[Script Info]
Title: 
[Events]
Format: Layer, Start, End, Style, Name, MarginL, MarginR, MarginV, Effect, Text
Dialogue: 0,0:00:00.08,0:00:02.20,Default,,0000,0000,0000,,Hello, everyone, and welcome to today's
Dialogue: 0,0:00:02.20,0:00:05.72,Default,,0000,0000,0000,,session on digital forensics: best practices
Dialogue: 0,0:00:05.72,0:00:08.52,Default,,0000,0000,0000,,from data acquisition to analysis. I'm
Dialogue: 0,0:00:08.52,0:00:10.52,Default,,0000,0000,0000,,Shilpa Goswami, and I'll be your host
Dialogue: 0,0:00:10.52,0:00:13.44,Default,,0000,0000,0000,,for the day. Before we get
Dialogue: 0,0:00:13.44,0:00:16.00,Default,,0000,0000,0000,,started, we would like to go over a few
Dialogue: 0,0:00:16.00,0:00:18.04,Default,,0000,0000,0000,,house rules for our attendees. The
Dialogue: 0,0:00:18.04,0:00:20.44,Default,,0000,0000,0000,,session will be in listen-only mode and
Dialogue: 0,0:00:20.44,0:00:23.44,Default,,0000,0000,0000,,will last for an hour, of which the
Dialogue: 0,0:00:23.44,0:00:26.16,Default,,0000,0000,0000,,last 15 minutes will be dedicated to Q&A.
Dialogue: 0,0:00:26.16,0:00:28.04,Default,,0000,0000,0000,,If you have any questions during the
Dialogue: 0,0:00:28.04,0:00:30.52,Default,,0000,0000,0000,,webinar, for our organizers or
Dialogue: 0,0:00:30.52,0:00:34.20,Default,,0000,0000,0000,,speakers, please use the Q&A window. Also, if you
Dialogue: 0,0:00:34.20,0:00:36.44,Default,,0000,0000,0000,,face any audio or video challenges, please
Dialogue: 0,0:00:36.44,0:00:38.00,Default,,0000,0000,0000,,check your internet connection or you
Dialogue: 0,0:00:38.00,0:00:40.88,Default,,0000,0000,0000,,may log out and log in again. An
Dialogue: 0,0:00:40.88,0:00:43.64,Default,,0000,0000,0000,,important announcement for our audience:
Dialogue: 0,0:00:43.64,0:00:46.04,Default,,0000,0000,0000,,we have initiated CPE credit
Dialogue: 0,0:00:46.04,0:00:48.60,Default,,0000,0000,0000,,certificates for our participants. To
Dialogue: 0,0:00:48.60,0:00:51.48,Default,,0000,0000,0000,,qualify for one, attendees are required
Dialogue: 0,0:00:51.48,0:00:54.44,Default,,0000,0000,0000,,to attend the entire webinar and then
Dialogue: 0,0:00:54.44,0:00:59.11,Default,,0000,0000,0000,,send an email to cyber talks at eccouncil.org,
Dialogue: 0,0:00:59.11,0:01:00.88,Default,,0000,0000,0000,,after which our team will
Dialogue: 0,0:01:00.88,0:01:04.16,Default,,0000,0000,0000,,issue the CPE certificate. Also, we would
Dialogue: 0,0:01:04.16,0:01:06.32,Default,,0000,0000,0000,,like to inform our audience about the
Dialogue: 0,0:01:06.32,0:01:08.76,Default,,0000,0000,0000,,special handouts. Take a screenshot of
Dialogue: 0,0:01:08.76,0:01:11.40,Default,,0000,0000,0000,,the running webinar and post it on your
Dialogue: 0,0:01:11.40,0:01:14.64,Default,,0000,0000,0000,,social media, LinkedIn or Twitter, tagging
Dialogue: 0,0:01:14.64,0:01:18.44,Default,,0000,0000,0000,,EC Council and Cyber Talks. We will
Dialogue: 0,0:01:18.44,0:01:21.16,Default,,0000,0000,0000,,share free handouts with the first 15
Dialogue: 0,0:01:21.16,0:01:23.88,Default,,0000,0000,0000,,attendees. As a commitment to closing the
Dialogue: 0,0:01:23.88,0:01:26.88,Default,,0000,0000,0000,,cybersecurity workforce gap by creating
Dialogue: 0,0:01:26.88,0:01:30.36,Default,,0000,0000,0000,,multi-domain cyber technicians, EC Council
Dialogue: 0,0:01:30.36,0:01:34.72,Default,,0000,0000,0000,,pledges $3,500,000 towards ECT
Dialogue: 0,0:01:34.72,0:01:37.08,Default,,0000,0000,0000,,Education and Certification Scholarships
Dialogue: 0,0:01:37.08,0:01:40.16,Default,,0000,0000,0000,,to certify approximately 10,000 cyber
Dialogue: 0,0:01:40.16,0:01:42.88,Default,,0000,0000,0000,,professionals ready to contribute to the
Dialogue: 0,0:01:42.88,0:01:44.84,Default,,0000,0000,0000,,industry. Did you know that you can be
Dialogue: 0,0:01:44.84,0:01:46.44,Default,,0000,0000,0000,,part of the lucrative cybersecurity
Dialogue: 0,0:01:46.44,0:01:49.64,Default,,0000,0000,0000,,industry? Even top companies like Google,
Dialogue: 0,0:01:49.64,0:01:53.92,Default,,0000,0000,0000,,Microsoft, Amazon, IBM, Facebook, and Dell
Dialogue: 0,0:01:53.92,0:01:56.24,Default,,0000,0000,0000,,all hire cybersecurity professionals.
Dialogue: 0,0:01:56.24,0:01:58.52,Default,,0000,0000,0000,,The cybersecurity industry has a 0%
Dialogue: 0,0:01:58.52,0:02:00.44,Default,,0000,0000,0000,,unemployment rate. The average salary
Dialogue: 0,0:02:00.44,0:02:02.32,Default,,0000,0000,0000,,for an entry-level cybersecurity job is
Dialogue: 0,0:02:02.32,0:02:05.24,Default,,0000,0000,0000,,about $100,000 per year in the United
Dialogue: 0,0:02:05.24,0:02:07.28,Default,,0000,0000,0000,,States. Furthermore, you don't need to
Dialogue: 0,0:02:07.28,0:02:09.68,Default,,0000,0000,0000,,know coding, and you can learn from home, and
Dialogue: 0,0:02:09.68,0:02:11.28,Default,,0000,0000,0000,,you get a scholarship to kick-start your
Dialogue: 0,0:02:11.28,0:02:14.92,Default,,0000,0000,0000,,career. Apply now. EC Council is pledging
Dialogue: 0,0:02:14.92,0:02:19.47,Default,,0000,0000,0000,,a $3,500,000 CCT scholarship for cybersecurity
Dialogue: 0,0:02:19.47,0:02:20.92,Default,,0000,0000,0000,,career starters. Scan the QR
Dialogue: 0,0:02:20.92,0:02:22.32,Default,,0000,0000,0000,,code on the screen to apply for the
Dialogue: 0,0:02:22.32,0:02:25.12,Default,,0000,0000,0000,,scholarship. Fill out the form.
