The following transcript was generated by AI and may contain inaccuracies.
Rajkumar: All right. Now, let’s wait for a few more seconds or maybe a minute for people to join in. Hello everyone. We are giving another minute for people to join in so that we can get started with the session.
Okay, I could see a lot of smileys and party poppers and smileys coming in. Thank you everybody for joining the session today and welcome everyone on behalf of Exterro. So I would just want to give a quick introduction about the session Exterro Inform, which is a virtual conference.
So we are very happy and we are proud that this is the first session for the day, collaborative forensics, overcoming challenges in multi-jurisdictional investigations. So thank you for people running. Good morning, good afternoon, and even good evening if somebody has joined from Australia.
So a quick introduction about this Exterro Inform. First of all, I, on behalf of Exterro Incorporated, I welcome everybody for this virtual conference, Exterro Inform. We are very glad that you have joined.
So to give a brief about this initiative, Exterro Inform is a full day event, which features 15 region specific webinars led by various industry experts, who are experienced in digital forensic and in incident response. So every session is going to be a 50 minute session, and in this 50 minute session, we will dive into key challenges like collaborative forensic incident response on the cloud and various insider threats.
So some housekeeping rules for the webinar, for all the attendees. You could go ahead and submit your questions anytime in the question window. And if you would like to join the next webinar after each and every one – so this is the first session, so if you wanted to jump into the next webinar, you don’t wanna log out, you don’t want to get into a different link, just simply stay online and you would be automatically routed or redirected to the next session.
And it is just the same join link for each and every webinar. If you want to take a break and if you wanna come in after some time, yes, there’s the same link. Just stay put on mute, pause, then you can join in. And this webinar will be recorded and we will share the recording with all participants of this webinar in the next few days.
So I think we are good to go ahead. And once again, welcome everybody, and especially welcome to all my co-panelists. And I would want to take a moment or take very quick minute to introduce myself. My name is Rajkumar and I’m the regional director of sales and consulting for digital forensics incident response and data privacy, basically data risk.
And I’m with this organization for the last six years, and overall I come with 16 years of experience in the industry globally. So we have some of the renowned speakers joined with me today, Mr. Rohit Hira, Mr. Ammar, and Dr. Rajesh Kumar. So I would want to hand it over to you esteem speakers to give a quick introduction about yourself.
Mr. Rohit, can we go ahead and start with your introduction please?
Rohit: Yeah, so good morning to all. Good evening. It’s a worldwide event, so people is joining us around the world. So let me introduce myself. I am Rohit, I’m working in Punjab Police from the last 10 years.
And I’m take care of Digital Investigation training and Analysis Center of Punjab Police. So we have a state level lab. So I am the lab manager and we have taken care of all the digital forensics, extracting data from the laptops, mobiles, drones, IOT devices. So that’s me. That’s me.
Rajkumar: Thank you. Thank you Mr. Rohit, for your quick introduction. So let’s jump on to Mr. Amer. So over to you, please.
Amar: Yeah, good day to all. I basically head the cyber cell of the Railway Protection Force, which is the Ministry of Railways, government of India. So this is the first cyber cell of Indian railways and also the FICCI Award winner for 2020 for cyber management.
And we are principally dealing into illegal cases and all railway property related offenses. So whatever digital devices we get, we do the forensic analysis, imaging and all social media patrolling and all those activities go on in the cyber sector.
The railways actually started with this binary initiative to basically secure the railway network. And there are lots of things lined up and we’ll be able to deliver a lot of on the front of cyber safety security for the people. Actually, we’ll be traveling by the Indian railways.
So thanks again and thank you for giving me the opportunity to share my thoughts on this particular topic, which is of top relevance. And in fact, I would like to quote one of the lines from the Honorable Prime Minister of India. That is, when threats are global, response cannot be local.
So the response has to be global. We have to all collaborate and do our best to keep communities safe and do better for the society. Thank you.
Rajkumar: Absolutely. Absolutely. What a great quote to start the session with. Thanks Amar, sir. And it’s great to see people joining from different parts of the world, from India, from Sweden, and different other countries.
Just one quick request speakers, when some one others are talking, I request the rest others to go on mute because I can see the comments from the audience saying that there are some background noises from someone. So if I’m talking, maybe rest of the others can just go on mute.
So over to Dr. Rajesh for a quick introduction and then let’s dive into the topic for today.
Dr. Rajesh: Good morning to all esteemed participants and Dr Rajesh Kumar especially. Thank you so much for inviting me in this prestigious conference online. And my name is Dr. Rajesh Kumar.
I am a certified digital forensic examiner. And presently I’m posted in a State Photo Bureau at Patna. And previously I am working in forensic science Laboratory last 15 years.
And we are doing in my expertise, in fact in digital agency as well as in cyber crime investigation also. And these are my fields, and we are doing in this fields investigation and as well as forensic.
