[Script Info] Title: [Events] Format: Layer, Start, End, Style, Name, MarginL, MarginR, MarginV, Effect, Text Dialogue: 0,0:00:00.08,0:00:02.20,Default,,0000,0000,0000,,Hello everyone, and welcome to today's Dialogue: 0,0:00:02.20,0:00:05.72,Default,,0000,0000,0000,,session digital forensics, best practices Dialogue: 0,0:00:05.72,0:00:08.52,Default,,0000,0000,0000,,from data acquisition to analysis. I'm Dialogue: 0,0:00:08.52,0:00:10.52,Default,,0000,0000,0000,,Shilpago Swami and I'll be your host Dialogue: 0,0:00:10.52,0:00:13.44,Default,,0000,0000,0000,,for the day. Before we get Dialogue: 0,0:00:13.44,0:00:16.00,Default,,0000,0000,0000,,started, we would like to go over a few Dialogue: 0,0:00:16.00,0:00:18.04,Default,,0000,0000,0000,,house rules for our attendees. The Dialogue: 0,0:00:18.04,0:00:20.44,Default,,0000,0000,0000,,session will be in listen only mode and Dialogue: 0,0:00:20.44,0:00:23.44,Default,,0000,0000,0000,,will last for an hour, out of which the Dialogue: 0,0:00:23.44,0:00:26.16,Default,,0000,0000,0000,,last 15 minutes will be dedicated to Q&A. Dialogue: 0,0:00:26.16,0:00:28.04,Default,,0000,0000,0000,,If you have any questions during the Dialogue: 0,0:00:28.04,0:00:30.52,Default,,0000,0000,0000,,webinar to our organizers or our Dialogue: 0,0:00:30.52,0:00:34.20,Default,,0000,0000,0000,,speakers, use the Q&A window also if you Dialogue: 0,0:00:34.20,0:00:36.44,Default,,0000,0000,0000,,face any audio, video challenges, please Dialogue: 0,0:00:36.44,0:00:38.00,Default,,0000,0000,0000,,check your internet connections or you Dialogue: 0,0:00:38.00,0:00:40.88,Default,,0000,0000,0000,,may log out and log in again. An Dialogue: 0,0:00:40.88,0:00:43.64,Default,,0000,0000,0000,,important announcement for our audiences, Dialogue: 0,0:00:43.64,0:00:46.04,Default,,0000,0000,0000,,we have initiated CPE credit Dialogue: 0,0:00:46.04,0:00:48.60,Default,,0000,0000,0000,,certificates for our participants, and to Dialogue: 0,0:00:48.60,0:00:51.48,Default,,0000,0000,0000,,qualify for one attendees are required Dialogue: 0,0:00:51.48,0:00:54.44,Default,,0000,0000,0000,,to attend the entire webinar and then Dialogue: 0,0:00:54.44,0:00:57.60,Default,,0000,0000,0000,,send an email to cyber talks at e Dialogue: 0,0:00:57.60,0:01:00.88,Default,,0000,0000,0000,,council.org, after which our team will Dialogue: 0,0:01:00.88,0:01:04.16,Default,,0000,0000,0000,,issue the CPE certificate. Also, we would Dialogue: 0,0:01:04.16,0:01:06.32,Default,,0000,0000,0000,,like to announce our audiences about the Dialogue: 0,0:01:06.32,0:01:08.76,Default,,0000,0000,0000,,special handouts take the screenshot of Dialogue: 0,0:01:08.76,0:01:11.40,Default,,0000,0000,0000,,the running webinar, and post in your Dialogue: 0,0:01:11.40,0:01:14.64,Default,,0000,0000,0000,,social media LinkedIn or Twitter tagging Dialogue: 0,0:01:14.64,0:01:18.44,Default,,0000,0000,0000,,EC counil and #cybertalks, we will Dialogue: 0,0:01:18.44,0:01:21.16,Default,,0000,0000,0000,,share free handouts to first 15 Dialogue: 0,0:01:21.16,0:01:23.88,Default,,0000,0000,0000,,audiences as a commitment to closing the Dialogue: 0,0:01:23.88,0:01:26.88,Default,,0000,0000,0000,,cyber security Workforce Gap by creating Dialogue: 0,0:01:26.88,0:01:30.36,Default,,0000,0000,0000,,multi-domain cyber technicians e-Council Dialogue: 0,0:01:30.36,0:01:34.72,Default,,0000,0000,0000,,pledges, $3.5 million dollar towards, CCT Dialogue: 0,0:01:34.72,0:01:37.08,Default,,0000,0000,0000,,education and certification scholarship Dialogue: 0,0:01:37.08,0:01:40.16,Default,,0000,0000,0000,,to certify approximately 10,000 cyber Dialogue: 0,0:01:40.16,0:01:42.88,Default,,0000,0000,0000,,professionals ready to contribute to the Dialogue: 0,0:01:42.88,0:01:44.84,Default,,0000,0000,0000,,industry. Did you know that you can be Dialogue: 0,0:01:44.84,0:01:46.44,Default,,0000,0000,0000,,part of the lucrative cyber security Dialogue: 0,0:01:46.44,0:01:49.64,Default,,0000,0000,0000,,industry, even top companies like Google, Dialogue: 0,0:01:49.64,0:01:53.92,Default,,0000,0000,0000,,Microsoft, Amazon, IBM, Facebook, and Dell Dialogue: 0,0:01:53.92,0:01:56.24,Default,,0000,0000,0000,,all hire cyber security professionals, Dialogue: 0,0:01:56.24,0:01:58.52,Default,,0000,0000,0000,,the cyber security industry has a 0% Dialogue: 0,0:01:58.52,0:02:00.44,Default,,0000,0000,0000,,unemployment rate. The, the average salary Dialogue: 0,0:02:00.44,0:02:02.32,Default,,0000,0000,0000,,for an entry-level cyber security job is Dialogue: 0,0:02:02.32,0:02:05.24,Default,,0000,0000,0000,,about $100,000 per year in the United Dialogue: 0,0:02:05.24,0:02:07.28,Default,,0000,0000,0000,,States. Furthermore, you don't need to Dialogue: 0,0:02:07.28,0:02:09.68,Default,,0000,0000,0000,,know coding and learn from your home and Dialogue: 0,0:02:09.68,0:02:11.28,Default,,0000,0000,0000,,you get a scholarship to Kickstart your Dialogue: 0,0:02:11.28,0:02:14.92,Default,,0000,0000,0000,,career apply. Now, EC council is pledging Dialogue: 0,0:02:14.92,0:02:18.60,Default,,0000,0000,0000,,a 3.5 million CCT scholarship for cyber Dialogue: 0,0:02:18.60,0:02:20.92,Default,,0000,0000,0000,,security career starters, scan the QR Dialogue: 0,0:02:20.92,0:02:22.32,Default,,0000,0000,0000,,code on the screen to apply for the Dialogue: 0,0:02:22.32,0:02:25.80,Default,,0000,0000,0000,,scholarship. Fill out the Dialogue: 0,0:02:28.76,0:02:31.52,Default,,0000,0000,0000,,form. Dialogue: 0,0:02:31.52,0:02:33.80,Default,,0000,0000,0000,,Now about our Dialogue: 0,0:02:33.80,0:02:38.04,Default,,0000,0000,0000,,speaker Dr. Lewis. Dr. Lewis Noguerol is the Dialogue: 0,0:02:38.04,0:02:40.36,Default,,0000,0000,0000,,information system security officer for Dialogue: 0,0:02:40.36,0:02:43.60,Default,,0000,0000,0000,,the US Department of Commerce, no OAA, Dialogue: 0,0:02:43.60,0:02:45.44,Default,,0000,0000,0000,,where he oversees a cyber security Dialogue: 0,0:02:45.44,0:02:47.08,Default,,0000,0000,0000,,operation for six states in the Dialogue: 0,0:02:47.08,0:02:49.92,Default,,0000,0000,0000,,Southeast region. Dr. Lewis is also the Dialogue: 0,0:02:49.92,0:02:51.92,Default,,0000,0000,0000,,president, and CEO of the advanced Dialogue: 0,0:02:51.92,0:02:54.44,Default,,0000,0000,0000,,division of informatics and Dialogue: 0,0:02:54.44,0:02:57.92,Default,,0000,0000,0000,,Technology Inc. A company that focuses on Dialogue: 0,0:02:57.92,0:03:01.04,Default,,0000,0000,0000,,data recovery digital for forensics and Dialogue: 0,0:03:01.04,0:03:03.48,Default,,0000,0000,0000,,penetration. He is a world renowned Dialogue: 0,0:03:03.48,0:03:05.52,Default,,0000,0000,0000,,expert in data recovery digital Dialogue: 0,0:03:05.52,0:03:08.24,Default,,0000,0000,0000,,forensics and penetration testing. He Dialogue: 0,0:03:08.24,0:03:10.88,Default,,0000,0000,0000,,holds multiple globally recognized Dialogue: 0,0:03:10.88,0:03:12.44,Default,,0000,0000,0000,,information technology and cyber Dialogue: 0,0:03:12.44,0:03:15.08,Default,,0000,0000,0000,,security certifications and accredition, Dialogue: 0,0:03:15.08,0:03:17.12,Default,,0000,0000,0000,,and is the recipient of multiple awards Dialogue: 0,0:03:17.12,0:03:19.48,Default,,0000,0000,0000,,in technology cyber security and Dialogue: 0,0:03:19.48,0:03:22.64,Default,,0000,0000,0000,,mathematics. He currently serves prono as Dialogue: 0,0:03:22.64,0:03:25.04,Default,,0000,0000,0000,,an editorial board member reviewer of Dialogue: 0,0:03:25.04,0:03:27.24,Default,,0000,0000,0000,,American Journal of Information science Dialogue: 0,0:03:27.24,0:03:29.76,Default,,0000,0000,0000,,and technology, and is a member of the Dialogue: 0,0:03:29.76,0:03:31.92,Default,,0000,0000,0000,,prestigious high edging professor for Dialogue: 0,0:03:31.92,0:03:34.16,Default,,0000,0000,0000,,undergraduate, and graduate programs at Dialogue: 0,0:03:34.16,0:03:36.72,Default,,0000,0000,0000,,multiple universities in the US. And as a Dialogue: 0,0:03:36.72,0:03:38.92,Default,,0000,0000,0000,,reviewer for the doctoral program at the Dialogue: 0,0:03:38.92,0:03:42.24,Default,,0000,0000,0000,,University of Karachi in Pakistan, he is Dialogue: 0,0:03:42.24,0:03:44.40,Default,,0000,0000,0000,,the author of multiple cyber security Dialogue: 0,0:03:44.40,0:03:46.88,Default,,0000,0000,0000,,publication and articles including cyber Dialogue: 0,0:03:46.88,0:03:49.52,Default,,0000,0000,0000,,security issues in blockchain challenges Dialogue: 0,0:03:49.52,0:03:52.20,Default,,0000,0000,0000,,and possible solution. And he is one of Dialogue: 0,0:03:52.20,0:03:54.20,Default,,0000,0000,0000,,the co-authors and reviewers of the Dialogue: 0,0:03:54.20,0:03:56.84,Default,,0000,0000,0000,,worldwide acclaimed book intrusion Dialogue: 0,0:03:56.84,0:03:58.68,Default,,0000,0000,0000,,detection Dialogue: 0,0:03:58.68,0:04:01.28,Default,,0000,0000,0000,,guide prior to obtaining his doctoral Dialogue: 0,0:04:01.28,0:04:02.80,Default,,0000,0000,0000,,degree in information systems and Dialogue: 0,0:04:02.80,0:04:04.64,Default,,0000,0000,0000,,Technologies from the University of Dialogue: 0,0:04:04.64,0:04:08.04,Default,,0000,0000,0000,,Phoenix. Dr. Lewis earned a bachelor's in Dialogue: 0,0:04:08.04,0:04:11.60,Default,,0000,0000,0000,,sciences and radio technical and Dialogue: 0,0:04:11.60,0:04:14.16,Default,,0000,0000,0000,,electronic engineering Dialogue: 0,0:04:14.16,0:04:15.44,Default,,0000,0000,0000,,bachelor in science in Dialogue: 0,0:04:15.44,0:04:17.68,Default,,0000,0000,0000,,telecommunications, and networking and a Dialogue: 0,0:04:17.68,0:04:19.52,Default,,0000,0000,0000,,master in science in mathematics and Dialogue: 0,0:04:19.52,0:04:20.60,Default,,0000,0000,0000,,computer Dialogue: 0,0:04:20.60,0:04:22.84,Default,,0000,0000,0000,,sciences. Without any further delay, I Dialogue: 0,0:04:22.84,0:04:25.76,Default,,0000,0000,0000,,would hand over the session to you, Dr. Dialogue: 0,0:04:25.76,0:04:30.28,Default,,0000,0000,0000,,Lewis. Thank you very much. Thanks. Okay. Dialogue: 0,0:04:30.28,0:04:32.96,Default,,0000,0000,0000,,Good morning, everybody. Good afternoon. Dialogue: 0,0:04:32.96,0:04:35.44,Default,,0000,0000,0000,,Good night depending of the specific Dialogue: 0,0:04:35.44,0:04:38.44,Default,,0000,0000,0000,,area in which you decide, we are going to Dialogue: 0,0:04:38.44,0:04:40.48,Default,,0000,0000,0000,,have an interesting conversation today Dialogue: 0,0:04:40.48,0:04:42.48,Default,,0000,0000,0000,,about digital forensic best practice Dialogue: 0,0:04:42.48,0:04:44.48,Default,,0000,0000,0000,,from data acquisition to analysis. This Dialogue: 0,0:04:44.48,0:04:47.28,Default,,0000,0000,0000,,is the title of the presentation of the Dialogue: 0,0:04:47.28,0:04:50.72,Default,,0000,0000,0000,,subject, and I'm more than happy to be Dialogue: 0,0:04:50.72,0:04:52.68,Default,,0000,0000,0000,,here with you guys and sharing some of Dialogue: 0,0:04:52.68,0:04:57.76,Default,,0000,0000,0000,,my expertise. So let's go and start the Dialogue: 0,0:04:57.76,0:05:00.72,Default,,0000,0000,0000,,conference. Okay, she already mentioned Dialogue: 0,0:05:00.72,0:05:02.52,Default,,0000,0000,0000,,some of my Dialogue: 0,0:05:02.52,0:05:04.96,Default,,0000,0000,0000,,credentials. I have been working in cyber Dialogue: 0,0:05:04.96,0:05:08.76,Default,,0000,0000,0000,,security at this point for over 41 years. Dialogue: 0,0:05:08.76,0:05:11.60,Default,,0000,0000,0000,,This is on my DNA a topic that I really Dialogue: 0,0:05:11.60,0:05:14.28,Default,,0000,0000,0000,,like and respect in love as I cannot Dialogue: 0,0:05:14.28,0:05:17.28,Default,,0000,0000,0000,,talk about any other topic in my life Dialogue: 0,0:05:17.28,0:05:20.84,Default,,0000,0000,0000,,before we go I have here a segment that Dialogue: 0,0:05:20.84,0:05:23.68,Default,,0000,0000,0000,,I put together for you okay digital Dialogue: 0,0:05:23.68,0:05:26.44,Default,,0000,0000,0000,,forensic best practice well Dialogue: 0,0:05:26.44,0:05:28.72,Default,,0000,0000,0000,,consideration number one just to break Dialogue: 0,0:05:28.72,0:05:31.36,Default,,0000,0000,0000,,off the eyes is that in the Lain of Dialogue: 0,0:05:31.36,0:05:35.48,Default,,0000,0000,0000,,cyber space where shs dance through ened Dialogue: 0,0:05:35.48,0:05:38.36,Default,,0000,0000,0000,,passage and data Whispers it Secrets the Dialogue: 0,0:05:38.36,0:05:41.60,Default,,0000,0000,0000,,digital detective emerg This Is Us the Dialogue: 0,0:05:41.60,0:05:44.48,Default,,0000,0000,0000,,digital forensic expert clat in lines of Dialogue: 0,0:05:44.48,0:05:47.88,Default,,0000,0000,0000,,code and armed with algorithms they seek Dialogue: 0,0:05:47.88,0:05:51.92,Default,,0000,0000,0000,,to youing Treasures of through and Dialogue: 0,0:05:51.92,0:05:55.08,Default,,0000,0000,0000,,solving anyma cyber crimes with a visual Dialogue: 0,0:05:55.08,0:05:58.08,Default,,0000,0000,0000,,magnifying glass this is what we do they Dialogue: 0,0:05:58.08,0:06:01.12,Default,,0000,0000,0000,,desect or we desect the digital tapestry Dialogue: 0,0:06:01.12,0:06:03.80,Default,,0000,0000,0000,,prevailing the footprints of elusive Dialogue: 0,0:06:03.80,0:06:07.96,Default,,0000,0000,0000,,cyber cul this is what cyber forensic or Dialogue: 0,0:06:07.96,0:06:11.40,Default,,0000,0000,0000,,digital forensic is about is stroke and Dialogue: 0,0:06:11.40,0:06:14.04,Default,,0000,0000,0000,,pixel holds a clue something that we can Dialogue: 0,0:06:14.04,0:06:18.36,Default,,0000,0000,0000,,use in our favor and in this mesmerizing Dialogue: 0,0:06:18.36,0:06:23.08,Default,,0000,0000,0000,,worlds of the digital era one and zeros Dialogue: 0,0:06:23.08,0:06:25.92,Default,,0000,0000,0000,,the app of digital forensic you Falls Dialogue: 0,0:06:25.92,0:06:28.96,Default,,0000,0000,0000,,youling the secret of the digital real Dialogue: 0,0:06:28.96,0:06:33.60,Default,,0000,0000,0000,,so forensic is about finding evidence Dialogue: 0,0:06:33.60,0:06:36.36,Default,,0000,0000,0000,,that can lead to a particular process it Dialogue: 0,0:06:36.36,0:06:38.64,Default,,0000,0000,0000,,can be a legal process it can be any Dialogue: 0,0:06:38.64,0:06:41.12,Default,,0000,0000,0000,,other kind of process but what is Dialogue: 0,0:06:41.12,0:06:44.20,Default,,0000,0000,0000,,digital forensic from my point of view Dialogue: 0,0:06:44.20,0:06:47.12,Default,,0000,0000,0000,,well I mention I guess already that I'm Dialogue: 0,0:06:47.12,0:06:50.04,Default,,0000,0000,0000,,working in cyber security for 41 years Dialogue: 0,0:06:50.04,0:06:52.72,Default,,0000,0000,0000,,my specializations are in penetration Dialogue: 0,0:06:52.72,0:06:55.12,Default,,0000,0000,0000,,testing data recovery and digital Dialogue: 0,0:06:55.12,0:06:57.04,Default,,0000,0000,0000,,currency have been working for the Dialogue: 0,0:06:57.04,0:06:59.40,Default,,0000,0000,0000,,police department at multiple places Dialogue: 0,0:06:59.40,0:07:02.88,Default,,0000,0000,0000,,doing digital forensic for l so I try to Dialogue: 0,0:07:02.88,0:07:06.08,Default,,0000,0000,0000,,put the easy definition for you from my Dialogue: 0,0:07:06.08,0:07:08.36,Default,,0000,0000,0000,,standpoint about what digital forensic Dialogue: 0,0:07:08.36,0:07:11.72,Default,,0000,0000,0000,,is digital forensic investigate digital Dialogue: 0,0:07:11.72,0:07:15.00,Default,,0000,0000,0000,,devices and electronic data to un cover Dialogue: 0,0:07:15.00,0:07:17.64,Default,,0000,0000,0000,,evidence please note that I don't say Dialogue: 0,0:07:17.64,0:07:20.12,Default,,0000,0000,0000,,electronic information I use the word Dialogue: 0,0:07:20.12,0:07:21.92,Default,,0000,0000,0000,,data Dialogue: 0,0:07:21.92,0:07:24.20,Default,,0000,0000,0000,,intentionally understand digital events Dialogue: 0,0:07:24.20,0:07:27.76,Default,,0000,0000,0000,,and TR illicit activities this is a key Dialogue: 0,0:07:27.76,0:07:30.76,Default,,0000,0000,0000,,component of digital forensic normally Dialogue: 0,0:07:30.76,0:07:33.88,Default,,0000,0000,0000,,speaking digital forensic happens of Dialogue: 0,0:07:33.88,0:07:37.16,Default,,0000,0000,0000,,course after the facts and the idea of Dialogue: 0,0:07:37.16,0:07:40.76,Default,,0000,0000,0000,,digital forensic is identifying phes Dialogue: 0,0:07:40.76,0:07:43.64,Default,,0000,0000,0000,,okay that lead to a particular data that Dialogue: 0,0:07:43.64,0:07:45.84,Default,,0000,0000,0000,,we can convey together and make a Dialogue: 0,0:07:45.84,0:07:49.04,Default,,0000,0000,0000,,conclusion it involves the systematic Dialogue: 0,0:07:49.04,0:07:51.76,Default,,0000,0000,0000,,collection preservation analysis and Dialogue: 0,0:07:51.76,0:07:54.36,Default,,0000,0000,0000,,presentation of digital evidence IL Dialogue: 0,0:07:54.36,0:07:56.52,Default,,0000,0000,0000,,legal proceedings and this is a key Dialogue: 0,0:07:56.52,0:07:59.44,Default,,0000,0000,0000,,today because we are technology defend Dialogue: 0,0:07:59.44,0:08:02.00,Default,,0000,0000,0000,,then and there are multiple States at Dialogue: 0,0:08:02.00,0:08:05.20,Default,,0000,0000,0000,,least in USA in some other countries in Dialogue: 0,0:08:05.20,0:08:07.44,Default,,0000,0000,0000,,which digital forensic is still in a Dialogue: 0,0:08:07.44,0:08:10.28,Default,,0000,0000,0000,,limbo because it's not accepted in the Dialogue: 0,0:08:10.28,0:08:13.20,Default,,0000,0000,0000,,court of law okay so this is very Dialogue: 0,0:08:13.20,0:08:16.16,Default,,0000,0000,0000,,important to keep in mind what are we Dialogue: 0,0:08:16.16,0:08:18.36,Default,,0000,0000,0000,,going to do from the digital forensic Dialogue: 0,0:08:18.36,0:08:20.80,Default,,0000,0000,0000,,standpoint