of, do you know the right end of the computer, and can you learn? And the answer was, yes. I was able to persuade them in that. 

That said, my friend as well, let me know afterwards that she made little voodoo dolls of all the other applicants. So I think that gave me the edge. I can’t take all the credit for that. 

So yeah, I started my career back in 2005. Really just sort of hitting the ground, getting stuck in doing imaging for a while, and then getting more into the investigation side of things, taking those training courses and products and getting into that. 

But as for Macintosh forensics, we started to get a couple of Macs come in every now and again, and I simply identified the challenge that we weren’t ready for as a company because they are quite different. And I don’t want to get into a big Windows-versus-Mac fanboy beat-’em-up, but, they are different, both in the usability, but also on the forensic level. So, you know, I humbly put myself in the firing line to pick these up, as I quite liked taking on the challenge and I told my boss, “Look, you know, if I’m going to be doing these, I need to have a Mac. I’m prepared to buy myself a Macbook.” They’d just come out with the Intel ones at the time. So at least it was, I could run Windows on it if I got stuck. But I said, “I need a training course.” And the only training course was Derrick Donnelly’s BlackBag Technologies one in Silicon Valley. Now, going from Stratford-Upon-Avon to Silicon Valley was seen as a bit of a jolly, but I was able to persuade them.

Thankfully the was, was quite in our favor at the time. So I got to go on a course to sunny California, which is nice. 

Christa Miller: Very nice.

Aidan Jewell: Of course, it then put me in the firing line for all of the Mac cases that came to the door, but, you know, worth it. Similar, in a way, with live forensics. We started to get more and more requests, more from corporate customers. We did a lot of work, for law enforcement — I’d say 99% of our work was law enforcement. We started getting more corporate requests for things like imaging service or taking data off live desktops.

So it’s, again, a whole different challenge to face rather than what we call dead-box forensics, take a drive out, image it and off you go. But at the time there were already some great applications like Helix or Paladin. So again, pick up that software, jump on a training course, learn as you go and, try and hit the ground running. I think that’s how I always learned best — by doing, so jumping into the challenge and just sink or swim in that regard. But used some really good skills going forward. 

Christa Miller: Yeah, it sounds like it. I mean, on that note, you spent 10 years in the public sector conducting digital forensic examinations. What led you to the private sector in Nuix in particular? 

Aidan Jewell: Sure. I mean, there are quite a few reasons. I’d be remiss if [I didn’t] say the primary reason was to move down to London, to live my then-girlfriend, now wife. So that is the main reason, but you know, there were quite a few other reasons, and making the move down to London and looking at what was available in the skills I had, the private sector, the wider array of opportunities, and new challenges. And frankly, after doing about 10 years in law enforcement focused forensics doing predominantly child protection cases, I felt like it was a good chance to try something a bit different. I think anyone who’s endured that level of investigation could attest, important work that they’re doing, but my God, you have to, yeah. It’s a lot of willpower there. 

I was very conscious that most of the private sector opportunities are in e-discovery rather than digital forensics or law enforcement forensics, and it was an industry, a few of my friends and former colleagues had got into it, again, with the move to the big lights of London. But from speaking with them, I soon formed the opinion that it would pay better, for sure, but it wouldn’t be a regular nine to five job. A lot of them worked lots of unpaid overtime, weekends flying here, there, and everywhere and all sorts, which had a certain appeal, but also not that much of an appeal.

And it’s not to say that the work in e-discovery isn’t rewarding, like the law enforcement work is, but I did feel that working in the private sector, I was much closer to doing good, if you like, helping catch bad guys in that way. I think everyone, at some point in their life wants to be Batman and that’s kind of as close as most of us will get, I guess.

Anyway, it’s a hilariously small world and small industry that we live in. One of my good friends happened to be working for Nuix at the time. He had a cool-sounding job. He got to travel. He got to meet lots of different customers, again, mostly on the law enforcement investigation side. And more importantly, he helped take their feedback and make the software better.

So providing that feedback, providing the training and everything, so striving to get the customers the most out of the software, but also to help the software serve the customers better. And I was like, okay, that sounds like a pretty cool position to be in.

