Teaching Digital Forensics With Professor Sarah Morris

by
Listen on Apple Podcasts Listen on Google Podcasts

Si: Welcome friends and enemies to the Forensic Focus Podcast. Today with us, we have a genuine rockstar of the digital forensics scene in the UK. I would say, star of stage and screen. I think stage is upcoming. When we talked on Wednesday, you were getting the local theater troop integration going with Southampton University. So, the stage is yet to come, but I know you’ve been on TV. But Professor Sarah Morris from Southampton University, head of the digital forensics practice there, setting up an amazing course (he says unbiasedly being part of it, but there we go. There’s nothing like free advertising!) But in the vein of things that we have both done previously. And we’ll talk about that as we go ahead. So, thank you very much for joining us today. Really appreciate it.

Sarah: No, thank you for having me.

Si: So I’ve…I’m gonna say it’s a good introduction, but I’ll let you go ahead and tell us a little bit about yourself. And, yeah…go for it.

Sarah: Oh, okay. Well, I’ve been doing digital forensics over 15 years now. Started at Cranfield learning under Tony and Brian. Did a PhD looking at data recovery of thumbnail caches, and then stayed on in academia, but I’ve been doing case work the whole time. And when I took over the unit, oh, years ago, I branched out into more civil intelligence, all sorts of things, including working newspapers as well as criminal, which I found was good for the mental health of the team. And then about 10 months ago, moved over to Southampton and we’re developing a digital forensic capability here, which is fantastic.

Si: Now you have quite an interesting reputation in the field for being very good at dealing with weird things. I know that you’ve been involved in creating robots that search for digital evidence in a crime scene. And you’re…we…I know we’re building a crime scene room! (He says, with fore knowledge that his partners do not have.) So tell us a little bit more about some of the…and I’ll give you free reign to talk about ones that you want to talk about here, because I know that you’re sick to the back teeth of certain other things. But can you tell us a bit about your interest in odd stuff?


Get The Latest DFIR News

Join the Forensic Focus newsletter for the best DFIR articles in your inbox every month.


Unsubscribe any time. We respect your privacy - read our privacy policy.

Sarah: Odd things? Well, I think that came from being at Shrivenham and that…legacy of doing the things that no one else knew how to handle. So ended up looking at the, you know, less run of the mill sausage factory cases and the things that people were struggling with or the things that were new and unusual. So ended up doing a wide variety of cases, including the infamous washing machine and the garage door in various bits like that, which are interesting, but not the most technically challenging cases I’ve had. Just the most weird and unusual, like, why are we using over a hundred gigabytes of storage on a IoT garage door? And why are we creating bespoke file systems for these things? I mean, it’s just weird.

And then moved into…and I think this all spanned from those cyber dogs, the electronic storage detection dogs, and really deciding that as a computer geek, there aren’t many opportunities where we get to work with dogs and wanting to work with a dog as a dog lover. And we were told, “no, we can’t have a dog”. So we built a robot instead to do electronic storage detection and trialed it in a variety of scenes. Mostly corporate, looking at how we could use it to create hotspot maps of environment to save us time. You know, like every unit, we were short on staff and we called them Sneaky Peaky version one. And then we ended up with a more static version 2 called Crafty Fox.

Si: And this is doing, sort of, wifi…sorry, not wifi radio frequency based stuff, isn’t it?

Sarah: Yeah, a whole spectrum on the comms side. And it been great really because since I’ve moved to Southampton, we’ve got an incredible range of comms experts and some absolutely phenomenal Faraday Labs and anechoic chambers that we can work in to really enhance that capability. So we’re moving forward…looking at the less obvious signals that are being emitted to see what we can do with those.

Desi: So when you first started talking about how you built the cyber dog to do some of the work for you, like, I don’t come from a background of policing, digital forensics or that space at all. Did they have dogs that sniff out, like, hard drives and phones and stuff?

Sarah: Yeah. So…oh, years ago now they started in America having these electronic storage detection dogs and, you know, phenomenal opportunity. And I think it was Devon and Cornwall over here had the first ones in the UK. And we were absolutely fascinated. So we did some work with chemistry professor Jackie Avens’ team, looking at the specific chemicals that were being used by the dogs and that we could enhance for the trainers. So, we did some work with local law enforcements about that, and it became clear that we could work with the dogs, but we were never going to get a dog of our own. So that’s why we ended up with a robot. Less mess, less chaos.

Desi: Yeah, that’s fascinating. And you mentioned also right at the start you do all the weird things that a lot of people don’t do, like, not sausage factories. Have you done a sausage factory before? Or, like, a weird factory story that you have where you’ve had to go do digital forensics on some weird place?

Sarah: So, I have done forensics on a rock factory. You know, the rock you get at seaside, the long sticks. So a small corporate job there. That was fascinating. I got far too excited by watching how they make the rock and how they build it up. But…

Desi: That is interesting. It’s when you get into those niche cases, they’re good stories. That’s awesome.

Si: So: brain, back on track! Are we okay to talk about some of the ongoing projects that we’ve got?

Sarah: Yeah, absolutely.