the data collection process Dialogue: 0,0:08:20.80,0:08:23.32,Default,,0000,0000,0000,,and the analysis digital forensic Dialogue: 0,0:08:23.32,0:08:25.64,Default,,0000,0000,0000,,experts use specialized techniques and Dialogue: 0,0:08:25.64,0:08:29.28,Default,,0000,0000,0000,,tools to find out data from computers Dialogue: 0,0:08:29.28,0:08:32.40,Default,,0000,0000,0000,,smartphones networks and digital storage Dialogue: 0,0:08:32.40,0:08:34.96,Default,,0000,0000,0000,,media to support investigations and Dialogue: 0,0:08:34.96,0:08:37.56,Default,,0000,0000,0000,,resolve legal matter so this is Dialogue: 0,0:08:37.56,0:08:40.56,Default,,0000,0000,0000,,basically what the digital forensic is Dialogue: 0,0:08:40.56,0:08:42.84,Default,,0000,0000,0000,,about let's go and start with the Dialogue: 0,0:08:42.84,0:08:45.72,Default,,0000,0000,0000,,technical part which is the topic I like Dialogue: 0,0:08:45.72,0:08:49.44,Default,,0000,0000,0000,,more okay let's go and talk about those Dialogue: 0,0:08:49.44,0:08:51.52,Default,,0000,0000,0000,,30 best practices that I'm putting Dialogue: 0,0:08:51.52,0:08:53.68,Default,,0000,0000,0000,,together for you at the end of the Dialogue: 0,0:08:53.68,0:08:55.20,Default,,0000,0000,0000,,presentation you will be having the Dialogue: 0,0:08:55.20,0:08:57.84,Default,,0000,0000,0000,,opportunity to ask as many questions as Dialogue: 0,0:08:57.84,0:09:01.08,Default,,0000,0000,0000,,you like no number one you have to Dialogue: 0,0:09:01.08,0:09:03.76,Default,,0000,0000,0000,,follow the legal and ethical standards Dialogue: 0,0:09:03.76,0:09:06.36,Default,,0000,0000,0000,,for this particular first one I am not Dialogue: 0,0:09:06.36,0:09:08.68,Default,,0000,0000,0000,,going to make any comment I believe that Dialogue: 0,0:09:08.68,0:09:12.28,Default,,0000,0000,0000,,ethics is a component is a key component Dialogue: 0,0:09:12.28,0:09:14.96,Default,,0000,0000,0000,,of cyber security expert do we always Dialogue: 0,0:09:14.96,0:09:18.36,Default,,0000,0000,0000,,have to follow the rules we always must Dialogue: 0,0:09:18.36,0:09:21.12,Default,,0000,0000,0000,,follow the legal procedures in the Dialogue: 0,0:09:21.12,0:09:24.08,Default,,0000,0000,0000,,places in which we operate because every Dialogue: 0,0:09:24.08,0:09:26.64,Default,,0000,0000,0000,,single place is different component Dialogue: 0,0:09:26.64,0:09:30.64,Default,,0000,0000,0000,,number two resar the original evidence Dialogue: 0,0:09:30.64,0:09:33.24,Default,,0000,0000,0000,,this is a key okay you always have to Dialogue: 0,0:09:33.24,0:09:35.48,Default,,0000,0000,0000,,maintain the Integrity of the original Dialogue: 0,0:09:35.48,0:09:38.32,Default,,0000,0000,0000,,evidence to ensure it is admissible in Dialogue: 0,0:09:38.32,0:09:42.28,Default,,0000,0000,0000,,court any kind of manipulation any kind Dialogue: 0,0:09:42.28,0:09:46.24,Default,,0000,0000,0000,,of modification is going to end in Dialogue: 0,0:09:46.24,0:09:48.88,Default,,0000,0000,0000,,disqualification from the court system Dialogue: 0,0:09:48.88,0:09:50.92,Default,,0000,0000,0000,,document everything this is something Dialogue: 0,0:09:50.92,0:09:52.84,Default,,0000,0000,0000,,that technical people like me doesn't Dialogue: 0,0:09:52.84,0:09:56.24,Default,,0000,0000,0000,,like to much but when when it comes to Dialogue: 0,0:09:56.24,0:09:58.88,Default,,0000,0000,0000,,digital currency we have to document Dialogue: 0,0:09:58.88,0:10:01.24,Default,,0000,0000,0000,,every every single step we do we have to Dialogue: 0,0:10:01.24,0:10:04.36,Default,,0000,0000,0000,,do video recording of all the steps we Dialogue: 0,0:10:04.36,0:10:07.36,Default,,0000,0000,0000,,follow and we we want to make sure that Dialogue: 0,0:10:07.36,0:10:09.76,Default,,0000,0000,0000,,everything is documented and recorded in Dialogue: 0,0:10:09.76,0:10:13.12,Default,,0000,0000,0000,,the specific chronological order this is Dialogue: 0,0:10:13.12,0:10:16.16,Default,,0000,0000,0000,,a key component as well for the digital Dialogue: 0,0:10:16.16,0:10:19.08,Default,,0000,0000,0000,,forensic or investigation to be accepted Dialogue: 0,0:10:19.08,0:10:22.76,Default,,0000,0000,0000,,in the law in the code of law secur the Dialogue: 0,0:10:22.76,0:10:25.60,Default,,0000,0000,0000,,ass ensure that physical and digital Dialogue: 0,0:10:25.60,0:10:27.88,Default,,0000,0000,0000,,crime Maes are secured to prevent Dialogue: 0,0:10:27.88,0:10:29.92,Default,,0000,0000,0000,,contamination or Dialogue: 0,0:10:29.92,0:10:33.40,Default,,0000,0000,0000,,if you present anything in the court and Dialogue: 0,0:10:33.40,0:10:35.28,Default,,0000,0000,0000,,the opposite Dialogue: 0,0:10:35.28,0:10:38.04,Default,,0000,0000,0000,,part have the ability to prove that Dialogue: 0,0:10:38.04,0:10:40.44,Default,,0000,0000,0000,,something was not preserved the Dialogue: 0,0:10:40.44,0:10:43.44,Default,,0000,0000,0000,,conversation is over chain of custody Dialogue: 0,0:10:43.44,0:10:45.28,Default,,0000,0000,0000,,and I'm going to repeat that more than Dialogue: 0,0:10:45.28,0:10:48.40,Default,,0000,0000,0000,,once during the presentation I'm Dialogue: 0,0:10:48.40,0:10:51.60,Default,,0000,0000,0000,,sorry chain of custody is how you Dialogue: 0,0:10:51.60,0:10:53.16,Default,,0000,0000,0000,,establish and Dialogue: 0,0:10:53.16,0:10:56.24,Default,,0000,0000,0000,,maintain the evidence and the process Dialogue: 0,0:10:56.24,0:10:58.84,Default,,0000,0000,0000,,that facilitate how the track of the Dialogue: 0,0:10:58.84,0:11:02.00,Default,,0000,0000,0000,,track tring process is handled use right Dialogue: 0,0:11:02.00,0:11:04.04,Default,,0000,0000,0000,,blocking tools this is another key Dialogue: 0,0:11:04.04,0:11:07.48,Default,,0000,0000,0000,,component of digital forensic it means Dialogue: 0,0:11:07.48,0:11:10.12,Default,,0000,0000,0000,,that you have to use the the appropriate Dialogue: 0,0:11:10.12,0:11:12.40,Default,,0000,0000,0000,,hardware and software that allows for Dialogue: 0,0:11:12.40,0:11:14.36,Default,,0000,0000,0000,,right blockers when you are collecting Dialogue: 0,0:11:14.36,0:11:17.80,Default,,0000,0000,0000,,data to prevent alteration there are a Dialogue: 0,0:11:17.80,0:11:20.24,Default,,0000,0000,0000,,set of tools you can use and at the end Dialogue: 0,0:11:20.24,0:11:22.44,Default,,0000,0000,0000,,of the presentation I'm going to provide Dialogue: 0,0:11:22.44,0:11:25.88,Default,,0000,0000,0000,,you with the set of tools a specific set Dialogue: 0,0:11:25.88,0:11:29.24,Default,,0000,0000,0000,,of tools you can use as a a right Dialogue: 0,0:11:29.24,0:11:32.56,Default,,0000,0000,0000,,blocking tools verifies hashing or hash Dialogue: 0,0:11:32.56,0:11:35.92,Default,,0000,0000,0000,,values is how you calculate and compare Dialogue: 0,0:11:35.92,0:11:38.88,Default,,0000,0000,0000,,hash values to confirm data Integrity Dialogue: 0,0:11:38.88,0:11:41.48,Default,,0000,0000,0000,,there is a confusion about integrity Dialogue: 0,0:11:41.48,0:11:44.24,Default,,0000,0000,0000,,confidentiality and availability in Dialogue: 0,0:11:44.24,0:11:46.52,Default,,0000,0000,0000,,digital forensic the most important Dialogue: 0,0:11:46.52,0:11:49.64,Default,,0000,0000,0000,,component is integrity it means that we Dialogue: 0,0:11:49.64,0:11:52.56,Default,,0000,0000,0000,,have to do every single effort to make Dialogue: 0,0:11:52.56,0:11:55.04,Default,,0000,0000,0000,,sure that the data is not modified in Dialogue: 0,0:11:55.04,0:11:58.08,Default,,0000,0000,0000,,any possible ways from the time we Dialogue: 0,0:11:58.08,0:11:59.56,Default,,0000,0000,0000,,arrive to the Dialogue: 0,0:11:59.56,0:12:02.44,Default,,0000,0000,0000,,to the time that we present the evidence Dialogue: 0,0:12:02.44,0:12:05.56,Default,,0000,0000,0000,,in the Cod and after that as well so the Dialogue: 0,0:12:05.56,0:12:08.84,Default,,0000,0000,0000,,other component is collect volatile data Dialogue: 0,0:12:08.84,0:12:12.60,Default,,0000,0000,0000,,s okay it it make obviously perfect Dialogue: 0,0:12:12.60,0:12:15.80,Default,,0000,0000,0000,,sense so you have to prioritize this Dialogue: 0,0:12:15.80,0:12:18.40,Default,,0000,0000,0000,,type of data collection as it can be Dialogue: 0,0:12:18.40,0:12:20.48,Default,,0000,0000,0000,,lost or modified when the syst is Dialogue: 0,0:12:20.48,0:12:23.28,Default,,0000,0000,0000,,powered down for many of you what I'm Dialogue: 0,0:12:23.28,0:12:25.12,Default,,0000,0000,0000,,going to tell you probably is going to Dialogue: 0,0:12:25.12,0:12:28.40,Default,,0000,0000,0000,,sound not appropriate and this is the Dialogue: 0,0:12:28.40,0:12:29.72,Default,,0000,0000,0000,,following Dialogue: 0,0:12:29.72,0:12:32.20,Default,,0000,0000,0000,,assessment we have the perception we Dialogue: 0,0:12:32.20,0:12:34.32,Default,,0000,0000,0000,,have been told from the time that we Dialogue: 0,0:12:34.32,0:12:36.88,Default,,0000,0000,0000,,arrived to the school and even at work Dialogue: 0,0:12:36.88,0:12:39.52,Default,,0000,0000,0000,,that information or data data no Dialogue: 0,0:12:39.52,0:12:43.00,Default,,0000,0000,0000,,information data in R memory Random Dialogue: 0,0:12:43.00,0:12:45.36,Default,,0000,0000,0000,,Access Memory disappear when the Dialogue: 0,0:12:45.36,0:12:50.04,Default,,0000,0000,0000,,computer is shooting down back ER in Dialogue: 0,0:12:50.04,0:12:53.04,Default,,0000,0000,0000,,2019 I make a presentation similar to Dialogue: 0,0:12:53.04,0:12:55.20,Default,,0000,0000,0000,,this one for this Council as well in Dialogue: 0,0:12:55.20,0:12:58.28,Default,,0000,0000,0000,,which I prove that the data in R memory Dialogue: 0,0:12:58.28,0:13:01.32,Default,,0000,0000,0000,,can be recover okay so what we have been Dialogue: 0,0:13:01.32,0:13:03.92,Default,,0000,0000,0000,,learning in multiple places what you can Dialogue: 0,0:13:03.92,0:13:06.96,Default,,0000,0000,0000,,easily find in Google that data in Ram Dialogue: 0,0:13:06.96,0:13:09.12,Default,,0000,0000,0000,,is lost when the computer when the Dialogue: 0,0:13:09.12,0:13:11.60,Default,,0000,0000,0000,,computers are powered down is not Dialogue: 0,0:13:11.60,0:13:14.88,Default,,0000,0000,0000,,exactly correct the other component is Dialogue: 0,0:13:14.88,0:13:17.36,Default,,0000,0000,0000,,forensic Imaging you have to create Dialogue: 0,0:13:17.36,0:13:19.92,Default,,0000,0000,0000,,forensic image of a storage devices to Dialogue: 0,0:13:19.92,0:13:22.56,Default,,0000,0000,0000,,work with copies and always have to Dialogue: 0,0:13:22.56,0:13:25.44,Default,,0000,0000,0000,,preser the original evidence this is a Dialogue: 0,0:13:25.44,0:13:30.04,Default,,0000,0000,0000,,requirement in the court of law you must Dialogue: 0,0:13:30.04,0:13:32.88,Default,,0000,0000,0000,,pres the original evidence every single Dialogue: 0,0:13:32.88,0:13:35.32,Default,,0000,0000,0000,,time the other component is the data Dialogue: 0,0:13:35.32,0:13:38.60,Default,,0000,0000,0000,,recovery data recovery is very close Dialogue: 0,0:13:38.60,0:13:41.64,Default,,0000,0000,0000,,Associated to digital forensic for Dialogue: 0,0:13:41.64,0:13:43.80,Default,,0000,0000,0000,,obvious reason okay and you have to Dialogue: 0,0:13:43.80,0:13:46.64,Default,,0000,0000,0000,,employ a specialize tools to recover Dialogue: 0,0:13:46.64,0:13:51.40,Default,,0000,0000,0000,,deleted or hidden data this is also H Dialogue: 0,0:13:51.40,0:13:53.80,Default,,0000,0000,0000,,something to keep in mind and at the end Dialogue: 0,0:13:53.80,0:13:56.20,Default,,0000,0000,0000,,I'm going to provide some specific Dialogue: 0,0:13:56.20,0:13:58.44,Default,,0000,0000,0000,,applications you can use to do data Dialogue: 0,0:13:58.44,0:14:00.04,Default,,0000,0000,0000,,recover Dialogue: 0,0:14:00.04,0:14:02.96,Default,,0000,0000,0000,,timeline analysis you have to construct Dialogue: 0,0:14:02.96,0:14:06.16,Default,,0000,0000,0000,,and analyze timelines to understand the Dialogue: 0,0:14:06.16,0:14:09.40,Default,,0000,0000,0000,,sequence of event what happen first the Dialogue: 0,0:14:09.40,0:14:12.56,Default,,0000,0000,0000,,chronological order is a mandatory Dialogue: 0,0:14:12.56,0:14:14.72,Default,,0000,0000,0000,,requirement in the court of law you Dialogue: 0,0:14:14.72,0:14:17.00,Default,,0000,0000,0000,,cannot provide evidence in the court of Dialogue: 0,0:14:17.00,0:14:19.64,Default,,0000,0000,0000,,law in a random manner you have to Dialogue: 0,0:14:19.64,0:14:22.44,Default,,0000,0000,0000,,follow the specific chronological order Dialogue: 0,0:14:22.44,0:14:25.24,Default,,0000,0000,0000,,the other consideration is preserving Dialogue: 0,0:14:25.24,0:14:28.08,Default,,0000,0000,0000,,the metadata ensuring metadata Integrity Dialogue: 0,0:14:28.08,0:14:30.68,Default,,0000,0000,0000,,to verify The Source timing and Dialogue: 0,0:14:30.68,0:14:33.76,Default,,0000,0000,0000,,authenticity of the digital artifact you Dialogue: 0,0:14:33.76,0:14:36.48,Default,,0000,0000,0000,,are going to present in the court of law Dialogue: 0,0:14:36.48,0:14:39.84,Default,,0000,0000,0000,,use the non good reference data and it Dialogue: 0,0:14:39.84,0:14:42.24,Default,,0000,0000,0000,,means that you have to compare the Dialogue: 0,0:14:42.24,0:14:44.76,Default,,0000,0000,0000,,collected the collected data with non Dialogue: 0,0:14:44.76,0:14:46.80,Default,,0000,0000,0000,,good reference data to identify Dialogue: 0,0:14:46.80,0:14:50.60,Default,,0000,0000,0000,,anomalies this is in statistical process Dialogue: 0,0:14:50.60,0:14:53.84,Default,,0000,0000,0000,,statistic mathematic many times you have Dialogue: 0,0:14:53.84,0:14:57.08,Default,,0000,0000,0000,,to do to do that as well anti forensic Dialogue: 0,0:14:57.08,0:14:59.80,Default,,0000,0000,0000,,awareness you have to be aware of the Dialogue: 0,0:14:59.80,0:15:03.08,Default,,0000,0000,0000,,anti-forensic techniques and conent act Dialogue: 0,0:15:03.08,0:15:05.92,Default,,0000,0000,0000,,then there are multiple applications Dialogue: 0,0:15:05.92,0:15:09.36,Default,,0000,0000,0000,,that work against digital forensic so Dialogue: 0,0:15:09.36,0:15:11.96,Default,,0000,0000,0000,,you have to be aware of that and before Dialogue: 0,0:15:11.96,0:15:14.96,Default,,0000,0000,0000,,you start the digital forensic Dialogue: 0,0:15:14.96,0:15:18.88,Default,,0000,0000,0000,,analysis why you are doing or working in Dialogue: 0,0:15:18.88,0:15:21.52,Default,,0000,0000,0000,,the digital forensic data collection Dialogue: 0,0:15:21.52,0:15:24.04,Default,,0000,0000,0000,,process you want to make sure that you Dialogue: 0,0:15:24.04,0:15:27.20,Default,,0000,0000,0000,,don't have any anti-forensic awareness Dialogue: 0,0:15:27.20,0:15:30.00,Default,,0000,0000,0000,,tool install or appli ation in the Dialogue: 0,0:15:30.00,0:15:33.08,Default,,0000,0000,0000,,particular host or host in which you are Dialogue: 0,0:15:33.08,0:15:35.56,Default,,0000,0000,0000,,going to conduct the investigation other Dialogue: 0,0:15:35.56,0:15:37.88,Default,,0000,0000,0000,,very important component is cross Dialogue: 0,0:15:37.88,0:15:41.40,Default,,0000,0000,0000,,validation this is what brings actually Dialogue: 0,0:15:41.40,0:15:45.08,Default,,0000,0000,0000,,reputation and respect to the data you Dialogue: 0,0:15:45.08,0:15:48.64,Default,,0000,0000,0000,,are presenting in the court of law okay Dialogue: 0,0:15:48.64,0:15:51.16,Default,,0000,0000,0000,,so the standard operating procedures Dialogue: 0,0:15:51.16,0:15:53.56,Default,,0000,0000,0000,,very important component that is many Dialogue: 0,0:15:53.56,0:15:56.28,Default,,0000,0000,0000,,times Overlook at and it's about Dialogue: 0,0:15:56.28,0:15:59.28,Default,,0000,0000,0000,,developing and follow so be that Dialogue: 0,0:15:59.28,0:16:02.40,Default,,0000,0000,0000,,maintain or to maintain consistency this Dialogue: 0,0:16:02.40,0:16:04.96,Default,,0000,0000,0000,,is why documentation is key and it was Dialogue: 0,0:16:04.96,0:16:07.56,Default,,0000,0000,0000,,presented in a slide number one training Dialogue: 0,0:16:07.56,0:16:10.80,Default,,0000,0000,0000,,in certification is other component and Dialogue: 0,0:16:10.80,0:16:12.64,Default,,0000,0000,0000,,this is relevant the reason why it's Dialogue: 0,0:16:12.64,0:16:15.28,Default,,0000,0000,0000,,relevant I understand that you can learn Dialogue: 0,0:16:15.28,0:16:18.64,Default,,0000,0000,0000,,many things by yourself this is becoming Dialogue: 0,0:16:18.64,0:16:21.76,Default,,0000,0000,0000,,most popular as we become more Dialogue: 0,0:16:21.76,0:16:24.68,Default,,0000,0000,0000,,technology dependent this is normal and Dialogue: 0,0:16:24.68,0:16:27.64,Default,,0000,0000,0000,,is expected but certifications still Dialogue: 0,0:16:27.64,0:16:30.80,Default,,0000,0000,0000,,having a particular value and there are Dialogue: 0,0:16:30.80,0:16:33.28,Default,,0000,0000,0000,,multiple questions in certification Dialogue: 0,0:16:33.28,0:16:36.52,Default,,0000,0000,0000,,exams in general terms not only in Easy Dialogue: 0,0:16:36.52,0:16:39.84,Default,,0000,0000,0000,,couns certifications or others in which Dialogue: 0,0:16:39.84,0:16:42.24,Default,,0000,0000,0000,,most likely if you don't go through the Dialogue: 0,0:16:42.24,0:16:44.72,Default,,0000,0000,0000,,certification process you will never Dialogue: 0,0:16:44.72,0:16:47.32,Default,,0000,0000,0000,,find out and this is what people said or Dialogue: 0,0:16:47.32,0:16:49.76,Default,,0000,0000,0000,,some people said well this is a Dialogue: 0,0:16:49.76,0:16:52.80,Default,,0000,0000,0000,,theoretical information digital forensic Dialogue: 0,0:16:52.80,0:16:55.76,Default,,0000,0000,0000,,involve a lot of theoretical