I managed to catch a demo of the software and thought it looked pretty powerful. So my friend gave me the nudge that they were hiring and I applied and again, got lucky. So seven years ago, I became a Nuix SC. I’m a solutions consultant. So I was, again, as you said, tasked with seeing customers and seeing if we could help them, help them get the most out of our software or help our software serve them better.

Christa Miller: So only one step removed from Batman. 

Aidan Jewell: Yeah, I’d say so.  I’m not Batman any longer. I’m more like Alfred. The not-so-super hero who can help, like, a hundred Batmen. So that’s the kind of a different way that I look at it. Helping to beat back the challenges that they face, so our awesome developers can then kind of build more cool gadgets for the Batmen of the world to — but I’m kind of wearing out the support a bit.

Christa Miller: Oh, no. I mean, it’s the sort of thing that, you know, if Batman had to do all of the development himself, you wouldn’t get to be Batman. Right? So you needed Alfred. 

Aidan Jewell: No, but he needed Alfred and Robin and everyone that’s around him, that support team. He wouldn’t be where he is without them. Being a billionaire helps, of course, but we can’t all be that. 

Christa Miller: Of course.

Aidan Jewell: Aside from that, it does actually still mean a lot to me, but in the position I’m in now and talking and helping the customers that we have, we can still go a long way to help catch bad guys. So I know that the same applies to a lot of the people within the company as well. We can feel very proud of what our software can enable our customers to do. 

Christa Miller: So, tell us a little more about your role as head of solution consulting. What does a typical workday look like for you? 

Aidan Jewell: Sure. Well, I’ve been leading and supporting our team of SCs here for four years now, and as the global pandemic has altered what a typical workday once was, what has remained a constant is actually the variety, again, day-to-day work. There’s a lot of different things I do on a day-to-day basis. But it pretty much all revolves around talking to people and listening to people. That’s pretty much what I do day in, day out. I’ve been used to staring at webcams an awful lot now, as I know that most of us are when we’re working from home.

But yeah, a lot of it involves maybe speaking to customers, showing them stuff that our products can do, giving some training or helping them with workflow. Or listening to them when they say, “Hey, we’re seeing this change in what we’re dealing with. This data is different, or the people we’re investigating are using this medium. Now, can you help us?” And taking that information and feeding that back to our engineers and our product team as well. So that’s an important part of our job is to act as that funnel, to carry the customer’s voice back to the people who then made the cool gadgets for Batman. 

And then there’s also some of the things I’m involved in on a day-to-day basis. So like today, for example, a part of one call with our products and innovations leads as they showed some cool API level work they’ve been doing to one of our customers. So this customer of ours, doesn’t use the interface at all. They just use the engine that’s behind our software and they write their own applications to it. And we fully support that. And so we were — they were geeking out and I was enjoying watching them geek out about all the cool things they’re doing in the future over the next few months to enable this customer to scale up and deal with the data that they have. So really cool stuff. Really fascinating talk.

But then before that, I was wearing more of my leadership team hat, just getting more involved in kind of internal meetings and, around technology partners and strategies and go to market and all that kind of stuff. So less as cool, but still very rewarding and deeply important to taking Nuix forward to help us and help everyone more. So no day is exactly the same, but I think that’s definitely a blessing. And considering I’m pretty much sat here all the time. Variety helps keep the same. 

Christa Miller: Sure. I bet. Yeah. You know, and with regards to that variety of the EMEA region comprises a wide range of cultures, laws, resources, et cetera. What are some of the key trends you’re seeing in each of those three sub-regions, both the differences and the similarities among them?

Aidan Jewell: Wow. Gosh. Yeah. There’s a lot we have to consider when working here and a lot of our customers are having to consider even just within Europe, let alone adding the Middle East and Africa on top.

I think for the most part, it revolves around privacy and compliance. It’s the banner heading for a lot of these issues or new challenges we’re facing, and they’re only exacerbated by customers moving to the cloud in huge numbers now. Enabling people to work from home means you have to have the IT security in the systems that are in place and the easiest way is to move it up into the cloud.

