Si: Right. So welcome to the Forensic Focus podcast, ladies and gentlemen, boys and girls, and anybody else who wishes to identify as anything else in between those variables. Desi and I today just going to have a nice catch up and a chat. We’ve got new toys to play with. We’re debating the merits of not learning Java and… <laugh>. And we’re going to go from there and see how this pans out. So yeah, I’ve been… My coding is interesting, my background… I learnt C at university. Actually, I learnt C and I learnt Prolog at university, and Prolog has come in completely useless.
C, obviously, is a really good programming language, but really low level. I then moved onto Perl, which kind of, I mean, it still exists, it’s still out there, obviously, you know, languages never die. They just become COBOL and…<laugh>…and you get paid more for knowing them. But Perl’s still out there. And in fact, I do occasionally still write a script in Perl because I know how to do some things in it that I’m not sure I know how to do in anything else. Python seems like the logical successor to it. But I was…go on…
Desi: On Python or Rust, I think. I’ve seen a lot of like Rust courses come out apparently because they’re like memory efficiency and stuff. So, I guess it depends on what you’re aiming for. But Python is definitely flexible.
Si: One of my colleagues is very pro Rust. I think it’s to do with the ability to write secure code in it.
Desi: There’s a lot of malware these days coming out, that’s been written in Rust as well. So, from a defensive standpoint learning it is beneficial.
Si: That’s interesting actually. I mean, Rust’s compiled, isn’t it? It’s not an interpreted language, it’s a compiled language. Yeah.
Desi: Pretty sure. Let me, sorry, let me look that up while you keep talking.
Si: The other one I was looking at is Swift. Now I use Macs quite a lot. I tend to use them as Unix machines. Google my background. But Swift is the Apple open-source programming language. And so, on the macs that’s quite good. And that comes with Xcode. But it’s a very long time since I did, you know, algorithms and Big-O and Little-O notation and all of the good stuff like that.
So you know, looking on getting back into it and I was looking this morning… And you know, it’s one thing to spend time on a course or put money down on a course to learn. But it’s always quite nice if at the end of it you can come out with a skillset set and a bit of paper. And I was looking to see if there were any sort of degree modules or degree courses master’s level stuff maybe, in something like software engineering or whatever.
And I was sort of wondering around the web this morning. And yeah, the amount of people that are teaching Java and I’ve never had any desires to learn Java or Java script and I’m sure I’ve upset some programmers out there who are listening who think Java is the best things since sliced bread.
Desi: I think it depends on your outcome, right? Like I was doing a challenging investigation today, like a little CTF thing and like Java’s heavily used in web applications. So, I guess, languages are good for the purpose that they are generally build for.
Si: Designed for, yeah.
But, in terms of like automation for security tasks that you would do, usually most people turn to Python. But that’s because there’s so many community-built, supported libraries out there that will do things that they need them to do. And that’s the community behind Python, like Python wouldn’t be as big without that, I don’t think.
And it took a huge risk as a language when it pretty much rewrote itself from Python 2 to Python 3. Like, there’s still tools out there that you need the old Python 2 to run it, but everything seems to be shifting to Python 3. And the community was really supportive of that as well.
Si: That was a very interesting experience for me. So, I mean, I’m not a coder, but I can read half a dozen languages because…My human language skills…you know, constructing a sentence in pretty much any other language for me is a very, very painful process. But I can actually read to a certain degree French and German and then on the basis of that I can kind of make sense of Italian and Spanish. Because they’re all in that European School of Languages, along with English, is quite…
Desi: We bastardize everything. Right?
Si: Yeah, exactly. So, I was always so disappointed, and this goes to show my age apart from anything else. When I learned French the first-time round, a skateboard was a planche à roulette, which is a plank on skates, on wheels. And now it’s le skateboard. Which I think is a terrible waste of… and actually they’ve done the same with computer. It used to be ordinateur. And now it’s—apologies to anybody who has pronunciation skills, I’m doing my very best, I promise—And it’s now le computer, which is again, a horrible degradation of what is quite a beautiful language. There you go. For those of you, I’ve just murdered the pronunciation of the language; I think French is beautiful. So, there we go…
Desi: But I guess we were having a quick chat before this about. You were looking into university courses and like about a year and a half ago, I’d taken a Udemy course on Python. And that’s like, I’ll chuck that in the show notes. It’s something that I’m still doing. But the benefit of the course I found, like it comes from a learning institution, they have their own company, but that particular course on Udemy is a hundred days of coding, which is like, for those in programming and studying, that bootcamp mentality is quite a well-known premise.
And the idea is to give you a hands-on practical portfolio at the end of it. And the really good thing I found about this course was it provided that fill-in, in the skillset between: Here’s the beginner, hello world, in an if loop, and here’s this advanced project that we want you to do some automation in and actually filled in that gap, for you to get your skills to that final kind of capstone project where you are self-sufficient coding and doing your own thing.
Si: And that’s kind of where I’ve always struggled actually. So, I’m really excited by this course because like I say, I learnt C, so I could program if loops, conditionals, cases, you know, all of the pointer arithmetic, all of that stuff. I learnt it all. And then there’s like: Okay, so I know a language and here’s Unix that’s written in C. How do I go from here to here?
And you know, that’s currently where my programming level is at. You know, I can string together a simple procedural functional program that will take an input and give me an output having processed it in the middle. Ask me to do anything which has any form of user interface or any form of you know, sort of variable functionality within it. So, you know, conditional functionality beyond: this the input, this is the output. I’m pretty useless.
But you know again, I was a CIS admin. I wrote a bunch of scripts you know; I bashed scripts and things like that, you run jobs, you do this, you do that. And it’s actually quite close to the way that I still do forensic cases to a certain extent. I use GRIP, sed, orc, the command line tools for munging and manipulating data, you know, head, tail, first, last. And I rip stuff apart that way. But even then, it’s still very procedural. It’s like: this input, this input, this input. Yeah. It’s daisy chained into a longer thing. So, the idea and Desi said that he’s halfway through the course, and it really is a hundred days?