information Dialogue: 0,0:16:55.76,0:16:58.04,Default,,0000,0000,0000,,a lot remember that we are doing the Dialogue: 0,0:16:58.04,0:17:01.20,Default,,0000,0000,0000,,analysis is at a low Dialogue: 0,0:17:01.20,0:17:04.84,Default,,0000,0000,0000,,level from the technical standpoint so Dialogue: 0,0:17:04.84,0:17:07.32,Default,,0000,0000,0000,,theory is extremely important and Dialogue: 0,0:17:07.32,0:17:10.60,Default,,0000,0000,0000,,relevant when when we do forensic Dialogue: 0,0:17:10.60,0:17:13.40,Default,,0000,0000,0000,,investigation digital forensic the same Dialogue: 0,0:17:13.40,0:17:15.60,Default,,0000,0000,0000,,happens with the medical doctors when Dialogue: 0,0:17:15.60,0:17:18.12,Default,,0000,0000,0000,,the medical doctors do a forensic Dialogue: 0,0:17:18.12,0:17:20.48,Default,,0000,0000,0000,,analysis into a body of somebody that Dialogue: 0,0:17:20.48,0:17:23.48,Default,,0000,0000,0000,,pass away they also employ a lot of Dialogue: 0,0:17:23.48,0:17:25.40,Default,,0000,0000,0000,,theoretical knowledge they have been Dialogue: 0,0:17:25.40,0:17:27.96,Default,,0000,0000,0000,,accumulating digital forensic is not Dialogue: 0,0:17:27.96,0:17:29.12,Default,,0000,0000,0000,,different Dialogue: 0,0:17:29.12,0:17:32.40,Default,,0000,0000,0000,,the other consideration is the expert Dialogue: 0,0:17:32.40,0:17:35.12,Default,,0000,0000,0000,,testimony okay I am for example I live Dialogue: 0,0:17:35.12,0:17:38.72,Default,,0000,0000,0000,,in Miami Florida USA and I am one of the Dialogue: 0,0:17:38.72,0:17:43.08,Default,,0000,0000,0000,,11 experts certified by the legal system Dialogue: 0,0:17:43.08,0:17:47.80,Default,,0000,0000,0000,,in the 11 District meaning that when you Dialogue: 0,0:17:47.80,0:17:49.88,Default,,0000,0000,0000,,go to the court you have to be Dialogue: 0,0:17:49.88,0:17:53.36,Default,,0000,0000,0000,,classified as an expert in order to Dialogue: 0,0:17:53.36,0:17:57.60,Default,,0000,0000,0000,,provide comments and evidence otherwise Dialogue: 0,0:17:57.60,0:17:59.76,Default,,0000,0000,0000,,probably you know more than big about Dialogue: 0,0:17:59.76,0:18:01.72,Default,,0000,0000,0000,,technology but you will not be able to Dialogue: 0,0:18:01.72,0:18:04.40,Default,,0000,0000,0000,,speak in the court because what we said Dialogue: 0,0:18:04.40,0:18:07.04,Default,,0000,0000,0000,,in the court is relevant for the case Dialogue: 0,0:18:07.04,0:18:10.04,Default,,0000,0000,0000,,and with our wording or statement and Dialogue: 0,0:18:10.04,0:18:12.72,Default,,0000,0000,0000,,through the evidence we provide we have Dialogue: 0,0:18:12.72,0:18:15.80,Default,,0000,0000,0000,,the ability to put somebody in jail or Dialogue: 0,0:18:15.80,0:18:18.92,Default,,0000,0000,0000,,release this person from being in jail Dialogue: 0,0:18:18.92,0:18:23.32,Default,,0000,0000,0000,,so this is extremely important okay so Dialogue: 0,0:18:23.32,0:18:25.56,Default,,0000,0000,0000,,evidence storage this is one of the most Dialogue: 0,0:18:25.56,0:18:27.96,Default,,0000,0000,0000,,important component you oponent in the Dialogue: 0,0:18:27.96,0:18:31.12,Default,,0000,0000,0000,,cour or in your company is going to try Dialogue: 0,0:18:31.12,0:18:33.68,Default,,0000,0000,0000,,their best in order to Cho down what you Dialogue: 0,0:18:33.68,0:18:36.36,Default,,0000,0000,0000,,are presenting so you have to safely Dialogue: 0,0:18:36.36,0:18:38.84,Default,,0000,0000,0000,,store and protect evidence to maintains Dialogue: 0,0:18:38.84,0:18:42.08,Default,,0000,0000,0000,,its Integrity Integrity is the most Dialogue: 0,0:18:42.08,0:18:44.88,Default,,0000,0000,0000,,important characteristic or Dialogue: 0,0:18:44.88,0:18:47.84,Default,,0000,0000,0000,,consideration in digital forensic Dialogue: 0,0:18:47.84,0:18:51.72,Default,,0000,0000,0000,,without any other close to so Integrity Dialogue: 0,0:18:51.72,0:18:55.36,Default,,0000,0000,0000,,is everything in digital forening okay Dialogue: 0,0:18:55.36,0:18:57.88,Default,,0000,0000,0000,,data encryption there are multiple cases Dialogue: 0,0:18:57.88,0:19:00.48,Default,,0000,0000,0000,,in which is you are going to do digital Dialogue: 0,0:19:00.48,0:19:04.40,Default,,0000,0000,0000,,forensic in in encrypted storage devices Dialogue: 0,0:19:04.40,0:19:06.92,Default,,0000,0000,0000,,in encrypted data in encrypted Dialogue: 0,0:19:06.92,0:19:11.16,Default,,0000,0000,0000,,applications you you need to develop the Dialogue: 0,0:19:11.16,0:19:13.56,Default,,0000,0000,0000,,possibility to handle the encrypted data Dialogue: 0,0:19:13.56,0:19:16.64,Default,,0000,0000,0000,,and understand ention methods I have Dialogue: 0,0:19:16.64,0:19:18.68,Default,,0000,0000,0000,,between the Publications I have I have Dialogue: 0,0:19:18.68,0:19:21.68,Default,,0000,0000,0000,,over 25 Publications about different Dialogue: 0,0:19:21.68,0:19:25.20,Default,,0000,0000,0000,,topics and Concepts in cyber security a Dialogue: 0,0:19:25.20,0:19:28.36,Default,,0000,0000,0000,,few of them probably five or six are Dialogue: 0,0:19:28.36,0:19:31.40,Default,,0000,0000,0000,,specifically about encryption if we want Dialogue: 0,0:19:31.40,0:19:35.32,Default,,0000,0000,0000,,to do digital forensic we want to become Dialogue: 0,0:19:35.32,0:19:38.68,Default,,0000,0000,0000,,data encryption expert there is no other Dialogue: 0,0:19:38.68,0:19:41.40,Default,,0000,0000,0000,,ways I understand that multiple people Dialogue: 0,0:19:41.40,0:19:45.72,Default,,0000,0000,0000,,doesn't like math statistics physics Etc Dialogue: 0,0:19:45.72,0:19:47.76,Default,,0000,0000,0000,,but this is a requirement to do an Dialogue: 0,0:19:47.76,0:19:50.32,Default,,0000,0000,0000,,appropriate digital forensic assessment Dialogue: 0,0:19:50.32,0:19:53.76,Default,,0000,0000,0000,,is a necessity today okay the other Dialogue: 0,0:19:53.76,0:19:56.32,Default,,0000,0000,0000,,consideration and this is for the people Dialogue: 0,0:19:56.32,0:19:58.52,Default,,0000,0000,0000,,that love technology like me attend in Dialogue: 0,0:19:58.52,0:20:01.68,Default,,0000,0000,0000,,or watching this conference is Network I Dialogue: 0,0:20:01.68,0:20:04.48,Default,,0000,0000,0000,,am a big fan of network I have been Dialogue: 0,0:20:04.48,0:20:07.56,Default,,0000,0000,0000,,working in network straight for 41 years Dialogue: 0,0:20:07.56,0:20:09.72,Default,,0000,0000,0000,,my doctoral degree is in Dialogue: 0,0:20:09.72,0:20:12.92,Default,,0000,0000,0000,,telecommunications and cyber security so Dialogue: 0,0:20:12.92,0:20:16.88,Default,,0000,0000,0000,,network is on my DNA I love network over Dialogue: 0,0:20:16.88,0:20:20.24,Default,,0000,0000,0000,,every other other topic in Information Dialogue: 0,0:20:20.24,0:20:23.12,Default,,0000,0000,0000,,Technology network analysis is the Dialogue: 0,0:20:23.12,0:20:25.48,Default,,0000,0000,0000,,possibility for you to analyze Network Dialogue: 0,0:20:25.48,0:20:28.76,Default,,0000,0000,0000,,traffic logs and data to trace digital Dialogue: 0,0:20:28.76,0:20:30.76,Default,,0000,0000,0000,,Footprints I'm pretty sure that Dialogue: 0,0:20:30.76,0:20:34.32,Default,,0000,0000,0000,,everybody have a tool on M and of course Dialogue: 0,0:20:34.32,0:20:37.76,Default,,0000,0000,0000,,this tool most likely is part of the Dialogue: 0,0:20:37.76,0:20:39.96,Default,,0000,0000,0000,,tools that I have been that I'm going to Dialogue: 0,0:20:39.96,0:20:42.28,Default,,0000,0000,0000,,provide in the last slide for you guys Dialogue: 0,0:20:42.28,0:20:44.60,Default,,0000,0000,0000,,but network analysis today from the Dialogue: 0,0:20:44.60,0:20:46.92,Default,,0000,0000,0000,,digital forensic standpoint is Dialogue: 0,0:20:46.92,0:20:49.92,Default,,0000,0000,0000,,everything everything is Network related Dialogue: 0,0:20:49.92,0:20:53.28,Default,,0000,0000,0000,,one or another way mware analysis we Dialogue: 0,0:20:53.28,0:20:55.64,Default,,0000,0000,0000,,need to develop the possibility to Dialogue: 0,0:20:55.64,0:20:58.68,Default,,0000,0000,0000,,understand mware behavior and analys Dialogue: 0,0:20:58.68,0:21:02.96,Default,,0000,0000,0000,,and how those mwar impact on systems Dialogue: 0,0:21:02.96,0:21:05.08,Default,,0000,0000,0000,,this needs to be incorporated as part of Dialogue: 0,0:21:05.08,0:21:07.72,Default,,0000,0000,0000,,the cyber security analysis when you Dialogue: 0,0:21:07.72,0:21:10.84,Default,,0000,0000,0000,,perform digital forensic today Cloud Dialogue: 0,0:21:10.84,0:21:13.60,Default,,0000,0000,0000,,forensic I don't have to highlight how Dialogue: 0,0:21:13.60,0:21:17.24,Default,,0000,0000,0000,,important Cloud operation is okay we are Dialogue: 0,0:21:17.24,0:21:19.72,Default,,0000,0000,0000,,moving the operation to the cloud and Dialogue: 0,0:21:19.72,0:21:21.64,Default,,0000,0000,0000,,for the one that is still having or Dialogue: 0,0:21:21.64,0:21:24.68,Default,,0000,0000,0000,,ruling the operation on premise there is Dialogue: 0,0:21:24.68,0:21:27.04,Default,,0000,0000,0000,,a high expectation that sooner than Dialogue: 0,0:21:27.04,0:21:29.32,Default,,0000,0000,0000,,later to move the operation to the cloud Dialogue: 0,0:21:29.32,0:21:31.40,Default,,0000,0000,0000,,multiple convenience but the Dialogue: 0,0:21:31.40,0:21:33.40,Default,,0000,0000,0000,,consideration at this point is not the Dialogue: 0,0:21:33.40,0:21:36.80,Default,,0000,0000,0000,,benefit of all comes of the cloud from Dialogue: 0,0:21:36.80,0:21:39.56,Default,,0000,0000,0000,,the forensic standpoint when you do Dialogue: 0,0:21:39.56,0:21:42.04,Default,,0000,0000,0000,,Cloud forensic the situation is little Dialogue: 0,0:21:42.04,0:21:45.08,Default,,0000,0000,0000,,different from when you do a Dialogue: 0,0:21:45.08,0:21:48.28,Default,,0000,0000,0000,,investigations on premise so you have to Dialogue: 0,0:21:48.28,0:21:50.64,Default,,0000,0000,0000,,adapt methodologies for investigating Dialogue: 0,0:21:50.64,0:21:53.28,Default,,0000,0000,0000,,data in the cloud in dependently of the Dialogue: 0,0:21:53.28,0:21:56.04,Default,,0000,0000,0000,,cloud provided it doesn't matter if this Dialogue: 0,0:21:56.04,0:22:00.20,Default,,0000,0000,0000,,is AWS Google assur whoever it is the Dialogue: 0,0:22:00.20,0:22:02.76,Default,,0000,0000,0000,,operation in the cloud is somehow Dialogue: 0,0:22:02.76,0:22:04.68,Default,,0000,0000,0000,,different from the digital forensic Dialogue: 0,0:22:04.68,0:22:07.32,Default,,0000,0000,0000,,standpoint starting from the way you Dialogue: 0,0:22:07.32,0:22:08.48,Default,,0000,0000,0000,,access the Dialogue: 0,0:22:08.48,0:22:12.72,Default,,0000,0000,0000,,data remote forensic is the opportunity Dialogue: 0,0:22:12.72,0:22:16.08,Default,,0000,0000,0000,,to develop a skills for collecting and Dialogue: 0,0:22:16.08,0:22:19.24,Default,,0000,0000,0000,,analyzing data from a remote location Dialogue: 0,0:22:19.24,0:22:22.00,Default,,0000,0000,0000,,this is happening more frequent now as Dialogue: 0,0:22:22.00,0:22:26.00,Default,,0000,0000,0000,,we become more ping work related in Dialogue: 0,0:22:26.00,0:22:28.96,Default,,0000,0000,0000,,multiple cases my own company knowing my Dialogue: 0,0:22:28.96,0:22:31.24,Default,,0000,0000,0000,,job at the government but on my own Dialogue: 0,0:22:31.24,0:22:33.52,Default,,0000,0000,0000,,company I have been doing in the last Dialogue: 0,0:22:33.52,0:22:36.08,Default,,0000,0000,0000,,two years three years probably two years Dialogue: 0,0:22:36.08,0:22:39.76,Default,,0000,0000,0000,,so at more remote digital forensic that Dialogue: 0,0:22:39.76,0:22:41.96,Default,,0000,0000,0000,,probably never before in my life so this Dialogue: 0,0:22:41.96,0:22:44.80,Default,,0000,0000,0000,,is an important skill to develop as way Dialogue: 0,0:22:44.80,0:22:47.68,Default,,0000,0000,0000,,case management is the way we use Dialogue: 0,0:22:47.68,0:22:49.76,Default,,0000,0000,0000,,digital forensic case management to Dialogue: 0,0:22:49.76,0:22:52.88,Default,,0000,0000,0000,,organize and investigations I mention to Dialogue: 0,0:22:52.88,0:22:55.84,Default,,0000,0000,0000,,you I go to the court very often more Dialogue: 0,0:22:55.84,0:23:00.04,Default,,0000,0000,0000,,often than what I want very very often Dialogue: 0,0:23:00.04,0:23:04.28,Default,,0000,0000,0000,,okay and they goes and scrutinize every Dialogue: 0,0:23:04.28,0:23:06.48,Default,,0000,0000,0000,,single protocol you present every single Dialogue: 0,0:23:06.48,0:23:08.88,Default,,0000,0000,0000,,artifact every single document the Dialogue: 0,0:23:08.88,0:23:11.32,Default,,0000,0000,0000,,specific chronological order this is a Dialogue: 0,0:23:11.32,0:23:14.60,Default,,0000,0000,0000,,complex process it's not only collecting Dialogue: 0,0:23:14.60,0:23:17.76,Default,,0000,0000,0000,,the data the digital forensic data doing Dialogue: 0,0:23:17.76,0:23:20.00,Default,,0000,0000,0000,,the analysis and going to the court and Dialogue: 0,0:23:20.00,0:23:22.96,Default,,0000,0000,0000,,talking okay the process is much more Dialogue: 0,0:23:22.96,0:23:25.20,Default,,0000,0000,0000,,complex than this Dialogue: 0,0:23:25.20,0:23:27.40,Default,,0000,0000,0000,,collaboration collaborate with other Dialogue: 0,0:23:27.40,0:23:29.24,Default,,0000,0000,0000,,experts and I leave one in the middle Dialogue: 0,0:23:29.24,0:23:31.52,Default,,0000,0000,0000,,that I'm going to highlight in a few Dialogue: 0,0:23:31.52,0:23:34.08,Default,,0000,0000,0000,,collaborate with other experts law Dialogue: 0,0:23:34.08,0:23:37.04,Default,,0000,0000,0000,,enforcement or Organization for complex Dialogue: 0,0:23:37.04,0:23:40.12,Default,,0000,0000,0000,,cases cases are different in between of Dialogue: 0,0:23:40.12,0:23:41.88,Default,,0000,0000,0000,,course this is obvious and I know you Dialogue: 0,0:23:41.88,0:23:44.88,Default,,0000,0000,0000,,know that okay but you have some cases Dialogue: 0,0:23:44.88,0:23:47.08,Default,,0000,0000,0000,,sometimes in which the forensic analysis Dialogue: 0,0:23:47.08,0:23:50.28,Default,,0000,0000,0000,,become very complex on those particular Dialogue: 0,0:23:50.28,0:23:53.12,Default,,0000,0000,0000,,cases my advice is collaborate with Dialogue: 0,0:23:53.12,0:23:55.72,Default,,0000,0000,0000,,others okay you do better when you work Dialogue: 0,0:23:55.72,0:23:58.40,Default,,0000,0000,0000,,as part of the team and not when we work Dialogue: 0,0:23:58.40,0:24:01.16,Default,,0000,0000,0000,,independently and I es skip the data Dialogue: 0,0:24:01.16,0:24:04.12,Default,,0000,0000,0000,,privacy compliance for a minute because Dialogue: 0,0:24:04.12,0:24:07.52,Default,,0000,0000,0000,,this is relevant every single state Dialogue: 0,0:24:07.52,0:24:09.40,Default,,0000,0000,0000,,every single no Dialogue: 0,0:24:09.40,0:24:14.00,Default,,0000,0000,0000,,exception a state court operate on the Dialogue: 0,0:24:14.00,0:24:16.44,Default,,0000,0000,0000,,different requirements so you want to Dialogue: 0,0:24:16.44,0:24:19.32,Default,,0000,0000,0000,,make sure that you follow the Privacy Dialogue: 0,0:24:19.32,0:24:22.80,Default,,0000,0000,0000,,regulations in your specific place okay Dialogue: 0,0:24:22.80,0:24:24.60,Default,,0000,0000,0000,,and by the way I'm going to ask you a Dialogue: 0,0:24:24.60,0:24:27.48,Default,,0000,0000,0000,,question I'm not expecting any response Dialogue: 0,0:24:27.48,0:24:30.44,Default,,0000,0000,0000,,but the question is by any chance do you Dialogue: 0,0:24:30.44,0:24:33.40,Default,,0000,0000,0000,,know the specific digital forensic Dialogue: 0,0:24:33.40,0:24:36.36,Default,,0000,0000,0000,,regulations in the place you live ask Dialogue: 0,0:24:36.36,0:24:38.92,Default,,0000,0000,0000,,the question yourself and probably some Dialogue: 0,0:24:38.92,0:24:42.32,Default,,0000,0000,0000,,of you is going to respond no this is a Dialogue: 0,0:24:42.32,0:24:45.28,Default,,0000,0000,0000,,critical thing continuous learning you Dialogue: 0,0:24:45.28,0:24:48.80,Default,,0000,0000,0000,,need to F pass for what we do okay cyber Dialogue: 0,0:24:48.80,0:24:51.80,Default,,0000,0000,0000,,security is an specialization of it from Dialogue: 0,0:24:51.80,0:24:54.52,Default,,0000,0000,0000,,my point of view the most fascinating Dialogue: 0,0:24:54.52,0:24:57.32,Default,,0000,0000,0000,,Topic in the world in the planet this is Dialogue: 0,0:24:57.32,0:25:00.28,Default,,0000,0000,0000,,the only topic I can talk myself about Dialogue: 0,0:25:00.28,0:25:04.40,Default,,0000,0000,0000,,it for 25 hours without drinking water Dialogue: 0,0:25:04.40,0:25:07.64,Default,,0000,0000,0000,,this is my life I dedicate multiple Dialogue: 0,0:25:07.64,0:25:10.36,Default,,0000,0000,0000,,hours every single day seven days a week Dialogue: 0,0:25:10.36,0:25:13.04,Default,,0000,0000,0000,,even when it creates some personal Dialogue: 0,0:25:13.04,0:25:15.96,Default,,0000,0000,0000,,problems with my family Etc this is on Dialogue: 0,0:25:15.96,0:25:19.96,Default,,0000,0000,0000,,my DNA I encourage each of you if you Dialogue: 0,0:25:19.96,0:25:23.68,Default,,0000,0000,0000,,are not doing to dedicate your life to Dialogue: 0,0:25:23.68,0:25:27.12,Default,,0000,0000,0000,,become a digital forensic expert digital Dialogue: 0,0:25:27.12,0:25:30.32,Default,,0000,0000,0000,,forensic is one of the most fascinating Dialogue: 0,0:25:30.32,0:25:33.12,Default,,0000,0000,0000,,topics in the planet okay and you want Dialogue: 0,0:25:33.12,0:25:36.56,Default,,0000,0000,0000,,to be atten to this type of things Dialogue: 0,0:25:36.56,0:25:38.52,Default,,0000,0000,0000,,report and presentation when you go to Dialogue: 0,0:25:38.52,0:25:41.36,Default,,0000,0000,0000,,the court or when you present your Dialogue: 