But some customers and some countries can’t allow data to be hosted outside their borders, or won’t allow it. There are many different reasons why not. And we, and the customers have just to keep that in mind, that we have to provide them a solution that can make sure that their data is safe. Whether that’s having a new SaaS environment specifically within that country, so their data absolutely stays within there and ensuring that no one outside of the country has access to that. 

So risk and compliance is certainly key on a lot of people’s minds, but what that’s also shown, and it’s more over the last three years, rather than immediately with COVID, is there’s been things like GDPR, which is a kind of a dreaded four letter initials . But on top of GDPR, GDPR’s just essentially the most famous one, but there’s so many more regulations and compliances and laws and all sorts of that many places, especially financial institutions, have to adhere to, or already had to adhere to.

And they’re coming up a lot more, and for police forces and police agencies as well, and law enforcement getting their own, kind of GDPR-esque laws and things that they have to deal with. And whilst that’s fine, and data privacy is absolutely paramount and the people should be taking every necessary step to manage the risk of their data, a lot of other times it presents new challenges to our customers because they’re having to bring in new teams of people to deal with this, data protection officers and the like. 

Plus, I’ll give an example of a nameless entity or corporate that we work with. The forensics team is who we would typically speak to because we’re a forensics product, and we want to help them get the most of it. But they have new challenges where they are being asked, or indeed required, to work with their IT team, their IT security team, their compliance and risk, their HR and their legal teams. 

And these are all teams that never really spoke to each other before, but now they have this big problem of compliance and risk and they’re all kind of pointing fingers at who has to do what, and they’ve never been in the same meeting room with one another. They don’t understand — most of them don’t understand the difference between a gigabyte and a terabyte. It’s abstract to them. So getting every one of them, those stakeholders around the table, and we assist in this, was showing what our software can do, but ultimately it’s on them to say, right, well, we own this part and we own that part, and this is where we have the handover. 

So enable all sorts of different work players, it can just be answering subject access requests or doing a discovery exercise on their own data because they have to work cohesively together under even stricter deadlines and threats of enormous fines. They have to now open this Pandora’s file share of data and discover what is it in there and how much trouble are they going to be in if anything were to happen to it? Those are some huge challenges, posing a lot of our customers. 

And whilst I think the law enforcement agencies have, certainly from here, have avoided that for a while, with more regulations coming in, they’re starting to have to take note of this. And so forensics teams are going to have to work more tightly with other areas of the businesses that they might not have talked to before. So there’s a lot of interesting challenges with working from home and everyone moving to the cloud. It just exacerbates those and brings those all to the fore. 

Christa Miller: And that’s on top of the technical challenges, which was going to be my next question actually are, what are some of the big, key technical challenges? We’ve talked quite extensively about the regulatory landscape, but, what are the technical issues that, as well as the requirements that your customers are encountering and how does Nuix help them to address these?

Aidan Jewell: Sure. So there’s quite a few. Obviously we pivot and change around all of these, but, I guess it depends on the area that people in, certainly over the last five, even 10 years, in the law enforcement space, it’s all mobile. So computers less, mobile is more — when I was still doing casework, computers were, say, 80% of the work and 20% was phones. And now it’s probably shifted the other way, from what I’ve been seeing with our customers. 

There are some great mobile forensics tools out there. We have a strong partnership with XRY or MSAB, who make XRY. And we also communicate with others like Cellebrite and Oxygen and the like, so we can take in their data. We’re not going to be a mobile phone forensics platform to go into the level of development that those guys have. Awesome work that they do, but what we can do is help take in the mobile phone data and the computer data and the cloud share data and the fileshare data and social media, and just have one window into it all.

What we found is, and certainly when I was doing the casework, you’d often have different teams of people, even in different buildings, doing mobile phones — some doing phones, some doing computers, some doing cell site analysis and all sorts, but they don’t marry any of that information together. Or they might provide separate reports to a case officer who then has several DVDs’ worth of PDFs and spreadsheets to try and match up.

Being able to at least put it all into one interface to say, “Well, this is where the person was browsing the internet on their phone. They got to their home because we can track what they’re doing through GPS, because the phone forensic software provided that. And this is where they turned on their computer, used Chrome in order to pick up where they left off on their phone, and carried on their internet browsing there.”