Si: Good. So in the radio frequency sphere there’s the Faraday bags. Now this was a fascinating thing that, sort of, came up. We, oh…I mean, Desi, you know what a Faraday bag is, I’m sure. But for the benefit of anybody who doesn’t, if you get a device which has a network connection…wireless network connection, whether that’s to the cellular network or to wifi, you wish to isolate it, but in a physical way.

So, you have these things based around a piece of work by the physicist Faraday (Michael Faraday? I can’t remember.) And effectively it’s a wire cage or a wire bag that you put things into, and then radio frequency signals can’t reach it. And we use them a lot in law enforcement. We use them a lot for protecting devices. But there is a preconceived idea that you buy a bag and that it continues to do everything that it’s supposed to do. But like all bags, and you know, for those of us that have a gym bag that’s been carried around a fair bit, you find that sooner or later the bottom falls out of it.

In much the same way, Sarah’s been starting to do some research on what happens to a Faraday bag when it’s been used a lot. So, you know, can you tell us where we’re going with that one?

Sarah: Yeah, sure. So, it was an initial idea I had after working with…so, the lovely Dr. John Painter at Cranfield who does all the microscopy bits there. And he was showing me about material failures and how it’s not always obvious to the naked eye that materials have failed. And at the same time we had reusable Faraday bags coming in for environmental and resource reasons. And it struck me that we weren’t actually on the ground testing and looking at those.

John and I with Melissa Haki, we did a pilot study earlier this year looking at some basics. And it turned out the initial assumptions that a lot of the failures were going to happen where we couldn’t detect them with naked eye was valid. And we saw a lot of ways that the bags could be damaged and it just wasn’t being picked up. So, this further study that we’re doing at Southampton is really utilizing those wonderful labs we’ve got in the high power voltage with the anechoic chambers and the Faraday environments to look at using mock cellular towers to do a more advanced rig so that we can really strength test those bags.

But not only that, create a small unit that law enforcement can take away that does these tests automatically, that they can stick in a bag, even if they don’t have a Faraday cage, and then get a mini test. Obviously it won’t be as full as if they’ve got the full environment, but it should be enough to show whether the bag is at risk or working relatively well.

Desi: What’s the risk there? Like, a lot of the time in incident response in digital forensics, people buy these tools to test and calibrate and then they’re like, “okay, we’re sweet”. And then no one ever tests the testing device to make sure that that testing device is actually telling them that their bag’s fine. So is the proposal there as well for them, like, they’re rotated out, or is it just, like, they have to manage it themselves? Like, how logistics wise has that been thought about at this point?

Sarah: Yeah. It’s a good question. So the idea is that the device will be part of a…one on the outside of the bag, one on the inside of the bag. And what we’re proposing and what we’re going to test in the trials is whether having three is enough so you can kind of rotate in and do those checks with the third one that will do calibration, kind of, as a man in the middle. We’re not sure if that will be enough or if there are other ways of doing it without a third device, but from initial checks that’s where we’re thinking. And that will be Raspberry Pi based. So as long as we can get Raspberry Pis, we’ll be fine!

Desi: So as long as it’s just not a massive demand again, and you can’t get one for, like, 11 months.

Si: Yeah, I heard from my brother-in-law that they’re back in stock now because he’s just bought one. I hear graphics cards are on their way out again this morning. Apparently there is huge demands now for those for AI as opposed to for Bitcoin mining, but, you know, there we go. But Southampton’s very interesting in that as an Enterprise University, they actually have, you know, the capability to do things. And Sarah is Director of Enterprise for the School of Electronics and Computer Science. So, what exactly is that doing?

Sarah: So, one of the things that really attracted me to Southampton is that it’s, you’re right, it’s not that traditional academics theory based culture. We have a triple helix that is really important and embedded in everything we do, where we look at education, research, and enterprise.

So everything we’re looking at, we’re trying to have that real world impact as we go. And enterprise activity, that can be everything from general consultancy to the kind of casework I do, is actively encouraged. We want things that are directly helping the world. And I think that’s fabulous. So, my role as Director of Enterprise is to bring all my experience from my advisory and my casework to help those in the school who want to build up more of an enterprise portfolio in whatever shape that makes sense for their discipline.

Desi: That’s interesting, because it’s often a, kind of, topic that Si and I talk about a lot where we find there…especially like as we both go to conferences, there’s always a disconnect between a university doing research and they’re putting it out and you’re like, “oh, this was in a tech blog five years ago. Like what, how is this novel to them?” But it’s just because it wasn’t in the literature.

How, like, from your perspective, how do you find that that is across other universities or other places? Or is this something that is quite new within the UK? Because even over in Australia, like, I can probably only think of maybe one or two universities that would be doing something similar, but on a very small scale, in a very niche area within cyber.