Dialogue: 0,0:02:31.52,0:02:33.80,Default,,0000,0000,0000,,Now, about our
Dialogue: 0,0:02:33.80,0:02:38.04,Default,,0000,0000,0000,,speaker Dr. Luis. Dr. Luis Noguerol is the
Dialogue: 0,0:02:38.04,0:02:40.36,Default,,0000,0000,0000,,Information Systems Security Officer for
Dialogue: 0,0:02:40.36,0:02:43.60,Default,,0000,0000,0000,,the U.S. Department of Commerce, NOAA,
Dialogue: 0,0:02:43.60,0:02:45.44,Default,,0000,0000,0000,,where he oversees the cybersecurity
Dialogue: 0,0:02:45.44,0:02:47.08,Default,,0000,0000,0000,,operation for six states in the
Dialogue: 0,0:02:47.08,0:02:49.92,Default,,0000,0000,0000,,Southeast Region. Dr. Luis is also the
Dialogue: 0,0:02:49.92,0:02:51.92,Default,,0000,0000,0000,,President and CEO of the Advanced
Dialogue: 0,0:02:51.92,0:02:54.44,Default,,0000,0000,0000,,Division of Informatics and Technology,
Dialogue: 0,0:02:54.44,0:02:57.92,Default,,0000,0000,0000,,Technology INC, a company that focuses on
Dialogue: 0,0:02:57.92,0:03:01.04,Default,,0000,0000,0000,,data recovery, digital forensics, and
Dialogue: 0,0:03:01.04,0:03:03.48,Default,,0000,0000,0000,,penetration testing. He is a world-renowned
Dialogue: 0,0:03:03.48,0:03:05.52,Default,,0000,0000,0000,,expert in data recovery, digital
Dialogue: 0,0:03:05.52,0:03:08.24,Default,,0000,0000,0000,,forensics, and penetration testing. He
Dialogue: 0,0:03:08.24,0:03:10.88,Default,,0000,0000,0000,,holds multiple globally recognized
Dialogue: 0,0:03:10.88,0:03:13.42,Default,,0000,0000,0000,,information technology and cybersecurity
Dialogue: 0,0:03:13.42,0:03:15.08,Default,,0000,0000,0000,,certifications and accreditations
Dialogue: 0,0:03:15.08,0:03:17.12,Default,,0000,0000,0000,,and is the recipient of multiple awards
Dialogue: 0,0:03:17.12,0:03:19.48,Default,,0000,0000,0000,,in technology, cybersecurity, and
Dialogue: 0,0:03:19.48,0:03:22.64,Default,,0000,0000,0000,,mathematics. He currently serves pro bono as
Dialogue: 0,0:03:22.64,0:03:25.04,Default,,0000,0000,0000,,an editorial board member and reviewer for the
Dialogue: 0,0:03:25.04,0:03:27.24,Default,,0000,0000,0000,,American Journal of Information Science
Dialogue: 0,0:03:27.24,0:03:29.76,Default,,0000,0000,0000,,and Technology, and is a member of the
Dialogue: 0,0:03:29.76,0:03:31.92,Default,,0000,0000,0000,,prestigious high-edging professor program for
Dialogue: 0,0:03:31.92,0:03:34.16,Default,,0000,0000,0000,,undergraduate and graduate programs at
Dialogue: 0,0:03:34.16,0:03:36.72,Default,,0000,0000,0000,,multiple universities in the U.S. and as a
Dialogue: 0,0:03:36.72,0:03:38.92,Default,,0000,0000,0000,,reviewer for the doctoral program at the
Dialogue: 0,0:03:38.92,0:03:42.24,Default,,0000,0000,0000,,University of Karachi in Pakistan. He is
Dialogue: 0,0:03:42.24,0:03:44.40,Default,,0000,0000,0000,,the author of multiple cybersecurity
Dialogue: 0,0:03:44.40,0:03:47.59,Default,,0000,0000,0000,,publications and articles, including Cybersecurity
Dialogue: 0,0:03:47.59,0:03:49.52,Default,,0000,0000,0000,,Issues in Blockchain: Challenges and
Dialogue: 0,0:03:49.52,0:03:52.20,Default,,0000,0000,0000,,Possible Solutions. He is also one of
Dialogue: 0,0:03:52.20,0:03:54.20,Default,,0000,0000,0000,,the co-authors and reviewers of the
Dialogue: 0,0:03:54.20,0:03:56.84,Default,,0000,0000,0000,,worldwide acclaimed book, Intrusion
Dialogue: 0,0:03:56.84,0:03:58.68,Default,,0000,0000,0000,,Detection Guide.
Dialogue: 0,0:03:58.68,0:04:01.28,Default,,0000,0000,0000,,Prior to obtaining his doctorate
Dialogue: 0,0:04:01.28,0:04:02.80,Default,,0000,0000,0000,,degree in Information Systems and
Dialogue: 0,0:04:02.80,0:04:04.64,Default,,0000,0000,0000,,Technologies from the University of
Dialogue: 0,0:04:04.64,0:04:08.04,Default,,0000,0000,0000,,Phoenix, Dr. Luis earned a Bachelor's in
Dialogue: 0,0:04:08.04,0:04:11.60,Default,,0000,0000,0000,,Science and Radio Technical and
Dialogue: 0,0:04:11.60,0:04:14.16,Default,,0000,0000,0000,,Electronic Engineering, a
Dialogue: 0,0:04:14.16,0:04:15.44,Default,,0000,0000,0000,,Bachelor of Science in
Dialogue: 0,0:04:15.44,0:04:17.68,Default,,0000,0000,0000,,Telecommunications and Networking, and a
Dialogue: 0,0:04:17.68,0:04:19.52,Default,,0000,0000,0000,,Master of Science in Mathematics and
Dialogue: 0,0:04:19.52,0:04:20.60,Default,,0000,0000,0000,,Computer Science.
Dialogue: 0,0:04:20.60,0:04:22.84,Default,,0000,0000,0000,,Without any further delay, I will
Dialogue: 0,0:04:22.84,0:04:25.76,Default,,0000,0000,0000,,hand over the session to you, Dr. Luis.
Dialogue: 0,0:04:25.76,0:04:29.03,Default,,0000,0000,0000,,Thank you very much. Thanks. Okay.
Dialogue: 0,0:04:29.84,0:04:32.96,Default,,0000,0000,0000,,Good morning, everybody. Good afternoon, and
Dialogue: 0,0:04:32.96,0:04:35.44,Default,,0000,0000,0000,,good night, depending on the specific
Dialogue: 0,0:04:35.44,0:04:38.44,Default,,0000,0000,0000,,area in which you reside. We are going to
Dialogue: 0,0:04:38.44,0:04:40.48,Default,,0000,0000,0000,,have an interesting conversation today
Dialogue: 0,0:04:40.48,0:04:42.48,Default,,0000,0000,0000,,about digital forensic best practices
Dialogue: 0,0:04:42.48,0:04:44.48,Default,,0000,0000,0000,,from data acquisition to analysis. This
Dialogue: 0,0:04:44.48,0:04:47.28,Default,,0000,0000,0000,,is the title of the presentation or
Dialogue: 0,0:04:47.28,0:04:50.72,Default,,0000,0000,0000,,subject, and I’m more than happy to be
Dialogue: 0,0:04:50.72,0:04:52.68,Default,,0000,0000,0000,,here with you all and share some of
Dialogue: 0,0:04:52.68,0:04:57.76,Default,,0000,0000,0000,,my expertise. So, let's go ahead and start the conference,
Dialogue: 0,0:04:57.76,0:05:00.72,Default,,0000,0000,0000,,okay? She already mentioned
Dialogue: 0,0:05:00.72,0:05:02.52,Default,,0000,0000,0000,,some of my credentials.