And just having more of a complete picture — or in one of the demonstrations we do, you find a fragment of an email with a telephone number, but no other context around that telephone number, how can we find out, well, who did that belong to? Who used it? When was it used? Is it, are they relevant to the investigation?

So having software that can say, “That’s a mobile phone number. I found that mobile phone number in this context, while on that mobile phone,” is just key. Being able to draw out those links automatically can really help clear a lot of time in the, in these investigations. 

If you think about — I’m gonna use another Hollywood example, but any kind of crime show where they’ve got a corkboard with various photographs of suspects and red string across the lot — I’ve done that, drawn it out, takes a lot of time, but it’s invaluable to get across to maybe a lawyer or a case officer who doesn’t understand digital forensics, but does understand pretty pictures and bits of string — invaluable, brilliant work.

We can get the software to do that for us. We’ll save an awful lot of time. If we can get the software to highlight that for us — but without us having to make those leaps of logic, if you like — then even better. We can now say, “Hey, this person, they didn’t have any digital communication with that person, but their phones placed them in the same coffee shop every Friday morning. Is that coincidence or is there something there?” So being able to pivot around not just digital communications, but other forms of, digital evidence that might suggest as a link, even if there’s no direct communications there, they’re saying A spoke to B, spoke to C, spoke to D is, could you infer that A might know D? So, software that can make like seven degrees of separation from Kevin Bacon very easy to solve. 

Christa Miller: That’s basically your pattern of life, I think that, has been, yeah. 

Aidan Jewell: It’s been, increasingly crucial for a lot of our customers, not just in the law enforcement space, but also in other worlds as well. So on top of the mobiles, along with the data, it was with computer data and cloud data, a lot more people are storing things in the cloud. But especially as exacerbated by the pandemic is the move to more global collaboration tools like Teams and Zoom and Slack and everything like that.

Teams has been a huge focus for Nuix and for a lot of our customers over the past year or a year and a half, even before COVID hit. Teams was proving very popular. It’s a huge platform for people to not just communicate, but to share and to collaborate. So I could send you a document. You can edit that document in the chat and then send it, pass it on to someone else. Being able to trace the version history and pull back every version of that from the original I sent to you, the two times you edited it, and the third time that your friend that you sent it to edited it — and show all those versions side-by-side — that’s very powerful. 

Plus we often find the people doing these investigations are increasingly less trained in forensics software or e-discovery software because the sheer volume of data and the sheer volume of the investigations. Our industries are still very small and quite niche and to become an expert in it takes a great many years and a lot of experience. You can’t necessarily just buy that in quickly, if you need to scale it to a large examination, but if you can prioritize having the deep level forensic stuff, like the file provenance in recovering data, if you can get the forensics guys to focus on that and have the software make it easier for the case officers or the barristers or the HR officers, to be able to just go, “Right, type in my keywords. I can Google, browse it like it’s an Amazon thing or reading email, bookmark it, redact it, add it to a report.” If you can make that side easier, you free up a lot of time, the forensics people to really do the forensics. So the idea that you can have two teams of people or three or four teams of people, different questions on the data, different levels of experience, but all utilizing the most of their experience to get the most of that data at the same time. That’s a key one for our customers. 

Christa Miller: So on that note, what advice do you offer customers based on your long-time experience? Customers who are new to digital forensics and really anyone who is interested in the profession.

Aidan Jewell: So first I’ll take those who are interested in the profession: go for it. It’s a fantastic profession. It feels quite niche. It feels definitely, still feels very cool. Like you are, as I say, I’m going to wear this metaphor out. Like you are Batman doing some good. So if you’re at university and you’re looking at it or you’re about to join university and you’re seeing the degrees you go for computer forensics interests, you absolutely jump straight in. There’s a lot of really good courses out there, some get criticized for being more book learning than hands-on experience, so that when you come out, that’s when you’ll start getting the hands on experience. 

And be prepared to change your views on things as you go along. That said, there’s ways and means to scale up and certainly ways and means to get in. I did a talk at a university once for a friend who ran a digital forensics course there, that the two main streams at the time were digital forensics, traditionally law enforcement, or e-discovery and going into the Big Four or working for a law firm, et cetera. Those two worlds, those fields, they had a little bit of an overlap, like a Venn diagram. 

