Project LOCARD’s Pablo Lopez Aguilar on Digital Evidence Management Using the Blockchain of Custody

Christa Miller: Could blockchain technology be the answer to challenges with data volumes and sharing evidence and cross-border prosecutions? Welcome back to the Forensic Focus Podcast. I’m Christa Miller here with my co-host Si Biles, and today we’re talking to Pablo López-Aguilar Beltrán, Head of Cybersecurity at the Anti-Phishing Working Group about Project LOCARD, a three-year European Union project working to answer that question. Welcome, Pablo.

Pablo: Hi, Christa. It’s a big pleasure to be here, so thank you very much for your candid invitation.

Christa: Absolutely, I, sorry, go ahead.

Pablo: No, no, it’s fine.

Get The Latest DFIR News

Join the Forensic Focus newsletter for the best DFIR articles in your inbox every month.

Unsubscribe any time. We respect your privacy - read our privacy policy.

Christa: No, I was going to say I’ve been following Project LOCARD almost since it began, so I’m really excited to have you here and learning more about it. So let’s start with a little bit about you and your organization. What is the Anti-Phishing Working Group and in particular its interest in a platform like Project LOCARD?

Pablo: Okay. So yeah, the Anti-Phishing Working Group is a non-profit organization that was founded in 2003 when phishing started to be around. And it’s an American non-profit. As you can see, I’m not the one that is coming from the States. I’m from Spain and well, one headquarter is in the United States and we have another headquarter that is based in Europe, more precisely in Barcelona.

And we are providing different service equity solutions. On the one hand, we have a platform, we have a tool where we share all malicious data, so all the partners that are part of the Anti-Phishing Working Group are sharing data, malicious IPs, malicious exchanges, malicious data in the same database. So we share all this information and this information is then used in the services of the companies in order to provide better security solutions.

So for example, anti-viruses are using our malicious data to provide their services and these kinds of companies are using our data. This on the one hand, and then on the other hand, we are also very focused on research. That means that we are always trying to find applications for new technologies.

In this case, we are doing research in this project that is called LOCARD that aims to use blockchain to increase cybersecurity and to facilitate exchange of data among different countries. So we are doing, on the one hand, research and on the other hand, we are using this malicious data that is being used by all the big players in the cybersecurity field.

Christa: Yeah. How did you personally get involved with the project?

Pablo: You know, I’m coming from the research area and there is sometimes a gap between research and the real applications. So when you are talking about blockchain there is a very nice world, but besides cryptos, I think that we can also find good applications for these new technologies.

What’s new is the technology that was invented by a guy that was called Satoshi Nakamoto, it is not true, because Satoshi is a pseudonym, but it was invented in 2009, so that means that it is not that new. But I think that we can, besides cryptos, I think there are quite interesting applications that can be used to improve things in the world, in the cybersecurity area, in this case.

So blockchain can be used in more particular applications to improve how we are doing things. So we are using blockchain for this project, but also matching learning for other projects. So it’s trying to bridge the gap between research and the industry.

Si: So is your background in blockchain and then you are coming to phishing with that, or is your background in phishing and you are going to blockchain with that?

Pablo: Good question. My background is in cybersecurity from a generic perspective. I mean, trying to find applications to increase cyber resilience. So one of the technologies that I’m interested in applying to improve cybersecurity is blockchain, but I’m not an expert in blockchain.

And that means that I’ve not been working in blockchain for 10 years, but I’m more focused on the research in phishing and cybersecurity attacks and try to find out how these technologies could improve our defenses against several attacks. So maybe today we are talking about blockchain, but maybe another day we can talk about AI or IoT or these kind of things.

Christa: So, at a high level, Project LOCARD is as you’ve been saying, about using blockchain technology to manage the chain of evidence specifically in cross-border investigative collaborations, how did that idea first come about and what made the blockchain appealing for this purpose?

Pablo: Yeah. You know, at the beginning of the project, we need to understand, what is the need to use blockchain? And we need to understand the context. So maybe in the United States, it’s something similar, but in Europe, at least, as you know, we have the European Commission, right? That is a supranational institution that is controlling everything in the EU member states, right?