Dialogue: 0,0:05:02.52,0:05:05.79,Default,,0000,0000,0000,,I have been working in cybersecurity
Dialogue: 0,0:05:05.79,0:05:08.76,Default,,0000,0000,0000,,at this point for over 41 years.
Dialogue: 0,0:05:08.76,0:05:11.60,Default,,0000,0000,0000,,This is in my DNA, a topic that I didn’t
Dialogue: 0,0:05:11.60,0:05:14.28,Default,,0000,0000,0000,,like and respect as much as I cannot
Dialogue: 0,0:05:14.28,0:05:17.28,Default,,0000,0000,0000,,talk about any other topic in my life.
Dialogue: 0,0:05:17.28,0:05:20.84,Default,,0000,0000,0000,,Before we go, I have here a statement that
Dialogue: 0,0:05:20.84,0:05:23.68,Default,,0000,0000,0000,,I put together for you, okay? Digital
Dialogue: 0,0:05:23.68,0:05:26.44,Default,,0000,0000,0000,,forensic best practices. Well,
Dialogue: 0,0:05:26.44,0:05:28.72,Default,,0000,0000,0000,,consideration number one: just to break
Dialogue: 0,0:05:28.72,0:05:31.36,Default,,0000,0000,0000,,the ice in the labyrinth of
Dialogue: 0,0:05:31.36,0:05:35.48,Default,,0000,0000,0000,,cyberspace, where shadows dance through encased
Dialogue: 0,0:05:35.48,0:05:38.36,Default,,0000,0000,0000,,passages and data whispers its secrets, the
Dialogue: 0,0:05:38.36,0:05:41.60,Default,,0000,0000,0000,,digital detective emerges. This is us, the
Dialogue: 0,0:05:41.60,0:05:44.48,Default,,0000,0000,0000,,digital forensic experts. Clad in lines of
Dialogue: 0,0:05:44.48,0:05:47.88,Default,,0000,0000,0000,,code and armed with algorithms, we seek
Dialogue: 0,0:05:47.88,0:05:51.92,Default,,0000,0000,0000,,the hidden treasures of truth and
Dialogue: 0,0:05:51.92,0:05:55.08,Default,,0000,0000,0000,,solving enigmatic cybercrimes. With a visual
Dialogue: 0,0:05:55.08,0:05:58.08,Default,,0000,0000,0000,,magnifying glass, this is what we do: we
Dialogue: 0,0:05:58.08,0:06:01.12,Default,,0000,0000,0000,,dissect the digital tapestry,
Dialogue: 0,0:06:01.12,0:06:03.80,Default,,0000,0000,0000,,unveiling the footprints of elusive
Dialogue: 0,0:06:03.80,0:06:07.96,Default,,0000,0000,0000,,cyber cultures. This is what cyber forensics, or
Dialogue: 0,0:06:07.96,0:06:11.40,Default,,0000,0000,0000,,digital forensics, is about. Each keystroke and
Dialogue: 0,0:06:11.40,0:06:14.04,Default,,0000,0000,0000,,pixel holds a clue, something that we can
Dialogue: 0,0:06:14.04,0:06:18.36,Default,,0000,0000,0000,,use in our favor. And in this mesmerizing
Dialogue: 0,0:06:18.36,0:06:23.08,Default,,0000,0000,0000,,world of the digital era, ones and zeros,
Dialogue: 0,0:06:23.08,0:06:25.92,Default,,0000,0000,0000,,the art of digital forensics is about
Dialogue: 0,0:06:25.92,0:06:28.96,Default,,0000,0000,0000,,finding the secret of the digital reality. Digital
Dialogue: 0,0:06:28.96,0:06:33.60,Default,,0000,0000,0000,,forensics is about finding evidence
Dialogue: 0,0:06:33.60,0:06:36.36,Default,,0000,0000,0000,,that can lead to a particular process. It
Dialogue: 0,0:06:36.36,0:06:38.64,Default,,0000,0000,0000,,can be a legal process, or it can be any
Dialogue: 0,0:06:38.64,0:06:41.12,Default,,0000,0000,0000,,other kind of process. But what is
Dialogue: 0,0:06:41.12,0:06:44.20,Default,,0000,0000,0000,,digital forensics from my point of view?
Dialogue: 0,0:06:44.20,0:06:47.12,Default,,0000,0000,0000,,Well, I mentioned earlier that I've
Dialogue: 0,0:06:47.12,0:06:50.04,Default,,0000,0000,0000,,been working in cybersecurity for 41 years.
Dialogue: 0,0:06:50.04,0:06:52.72,Default,,0000,0000,0000,,My specialties are in penetration
Dialogue: 0,0:06:52.72,0:06:55.12,Default,,0000,0000,0000,,testing, data recovery, and digital forensics.
Dialogue: 0,0:06:55.12,0:06:57.04,Default,,0000,0000,0000,,I’ve been working for the
Dialogue: 0,0:06:57.04,0:06:59.40,Default,,0000,0000,0000,,police department in multiple places
Dialogue: 0,0:06:59.40,0:07:02.88,Default,,0000,0000,0000,,doing digital forensics for them. So I try to
Dialogue: 0,0:07:02.88,0:07:06.08,Default,,0000,0000,0000,,put together an easy definition for you from my
Dialogue: 0,0:07:06.08,0:07:08.36,Default,,0000,0000,0000,,standpoint about what digital forensics
Dialogue: 0,0:07:08.36,0:07:11.72,Default,,0000,0000,0000,,is. Digital forensics investigates digital
Dialogue: 0,0:07:11.72,0:07:15.00,Default,,0000,0000,0000,,devices and electronic data to use as
Dialogue: 0,0:07:15.00,0:07:17.64,Default,,0000,0000,0000,,evidence. Please note that I don’t say
Dialogue: 0,0:07:17.64,0:07:20.92,Default,,0000,0000,0000,,electronic information; I use the word "data"
Dialogue: 0,0:07:20.92,0:07:24.20,Default,,0000,0000,0000,,intentionally to understand digital events
Dialogue: 0,0:07:24.20,0:07:27.76,Default,,0000,0000,0000,,and trace illicit activities. This is a key
Dialogue: 0,0:07:27.76,0:07:30.76,Default,,0000,0000,0000,,component of digital forensics. Normally
Dialogue: 0,0:07:30.76,0:07:33.88,Default,,0000,0000,0000,,speaking, digital forensics happens, of
Dialogue: 0,0:07:33.88,0:07:37.16,Default,,0000,0000,0000,,course, after the facts, and the idea of
Dialogue: 0,0:07:37.16,0:07:40.76,Default,,0000,0000,0000,,digital forensics is identifying traces,
Dialogue: 0,0:07:40.76,0:07:43.64,Default,,0000,0000,0000,,okay, that lead to particular data that
Dialogue: 0,0:07:43.64,0:07:45.84,Default,,0000,0000,0000,,we can gather together and make a
Dialogue: 0,0:07:45.84,0:07:49.04,Default,,0000,0000,0000,,conclusion. It involves the systematic
Dialogue: 0,0:07:49.04,0:07:51.76,Default,,0000,0000,0000,,collection, preservation, analysis, and