More and more, those circles have been coming closer and closer together. The law enforcement side, where they sat down with their forensics tools, they went through images and phones and the like. They had to go very deep into the data, but it wasn’t huge, huge datasets. Not compared to, say, taking a hundred mailboxes or a hundred PSDs and looking through a wider range of data, but not going quite so deep as you might see on the e-discovery side. Their needs are definitely much more overlapped now.

So whether you’re going into computer forensics and you want to go towards investigations or e-discovery, you’re not making that decision for life. You can go from one to the other and back again, and there are other avenues in between. You could go off towards a malware investigations, incident response. You can go into governance and risk and compliance, as I said before, those with more of the experience in data and as I said, the difference between a gigabyte and a terabyte. If you know that, you’re probably already, quite far ahead for most of the people that I’ve come across, who now have this challenge of dealing with terabytes or petabytes of data. If you have a comprehension of what data is, and you know that what happens when the file gets written, what happens when people make changes to that file, the elements and the provenance around that, you’re already a lot further ahead than a lot of people in that industry. So don’t feel that you are pigeonholing yourself into the terribly small industry that is digital forensics. There’s a lot of opportunity out there, and I say go for it. There’s not enough of us. And there’s always new challenges, new data and new data types, new media that we’re going to be consuming, all sorts. We need all the best brains in the world to get ahead of the game on all of this. 

And another option for you is joining a software company, like Nuix, and help make software better. It doesn’t have to be Nuix, but of course I work for them. I’m going to champion, but there’s a lot of cool things that software out there is doing. And a lot of really innovative minds. If you’re more interested in decompiling stuff and programming things, that is absolutely an avenue to you as well. So go in open-minded, come out open-minded, and get to work. 

Christa Miller: You’re mentioning all of these different challenges. How do you see them evolving as 2021 begins, particularly with regards to the COVID-19 pandemic and how has that shifted the investigations landscape? 

Aidan Jewell: Sure. So, COVID-19, for a lot of people it’s involved working from home and for a lot of people that involves being online almost 24-7 in many cases, a lot of people’s life balance has gone out the window.

So, a lot more digital data is being created and consumed, stored in archives and searched upon. We’re seeing the news all the time about various websites being hacked and all your personal data being taken and sold on to various other companies. So we’ve got a big tranche of data that you don’t control anymore is out in the ether, as it were. But there’s also the data that you do control within your environment. And that grows rapidly. We always used to joke that back when I started forensics, it was a 20 gig hard drive. It was, “Ah, this is going to take me awhile.” I think I’ve got micro SDs with bigger storage on them than those things. I think in this room alone, I’ve got 10 terabytes of data. It’s astronomical. So I think where we might be in 10 years time. Will I have that, or will it actually be, again, I’m down to a terabyte in my room, but a hundred in the cloud? And then that brings other concerns of, well, if it’s in the cloud, what jurisdictional implications are there? Can I access that data? Is it stored here? Is it California or is it in Frankfurt? And who can then access that and who can investigate it? So there’s lots of different challenges there. I think the data growth from working from home has only exploded. The usage of collaboration tools and communications tools has definitely exploded, but that means a lot more is being captured.

If you arrive with discussing and having an interview in a meeting room, for example, the contents of that meeting is probably not recorded or a one-sided view might be kept in minutes. Whereas calls on Teams, or chat logs in Teams and Slack, et cetera, they are recorded. So we’re capturing a lot more information, a lot more chat between people, things like Bloomberg — heavily used in the financial industry and heavily regulated industries such as the financial industry. So a lot of this data is being captured and is there to be investigated. So that just means more work for us, more work for everyone in our industry and more work for the software to pivot around as a new collaboration platform spins up. 

Christa Miller: Yeah. I mean, you talked extensively about what the software does and how it helps with investigations, and I’m wondering how Nuix is poised to proactively address these new challenges. 