So we have a common, it’s not a common regulation, but we have common rules that all the member states have to follow. So I think that blockchain can be, so the context about this project, the need of this project is that also we have the European Commission that is trying to regulate in the same way to all the member states the reality, the truth that all the member states have many disparities. There is a clear lack of regulation on how data is exchanged among the different institutions.

From two sides: on the one hand, because they’re using different tools. So even in the same country, here, for example, in Spain, when I go to law enforcement and I ask them about the tools that they are using to exchange data among different bodies in Spain, they are using different tools.

So then you go to the European Union, to the other states and they are using other different tools. So in terms of technical things and technical tools, everyone is using different tools. This is on the one hand.

And then from a legal context, we have legal mechanisms that aim to facilitate how we exchange data, but they are very different. On the one hand, for example, we have the European Investigation Order that was introduced by the directive 2014/41. So that means that a country needs to trust another country before exchanging data.

So not all the countries are following the European Investigation Order. It’s based on the principle of mutual exchange. So that means that one country has to trust the other country before sharing information. And then we have the Mutual Legal Assistance Treaty and all the countries that have been admitted to this treaty have common rules to exchange state.

And of course we also have, from a legal perspective, the Budapest Convention. This is not from a European perspective, but more from a global perspective, that means that the Council of Europe is doing a great job, I have to say, that is trying to put everyone under the same rules under the same ontology.

So the problem is that on the one hand, we have different tools from a technical perspective, and on the other hand, the regulations are very different. We have the European Investigation Order, we have the Mutual Legal Assistance Treaty, we have the Budapest Convention. So there are many mechanisms, but we are not following the same ones in the member states.

So that’s why we created LOCARD that aims to standardize the way we exchange data among different countries. Not only in Europe, maybe in the United States, we can also try to find because you also have federal regulations, but we have also stated regulations, right? That means that I think it can also be applied to something similar there, right?

So there is a common platform that is trying to standardize the way digital evidence is handled from the collection of the evidence, to the reporting of the evidence in a court of justice. So the idea is to foster the use of this platform in all law enforcement agencies and that everyone involved in the investigation can have access to the piece of evidence that is in the blockchain.

Si: So, I mean, this is clearly a large project for a very large and disparate data set. Blockchain itself is not particularly good at containing data. It’s good at containing hashes, it’s good at containing some metadata, but actually, so, the blockchain is just one component of your larger project, then, is that right?

Pablo: It’s totally right. It’s absolutely right. So we have blockchain, yeah, go on.

Si: So are you building on other existing open standards for forensic exchange or data exchange, or are you coming up with new but agreed standards for doing this?

Pablo: Okay. I will answer in two parts, okay? The very first part is that I totally agree with you. Blockchain is not good at storing information, but hashes. So the thing is that what we do is with the blockchain, we put the hash of the piece of information.

So that means that for example, in Europe, we care about the GDPR and the right to be forgotten, for example, people have the right to be forgotten in blockchain because we are not storing the information, but we are storing the hash of this information.

So, if the victim of the suspect wants to remove some kind of information, we will remove the information because it’s not going to be in the blockchain, but the hash linked to the information is going to be in the blockchain.

So then, the main goal of the blockchain in our case is to quarantine the chain of custody of the hash. So it’s a distributed system where everyone can access the system, everyone that is allowed to access the system, so everyone can access the system and see what has happened with this hash.

This, on the one hand, we are building a standard in LOCARD that is based in ISO standards, ISO 27, 37, 42, 43, but we are building our own standard that is being drafted, and it is being drafted with ISO. But it takes time, it is going to take probably two or three years, we would see, but the standard is ongoing.

Si: Okay. So do you see the end result of the project being a repository of data in and of itself that everybody can access, or do you see it as that standard, I mean, the blockchain, so obviously that’s not to do with you necessarily, but that other people would then come along and write interfaces too that, you know, FTK will (he says, picking on a random forensic provider) that they will integrate with your protocols and that the providers will be the ones that come up with the software, or do you see yourselves as that centralized repository that people would come to?

Pablo: You’re coming from the technical side, right? Because you understand very well what this is about.

Si: Yeah.

Pablo: I see your questions.

Si: I’m very interested.

Christa: As opposed to high level journalism me.

Pablo: No, no, I like your questions. Well, okay. So, LOCARD is providing also, let’s say, a pool of tools. So we are developing tools to facilitate the handling of the digital evidence. So we have specific tools, but also what we are doing is we are providing a platform. So we have the tools and then the platform that is going to quarantine enough custody with blockchain.