Dialogue: 0,0:07:51.76,0:07:54.36,Default,,0000,0000,0000,,presentation of digital evidence in
Dialogue: 0,0:07:54.36,0:07:56.52,Default,,0000,0000,0000,,legal proceedings. This is key
Dialogue: 0,0:07:56.52,0:07:59.44,Default,,0000,0000,0000,,today because we are technology-dependent,
Dialogue: 0,0:07:59.44,0:08:02.00,Default,,0000,0000,0000,,and there are multiple states,
Dialogue: 0,0:08:02.00,0:08:05.20,Default,,0000,0000,0000,,at least in the USA and some other countries,
Dialogue: 0,0:08:05.20,0:08:07.44,Default,,0000,0000,0000,,where digital forensics is still in
Dialogue: 0,0:08:07.44,0:08:10.28,Default,,0000,0000,0000,,limbo because it's not accepted in the
Dialogue: 0,0:08:10.28,0:08:13.20,Default,,0000,0000,0000,,court of law. Okay. So, this is very
Dialogue: 0,0:08:13.20,0:08:16.16,Default,,0000,0000,0000,,important to keep in mind. What are we
Dialogue: 0,0:08:16.16,0:08:18.36,Default,,0000,0000,0000,,going to do from the digital forensics
Dialogue: 0,0:08:18.36,0:08:20.80,Default,,0000,0000,0000,,standpoint, the data collection process,
Dialogue: 0,0:08:20.80,0:08:23.32,Default,,0000,0000,0000,,and the analysis? Digital forensics
Dialogue: 0,0:08:23.32,0:08:25.64,Default,,0000,0000,0000,,experts use specialized techniques and
Dialogue: 0,0:08:25.64,0:08:29.28,Default,,0000,0000,0000,,tools to extract data from computers,
Dialogue: 0,0:08:29.28,0:08:32.40,Default,,0000,0000,0000,,smartphones, networks, and digital storage
Dialogue: 0,0:08:32.40,0:08:34.96,Default,,0000,0000,0000,,media to support investigations and
Dialogue: 0,0:08:34.96,0:08:37.56,Default,,0000,0000,0000,,resolve legal matters. So this is
Dialogue: 0,0:08:37.56,0:08:40.56,Default,,0000,0000,0000,,basically what digital forensics is
Dialogue: 0,0:08:40.56,0:08:42.84,Default,,0000,0000,0000,,about. Let's go ahead and start with the
Dialogue: 0,0:08:42.84,0:08:45.72,Default,,0000,0000,0000,,technical part, which is the topic I like
Dialogue: 0,0:08:45.72,0:08:49.44,Default,,0000,0000,0000,,most. Okay, let's talk about those
Dialogue: 0,0:08:49.44,0:08:51.52,Default,,0000,0000,0000,,30 best practices that I’ve put
Dialogue: 0,0:08:51.52,0:08:53.68,Default,,0000,0000,0000,,together for you. At the end of the
Dialogue: 0,0:08:53.68,0:08:55.20,Default,,0000,0000,0000,,presentation, you will have the
Dialogue: 0,0:08:55.20,0:08:57.84,Default,,0000,0000,0000,,opportunity to ask as many questions as
Dialogue: 0,0:08:57.84,0:09:01.08,Default,,0000,0000,0000,,you like. 1. You have to
Dialogue: 0,0:09:01.08,0:09:03.76,Default,,0000,0000,0000,,follow the legal and ethical standards:
Dialogue: 0,0:09:03.76,0:09:06.36,Default,,0000,0000,0000,,For this particular first point, I am not
Dialogue: 0,0:09:06.36,0:09:08.68,Default,,0000,0000,0000,,going to make any comment. I believe that
Dialogue: 0,0:09:08.68,0:09:12.28,Default,,0000,0000,0000,,ethics is a key component
Dialogue: 0,0:09:12.28,0:09:14.96,Default,,0000,0000,0000,,of cybersecurity. We always
Dialogue: 0,0:09:14.96,0:09:18.36,Default,,0000,0000,0000,,have to follow the rules. We must always
Dialogue: 0,0:09:18.36,0:09:21.12,Default,,0000,0000,0000,,follow the legal procedures in the
Dialogue: 0,0:09:21.12,0:09:24.08,Default,,0000,0000,0000,,places in which we operate because every
Dialogue: 0,0:09:24.08,0:09:26.64,Default,,0000,0000,0000,,single place is a different component.
Dialogue: 0,0:09:26.64,0:09:30.64,Default,,0000,0000,0000,,2. Understand the original evidence:
Dialogue: 0,0:09:30.64,0:09:33.24,Default,,0000,0000,0000,,This is key. Okay. You always have to
Dialogue: 0,0:09:33.24,0:09:35.48,Default,,0000,0000,0000,,maintain the integrity of the original
Dialogue: 0,0:09:35.48,0:09:38.32,Default,,0000,0000,0000,,evidence to ensure it is admissible in
Dialogue: 0,0:09:38.32,0:09:42.28,Default,,0000,0000,0000,,court. Any kind of manipulation
Dialogue: 0,0:09:42.28,0:09:46.24,Default,,0000,0000,0000,,or modification will result in
Dialogue: 0,0:09:46.24,0:09:48.88,Default,,0000,0000,0000,,disqualification from the court system.
Dialogue: 0,0:09:48.88,0:09:50.92,Default,,0000,0000,0000,,Document everything: This is something
Dialogue: 0,0:09:50.92,0:09:52.84,Default,,0000,0000,0000,,that technical people like me don’t
Dialogue: 0,0:09:52.84,0:09:56.24,Default,,0000,0000,0000,,like too much, but when it comes to
Dialogue: 0,0:09:56.24,0:09:58.88,Default,,0000,0000,0000,,digital forensics, we have to document
Dialogue: 0,0:09:58.88,0:10:01.24,Default,,0000,0000,0000,,every single step we take. We have to
Dialogue: 0,0:10:01.24,0:10:04.36,Default,,0000,0000,0000,,record all the steps we
Dialogue: 0,0:10:04.36,0:10:07.36,Default,,0000,0000,0000,,follow, and we want to make sure that
Dialogue: 0,0:10:07.36,0:10:09.76,Default,,0000,0000,0000,,everything is documented and recorded in
Dialogue: 0,0:10:09.76,0:10:13.12,Default,,0000,0000,0000,,a specific chronological order. This is
Dialogue: 0,0:10:13.12,0:10:16.16,Default,,0000,0000,0000,,a key component for digital
Dialogue: 0,0:10:16.16,0:10:19.08,Default,,0000,0000,0000,,forensics or investigations to be accepted
Dialogue: 0,0:10:19.08,0:10:22.76,Default,,0000,0000,0000,,in the court of law. Secure the scene:
Dialogue: 0,0:10:22.76,0:10:25.60,Default,,0000,0000,0000,,It’s not just physical
Dialogue: 0,0:10:25.60,0:10:27.88,Default,,0000,0000,0000,,crime scenes that need to be secured to prevent
Dialogue: 0,0:10:27.88,0:10:29.92,Default,,0000,0000,0000,,contamination or tampering.