Aidan Jewell: Sure. So we have a great number of different sort of engineering teams, all tasked with looking at these. So we have ones for the products, but we also have ones around more ideas like connecting into data. So our connectors team has spent a lot of time working on O365. We’ve had connections into O365 for a long time, but Microsoft will update their APIs constantly, will update that they can add in new applications. Teams, a few years ago, not many people used it, and it was nowhere near as developed as it is now. And the graph API was quite infant then, and now it’s a lot further along.

So the teams have to constantly stay on top of the, of the shifting trends that Microsoft or Amazon or Google or whoever are, they’re going to be changing all the time. We have to keep on top of that. So we’ve got a lot of engineers who are dedicated to that, and they listen to our customers, so if our customers say, “Hey, you know, we’ve got a lot of our = developers using Slack” — Slack is very popular for developers, so we need to be able to investigate that data. And then it comes down to the Connector team to go and do some awesome research and testing and playing and seeing what we can grab out of it. And this may not just be the chat log, the file transfer, the file revisions, all sorts of different things.

Even something as simple as a reaction — you post something and they’ll put a little thumbs up reaction. That’s a separate communication. That’s a separate piece of metadata. And not only is it something jovial, but that’s proof in court that I’ve read your message. It’s better than the read receipt. The read receipt could be, well, actually I wasn’t at the screen, it just flashed up. But the “like” is, it’s hard to argue that I didn’t read your sentence if I put a “like” on it. So there’s lots of considerations in that regard. 

Nuix pivots a lot around those things. We like to listen to our customers, gather the feedback. A lot of our customers in EMEA are law enforcement and government agencies. So they’ve been more tool focused on mobile phone forensics and cell site and call data records, being able to take in all of that data. Things like call data records, which are more of a structured database. So not like getting an E01 or any kind of forensic image file, which is all unstructured data; this is all CSVs and structured data, and how it goes into the engine and how it comes out is very different. So always new challenges, always new file types. We do our best to stay on top of it, but we’ve got some very talented guys and girls who are very good at that kind of thing. 

Christa Miller: Yeah, it’s fascinating to hear about the different challenges and how you’re meeting them. There’s a lot going on behind the scenes, I think, that people don’t think about a lot of the time. 

Aidan Jewell: Absolutely. And I’ve not even touched on another of our products that’s more aimed towards the legal and e-discovery, but our Discover platform — our legal review platform — we’ve done a lot of work in there around machine learning. And machine learning and AI is, for me as a philosopher who actually did a module on this, I always draw the very distinct line between machine learning and AI, but it’s become quite a bit of a buzzword in today’s society in our industry. How can software make a review? Is life easier by going through, learning what people are looking for, and bringing stuff up to the front?

So there’s always been the traditional predictive coding. The computer will sit and watch you make decisions on 10,000 documents and then say, “Right. I think everything that you are tagging as relevant has stuff to do with oil rigs. So everything that has the keyword ‘oil rig,’ I will now tag as relevant.” You look through and you go, “Not quite ready with that model yet. I’ll carry on.” So it’s constantly watching them when you pull the trigger, it will then code the rest. 

So that’s predictive coding or technology assisted review 1.0, which is great. It’s been around for a while and it has helped a lot of people get through a lot of data. But what we’ve got in Discover now, as well as that serious upgrade to that, is continuous active learning. So what that does, is it watches what everyone is doing, the encoding, the information, but rather than saying, “I will tag all this information for you once that builds a model,” it actually says, “Well, judging by what you consider as relevant, you’ve still got 2 million documents left in review, but I’m going to look through all of those and say, well, I’m going to give you the next most relevant batch. So when you finish your batch, I have shuffled and organized the remaining documents [and put] what’s most potentially relevant at the front.” The idea being the computer says all this back to your reviewers. And as they start seeing less and less responsive items, it’s because the computer has already given you the potential good stuff, if you like. All that potentially relevant data has come through. 

So you can reach a point in your investigation where you go, “Unless our questions dramatically change, if we’re still looking for the same matters, we can draw a line here, and we have got this. The algorithm can give us the results and say, “We’re going to draw the line there.” And it is accepted that that’s where we’ll stop, because these things can go on for months and months. Having the computer serve up the most relevant dates to you first, enables you to get through and reach a point where you can just go, “We agree. We’re going to stop here.” Save a lot of time and money in that account.