And one of my interesting field is training of all these esteemed domain like judicial academy and police academy. These are my hobbies to trained all the police officers to do judicial officers and prosecution officers also. So this is my sort introduction and I would like to thanks Rajkumar again to giving me a chance to share my thoughts here in the esteemed participants.
Thank you so much.
Rajkumar: Thank you, sir. And we are very honored to have all three of you. And thanks to the, our, my employer Exterro for organizing such a creative event. And thanks to Exterro’s marketing team for that, let’s dive into the topic for today.
And before we get into the questions, so to make the session more interesting, we’ll be having few poll questions or Q and A today. So audience, this is for you. What do you think is the most significant challenge in digital forensics today?
Option one, is it handling the encrypted data? Or the challenge for you is managing large volumes of data, or ensuring evidence integrity, or keeping up with the evolving technologies, which is the most significant challenge for you in digital forensics today? Can you just put your answer and submit so that we can see what’s happening?
And let’s see. I know before we get into the next slide, we can, we would wanna understand from you, I am waiting to see the answers so that we see what’s the score of each and every option. What do you think is the most significant challenge in digital forensics today handling encrypted data? Or is it managing large volumes of data, or is it ensuring evidence, integrity, or keeping up with the evolving technologies?
All right, so the most important part of, for today, collaborative forensics overview. So there are a lot of, forensic significance, so collaborative forensics and its significance in modern investigations. And why does it matters?
So is it because of the complexity of modern digital environments, or we have various other options. Can we start to understand from you Mr. Amer, what do you think about this? What are your thoughts on this? About the complexity of modern digital environments and, and why does it matter?
Amar: Yeah, coming on that is there are a lot of disciplines which are involved. It is not just one area. You’ve got mobile forensics. You have got network forensics. So a lot of domains are there.
So we need experts from all domains because they’ll have deep, have deep knowledge and can be carrying a lot of experience behind them to actually, decode issues like, for example, malware is there. You want to go and reverse engineer malware. So that requires a different level of expert expertise if you see cryptocurrency that do the chain analysis and all that.
The not a single entity actually will be able to handle this kind of scenario. So we, you need domain experts, to handle various disciplines which have come which have evolved eventually over time actually.
Rajkumar: Great. So we could also see a few other significance in the modern investigations like resource sharing and efficiency, enhanced evidence, integrity, and together collaboration, joint expertise and training, and the global legal compliance is across the globe.
Rohit, could you add your thoughts on this, please?
Rohit: Yeah. In today in modern world, every criminal is using Tor VPN. So it’s very difficult for the law enforcement agencies to tackle on these crimes. So there is a I think there is a need of global legal compliance.
So there, there must be some common tools to the all law enforcement agencies. There. There’s some sort of SOPs, some sort of procedures so that you have to share your knowledge to investigate any sort of crime.
So in today’s world, the AI is advancing so fast. AI is every day there is so many AI is coming. So there is need of a joint exercise between the law enforcement of different countries to interact with each other, to train each other, to share the knowledge.
Then only we can tackle this modern cyber crime.
Rajkumar: Definitely. So the role of AI and all of the things that you talked about, it plays a vital role in this modern cyber crime and in this digital world. Thanks for adding that Mr. Rohit. Dr. Rajesh over to you.
We would like to hear from you about your thoughts and also your experience on, this challenge these areas.
Dr. Rajesh: Okay, thank you. Actually Rajkumar, you just imagine our judicial system is obviously no very techno savvy. And our policing is not very techno savvy, but our criminals are very tech savvy. So these are major challenge.
We just enlighten you that enhance digital integrity is a major challenge. Integrity of digital evidence is a challenge because we have we don’t know how to maintain the chain of custody, how maintain, how to preserve the digital evidence, how to identify the digital evidence. These are the major things.
That’s why our digital evidence, integrity of digital evidence is never consolidated present before the court. These are the things, this is a very poor in our policing in our investigation.
And one important things is interdisciplinary nature of cyber crime is another challenge in our investigation, in our integrity of evidence because in cyber crime. All the traditional crimes are converted on the cyber crime murder theft life all theft ATM theft, password theft.
These are the things that is traditional crime is change over to cyber crime. So we are as an police officer, as an law enforcement agency, we are not able to understand this changing in changing dimension of crime in cyberspace. This, these are the challenge.
If we understand that sifting pattern of crime in cyberspace, we, if we understand how it work, how they do cyber crime, then we easily integrate our evidence if we found in our investigation if we found ips in our investigation. We never understand how to present before the court of law because their appreciation before of court with only we present IP address with Section 65B certificate is not good enough to admissible in court because many conditions are involved in the 65B certificate.
If we are only getting all the details from the Facebook and present as per IO, we present a Section 65B certificate. It’s not good enough. To appreciate before the court. So these things are obviously challenges new challenges in our appreciation in court.