Sarah: Sure. I mean like the practitioners, you know, as a practitioner myself, I can find it… (it says “app not in focus.”) So as a practitioner, I can find it quite frustrating at times when some of my more academic colleagues come along with great theoretical solutions that just wouldn’t be practical for a variety of reasons in the real world. I was really lucky that when I started, I was straight in with Tony and Brian…

Si: Sorry, let’s just chuck some context into this: Tony Sams and Brian Jenkinson were Professors of Forensic Computing at Cranfield. And they basically were the foundation of the entire field of digital forensics in the UK! I think that’s a fair approximation, isn’t it? And apart from being absolutely wonderful people and human beings and incredibly knowledgeable about it, they were in at the beginning. Tony wrote the paper on the Telnet protocol when the internet was invented, which is kind of cool. And Brian was head of Cambridge Fraud Squad for a long time while fraud was still done on paper, and then when computers came in, got into it that way. So they are, you know, hugely knowledgeable people who came to set up the first ever forensic computing department in the UK.

So, when we’re talking about Tony and Brian, that’s who we mean! We both trained under them and they had a certain ethos and je ne sais quoi in the way that they delivered, which, you know, I think lives on in all who have been lucky enough to have met and been educated by them. So, anyway, I apologize for interrupting, but that…we’ll just put that clarification in!

Sarah: No, I completely agree with you. And I think in the UK, certainly when I started being trained by Tony and Brian, you know, it was, and it still is a really good marker for if you survive their courses, you know your stuff. And I think Jeff Fellow’s angle as well, giving you that defense than that slightly different spin was also super, super useful. But the one thing Tony and Brian made very clear to me from day one was if I wanted to be an academic in this field, and if I really wanted to make a difference, I had to do casework. And I was just really lucky that at Shrivenham that was something we were encouraged to do from the beginning.

So, I started, as you do, as an acquisition officer, getting the data off and helping with little bits like that and then moving on to doing so like case work. And as I say, there are a variety of case work types. So, I think it really does make a difference, not just in the way I approach the research, but when I’m talking with the advisories and also when I’m talking to other practitioners, you know, being able to give your war stories, being able to justify when they’re going, “well, why on earth would I consider this?” Being able to put it in that context of you really understand and get it. Such a key difference. And something I’d recommend

Desi: When you talk about practitioners there, I’m interested in understanding what the general pathway is. Like, are they students that are coming through the program and they becoming academic and practitioners themselves? Or are they more from industry coming in doing research? Like, which is the majority?

Sarah: So, for me, I do both. So, with, you know, for the past 15 years, mostly I’ve focused on practitioners, but now I’m at Southampton. We have undergraduate and master’s programs that are part of our NCSC Academic Center of Excellence. So they’re all accredited courses in cybersecurity, so I’m adding the digital forensics, kind of, flavor to those. But Si and I are also setting up some brand new short courses that will, like my previous work, all be practitioner focused. So some of those will be entry level for people going in, but I’m very much of the opinion that this field moves too quick and there’s too much to know that, you know, we need to focus on CPD for those that are there as well. Everyone and anyone!

Desi: I was actually just reading your…Si sent me over your website before, and I was having a look through your research outputs and the top one in 2023 caught my eye. And as I was scrolling through it, I love the, like, the very end. And we’ll post all the links for the listeners and viewers to look at this. But it was like, “summing up…” I guess I’ll give the title. So, “we’re making a list, checking it twice, gonna find out what makes digital forensic examiners suffice.” I love the rhyming there. And then at the end it was just like, “therefore, in answer to the question, are you an expert? The answer is, it depends.” Which is my favorite DFIR quote, when anyone asks you anything, you’re like, “it depends.” And then you can kind of spiel into it. But maybe you could, like, cover off in a little bit of what prompted doing that paper and then I guess the…what you found from all the research from it.

Sarah: Oh. So, I mean the paper really came about from…so I’m now on a number of advisories, you know, and I get out a lot. And in my new role at Southampton, it’s kind of very key that I’m dealing with industry across all sectors, not just digital forensics. And I’m seeing that practitioner academic distance happening more and more. But also as we shift in digital forensics to…in the UK the forensic science regulator things coming in, there’s more and more discussions about what makes competency in digital forensics, what makes an expert.

And this was really a bunch of us that are practitioners who’d been doing it for a long, long time. I think the shortest on that paper’s about 5 years, but most have over 10 years experience in casework in the field. It was a discussion on what we felt the key skills were, what we’d seen evolve as it was coming through, and really looking at the literature and how that kind of supported what we could pull out. And I think it was just, you know, one of those, we felt it needed to be published.

Si: Yeah. I mean, I think, you know, certainly looking at what gets published as a whole, there’s a lot of stuff that comes out about…and as you pointed out, some of it quite delayed. But a lot of stuff that comes out about technical aspects. And there’s a lot less that comes out about, not necessarily philosophical aspects, but things like: what is an expert? What is privacy? What is, you know, what is the acceptable relationship between defense and prosecution? You know, all of these things that are inherent in the concept of providing a fair trial.

And the industry, certainly academia seems very, very focused on…or digital forensics academia seems very focused on the technical aspects and doesn’t engage enough with the social sciences and the other aspects to push it forward. So the fact that, you know, you are in a position a) to write papers like this, but also, you know, you are on the biometrics and forensic ethics group. The idea that the government actually has an ethical consulting group to go to ask about these things. Not (with no offense to the group), but not that they seem to be listening to you! But, you know, the theory at least is good. How have you found the process of engaging with government at such a level? I mean, you know, I’ve not done it, so I have no idea!