So machine learning is fascinating for that. We do a separate one in Workstation regarding, taking deep learning models for graphic image analysis. So even something as simple as saying, “I’ve got half a million images, just sort them into filters. These are all cat pictures, dog pictures, guns, drugs, knives, et cetera.” So then the reviewer can prioritize what they want to look for rather than skim through 10,000 images that will come from the computer game, the Sims, which, anyone who’s gone through the Sims could attest that that was not a fun time. Rather than just them going through all of the potential, any kind of random images, that serves them the most potentially relevant first, and then they can decide where they ought to draw the line.

So a lot of cool technology out there, and there’s always new ways of manipulating it and using it to make the end users’, our customers’ lives easier. 

Christa Miller: Yeah, and I’m thinking, too, of the requirements for proportionality  in the UK and other countries, I imagine, and how this feeds into that as well — not just meeting the investigative needs, but also the needs around the legal community, what the criminal justice system is requiring. 

Aidan Jewell: Absolutely, yeah. So it’s very important that you can reach the point where it is agreed that yes, this is the point where both sides can agree, “We can stop here.” 

Christa Miller: So my final question, I’m going to switch gears a little bit and go for something a little more personal. When you’re not at work, what do you like to do in your spare time? 

Aidan Jewell: Wow. Okay. So, don’t have that much spare time. I have a two-year-old boy, who occupies pretty much all of my time, and when the nursery was closed at the start of COVID, occupied quite a bit of my work time as well. My apologies go out to any customer where I’ve been disconnected from the demo because he slammed the lid of my laptop shut, for example. So as a result of that, unfortunately, and I’m sure a lot of parents in the same position, he’s had a bit more screen time than I’d have liked, but needs must, and all that.

My boy and my wife take up a lot of our time. This pandemic actually really helps in that regard. I used to travel an awful lot, so spending a lot more time with the family has been invaluable. So I always see the positive in that for sure. Aside from all that, I used to do a lot of obstacle course running, like Spartan runs  and the like, those aren’t happening now because of COVID either. So, you know, that’s a year of that gone. So kind of more been turning my hand towards general tinkering and 3D printing. I’ve been getting into that in a fairly big way. Just printing random stuff that may or may not be of use to people. It’s always fun. And even just sort of designing a few bits of itself, kind of keeps the creative mind going.

Christa Miller: I was going to ask if you’re doing the digital forensic analysis on the stuff that you’re sending to the printer. 

Aidan Jewell: No, but that is tempting, pulling apart the STLs and seeing what happens with that, yeah, that’s something I could look into. I did a bit of drone photography as well, but I live quite close to an airport and when the new laws came in, I can’t fly anywhere near my house now, which is a shame. And I crashed it as well, so that’s then put a stop on that. But there’s a few things, tinkering with smart home appliances, automation, lots of just geeky stuff. Tabletop role play that now is online, thanks to COVID. So I think with a lot of people, the pandemic has had a big impact in people’s hobbies, but with a lot of things, if you can pivot around and use online tools then you can carry on with a lot of these things and certainly it helps keep you sane during the times we have sat on the same chair all day. 

Christa Miller: A hundred percent. Yeah. Well, Aiden, thank you again for joining us on the Forensic Focus podcast. We appreciate your time. 

Thank you very much. 

Good talking with you. Thanks also to our listeners. You’ll be able to find this recording and transcription along with more articles, information and forums at If there are any topics you would like us to cover, or you’d like to suggest someone for us to interview, please us know.

Leave a Comment

Latest Videos

Digital Forensics News Round-Up, June 19 2024 #dfir #digitalforensics

Forensic Focus 19th June 2024 2:46 pm

Digital Forensics News Round-Up, June 19 2024 #dfir #digitalforensics

Forensic Focus 19th June 2024 2:14 pm

Digital Forensics News Round-Up, June 12 2024 #dfir #digitalforensics

Forensic Focus 12th June 2024 5:51 pm

This error message is only visible to WordPress admins

Important: No API Key Entered.

Many features are not available without adding an API Key. Please go to the YouTube Feeds settings page to add an API key after following these instructions.

Latest Articles