Desi: Yeah. A hundred projects as well.
Si: It’s astonishing. Yeah. But he said he’s on, what was it? Intermediate Plus, and I found I think the Intermediate Plus project that he’s getting stuck on, which is the automatic swipe right on… I’ve lost it now. It was day 50. There it is: Intermediate. Auto Tinder swiping bot in Python.
Desi: Yeah. I just couldn’t get past the like mounting the phone with a glove on a fan to just do it for me. <laugh>. I really like the practical applications rather than programmatical. So yeah, I kind of like stopped there…
Si: Actually…oh, sorry… actually, from a forensic perspective, this middle section is actually really good because it’s talking about the web scraping stuff, logging…
Desi: Some really extensible projects that you use…
Si: Yeah, Twitch, Instagram and web scraping, data entry things. So yeah. There’s a lot in here that’s really good. And actually, you know, again, we’re not on commission for this one. We need to figure out our sponsorship, you know…NordVPN.
Desi: Yeah. We’ll promote you if they want us to.
Si: But for a hundred days’ worth of stuff, and you are already halfway through it or thereabouts and you’re saying it’s good. So, you know, I’ve got faith… but for 18 pounds, that’s insane. You know?
Desi: And it’s one of those like… like learning a high-level language, like you said with the Bash scripting stuff. You can get really advanced, but it becomes very complex with stringing multiple things together. Whereas when you want to like, run things in parallel or do some complex tasks with these larger programming languages… it is like learning a language.
Like you can learn how to construct a sentence, but if you don’t have a dictionary of words behind you, you’re very limited in what you can say.
Desi: And like programming’s the same. Like, it’s not so much that the language or the structure of its heart, if you’re a logical thinker, the struggle is you just don’t know what kind of libraries and packages exist out there until you get into it. And that’s what this kind of course and the bootcamp courses do, is they introduce you to a new library and they’re like: Here’s this library and here’s what it does, and here’s all these features that it can give you.
And it takes you a while. If you don’t have a big programming background, it takes you a while to pick up a new language and go and read the documentation and understand what different libraries are doing. So, having… This is why one-on-one courses and going to do a Bachelor’s degree in computer science is really good. Because that’s what they teach you, right? Like, I think in today’s…
Si: Yeah. You start from scratch.
Desi: Yeah. You start from scratch, yeah. I just think in today’s day and age, the industry market for learning is so good at the moment. Like we are living in such good times to get such a great education and not paying that much money. As long as you’ve got the intrinsic drive to do it, I think that’s the biggest thing. Because Uni forces you to do it, right? Like it’s like a job.
Desi: You’re there. Whereas I own like 20 courses that I haven’t finished.
Si: Only 20?
Desi: Oh man. I have so many just sitting in the wings…I don’t even want to talk about how much money I’ve spent on stuff like that. It’s like a steam, it’s like a steam game library. Like you see a sale and you’re like: I’m going to play that game. Yeah. I’m going to buy it for like five bucks and play it. And then I have like a hundred games that I haven’t played, just because I got them for free or for five bucks. It’s the same thing with courses for me. It’s terrible. It was one of my new year’s resolutions to finish courses… and <laugh> I just bought more.
Si: Yeah. Yeah. I was going to say, there are two, and again, we’re not sponsored in any way. There are two other ones that I’ve come across that I have rated. One is something called Masterclass. And you… actually, I can share the screen, so let me…
Desi: Especially when they give out free, like single Masterclasses, in something that you’re interested in. I always love jumping on those.
Si: But I mean the Masterclass sites and the people who they’re pulling in… I had a subscription for a couple of years, and I wasn’t using it enough, so I’ve canceled it. But fundamentally, you can go and learn. There’s not a huge amount of tech stuff in there, in terms of what we do. There’s not a huge amount of tech stuff in there, full stop, but there’s like…
Desi: But I think that’s all right even in today’s age, right? When we’re paying… Like, I’ve got three subscription services. If I got rid of one… Like Masterclass and get something that you’re interested in, to learn…like Darknet Diaries, like I support that podcast because I learn a lot from it, and I think the content that Jack does is really good.
Si: But I mean if for example…cooking, they have a fairly extensive thing. They have Gordon Ramsey on there, teaching, cooking, Thomas Keller, Wolfgang Puck, you know, there’s really big names. Ottolenghi is a fantastic chef, in the UK. Actually, his restaurant’s really good as well.
So, if you want to try any of those…but it’s the writing and acting classes that they have that are phenomenal. So, you’ve got, I mean, I’m going to say: Dan Brown. I wouldn’t necessarily suggest he’s a particularly good author. Successful, massively successful, terrible writer. Again, Dan Brown fans out there: I’m sorry. Dan, yourself, I’m hugely in awe of what you’ve achieved.
But I used to read a lot of Dan Brown and I picked it up in the airport. I would read it on a plane where concentration levels required are absolutely nothing. And the attention levels are low. And I could read at my pace and it was fine. I used to really enjoy Dan Brown. I got a new audio book and I started listening to it in the car. And because I couldn’t skip paragraphs and I had to pay attention to, it drove me around the bend.
It was so badly written. Anyway, I’m massively digressing. The other one that’s really good is actually called Domestica. I don’t know if you’ve come across that one. Mostly those aren’t in English necessarily as the first language. A few of them are. A lot of them are in Spanish or actually a lot of them are in Spanish, because it’s a Spanish company I believe.
Desi: Yeah, actually I have seen Domestica before and I find this as a thing as well. If you’ve got zero money to spend on these kinds of courses, usually you can find stuff that might not be as polished, but you can find stuff for free. Because I was looking at an artistic course. I got myself an iPad to travel with for work.