So what we are doing, and we have already a minimum valuable product, an MVP, with a real company that they have integrated their products into our platform in order to quarantine the chain of custody with blockchain. So we have both things; we have the tools, so we can also add more tools if other developers are willing to develop more tools, but also we can have the option to integrate other solutions into our platform.

Si: That’s brilliant.

Christa: Yeah, I’m sitting here thinking of another interview that I did not so long ago with Project Hansken in the Netherlands, because it sounds a little bit similar, but not as similar just because I think that’s meant more to be like an artifact repository than a…

Pablo: It can be a repository, but if it’s a repository, it is going to be a repository of tools. But there are very good companies that are providing very good tools. Here, maybe in my opinion, that’s my opinion, the added value for LOCARD, besides the tools is the fact that you are using a common platform where everyone has access. Not only me; judges, everyone that is involved in investigation, without the need to move anywhere.

I mean, you have the blockchain there, that this is for that. So without the need to go to a specific country across a specific place, you have the piece of evidence that is in the blockchain. So this is for me, the other value of LOCARD. So our competitors are not the tools, but our competitors are the ones who are also providing platforms to quarantine the chain of custody.

Christa: I want to jump back. You have been talking about some of the legal and regulatory issues, and I want to focus specifically on, there’s a part of the paper that you co-authored on cross-border criminal investigations and digital evidence that raised the issue of complex rules for mutual admissibility of evidence that may not be able to be realized.

And I think the context of that particular statement was the European Public Prosecutor’s Office particularly, but there was also this sentence that caught my eye in the paper that I’m going to quote:

“There is still a long road ahead to achieve the proper alignment between the required protocols enabling cross-border prosecution; the underlying evidence management systems from a practical perspective; and other legal, ethical, and procedural aspects that are continuously evolving to be on track with the current state of practice,”

which I think is, you know, what we’ve been talking about today. Are you concerned that the technology could outpace those current efforts, and even if not, how should prosecutors prepare in the interim to deal with admissibility challenges?

Pablo: That’s a very good question, and a difficult question to answer, because it’s like, to bring a solution for the problem in Europe, you know? From legal problems in Europe. So there are a ton of disparities in regulations in Europe. So the commission is trying to fight very hard to build a common framework, but the problem in Europe with so many countries is that even though we have the commission, there are many disparities, right?

So the problem is that the criteria to understand what is digital evidence in a court of justice is different in the different member states. So not everyone understands the same thing as digital evidence in a court. So, what we can do is try to build the standard, so the standard is going to help us because you see that everyone has to follow the same rules because we have a standard.

So if everyone follows the same rules because of this standard, then I think that all the legal actors that are on this side, they need to find a common framework to understand what is digital evidence or what is foolproof digital evidence in the different member states.

So what is very challenging in this case is to find a common criterion to understand what is foolproof this evidence in the different member states. And this is very challenging because you need to put everyone under the same umbrella and under the same rules. Even with the same ontology. I have to say that LOCARD is using a common ontology where we have many projects that have been adhered to this ontology that is called CASE.

Christa: Oh, yes, I’m familiar with CASE.

Pablo: That’s a starting point in order to speak the same language when we are sharing data. So LOCARD is going to use CASE to facilitate the sharing and to facilitate the understanding point of the forensic field.

But also, there’s a problem here that the degree, I’m not going to tell any country, but it’s so that the degree of knowledge of the people that are dealing with digital evidence is different in the different countries. So not everyone is prepared or has the same understanding in the different countries. So we need also to standardize the degree of knowledge in the different countries when we are funding these directives.

Christa: Which I think would involve some degree of training, correct? That you’re, and I know the platform has been working on that this year.

Pablo: Yeah. There are some projects that are quite interesting that are aiming to provide some common training to different countries in order to put everyone in the same degree of knowledge.

Christa: Yeah. So I know with blockchain, I think when a lot of people hear the word the first thing that they might jump to is security. How have you addressed questions or concerns around data security, especially with regards to sensitive evidentiary data as you’ve been moving along on the project?

Pablo: How do we address those concerns about security?