Sarah: Well, I mean it’s a great honor to be invited onto the group anyway. And Mark Watson-Gandhy, who is head of the BFEG Group, is the most amazing barrister I think I’ve ever met. He is like Tigger when he talks about geek things, and yet his primary area of advocacy is insolvency law related stuff. But he’s an absolute delight to work with and the kind of challenges that we get presented with, the kind of conversations we get to have, it’s really nice to have.

But I think like ethics discussions across the board, one of the things you see, you know, we see it all the time at university. Students will come to you with ethics when they’ve already made their mind up about a solution and then trying to embed ethics into it. What with BFEG we’re really working on, and, you know, and at Southampton as well, is that real, can we embed ethics as we go? As you should with ethics as a problem. But yeah, whilst I can’t talk for BFEG, my experience of it has been amazing. Just so many cool people and so much interest in making the world a better place.

Desi: So that’s at a government level…is it that ethics committee comes together to try and advise the government on ethical decisions around tech and…

Sarah: So, I mean, if you look at the BFEG website, the kind of things that BFEG’s commissioned for come from all over, but it’s primarily related to home office and people who come in and query it. There’s a lot more goes on than obviously I get involved in. But yeah, it’s a good group and it’s very well known. And it takes on its own commissions as well, not just those that are given to it. So things that the members are passionate about, which I think is really important.

Si: The British government has been quite proactive recently, I think is fair to say, in starting to set up some of these groups. I don’t know how long…biometrics…I remember seeing the call for members going out, which I mean that was…it could only have been a couple of years ago. I don’t know if it was around longer than that. But yes, and, you know, working within the Home Office, the Home Office deals with all of the policing and the, well, basically the home. So the UK administrative stuff, as opposed to the Foreign Office, which deals with stuff elsewhere, and is marginally less concerned about ethics, I think, I don’t know! That’s where James Bond lives, so probably.

So, okay. Well, I mean, I’m going to say the other thing that I’m very intrigued about because something that you know infinitely more about than I do, and I’ve started to see the labs coming together, is that you do so much truly low level forensics, like Chip-Off, scraping away things and resoldering stuff to be able to access things. A) how did you get into this? Well, actually, why did you get into this? How did you get into this? And where’s it going? Yeah, go on.

Sarah: Okay. The why: well in the UK when I was younger (which is starting to feel like an absolute eternity ago), as a woman you know, when it came to designing technology lessons, electronics and woodwork and things were frowned upon still. So once we did a little bit on rotation, when it came to options later on, if you even suggested it, you were very much pushed towards cookery and things.

So, it always felt that little bit out of reach, and yet something that when I tried it was really exciting and I was really good at, compared to cookery, which I usually suck. But anyway, so I did computer science, which again, you know, when I did my degree, I was one of a very small number of women. I mostly sat in rooms just full of men. And so there wasn’t really that kind of option. But when we were doing some stuff not long after I’d taken over the group, we got some options to do some more electronics things.

And in the workshops, at the time at Shrivenham, the Head of Electronics was a woman called Stacy. We actually have a couple of papers together on Chip-Off. And she was very passionate about it, and she let me sit in the workshops and, kind of, learn and gave me some kits to learn. And I just found it fascinating as the rest of the team having this opportunity to learn things were becoming more embedded.

So, for me, strategically, it made sense that at some point we were going to need the multidisciplinary skillset, so why not get ahead of the curve? And now I’m at Southampton, you know, it’s electronics and computer science, which is amazing because no one, kind of, defines themselves as one or the other. Everyone can look at everyone’s notes, everyone can use the facilities across the board. And now there’s just so many opportunities to, kind of, increase that knowledge and grow. Like, the first thing they did was put a full electronics bench in my office, which I think was brave of them considering the number of times the building has burnt down already!

But you know, so yeah, we’ve kitted the lab out in the same vein, I very much believe that we should have those facilities. I’m not saying everyone will do everything. Certainly people will have niches and things they’re more interested in, but the facilities should be there, and people should have the opportunity, regardless of who they are to go where they want to go.

Si: No, I think Chip-Off is absolutely fascinating. I must admit, I can’t wait to be handheld through it, through a course to come and listen and to learn. So that’s really exciting. Now, we’ve sort of talked about Brian and Tony and the course now that you’ve also presented I know to the BCS in the UK. I saw you present at the the UK Teaching Forensics conference. Your approach to teaching is beautifully insane.

Sarah: Thank you…?

Si: You’re welcome. It’s creative and novel. And do you want to talk us through that? Because I do actually think it’s genius, so, you know…

Sarah: Well, that’s good considering you’ve agreed to work with me, otherwise this probably wouldn’t work! Yeah, so I mean, it’s no secret I spent a couple of years as a high school teacher before I did my PhD because at that time…so I’d had a number of bereavements on the degree, and a careers advisor thought that would be a good place to go and get myself mentally together. In retrospect, that’s probably not where you put someone if you want them to, kind of, sort themselves out. But I love teaching and I love engaging.