Dialogue: 0,0:10:29.92,0:10:33.40,Default,,0000,0000,0000,,If you present anything in court and
Dialogue: 0,0:10:33.40,0:10:35.28,Default,,0000,0000,0000,,the opposing party
Dialogue: 0,0:10:35.28,0:10:38.04,Default,,0000,0000,0000,,has the ability to prove that
Dialogue: 0,0:10:38.04,0:10:40.44,Default,,0000,0000,0000,,something was not preserved, the
Dialogue: 0,0:10:40.44,0:10:43.44,Default,,0000,0000,0000,,conversation is over. Chain of custody:
Dialogue: 0,0:10:43.44,0:10:45.28,Default,,0000,0000,0000,,I’m going to repeat this more than
Dialogue: 0,0:10:45.28,0:10:48.40,Default,,0000,0000,0000,,once during the presentation. Sorry.
Dialogue: 0,0:10:48.40,0:10:51.60,Default,,0000,0000,0000,,Chain of custody refers to how you
Dialogue: 0,0:10:51.60,0:10:53.16,Default,,0000,0000,0000,,establish and maintain
Dialogue: 0,0:10:53.16,0:10:56.24,Default,,0000,0000,0000,,the evidence and the process
Dialogue: 0,0:10:56.24,0:10:58.84,Default,,0000,0000,0000,,that facilitates how the
Dialogue: 0,0:10:58.84,0:11:02.00,Default,,0000,0000,0000,,tracking process is handled. Use-Write-
Dialogue: 0,0:11:02.00,0:11:04.04,Default,,0000,0000,0000,,Blocking Tools: This is another key
Dialogue: 0,0:11:04.04,0:11:07.48,Default,,0000,0000,0000,,component of digital forensics. It means
Dialogue: 0,0:11:07.48,0:11:10.12,Default,,0000,0000,0000,,that you have to use the appropriate
Dialogue: 0,0:11:10.12,0:11:12.40,Default,,0000,0000,0000,,hardware and software that allow for
Dialogue: 0,0:11:12.40,0:11:14.36,Default,,0000,0000,0000,,write blockers when you are collecting
Dialogue: 0,0:11:14.36,0:11:17.80,Default,,0000,0000,0000,,data to prevent alteration. There are a
Dialogue: 0,0:11:17.80,0:11:20.24,Default,,0000,0000,0000,,set of tools you can use, and at the end
Dialogue: 0,0:11:20.24,0:11:22.44,Default,,0000,0000,0000,,of the presentation, I’m going to provide
Dialogue: 0,0:11:22.44,0:11:25.88,Default,,0000,0000,0000,,you with a specific set
Dialogue: 0,0:11:25.88,0:11:29.99,Default,,0000,0000,0000,,of tools you can use as write-blocking
Dialogue: 0,0:11:29.99,0:11:32.56,Default,,0000,0000,0000,,tools. Verify hashing or hash
Dialogue: 0,0:11:32.56,0:11:35.92,Default,,0000,0000,0000,,values. This is how you calculate and compare
Dialogue: 0,0:11:35.92,0:11:38.88,Default,,0000,0000,0000,,hash values to verify the data's integrity.
Dialogue: 0,0:11:38.88,0:11:41.48,Default,,0000,0000,0000,,There is often confusion about integrity,
Dialogue: 0,0:11:41.48,0:11:44.24,Default,,0000,0000,0000,,confidentiality, and availability. In
Dialogue: 0,0:11:44.24,0:11:46.52,Default,,0000,0000,0000,,digital forensics, the most important
Dialogue: 0,0:11:46.52,0:11:49.64,Default,,0000,0000,0000,,component is integrity. It means that we
Dialogue: 0,0:11:49.64,0:11:52.56,Default,,0000,0000,0000,,must make every effort to
Dialogue: 0,0:11:52.56,0:11:55.04,Default,,0000,0000,0000,,ensure that the data is not modified in
Dialogue: 0,0:11:55.04,0:11:58.08,Default,,0000,0000,0000,,any possible way, from the time we
Dialogue: 0,0:11:58.08,0:11:59.56,Default,,0000,0000,0000,,arrive at the scene
Dialogue: 0,0:11:59.56,0:12:02.44,Default,,0000,0000,0000,,to the time we present the evidence
Dialogue: 0,0:12:02.44,0:12:05.56,Default,,0000,0000,0000,,in court and even after that as well. So
Dialogue: 0,0:12:05.56,0:12:08.84,Default,,0000,0000,0000,,other component is Collect volatile data
Dialogue: 0,0:12:08.84,0:12:12.60,Default,,0000,0000,0000,,first. Okay, this obviously makes perfect
Dialogue: 0,0:12:12.60,0:12:15.80,Default,,0000,0000,0000,,sense. You have to prioritize this
Dialogue: 0,0:12:15.80,0:12:18.40,Default,,0000,0000,0000,,type of data collection as it can be
Dialogue: 0,0:12:18.40,0:12:20.48,Default,,0000,0000,0000,,lost or modified when the system is
Dialogue: 0,0:12:20.48,0:12:23.28,Default,,0000,0000,0000,,powered down. For many of you, what I’m
Dialogue: 0,0:12:23.28,0:12:25.12,Default,,0000,0000,0000,,going to tell you may
Dialogue: 0,0:12:25.12,0:12:28.40,Default,,0000,0000,0000,,sound not appropriate, and this is the
Dialogue: 0,0:12:28.40,0:12:30.24,Default,,0000,0000,0000,,following assessment:
Dialogue: 0,0:12:30.24,0:12:34.32,Default,,0000,0000,0000,,we've been told from the time we
Dialogue: 0,0:12:34.32,0:12:36.88,Default,,0000,0000,0000,,arrived at school and even at work
Dialogue: 0,0:12:36.88,0:12:45.36,Default,,0000,0000,0000,,that information or data in random access memory (RAM) disappears when the
Dialogue: 0,0:12:45.36,0:12:50.84,Default,,0000,0000,0000,,computer is shut down. Back in 2019,
Dialogue: 0,0:12:50.84,0:12:53.04,Default,,0000,0000,0000,,I made a presentation similar to
Dialogue: 0,0:12:53.04,0:12:55.20,Default,,0000,0000,0000,,this one for this account, in
Dialogue: 0,0:12:55.20,0:12:58.28,Default,,0000,0000,0000,,which I proved that the data in RAM
Dialogue: 0,0:12:58.28,0:13:01.32,Default,,0000,0000,0000,,can be recovered. Okay. So, what we have been
Dialogue: 0,0:13:01.32,0:13:03.92,Default,,0000,0000,0000,,learning in multiple places, and what you can
Dialogue: 0,0:13:03.92,0:13:06.96,Default,,0000,0000,0000,,easily find on Google, that data in RAM
Dialogue: 0,0:13:06.96,0:13:09.12,Default,,0000,0000,0000,,is lost when
Dialogue: 0,0:13:09.12,0:13:11.60,Default,,0000,0000,0000,,computers are powered down, is not
Dialogue: 0,0:13:11.60,0:13:14.88,Default,,0000,0000,0000,,exactly correct. The other component is
Dialogue: 0,0:13:14.88,0:13:17.36,Default,,0000,0000,0000,,Forensic image. You have to create a
Dialogue: 0,0:13:17.36,0:13:19.92,Default,,0000,0000,0000,,forensic image of storage devices to
Dialogue: 0,0:13:19.92,0:13:22.56,Default,,0000,0000,0000,,work with copies. You must always
Dialogue: 0,0:13:22.56,0:13:25.44,Default,,0000,0000,0000,,present the original evidence. This is a
Dialogue: 0,0:13:25.44,0:13:30.04,Default,,0000,0000,0000,,requirement in the court of law. You must
Dialogue: 0,0:13:30.04,0:13:32.88,Default,,0000,0000,0000,,present the original evidence every single
Dialogue: 0,0:13:32.88,0:13:35.32,Default,,0000,0000,0000,,time. The other component is the Data
Dialogue: 0,0:13:35.32,0:13:38.60,Default,,0000,0000,0000,,recovery. Data recovery is closely
Dialogue: 0,0:13:38.60,0:13:41.64,Default,,0000,0000,0000,,associated with digital forensics for
Dialogue: 0,0:13:41.64,0:13:43.80,Default,,0000,0000,0000,,obvious reasons. Okay. You have to
Dialogue: 0,0:13:43.80,0:13:46.64,Default,,0000,0000,0000,,employ specialized tools to recover
Dialogue: 0,0:13:46.64,0:13:51.40,Default,,0000,0000,0000,,deleted or hidden data. This is also
Dialogue: 0,0:13:51.40,0:13:53.80,Default,,0000,0000,0000,,something to keep in mind. At the end,
Dialogue: 0,0:13:53.80,0:13:56.20,Default,,0000,0000,0000,,I'm going to provide some specific
Dialogue: 0,0:13:56.20,0:13:58.44,Default,,0000,0000,0000,,applications you can use to do data
Dialogue: 0,0:13:58.44,0:13:59.58,Default,,0000,0000,0000,,recovery.