And the another thing is volume data of handling volume data in our digital devices. In fact I see I seen many times that our investigating officer asked me to give me all the data of mobile, all the data of computer, this type of question raised, unnecessary complexity in our investigation because a lot of things in our mobile, in our computer.
If we don’t ask pinpointed question in our request or in the Forensic Science Laboratory in the examiner always keep all the data and send it to IO. And in the in the, if we are seen in page number wise 500, hundred thousand pages report, FSL was send all the IOs.
And many times in our FSL, we are sending lots of reporting lots of papers because they ask that all the data in our mobile, in the exhibit as a mobile or computer we need. So if we are aware about it, which data we needed, which data is important in our investigation, that’s. If we need know that, then we easily find out the evidences in the, all these data.
If we don’t know what we want by FSL, that’s huge data, obviously a challenge for us in our examination. In fact, as an examiner, we have also facing the lot of problem because they ask all the time, we need all the data.
And in obviously we know in and a mobile, in a single mobile have one TB, two TB data because clouds data also involved in mobile. So these are the things these are the things is a challenge in our investigation, in our forensic examination also. These are the view in this topic. Is my topic. Thank you.
Rajkumar: Thank you very much. Thank you very much. So mobile and all those data play a vital role today, as you rightly said, until, unless we nail down to the specific data what is needed and why is the need on all those things.
Rather just going ahead and asking for, gimme everything that you know that is required. It takes a lot of time to solve those cases and everything. You rightly pinpoint that.
And I would also want to second you one more thing. Obviously, law enforcement is smart, but the cyber criminals are all those the bad guys. They are, they’re becoming more smarter today, so we need to be, if they’re running a hundred miles per hour, we need to be, thinking about how can we run 200 miles per hour so that we cover everything and we solve these things.
Thanks for your thoughts on that, Dr. Rajesh putting all your efforts, thanks to all three of you for putting all your blood and sweat in terms of making the cyber world a safe place. I would wanna give some extra time on this slide. Challenges in multi-jurisdictional investigation.
I wanted to go, one by starting legal and regulatory difference. I wanna hear from all three of you for all this, four or five pointers. So maybe we could start with Mr. Amer. So what do you think about the legal and regulatory differences?
Because there are lots of laws and regulations coming up. Even if you look at, on the data side there are a lot of data protection regulations coming each and every day. Very recently, we had one a year back. We had DPDP, and before a few years we had all this GDPR and POPI and all those things.
This is just on the data protection side. So what do you think about these variations in laws, regulations, and compliances?
Amar: See, legal aspect, I would say that, many of them escape actually. Citing legal procedures from actually providing data. I would not want to name any vendor in particular, but there have been issues, where we have been asking for KYC in illegal e ticketing cases.
And some entities have a procedure where, they say that, okay, we ask the criminal that somebody’s asking your data and then we’ll give you, whereas in Indian scenarios they’re, they’ll ask you two questions, whether you want us to block the account or you just want the data. So these kind of, these are all practical scenarios, what we face, while collecting data.
Then, there are other something called MLAs, actually mutual legal assistant treaties. If you don’t have that then they say no. You first come through the MLAT. So where in India we have CBI actually through CBI, we try to connect to the evidence what is required in our cases, and another good initiative.
What the Indian government has taken is by launching the Bharat Pole. So through Bharat Pole and Inter Interpol will be having access to 195 countries who hopefully in future definitely will be able to solve multi-jurisdictional cases in a more systematic and better way.
And as Dr has rightly said, all the aspects, what you’ve explained about, IO asking about the data and stuff. So we also get a lot of those cases where, they don’t know what to ask. So it becomes very difficult actually to, scan the data and try to find out. Then we use our own logic to find out what evidence is relevant to that particular case.
Coming back to, legal regulatory requirements. Actually they’ll have to have some standards, where, for collection of data from various entities, cloud providers. You get all these some of them are using disposable email id, so that particular server and that particular company may be operating out of us.
So then, trying to get the details from them is going to be truly challenging. Legal aspects, definitely GDPR. I know we have DPDP ACT in India also. So we have to comply with those regulations also. So we have to be very careful.
And I would also like to tell you that there is, there’s only one convention which has come the Budapest Convention on cyber crime. So that is where the world has got together and they understand importance of, solving cyber crime cases, which have global ramifications.
On that, that is one. Then they have the Global Forum for cyber expertise. They have the Interpol Cyber Division, which actually also coordinates, and then we have the European Union Euro poll also. And then we have the ASEAN Cyber Crime Cooperation.
So a lot of lot of people have come up, A lot of co agreements have happened. But then, when it comes to the practical scenario, there are a lot of obstacles. It is not that easy. It’s not a cakewalk. You just go and apply and you get your data.