Si: Yeah. So, I mean, I think to elaborate from my side, I mean, I obviously, if you’re only storing hashes, well, if you are only storing hashes, then a hash is a hash. But I mean, I would assume that you’re putting some additional metadata up there as well along with the hash so that you can find it and reference it.

Pablo: Of course. Yeah.

So obviously you’ve got your confidentiality and integrity issue, well, not integrity, confidentiality issues there. But actually I think my concern would be, you know, obviously your background and the sponsoring organization is interested in phishing.

Is there a risk of, you know, putting hashes of evidence in a publicly accessible place that allows people who are carrying out, say, phishing attacks to deliberately obfuscate their attacks so that they’re not matching hashes that they know exist?

Pablo: Of course, there’s a probability to be hacked and yeah, and they can see information and they can write hashes that are not the real one. First of all, let me say that we are not using, of course we are using a public technology that is called Hyperledger Fabric. So not everyone is having access to the blockchain. Only those actors who have the profile to work on the specific investigation.

Si: So it’s a private blockchain?

Pablo: It’s a private blockchain, it’s an open-source blockchain, but you have different subsets of members that have different access to admissions to access specific types of information. So that’s the idea behind that.

Of course you can have these problems, but in the platform during the development of the project, we have been doing a lot of pen testing in the platform trying to see if we can break the platform, assess the vulnerabilities of the platform and try of course to patch these vulnerabilities.

So from our side, there has been a lot of work trying to find vulnerabilities and avoid them in the future. Of course, we can never know, you know, but yes, we have been doing a lot of work in this sense.

Si: I’m going to say that gets rid of one of my questions, which was, if you’re using the public blockchain, who’s paying for it? Because obviously in the public, you would’ve had to pay for every every storage of data in some way, shape, or form. And then your private blockchain, the cost of a transaction is negligible because it’s not a public thing, so that gets rid of that question.

But okay. So, I mean, of your partners then who are participating in this, I mean, the good thing about the public blockchain is that that blockchain is then distributed amongst all of its users. So were all of your partners picking up a copy of this blockchain for that distributed protection, that non-repudiation kind of aspect of it?

Pablo: So, let me state here that the platform that we are building is not a final product. It is a TR7. So that means that we are doing an MVP. So we are providing something real for the public, but we need, let’s say, to perform more research in order to build a final product.

However, what we have to do is that the blockchain is being done and there is a specific, so not all the partners involved in the development of the platform are not going to be involved on the data that is going to be found in this platform. So we have three law enforcement agencies that already have access to the platform and have to care about the data that is in the platform.

So the backups and everything that it aims to guarantee that the information is not going to be removed or lost, or these kinds of things are the ones who are dealing with the platform daily, who are the development agents. So now we have the Hellenic Police, the Romanian Police and we have the Bulgarian Police that are already using the platform.

So now the idea is to try to find a relevant player that sees the potential of this technology and is willing to foster the use of this technology of the platform among other relevant parties, among other relevant law enforcement agencies.

Si: Have you got much interest in it from other parts, I mean, obviously you’ve partnered with three law enforcement agencies, but, you know, you don’t live in an isolated bubble and you’ve been to conferences and written papers. Are you getting interest from other law enforcement agencies?

Pablo: That’s a very good point. Yes, that’s a thing. I mean, so the investigation or these kinds of things have different players, right, with different, let’s say, backgrounds. We have players with legal backgrounds, players with technical backgrounds, players with research backgrounds, because blockchain has some problems in terms of scalability as we know and these kinds of things.

So the people that are very interested in the results of the projects have a very large profile. For example, we have the Council of Europe that is promoting the Budapest Convention. So they’re very interested in knowing the results, or having more information about the local results.

So we have on the one hand public institutions, the Council of Europe, also we have Eurojust, in the paper that Christa has mentioned before we have been collaborating with Eurojust. They gave us very good information about the legal context in Europe.

So legal bodies in Europe such as Eurojust, the Council of Europe and other legal bodies in specific countries are very interested because they really want to improve how things are built nowadays. And also we have law enforcement agencies besides the ones that we have in the construction that are really willing to use the platform and at least to test it.

So what we need to find is a very specific actor that wants to further exploit the platform and maybe foster the use of the platform after the end of the project. So, “We will deliver this platform. Hey guys, this is for you. We have a platform, this is working, fully working. Now use it in your real life.”