Like we can use those devices with our company stuff. And iPads are really good for kind of the art drawing apps. Because I got the pen with it as well. And I was like: Oh, I should learn how to…. like I used to love drawing. And I was like: Oh, I should do some drawing courses. So Domestica was one of the ones that I saw.
There’s also like… Apple loves their apps because they get a 30% cut of everything anyway. But as I was researching all this, I found like Reddit subgroups that were like… people were posting videos on how to do things that you would learn in these kinds of courses anyway.
And there was like a few really well-known users within those subgroups that if you just followed their user channel, they would post like daily… like, here’s a little tip, art thing. And like as I was doing that, I was like getting better and better at doing some of the art stuff. But that was completely free. And YouTube, I guess is another example of that, that’s a great resource.
Si: I was going to say, on YouTube, if you go to the MIT, MITOCW, so MIT Open Course Ware, they have a section on computer science which includes some fantastic stuff. I’ve actually recommended, well, actually funnily enough, the computer operating systems course that they do, because it’s based on the same book as I use, that we were using at Warwick to teach the operating systems course.
There was actually a lot of crossover between what their lecturers are saying online in the open courseware stuff and what we were saying in the classrooms to students. It’s very realistic representation of a degree level, a first year undergraduate degree level course, in operating systems for me. And I’m just looking at it now.
They’ve got in the computer science section: algorithms, there’s an introduction to computer science and programming, which I think is going to do Python. And there’s AI in there. Computer systems security. I mean some of these, they’re old to a certain extent. I mean the computer system security one dates from 2014, but fundamentally, the principles of computer systems security haven’t significantly changed in the last seven years, no… 2014. 10 years, nine years. Time flies when you’re locked up in the pandemic.
Desi: And doing math is hard.
Si: Doing math is hard. Yeah. <laugh>. Yeah. So, the MIT open courseware is good. I’m not sure. I think my experience of online forensics conversations has not necessarily been as positive, on online forensics training, has not necessarily been as positive as, I mean, obviously MIT’s a huge institution that has a lot of backing.
I have seen a few forensics courses paid for. I was asked to review one. Somebody wrote to me and went: Would you review this course? And they then promptly had an argument with me about whether they were actually going to give me access to the course or not. And then they gave me access to the course, and I pulled out three errors in the first lesson and suggested that perhaps they didn’t really want me to do an honest review of this, because I thought it was shit. So, you know, there is definitely quality issues out there.
Desi: I think forensics is hard because it’s… Like you can go and look up the basic principles of forensics or digital forensics on Wikipedia and everyone agrees with them, right? You kind of have chain of custody. Like you hash your evidence at the start. You handle everything with care. You need to be able to explain it. Like every forensics course I’ve ever done, that’s like 1-0-1, right? In the first one to three lessons.
Where it gets tricky and because I was recently doing a kind of like forensics course and just like an intro to working in a SoC kind of thing is that it’s so contextual. Are you doing financial fraud forensics where you’re tracking business email compromise or are you working on mobile phone forensics for like federal police? And those two things are vastly different, and the technical skills are vastly different in both those things, because one of them is email forensics, in the sense of a corporate entity.
And then one is mobile phone forensics, which is then super varied depending on which mobile device you have. And usually, you have access to really expensive tools that does the collection for you and then usually puts it into—like, analysts will still need to understand what’s happening—but it puts it into a nice format for analysts to then review it in bulk. So, I think that’s why it’s so hard to get something that’s good and teaches the forensics mindset. And I think we’ve spoken about this before, but that just kind of comes with experience. It’s very hard to teach that.
Si: I think one of the issues with forensics is that it’s seen, and not wrongly so, but it’s seen as a technical skill. There’s a huge amount of technical skill in it, but actually, the investigative mindset and the fundamental logical understandings that are required in order to get to… and there’s a fair degree of writing skill involved as well when you’re reporting. I mean, we’ve talked about this probably online, but certainly offline.
Desi: I think it was mostly this week we were discussing a report writing.
Si: And you know, the amount of times I’ve got my head in my hands at the spelling mistakes and the grammatical errors and the… and you know to my mind—I’m dyslexic— I have to run everything through a spell checker and you know, I do that. <laugh> Because I think it’s unacceptable at the level that we’re operating at to report with spelling mistakes in it.
To see stuff coming to me that is riddled with spelling mistakes. Logical fallacies are terrible. It’s one of the lessons I give to my students is—there’s a couple of fantastic sites I’ll link to one later—on logical fallacies. Because, all X equals Y is not the same as, all Y equals X. You know, there are some very important, simple chains that you’ve got understand.
So I think the trouble with a lot of the technical stuff that you see online is that they don’t address the soft skills and the hard logical skills that are required around forensics as opposed to just: Oh yeah, here’s an artifact. You know, how did it get there? Well, okay, that’s one way it could have gotten there. What about other ways? Are you going to consider other scientific potential operations? What’s your hypothesis? What’s your scientific method?
Like you were saying, you know, what’s the methodology that you’re working with to get to this scientific conclusion? And again, I’ve been off Twitter for a few days because it was just driving me around the bloody bend. But there was a guy on there who was…he’s upset a hell of a lot of the security industry for various assorted reasons.
I’m not going to name him, because everybody who’s listening to this who knows him, knows who I’m talking about. But he was like: Oh, you know, there’s no probability in forensics. I was like: I’m sorry, what? There’s a higher probability that this evidence may have gotten there one way or another, but it’s not… you know, anything could have two explanations as to how that data got there.
You know, and one of those explanations is always somebody with a great deal of skill came along and planted that evidence. Now the probability of that may be very negligibly low. But to say that there’s no probability is a fundamentally wrong statement.
Si: But as opposed to going: Yeah, I see what you’re talking about. This guy’s doubled down on it and has… anyway he’s upset a load of people. But that’s the thing. There’s more to it than this solid technical background. And that’s not what I find available on online because of the technical focus and that I think it’s more important in forensics than necessarily in other areas.