0,0:25:41.36,0:25:44.08,Default,,0000,0000,0000,,outcomes of all the digital foric Dialogue: 0,0:25:44.08,0:25:46.60,Default,,0000,0000,0000,,outcomes to your organization you want Dialogue: 0,0:25:46.60,0:25:48.36,Default,,0000,0000,0000,,to make sure that you use a clear Dialogue: 0,0:25:48.36,0:25:52.32,Default,,0000,0000,0000,,language you are concise and you go Dialogue: 0,0:25:52.32,0:25:54.56,Default,,0000,0000,0000,,ready for the presentation questions and Dialogue: 0,0:25:54.56,0:25:56.68,Default,,0000,0000,0000,,answers you never wants to go to the Dialogue: 0,0:25:56.68,0:25:59.00,Default,,0000,0000,0000,,court you prepared okay never in your Dialogue: 0,0:25:59.00,0:26:00.88,Default,,0000,0000,0000,,life this is not appropriate because at Dialogue: 0,0:26:00.88,0:26:04.44,Default,,0000,0000,0000,,the end your assessment have the Dialogue: 0,0:26:04.44,0:26:07.52,Default,,0000,0000,0000,,possibility to put somebody in jail or Dialogue: 0,0:26:07.52,0:26:09.08,Default,,0000,0000,0000,,somebody will be fired from the Dialogue: 0,0:26:09.08,0:26:12.32,Default,,0000,0000,0000,,organization or not so what we said is Dialogue: 0,0:26:12.32,0:26:16.20,Default,,0000,0000,0000,,relevant our wording have a huge impact Dialogue: 0,0:26:16.20,0:26:18.96,Default,,0000,0000,0000,,in other people's lives it's important Dialogue: 0,0:26:18.96,0:26:21.40,Default,,0000,0000,0000,,to be attentive to that one of the most Dialogue: 0,0:26:21.40,0:26:24.72,Default,,0000,0000,0000,,relevant topic that I have been using in Dialogue: 0,0:26:24.72,0:26:27.68,Default,,0000,0000,0000,,my practice is the use of artificial Dialogue: 0,0:26:27.68,0:26:30.76,Default,,0000,0000,0000,,intelligence in digital forensic since Dialogue: 0,0:26:30.76,0:26:35.92,Default,,0000,0000,0000,,2017 this is not a topic that is well Dialogue: 0,0:26:35.92,0:26:39.48,Default,,0000,0000,0000,,known at this point the reason why I Dialogue: 0,0:26:39.48,0:26:41.92,Default,,0000,0000,0000,,really want to share my experience Dialogue: 0,0:26:41.92,0:26:44.92,Default,,0000,0000,0000,,practical experience with you guys Dialogue: 0,0:26:44.92,0:26:47.92,Default,,0000,0000,0000,,digital evidence analysis how artificial Dialogue: 0,0:26:47.92,0:26:51.72,Default,,0000,0000,0000,,intelligence can help us well everybody Dialogue: 0,0:26:51.72,0:26:55.32,Default,,0000,0000,0000,,knows that we have multiple applications Dialogue: 0,0:26:55.32,0:26:58.40,Default,,0000,0000,0000,,that we can use in order to analyze Dialogue: 0,0:26:58.40,0:27:00.48,Default,,0000,0000,0000,,the different kind of media that can be Dialogue: 0,0:27:00.48,0:27:03.44,Default,,0000,0000,0000,,generated as for example text image and Dialogue: 0,0:27:03.44,0:27:06.28,Default,,0000,0000,0000,,videos artificial intelligence studes Dialogue: 0,0:27:06.28,0:27:09.16,Default,,0000,0000,0000,,have the ability to detect and flag Dialogue: 0,0:27:09.16,0:27:11.32,Default,,0000,0000,0000,,potential relevant content for Dialogue: 0,0:27:11.32,0:27:13.40,Default,,0000,0000,0000,,investigations especially from the Dialogue: 0,0:27:13.40,0:27:17.00,Default,,0000,0000,0000,,timing standpoint digital forensic is Dialogue: 0,0:27:17.00,0:27:19.92,Default,,0000,0000,0000,,extremely time consuming very very time Dialogue: 0,0:27:19.92,0:27:23.20,Default,,0000,0000,0000,,consuming it's extremely complex this is Dialogue: 0,0:27:23.20,0:27:27.00,Default,,0000,0000,0000,,probably along with data recovery the Dialogue: 0,0:27:27.00,0:27:29.72,Default,,0000,0000,0000,,most comp Flex specialization in cyber Dialogue: 0,0:27:29.72,0:27:32.76,Default,,0000,0000,0000,,security so the use of artificial Dialogue: 0,0:27:32.76,0:27:35.68,Default,,0000,0000,0000,,intelligence in our favor is very Dialogue: 0,0:27:35.68,0:27:38.16,Default,,0000,0000,0000,,convenient and at the end I'm going to Dialogue: 0,0:27:38.16,0:27:40.72,Default,,0000,0000,0000,,include as well or actually I included Dialogue: 0,0:27:40.72,0:27:44.04,Default,,0000,0000,0000,,in the list a particular artificial Dialogue: 0,0:27:44.04,0:27:45.92,Default,,0000,0000,0000,,intelligence tool that you can use in Dialogue: 0,0:27:45.92,0:27:49.16,Default,,0000,0000,0000,,your favor the other use of artificial Dialogue: 0,0:27:49.16,0:27:51.60,Default,,0000,0000,0000,,intelligence is par Dialogue: 0,0:27:51.60,0:27:54.16,Default,,0000,0000,0000,,recognition artificial intelligence can Dialogue: 0,0:27:54.16,0:27:56.96,Default,,0000,0000,0000,,identifies parents in data helping Dialogue: 0,0:27:56.96,0:27:59.72,Default,,0000,0000,0000,,investigator recognize anomalies or Dialogue: 0,0:27:59.72,0:28:02.72,Default,,0000,0000,0000,,correlations in digital artifacts that Dialogue: 0,0:28:02.72,0:28:05.72,Default,,0000,0000,0000,,may indicate the criminal activity and Dialogue: 0,0:28:05.72,0:28:07.64,Default,,0000,0000,0000,,out of the whole sentence the most Dialogue: 0,0:28:07.64,0:28:09.60,Default,,0000,0000,0000,,important question is the and no Dialogue: 0,0:28:09.60,0:28:12.00,Default,,0000,0000,0000,,question what the key word is Dialogue: 0,0:28:12.00,0:28:15.08,Default,,0000,0000,0000,,correlation how we correlate data by Dialogue: 0,0:28:15.08,0:28:17.04,Default,,0000,0000,0000,,using artificial intelligence the Dialogue: 0,0:28:17.04,0:28:19.40,Default,,0000,0000,0000,,process is going to be simplified Dialogue: 0,0:28:19.40,0:28:22.00,Default,,0000,0000,0000,,dramatically speaking based of my Dialogue: 0,0:28:22.00,0:28:25.08,Default,,0000,0000,0000,,personal experience the other component Dialogue: 0,0:28:25.08,0:28:28.24,Default,,0000,0000,0000,,is the NLP this can be used to Dialogue: 0,0:28:28.24,0:28:31.44,Default,,0000,0000,0000,,text based evidence including sh logs Dialogue: 0,0:28:31.44,0:28:33.92,Default,,0000,0000,0000,,and emails to uncover communication Dialogue: 0,0:28:33.92,0:28:37.04,Default,,0000,0000,0000,,patterns or hearing minuts the lot of Dialogue: 0,0:28:37.04,0:28:39.68,Default,,0000,0000,0000,,evidence that we collect about Dialogue: 0,0:28:39.68,0:28:43.76,Default,,0000,0000,0000,,65% is included in emails chats Dialogue: 0,0:28:43.76,0:28:48.08,Default,,0000,0000,0000,,documents Etc so this is when NLP plays Dialogue: 0,0:28:48.08,0:28:49.96,Default,,0000,0000,0000,,a predominant role artificial Dialogue: 0,0:28:49.96,0:28:52.12,Default,,0000,0000,0000,,intelligence in the digital forensic Dialogue: 0,0:28:52.12,0:28:55.40,Default,,0000,0000,0000,,analysis for image and video analysis Dialogue: 0,0:28:55.40,0:28:58.16,Default,,0000,0000,0000,,incredible benefits okay you have the Dialogue: 0,0:28:58.16,0:29:00.04,Default,,0000,0000,0000,,ability to analyze the multimedia Dialogue: 0,0:29:00.04,0:29:02.56,Default,,0000,0000,0000,,content to identify object pH and Dialogue: 0,0:29:02.56,0:29:05.00,Default,,0000,0000,0000,,potentially illegal or Dialogue: 0,0:29:05.00,0:29:08.32,Default,,0000,0000,0000,,sensitive content I'm sure that a word Dialogue: 0,0:29:08.32,0:29:11.20,Default,,0000,0000,0000,,is coming to your mind right now estigo Dialogue: 0,0:29:11.20,0:29:14.00,Default,,0000,0000,0000,,yes this is part of the estigo but it's Dialogue: 0,0:29:14.00,0:29:18.48,Default,,0000,0000,0000,,not similar of doing atigo by using a Dialogue: 0,0:29:18.48,0:29:20.44,Default,,0000,0000,0000,,particular application that when you Dialogue: 0,0:29:20.44,0:29:23.16,Default,,0000,0000,0000,,employ artificial intelligence tools Dialogue: 0,0:29:23.16,0:29:25.28,Default,,0000,0000,0000,,that are dedicated exclusively for Dialogue: 0,0:29:25.28,0:29:28.36,Default,,0000,0000,0000,,digital forensic the benefit is really Dialogue: 0,0:29:28.36,0:29:31.08,Default,,0000,0000,0000,,awesome predictive analysis machine Dialogue: 0,0:29:31.08,0:29:33.72,Default,,0000,0000,0000,,learning models can predict potential Dialogue: 0,0:29:33.72,0:29:37.12,Default,,0000,0000,0000,,areas of interest in an investigation Dialogue: 0,0:29:37.12,0:29:39.56,Default,,0000,0000,0000,,guiding forensic expert to focus on Dialogue: 0,0:29:39.56,0:29:42.04,Default,,0000,0000,0000,,critical evidence imagine that you are Dialogue: 0,0:29:42.04,0:29:45.28,Default,,0000,0000,0000,,analyzing the hard dve that is one Dialogue: 0,0:29:45.28,0:29:49.04,Default,,0000,0000,0000,,terabyte okay one terabyte hold a lot of Dialogue: 0,0:29:49.04,0:29:52.60,Default,,0000,0000,0000,,documents videos pictures sounds Etc you Dialogue: 0,0:29:52.60,0:29:55.08,Default,,0000,0000,0000,,know that okay you know that if you are Dialogue: 0,0:29:55.08,0:29:56.96,Default,,0000,0000,0000,,attending these conferences because you Dialogue: 0,0:29:56.96,0:29:59.36,Default,,0000,0000,0000,,are very familiar with information Dialogue: 0,0:29:59.36,0:30:02.88,Default,,0000,0000,0000,,technology C security digital forensic Dialogue: 0,0:30:02.88,0:30:06.64,Default,,0000,0000,0000,,well how you find the specific data un Dialogue: 0,0:30:06.64,0:30:09.48,Default,,0000,0000,0000,,need to prove something in the court of Dialogue: 0,0:30:09.48,0:30:12.36,Default,,0000,0000,0000,,law well you have to be very careful Dialogue: 0,0:30:12.36,0:30:14.52,Default,,0000,0000,0000,,about the pieces of data you pick for Dialogue: 0,0:30:14.52,0:30:17.76,Default,,0000,0000,0000,,the analysis otherwise probably your Dialogue: 0,0:30:17.76,0:30:20.08,Default,,0000,0000,0000,,assessment is not appropriate and again Dialogue: 0,0:30:20.08,0:30:23.00,Default,,0000,0000,0000,,every single word we said in the court Dialogue: 0,0:30:23.00,0:30:26.16,Default,,0000,0000,0000,,of law or in the organization that we Dialogue: 0,0:30:26.16,0:30:29.72,Default,,0000,0000,0000,,are working for are relevant it implies Dialogue: 0,0:30:29.72,0:30:31.80,Default,,0000,0000,0000,,that probably somebody will be in jail Dialogue: 0,0:30:31.80,0:30:35.08,Default,,0000,0000,0000,,for 30 years probably somebody if we Dialogue: 0,0:30:35.08,0:30:38.44,Default,,0000,0000,0000,,talking about a huge crime like an Dialogue: 0,0:30:38.44,0:30:41.56,Default,,0000,0000,0000,,assassination a child pornography abuse Dialogue: 0,0:30:41.56,0:30:45.32,Default,,0000,0000,0000,,that implies somebody that die Etc our Dialogue: 0,0:30:45.32,0:30:48.60,Default,,0000,0000,0000,,assessment is critical okay we become Dialogue: 0,0:30:48.60,0:30:51.72,Default,,0000,0000,0000,,the role of the main role player when Dialogue: 0,0:30:51.72,0:30:53.88,Default,,0000,0000,0000,,digital forensic is involved we have to Dialogue: 0,0:30:53.88,0:30:56.24,Default,,0000,0000,0000,,be very careful about the way we do it Dialogue: 0,0:30:56.24,0:30:59.48,Default,,0000,0000,0000,,this is not a joke is very serious okay Dialogue: 0,0:30:59.48,0:31:01.48,Default,,0000,0000,0000,,predictive analysis machine learning Dialogue: 0,0:31:01.48,0:31:03.60,Default,,0000,0000,0000,,models or artificial intelligence are Dialogue: 0,0:31:03.60,0:31:06.32,Default,,0000,0000,0000,,pretty close in this concept can predict Dialogue: 0,0:31:06.32,0:31:08.48,Default,,0000,0000,0000,,potential areas of interest in Dialogue: 0,0:31:08.48,0:31:11.24,Default,,0000,0000,0000,,investigation but we talk about that Dialogue: 0,0:31:11.24,0:31:12.88,Default,,0000,0000,0000,,detection artificial intelligence Dialogue: 0,0:31:12.88,0:31:15.72,Default,,0000,0000,0000,,driving security tools can identify Dialogue: 0,0:31:15.72,0:31:17.96,Default,,0000,0000,0000,,cyber threats and potential cyber crime Dialogue: 0,0:31:17.96,0:31:20.52,Default,,0000,0000,0000,,activities helping laws en foring cyber Dialogue: 0,0:31:20.52,0:31:23.60,Default,,0000,0000,0000,,security things respond effectively and Dialogue: 0,0:31:23.60,0:31:27.24,Default,,0000,0000,0000,,proactively more important we all the Dialogue: 0,0:31:27.24,0:31:30.04,Default,,0000,0000,0000,,majority of us have multiple tools that Dialogue: 0,0:31:30.04,0:31:31.44,Default,,0000,0000,0000,,we call Dialogue: 0,0:31:31.44,0:31:34.52,Default,,0000,0000,0000,,Proactive H in our place of work okay we Dialogue: 0,0:31:34.52,0:31:37.60,Default,,0000,0000,0000,,have different kind of monitors Etc but Dialogue: 0,0:31:37.60,0:31:39.84,Default,,0000,0000,0000,,the possibility to do something in a Dialogue: 0,0:31:39.84,0:31:43.40,Default,,0000,0000,0000,,proactive mode is really what we want Dialogue: 0,0:31:43.40,0:31:45.64,Default,,0000,0000,0000,,evidence authentication artificial Dialogue: 0,0:31:45.64,0:31:47.12,Default,,0000,0000,0000,,intelligence can assist in the Dialogue: 0,0:31:47.12,0:31:49.36,Default,,0000,0000,0000,,authentication of digital evidence Dialogue: 0,0:31:49.36,0:31:51.44,Default,,0000,0000,0000,,ensuring its integrity and the Dialogue: 0,0:31:51.44,0:31:54.20,Default,,0000,0000,0000,,possibility of this data to be admitted Dialogue: 0,0:31:54.20,0:31:57.40,Default,,0000,0000,0000,,in cour data recovery artificial Dialogue: 0,0:31:57.40,0:32:00.44,Default,,0000,0000,0000,,intelligence help with the recovery of Dialogue: 0,0:32:00.44,0:32:02.28,Default,,0000,0000,0000,,the data that have been deleted Dialogue: 0,0:32:02.28,0:32:05.32,Default,,0000,0000,0000,,intentionally or un intentionally it Dialogue: 0,0:32:05.32,0:32:07.40,Default,,0000,0000,0000,,doesn't matter when we do digital Dialogue: 0,0:32:07.40,0:32:10.92,Default,,0000,0000,0000,,forensic we want to have as much data as Dialogue: 0,0:32:10.92,0:32:14.88,Default,,0000,0000,0000,,we can that serves to make a case Dialogue: 0,0:32:14.88,0:32:17.60,Default,,0000,0000,0000,,against a particular party from the Dialogue: 0,0:32:17.60,0:32:20.20,Default,,0000,0000,0000,,malware analysis standpoint the dig the Dialogue: 0,0:32:20.20,0:32:23.24,Default,,0000,0000,0000,,artificial intelligence bring a lot of Dialogue: 0,0:32:23.24,0:32:25.96,Default,,0000,0000,0000,,speed and this is needed because again Dialogue: 0,0:32:25.96,0:32:29.24,Default,,0000,0000,0000,,you are looking for needle in a ton of Dialogue: 0,0:32:29.24,0:32:33.04,Default,,0000,0000,0000,,water okay or in a tone of sand and this Dialogue: 0,0:32:33.04,0:32:35.64,Default,,0000,0000,0000,,is very complex from the network Dialogue: 0,0:32:35.64,0:32:37.88,Default,,0000,0000,0000,,forensic standpoint we are customed to Dialogue: 0,0:32:37.88,0:32:40.72,Default,,0000,0000,0000,,use tools as for example wih everybody Dialogue: 0,0:32:40.72,0:32:44.48,Default,,0000,0000,0000,,knows wih and I know that well anyways Dialogue: 0,0:32:44.48,0:32:46.56,Default,,0000,0000,0000,,there are so specific artificial Dialogue: 0,0:32:46.56,0:32:49.20,Default,,0000,0000,0000,,intelligence tools for Network forensic Dialogue: 0,0:32:49.20,0:32:53.24,Default,,0000,0000,0000,,analysis nowadays and I included two of Dialogue: 0,0:32:53.24,0:32:56.04,Default,,0000,0000,0000,,those tools in the list in in the last Dialogue: 0,0:32:56.04,0:32:59.44,Default,,0000,0000,0000,,slide automated trace this is one of the Dialogue: 0,0:32:59.44,0:33:01.56,Default,,0000,0000,0000,,most important consideration for you to Dialogue: 0,0:33:01.56,0:33:04.00,Default,,0000,0000,0000,,consider artificial intelligence in the Dialogue: 0,0:33:04.00,0:33:08.12,Default,,0000,0000,0000,,digital forensic speed okay it basically Dialogue: 0,0:33:08.12,0:33:11.04,Default,,0000,0000,0000,,this is the possibility to do Dialogue: 0,0:33:11.04,0:33:15.96,Default,,0000,0000,0000,,correlation between large data sets case Dialogue: 0,0:33:15.96,0:33:18.40,Default,,0000,0000,0000,,priori artificial intelligence can Dialogue: 0,0:33:18.40,0:33:20.48,Default,,0000,0000,0000,,assist investigators in priority Dialogue: 0,0:33:20.48,0:33:23.52,Default,,0000,0000,0000,,prioritizing cases based on factors like Dialogue: 0,0:33:23.52,0:33:25.96,Default,,0000,0000,0000,,severity potential impact or resource Dialogue: 0,0:33:25.96,0:33:29.20,Default,,0000,0000,0000,,allocation and it means timing Dialogue: 0,0:33:29.20,0:33:31.92,Default,,0000,0000,0000,,predictive policing super important Dialogue: 0,0:33:31.92,0:33:35.04,Default,,0000,0000,0000,,because until today digital forensic is Dialogue: 0,0:33:35.04,0:33:38.40,Default,,0000,0000,0000,,always reacted more we react to Dialogue: 0,0:33:38.40,0:33:40.84,Default,,0000,0000,0000,,something that happen the possibility to Dialogue: 0,0:33:40.84,0:33:44.12,Default,,0000,0000,0000,,make predictions in digital forensic is Dialogue: 0,0:33:44.12,0:33:46.52,Default,,0000,0000,0000,,fantastic it never happened before this Dialogue: 0,0:33:46.52,0:33:49.24,Default,,0000,0000,0000,,is new at least for me I start using Dialogue: 0,0:33:49.24,0:33:51.60,Default,,0000,0000,0000,,artificial intelligence back on my own Dialogue: 0,0:33:51.60,0:33:54.92,Default,,0000,0000,0000,,company 2017 and I have been able to use Dialogue: 0,0:33:54.92,0:33:55.96,Default,,0000,0000,0000,,that in Dialogue: 0,0:33:55.96,0:33:59.40,Default,,0000,0000,0000,,multiple cases for the police department Dialogue: 0,0:33:59.40,0:34:02.60,Default,,0000,0000,0000,,in Miami and another two cities in Dialogue: 0,0:34:02.60,0:34:06.64,Default,,0000,0000,0000,,Florida Tampa in St Petersburg and the Dialogue: 0,0:34:06.64,0:34:09.24,Default,,0000,0000,0000,,result have been amazing document Dialogue: 0,0:34:09.24,0:34:12.28,Default,,0000,0000,0000,,analysis you know that NLP can extract Dialogue: 0,0:34:12.28,0:34:14.80,Default,,0000,0000,0000,,information from documents and analyze Dialogue: 0,0:34:14.80,0:34:17.12,Default,,0000,0000,0000,,sexual content for investigations Dialogue: 0,0:34:17.12,0:34:19.08,Default,,0000,0000,0000,,artificial intelligence minimize Dialogue: 0,0:34:19.08,0:34:21.44,Default,,0000,0000,0000,,dramatically speaking the time