It doesn’t happen that way. You have to do you have to go up go for the diplomatic channels. You have to. You have to do a lot of hard work when you know you’re trying to get data out of some third place that is across your jurisdiction. So those are my thoughts on the the legal and regulatory environment.
And then other thing, what before I conclude this point is we need to have a pool of legal experts actually and if they are technological experts, then will be a huge advantage to ourself. Because when you know technology and when you law, law, you stand in a better position and you better appreciate the case and you are, you understand the language of what the other person is trying to say.
Those are my thoughts on the legal and regulatory aspects.
Rajkumar: So thank you. Thank you very much for that. So that’s a rare combination or maybe an interesting combination, techno legal, which is much needed nowadays. Thanks for bringing it up.
And also thanks for talking about the Budapest convention, which harmonizes the national laws on cyber crime, and also it helps to improve various investigation techniques. Thanks for bringing that in Any country or any, specific state or county in different parts of the world.
If you’re trying to develop a national legislation on cyber crime, I think this could act as a, a guide for them. Thanks for adding your thoughts on that. Moving on to Rohit, sir, in your world, how does this legal and regulatory differences works?
What are the challenges that you are facing or you think everybody else, would be facing on these aspects?
Rohit: So well in, in, in this scenario. So we are facing a problem related to the MLAT because it take one year, more than one year to the, to get the reply back from MLAT and and in if we talk about India, we have only 39 countries, which is covering under MLAT.
So the criminal is very smart. They are using the, the VPNs of that particular country, which is not under the jurisdiction of MLAT. So that are the main challenges we are facing.
As far as this topic is concerned we have very good coordination as well. Like NCMEC National center for Missing and Exploited Children. So they are sharing the tip lines at real time of CSA related investigation.
So the, they have a coordination with the Interpol, so they send and if anyone surfing or sharing data related to the CSA, then they capture the live IP address of that. A culprit, then share it to the Interpol. Interpol is a nodal agency for that.
And after that, Interpol connect with the concerned embassy. Embassy. And then to if we talk about India, then Ministry of Home Affairs is a nodal agency, and they segregated the, based upon the IP addresses, they segregate all these tip lines to the different state of India.
So I think the tip line, the National Center for Missing & Exploited Children is the one of the best collaborative case study where the live data, they are capturing the live data of the criminals and sharing it to the agencies whole throughout the world.
And secondly, there is another project week. I know Exterro is also the part of Project Week International. So they are also have a collaborative platform for, you have to assess the platform.
You have a different stakeholder throughout the world, whether it’s related to the bank, whether it’s related to the cryptocurrency, whether it’s related to the law enforcement. They have sharing their thoughts. They have a good tools where you can use open source tools to investigate your cases.
So project week the NCMEC and there is another tool, currently used by meta ai. So meta AI is using the real time. They capture the data of if anybody anyone write likes to put the suicidal things on Facebook, Instagram, then on real time they capture the IP and they send it to the like in if we talk about Punjab, I’m the Nodal officer for the Punjab.
So at real time, within five minutes, I get the call from the US that someone is trying to commit the suicide. And in one case scenario, within 15 minutes we saved the life of one person. So the meta AI is one of the best example of collaborative forensics. So we have to adapt such kind of, technology in the world to make the world safer.
Rajkumar: Thank you very much for that and for everything that you do. A lot of people joining in from different parts of the world, from Sweden, from Romania, from Japan, a lot from India, and a few from different Southeast Asian countries.
Thanks audience for joining. Please, I mean our experts are sharing various insightful information today, so if you guys have any specific questions on the slides that you see, please feel free to post your questions so that we can get expert opinion on these areas.
So moving on to the other areas, I would want to combine everything. Interests of time. So various challenges in the multi-jurisdictional investigation like the coordination among agencies. So there should be a proper communication on a collaboration between various forensics teams and various law enforcement agencies.
And this includes various language barriers and cultural differences in the investigative approaches. And also when it comes to even Amar was talking about the techno-legal combination where technical or the technology plays a crucial role.
What about the technical challenges handling encrypted data and cross-border data storage and the sensitivity of the time? Because when it comes to forensics, everything is urgent, right? What about the time sensitivity challenges and short of resources, resource constrained challenges?
So I would want all of you to address. Everything together. Maybe Dr. Rajesh, would you like to start here addressing all these areas In the interest of time, we would wanna combine everything together, please.
Dr. Rajesh: Actually coordination among all the stakeholders among the. Across the globe is very important in our investigation because if we don’t have any collaboration coordination among the all the IT major stakeholders globally, we do not achieve the purpose of our investigation.
In many times, we see that in our invest in, in fact, in our neighboring country, Nepal, we don’t have any MLAT with her with him. And these are the very surprising fact that we don’t have we have very limited MLAT with all the countries.