Desi: Yeah. And I agree with that. Like the course that I was recently doing had a certification component at the end and they kind of skipped over… like they talked about report writing and then right at the end they’re like: Oh, while you’re doing the assessment, like make sure you, you create a timeline. But they didn’t really discuss the importance of the timeline and why you have it. And it’s not just because you are tracking evidence through a system and understanding how it goes.
The timeline gives you a visualization of what the person on the other end was doing. Because if you see events happening and there’s either too short a time between them or one happens before the other, you need to visualize what that person was doing at the keyboard. Because a human is only capable of doing stuff so fast.
So, if something is really quick, then potentially that was a script and it was automated and then you need to have the evidence to say that. But, if it’s not in the user space of kind of artifacts, then you need to explain why it happened so quickly.
And you might…a lot of the times you find stuff and it goes into your investigative timeline where you know that it’s connected because it’s linked with the say the user account that you’re tracking, but you can’t conclusively say why it was there. And then when you are presenting your report at the end and I generally don’t deal in digital forensics, I deal in instant response, which doesn’t have to go to a court of law.
Si: Yeah. Yeah.
Desi: But I can only present the facts as I know them to be absolutely true.
Desi: So, I can’t present a timeline that has all these entries in it and then someone go: Oh, what was this? And I’m just like, I don’t know. But it was attached to this user account. I have to go: Well, this user was in this box at this time, they opened this file. Like I’m only presenting the facts when I know exactly what that person is physically doing. Because otherwise it muddies the waters and that’s another communication piece, right? If I’m presenting all this technical evidence, the layperson who doesn’t know what the artifacts are, that’ll just confuse them, and it won’t get the actual point across.
Si: Yeah. I’ve got a case I’m working on at the moment and I’ve actually gone out bought time-lining software. I’ll put a link in of what it is that I bought. I’m not in any way promoting this again. And, in fact I’m not even recommending this. It’s just happens to be the one that I found that I think looks the best but haven’t even used it properly yet, but I’ve bought it anyway.
It was not that expensive. So, it’s there. But this case involves a laptop. And it’s a very, very historical case. It’s Windows XP, it dates back to 2007 or something. But the thing is, is that the laptop had been left in the storage for a long time, was taken out and then was turned on.
But of course all of the dual batteries had died on and it’s gone completely flat. So there’s a whole bunch of activity that appears to have happened sometime in 2005 when the dual battery basically reset to whatever its default state was. And trying to figure out what activity has happened recently from a rebooted machine that now thinks it exists before the original installation of the Windows operating system on it, is a nightmare. It really is.
Desi: That’s interesting.
Si: I’m getting some fairly long lists of files that… you know file times, trying to reconstruct a vague guess at when something may have actually really happened versus when, you know what it says it…
Desi: It would be super interesting to look at the MFT of that and see it happen… because that like never happens. When it’s resetting its own time.
Si: Yeah. It wasn’t connected, it didn’t sort of automatically connect to a network. It didn’t do any of those things. It was just literally turned on and then somebody used it for a bit.
Desi: So, you’d have files existing before the MFT was created?
Desi: Or you’d have like MFT created than that and then you’d have like some other system stuff happening.
Si: Yeah, I’m about two days into it. I mean, it’s just been setting up and indexing it and all. But I can already see that this is going to be… but then, you know, this is great and I’m going to present… I’ll come up with hopefully a working concept of how it’s all done. And then I have to present that. You know, I’ve got to explain to someone that okay, these files that have this date probably happened over here somewhere, or at least somebody says that this is what has happened and therefore I have no reason to doubt because it, they sure as hell weren’t created before the laptop was manufactured. So, it’s going to be quite entertaining.
Si: But again, you’re talking, I don’t know what the outcome of it will be yet as to the other evidence in there. But this sort of stuff just introduces reasonable doubt before you even start. You know, it’s like if you can’t tell when the file is created… so this is really where it’s going to come down to. In all probability, this is what has happened. I wasn’t there, I haven’t had my eyes on this laptop for the duration of its life, you know? I can’t honestly tell you a hundred percent that this is the case, but this is what I honestly believe is the probable train of events. But yeah, no, it’s all good. So, I’m going to learn Python then I think. I think that’s the outcome of…<laugh>. Yeah.
Desi: Yeah. Udemy’s a good platform. It has some like… don’t get me wrong, I’ve done some shit courses that I’ve paid $10 for on Udemy before, but because I guess it’s just a delivery platform so it comes….
Si: I have a vague feeling I must have an account on it actually. Let’s see if I can remember what it is.
Desi: Yeah. But it comes down to the content delivery people who are doing it I guess. So
Si: Yeah, no, it won’t be there.
Desi: But the other thing that we wanted to talk about, which has been in the news a lot is I guess….
Si: Shit, I do have an account, <laugh>
Desi: I actually got my little flipper, which is now banned in the US.
Si: It’s banned in a few places. They are hang on, let me have a look. We’ve been bouncing the links backwards and forwards.
Desi: Yeah, it was funny because I’ve been waiting for mine to come for ages because I had to set up a little like visual ping thing to tell me when it was back in stock because they always sell out really quick. And then…
Si: Oh, so Amazon has banned the sale of it because it is a hacking device allegedly. Well…
Desi: That’s only in some countries because I got mine from Amazon, like, while the ban was happening.
Si: Ah, okay. Interesting.
Desi: I think it’s still country specific. And in Australia it’s not. But it was interesting because we were throwing the links back and forth and I watched like a YouTube video kind of covering it and they showed that all the functionalities that you have in this thing, you can still buy on Amazon in those countries or you can make yourself, because the chips have been available since like 2007. Or you could also buy from for slightly more money more capability that is potentially illegal. But they sell it as like a research device I guess. I guess the end point was that it was so versatile having this because even though it’s not super powerful, you can do a lot with it, and you can buy like… I bought like the Dev Board with the Wi-Fi in it and that…
Si: Ah, good. I was looking at that the other day. I didn’t buy one because… I actually did it on the original Kickstarter campaign. I got it through that. And the Dev Board didn’t exist back then to order.