needed Dialogue: 0,0:34:21.44,0:34:24.64,Default,,0000,0000,0000,,for that emotional recognition everybody Dialogue: 0,0:34:24.64,0:34:27.76,Default,,0000,0000,0000,,knows what happened with the desp Dialogue: 0,0:34:27.76,0:34:31.56,Default,,0000,0000,0000,,algorithms okay so we can use artificial Dialogue: 0,0:34:31.56,0:34:33.92,Default,,0000,0000,0000,,intelligence basically to analyze videos Dialogue: 0,0:34:33.92,0:34:38.04,Default,,0000,0000,0000,,which is awesome because our eyes our Dialogue: 0,0:34:38.04,0:34:40.24,Default,,0000,0000,0000,,muscles in our eyes doesn't have the Dialogue: 0,0:34:40.24,0:34:43.40,Default,,0000,0000,0000,,ability to lie we can lie when we speak Dialogue: 0,0:34:43.40,0:34:46.08,Default,,0000,0000,0000,,or we can try but the eyes the reaction Dialogue: 0,0:34:46.08,0:34:49.12,Default,,0000,0000,0000,,to a particular stimulus cannot be high Dialogue: 0,0:34:49.12,0:34:51.96,Default,,0000,0000,0000,,or cannot be modified so this is unique Dialogue: 0,0:34:51.96,0:34:54.48,Default,,0000,0000,0000,,from the data privacy and compliance Dialogue: 0,0:34:54.48,0:34:57.12,Default,,0000,0000,0000,,also you have the ability to out autom Dialogue: 0,0:34:57.12,0:35:00.08,Default,,0000,0000,0000,,attic to automate B Dialogue: 0,0:35:00.08,0:35:02.68,Default,,0000,0000,0000,,automate the specific data you want to Dialogue: 0,0:35:02.68,0:35:06.80,Default,,0000,0000,0000,,include as part of your report okay now Dialogue: 0,0:35:06.80,0:35:09.28,Default,,0000,0000,0000,,digital forensic data acquisition step Dialogue: 0,0:35:09.28,0:35:12.40,Default,,0000,0000,0000,,from my standpoint after 41 years Dialogue: 0,0:35:12.40,0:35:15.48,Default,,0000,0000,0000,,preservation we already talk about this Dialogue: 0,0:35:15.48,0:35:18.16,Default,,0000,0000,0000,,documentation preservation is integrity Dialogue: 0,0:35:18.16,0:35:21.32,Default,,0000,0000,0000,,okay this is the most important Dialogue: 0,0:35:21.32,0:35:24.12,Default,,0000,0000,0000,,consideration categorically speaking in Dialogue: 0,0:35:24.12,0:35:25.88,Default,,0000,0000,0000,,any kind of digital forensic Dialogue: 0,0:35:25.88,0:35:28.40,Default,,0000,0000,0000,,investigation you have to preserve the Dialogue: 0,0:35:28.40,0:35:31.32,Default,,0000,0000,0000,,data as it is and remember you never use Dialogue: 0,0:35:31.32,0:35:33.12,Default,,0000,0000,0000,,the original data for your forensic Dialogue: 0,0:35:33.12,0:35:36.52,Default,,0000,0000,0000,,analysis never you always use copy and Dialogue: 0,0:35:36.52,0:35:39.60,Default,,0000,0000,0000,,to do copies you have to use a bit by Dialogue: 0,0:35:39.60,0:35:43.32,Default,,0000,0000,0000,,bit applications bit by bit you cannot Dialogue: 0,0:35:43.32,0:35:46.80,Default,,0000,0000,0000,,copy bites or you cannot copy even data Dialogue: 0,0:35:46.80,0:35:49.16,Default,,0000,0000,0000,,and forget it about information so Dialogue: 0,0:35:49.16,0:35:52.36,Default,,0000,0000,0000,,preservation is the most important thing Dialogue: 0,0:35:52.36,0:35:54.52,Default,,0000,0000,0000,,documentation we already know that Dialogue: 0,0:35:54.52,0:35:56.96,Default,,0000,0000,0000,,everything needs to be documented okay Dialogue: 0,0:35:56.96,0:35:59.96,Default,,0000,0000,0000,,from the crime machine office to the Dialogue: 0,0:35:59.96,0:36:02.60,Default,,0000,0000,0000,,last Point chain of custody one more Dialogue: 0,0:36:02.60,0:36:04.64,Default,,0000,0000,0000,,time and I guess that I'm I'm going to Dialogue: 0,0:36:04.64,0:36:07.12,Default,,0000,0000,0000,,mention this one more time because gain Dialogue: 0,0:36:07.12,0:36:10.28,Default,,0000,0000,0000,,of custody means or opens the door for Dialogue: 0,0:36:10.28,0:36:13.08,Default,,0000,0000,0000,,you to present a case in the court of Dialogue: 0,0:36:13.08,0:36:17.40,Default,,0000,0000,0000,,law or to basically have the ability in Dialogue: 0,0:36:17.40,0:36:20.04,Default,,0000,0000,0000,,your organization to prove that what you Dialogue: 0,0:36:20.04,0:36:22.52,Default,,0000,0000,0000,,are presenting is appropriate you have Dialogue: 0,0:36:22.52,0:36:25.84,Default,,0000,0000,0000,,to plan how are you going to collect the Dialogue: 0,0:36:25.84,0:36:29.16,Default,,0000,0000,0000,,data you have to plan with anticipation Dialogue: 0,0:36:29.16,0:36:31.64,Default,,0000,0000,0000,,the specific tools you are going to use Dialogue: 0,0:36:31.64,0:36:34.76,Default,,0000,0000,0000,,what methods are you going to consider Dialogue: 0,0:36:34.76,0:36:37.20,Default,,0000,0000,0000,,in your data collection process this is Dialogue: 0,0:36:37.20,0:36:40.08,Default,,0000,0000,0000,,relevant and you always have to consider Dialogue: 0,0:36:40.08,0:36:44.04,Default,,0000,0000,0000,,the coms coms is probably more important Dialogue: 0,0:36:44.04,0:36:47.52,Default,,0000,0000,0000,,than PR when you select or decided to Dialogue: 0,0:36:47.52,0:36:51.12,Default,,0000,0000,0000,,use a particular application for the Dialogue: 0,0:36:51.12,0:36:54.16,Default,,0000,0000,0000,,data acquisition you always want to Dialogue: 0,0:36:54.16,0:36:57.36,Default,,0000,0000,0000,,focus on the negative people usually Dialogue: 0,0:36:57.36,0:36:59.68,Default,,0000,0000,0000,,tends to talk about the positive oh I Dialogue: 0,0:36:59.68,0:37:02.08,Default,,0000,0000,0000,,like why the Shar because this and that Dialogue: 0,0:37:02.08,0:37:03.56,Default,,0000,0000,0000,,it's better that you focus on the Dialogue: 0,0:37:03.56,0:37:06.88,Default,,0000,0000,0000,,negative in Information Technology Dialogue: 0,0:37:06.88,0:37:09.60,Default,,0000,0000,0000,,everything has cross and comes no Dialogue: 0,0:37:09.60,0:37:13.24,Default,,0000,0000,0000,,exceptions exceptions do not exist there Dialogue: 0,0:37:13.24,0:37:16.84,Default,,0000,0000,0000,,is not one exception everything positive Dialogue: 0,0:37:16.84,0:37:18.76,Default,,0000,0000,0000,,have something negative in information Dialogue: 0,0:37:18.76,0:37:20.88,Default,,0000,0000,0000,,technology and this is what you want to Dialogue: 0,0:37:20.88,0:37:24.60,Default,,0000,0000,0000,,focus on it to avoid problems at the end Dialogue: 0,0:37:24.60,0:37:27.80,Default,,0000,0000,0000,,Okay so Dialogue: 0,0:37:27.80,0:37:29.80,Default,,0000,0000,0000,,how about the verification process you Dialogue: 0,0:37:29.80,0:37:33.80,Default,,0000,0000,0000,,have to verify before you work with the Dialogue: 0,0:37:33.80,0:37:36.64,Default,,0000,0000,0000,,real data that the tools and methods you Dialogue: 0,0:37:36.64,0:37:39.96,Default,,0000,0000,0000,,selected work okay you never want to Dialogue: 0,0:37:39.96,0:37:42.56,Default,,0000,0000,0000,,mess up with the original data needed Dialogue: 0,0:37:42.56,0:37:45.36,Default,,0000,0000,0000,,with a copy you want to test in a test Dialogue: 0,0:37:45.36,0:37:48.36,Default,,0000,0000,0000,,environment your tools your methods your Dialogue: 0,0:37:48.36,0:37:50.40,Default,,0000,0000,0000,,approach the steps you are going to Dialogue: 0,0:37:50.40,0:37:53.44,Default,,0000,0000,0000,,follow is very time consuming it is but Dialogue: 0,0:37:53.44,0:37:56.96,Default,,0000,0000,0000,,by the way it's also very well paid is Dialogue: 0,0:37:56.96,0:37:58.92,Default,,0000,0000,0000,,very well paid the only thing I can tell Dialogue: 0,0:37:58.92,0:38:00.88,Default,,0000,0000,0000,,you that it's very well paid you have no Dialogue: 0,0:38:00.88,0:38:04.36,Default,,0000,0000,0000,,idea if you become a cyber security Dialogue: 0,0:38:04.36,0:38:07.20,Default,,0000,0000,0000,,expert and specialize in digital Dialogue: 0,0:38:07.20,0:38:10.68,Default,,0000,0000,0000,,forensic this is where the money is and Dialogue: 0,0:38:10.68,0:38:13.24,Default,,0000,0000,0000,,trust me this is where the money is okay Dialogue: 0,0:38:13.24,0:38:17.60,Default,,0000,0000,0000,,I'm telling you first person duplication Dialogue: 0,0:38:17.60,0:38:21.00,Default,,0000,0000,0000,,we talk about that already the only way Dialogue: 0,0:38:21.00,0:38:23.96,Default,,0000,0000,0000,,to do that is by creating bit forbit Dialogue: 0,0:38:23.96,0:38:27.12,Default,,0000,0000,0000,,image there is no other ways okay this Dialogue: 0,0:38:27.12,0:38:29.92,Default,,0000,0000,0000,,is why you you want to use PR blocking Dialogue: 0,0:38:29.92,0:38:31.92,Default,,0000,0000,0000,,devices software and Hardware I Dialogue: 0,0:38:31.92,0:38:34.56,Default,,0000,0000,0000,,mentioned that before Tex rooms and Dialogue: 0,0:38:34.56,0:38:37.04,Default,,0000,0000,0000,,hatching different concepts that some Dialogue: 0,0:38:37.04,0:38:40.16,Default,,0000,0000,0000,,people are still confusing about it okay Dialogue: 0,0:38:40.16,0:38:42.04,Default,,0000,0000,0000,,there is a huge difference between the Dialogue: 0,0:38:42.04,0:38:46.04,Default,,0000,0000,0000,,two the main one is that Asing is a Dialogue: 0,0:38:46.04,0:38:49.76,Default,,0000,0000,0000,,oneway function you go from the left to Dialogue: 0,0:38:49.76,0:38:51.92,Default,,0000,0000,0000,,the right and usually you don't have the Dialogue: 0,0:38:51.92,0:38:53.72,Default,,0000,0000,0000,,ability to come back to replicate the Dialogue: 0,0:38:53.72,0:38:56.84,Default,,0000,0000,0000,,process of course if you have the Dialogue: 0,0:38:56.84,0:38:59.28,Default,,0000,0000,0000,,algorithms on hand then you can do Dialogue: 0,0:38:59.28,0:39:02.04,Default,,0000,0000,0000,,reverse engineering this is obvious but Dialogue: 0,0:39:02.04,0:39:04.32,Default,,0000,0000,0000,,this is not what happen in regular Dialogue: 0,0:39:04.32,0:39:06.92,Default,,0000,0000,0000,,conditions okay so check zoom and Dialogue: 0,0:39:06.92,0:39:10.32,Default,,0000,0000,0000,,hatching both minimize the possibility Dialogue: 0,0:39:10.32,0:39:13.20,Default,,0000,0000,0000,,that you mistake in your digital Dialogue: 0,0:39:13.20,0:39:15.64,Default,,0000,0000,0000,,forensic ER Dialogue: 0,0:39:15.64,0:39:18.24,Default,,0000,0000,0000,,analysis the other component is Dialogue: 0,0:39:18.24,0:39:21.60,Default,,0000,0000,0000,,acquisition okay so how are you going to Dialogue: 0,0:39:21.60,0:39:23.60,Default,,0000,0000,0000,,collect the data what particular tools Dialogue: 0,0:39:23.60,0:39:26.04,Default,,0000,0000,0000,,are you going to use you always have to Dialogue: 0,0:39:26.04,0:39:29.36,Default,,0000,0000,0000,,maintain a strict R only access to the Dialogue: 0,0:39:29.36,0:39:31.56,Default,,0000,0000,0000,,source if you have the ability to Dialogue: 0,0:39:31.56,0:39:34.64,Default,,0000,0000,0000,,manipulate the data in the source you Dialogue: 0,0:39:34.64,0:39:37.64,Default,,0000,0000,0000,,have the ability to tamper with actually Dialogue: 0,0:39:37.64,0:39:39.68,Default,,0000,0000,0000,,the most important consideration out of Dialogue: 0,0:39:39.68,0:39:43.68,Default,,0000,0000,0000,,the CIA which is integrity if the Dialogue: 0,0:39:43.68,0:39:46.92,Default,,0000,0000,0000,,opponent is the opposite part to you in Dialogue: 0,0:39:46.92,0:39:49.56,Default,,0000,0000,0000,,your organization the defendant in other Dialogue: 0,0:39:49.56,0:39:53.52,Default,,0000,0000,0000,,words have the ability to prove that Dialogue: 0,0:39:53.52,0:39:56.88,Default,,0000,0000,0000,,the the original data or source can be Dialogue: 0,0:39:56.88,0:39:58.96,Default,,0000,0000,0000,,manipulated in any way the conversation Dialogue: 0,0:39:58.96,0:40:01.92,Default,,0000,0000,0000,,is 100% over and the case will be Dialogue: 0,0:40:01.92,0:40:04.32,Default,,0000,0000,0000,,dismissed categorically speaking it's no Dialogue: 0,0:40:04.32,0:40:07.84,Default,,0000,0000,0000,,more conversation so this is a humongous Dialogue: 0,0:40:07.84,0:40:10.44,Default,,0000,0000,0000,,responsibility when it comes to data Dialogue: 0,0:40:10.44,0:40:12.92,Default,,0000,0000,0000,,acquisition what protocols you use what Dialogue: 0,0:40:12.92,0:40:14.80,Default,,0000,0000,0000,,the specific tools how do you plan it Dialogue: 0,0:40:14.80,0:40:17.04,Default,,0000,0000,0000,,how you document is a very painful Dialogue: 0,0:40:17.04,0:40:21.32,Default,,0000,0000,0000,,process in other words okay now data Dialogue: 0,0:40:21.32,0:40:24.48,Default,,0000,0000,0000,,recovery we already talk about the Dialogue: 0,0:40:24.48,0:40:27.40,Default,,0000,0000,0000,,complexity of finding a needle in a tone Dialogue: 0,0:40:27.40,0:40:30.44,Default,,0000,0000,0000,,of s this is super complex okay but it's Dialogue: 0,0:40:30.44,0:40:34.08,Default,,0000,0000,0000,,doable the only thing you have to use is Dialogue: 0,0:40:34.08,0:40:36.00,Default,,0000,0000,0000,,the appropriate tools and you you need Dialogue: 0,0:40:36.00,0:40:38.44,Default,,0000,0000,0000,,to have a specific plan because every Dialogue: 0,0:40:38.44,0:40:41.96,Default,,0000,0000,0000,,single case is 100% different digital Dialogue: 0,0:40:41.96,0:40:44.80,Default,,0000,0000,0000,,signatures sign the acquire data in Dialogue: 0,0:40:44.80,0:40:48.40,Default,,0000,0000,0000,,hatches with a dig digital signature for Dialogue: 0,0:40:48.40,0:40:50.44,Default,,0000,0000,0000,,authentication there are multiple cases Dialogue: 0,0:40:50.44,0:40:53.96,Default,,0000,0000,0000,,today in which H signatures are not Dialogue: 0,0:40:53.96,0:40:56.96,Default,,0000,0000,0000,,accepted anymore in the go government I Dialogue: 0,0:40:56.96,0:40:58.80,Default,,0000,0000,0000,,am a Federal Officer for the US Dialogue: 0,0:40:58.80,0:41:01.92,Default,,0000,0000,0000,,Department of Commerce in USA in the Dialogue: 0,0:41:01.92,0:41:04.56,Default,,0000,0000,0000,,government we are not allowed to sign Dialogue: 0,0:41:04.56,0:41:07.68,Default,,0000,0000,0000,,anything by hand for many years back Dialogue: 0,0:41:07.68,0:41:11.60,Default,,0000,0000,0000,,many years okay digital signatures have Dialogue: 0,0:41:11.60,0:41:15.72,Default,,0000,0000,0000,,a specific component that minimize Dialogue: 0,0:41:15.72,0:41:18.24,Default,,0000,0000,0000,,dramatically speaking the possibility of Dialogue: 0,0:41:18.24,0:41:20.72,Default,,0000,0000,0000,,replication and this is why this is Dialogue: 0,0:41:20.72,0:41:23.36,Default,,0000,0000,0000,,accepted in the court of law Dialogue: 0,0:41:23.36,0:41:26.00,Default,,0000,0000,0000,,verification R verifies the Integrity of Dialogue: 0,0:41:26.00,0:41:29.44,Default,,0000,0000,0000,,that Qui image by comparing hash values Dialogue: 0,0:41:29.44,0:41:32.24,Default,,0000,0000,0000,,with those calculated before the hash Dialogue: 0,0:41:32.24,0:41:36.28,Default,,0000,0000,0000,,values must be exact no difference not Dialogue: 0,0:41:36.28,0:41:39.08,Default,,0000,0000,0000,,even in one Dialogue: 0,0:41:39.08,0:41:43.28,Default,,0000,0000,0000,,0.001 percentage most much 100% Dialogue: 0,0:41:43.28,0:41:46.52,Default,,0000,0000,0000,,categorically speaking otherwise the Dialogue: 0,0:41:46.52,0:41:49.12,Default,,0000,0000,0000,,court is going to dismiss the case as Dialogue: 0,0:41:49.12,0:41:52.24,Default,,0000,0000,0000,,well or the organization probably is not Dialogue: 0,0:41:52.24,0:41:55.12,Default,,0000,0000,0000,,going to take the appropriate action vus Dialogue: 0,0:41:55.12,0:41:59.12,Default,,0000,0000,0000,,in a particular individual or problem or Dialogue: 0,0:41:59.12,0:42:03.08,Default,,0000,0000,0000,,process okay LS and no we already talk Dialogue: 0,0:42:03.08,0:42:05.56,Default,,0000,0000,0000,,about documentation at the beginning you Dialogue: 0,0:42:05.56,0:42:09.28,Default,,0000,0000,0000,,have to actually make sure that Dialogue: 0,0:42:09.28,0:42:12.24,Default,,0000,0000,0000,,everything is timestamped as I mentioned Dialogue: 0,0:42:12.24,0:42:15.04,Default,,0000,0000,0000,,before at the beginning digital forensic Dialogue: 0,0:42:15.04,0:42:18.44,Default,,0000,0000,0000,,must be collected in a particular order Dialogue: 0,0:42:18.44,0:42:21.40,Default,,0000,0000,0000,,analyzed in the similar Manner and Dialogue: 0,0:42:21.40,0:42:24.60,Default,,0000,0000,0000,,presented in the report in the specific Dialogue: 0,0:42:24.60,0:42:28.04,Default,,0000,0000,0000,,order in which the process was done Dialogue: 0,0:42:28.04,0:42:31.16,Default,,0000,0000,0000,,otherwise the process is going to be Dialogue: 0,0:42:31.16,0:42:33.72,Default,,0000,0000,0000,,disqualified and this is exclusively at Dialogue: 0,0:42:33.72,0:42:36.88,Default,,0000,0000,0000,,this point our own responsibility and Dialogue: 0,0:42:36.88,0:42:41.52,Default,,0000,0000,0000,,nobody else okay the storage we already Dialogue: 0,0:42:41.52,0:42:44.88,Default,,0000,0000,0000,,know that gain of custody is one of the Dialogue: 0,0:42:44.88,0:42:46.52,Default,,0000,0000,0000,,most important component there are Dialogue: 0,0:42:46.52,0:42:49.16,Default,,0000,0000,0000,,multiple forms depending of the state in Dialogue: 0,0:42:49.16,0:42:51.96,Default,,0000,0000,0000,,which you live and the countries as well Dialogue: 0,0:42:51.96,0:42:54.68,Default,,0000,0000,0000,,that you have to follow anything if you Dialogue: 0,0:42:54.68,0:42:57.56,Default,,0000,0000,0000,,miss a check mark or if you put a check Dialogue: 0,0:42:57.56,0:43:00.40,Default,,0000,0000,0000,,mark on those particular forms you are Dialogue: 0,0:43:00.40,0:43:04.08,Default,,0000,0000,0000,,basically dismissing you the case you Dialogue: 0,0:43:04.08,0:43:06.72,Default,,0000,0000,0000,,intentionally the court doesn't work in Dialogue: 0,0:43:06.72,0:43:10.04,Default,,0000,0000,0000,,the way many of us believe okay we have Dialogue: 0,0:43:10.04,0:43:12.28,Default,,0000,0000,0000,,the possibility to put somebody in the Dialogue: 0,0:43:12.28,0:43:16.36,Default,,0000,0000,0000,,electric share or to release to