And one of the things teacher training taught me, other than the teacher stare, which is so useful when you’ve got law enforcement in the room, so, so useful. Is about the fact that they were saying, “oh, you’ve got to use the, the popular culture references. You’ve got to do it this way.” And I found that wasn’t working for me. And I found very quickly that when I engaged with the students in a way that worked for me and was fun for me, but also took into account them. So, for example, I had the most adorable Year 7 class, and we learned PowerPoint sounds with Old McDonald, because that worked for us as a room.

I don’t think it would’ve necessarily worked for every other teacher, but for that combination of students and me, that was the right way to go. And we had a great lesson and the observer was shocked, because they were like, “oh, it doesn’t involve top trumps,” or whatever, you know, the craze was at the time. I’ve kind of followed that through and, you know, watching Tony and Brian do their crazy scenarios, and they got dressed up and they got very into it. I’m not an actor, I’m a geek. So we’ve gone a bit more virtual, but doing the same kind of crazy gamified…every module is a scenario. So we’ve now got this wonderful world called Cyberly that is this technology hub, and it’s got all these wonderful buildings, everything from a zoo to a offshoot of Santa’s, you know, workshop, to all sorts, bowling alley, museums, you name it.

And we’ve got a mock detective agency called Bites and a set of villains called Villainous Ventures Incorporated. And they get away every module, like some kind of Scooby-Doo, Inspector Gadget style villain, you know, always at the end like, “oh, we’ll get you next time, Bite.” And it’s just this gamified, like you say, chaos, but when you go in the room and you kind of do that Tiggery, bouncy, how I lecture (I know no other way) and you instill that energy and you make it fun, and it’s not too close to the kind of casework that they’re doing, the students get so excited.

So, I’ve had practitioners who, you know, have been doing the job years and years, and we’ve had vampire serial killers, and they’ll still, when they see me and we’re, you know, having chats, they’ll go, “oh, I remember the Oliver Duncan case and the, you know, vampire serial killer.” And I just, I think it’s so much better mental health wise and for fun and really ensuring that we’re focusing on the technical, not anything that’s going to trigger or make it, you know, too dark, I guess.

Si: I mean, I think it’s brilliant and, I mean, I remember…funnily enough, when I went for…to interview for the, for the…not for the position, for the place on the Cranfield, I had a very serious talk with…I can’t remember who it was now, but somebody sat me down and went, “look, are you really, really sure you want to get into this, because this is the sort of thing you’ll be dealing with?” But that doesn’t mean you have to keep reinforcing that at every stage during the lectures, you know.

After somebody has acknowledged…and especially for these police officers who quite possibly have already been doing this for some time, to take them out and give them something else is hugely valuable. But I mean, I think you’ve gone about it in a way above and beyond because you’ve made a lot of use of things like the Adobe suite for creating characters and voices. You’ve gone to the extent, I mean, the script writing is great. There’s a lovely…I saw it in the demo of at Warwick, one of the things that you end up doing is phoning the IT help desk during this process, and then it just rings out just like phoning a real IT help desk!

So, you know, it is brilliantly conceived and an absolutely wonderful way of doing it. But actually as an overall…it’s not pedagogical because that’s teaching children, but the, whatever the adult equivalent is, that the actual whole approach to it is incredibly well thought out and really, you know, brilliant. And I think it’s something that we should look at instigating wider afield for forensics, because I think it’s important…because it doesn’t restrict you in getting the technical concepts across. If anything else, actually, it enables you to create a stupid, amazing scenario whereby you can throw technology at it in a way that would never actually stick in the real world so that people can do it. And it only gets richer as time goes on as well, which I think is brilliant.

Desi: I think that’s a good saying though. Like, it kind of is for kids. I always…when I create content or I’m doing content and it’s stuff that I really enjoy, I always like to say, “treat me like an intelligent five-year-old”…that…just go back to basics and step me through, like, especially if it’s learning. But yeah…

Si: It just reminded me of a story I told my daughter the other day. My eldest just interviewed for a job and she felt that the interview had gone terribly and she was really depressed about it. But in fact, she’s got the job and she’s doing brilliantly! So that’s great. But at the time she sort of phoned me up and I said, “look, you know, I actually went to an interview and I basically told the interviewer that his children were stupid and they still offered me the job, so I wouldn’t worry about it too much. But he was like, during the interview, he was like, ‘could you explain this concept?’ (It was VPNs.)

He said, could you explain this concept as if you were explaining it to an eight year old?’ And I had two two kids. One was eight, one was six at the time. And I explained it as I would’ve explained it to my children. And he went, ‘I’m not sure an eight year old would’ve understood that…’ he said, ‘I’m not sure my eight year old would’ve understood that.’ And I said, ‘well, mine would have, so…!’” Anyway, so yeah, they still offered me the job, so I must’ve done something else right during that interview. But yeah, so all good there.

But no, I think that’s brilliant and it’s really exciting to actually be part of that. And everybody seems to love it. Anytime you talk about it, everybody seems to love it, which is clearly a great thing. Oh, and actually, while we were talking about content that (Des, sorry, I slide this one, and we’ve done our free advertising, let’s get Desi’s in)…while we’re talking about content creation, Desi has his own other podcast called Nearly Adequate. Sorry, I’m going to have to go back and check.