Desi: I’ve seen people just like plug in… because it’s just got the openings in the top. But I’ve seen people just plug this into breadboards with stuff that they’ve made with chips from, I don’t know what you guys have over there, but like Jaycar is like an electronic store.
Si: Yeah. We used to have a company called Maplin but they don’t do it anymore. RS Electronics is the online. I tend to buy not Flipper stuff, but there’s two companies. One’s called the Pi Hut and the other one’s Pimoroni, again links in the show notes, but they’re the UK suppliers for all sorts of Pi Arduino, a single ball, computer experimental kind of things. So, I tend to buy my stuff from them.
Desi: Yeah, I recently bought—I’ll put the Australian one in the show notes— but I bought the one that’s the keyboard that they’ve just stuffed a Raspberry Pi and the keyboard. And because I’ve got my home gym, I have a TV in there and I use that to put my programming up on. But it was such a space saver to just have like an easy small computer that has Wi-Fi. Because I also stream YouTube in there to listen to music. And it was so good because it was a keyboard that comes with a USB mouse that you plug into it and then you just run the HMI to the TV. So, like I could have made it cheaper, but I didn’t have to…
Si: It really is the spiritual successor to the old sort of BBC micro, which is what it was intending to be, which was a single device that you just plugged into your tele and then got on with it.
Si: Are you guys having the same supply issues that we are? We can’t get a Raspberry PI 4, for love nor money here.
Desi: Yeah, it took… I think that one I ordered, and it was on back order for a while. And then they must have just had a restock, but the keyboard doesn’t have the latest version of the Pi in it, so it was a little bit easier to get, I think.
Si: Yeah, I’ve got one Raspberry Pi 4 which is actually running… Well Pi-hole for a start, if you haven’t come across Pi-hole that is definitely worth learning about. And the other thing I got it running a wire guard VPN as well for, for dialing back into the house when I’m out. So yeah, they’re fantastic little bits. And the Raspberry Pi is so powerful now, the 4, it’s absolutely nuts.
Desi: Oh, you see some of the like home brew projects on YouTube where they’re like putting them in parallel to do like crypto mining and stuff, it’s absolutely nuts. And then people are 3D printing like containers for them as well.
Desi: Looks so cool. Something that I’d say I’d do, and I’d put it on my project list and never get done.
Si: Have you got 3D printer?
Si: Ah, yeah..
Desi: It’s on my buy list for projects, but I know if I get it I’m just going to do like two projects and then it’ll sit there.
Si: Yeah. That’s pretty much what happened to mine. <laugh>. So that’s fair but it is…
Desi: I need to finish all the courses that I’ve bought first Si before I jump on the bandwagon of building things.
Si: So I printed, I don’t know, half a dozen little stupid things, like a little Totoro models for my daughter, from the animation. And then I was chatting to my neighbor months ago and he needed a replacement piece for his shower door. And he was like: I can’t find one anywhere. I’m going to have to knock one up.
He’s an engineer in aerospace. A physical engineer, a mechanic-engineer type, as opposed to designing. So, he is very, very, very good with engines and all sorts of things. And so, he was hand manufacturing this thing. I said: Oh, do you want to borrow this? And he sort of took it away. I gave him a little sort of how-to card on Tinkercad or whatever the hell it was that I recommended. He went away, knocks up half a dozen shower screen adapters and printed them out and he’s more functional use out of it than I have. So, it’s like… <laugh>
Desi: Should have leased it out. That was your issue. You could of had a side business. I’m always super amazed at people who take like real parts and turn them into CAD drawings and then are able to design these things. It’s a real skill to have and it’s something that I didn’t…because I did partly mechanical when I was at Uni, and we had to do CAD projects. I used to hate it. Because you’re at uni, this was before I had like a decent computer at home, so using AutoCAD on Uni computers was like, you’d open the program, you wouldn’t even have anything in it. It’d be like half an hour to load. So, your two hour tuition would go by pretty quick. But yeah, I’m always amazed at watching people put stuff together and then go down and make their little projects. It’s amazing.
Si: Yeah. But he had a way better time than I did of doing it, so…
Si: But yeah, I mean, people knock out all sorts of stuff for the Raspberry Pi. They’re amazing little bits of kit, with all of those headers and like the headers on the flipper are pretty much identical. They’re numbered. You can write the code for them.
Desi: Well, they’re numbered, and they’ve got values next to them printed. Hang on, I’ll show you the little Wi-Fi board. It takes up all the headers.
Si: Have you flashed? I mean I plugged mine in and I hadn’t used it for ages actually. I hadn’t used it full stop. Oh wow. That is neat.
Desi: Yeah, it’s pretty big.
Si: I basically got it, I turned it on, I took a look at it when it arrived and then I put it in the project shelf <laugh> and there it stayed. Because we started talking about it. I pulled it out and went to the manuals and stuff now that are available and it was like: Connect to it using this, connect to it using that. And it’s like the firmware on this is so old that it wouldn’t talk to anything. I ended up doing a full basic recess and reflash of the firmware. So mine’s now currently the latest official firmware, but there are alternate firmwares. I’ve found out that opens up some more functionality. One of which is actually the radio stuff. Because in the UK…
Si: …you’re limited…you tell it where you are and then it limits your radio frequencies to that set. Whereas the other firmware will open its full range, so you can actually do more scanning than you would be able to otherwise. So, I might investigate that a bit further. But it neat. I was trying to get the cats to sit still long enough so I could scan the chip in the back of her neck, but she wouldn’t…
Desi: Oh yeah, because it does…
Si: It does that as well.
Desi: As long as the chip is of a certain type.
Desi: Otherwise it only gives you those cereal number I think.