provide Dialogue: 0,0:43:16.36,0:43:18.52,Default,,0000,0000,0000,,to this particular individual or Dialogue: 0,0:43:18.52,0:43:21.88,Default,,0000,0000,0000,,organization what we said is relevant Dialogue: 0,0:43:21.88,0:43:24.40,Default,,0000,0000,0000,,okay this is very important the brift Dialogue: 0,0:43:24.40,0:43:26.12,Default,,0000,0000,0000,,you always have to be in Comm Dialogue: 0,0:43:26.12,0:43:29.64,Default,,0000,0000,0000,,communication with all parties both the Dialogue: 0,0:43:29.64,0:43:32.36,Default,,0000,0000,0000,,one presenting the digital process or Dialogue: 0,0:43:32.36,0:43:35.36,Default,,0000,0000,0000,,ruling the process and the other part as Dialogue: 0,0:43:35.36,0:43:39.52,Default,,0000,0000,0000,,well you cannot hide anything Zero from Dialogue: 0,0:43:39.52,0:43:41.88,Default,,0000,0000,0000,,your opponents in the court of law or Dialogue: 0,0:43:41.88,0:43:44.72,Default,,0000,0000,0000,,for the defendant part never in your Dialogue: 0,0:43:44.72,0:43:47.56,Default,,0000,0000,0000,,life this is why the first bullet in the Dialogue: 0,0:43:47.56,0:43:50.04,Default,,0000,0000,0000,,whole presentation was as you may Dialogue: 0,0:43:50.04,0:43:54.08,Default,,0000,0000,0000,,remember ethics okay in digital forensic Dialogue: 0,0:43:54.08,0:43:57.48,Default,,0000,0000,0000,,we provide what we known to the other Dialogue: 0,0:43:57.48,0:44:00.44,Default,,0000,0000,0000,,parties as well even to the defendant to Dialogue: 0,0:44:00.44,0:44:03.12,Default,,0000,0000,0000,,the opponents every single time no Dialogue: 0,0:44:03.12,0:44:06.52,Default,,0000,0000,0000,,exception and we provide every single Dialogue: 0,0:44:06.52,0:44:09.56,Default,,0000,0000,0000,,artifact with the most clear possible Dialogue: 0,0:44:09.56,0:44:12.48,Default,,0000,0000,0000,,explanation to the opponents this is how Dialogue: 0,0:44:12.48,0:44:14.88,Default,,0000,0000,0000,,the digital forensic process work Dialogue: 0,0:44:14.88,0:44:17.72,Default,,0000,0000,0000,,otherwise it will be dismissed as well Dialogue: 0,0:44:17.72,0:44:20.84,Default,,0000,0000,0000,,in the court steing you have to make Dialogue: 0,0:44:20.84,0:44:24.16,Default,,0000,0000,0000,,sure that every single piece of digital Dialogue: 0,0:44:24.16,0:44:27.00,Default,,0000,0000,0000,,evidence is Dialogue: 0,0:44:27.00,0:44:30.52,Default,,0000,0000,0000,,properly still then that you follow the Dialogue: 0,0:44:30.52,0:44:32.72,Default,,0000,0000,0000,,process by the book again if you Skip Dialogue: 0,0:44:32.72,0:44:36.64,Default,,0000,0000,0000,,One Step just one out of 100 or 200s Dialogue: 0,0:44:36.64,0:44:39.52,Default,,0000,0000,0000,,depending of the case the case is going Dialogue: 0,0:44:39.52,0:44:42.72,Default,,0000,0000,0000,,to be this measure no exceptions the Cod Dialogue: 0,0:44:42.72,0:44:46.32,Default,,0000,0000,0000,,goes by the book as you can imagine and Dialogue: 0,0:44:46.32,0:44:48.00,Default,,0000,0000,0000,,your opponent is going to be very Dialogue: 0,0:44:48.00,0:44:50.20,Default,,0000,0000,0000,,attentive to to the minimum possible Dialogue: 0,0:44:50.20,0:44:53.84,Default,,0000,0000,0000,,failure to dismiss the case okay so how Dialogue: 0,0:44:53.84,0:44:56.20,Default,,0000,0000,0000,,you transport the data from one place to Dialogue: 0,0:44:56.20,0:44:59.24,Default,,0000,0000,0000,,the other place chain of custody this is Dialogue: 0,0:44:59.24,0:45:02.76,Default,,0000,0000,0000,,the key component chain of custody data Dialogue: 0,0:45:02.76,0:45:06.20,Default,,0000,0000,0000,,encryption you have to make sure that Dialogue: 0,0:45:06.20,0:45:10.44,Default,,0000,0000,0000,,you prevent or actually Pro prevent a Dialogue: 0,0:45:10.44,0:45:13.12,Default,,0000,0000,0000,,Integrity manipulation and you always Dialogue: 0,0:45:13.12,0:45:16.32,Default,,0000,0000,0000,,want to meure the confidentiality of the Dialogue: 0,0:45:16.32,0:45:19.00,Default,,0000,0000,0000,,data CIA we already talked about the Dialogue: 0,0:45:19.00,0:45:21.52,Default,,0000,0000,0000,,component confidentiality Integrity Dialogue: 0,0:45:21.52,0:45:23.48,Default,,0000,0000,0000,,availability from the digital forensic Dialogue: 0,0:45:23.48,0:45:26.32,Default,,0000,0000,0000,,standpoint the most important no Dialogue: 0,0:45:26.32,0:45:29.88,Default,,0000,0000,0000,,exception is integrity and also the Dialogue: 0,0:45:29.88,0:45:32.32,Default,,0000,0000,0000,,confidentiality okay so from the Dialogue: 0,0:45:32.32,0:45:35.20,Default,,0000,0000,0000,,recovery image standpoint you always Dialogue: 0,0:45:35.20,0:45:37.96,Default,,0000,0000,0000,,want to have a duplicate for validation Dialogue: 0,0:45:37.96,0:45:40.76,Default,,0000,0000,0000,,and reanalysis and remember that you Dialogue: 0,0:45:40.76,0:45:43.56,Default,,0000,0000,0000,,always want to work with a copy of the Dialogue: 0,0:45:43.56,0:45:47.92,Default,,0000,0000,0000,,digital evidence 100% of the time no 9 Dialogue: 0,0:45:47.92,0:45:50.68,Default,,0000,0000,0000,,you have to preserve the original Dialogue: 0,0:45:50.68,0:45:52.72,Default,,0000,0000,0000,,evidence this is part of our Dialogue: 0,0:45:52.72,0:45:56.48,Default,,0000,0000,0000,,responsibility and this is why we do bit Dialogue: 0,0:45:56.48,0:46:00.48,Default,,0000,0000,0000,,by bit analysis and bit by bit copy it's Dialogue: 0,0:46:00.48,0:46:04.20,Default,,0000,0000,0000,,complex okay now a specific step in Dialogue: 0,0:46:04.20,0:46:06.08,Default,,0000,0000,0000,,digital forensics to analyze the Dialogue: 0,0:46:06.08,0:46:08.72,Default,,0000,0000,0000,,collected data at this point you already Dialogue: 0,0:46:08.72,0:46:10.88,Default,,0000,0000,0000,,went through multiple process and spent Dialogue: 0,0:46:10.88,0:46:14.36,Default,,0000,0000,0000,,a lot of time how do you analyze the Dialogue: 0,0:46:14.36,0:46:16.08,Default,,0000,0000,0000,,data you have because you are going to Dialogue: 0,0:46:16.08,0:46:19.40,Default,,0000,0000,0000,,have probably terabytes of data okay Dialogue: 0,0:46:19.40,0:46:23.68,Default,,0000,0000,0000,,well you have to make sure that hashing Dialogue: 0,0:46:23.68,0:46:27.44,Default,,0000,0000,0000,,and TS digital signatures and the chain Dialogue: 0,0:46:27.44,0:46:31.48,Default,,0000,0000,0000,,of custody have been followed data Dialogue: 0,0:46:31.48,0:46:34.00,Default,,0000,0000,0000,,priorization what happens and what is Dialogue: 0,0:46:34.00,0:46:35.88,Default,,0000,0000,0000,,more relevant you cannot present in the Dialogue: 0,0:46:35.88,0:46:38.80,Default,,0000,0000,0000,,court two terabytes of data or 2,000 Dialogue: 0,0:46:38.80,0:46:41.64,Default,,0000,0000,0000,,Pages this is Irrelevant for the case Dialogue: 0,0:46:41.64,0:46:44.24,Default,,0000,0000,0000,,okay you have to make sure that you use Dialogue: 0,0:46:44.24,0:46:47.24,Default,,0000,0000,0000,,keywords in order to provide a solid Dialogue: 0,0:46:47.24,0:46:49.68,Default,,0000,0000,0000,,report to the court for this particular Dialogue: 0,0:46:49.68,0:46:52.84,Default,,0000,0000,0000,,case for the keywords artificial Dialogue: 0,0:46:52.84,0:46:56.00,Default,,0000,0000,0000,,intelligence have been proven to me that Dialogue: 0,0:46:56.00,0:46:59.32,Default,,0000,0000,0000,,is of huge help file caring you have to Dialogue: 0,0:46:59.32,0:47:02.12,Default,,0000,0000,0000,,use a specialized tool to recover files Dialogue: 0,0:47:02.12,0:47:05.48,Default,,0000,0000,0000,,that may been deleted or you Dialogue: 0,0:47:05.48,0:47:08.76,Default,,0000,0000,0000,,intentionally hiting timeline analysis Dialogue: 0,0:47:08.76,0:47:11.44,Default,,0000,0000,0000,,we talk about you have to do everything Dialogue: 0,0:47:11.44,0:47:13.92,Default,,0000,0000,0000,,by following a particular sequence of Dialogue: 0,0:47:13.92,0:47:16.72,Default,,0000,0000,0000,,activities in other words you have to Dialogue: 0,0:47:16.72,0:47:18.76,Default,,0000,0000,0000,,present and do the analysis in Dialogue: 0,0:47:18.76,0:47:21.28,Default,,0000,0000,0000,,chronological order in the way that you Dialogue: 0,0:47:21.28,0:47:23.88,Default,,0000,0000,0000,,collect the data this is the exact way Dialogue: 0,0:47:23.88,0:47:26.04,Default,,0000,0000,0000,,you do the analysis and later you do Dialogue: 0,0:47:26.04,0:47:28.12,Default,,0000,0000,0000,,correlation okay but you have to follow Dialogue: 0,0:47:28.12,0:47:30.76,Default,,0000,0000,0000,,a particular chronological order data Dialogue: 0,0:47:30.76,0:47:33.44,Default,,0000,0000,0000,,recovery you have to do your best to Dialogue: 0,0:47:33.44,0:47:35.52,Default,,0000,0000,0000,,reconstruct the data that have been Dialogue: 0,0:47:35.52,0:47:38.56,Default,,0000,0000,0000,,deleted or probably damaged even by a Dialogue: 0,0:47:38.56,0:47:40.88,Default,,0000,0000,0000,,physical or electronic condition in the Dialogue: 0,0:47:40.88,0:47:43.68,Default,,0000,0000,0000,,storage media the metadata analysis is Dialogue: 0,0:47:43.68,0:47:46.24,Default,,0000,0000,0000,,also complex okay this is the next Dialogue: 0,0:47:46.24,0:47:49.24,Default,,0000,0000,0000,,component after the time the timeline Dialogue: 0,0:47:49.24,0:47:52.04,Default,,0000,0000,0000,,analysis metadata includes multiple kind Dialogue: 0,0:47:52.04,0:47:54.88,Default,,0000,0000,0000,,of data so this part of the analysis is Dialogue: 0,0:47:54.88,0:47:57.36,Default,,0000,0000,0000,,going to be complete colle and more time Dialogue: 0,0:47:57.36,0:47:59.52,Default,,0000,0000,0000,,consuming than the data collection and Dialogue: 0,0:47:59.52,0:48:02.32,Default,,0000,0000,0000,,the data collection is already very time Dialogue: 0,0:48:02.32,0:48:04.76,Default,,0000,0000,0000,,consuming content analysis you have to Dialogue: 0,0:48:04.76,0:48:06.28,Default,,0000,0000,0000,,be very careful because this is Dialogue: 0,0:48:06.28,0:48:08.96,Default,,0000,0000,0000,,basically what the forensic analysis is Dialogue: 0,0:48:08.96,0:48:12.24,Default,,0000,0000,0000,,going to be parent recognition how you Dialogue: 0,0:48:12.24,0:48:15.80,Default,,0000,0000,0000,,can match one bit of data with another Dialogue: 0,0:48:15.80,0:48:19.04,Default,,0000,0000,0000,,bit okay is there any association Dialogue: 0,0:48:19.04,0:48:23.36,Default,,0000,0000,0000,,between bits between bites between data Dialogue: 0,0:48:23.36,0:48:26.64,Default,,0000,0000,0000,,between words this is a iCal Dialogue: 0,0:48:26.64,0:48:29.40,Default,,0000,0000,0000,,component communication analysis again Dialogue: 0,0:48:29.40,0:48:31.32,Default,,0000,0000,0000,,you want to make sure that you include Dialogue: 0,0:48:31.32,0:48:34.68,Default,,0000,0000,0000,,everything emails today are probably the Dialogue: 0,0:48:34.68,0:48:37.76,Default,,0000,0000,0000,,most relevant component of digital Dialogue: 0,0:48:37.76,0:48:39.80,Default,,0000,0000,0000,,forening analysis you wants to make sure Dialogue: 0,0:48:39.80,0:48:42.84,Default,,0000,0000,0000,,that you master email analysis as well Dialogue: 0,0:48:42.84,0:48:45.64,Default,,0000,0000,0000,,data encryption you always have to keep Dialogue: 0,0:48:45.64,0:48:48.08,Default,,0000,0000,0000,,in mind the confidentiality and when we Dialogue: 0,0:48:48.08,0:48:50.52,Default,,0000,0000,0000,,are talking about the recovery or the Dialogue: 0,0:48:50.52,0:48:53.16,Default,,0000,0000,0000,,recovery image I mentioned that as well Dialogue: 0,0:48:53.16,0:48:56.04,Default,,0000,0000,0000,,similar to the chain of custody before Dialogue: 0,0:48:56.04,0:48:58.16,Default,,0000,0000,0000,,because you always have to pres the Dialogue: 0,0:48:58.16,0:49:01.24,Default,,0000,0000,0000,,digital the original data evidence Dialogue: 0,0:49:01.24,0:49:03.00,Default,,0000,0000,0000,,examination you want to make sure that Dialogue: 0,0:49:03.00,0:49:06.00,Default,,0000,0000,0000,,you verify the Integrity of the data you Dialogue: 0,0:49:06.00,0:49:08.80,Default,,0000,0000,0000,,have been acquiring including hash value Dialogue: 0,0:49:08.80,0:49:11.44,Default,,0000,0000,0000,,digital signature and the chain of Dialogue: 0,0:49:11.44,0:49:14.12,Default,,0000,0000,0000,,custodies we talk about this already Dialogue: 0,0:49:14.12,0:49:16.88,Default,,0000,0000,0000,,this is a repeat of the slide by the way Dialogue: 0,0:49:16.88,0:49:20.48,Default,,0000,0000,0000,,okay so database examination and you Dialogue: 0,0:49:20.48,0:49:23.76,Default,,0000,0000,0000,,foring a duplicate slide so this slide Dialogue: 0,0:49:23.76,0:49:27.68,Default,,0000,0000,0000,,is the same to this okay so my apology Dialogue: 0,0:49:27.68,0:49:30.68,Default,,0000,0000,0000,,for that it's my fault data database Dialogue: 0,0:49:30.68,0:49:33.00,Default,,0000,0000,0000,,examination investigate databases for Dialogue: 0,0:49:33.00,0:49:35.48,Default,,0000,0000,0000,,valueable valuable information including Dialogue: 0,0:49:35.48,0:49:38.76,Default,,0000,0000,0000,,structure data and locks entries Etc Dialogue: 0,0:49:38.76,0:49:41.24,Default,,0000,0000,0000,,media analysis this is a very complex Dialogue: 0,0:49:41.24,0:49:43.96,Default,,0000,0000,0000,,process because it's usually about atigo Dialogue: 0,0:49:43.96,0:49:47.20,Default,,0000,0000,0000,,or include testigo and this is about Dialogue: 0,0:49:47.20,0:49:50.04,Default,,0000,0000,0000,,image videos audios geolocation in Dialogue: 0,0:49:50.04,0:49:52.32,Default,,0000,0000,0000,,digital signatures Network traffic Dialogue: 0,0:49:52.32,0:49:56.36,Default,,0000,0000,0000,,analysis tools as why the Shar h but my Dialogue: 0,0:49:56.36,0:49:59.16,Default,,0000,0000,0000,,suggestion is that you use all the tools Dialogue: 0,0:49:59.16,0:50:02.12,Default,,0000,0000,0000,,that are part of the artificial Dialogue: 0,0:50:02.12,0:50:04.72,Default,,0000,0000,0000,,intelligence applications we can use Dialogue: 0,0:50:04.72,0:50:06.84,Default,,0000,0000,0000,,today and are available in the Dialogue: 0,0:50:06.84,0:50:10.52,Default,,0000,0000,0000,,market estigo is always complex okay Dialogue: 0,0:50:10.52,0:50:14.08,Default,,0000,0000,0000,,because stigo include not only image but Dialogue: 0,0:50:14.08,0:50:16.88,Default,,0000,0000,0000,,in many cases audio as well and this is Dialogue: 0,0:50:16.88,0:50:19.72,Default,,0000,0000,0000,,very complex time consuming you always Dialogue: 0,0:50:19.72,0:50:22.36,Default,,0000,0000,0000,,wants to make sure that you use the Dialogue: 0,0:50:22.36,0:50:24.36,Default,,0000,0000,0000,,appropriate estigo analysis techniques Dialogue: 0,0:50:24.36,0:50:27.16,Default,,0000,0000,0000,,and that are multiple specific for Dialogue: 0,0:50:27.16,0:50:29.96,Default,,0000,0000,0000,,volatile analysis as I mentioned before Dialogue: 0,0:50:29.96,0:50:33.44,Default,,0000,0000,0000,,there is multiple ways to do Dialogue: 0,0:50:33.44,0:50:37.60,Default,,0000,0000,0000,,data acquisition from RAM memory when we Dialogue: 0,0:50:37.60,0:50:41.24,Default,,0000,0000,0000,,turn off the computer all the data from Dialogue: 0,0:50:41.24,0:50:44.20,Default,,0000,0000,0000,,Ram doesn't goes off this is what Dialogue: 0,0:50:44.20,0:50:47.32,Default,,0000,0000,0000,,everybody said this is what Google said Dialogue: 0,0:50:47.32,0:50:48.96,Default,,0000,0000,0000,,this is what people that never do Dialogue: 0,0:50:48.96,0:50:51.92,Default,,0000,0000,0000,,forensic investigation repeat this is Dialogue: 0,0:50:51.92,0:50:54.92,Default,,0000,0000,0000,,not appropriate if you know how to do it Dialogue: 0,0:50:54.92,0:50:57.48,Default,,0000,0000,0000,,and again I make the presentation for e Dialogue: 0,0:50:57.48,0:51:00.44,Default,,0000,0000,0000,,councel in 2019 if you Google my name in Dialogue: 0,0:51:00.44,0:51:02.64,Default,,0000,0000,0000,,this presentation you will be able to Dialogue: 0,0:51:02.64,0:51:05.88,Default,,0000,0000,0000,,find a particular video in which I was Dialogue: 0,0:51:05.88,0:51:08.36,Default,,0000,0000,0000,,able to recover data from RAM memory Dialogue: 0,0:51:08.36,0:51:12.12,Default,,0000,0000,0000,,after the computer was took down took Dialogue: 0,0:51:12.12,0:51:15.00,Default,,0000,0000,0000,,down believe it or not go for the other Dialogue: 0,0:51:15.00,0:51:16.84,Default,,0000,0000,0000,,presentation that this is DC councel Dialogue: 0,0:51:16.84,0:51:19.08,Default,,0000,0000,0000,,database and you will be able to see the Dialogue: 0,0:51:19.08,0:51:21.64,Default,,0000,0000,0000,,video okay comparison you have to do Dialogue: 0,0:51:21.64,0:51:24.36,Default,,0000,0000,0000,,cross reference every single time to Dialogue: 0,0:51:24.36,0:51:27.04,Default,,0000,0000,0000,,make sure that the data you identify is Dialogue: 0,0:51:27.04,0:51:30.36,Default,,0000,0000,0000,,appropriate and you always identify Dialogue: 0,0:51:30.36,0:51:32.76,Default,,0000,0000,0000,,identity deviations and Dialogue: 0,0:51:32.76,0:51:35.24,Default,,0000,0000,0000,,inconsistency before you do the final Dialogue: 0,0:51:35.24,0:51:38.08,Default,,0000,0000,0000,,report I told you already when you Dialogue: 0,0:51:38.08,0:51:40.84,Default,,0000,0000,0000,,present the report in the court of law Dialogue: 0,0:51:40.84,0:51:44.36,Default,,0000,0000,0000,,and minimum mistake something minimum Dialogue: 0,0:51:44.36,0:51:46.84,Default,,0000,0000,0000,,will be disqualified in the case for Dialogue: 0,0:51:46.84,0:51:49.60,Default,,0000,0000,0000,,example in this presentation I include Dialogue: 0,0:51:49.60,0:51:53.48,Default,,0000,0000,0000,,IED by mistake this slide and this slide Dialogue: 0,0:51:53.48,0:51:56.00,Default,,0000,0000,0000,,if I do that in the in the court of flow Dialogue: 0,0:51:56.00,0:51:56.96,Default,,0000,0000,0000,,is Dialogue: 