We have, as Amar said that only 39 countries in our MLAT. This is the major challenge, and the, another challenge is. MLAT is a service provider like Facebook and Facebook, Twitter like service providers are using like a weapon when they understand they send the details.
Otherwise they ask you, come with the MLAT. And we all know that the MLAT procedure is a very lengthy process if they ask to come through the MLAT. This is obviously a lengthy process.
So in out of 10, seven cases, they ask MLAT. They ask us to come through the MLAT. This is the major challenge. They in under another challenges is under coordination among the judicial officers, our expertise, in fact, limited resources and expertise in this domain measure challenge.
In fact in our country, also in our police department, in our forensic department, we don’t have expertise in the particular domain of cyber forensic or cyber investigation. These are the things, this is very challenging for us.
And this is obviously they all data preserved in the cloud in the different servers. So it is very time sensitive job to investigate in the limited timeframe frame if we if service providers are not compliance on the on time, all the details providing us, obviously our investigation in delay.
And we are failed to produce this evidence before the court of law. These are the challenges.
Rajkumar: Thank you very much for that. Mr. Rohit, would you like to add your thoughts about all these other challenges, please?
Rohit: Yeah, so I just add to the Amar sir. So if we we get the delay in the mutual legal assistance plea, then there might be possibility of you don’t get the data from the service provider in India because as per the your ministry of department of telecom guidelines, you have to have two years of data.
So if you get the MLAT related information after two year, then there is no point of such information for the law enforcement because after two year, do you, you not get any, information from the service provider. So time is a very important concern in this regard.
Other challenges we are facing is the technical challenges because in one cases you have different, digital devices. You have IOT devices, you have cloud, you have mobile, you have laptops, you have drones. So a lot of, different type of dataset you have.
So it’s very difficult for the one investigating officers, to technically handle all these digital evidence. So in that scenario you have to have a different stakeholder come together public private partnership. You needed public private partnership.
So one of the best example in public private partnership is the, the cyber dome of Kerala. So they have a very good collaboration with within the, public and private sector. And they do a joint exercise. Every year they have a hackathon and other events.
They are established with the private vendors. So there is a lot of information exchanges. So I think the technical challenge, you have a lot of data and different data and cloud is one of the, very difficult to handle because you never know where is the data stored.
So it’s very difficult to, to imaging the, cloud data and to identify the cloud. Where is the data store and today world the virtual machines the criminal using VM virtual machines. So they are placed in the different countries.
So we don’t have the MLATs treated with that countries. So these are the technical challenges very, important.
Dr. Rajesh: Thank you in fact, Rohit you just agree with me a different domain. We, it is not possible for us to expertise in every domain of our investigation. So it is very important to expertise in the particular topic, particular domain.
We just assigned our officers in a particular domain so that they get expertise in that domain. We are just depending upon forensic labs, we are depending on in in fact in many times, in even in crime scene.
We, our police officers are never understand how to collect evidences from the crime scene, how to generate the, hash value of the digital evidence. These are the things we need. I think if we have expertise in that type of domain if we are assigned this job to a particular police officer, particular personnel is very useful for us and public-private partnership here is another good things to do.
We are in our investigation.
Rohit: So I agree with you Rajesh. So the main issue is the capacity building. So you have to, train your people. So if I yeah. So capacity building is the main important expect. So if we talk about Punjab, so we have the different cyber cells in every districts.
So we have provider, all these the latest tool and equipment to handle the. Digital evidence and we provide every month we provide capacity building trainings to the, all the, technical guys placed in the on that cyber cell.
So though, so you have to take some responsibility as well because handling a digital evidence is a very tedious task. And there is a shortage of expert everywhere in, not in India. In every part of the world, there is a shortage of the cyber expert. Yes.
Rajkumar: Exactly. Exactly. So thanks. Thanks Dr. Rajesh. Thanks Rohit for your thoughts. Amar, would you like to add your thoughts very quickly before we, we jump onto to the next question to our audience?
Amar: See resource talking about, resource managing time and resource allocation. So there are certain areas which might not have the technology for which the US labs might have. So we can actually, when we are handling multi-level investigations, we can come with SaaS as one of the options.
So SaaS is software as a service. So we we give those services and we train them up. What happens is, these softwares are are bought by many of our cyber labs or many of the Cyber Lab worlds World over, but then they fall short on training.
See it’s not about a very generalized training. You need a product specific training. For example, if you take FTK Connect, so if the person who’s handling FTK Connect should be able to know each and every aspect of how the solution is going to benefit the investigation.
And typically in multi-level jurisdiction investigations, we need to have a centralized management system, which will take care of tagging the evidence, the the hash value that taken properly, and all the evidence and the preservation part is taken care of. And it doesn’t allow you to deviate from that.
So a central ca central case management system would be one of the best options to handle multi-level jurisdictions. Investigations. And then, when you are handling complex cases, like for example, you go down to the WannaCry ransomware attack case, or you take up the CryptoLocker ransomware attack case.