Si: Well, there’s two…there’s a couple of bits of information apparently that they can do. One is temperature. I had no idea that it actually monitored the temperature of my cat. But yeah, there’s a serial number but then it links back to the various websites that you can use to look it up.
Si: So I was going to just double check to make sure that the vet’s information was all was all up to date. But like I say, I couldn’t get the cat to sit still long enough while I rubbed this device over the back of her neck. So, another time.
Desi: Oh, there we go. I can’t use it because apparently, I need an SD card. I just turned it on and went through the little intro menu. But it tells me that Youdial, the Cyber Dolphin, is happy and is on level one and then it tells me that I need an SD card, which I don’t have.
Si: Yeah. Yeah. A little micro–SD. Mine’s got a micro-SD in it now as well.
Desi: You know, the real reason I bought this was that I saw that it runs Doom.
Desi: Which is like…
Si: Everything, everything runs Doom.
Desi: Yeah. The tech nerds kind of… You don’t buy a piece of equipment unless you think that it’s going to potentially be able to run Doom.
Si: My favorite one I think, I’m pretty sure it must be a spoof, but was Doom running on the pregnancy test? Did you see that one?
Desi: Maybe, I think I might have seen a picture and it was just like technology these days or something. Which is really hilarious because I didn’t grow up playing Doom. I used to play Wolfenstein 3D, which I think was released just after that original Doom. Maybe it was, I don’t know, I’ll put the links for those…
Si: No, no. Doom was after. Wolfenstein 3D was the first—Here we go. Video games history lessons 1-0-1—No, Wolfenstein 3D was basically the start of the first-person shooter era.
Desi: I did watch a history video, I’ll have to dig it up again, but it was the first one with major appeal, but there were unsuccessful ones before it. And those companies now, I think one of them turned into what Bungie is today.
Si: Yeah, yeah.
Desi: And another one turned into potentially the precursor to Bethesda.
Si: I remember playing a 3D maze game, but it was kind of like the old sort of adventure games where basically you could go north, you could go to the polar coordinates, but there was no free movement within that. So, you went around the maze and that had 3D graphics.
Desi: I think the big thing with Wolfenstein was the fact that it rendered on the fly, and it had texture, which games before that didn’t have, which I think gave it more of a 3D feel than the prior games to it. Because walls were very…Like they tried to give perspective, but it was essentially the lines that you are looking at, whereas…
Si: Yeah. Yeah. As opposed to…
Desi: Wolfenstein was very textured, and they could kind of shade the distance.
Si: Yeah, then Doom gave you true three-dimensional play because…. In Wolfenstein you all still stayed on the same level. You’re moving horizontally in the X and Y axis, but there was no Z axis to work with. Whereas Doom gave you the Z axis as well. Yeah, I mean it’s all great good stuff. I remember all of that.
Which is funny because we had three-dimensional flight sims prior to that. So three-dimensional movement was a fairly well understood thing. I mean from Elite on… but then Wing Commander, was the first one that I really remember playing significantly. 3D movement. But yeah, Doom has been made to run on anything and everything. I think one of my favorite hacks was actually somebody figured out how to run Doom in Doom.
Desi: I saw someone—Again, I don’t know how true these things are—but I thought I saw someone run Doom on a fridge.
Si: Yeah. To be honest, having seen some of the specs of the hardware on fridges, that does not surprise me.
Desi: Oh, here we go. These will all be in the show notes, so people that want to like check out ranting at this point. What Doom was run on. Maybe we’ll just find like a YouTube video that covers all things that Doom can run on.
Si: Yeah. I’ve seen it running on printers. That was one of the earlier ones, to have it running on the little screens on printers. But yeah, Doom in Doom is hilarious. We digressed massively from what we were talking about but no. This is what happens when you sign up to a tech podcast. There you go.
Desi: Yeah. Episodes started out really well. <laugh> I just found another one. Doom running on a graphics calculator.
Si: Oh wow. That’s cool.
Desi: Doom running on a calculator powered by old potatoes. That’s like <laugh> next level from graphic calculator.
Si: I can say I…
Desi: I feel like Doom running on something is like, when you look up your Florida birthday news story, it’s just entertaining.
Desi: Like what you kind of search, like either one is going to be super entertaining.
Si: So yeah, I was going to say, there’s a couple of things actually. One, while we’re in the game space, just because we’re there. Have you seen the Golden Eye documentary?
Si: Right. Okay.
Desi: On like the game?
Si: On the game. Yeah. golden Eye Doc. Yeah. Golden Era 2022. That is excellent. That is really, really interesting.
Desi: Excellent legacy.
Si: I can say, I’ve now watched Tetris, the movie, which I know you’re going to avoid because of the…
Desi: I’ll watch it. It’s just Reddit advertisements have ruined it for me at this stage. I need to wait for it to die down.
Si: It was pretty good. It was pretty good. What was the other one? Oh, yeah, this was recommended to me on Twitter before I before I dropped off. Which we will debate whether I go back to or not, but this…
Desi: Yeah, I haven’t used Twitter for a long time. I submitted a call for speakers to a conference and they were like: What’s your Twitter handle? And I was like: I’m not putting that. I don’t even use it anymore. Racing the beam.
Si: Racing the beam, yeah. So this is about programming the original Atari video system. This is a pretty technical book, but it’s talking about how they coded the… in assembly, basically to use the… because it was still on the cathode ray tube. It was hard to do work when you were trying to draw the screen, but there’s a period of time between the bottom right-hand corner and the top left-hand corner while the photon beam is moved back up to the top.
Si: So that’s what they’re talking about: Racing the beam. It’s trying to get as much programming into that section as possible. And they’re sort of using the over scan spaces and stuff to get… because they need the processor to write to the screen and all the time they’re writing to the screen, they can’t be doing game calculations. So they’re fixing everything around that. And that got me sort of drifting off. This new book arrived this morning. So, the original sort of Z80. Or an original Z80 programming language assembly book. But it’s just fascinating. I’m so in awe of the people who did these amazing things with so little memory and processor power and…
Desi: Because this is kind of the stuff like… So I did mechatronics, which was programming on really memory limited, Like E-prom and that kind of stuff, on memory limited micro controllers. There is a few online courses. There’s also an assembly challenge course. I’ll find the notes and we’ll check those in the show links.