Dialogue: 0,0:14:00.04,0:14:02.96,Default,,0000,0000,0000,,Timeline analysis: You must construct
Dialogue: 0,0:14:02.96,0:14:06.16,Default,,0000,0000,0000,,and analyze timelines to understand the
Dialogue: 0,0:14:06.16,0:14:09.40,Default,,0000,0000,0000,,sequence of events. What happened first? The
Dialogue: 0,0:14:09.40,0:14:12.56,Default,,0000,0000,0000,,chronological order is a mandatory
Dialogue: 0,0:14:12.56,0:14:14.72,Default,,0000,0000,0000,,requirement in the court of law. You
Dialogue: 0,0:14:14.72,0:14:17.00,Default,,0000,0000,0000,,cannot present evidence in court
Dialogue: 0,0:14:17.00,0:14:19.64,Default,,0000,0000,0000,,in a random manner. You have to
Dialogue: 0,0:14:19.64,0:14:22.44,Default,,0000,0000,0000,,follow the specific chronological order.
Dialogue: 0,0:14:22.44,0:14:25.24,Default,,0000,0000,0000,,The other consideration is Preserving
Dialogue: 0,0:14:25.24,0:14:28.08,Default,,0000,0000,0000,,the metadata. Ensure metadata integrity
Dialogue: 0,0:14:28.08,0:14:30.68,Default,,0000,0000,0000,,to verify results, timing, and
Dialogue: 0,0:14:30.68,0:14:33.76,Default,,0000,0000,0000,,authenticity of the digital artifacts you
Dialogue: 0,0:14:33.76,0:14:36.48,Default,,0000,0000,0000,,are going to present in the court of law.
Dialogue: 0,0:14:36.48,0:14:39.84,Default,,0000,0000,0000,,Use known good reference data: This
Dialogue: 0,0:14:39.84,0:14:42.24,Default,,0000,0000,0000,,means you have to compare the
Dialogue: 0,0:14:42.24,0:14:44.76,Default,,0000,0000,0000,,collected data with known
Dialogue: 0,0:14:44.76,0:14:46.80,Default,,0000,0000,0000,,good reference data to identify
Dialogue: 0,0:14:46.80,0:14:50.60,Default,,0000,0000,0000,,anomalies, specific patterns, and
Dialogue: 0,0:14:50.60,0:14:53.84,Default,,0000,0000,0000,,statistical processes. Many times, you have
Dialogue: 0,0:14:53.84,0:14:57.08,Default,,0000,0000,0000,,to do this as well. Antiforensic
Dialogue: 0,0:14:57.08,0:14:59.80,Default,,0000,0000,0000,,awareness: You have to be aware of the
Dialogue: 0,0:14:59.80,0:15:03.08,Default,,0000,0000,0000,,antiforensic techniques in use.
Dialogue: 0,0:15:03.08,0:15:05.92,Default,,0000,0000,0000,,There are multiple applications
Dialogue: 0,0:15:05.92,0:15:09.36,Default,,0000,0000,0000,,that work against digital forensics. So,
Dialogue: 0,0:15:09.36,0:15:11.96,Default,,0000,0000,0000,,you must be aware of that. Before
Dialogue: 0,0:15:11.96,0:15:14.96,Default,,0000,0000,0000,,you start digital forensics analysis,
Dialogue: 0,0:15:14.96,0:15:21.52,Default,,0000,0000,0000,,while working on the data collection
Dialogue: 0,0:15:21.52,0:15:24.04,Default,,0000,0000,0000,,process, you want to make sure you
Dialogue: 0,0:15:24.04,0:15:27.20,Default,,0000,0000,0000,,don't have any anti-forensic
Dialogue: 0,0:15:27.20,0:15:30.00,Default,,0000,0000,0000,,tools or applications installed on the
Dialogue: 0,0:15:30.00,0:15:33.08,Default,,0000,0000,0000,,particular host or hosts in which you are
Dialogue: 0,0:15:33.08,0:15:35.56,Default,,0000,0000,0000,,going to conduct the investigation. Another
Dialogue: 0,0:15:35.56,0:15:38.83,Default,,0000,0000,0000,,very important component is Cross-validation.
Dialogue: 0,0:15:38.83,0:15:41.40,Default,,0000,0000,0000,,This is what brings actual
Dialogue: 0,0:15:41.40,0:15:45.08,Default,,0000,0000,0000,,reputation and respect to the data you
Dialogue: 0,0:15:45.08,0:15:48.64,Default,,0000,0000,0000,,are presenting in the court of law. Okay?