0,0:51:56.96,0:52:00.04,Default,,0000,0000,0000,,dismiss okay that's it it's no more Dialogue: 0,0:52:00.04,0:52:02.40,Default,,0000,0000,0000,,conversation the emotion analysis we Dialogue: 0,0:52:02.40,0:52:04.68,Default,,0000,0000,0000,,have talk about that we are talking Dialogue: 0,0:52:04.68,0:52:07.84,Default,,0000,0000,0000,,about persons digital evidence is always Dialogue: 0,0:52:07.84,0:52:11.92,Default,,0000,0000,0000,,related to people in process processes Dialogue: 0,0:52:11.92,0:52:14.84,Default,,0000,0000,0000,,applications Hardware software so we Dialogue: 0,0:52:14.84,0:52:17.92,Default,,0000,0000,0000,,want to make sure that what we present Dialogue: 0,0:52:17.92,0:52:20.16,Default,,0000,0000,0000,,is accurate and from the documentation Dialogue: 0,0:52:20.16,0:52:22.72,Default,,0000,0000,0000,,at some point it was the second point in Dialogue: 0,0:52:22.72,0:52:25.40,Default,,0000,0000,0000,,the presentation we have to document Dialogue: 0,0:52:25.40,0:52:28.24,Default,,0000,0000,0000,,everything reporting is about compiling Dialogue: 0,0:52:28.24,0:52:31.56,Default,,0000,0000,0000,,in a clear and comprehensive manner Dialogue: 0,0:52:31.56,0:52:33.72,Default,,0000,0000,0000,,including summaries methodologist and Dialogue: 0,0:52:33.72,0:52:35.88,Default,,0000,0000,0000,,supporting evidence you have to include Dialogue: 0,0:52:35.88,0:52:39.00,Default,,0000,0000,0000,,or at least in my case I always include Dialogue: 0,0:52:39.00,0:52:41.96,Default,,0000,0000,0000,,the recordings of everything I do Dialogue: 0,0:52:41.96,0:52:43.96,Default,,0000,0000,0000,,everything means even if I open my Dialogue: 0,0:52:43.96,0:52:46.28,Default,,0000,0000,0000,,personal email or if a notification come Dialogue: 0,0:52:46.28,0:52:48.80,Default,,0000,0000,0000,,to my computer and I open something in Dialogue: 0,0:52:48.80,0:52:52.64,Default,,0000,0000,0000,,my my in my WhatsApp for example this is Dialogue: 0,0:52:52.64,0:52:55.76,Default,,0000,0000,0000,,part of the recording as well okay so Dialogue: 0,0:52:55.76,0:52:58.36,Default,,0000,0000,0000,,you have to make sure that you provide Dialogue: 0,0:52:58.36,0:53:00.92,Default,,0000,0000,0000,,an expert testimony in order to do that Dialogue: 0,0:53:00.92,0:53:02.36,Default,,0000,0000,0000,,you have to be an expert in digital Dialogue: 0,0:53:02.36,0:53:06.00,Default,,0000,0000,0000,,currency Feer review consult with other Dialogue: 0,0:53:06.00,0:53:08.28,Default,,0000,0000,0000,,with your partners with the opponent Dialogue: 0,0:53:08.28,0:53:10.68,Default,,0000,0000,0000,,with the defendant part before you Dialogue: 0,0:53:10.68,0:53:12.24,Default,,0000,0000,0000,,present it's not that you are going to Dialogue: 0,0:53:12.24,0:53:14.80,Default,,0000,0000,0000,,modify to report because the defendant Dialogue: 0,0:53:14.80,0:53:16.64,Default,,0000,0000,0000,,doesn't like it this is not what I'm Dialogue: 0,0:53:16.64,0:53:18.92,Default,,0000,0000,0000,,telling you it's just that you are going Dialogue: 0,0:53:18.92,0:53:21.36,Default,,0000,0000,0000,,to provide the report and by the way you Dialogue: 0,0:53:21.36,0:53:24.12,Default,,0000,0000,0000,,must provide the report to the defendant Dialogue: 0,0:53:24.12,0:53:26.72,Default,,0000,0000,0000,,before you go to the Court by the time Dialogue: 0,0:53:26.72,0:53:28.48,Default,,0000,0000,0000,,you stand up in the court everything Dialogue: 0,0:53:28.48,0:53:30.24,Default,,0000,0000,0000,,needs to be done the other part need to Dialogue: 0,0:53:30.24,0:53:32.68,Default,,0000,0000,0000,,know exactly what you are going to Dialogue: 0,0:53:32.68,0:53:35.28,Default,,0000,0000,0000,,present this is how the legal systems Dialogue: 0,0:53:35.28,0:53:38.28,Default,,0000,0000,0000,,work okay with deceptions of very few Dialogue: 0,0:53:38.28,0:53:41.00,Default,,0000,0000,0000,,countries but in the world this is how Dialogue: 0,0:53:41.00,0:53:44.40,Default,,0000,0000,0000,,it work so the quality assurance is just Dialogue: 0,0:53:44.40,0:53:46.24,Default,,0000,0000,0000,,making sure that what you present is Dialogue: 0,0:53:46.24,0:53:49.48,Default,,0000,0000,0000,,appropriate the case management is how Dialogue: 0,0:53:49.48,0:53:51.40,Default,,0000,0000,0000,,you use the digital forensic and manage Dialogue: 0,0:53:51.40,0:53:53.68,Default,,0000,0000,0000,,system to track everything in analysis Dialogue: 0,0:53:53.68,0:53:56.44,Default,,0000,0000,0000,,process and from the data privacy Dialogue: 0,0:53:56.44,0:53:58.56,Default,,0000,0000,0000,,compliance I told you already every Dialogue: 0,0:53:58.56,0:54:00.44,Default,,0000,0000,0000,,single place every single City every Dialogue: 0,0:54:00.44,0:54:02.56,Default,,0000,0000,0000,,single state operate under different Dialogue: 0,0:54:02.56,0:54:04.92,Default,,0000,0000,0000,,conditions popular tool for digital Dialogue: 0,0:54:04.92,0:54:08.68,Default,,0000,0000,0000,,forensic few of those in Cas Dialogue: 0,0:54:08.68,0:54:11.72,Default,,0000,0000,0000,,autopsy Access Data everybody know how Dialogue: 0,0:54:11.72,0:54:14.56,Default,,0000,0000,0000,,is a forensic tool kit hway forensic Dialogue: 0,0:54:14.56,0:54:17.96,Default,,0000,0000,0000,,celebrity vola volatility wi sh Dialogue: 0,0:54:17.96,0:54:20.52,Default,,0000,0000,0000,,everybody most likely know oxygen Dialogue: 0,0:54:20.52,0:54:22.84,Default,,0000,0000,0000,,forensic detective and the digital Dialogue: 0,0:54:22.84,0:54:25.32,Default,,0000,0000,0000,,evidence and forensic tool kit so some Dialogue: 0,0:54:25.32,0:54:28.16,Default,,0000,0000,0000,,of those are included in Cali others do Dialogue: 0,0:54:28.16,0:54:31.36,Default,,0000,0000,0000,,not some are open source others are Dialogue: 0,0:54:31.36,0:54:34.12,Default,,0000,0000,0000,,extremely expensive for example in case Dialogue: 0,0:54:34.12,0:54:37.28,Default,,0000,0000,0000,,which is very very expensive some Dialogue: 0,0:54:37.28,0:54:39.28,Default,,0000,0000,0000,,relevant reference about digital Dialogue: 0,0:54:39.28,0:54:43.00,Default,,0000,0000,0000,,forensic I prefer to use keywords and Dialogue: 0,0:54:43.00,0:54:45.60,Default,,0000,0000,0000,,not particular reference or books Dialogue: 0,0:54:45.60,0:54:49.00,Default,,0000,0000,0000,,because I don't recommend any specific Dialogue: 0,0:54:49.00,0:54:51.96,Default,,0000,0000,0000,,book instead the combination of content Dialogue: 0,0:54:51.96,0:54:54.16,Default,,0000,0000,0000,,and knowledge and expertise but some Dialogue: 0,0:54:54.16,0:54:56.48,Default,,0000,0000,0000,,words or key words you can use if you Dialogue: 0,0:54:56.48,0:54:58.96,Default,,0000,0000,0000,,want to expand more in digital forensic Dialogue: 0,0:54:58.96,0:55:02.08,Default,,0000,0000,0000,,are digital forensic best practice Dialogue: 0,0:55:02.08,0:55:04.84,Default,,0000,0000,0000,,challenge iMobile digital forensic Dialogue: 0,0:55:04.84,0:55:07.00,Default,,0000,0000,0000,,Network forensic techniques Cloud Dialogue: 0,0:55:07.00,0:55:09.56,Default,,0000,0000,0000,,forensic investigations Internet of Dialogue: 0,0:55:09.56,0:55:12.84,Default,,0000,0000,0000,,Things forensic memory forensic analysis Dialogue: 0,0:55:12.84,0:55:14.80,Default,,0000,0000,0000,,because you want to stop repeating what Dialogue: 0,0:55:14.80,0:55:17.12,Default,,0000,0000,0000,,you have been learning for years when Dialogue: 0,0:55:17.12,0:55:19.16,Default,,0000,0000,0000,,you took down the computer with the Dialogue: 0,0:55:19.16,0:55:21.24,Default,,0000,0000,0000,,computer is turn it Dialogue: 0,0:55:21.24,0:55:24.12,Default,,0000,0000,0000,,off and there is a lot of data that Dialogue: 0,0:55:24.12,0:55:26.76,Default,,0000,0000,0000,,remains in r memory for a particular Dialogue: 0,0:55:26.76,0:55:30.52,Default,,0000,0000,0000,,amount of time of course okay so try to Dialogue: 0,0:55:30.52,0:55:32.88,Default,,0000,0000,0000,,expand on this topic malware analysis in Dialogue: 0,0:55:32.88,0:55:35.44,Default,,0000,0000,0000,,digital forensic and cyber security and Dialogue: 0,0:55:35.44,0:55:37.84,Default,,0000,0000,0000,,digital forensic Trends those are Dialogue: 0,0:55:37.84,0:55:41.24,Default,,0000,0000,0000,,keywords that will be facilitating your Dialogue: 0,0:55:41.24,0:55:44.28,Default,,0000,0000,0000,,expansion or you expanding on digital Dialogue: 0,0:55:44.28,0:55:48.24,Default,,0000,0000,0000,,forensic knowledge other Dialogue: 0,0:55:48.24,0:55:50.88,Default,,0000,0000,0000,,considerations are some particular Dialogue: 0,0:55:50.88,0:55:54.24,Default,,0000,0000,0000,,journals okay I in this case I'm going Dialogue: 0,0:55:54.24,0:55:56.80,Default,,0000,0000,0000,,to risk and recommend the digital Dialogue: 0,0:55:56.80,0:55:59.72,Default,,0000,0000,0000,,investigation that is published by xier Dialogue: 0,0:55:59.72,0:56:02.48,Default,,0000,0000,0000,,is one of the top in the world the other Dialogue: 0,0:56:02.48,0:56:04.60,Default,,0000,0000,0000,,one is the Journal of digital forensic Dialogue: 0,0:56:04.60,0:56:07.56,Default,,0000,0000,0000,,security and law and forensic science Dialogue: 0,0:56:07.56,0:56:12.16,Default,,0000,0000,0000,,International digital investigation Dialogue: 0,0:56:12.84,0:56:15.52,Default,,0000,0000,0000,,report I'm open to any question you may Dialogue: 0,0:56:15.52,0:56:19.32,Default,,0000,0000,0000,,have and one more time I want before I Dialogue: 0,0:56:19.32,0:56:22.44,Default,,0000,0000,0000,,close my lips I want to sincerely thank Dialogue: 0,0:56:22.44,0:56:25.16,Default,,0000,0000,0000,,you EC Council for another opportunity Dialogue: 0,0:56:25.16,0:56:27.76,Default,,0000,0000,0000,,to talk about this fascinating topic Dialogue: 0,0:56:27.76,0:56:29.88,Default,,0000,0000,0000,,thank you very much for all the staff in Dialogue: 0,0:56:29.88,0:56:34.08,Default,,0000,0000,0000,,the e Council that work tily who made Dialogue: 0,0:56:34.08,0:56:37.08,Default,,0000,0000,0000,,this presentation a possibility and Dialogue: 0,0:56:37.08,0:56:39.00,Default,,0000,0000,0000,,thank you so much as well for you guys Dialogue: 0,0:56:39.00,0:56:41.16,Default,,0000,0000,0000,,attending the conf the conference and Dialogue: 0,0:56:41.16,0:56:44.44,Default,,0000,0000,0000,,for the questions that you may Dialogue: 0,0:56:44.88,0:56:47.56,Default,,0000,0000,0000,,ask thank you very much Dr Lewis for Dialogue: 0,0:56:47.56,0:56:49.20,Default,,0000,0000,0000,,such an insightful and informative Dialogue: 0,0:56:49.20,0:56:50.76,Default,,0000,0000,0000,,session that was really a very Dialogue: 0,0:56:50.76,0:56:52.88,Default,,0000,0000,0000,,interesting webinar and we hope it was Dialogue: 0,0:56:52.88,0:56:55.48,Default,,0000,0000,0000,,worth your time too now now before we Dialogue: 0,0:56:55.48,0:56:57.28,Default,,0000,0000,0000,,begin with the Q&A I would like to Dialogue: 0,0:56:57.28,0:56:59.68,Default,,0000,0000,0000,,inform all the attendees that EC Dialogue: 0,0:56:59.68,0:57:03.12,Default,,0000,0000,0000,,council's CH maps to the forensic Dialogue: 0,0:57:03.12,0:57:05.32,Default,,0000,0000,0000,,investigator and the consultant digital Dialogue: 0,0:57:05.32,0:57:07.76,Default,,0000,0000,0000,,forensics anyone with the chfi Dialogue: 0,0:57:07.76,0:57:10.08,Default,,0000,0000,0000,,certification is eligible for 4,000 plus Dialogue: 0,0:57:10.08,0:57:12.20,Default,,0000,0000,0000,,job vacancies globally with an average Dialogue: 0,0:57:12.20,0:57:13.24,Default,,0000,0000,0000,,salary of Dialogue: 0,0:57:13.24,0:57:15.32,Default,,0000,0000,0000,,$95,000 if you're interested to learn Dialogue: 0,0:57:15.32,0:57:17.08,Default,,0000,0000,0000,,more andly take part in the poll that's Dialogue: 0,0:57:17.08,0:57:18.84,Default,,0000,0000,0000,,going to be conducted now let us know Dialogue: 0,0:57:18.84,0:57:20.24,Default,,0000,0000,0000,,your preferred mode of training and we Dialogue: 0,0:57:20.24,0:57:23.04,Default,,0000,0000,0000,,will reach out to you Dialogue: 0,0:57:23.80,0:57:26.60,Default,,0000,0000,0000,,soon Dialogue: 0,0:57:26.60,0:57:29.44,Default,,0000,0000,0000,,uh Dr L shall we start with the Dialogue: 0,0:57:29.44,0:57:32.12,Default,,0000,0000,0000,,Q&A yes I'm ready Dialogue: 0,0:57:32.12,0:57:35.32,Default,,0000,0000,0000,,for okay our first question is how to Dialogue: 0,0:57:35.32,0:57:38.64,Default,,0000,0000,0000,,prove in court of law that the collected Dialogue: 0,0:57:38.64,0:57:40.84,Default,,0000,0000,0000,,evidence is from the same object and not Dialogue: 0,0:57:40.84,0:57:43.16,Default,,0000,0000,0000,,collected from any other Dialogue: 0,0:57:43.16,0:57:46.40,Default,,0000,0000,0000,,object this is a very important question Dialogue: 0,0:57:46.40,0:57:48.72,Default,,0000,0000,0000,,I really appreciate the clarification on Dialogue: 0,0:57:48.72,0:57:51.64,Default,,0000,0000,0000,,this topic as I said we have to be very Dialogue: 0,0:57:51.64,0:57:53.52,Default,,0000,0000,0000,,careful about the way we collect the Dialogue: 0,0:57:53.52,0:57:56.40,Default,,0000,0000,0000,,data when we are talking about objects Dialogue: 0,0:57:56.40,0:57:59.76,Default,,0000,0000,0000,,objects are associated to bits not to Dialogue: 0,0:57:59.76,0:58:02.36,Default,,0000,0000,0000,,bikes only but Bits And as I mention Dialogue: 0,0:58:02.36,0:58:05.76,Default,,0000,0000,0000,,multiple times when we do the copy of Dialogue: 0,0:58:05.76,0:58:08.68,Default,,0000,0000,0000,,the original data we want to make sure Dialogue: 0,0:58:08.68,0:58:11.96,Default,,0000,0000,0000,,that we always do bit by bit when you do Dialogue: 0,0:58:11.96,0:58:16.64,Default,,0000,0000,0000,,bit by bit and not B by B because a bit Dialogue: 0,0:58:16.64,0:58:21.60,Default,,0000,0000,0000,,implies up to 3.4 volts in electricity Dialogue: 0,0:58:21.60,0:58:24.12,Default,,0000,0000,0000,,we are eliminating the possibility of Dialogue: 0,0:58:24.12,0:58:27.84,Default,,0000,0000,0000,,mistake objects are bigger a bit do not Dialogue: 0,0:58:27.84,0:58:31.04,Default,,0000,0000,0000,,constitute an object objects are formed Dialogue: 0,0:58:31.04,0:58:34.20,Default,,0000,0000,0000,,by multiple bits this is why we have to Dialogue: 0,0:58:34.20,0:58:37.04,Default,,0000,0000,0000,,do the analysis bit by bit and I Dialogue: 0,0:58:37.04,0:58:40.24,Default,,0000,0000,0000,,mentioned that multiple Dialogue: 0,0:58:42.08,0:58:44.20,Default,,0000,0000,0000,,times thank you for answering that Dialogue: 0,0:58:44.20,0:58:46.52,Default,,0000,0000,0000,,question our next question is what kind Dialogue: 0,0:58:46.52,0:58:48.84,Default,,0000,0000,0000,,of forensic data can we obtain from the Dialogue: 0,0:58:48.84,0:58:51.04,Default,,0000,0000,0000,,encrypted data where the key is not Dialogue: 0,0:58:51.04,0:58:53.72,Default,,0000,0000,0000,,available to decrypt the Dialogue: 0,0:58:53.72,0:58:58.28,Default,,0000,0000,0000,,data could you please repeat the Dialogue: 0,0:58:58.52,0:59:01.52,Default,,0000,0000,0000,,question what kind of forensic data can Dialogue: 0,0:59:01.52,0:59:04.08,Default,,0000,0000,0000,,be obtained from the encrypted data Dialogue: 0,0:59:04.08,0:59:05.88,Default,,0000,0000,0000,,where the key is not available to Dialogue: 0,0:59:05.88,0:59:08.60,Default,,0000,0000,0000,,decrypt the Dialogue: 0,0:59:09.32,0:59:13.04,Default,,0000,0000,0000,,data you encryp Dialogue: 0,0:59:13.04,0:59:16.12,Default,,0000,0000,0000,,data uh I'll just P the question to you Dialogue: 0,0:59:16.12,0:59:19.60,Default,,0000,0000,0000,,on chat uh Dr Dialogue: 0,0:59:19.60,0:59:23.20,Default,,0000,0000,0000,,Ls I'm not watching the chat right now Dialogue: 0,0:59:23.20,0:59:26.64,Default,,0000,0000,0000,,something happened Dialogue: 0,0:59:28.32,0:59:30.36,Default,,0000,0000,0000,,I'm not watching the Dialogue: 0,0:59:30.36,0:59:34.68,Default,,0000,0000,0000,,shat sorry H long hello hello hello can Dialogue: 0,0:59:34.68,0:59:35.96,Default,,0000,0000,0000,,you hear Dialogue: 0,0:59:35.96,0:59:39.96,Default,,0000,0000,0000,,me yes I can hear you yes I have posted Dialogue: 0,0:59:39.96,0:59:43.44,Default,,0000,0000,0000,,the question on the chat Dr leis okay Dialogue: 0,0:59:43.44,0:59:47.48,Default,,0000,0000,0000,,okay please yes I have already pasted Dialogue: 0,0:59:47.48,0:59:50.60,Default,,0000,0000,0000,,okay let me check Dialogue: 0,0:59:53.64,0:59:56.40,Default,,0000,0000,0000,,here Dialogue: 0,0:59:56.40,0:59:59.68,Default,,0000,0000,0000,,okay give me a second okay what kind of Dialogue: 0,0:59:59.68,1:00:01.40,Default,,0000,0000,0000,,forensic data can be obtained from Dialogue: 0,1:00:01.40,1:00:04.80,Default,,0000,0000,0000,,encrypted data oh okay okay well this is Dialogue: 0,1:00:04.80,1:00:07.24,Default,,0000,0000,0000,,another misperception okay everybody Dialogue: 0,1:00:07.24,1:00:09.80,Default,,0000,0000,0000,,knows that when the data is encrypted we Dialogue: 0,1:00:09.80,1:00:12.64,Default,,0000,0000,0000,,cannot open the data or the particular Dialogue: 0,1:00:12.64,1:00:16.08,Default,,0000,0000,0000,,file document video any kind of Digital Dialogue: 0,1:00:16.08,1:00:18.52,Default,,0000,0000,0000,,forening Data let me tell you something Dialogue: 0,1:00:18.52,1:00:21.00,Default,,0000,0000,0000,,there are multiple forensic tools that Dialogue: 0,1:00:21.00,1:00:23.60,Default,,0000,0000,0000,,have the ability to decrypt the data Dialogue: 0,1:00:23.60,1:00:26.08,Default,,0000,0000,0000,,even when we don't have the key this and Dialogue: 0,1:00:26.08,1:00:28.64,Default,,0000,0000,0000,,I understand the key component and I Dialogue: 0,1:00:28.64,1:00:30.04,Default,,0000,0000,0000,,understand that the two type of Dialogue: 0,1:00:30.04,1:00:32.60,Default,,0000,0000,0000,,encryptions symmetric and asymmetric