And then we will see if these people are — because, you know, then you have bureaucracy, and bureaucracy can be quite slow. So we have the technology that is ready, we have the platform that is ready, now we need to see if the bureaucracy allows us to foster the implementation of the platform.

Si: Yeah, absolutely.

Christa: So what do you anticipate for the continued rollout? Do you think it’s going to be in use mainly by teams that are already dedicated to cross-border investigations like child exploitation and human trafficking, or will it be available to anybody who wants to sign on?

Pablo: I think it can be available to anybody who wants to sign on. I mean, I had some information from Eurojust precisely that says that 85% of crime is going to be digital crime. So the use of this kind of technology, I mean, sure, maybe it’s not local, maybe yes, hopefully, yes, of course.

But I’m sure that we need to go to this kind of technology that is going to provide more efficient ways to handle data and fight cyber crime, because, you know, cyber crime is much faster than regulation. These guys are, you know, it’s very difficult when you have some kind of attacks everywhere in the world, it is very unlikely that you will not find the guy who had done this attack, you know?

So several crimes are going much faster than regulations. So we need to try to implement these kinds of new technologies, these new publications in order to be at least more efficient when we are fighting against criminals, because everything is digital right now.

Christa: Yeah. Yeah.

Pablo: So if we don’t promote the use of this kind of tools, I think they will win the war. They are already willing the war, but even more in the future.

Christa: So, as Project LOCARD nears the end of its development, I think it’s in its third year, you’ve got the end-user teams you mentioned that are assessing various aspects of the platform and the tools. What kind of feedback are you getting about it currently?

Pablo: Yeah, the feedback that we have is that as I said before, it’s a very useful tool. The fear of the people that are using the tool, so the end users of the platform who are law enforcement, as I said before, but also can be judges, the fear of the people that are willing to use the tool is that the bureaucracy to implement this platform in a real case.

So, for example, if I go to the police, they will tell me, “I love this platform, but to use it in real cases, this is going to take a lot of time because of the bureaucracy, because it has to have legal validity in the country.” So some kind of ministry has to give you permission or access to use the platform and provide you with legal ability to use the platform.

So this is the product, the bureaucracy that is going very, very slow, and this is the main fear of the leaders that we are finding right now.

Si: I can say it’s so funny, isn’t it? Because at the moment we verify our evidence by hashes that we write in documents and share with each other without actually having any proper verification of them. Whereas if you’re putting them into the blockchain, you’re actually getting a much better level of control and history over those hashes.

The irony that we’re having to persuade people that this is admissible when it’s actually a way better solution than the one we’re currently using is palpable. So yeah, no, it’s a funny uphill battle trying to persuade courts that, you know, this is actually a better idea than what we’ve currently got when they’ve only just managed to grasp what we’ve currently got.

Pablo: Yeah, I agree with you. And in fact, there is also a gap between the technical background of judges. I mean, I don’t say I’m not saying that they have to be experts in technical things and in blockchain, but at least they need to understand what we are doing or what the platform is doing.

So I believe that we need to give more technical training to judges in order to make them understand what blockchain means, what is the value of blockchain and these kinds of things, but they don’t know anything about this technology, so they don’t know what an IP address is, you know? So yeah, that’s a problem also.

Si: That’s the starting problem. Yeah.

Pablo: Yeah. So we need to bridge the gap between also judges and the technical people who are dealing with forensics.

Christa: I’m just sitting here thinking, it’s almost a generational thing at that point that there are young attorneys now that are going to end up someday being judges, but until we get to that point, you know, there may continue to be that gap.

Pablo: That’s a very interesting debate, eh, Christa, I think.

Christa: Absolutely, yeah.

Pablo: Because maybe in their careers, when they’re doing their other degrees, even though it is not a technical degree, maybe we need to train them at least on the basics of technology, you know, because they will deal with it every day, because we are going to a digital life. Everything is going to be digital, so maybe these people need to understand what is involved in this situation.

Si: I’m going to say, it’s interesting. My daughter did a law degree two years ago now, three years ago now, and there was no discussion of digital evidence in there whatsoever. You know, she hasn’t specialized as a barrister or a solicitor or anything, but, you know, just a foundation law degree doesn’t really cover anything to do with digital evidence. They’re still talking about some of, you know, basic contracts and taught and you know, liability law because it’s such a large field.