Desi: Hardly Adequate.

Si: Hardly Adequate. Hardly Adequate.

Desi: …is my podcast, yeah.

Si: Yeah. And we will put links in the show notes to that because it is great fun, and I thoroughly recommend that you go in and listen to it.

Desi: Less digital forensics focused. So the…I avoid overlap. I bring the guests for digital forensics here and then cyber general incident responses on the other one.

Si: And the Discord channel is fascinating.

Desi: Lots of crabs.

Si: Lots of crabs. Way more crabs than I was expecting.

Sarah: Okay.

Desi: I’m so just, like, I guess another slight plug for the podcast. But I’ve been doing a lot of human interest stories where I just interview people about their pathway into this. Like, kind of like this interview where we get to know people and that. And one of the questions I always ask is, like, “what are your side hobbies?” And there’s some very interesting responses I get from people’s side hobbies. Like, I found out one of my friends was at one point really into breeding rare tropical shrimp, which I didn’t even realize was a thing. And people send them in the mail, like just in sealed letters that have like a little bit of water in them and stuff. And I was just like, “what?” There’s, like, shrimp in the mail. But yeah. Weird stuff. But I guess that’s a question for you, Sarah. Like, do you have any weird and wonderful hobbies other than creating all these vampire serial killer scenarios?

Sarah: Well I like drawing, and I like going out exploring places, but because obviously what I do and being a geek, I don’t like having my photo taken, so in a bid to have fun, and he’s lingering off stage, but Smudge here gets in all the photos. So there’s a photo of him at the BBC studios, and on a cannon, and no matter where I go, he has a fun photo taken and has an Instagram page with over a thousand followers that all…

Si: Wow! We will link to this because I didn’t know this existed, and I will be joining it, so that’s fun.

Desi: That’s fantastic.

Si: Yes, Smudge. I saw…you sent me directly, but I saw that he was in Liverpool the other day doing Beatles things!

Desi: Does Smudge have a story? Like, how did Smudge come about?

Sarah: Well, so, you know, teddy bears everywhere anyway, but it was one of those things where I was just trying to have a bit more fun when I was out, not long after I found out I was autistic and I, you know, like going out alone and I wanted to make it more fun, but I did not want to be in the photos like everyone else. So I put him on a cannon at Edinburgh Castle and then it kind of grew, and now he goes on the school outreaches, and everyone knows Smudge and asks more about what he’s up to than what I’m up to. And I don’t know if I should be offended, but…

Desi: Well, he’s got an Instagram, like…

Sarah: Yeah, exactly.

Desi: That’s probably why. Everyone’s following his life!

Si: I think…just sort of, you’ve mentioned it and I know we’ve talked about it a little. But there are two things that you’ve mentioned in this. One is that you’ve said, “as a woman you’ve found that things are very difficult.” And I know certainly for a couple of my students, they found you very inspirational. Sarah and Jenny have both said that, you know, you were hugely inspirational to them and feel that way, but you’ve also involved in plenty of women in STEM and other outreach programs like that. And, and also you said, you know, you’re autistic and you’ve mentioned to me that you like to help other people feel that they can do things. It’s not a label that should be put on someone in any negative capacity. Can you tell us a little more about that in a way that’s good for you?

Sarah: Yeah, sure. So, I mean for a long time I was beating myself up that there are some things I struggle with and other things like maths-y computer stuff that seems to come, I’m told, easier than for some other people. And I thought it was just me and I thought I was useless. And we’d got short staffing at work and I was getting very anxious. So, you know, they had me on meds and things for anxiety. And it took a few years before someone even broached that maybe anxiety was a symptom rather than the actual problem. And that maybe I might be autistic.

And I was mid thirties and I felt like someone had just punched me in the gut because I did not really know what it was. I’d got this kind of image of Sheldon Cooper in my head from the Big Bangs Theory, and I thought, “Oh, I am that different. I’m, you know, like that, that’s it, I’m screwed.” And, you know, it took a lot of going through all the testing, learning about it to realize it’s really not that bad. It just means I think differently. It means I have different strengths.

Turns out I can be quite creative and quite unique in that way. And as we’ve shown with the teaching, that can come in super useful. But the one thing I wish I’d have known, like being a woman and having access to electronics, was that this is okay when I was younger. You know, I wish I’d seen more people with it and maybe someone would’ve noticed sooner or maybe I might have had a clue that it’s okay to struggle with these things or be different.

So, all of my outreach, all of, you know, when I’m posting about it on Twitter, is just trying to normalize the fact that this is okay, you know, that it’s okay to be different. And look, I am not even 40 yet and I’m a professor at a Russell Group, living my best life and my dream. So, you know, it doesn’t hold you back. It’s actually quite cool.

Si: It’s actually very cool! Oh, good stuff. So what’s…I mean, obviously, you know, setting up the department, but anything else exciting on the research radar that you and I have talked about that we haven’t mentioned yet?