Si: Oh, cool.
Desi: If you are interested, if people are interested in learning like what these people were struggling with, even just trying to do basic things like multiplication on eight-bit processors, is insanely hard, because we take it for granted that we open our calculator up and we can multiply two numbers together. Back then sometimes…
Like I remember when I was first starting, you are so limited that you’re just like: Oh, you’ll just run it through a loop for the amount of times that you want to multiply the number by. But even that, you run out of space quite quickly. You’ve got to think each time you’re running through the loop, you’ve got to store that value that’s getting bigger somewhere in memory that you just don’t have.
Si: Yeah. I can say it is that and division. Division is a nightmare.
Desi: Yeah. Division. Division is way more complicated than you think it is when you first start, that’s for sure.
Si: I’m going to say there’s another one, if you haven’t seen it. You have Netflix, don’t you?
Si: Okay. Because this was, hopefully it still is… It’s called High Score and it works through various assorted different video games.
Desi: Oh. I think I started watching this, but I don’t think I finished it. It does like…Yes. I’ve definitely watched episode two, which is about Nintendo.
Si: Yeah, so you know, that I found quite fascinating. Yeah, so there’s a lot of fun to be had from the video game stuff. Because again, you know, where pornography pushed the advent of VHS and home cinema and stuff like that. Video gaming has massively pushed the boundaries. And it’s particularly now when you look at the graphics cards that are now used for crypto mining or the massively parallel processors that they used for the machine learning kind of stuff. All of this started off because Nvidia wanted to make a quick buck out of people wanting to play games faster.
So it does come round to us. And I’ll say that’s another piece of programming—looping back to the beginning–It’s another piece of programming that I have never managed to grasp is… I can do one thing linearly. How the heck do you decompose a problem so that it works across 50, a 100, 150 processors to do something. And I say this and, you know, my first job, I worked in a—not quite my first job, my second job—that was in computing, as opposed to selling sandwiches: A job that I have had previously. Was working for a company that did computational fluid dynamics.
So was modeling the movement of fluids and stuff through systems and they were decomposing these problems to run across multiprocessor systems, and they would…It is always the boundary issues because what they would do is they break it down so that each segment or each area was covered by a single processor.
But then it’s how do you get all of those sort of edge cases to match together and line up and pass data backwards and forwards across…So ironically, I’m probably not anymore, but I used to be quite good at setting up all of the backend Unix systems for communicating multiprocessor systems. How to program one I haven’t got clue. But, you know, set one up, I can do it. That wasn’t a problem. Building massive, what we call bear wolf clusters on Linux.
So basically commodity, just hardware, but just sort of link them all together and then you can run distributed jobs across them. I actually happen to think that might well be the future of forensics as we see large data sets. And I think when we do get our guest on next week, hopefully, although that will may well go out before this does, it’s the beautiful timelines of things. You know, he…
Desi: Show magic.
Si: Show magic. Yeah. He’s going to talk about large data set forensics and actually I think that given the size and complexity of some of the cases we’re starting to see, I think the only way we will be able to deal with it is to introduce larger processing clusters. I mean, nowadays you have a machine sitting on an examiner’s desk and it’s a big piece of equipment, but it’s a still, more or less, a single machine. I think we’ll see distributed networks of machines coming into play more.
Desi: Well I think it’s even similar to stuff like again, I don’t know where it’s coming out respect to this episode, but with Mackenzie from GitGuardian, they’re likely running a cluster of computers to process through the data in AWS or Azure are aware of it is, but they’re probably just like different EC2 instances of the machines running the same code to crunch through the data and then centralizing the metadata or the analysis of that to some central point to review. I’m not sure whether we’ve spoken to anyone about it, but even the forensics companies that are offering the cloud-based solutions at the moment, like they would be doing that in the backend for sure.
Si: Well, this will be interesting when we get the guest on, we will be having a conversation with somebody from Cellebrite with regard to their cloud solution called Guardian, at some point in the future hopefully. And it’ll be interesting to see what sort of consolidation they have from…
Desi: Yeah, for sure.
Si: …command points. So yeah, I think it’s cloud or distributed computing and cloud… or private cloud is another thing, isn’t it? Because it’s depending upon what the content of your analysis may or may not contain. But I think it’s a very exciting field to be in. You know, when you’ve been in the industry as long as I have, you sort of see these things come and go.
We used to have centralized computers that everybody connected to. And then we’ve gone out to distributed desktops and then we’ve got cloud, which everybody connects to and we’ll probably go through a phase of some sort of distribution again to the end nodes. And so we’re coming back into this consolidated phase at the moment and it’ll be interesting to see where forensics goes forward with that.
I think at the moment there’s a couple of people who seem to be pushing that idea a bit more. Sorry, it’s not FTK anymore. I forgot what they’re called. But they’re pushing it a cloud solution.
Desi: Yeah, and from my experience, like when you review customers networks and you see the vulnerabilities that they have, no matter what the technology is, it’s kind of foundational. And every company, every country, sorry, calls it a different thing when they’re reviewing it, but it’s like the essential aid or the top four kind of things. And it all stems from the fact that we never really do secure development in the life cycles.
Desi: So, the only hope is, like we need to embrace the technology that’s coming out. You just hope that we’ve learned our lessons after decades of mistakes, of making sure that the smart people who sit on both sides of the fence of security and usability in the engineering space, are doing as much as they can in the product and it could be hard because you could have a product that they don’t think it blows up, but maybe it does and heap of people start using it and then years later you find problems in the code because like there was never mitigating practice in place. Secure coding wasn’t a thought 30 years ago. Or if it was, it was very narrow minded because we’ve then jumped to… well that code that was meant to run on an endpoint within an environment is now running on an internet exposed device.