Christa: I was going to say they still need that foundation of the law to apply to the digital technology.

Si: But what they’re lacking is, you know, somebody’s come in and have these conversations for, I don’t know, maybe even three or four lectures about the concepts of digital evidence, versus, you know, evidence handling as a whole, because they’re different things. You know, the blood spatter is one thing and the digital thing is another.

So I think there is that tangent I was talking about earlier. I think this is something that we do need to consider going forward, but, I mean, I think you’re right. I think barristers, young barristers, young solicitors, young professionals are seeing more of these cases. And thus in 20 years time when they are sitting as judges, then there will be a better understanding of it.

Pablo: So that’s a good way. Maybe here we can start promoting the use of these kinds of concepts in these degrees. I’m sure that people in 20 years, if they have a good understanding of what digital evidence means or forensics, in these kinds of things, I’m sure that we will avoid many problems in the future, I’m sure.

So there is a gap in the sense here right now, maybe, of course, as you said, Christa, because of the different ages of people that are dealing with this, right? Because judges, they used to be older, maybe, I don’t know, but yes, I think we need to bridge this gap and to try to start making training adapted to these profiles.

Christa: Well, and I think Si’s point about doing it in law school is interesting as well because I’ve been doing some research here in the US and I’m heading right down the same rabbit trail. But just in terms of on-the-job training is very, very difficult for practicing attorneys, as well as judges. I think everybody’s got scheduling issues. They would have to find coverage issues or find coverage rather than leaving the office for a week at a time to attend training.

And then online training, of course, there’s not as much engagement. So I think that these are definitely going to continue. You know, I don’t know what it would take necessarily to get the training into law schools at that level, but it sounds like it’s becoming more necessary to do so.

Si: And I think this is interesting about what Pablo is saying is that, you know, they’re doing training and they’re taking this training about what they’re doing out to the various European countries. And I think it would be interesting to hear, you know, who are you actually managing to reach with it?

Pablo: Yeah, I think there are many challenges, right? As we are seeing right now, that is the challenge of bridging the gap between these different profiles. Also, trying to foster the use of common platforms rather than different platforms for everyone, foster the use of a golden standard.

I like the word golden standard, but trying to foster the use of a golden standard that is mandatory for everyone, and everyone has to follow this standard from a legal perspective. So yeah, from the technical perspective, common tools, legal perspective, coded standard; and from a learning perspective, try to facilitate technical training to people who are not technical.

Christa: Sort of on that note, I know that Project LOCARD is part of a great number of sister projects in the EU with I think some of them are Project GRACE and FORMOBILE and just a number of others. And the paper listed a lot of them, if not all of them.

And then of course, you know, we’ve got the existing platforms and tools in the commercial sphere. What are your thoughts on how everyone is working to improve all of these different situations that we’ve been talking about between evidence and training and so on without duplicating efforts?

Pablo: Very good question. I think you did very good research because you have mentioned most of the most important projects in Europe. Yeah, FORMOBILE they did a great job. They are more focused on mobile phones rather than the platform, but they did a very good job in my opinion. And I think you touch on a very important thing here. So the problem in Europe, sometimes this is going to be our secret, okay. The problem…

Christa: It’s going on a podcast.

Pablo: It is going to be our secret, yeah. One of the main problems in Europe is that some projects don’t have any impact once they finish. And that’s a big problem. So I think we should try to find synergies among these projects and build a common, maybe, big platform or kind of big repository with all this knowledge, all these results in order to facilitate the use of all the results.

Because the problem I have found in all the projects is that, yes, you are working for your project, you finish the project and you don’t have any impact. I’m a real European believer and I really want to improve how things are going. So I think that these projects are building very, very nice things. And for example, with FORMOBILE, I think that we can integrate the results that they have had with phones into the LOCARD.

So we can try to build a bigger platform that is providing solutions to phone devices, to mobile phones and also to other kinds of devices because LOCARD is providing a solution. So I think we need to find synergies and try to adapt all these results for a common goal.

But also I have to say that the commission should maybe provide or facilitate these synergies once the projects are finished.