Dialogue: 0,0:15:48.64,0:15:51.16,Default,,0000,0000,0000,,So the standard operating procedures are a
Dialogue: 0,0:15:51.16,0:15:54.52,Default,,0000,0000,0000,,very important component that is oftentimes
Dialogue: 0,0:15:54.52,0:15:56.28,Default,,0000,0000,0000,,overlooked, and it's about
Dialogue: 0,0:15:56.28,0:15:59.28,Default,,0000,0000,0000,,developing and following SOPs that
Dialogue: 0,0:15:59.28,0:16:02.40,Default,,0000,0000,0000,,maintain consistency. This is
Dialogue: 0,0:16:02.40,0:16:04.96,Default,,0000,0000,0000,,why documentation is key, and it was
Dialogue: 0,0:16:04.96,0:16:07.56,Default,,0000,0000,0000,,presented in slide number one. Training
Dialogue: 0,0:16:07.56,0:16:10.80,Default,,0000,0000,0000,,and certification are also important components, and
Dialogue: 0,0:16:10.80,0:16:12.64,Default,,0000,0000,0000,,this is relevant. The reason why it's
Dialogue: 0,0:16:12.64,0:16:15.28,Default,,0000,0000,0000,,relevant is that I understand you can learn
Dialogue: 0,0:16:15.28,0:16:18.64,Default,,0000,0000,0000,,many things by yourself. This is becoming
Dialogue: 0,0:16:18.64,0:16:21.76,Default,,0000,0000,0000,,more popular as we become more
Dialogue: 0,0:16:21.76,0:16:24.68,Default,,0000,0000,0000,,technology-dependent. This is normal
Dialogue: 0,0:16:24.68,0:16:27.64,Default,,0000,0000,0000,,and expected, but certifications still
Dialogue: 0,0:16:27.64,0:16:30.80,Default,,0000,0000,0000,,hold particular value. There are
Dialogue: 0,0:16:30.80,0:16:33.28,Default,,0000,0000,0000,,multiple questions in certification
Dialogue: 0,0:16:33.28,0:16:37.54,Default,,0000,0000,0000,,exams, in general terms, not only in EC-Council
Dialogue: 0,0:16:37.54,0:16:39.84,Default,,0000,0000,0000,,certifications or others, in which,
Dialogue: 0,0:16:39.84,0:16:42.24,Default,,0000,0000,0000,,most likely, if you don't go through the
Dialogue: 0,0:16:42.24,0:16:44.72,Default,,0000,0000,0000,,certification process, you will never
Dialogue: 0,0:16:44.72,0:16:47.32,Default,,0000,0000,0000,,find out. And this is what
Dialogue: 0,0:16:47.32,0:16:49.76,Default,,0000,0000,0000,,some people say: "Well, this is
Dialogue: 0,0:16:49.76,0:16:52.80,Default,,0000,0000,0000,,theoretical information." Digital forensics
Dialogue: 0,0:16:52.80,0:16:55.76,Default,,0000,0000,0000,,involves a lot of theoretical information--
Dialogue: 0,0:16:55.76,0:16:58.04,Default,,0000,0000,0000,,A LOT. Remember that we are doing the
Dialogue: 0,0:16:58.04,0:17:01.20,Default,,0000,0000,0000,,analysis at a low
Dialogue: 0,0:17:01.20,0:17:04.84,Default,,0000,0000,0000,,level, from the technical standpoint. So
Dialogue: 0,0:17:04.84,0:17:07.32,Default,,0000,0000,0000,,theory is extremely important and
Dialogue: 0,0:17:07.32,0:17:10.60,Default,,0000,0000,0000,,relevant when we do forensic
Dialogue: 0,0:17:10.60,0:17:13.40,Default,,0000,0000,0000,,investigations--digital forensics. The same
Dialogue: 0,0:17:13.40,0:17:15.60,Default,,0000,0000,0000,,happens with medical doctors. When
Dialogue: 0,0:17:15.60,0:17:18.12,Default,,0000,0000,0000,,medical doctors do a forensic
Dialogue: 0,0:17:18.12,0:17:20.48,Default,,0000,0000,0000,,analysis of a body of someone who
Dialogue: 0,0:17:20.48,0:17:23.48,Default,,0000,0000,0000,,passed away, they also employ a lot of
Dialogue: 0,0:17:23.48,0:17:25.40,Default,,0000,0000,0000,,theoretical knowledge they have been
Dialogue: 0,0:17:25.40,0:17:27.96,Default,,0000,0000,0000,,accumulating. Digital forensics is no
Dialogue: 0,0:17:27.96,0:17:28.88,Default,,0000,0000,0000,,different.
Dialogue: 0,0:17:29.12,0:17:32.40,Default,,0000,0000,0000,,The other consideration is expert
Dialogue: 0,0:17:32.40,0:17:35.12,Default,,0000,0000,0000,,testimony. Okay? I, for example, live
Dialogue: 0,0:17:35.12,0:17:38.72,Default,,0000,0000,0000,,in Miami, Florida, in the USA, and I am one of the
Dialogue: 0,0:17:38.72,0:17:43.08,Default,,0000,0000,0000,,11 experts certified by the legal system
Dialogue: 0,0:17:43.08,0:17:47.80,Default,,0000,0000,0000,,in the 11 districts. This means that when you
Dialogue: 0,0:17:47.80,0:17:49.88,Default,,0000,0000,0000,,go to court, you have to be
Dialogue: 0,0:17:49.88,0:17:53.36,Default,,0000,0000,0000,,classified as an expert in order to
Dialogue: 0,0:17:53.36,0:17:57.60,Default,,0000,0000,0000,,provide comments and evidence. Otherwise, you will
Dialogue: 0,0:17:57.60,0:18:03.24,Default,,0000,0000,0000,,probably not be able to speak in court,
Dialogue: 0,0:18:03.24,0:18:04.40,Default,,0000,0000,0000,,as what we say
Dialogue: 0,0:18:04.40,0:18:07.04,Default,,0000,0000,0000,,in court is relevant for the case.
Dialogue: 0,0:18:07.04,0:18:10.04,Default,,0000,0000,0000,,And with our wording or statement,
Dialogue: 0,0:18:10.04,0:18:12.72,Default,,0000,0000,0000,,along with the evidence we provide, we have
Dialogue: 0,0:18:12.72,0:18:15.80,Default,,0000,0000,0000,,the ability to put somebody in jail or
Dialogue: 0,0:18:15.80,0:18:18.92,Default,,0000,0000,0000,,release this person from jail.
Dialogue: 0,0:18:18.92,0:18:23.32,Default,,0000,0000,0000,,So, this is extremely important. Okay? So,
Dialogue: 0,0:18:23.32,0:18:25.56,Default,,0000,0000,0000,,evidence storage is one of the most
Dialogue: 0,0:18:25.56,0:18:27.96,Default,,0000,0000,0000,,important components. Your opponent in
Dialogue: 0,0:18:27.96,0:18:31.12,Default,,0000,0000,0000,,court or in your company will try
Dialogue: 0,0:18:31.12,0:18:33.68,Default,,0000,0000,0000,,their best to challenge what you
Dialogue: 0,0:18:33.68,0:18:36.36,Default,,0000,0000,0000,,are presenting. So, you have to safely
Dialogue: 0,0:18:36.36,0:18:38.84,Default,,0000,0000,0000,,store and protect evidence to maintain
Dialogue: 0,0:18:38.84,0:18:42.08,Default,,0000,0000,0000,,its integrity. Integrity is the most
Dialogue: 0,0:18:42.08,0:18:44.88,Default,,0000,0000,0000,,important characteristic or
Dialogue: 0,0:18:44.88,0:18:47.84,Default,,0000,0000,0000,,consideration in digital forensics--
Dialogue: 0,0:18:47.84,0:18:51.72,Default,,0000,0000,0000,,without any other factor coming close. So, integrity
Dialogue: 0,0:18:51.72,0:18:55.36,Default,,0000,0000,0000,,is everything in digital forensics. Okay?
Dialogue: 0,0:18:55.36,0:18:57.88,Default,,0000,0000,0000,,Data encryption: There are multiple cases
Dialogue: 0,0:18:57.88,0:19:00.48,Default,,0000,0000,0000,,in which you will do digital
Dialogue: 0,0:19:00.48,0:19:04.40,Default,,0000,0000,0000,,forensics on encrypted storage devices,
Dialogue: 0,0:19:04.40,0:19:06.92,Default,,0000,0000,0000,,encrypted data, or encrypted
Dialogue: 0,0:19:06.92,0:19:11.16,Default,,0000,0000,0000,,applications. You need to develop the
Dialogue: 0,0:19:11.16,0:19:13.56,Default,,0000,0000,0000,,ability to handle encrypted data
Dialogue: 0,0:19:13.56,0:19:16.64,Default,,0000,0000,0000,,and understand the encryption methods.