So there were a lot of joint task force where formed, where professionals work together from private entities as well as the government side. It’s that’s how you work. You just keep your vested interest aside and you just work for the good of humanity.
Because, see, financial losses, typically human trafficking, these are very critical areas, where if you lose lose somebody to human trafficking, then it can be really mentally very taxing and if you lose tens of thousands of dollars in a financial crime. So these are areas which we, where we need to work together.
And we have standardized formats for for software, for data collection. If we go for standardized formats and we have softwares which are going to support various formats, then that will also be helpful.
And another very critical area, which needs to be addressed is the anti forensics, because criminals use anti techniques to so that they don’t, the evidence cannot be collected typically. So when you start a forensic activity, you’ll find a malware running and that’ll wipe up the hot disk and you don’t have anything in your hand.
So these are all areas where we need to work very seriously. And on very important advice, which we have gained through experience is that whenever you’re going to buy a software, please do not buy it. Where it, it is just showcasing some very ideal condition.
You bring that software into your ecosystem, run it on, take, use your evidence, use your own evidence, and try to see whether, how many artifacts it is able to carve out. And then because we faced, I would not blame the vendor again because that will be, we had a we had to collect live triaging.
We had to do in cases where it crashed around four times. And that is pathetic. Better to take the trial and I’m very thankful to Exterro for actually any arranging the FTK trial.
We have, we had Alka coming in from uk, Alka and Vanish. So they’ve been all very supportive during we had, when we had this trial in our lab. These are my thoughts. It’s going to be dynamic and we have to gear up to these challenges. That’s the bottom line.
Rajkumar: What a, what a recommendation for FTK. Thank you very much for that. And nice to hear my colleagues’ names, and yes, FTK has been very supportive for various organizations like yours. Amar, thanks for calling it out in an open forum like this.
Yes, just to, brief it very shortly, FTK Central and FTK Connect can solve all your legal and regulatory differences where you can also coordinate among various agencies, whether they are within the borders or across the borders, technical challenges, time sensitivity issues, resource constraints, everything could, on the training side, again, with those constraints, everything can be solved by Exterro FTK.
Please talk to us and we will be able to help you to solve your data risk challenges, digital forensics and incident response challenges. But anyway, anybody you know here joined us from different parts of the world, Asia, Africa, and, different parts of work.
Are you guys using any platforms like FTK Central to successfully collaborate across borders and within the borders? Are you using it yet? Just try to mention it in your comments.
If you are interested in knowing more about it, please email us at marketing@exterro.com and some of our team members would be reaching out to you very quickly. We have exactly 16 more minutes, and maybe we can very quickly run through the next few slides.
Yes. Audience, another interesting question for you. What do you think is the biggest challenge in collaborative forensics for multi-jurisdictional investigation? We have talked enough about it. Our experts have shared their, various insightful information about those challenges.
So according to you, what do you think is the biggest challenge in your world? Is it differences in the illegal and regulatory frameworks, or is it the technical barriers like encryption and data access? Or is it lack of effective communication between agencies or delays caused by bureaucratic procedures?
What do you think is the biggest challenge? Feel free to share your thoughts and maybe we can discuss about it very quickly. Jumping on to the next slide, we have two or three more slides, but I would want to, we have six important areas, what they consider to be the key strategies for overcoming challenges.
Harmonization of legal and policies, various legal policies, enhancing the communication mechanism, the collaborative mechanism, the trust factor, and the innovation and technology, and how could we leverage international organizations like Interpol Europol, and how could we jointly work with them in terms of solving bigger cybercrime cases and the standardization of forensics tools and procedures and addressing various data privacy, which is another major challenge.
So Dr. Rajesh, maybe can I ask you to share your thoughts on. Legal and policy harmonization and how we could enhance the communication collaboration mechanism on the trust factor. Dr. Raj, I’m sorry. You’re muted. Can you please unmute yourself?
Dr. Rajesh: Yeah, I’m, yes
Rajkumar: you are. You are. Go ahead.
Dr. Rajesh: Yeah, actually legal of across the country is obviously different and are things we are challenging facing because everything law in our country, in our in our obviously different. So that this is the challenge and if we have any own law for all the all type of crime.
If we are talking about pornography, child pornography globally they are, they can’t accept it. So we have a law that ban the country.
Rajkumar: I think we have some internet connectivity issues with Dr. Rajesh maybe I think Dr. Rajesh, you can just check your connection. Mr. Rohit, can you please talk about your thoughts on the technological innovations and how we could address the various data privacy concerns? Yeah,
Rohit: so well technology play a crucial role because I mentioned earlier there is a lot of data. In one, one case I have a case study with me. I will discuss later. So in one case, you have a lot of data, so you have to have AI based solutions.