So they should be kind of, as I said before, for a common repository to put all other results there, and the commission should be responsible maybe to promote the use of these results, or a specific relevant player has to promote the use of these results, because sometimes it’s a responsibility of the specific partner of the consortium that they have to promote the use of the platform.

But maybe the commission has to foster the use of these results. So I think we need to find a way to exploit the results in a much more efficient way than the one that we are doing right now, because many projects will be lost in the future. They are going to be lost and that cannot happen.

So maybe European bodies should be more aware about the results that these projects are having and the commission has to find tools to foster the use of these results.

Christa: Well, Pablo, thank you again. It’s been a really interesting and enlightening conversation. We appreciate you joining the Forensic Focus Podcast.

Si: Very much so, yeah.

Pablo: It has been a great pleasure, really, Christa, I hope to see you soon, maybe here in Barcelona? You’re invited to have some beers.

Christa: Thank you.

Pablo: Free beers for everyone.

Si: Sounds wonderful.

Christa: Lovely. Thanks also to our listeners. You’ll be able to find this recording and transcript along with more articles, information and forums at Stay safe and well.

Leave a Comment

Latest Videos

Digital Forensics News Round Up, February 28 2024 #digitalforensics #dfir

Forensic Focus 29th February 2024 4:58 pm

Digital Forensics News Round-Up, February 21 2024 #digitalforensics #dfir

Forensic Focus 21st February 2024 6:19 pm

Alan Platt, Professional Services Consultant at MSAB, discusses his experience as a former UK police officer working in digital forensics. He talks about the different levels of digital forensics capabilities within police forces and how MSAB products like XAMN and XEC Director are used by frontline officers versus lab analysts. 

The discussion covers how MSAB partners with law enforcement to develop custom workflows for mobile device acquisitions that facilitate ISO compliance. Alan explains MSAB's managed service offering, where approved MSAB staff can remotely access a customer's XEC Director server to assist with software updates and troubleshooting. He emphasizes the strict data segregation policies enforced by customers to prevent MSAB from accessing any sensitive case data.

Looking ahead, Alan mentions MSAB's new CEO and hints at some exciting developments coming down the pipeline. He spotlights recent enhancements to XEC Director's speed and database functionality for managing large estates of networked Kiosks. Alan also plugs the new XEC Director training he created to help users fully leverage the platform's capabilities.

00:00 – Introduction to Alan Platt
07:00 – Training
12:00 – Workflows
17:20 – Ensuring a secure environment
19:45 – Customer training
20:35 – Helping customers comply with ISO accreditation
25:00 – Validation and verification
27:30 – ISO standards
30:00 – MSAB’s pipeline plans
32:40 – XEC Director 
43:45 – Privacy of user data

Alan Platt, Professional Services Consultant at MSAB, discusses his experience as a former UK police officer working in digital forensics. He talks about the different levels of digital forensics capabilities within police forces and how MSAB products like XAMN and XEC Director are used by frontline officers versus lab analysts.

The discussion covers how MSAB partners with law enforcement to develop custom workflows for mobile device acquisitions that facilitate ISO compliance. Alan explains MSAB's managed service offering, where approved MSAB staff can remotely access a customer's XEC Director server to assist with software updates and troubleshooting. He emphasizes the strict data segregation policies enforced by customers to prevent MSAB from accessing any sensitive case data.

Looking ahead, Alan mentions MSAB's new CEO and hints at some exciting developments coming down the pipeline. He spotlights recent enhancements to XEC Director's speed and database functionality for managing large estates of networked Kiosks. Alan also plugs the new XEC Director training he created to help users fully leverage the platform's capabilities.

00:00 – Introduction to Alan Platt
07:00 – Training
12:00 – Workflows
17:20 – Ensuring a secure environment
19:45 – Customer training
20:35 – Helping customers comply with ISO accreditation
25:00 – Validation and verification
27:30 – ISO standards
30:00 – MSAB’s pipeline plans
32:40 – XEC Director
43:45 – Privacy of user data

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_ifoHVkjJtRc

How MSAB Is Managing The Digital Forensics Challenges Of Frontline Policing

Forensic Focus 21st February 2024 3:07 pm

This error message is only visible to WordPress admins

Important: No API Key Entered.

Many features are not available without adding an API Key. Please go to the YouTube Feed settings page to add an API key after following these instructions.

Latest Articles