and Dialogue: 0,1:00:32.60,1:00:34.76,Default,,0000,0000,0000,,as I said I have multiple Publications Dialogue: 0,1:00:34.76,1:00:35.96,Default,,0000,0000,0000,,about Dialogue: 0,1:00:35.96,1:00:40.16,Default,,0000,0000,0000,,encryption ER but there is most likely Dialogue: 0,1:00:40.16,1:00:43.84,Default,,0000,0000,0000,,always the possibility to encrypt data Dialogue: 0,1:00:43.84,1:00:47.48,Default,,0000,0000,0000,,without having the encryption key I Dialogue: 0,1:00:47.48,1:00:49.56,Default,,0000,0000,0000,,understand that it doesn't sounds Dialogue: 0,1:00:49.56,1:00:52.28,Default,,0000,0000,0000,,popular it's not what we hear every Dialogue: 0,1:00:52.28,1:00:55.16,Default,,0000,0000,0000,,single time but when we spend specialize Dialogue: 0,1:00:55.16,1:00:58.52,Default,,0000,0000,0000,,on digital forensic we have usually the Dialogue: 0,1:00:58.52,1:01:01.84,Default,,0000,0000,0000,,tools we need to decrypt the data Dialogue: 0,1:01:01.84,1:01:04.32,Default,,0000,0000,0000,,especially if you are using artificial Dialogue: 0,1:01:04.32,1:01:07.40,Default,,0000,0000,0000,,intelligence also in the government at Dialogue: 0,1:01:07.40,1:01:09.28,Default,,0000,0000,0000,,least in the US government in my Dialogue: 0,1:01:09.28,1:01:12.16,Default,,0000,0000,0000,,operation in the operation I direct I Dialogue: 0,1:01:12.16,1:01:14.64,Default,,0000,0000,0000,,handle I supervise we are using Dialogue: 0,1:01:14.64,1:01:16.48,Default,,0000,0000,0000,,artificial intelligence for multiple Dialogue: 0,1:01:16.48,1:01:19.60,Default,,0000,0000,0000,,things in cyber security since Dialogue: 0,1:01:19.60,1:01:22.32,Default,,0000,0000,0000,,2017 and we are also using Quantum Dialogue: 0,1:01:22.32,1:01:24.76,Default,,0000,0000,0000,,Computing Quantum Computing is not not Dialogue: 0,1:01:24.76,1:01:28.84,Default,,0000,0000,0000,,coming quantum computer is in use in the Dialogue: 0,1:01:28.84,1:01:31.56,Default,,0000,0000,0000,,US government for years now so we are Dialogue: 0,1:01:31.56,1:01:34.52,Default,,0000,0000,0000,,using Quantum Computing for years there Dialogue: 0,1:01:34.52,1:01:37.32,Default,,0000,0000,0000,,are multiple ways to decrypt the data Dialogue: 0,1:01:37.32,1:01:40.64,Default,,0000,0000,0000,,when the encryption key is not available Dialogue: 0,1:01:40.64,1:01:42.72,Default,,0000,0000,0000,,multiple ways multiple applications as Dialogue: 0,1:01:42.72,1:01:45.32,Default,,0000,0000,0000,,well that help with the process it's Dialogue: 0,1:01:45.32,1:01:47.80,Default,,0000,0000,0000,,very time consuming but there is a Dialogue: 0,1:01:47.80,1:01:50.76,Default,,0000,0000,0000,,possibility for that and this is a great Dialogue: 0,1:01:50.76,1:01:53.24,Default,,0000,0000,0000,,question because the question is okay Dialogue: 0,1:01:53.24,1:01:55.56,Default,,0000,0000,0000,,how about the hard drive is encrypted Dialogue: 0,1:01:55.56,1:01:57.76,Default,,0000,0000,0000,,there is nothing that I can do right no Dialogue: 0,1:01:57.76,1:02:00.00,Default,,0000,0000,0000,,this is not like that there is always Dialogue: 0,1:02:00.00,1:02:02.48,Default,,0000,0000,0000,,ways to decrypt the data always it Dialogue: 0,1:02:02.48,1:02:04.92,Default,,0000,0000,0000,,doesn't matter how strong the encryption Dialogue: 0,1:02:04.92,1:02:06.96,Default,,0000,0000,0000,,is but you need to have the appropriate Dialogue: 0,1:02:06.96,1:02:09.64,Default,,0000,0000,0000,,tools of place for example I'm going to Dialogue: 0,1:02:09.64,1:02:13.32,Default,,0000,0000,0000,,mention just one in case when I present Dialogue: 0,1:02:13.32,1:02:17.32,Default,,0000,0000,0000,,this some tools that I suggest before I Dialogue: 0,1:02:17.32,1:02:20.84,Default,,0000,0000,0000,,said that in case is very expensive in Dialogue: 0,1:02:20.84,1:02:24.08,Default,,0000,0000,0000,,case do magic between quotation man in Dialogue: 0,1:02:24.08,1:02:26.24,Default,,0000,0000,0000,,case do multiple things that we don't Dialogue: 0,1:02:26.24,1:02:28.80,Default,,0000,0000,0000,,learn in the school Dialogue: 0,1:02:28.80,1:02:31.76,Default,,0000,0000,0000,,okay so I can see the other question Dialogue: 0,1:02:31.76,1:02:33.84,Default,,0000,0000,0000,,here how to adapt to investigation in Dialogue: 0,1:02:33.84,1:02:35.88,Default,,0000,0000,0000,,the cloud since the clouds provided do Dialogue: 0,1:02:35.88,1:02:38.16,Default,,0000,0000,0000,,not allow most of important operation to Dialogue: 0,1:02:38.16,1:02:41.52,Default,,0000,0000,0000,,access media when you have to do a case Dialogue: 0,1:02:41.52,1:02:45.40,Default,,0000,0000,0000,,or conduct digital forensic in the cloud Dialogue: 0,1:02:45.40,1:02:48.80,Default,,0000,0000,0000,,the cloud providers 99% of the time I Dialogue: 0,1:02:48.80,1:02:50.52,Default,,0000,0000,0000,,don't want to say 100 because I don't Dialogue: 0,1:02:50.52,1:02:52.96,Default,,0000,0000,0000,,want to risk on that but usually the Dialogue: 0,1:02:52.96,1:02:56.48,Default,,0000,0000,0000,,cloud providers include in the SLA in Dialogue: 0,1:02:56.48,1:02:58.52,Default,,0000,0000,0000,,the service level agreement what is Dialogue: 0,1:02:58.52,1:03:01.60,Default,,0000,0000,0000,,going to happen if a digital forensic or Dialogue: 0,1:03:01.60,1:03:04.16,Default,,0000,0000,0000,,any kind of Investigation needs to do Dialogue: 0,1:03:04.16,1:03:08.08,Default,,0000,0000,0000,,needs to be performed in the cloud space Dialogue: 0,1:03:08.08,1:03:11.08,Default,,0000,0000,0000,,so most likely the cloud operator is Dialogue: 0,1:03:11.08,1:03:13.60,Default,,0000,0000,0000,,going to facilitate access to everything Dialogue: 0,1:03:13.60,1:03:16.36,Default,,0000,0000,0000,,you need sometime you have to move and Dialogue: 0,1:03:16.36,1:03:19.32,Default,,0000,0000,0000,,go physically to the place in which the Dialogue: 0,1:03:19.32,1:03:20.96,Default,,0000,0000,0000,,data is Dialogue: 0,1:03:20.96,1:03:23.48,Default,,0000,0000,0000,,host don't believe that the cloud Dialogue: 0,1:03:23.48,1:03:25.64,Default,,0000,0000,0000,,provider doesn't know where the data is Dialogue: 0,1:03:25.64,1:03:28.92,Default,,0000,0000,0000,,host we know where the data is host Dialogue: 0,1:03:28.92,1:03:31.40,Default,,0000,0000,0000,,specifically I have been in San Diego Dialogue: 0,1:03:31.40,1:03:34.12,Default,,0000,0000,0000,,California and another States in Hawaii Dialogue: 0,1:03:34.12,1:03:35.80,Default,,0000,0000,0000,,back in Dialogue: 0,1:03:35.80,1:03:38.44,Default,,0000,0000,0000,,2019 as well doing forensic Dialogue: 0,1:03:38.44,1:03:40.84,Default,,0000,0000,0000,,investigation in a cloud environment it Dialogue: 0,1:03:40.84,1:03:43.08,Default,,0000,0000,0000,,was actually for something government Dialogue: 0,1:03:43.08,1:03:46.48,Default,,0000,0000,0000,,related and I was given the permission I Dialogue: 0,1:03:46.48,1:03:49.28,Default,,0000,0000,0000,,need to do any kind of Investigation so Dialogue: 0,1:03:49.28,1:03:52.00,Default,,0000,0000,0000,,Cloud providers facilitate forensic Dialogue: 0,1:03:52.00,1:03:54.64,Default,,0000,0000,0000,,analysis because forensic analysis are Dialogue: 0,1:03:54.64,1:03:58.08,Default,,0000,0000,0000,,usually related to legal cases there are Dialogue: 0,1:03:58.08,1:04:01.04,Default,,0000,0000,0000,,multiple cases in which in USA we don't Dialogue: 0,1:04:01.04,1:04:02.76,Default,,0000,0000,0000,,have access to this data and I'm going Dialogue: 0,1:04:02.76,1:04:06.60,Default,,0000,0000,0000,,to mention an example Tik Tok Tik Tok Dialogue: 0,1:04:06.60,1:04:08.64,Default,,0000,0000,0000,,the problem between the US government Dialogue: 0,1:04:08.64,1:04:11.84,Default,,0000,0000,0000,,and Tik Tok is that when Tik Tok get the Dialogue: 0,1:04:11.84,1:04:14.84,Default,,0000,0000,0000,,authorization to operate in USA the Dialogue: 0,1:04:14.84,1:04:18.56,Default,,0000,0000,0000,,government was one step behind behind Dialogue: 0,1:04:18.56,1:04:21.08,Default,,0000,0000,0000,,Okay and we don't regulate Tik Tok at Dialogue: 0,1:04:21.08,1:04:25.20,Default,,0000,0000,0000,,this point Tik Tok has the ability to Dialogue: 0,1:04:25.20,1:04:28.28,Default,,0000,0000,0000,,prevent forensic investigation in the Dialogue: 0,1:04:28.28,1:04:31.40,Default,,0000,0000,0000,,Tik Tok platforms for the US government Dialogue: 0,1:04:31.40,1:04:34.60,Default,,0000,0000,0000,,cour system or legal system okay but Dialogue: 0,1:04:34.60,1:04:37.68,Default,,0000,0000,0000,,again usually Cloud providers facilitate Dialogue: 0,1:04:37.68,1:04:40.76,Default,,0000,0000,0000,,investigation in the cloud 100% they Dialogue: 0,1:04:40.76,1:04:43.24,Default,,0000,0000,0000,,cooperate in every single manage they Dialogue: 0,1:04:43.24,1:04:48.00,Default,,0000,0000,0000,,have to facilitate the forensic Dialogue: 0,1:04:49.80,1:04:51.72,Default,,0000,0000,0000,,investigation thank you for answering Dialogue: 0,1:04:51.72,1:04:53.88,Default,,0000,0000,0000,,that question uh we'll take last Dialogue: 0,1:04:53.88,1:04:56.84,Default,,0000,0000,0000,,question for the day uh what is the best Dialogue: 0,1:04:56.84,1:05:00.28,Default,,0000,0000,0000,,open source free tools for social media Dialogue: 0,1:05:00.28,1:05:03.56,Default,,0000,0000,0000,,forensics there is no best open source Dialogue: 0,1:05:03.56,1:05:05.64,Default,,0000,0000,0000,,tool that is a combination of tools Dialogue: 0,1:05:05.64,1:05:08.56,Default,,0000,0000,0000,,number one digital forensic cannot be Dialogue: 0,1:05:08.56,1:05:10.64,Default,,0000,0000,0000,,performed categorically speaking with Dialogue: 0,1:05:10.64,1:05:14.52,Default,,0000,0000,0000,,one or two tools this is a complex time Dialogue: 0,1:05:14.52,1:05:18.24,Default,,0000,0000,0000,,consuming and expensive process I made Dialogue: 0,1:05:18.24,1:05:21.16,Default,,0000,0000,0000,,some suggestions it's included in the Dialogue: 0,1:05:21.16,1:05:26.08,Default,,0000,0000,0000,,slide ER let me see a slide Dialogue: 0,1:05:27.32,1:05:29.40,Default,,0000,0000,0000,,slide Dialogue: 0,1:05:29.40,1:05:31.00,Default,,0000,0000,0000,,number Dialogue: 0,1:05:31.00,1:05:34.12,Default,,0000,0000,0000,,16 okay this is the slide in which I Dialogue: 0,1:05:34.12,1:05:37.40,Default,,0000,0000,0000,,include in case autopsy the S some of Dialogue: 0,1:05:37.40,1:05:40.52,Default,,0000,0000,0000,,them are upper cases as I I'm sorry open Dialogue: 0,1:05:40.52,1:05:43.36,Default,,0000,0000,0000,,source as I mentioned before but there Dialogue: 0,1:05:43.36,1:05:46.04,Default,,0000,0000,0000,,is not a particular tool or two or three Dialogue: 0,1:05:46.04,1:05:48.12,Default,,0000,0000,0000,,tools that I will recommend because in Dialogue: 0,1:05:48.12,1:05:52.32,Default,,0000,0000,0000,,top of that every single forensic Dialogue: 0,1:05:52.32,1:05:54.64,Default,,0000,0000,0000,,investigation is about the different Dialogue: 0,1:05:54.64,1:05:57.44,Default,,0000,0000,0000,,process you cannot use the similar tools Dialogue: 0,1:05:57.44,1:06:00.72,Default,,0000,0000,0000,,this is why there are very at least in Dialogue: 0,1:06:00.72,1:06:04.40,Default,,0000,0000,0000,,USA very small amount of organizations Dialogue: 0,1:06:04.40,1:06:07.04,Default,,0000,0000,0000,,companies that specialize in digital Dialogue: 0,1:06:07.04,1:06:10.44,Default,,0000,0000,0000,,forensic as my company does the reason Dialogue: 0,1:06:10.44,1:06:13.52,Default,,0000,0000,0000,,why is because between many other things Dialogue: 0,1:06:13.52,1:06:15.92,Default,,0000,0000,0000,,lack of expertise and Dialogue: 0,1:06:15.92,1:06:19.24,Default,,0000,0000,0000,,expenses okay so I do not recommend a Dialogue: 0,1:06:19.24,1:06:21.80,Default,,0000,0000,0000,,particular tool instead the combination Dialogue: 0,1:06:21.80,1:06:24.44,Default,,0000,0000,0000,,of tools there are multiple open source Dialogue: 0,1:06:24.44,1:06:27.80,Default,,0000,0000,0000,,I mention a few in a slide number 16 of Dialogue: 0,1:06:27.80,1:06:30.76,Default,,0000,0000,0000,,my PowerPoint presentation but again Dialogue: 0,1:06:30.76,1:06:33.28,Default,,0000,0000,0000,,those are not sufficient those are the Dialogue: 0,1:06:33.28,1:06:35.56,Default,,0000,0000,0000,,most popular and Dialogue: 0,1:06:35.56,1:06:39.48,Default,,0000,0000,0000,,strong ER more accurate uh tools that Dialogue: 0,1:06:39.48,1:06:41.76,Default,,0000,0000,0000,,you can use for digital forensic but a Dialogue: 0,1:06:41.76,1:06:43.68,Default,,0000,0000,0000,,particular tool one or two to do Dialogue: 0,1:06:43.68,1:06:47.16,Default,,0000,0000,0000,,forensic investigation it doesn't exist Dialogue: 0,1:06:47.16,1:06:49.84,Default,,0000,0000,0000,,is impossible Dialogue: 0,1:06:51.72,1:06:54.04,Default,,0000,0000,0000,,doesn't thank you again to our wonderful Dialogue: 0,1:06:54.04,1:06:56.00,Default,,0000,0000,0000,,speaker Dr Lewis for answering those Dialogue: 0,1:06:56.00,1:06:57.96,Default,,0000,0000,0000,,questions and for the great presentation Dialogue: 0,1:06:57.96,1:06:59.72,Default,,0000,0000,0000,,and knowledge shared with our Global Dialogue: 0,1:06:59.72,1:07:01.72,Default,,0000,0000,0000,,audiences it was a pleasure to have you Dialogue: 0,1:07:01.72,1:07:03.56,Default,,0000,0000,0000,,with us and we are looking for more and Dialogue: 0,1:07:03.56,1:07:05.20,Default,,0000,0000,0000,,more sessions with you before we Dialogue: 0,1:07:05.20,1:07:06.88,Default,,0000,0000,0000,,conclude the webinar Dr LS would you Dialogue: 0,1:07:06.88,1:07:08.24,Default,,0000,0000,0000,,like to give a small message to our Dialogue: 0,1:07:08.24,1:07:10.68,Default,,0000,0000,0000,,audiences Dialogue: 0,1:07:10.68,1:07:14.16,Default,,0000,0000,0000,,please well no just want to thanks Dialogue: 0,1:07:14.16,1:07:16.76,Default,,0000,0000,0000,,everybody again the one that work Dialogue: 0,1:07:16.76,1:07:21.16,Default,,0000,0000,0000,,tiously behind the presentation to you Dialogue: 0,1:07:21.16,1:07:23.56,Default,,0000,0000,0000,,in e Council as always thank you very Dialogue: 0,1:07:23.56,1:07:25.44,Default,,0000,0000,0000,,much for the support for all the Dialogue: 0,1:07:25.44,1:07:28.00,Default,,0000,0000,0000,,attendees I hope you learn something new Dialogue: 0,1:07:28.00,1:07:31.56,Default,,0000,0000,0000,,let me clarify that every single content Dialogue: 0,1:07:31.56,1:07:34.16,Default,,0000,0000,0000,,wording words Etc that I have been Dialogue: 0,1:07:34.16,1:07:36.56,Default,,0000,0000,0000,,presenting for you is my original Dialogue: 0,1:07:36.56,1:07:39.12,Default,,0000,0000,0000,,creation 100% not Dialogue: 0,1:07:39.12,1:07:42.92,Default,,0000,0000,0000,,99.99 but 100% categorically speaking Dialogue: 0,1:07:42.92,1:07:44.96,Default,,0000,0000,0000,,and I put together those notes and Dialogue: 0,1:07:44.96,1:07:47.96,Default,,0000,0000,0000,,reflection for you guys with the hope Dialogue: 0,1:07:47.96,1:07:49.44,Default,,0000,0000,0000,,that you can come back to your Dialogue: 0,1:07:49.44,1:07:52.36,Default,,0000,0000,0000,,organization and ser better that you can Dialogue: 0,1:07:52.36,1:07:54.76,Default,,0000,0000,0000,,become a public servant Dialogue: 0,1:07:54.76,1:07:57.12,Default,,0000,0000,0000,,ER and go to the court and testify in Dialogue: 0,1:07:57.12,1:08:00.80,Default,,0000,0000,0000,,favor of the park that deserve your Dialogue: 0,1:08:00.80,1:08:03.60,Default,,0000,0000,0000,,benefits and I sincerely thank you for Dialogue: 0,1:08:03.60,1:08:05.60,Default,,0000,0000,0000,,the opportunity to share my expertise Dialogue: 0,1:08:05.60,1:08:08.64,Default,,0000,0000,0000,,with you guys have a nice weekend okay Dialogue: 0,1:08:08.64,1:08:10.20,Default,,0000,0000,0000,,thank you very much for the time in Dialogue: 0,1:08:10.20,1:08:13.16,Default,,0000,0000,0000,,question thank you so Dialogue: 0,1:08:14.28,1:08:16.92,Default,,0000,0000,0000,,much thank you so much Dr Louis for your Dialogue: 0,1:08:16.92,1:08:19.12,Default,,0000,0000,0000,,message before we end the session I Dialogue: 0,1:08:19.12,1:08:20.48,Default,,0000,0000,0000,,would like to announce the next cyber Dialogue: 0,1:08:20.48,1:08:23.04,Default,,0000,0000,0000,,talk session why are strong foundational Dialogue: 0,1:08:23.04,1:08:24.76,Default,,0000,0000,0000,,cyber securities skills essential for Dialogue: 0,1:08:24.76,1:08:26.96,Default,,0000,0000,0000,,every IT professional which is scheduled Dialogue: 0,1:08:26.96,1:08:29.28,Default,,0000,0000,0000,,on November 8 2023 this session is an Dialogue: 0,1:08:29.28,1:08:31.44,Default,,0000,0000,0000,,export presentation by Roger Smith Dialogue: 0,1:08:31.44,1:08:34.28,Default,,0000,0000,0000,,director car Managed IT industry fellow Dialogue: 0,1:08:34.28,1:08:36.72,Default,,0000,0000,0000,,at Australian Defense Force Academy to Dialogue: 0,1:08:36.72,1:08:38.36,Default,,0000,0000,0000,,register for this session please do go Dialogue: 0,1:08:38.36,1:08:40.40,Default,,0000,0000,0000,,visit our website Dialogue: 0,1:08:40.40,1:08:43.44,Default,,0000,0000,0000,,www.ccu.edu cybert talks the link is Dialogue: 0,1:08:43.44,1:08:45.28,Default,,0000,0000,0000,,given in the chat section hope to see Dialogue: 0,1:08:45.28,1:08:48.00,Default,,0000,0000,0000,,you all on November 8th with this VN the Dialogue: 0,1:08:48.00,1:08:49.88,Default,,0000,0000,0000,,session with this you may disconnect Dialogue: 0,1:08:49.88,1:08:52.08,Default,,0000,0000,0000,,your lines thank you thank you so much Dialogue: 0,1:08:52.08,1:08:55.24,Default,,0000,0000,0000,,Dr leis pleasure having you Dialogue: 0,1:08:55.24,1:08:57.32,Default,,0000,0000,0000,,likewise thank you very much for the Dialogue: 0,1:08:57.32,1:09:01.92,Default,,0000,0000,0000,,opportunity thank you have a good day