So you have some, you mentioned earlier that Exterro Central. So central is a very good tool. I use it for my trial work, for my trial. So you have to have a different, investigating officer working together.
In one case they have a different viewpoint. So you have so you need such kind of, technology where different mindset with different people, different cyber experts of different, because every, investigating officer is having a different mindset for every case.
So you have all the collaboration, needed in one case. So two, like FTK Central, you have a different people working together in a single case, not even in your organization, throughout world. Every, everywhere. You have just give the access to the people and they have their viewpoint on that scenario. So you need such type of technology as well.
Apart from that the main thing is, you have a different workshop with joint exercise with the different experts throughout the world. There is a one group that is scientific working group on digital evidence based in us.
So they have a different, the policymaker different experts from digital forensics field. They have every year they have a two joint meeting. So in this year they have a meeting in Stanford University, and I think in in the month of May, they have a. One meeting in Denver.
So these kind of, the joint exercise play a crucial role for future, how to tackle with the future crimes. So that’s my thought on this.
Rajkumar: Thank you for that. And, thanks for highlighting the various features, interesting features of FTK Central. Yes. As Mr. Rohit was mentioning cross collaboration, adding multiple offices and assigning them, providing them a role based access control. Everything is possible with FTK Central.
Please talk to us to know more. And Amer, could you address your thoughts about leveraging international organizations like Interpol and Europol, and also how we could standardize the forensics tools and procedures? We would love to hear from you on that.
Amar: In fact, Interpol will play a very crucial role as far as, multi-level jurisdiction, multi geography, jurisdictions are concerned. Because suppose you have a case where you have around a hundred cloud service providers and you have to coordinate with them. They are scattered across the globe.
Trying to get data out of them single handed is gonna be very difficult. So when we have got to have an agency like Interpol actually to, coordinate those various aspects and then hand over those data to the investigators and then let them sit and analyze that. So that is very very crucial. So that’s what we need to need to work on.
And then of course, standardization of formats. You have NIST in us, which actually validates each and every software, and then they give you a report also. So that becomes a huge reference point, to actually understand what the software is going to deliver.
Because I find, and in fact there are very, not very standard organization like NIST across the globe. So we need to have organizations like NIST two who can actually validate the software. That is very important.
And as I’ve been saying that once you buy the software after that, the after sales support has to be very good. Typically in India, we face a lot of problem with after sales support.
And and then, I’ve been telling vendors, that if you sell a software, just organize a two day bootcamp so that that will help people understand your software. This, then they’re comfortable using that. That itself is going to be an advertisement. Because he is going to tell that, okay, there’s no nothing like FTK Connect buy, please buy that.
So that’s how it works. So the after sale support is very crucial. You can’t go by generalized procedures. So you have to go pro, you go have to go to the product. That, that is the product level of product level specialization has to happen. Those are my thoughts.
In fact, I’ll just sell, I’ll tell you one incident. What we had actually, we had a case coming in of illegal e ticketing where to actually image the drive and take out the evidence. So we image the drive, and once we took it for the analysis part, it did not allow us to access because it was BitLocker enabled.
Now, BitLocker enabled. We asked a couple of other cybersecurity experts also to actually come in, but they had practically no yes, answer for that. Then what do we do next? So they say that, okay, buy this, buy that. I said, fine.
We sent back the drive to the inquiry officer and told him, make another request, and asked him to disable the BitLocker. So when then the BitLocker was disabled, and then we, it came back to us and we we were able to image and then, get the analysis done.
So these are all, some of the challenges, what you face. And it’s interesting. See there is no substitute to hardcore experience in actually working on cases. That’s the, that helps a lot.
That, again, I’ll say before buying any software, please use that in your ecosystem and then buy it otherwise. Because see, it’s a very resource intensive field. I it’s a dynamic field, so you keep, you have to keep on innovating. If you don’t innovate, you become redundant.
In fact, when we actually were going to buy softwares, FTK actually was oh, it’s that it’s not that competitive, but then Exterro came up and, breed the new life into FTK. So FTK is now back into the game.
So that’s how it is. So there are a lot of softwares in the ecosystem. Case Management and Endpoint solutions. A lot of companies have come up with softwares, but then, you’ve got to pick the right one. Otherwise you are in, you are not going to solve your issues.
Rajkumar: 100%, couldn’t agree more. So just don’t look at the various posts or, various marketing stuffs. Just go and talk to people. Check. You rightly said, check if it works in your ecosystem, if it really solves your challenges.
So FTK is always open for that. And thanks for talking about FTK, the transition of FTK AccessData into Exterro. Thanks for bringing that up. And we are open for trial. We are open for POCs and free licenses and all those things.
Please go ahead and, talk to our different team members, whoever you’re connected with, or if you have still have no idea about where I can start with email as at marketing@exterro.com and some of our colleagues would be able to help you.