Sarah: Oh, well, you know, setting up the new labs we are going to have a opening for that. We’ve got a beautiful new crime scene room that I’m so excited about. Although the mannequins are starting to scare people in my office, so we might have to move those! And we’ve got a big research lab, a case work lab and far too much (as Si mentioned) electronics kit. It felt like Christmas opening all those boxes!

We are doing a crime scene app research project, which is more, I think it’s going to have some CSI use, but also more your private investigator market in terms of making evidentially sound photos that can easily be viewed. So, kind of a spinoff of an EWF container. What else are we up to? A lot more mental health work, actually. I’ve seen a lot of practitioners I care about have time off over the past couple of years. And one tragically gave up his life and I just feel like we’re not talking about mental health in this space enough.

So that’s a big thing we’re doing. On the chatty IoT. So we’re doing a lot of things about network traffic and smart fridges, you know, because it’s a step away from a washing machine…ish! So yeah, covering all the weird things.

Desi: That was the only other thing Si sent me before we started this was he was like, “she’s done a forensic analysis of a washing machine.” And so if we hadn’t brought that up, I was definitely going to bring that up because that sounds interesting.

Si: I’m sorry. I apologize!

Sarah: Was it a smart washing machine? Is that why? Was it linked to a crime? Is that also why?

Sarah: Yeah, so it was in Europe, not a UK case. Someone had done something quite bad and there was no real CCTV or witnesses and, you know, not enough, but they’d got intelligence, they knew who they wanted, so went round to their place. Person was alone, had, like all these people, lost their mobile phone. As I say, no one else there and produced a pile of wet laundry and said, “I was at home doing my washing.” And some person decided to seize the washing machine. And then no one knew what to do with it, but they knew that it could be turned on with a mobile phone.

So, one of the people I had trained, and they thought I might know, and called me up Sunday afternoon and said, “would you like to do one?” And I genuinely thought it was a joke, so I said, “of course I will analyze your washing machine!” Until it arrived at the lab, which was a difficult thing to explain. And then we had a look, but because the washing machine had an embedded board and we couldn’t find a way of acquiring it, the JTAG ports had been completely destroyed. We had to do Chip-Off. Anyway. And it used all kinds of bespoke things on the chip.

So we ended up going through goodness knows how many washing machines, doing small reverse engineering style experiments to work out, you know, if we just set it going with the phone, if we set it going with the buttons, what we can get. So, I had what felt like a washing machine graveyard (not the most environmentally friendly case I’ve ever done), and managed to reverse it to prove it was turned on with the phone. And we could show there was a unique GUID for each phone attached, so we could show the phone. Then eventually they recovered the phone. Could prove that it was definitely that phone, and prove that that phone wasn’t on the local wifi. And yeah, so…

Desi: That’s super interesting.

Si: Yeah.

Sarah: But the scary thing about the washing machine was it was recording how long from when the cycle had finished till you pressed to open the door, which I feel like is really making me feel bad about the length of time it takes me when I do my washing, you know, to actually go down and seems an unnecessary thing to store!

Desi: I thought you were just going to talk about privacy or something, but you’re just feeling judged by the washing machine!

Sarah: I was so judged, so judged!

Si: I’m deeply disturbed because I am incredibly good at putting things on and then forgetting about them, and then going back and then putting them on again because they…by the time I get round…

Sarah: Oh, it flags that.

Desi: Yeah, I’ve done that lots where I’ve had to do two loads of washing on the same load because I’ve left it overnight and it kind of stinks.

Si: Yeah.

Sarah: Yeah, no three models we looked at flagged if you ran a load twice without like changing…so the weight hadn’t changed in the drum, which again, you know, it’s just…

Si: It’s weighing your laundry. Well actually I know mine weighs my laundry because it then calculates (in theory) how much water it should use. But I’m hoping it’s dumber than that because yeah, it doesn’t…I can’t turn it on with my phone.

Desi: Now I’m just concerned that like, like I’m getting YouTube statistics sent back to Samsung from my washing machine and they’re just, like, looking at my report and they’re like, “Alex is a lazy piece of shit. Doing two loads of washing on the same load. He’s not hanging it out.” Someone in Korea is judging me, for sure.

Si: Yea, absolutely. You and me both Oh dear. Right, well I think that that’s a good note to end on. Now we’re all embarrassed about our capabilities. Yeah, at least we’re putting it in the washing machine. I suppose there’s an upside there! Sarah, thank you so much for coming on and talking to us. And there will definitely be updates coming onto the channel as to what’s happening in Southampton. Now I am fortunately and formally actually announced as a member of the team, which is wonderful and really exciting. And sooner or later I might get an email address, so, that would be great.

Sarah: One step at a time, Si.

Desi: Yeah, it’s making me feel jealous. I feel like I want to come over and, like, study there now. Sounds awesome With all those…

Sarah: Anytime. And some of it’ll be online as well, so you’re more than welcome to see the chaos online.

Desi: Oh, that’s cool. Yeah, that’d be sick.

Si: So, yes in summary and by way of conclusion thank you so much for joining us. Thank you very much for everyone who’s listening, we are available on all the usual channels, Apple Pod thingy, Spotify…

Desi: Apple Podcasts, Spotify, Google Podcasts. I think iHeartRadio. Pretty much anywhere you get your podcasts from.