Si: Yeah. I think another interesting aspect and this sort of and again we’ll we will loop back neatly into what we were talking about earlier. Lots of people now don’t develop code from scratch and that’s perfectly acceptable. We build on libraries that are out there. But the trouble is…
Desi: There’s plenty of examples of those vulnerabilities in those libraries.
Si: In those libraries. And also, you know, for things like Python in particular, there’s been quite a lot of press regarding, first of all vulnerabilities and libraries just that exist because people are human and make mistakes and vulnerabilities exist. There have been examples of deliberately introduced vulnerabilities, well compromises, into libraries that sound remarkably like other libraries, so that if you accidentally call the wrong library, you end up with malware.
And then the third category, which is that actually people set code to auto update, and somebody had a hissy fit, and I don’t know enough about it to comment whether it was a reasonable hissy fit or not, but basically tanked their code. And it took out a whole bunch of people who were relying on it.
Desi: Was that, looping back into gaming, I think that was Final Fantasy 14 with the G shader. So, third party tools aren’t allowed for that game, but yeah, the guy like tanked his code and essentially… it was essentially ransomware what the guy was doing, but it didn’t really encrypt anything. It just like messed around the file.
Si: Yeah, it just stopped the code from working. Yeah, that was it. Yeah. Messed up a file.
Desi: We’ll put this in the show notes, but yeah, I was reading it… but yeah, essentially the dude had like a little bit of a hissy fit. Yeah, I’ll find a good writeup for that story and include it in the show notes. Yeah, that was interesting. And that’s another interesting point for like just general consumers. This was a free open source tool that wasn’t harming the gameplay or anything, but you’re relying on Devs, they’re making potentially no money.
If they decide… like you’re trusting them to install something on your computer, if they decide to install something malicious, like most of these programs run at administrator level that you’re opening up. So, like, I don’t do banking on my computer anymore. I only ever do it on my phone through the app. Just because I download a whole bunch of stuff for work through my computer or just like interesting things. Who knows what’s actually running on it?
Si: I was going to say, and you know, it’s not only the…open source is as fascinating field and you know, we’re slightly over the top of the hour. But it’s a fascinating field and one that I have a huge amount of time and belief in and time for and belief in. But I seem to recall that… I was just trying to find a link for it, but a few years back NTP, so the Network Time Protocol and some of the NTPD demons that basically the entire world relies on for making sure that time is synchronized across everything, was like being maintained by one guy, who ended up, I’m going to try and find this link. And I, I’m, I’m hope I’m not talking rubbish. Cause otherwise we’re gonna have to cut a lot out of this.
Desi: I do vaguely remember the story. Yeah.
Si: But essentially this guy was running it on his own, maintaining the software on his own and when he said: You know what, I’m sorry, I’m retiring or I’m not making any money after this. I don’t have time to do it. And everybody actually bricked themselves because you know… I think there was a crowd funding, I hope there was a crowd funding that gave him enough money to retire comfortably and just maintain this for the rest of his natural life.
But again, it’s terrifying that such a critical single piece of software is just being maintained by one person who if he falls under a bus we’re screwed. And above anything else, he’ll take the bloody keys to the repository with him, and we’ll have to get GitGuardian in to scrape him out…
Desi: <laugh> They’ve already got them. It’s all good.
Si: That’s fine. <laugh>. So yeah..
Desi: Yeah, if this episode comes out before that episode, that’ll be super confusing to all the listeners but just wait for the GitGuardian…Then you’ll…
Si: …get this episode.
Desi: Yeah. You’ll listen and you’ll be like: Ah, I can laugh along with Si and Desi.
Si: <laugh>. Oh, good stuff. Right, I think, we probably better call it a day.
Desi: I think so.
Si: Seeing as we’ve been blathering long enough, and Jamie will be having the fit. So… <laugh>.
Desi: I mean, look, if he wants to throw a fit, he’s more than welcome to come on the show and throw a fit and have some banter with us. So, until that happens Jamie…
Si: <laugh>. Yeah, that’s it. We determine the amount of banter that there is, yeah.
Desi: Don’t want to hear anything on Discord.
Si: That’s it. <laugh>. Good stuff. All right, cool. Well, it’s a pleasure as always. You take care until we speak again. We will be chatting with some more guests soon. But in the meantime, a huge amount of links will be going into the show notes for this one, because we’ve had some fun. Forensic Focus forums are there for your delectation and enjoyment as are past back issues of the podcast, which you can also find on Spotify Apple Podcasts. I don’t even know what it’s called. Yeah, Apple Podcasts. Google, YouTube.. Yeah, we’re everywhere. You can’t get away from us. We’re working up to our Netflix show. We’ll get there
Desi: <laugh>And at least they’re going to fly somewhere. That’ll be interesting.
Si: Oh, forensics. What would make good alliteration with forensics?
Desi: I don’t know. I feel like we should do a who-done-it murder mystery, but with digital forensics.
Si: I’m vaguely contemplating writing one at some point, you know…
Desi: There we go. You write it, we’ll pitch it, it’ll be on a show.
Si: That’s it. That’s it. But the only trouble is, it won’t be as exciting as CSI Cyber because it’ll actually have to be based in reality if I’m writing it. So, we’ll go from there. Anyway….
Desi: I’m sure you can fit in a scene where there’s like you programming on the keyboard and then you’re like: I need some help. And I come in on the same keyboard…
Si: Hands across.
Desi: Because you can like do forensics faster in that way with two people on one keyboard.
Si: Absolutely. That’s the way it works. And solve this cloud computing and distributed stuff. No, it’s just two people on the same keyboard.
Si: <laugh>. All right, mate. You take care and…
Desi: You too.
Si: I’ll talk to you soon.
Desi: Catch you everyone.
Si: Cheers. Bye.