We have exactly six more minutes and we have a couple more slides to talk about. I would want to request Mr. Rohit to talk about the one of the interesting case study and the real world example that your organization has. Initiated or taken Mr. Rohit, could you take a couple very quickly?
Rohit: Yeah. So it’s a very, important case study for the collaborative forensics. So that’s a live case. So we have a case in which we busted the call center in Punjab and arrested 155 scammers said.
So they are the scamming the US people, and they have a script with him and they have they’re talking to the people of the US and talk about the loan fraud. You have a low credit scores, so you have to buy some Amazon gift card.
And and there is a handler in us. They convert into the cryptocurrency. And so in that, in, in this case, we get almost 79 laptops, 250 computers. Like almost hundred mobile phone.
So in, in that case, we use FTK we use we have a working license of FTK with us. And we also use trial version as well. So we in FTK, there is a very good feature of they pass the data of mobile phone as well.
So we have find out many crucial evidence related to the victims. They are based in the in us. In, in that in this case the FBI is working with us. So they provided all the data of the victims to the FBI team.
Then FBI team find out the victims in us. And they have a, with the help of video conferences during trial, they are the victim is interviewing with the, judge. Through video conferencing.
So the example I just shown that if it’s very difficult to identify the, you are a victim in us. So if there is no collaboration with FBI then there is, it’s impossible to, to find the victims in the us.
So this is the one of the example where the FBI, along with Punjab police, they help the case and identify of the victims. Yeah.
Rajkumar: Thank you very much for that. So it’s a very interesting case study and thanks for sharing this. So we have three more minutes, and I would like to very quickly talk about the future outlook for collaborative forensics.
So importance of fostering global partnership and the role of emerging technologies and the need for continuous updates. Mr. Amer, can share your thoughts very quickly in a minute and then followed by Mr. Rohit, each one minute, your thoughts, please.
Amar: Concluding thoughts would be like, training is one aspect which we have to focus on. We have to get many more people trained in various domains and and have the right softwares available with us. Wherever softwares are not available, we have, we, we can come up with something called a SaaS, software as a service.
That’ll help a great deal typically in the developing country. Because there’ll be issues with the network and the bandwidth and all that stuff. And then cloud is going to be a little bit of challenging. So we’ll have to work on the cloud part also.
And whenever there is a case with, global ramifications, typically with the on the human on the human trafficking or a financial frauds, we should all come together and exchange our expertise and develop standards. And then definitely we would see a better global picture.
And it’s important, it’s very important that private participation happens because they have taken a lot of effort and in, developing tools. Like they’ve done a lot of research, a lot of money goes into research and hiring the right people and, trying to get get good results.
So we have to collaborate very sincerely. And definitely we’ll be seeing a very good picture. I hopefully a very good picture in the coming years, so thank you. Yeah.
Rohit: So I just conclude the it’s a very, very big topic. Lot of so you need to have a, yeah, as Amar said, you have to have the right tools. So the big players like Exterro, they have to have collaborate with the law enforcement agencies to, train the people of law enforcement and the tool like FTK which that is using all of the, all over the world tools such FTK build a tool which is open source available to the, all the law enforcement of the world.
Because it’s a global issue, you have to have a collaboration amongst the different cyber expert, whether it’s from the banking sector, whether it’s from the law enforcement, whether it’s from the legal side. You have to have one platform.
Just like the Indian Cyber Crime Coordination Center. Exactly. I foresee. It’s an example where the, all you know, there is a helpline 1930, which is the I think the one of the best initiative by the Indian government where all the policymaker, all the banking, the experts, all the fintechs, all the apps, they are all in the same platform working together day and night.
And save lot of money of the people of India. So you have to have, yeah. So you have to have these type of platform required globally to save the world.
Rajkumar: Exactly. Thank you for adding your valuable thoughts Mr. Amer and Mr. Rohit. We are right on time and we have the next session up by one of our renowned speaker, professor Inger, and the interesting topic.
The next topic would be from detection to resolution, a comprehensive guide to incident response in cloud environments. So just please stay on this thank you very much, attendees for attending this webinar, and you can see the next topic.
So just if you wanna attend the next session, just stay on the line and you’ll be redirected to the next session right here. And once again, I would like to take this opportunity to thank you Mr. Rohit and Mr. Amer and also Dr. Rajesh, who has just dropped off.
Thank you very much for your time and your insightful information today. And thank you audience for attending from different parts of the world. Just stay here and you’d be redirected the next one. I’ll see you very quickly in the next session. Have a great day, and thanks a lot.
Amar: Thanks a lot Rajkumar for taking taking the session through. Thanks a lot.
Rohit: Yeah, so thank you. Thank you Exterro. Thank you Raj, for this wonderful session.
Rajkumar: Thank you. Thank you. Bye-bye. Bye.