Si: YouTube. On the Forensic Focus website (that thing that we, you know, we were actually here for…)

Desi: And…to point out there’s transcripts on the website as well for accessibility for those that that want to read it.

Si: And sometimes they’re entirely accurate! My favorite one was early on I said that I was a “sys admin”, as in systems, and they had me down as cis, as in C-I-S, as whatever the gender thing is now! So I was a cis admin, which I thought was great. But I did have it corrected nonetheless! So anyway, thank you very much everybody. We will talk to you soon. We have upcoming podcasts with Gavin and oh, crikey, who’s your friend, Des?

Desi: Ah, Selim.

Si: Selim, yes. On getting…on changing into the industry and later education in life. We have an upcoming podcast with somebody else who you arranged for next week, so I can’t tell you what it is.

Desi: Yeah. So, BSides Presentation, Ryan Williams is coming on to chat about hacking SS7, which is essentially what BGP is to the internet, is…SS7 is to mobile phones and networks. With a focus on trying to help domestic abuse victims. So that’ll be…his talk was amazing, like, when I saw it, so it’ll be really exciting to have him on.

Si: So, we will be back. We’ve sort of been a little away for a time. Not that you will have noticed because we had stuff in the bank, but you know, we are…

Desi: Shh! Don’t tell them.

Si: That’s it, how the sausages are made! But it’s all good. It is all good, and we are all still here and we are all still producing new content, so we will catch you soon. Thank you very much for joining us. Take care.

Desi: Thanks all.

Leave a Comment

Latest Videos

Forensic Focus

Forensic Focus
Read more at https://www.forensicfocus.com/news/digital-forensics-round-up-may-15-2024/

Read more at https://www.forensicfocus.com/news/digital-forensics-round-up-may-15-2024/

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_AfSiWHngSnw

Digital Forensics News Round-Up, May 15 2024 #dfir #computerforensics

Forensic Focus 15th May 2024 4:55 pm

Read more at https://www.forensicfocus.com/news/digital-forensics-round-up-may-15-2024/

Read more at https://www.forensicfocus.com/news/digital-forensics-round-up-may-15-2024/

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_Mqq8XgKvup4

Digital Forensics News Round-Up, May 15 2024 #dfir #computerforensics

Forensic Focus 15th May 2024 3:58 pm

In this webinar, David Spreadborough, Forensic Analyst at Amped Software, provides a closer look at those important early stages in investigations involving video evidence. Starting with establishing the integrity of the digital data and evaluating the authenticity of the produced visual image. From demonstrative timelines to speed estimation, the evidential foundations are paramount in every case. Failure to consider these steps and misinterpreting the data can cause unnecessary delays, mistakes, and potentially even miscarriages of justice. Amped FIVE is used to conduct data analysis, file conversion, and assessment of image reliability. Useful links: Amped FIVE - https://ampedsoftware.com/five Video Evidence Principles - https://blog.ampedsoftware.com/2023/0... CCTV Acquisition introduction - https://blog.ampedsoftware.com/2023/0...

In this webinar, David Spreadborough, Forensic Analyst at Amped Software, provides a closer look at those important early stages in investigations involving video evidence. Starting with establishing the integrity of the digital data and evaluating the authenticity of the produced visual image.

From demonstrative timelines to speed estimation, the evidential foundations are paramount in every case.

Failure to consider these steps and misinterpreting the data can cause unnecessary delays, mistakes, and potentially even miscarriages of justice.

Amped FIVE is used to conduct data analysis, file conversion, and assessment of image reliability.

Useful links:

Amped FIVE - https://ampedsoftware.com/five
Video Evidence Principles - https://blog.ampedsoftware.com/2023/0...
CCTV Acquisition introduction - https://blog.ampedsoftware.com/2023/0...

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_dnSPwNdMn5M

Investigating Video: The Vital First Steps

Forensic Focus 13th May 2024 10:09 am

Load More... Subscribe
This error message is only visible to WordPress admins

Important: No API Key Entered.

Many features are not available without adding an API Key. Please go to the YouTube Feeds settings page to add an API key after following these instructions.

Latest Articles

Accelerating Evidence Analysis: An Investigator’s Take On The Advantages Of Media Acquisition From Detego Global
News

Accelerating Evidence Analysis: An Investigator’s Take On The Advantages Of Media Acquisition From Detego Global

ByDetego Digital ForensicsMay 16, 2024
The Differences Between Full Disk And Triage Acquisition
News

The Differences Between Full Disk And Triage Acquisition

ByCado SecurityMay 16, 2024
Digital Forensics Round-Up, May 15 2024
News

Digital Forensics Round-Up, May 15 2024

ByForensic FocusMay 15, 2024
Investigating Video: The Vital First Steps
Webinars

Investigating Video: The Vital First Steps

ByAmpedSoftwareMay 13, 2024
Forensic Focus Digest, May 10 2024
News

Forensic Focus Digest, May 10 2024

ByForensic FocusMay 10, 2024
Oxygen Forensic® KeyDiver
Webinars

Oxygen Forensic® KeyDiver

ByOxygenForensicsMay 9, 2024