Dialogue: 0,0:19:16.64,0:19:18.68,Default,,0000,0000,0000,,Among the publications I have, I have
Dialogue: 0,0:19:18.68,0:19:21.68,Default,,0000,0000,0000,,over 25 publications on different
Dialogue: 0,0:19:21.68,0:19:25.20,Default,,0000,0000,0000,,topics and concepts within security. A
Dialogue: 0,0:19:25.20,0:19:28.36,Default,,0000,0000,0000,,few of them, probably five or six, are
Dialogue: 0,0:19:28.36,0:19:31.40,Default,,0000,0000,0000,,specifically about encryption. If we want
Dialogue: 0,0:19:31.40,0:19:35.32,Default,,0000,0000,0000,,to do digital forensics, we must become
Dialogue: 0,0:19:35.32,0:19:38.68,Default,,0000,0000,0000,,data encryption experts. There is no other
Dialogue: 0,0:19:38.68,0:19:41.40,Default,,0000,0000,0000,,way. I understand that many people
Dialogue: 0,0:19:41.40,0:19:45.72,Default,,0000,0000,0000,,don’t like math, statistics, physics, etc.,
Dialogue: 0,0:19:45.72,0:19:47.76,Default,,0000,0000,0000,,but this is a requirement for doing an
Dialogue: 0,0:19:47.76,0:19:50.32,Default,,0000,0000,0000,,appropriate digital forensic assessment.
Dialogue: 0,0:19:50.32,0:19:53.76,Default,,0000,0000,0000,,It’s a necessity today. Okay? The other
Dialogue: 0,0:19:53.76,0:19:56.32,Default,,0000,0000,0000,,consideration, and this is for the people
Dialogue: 0,0:19:56.32,0:19:58.52,Default,,0000,0000,0000,,who love technology like me attending
Dialogue: 0,0:19:58.52,0:20:01.68,Default,,0000,0000,0000,,or watching this conference, is network. I
Dialogue: 0,0:20:01.68,0:20:04.48,Default,,0000,0000,0000,,am a big fan of networks. I have been
Dialogue: 0,0:20:04.48,0:20:07.56,Default,,0000,0000,0000,,working in networking for 41 years.
Dialogue: 0,0:20:07.56,0:20:09.72,Default,,0000,0000,0000,,My doctoral degree is in
Dialogue: 0,0:20:09.72,0:20:12.92,Default,,0000,0000,0000,,telecommunications and cybersecurity. So,
Dialogue: 0,0:20:12.92,0:20:16.88,Default,,0000,0000,0000,,networking is in my DNA. I love networking more than
Dialogue: 0,0:20:16.88,0:20:20.24,Default,,0000,0000,0000,,any other topic in information
Dialogue: 0,0:20:20.24,0:20:23.12,Default,,0000,0000,0000,,technology. Network analysis is the
Dialogue: 0,0:20:23.12,0:20:25.48,Default,,0000,0000,0000,,ability to analyze network
Dialogue: 0,0:20:25.48,0:20:28.76,Default,,0000,0000,0000,,traffic logs and data to trace digital
Dialogue: 0,0:20:28.76,0:20:30.76,Default,,0000,0000,0000,,footprints. I’m pretty sure
Dialogue: 0,0:20:30.76,0:20:34.32,Default,,0000,0000,0000,,everyone has a tool of mine, and, of course,
Dialogue: 0,0:20:34.32,0:20:37.76,Default,,0000,0000,0000,,this tool is most likely part of the
Dialogue: 0,0:20:37.76,0:20:39.96,Default,,0000,0000,0000,,tools I’m going to
Dialogue: 0,0:20:39.96,0:20:42.28,Default,,0000,0000,0000,,provide in the last slide for you.
Dialogue: 0,0:20:42.28,0:20:44.60,Default,,0000,0000,0000,,But network analysis today, from a
Dialogue: 0,0:20:44.60,0:20:46.92,Default,,0000,0000,0000,,digital forensics standpoint, is
Dialogue: 0,0:20:46.92,0:20:49.92,Default,,0000,0000,0000,,everything. Everything is network-related in
Dialogue: 0,0:20:49.92,0:20:53.28,Default,,0000,0000,0000,,one or another way. Malware analysis: We
Dialogue: 0,0:20:53.28,0:20:55.64,Default,,0000,0000,0000,,need to develop the ability to
Dialogue: 0,0:20:55.64,0:20:58.68,Default,,0000,0000,0000,,understand malware behavior and analysis
Dialogue: 0,0:20:58.68,0:21:02.96,Default,,0000,0000,0000,,and how those malwares impact systems.
Dialogue: 0,0:21:02.96,0:21:05.08,Default,,0000,0000,0000,,This needs to be incorporated as part of
Dialogue: 0,0:21:05.08,0:21:07.72,Default,,0000,0000,0000,,the cybersecurity analysis when
Dialogue: 0,0:21:07.72,0:21:10.84,Default,,0000,0000,0000,,performing digital forensics today. Cloud
Dialogue: 0,0:21:10.84,0:21:13.60,Default,,0000,0000,0000,,forensics: I don’t have to highlight how
Dialogue: 0,0:21:13.60,0:21:17.24,Default,,0000,0000,0000,,important cloud operations are. Okay? We are
Dialogue: 0,0:21:17.24,0:21:19.72,Default,,0000,0000,0000,,moving operations to the cloud, and
Dialogue: 0,0:21:19.72,0:21:21.64,Default,,0000,0000,0000,,for those still
Dialogue: 0,0:21:21.64,0:21:24.68,Default,,0000,0000,0000,,running operations on-premises, there is
Dialogue: 0,0:21:24.68,0:21:27.04,Default,,0000,0000,0000,,a high expectation that sooner rather than
Dialogue: 0,0:21:27.04,0:21:29.32,Default,,0000,0000,0000,,later, you will move operations to the cloud for
Dialogue: 0,0:21:29.32,0:21:31.40,Default,,0000,0000,0000,,multiple conveniences. However, the
Dialogue: 0,0:21:31.40,0:21:33.40,Default,,0000,0000,0000,,configuration at this point does not fully
Dialogue: 0,0:21:33.40,0:21:36.80,Default,,0000,0000,0000,,benefit all aspects of the cloud. From
Dialogue: 0,0:21:36.80,0:21:39.56,Default,,0000,0000,0000,,a forensic standpoint, when you do
Dialogue: 0,0:21:39.56,0:21:42.04,Default,,0000,0000,0000,,cloud forensics, the situation is a little
Dialogue: 0,0:21:42.04,0:21:45.08,Default,,0000,0000,0000,,different from
Dialogue: 0,0:21:45.08,0:21:48.28,Default,,0000,0000,0000,,on-premises investigations. So, you have to
Dialogue: 0,0:21:48.28,0:21:50.64,Default,,0000,0000,0000,,adapt methodologies for investigating
Dialogue: 0,0:21:50.64,0:21:53.28,Default,,0000,0000,0000,,data in the cloud, regardless of the
Dialogue: 0,0:21:53.28,0:21:56.04,Default,,0000,0000,0000,,cloud provider. Here, as a matter, you can see
Dialogue: 0,0:21:56.04,0:22:00.20,Default,,0000,0000,0000,,AWS, Google, Azure, or anyone else.
Dialogue: 0,0:22:00.20,0:22:02.76,Default,,0000,0000,0000,,The operation in the cloud is somehow
Dialogue: 0,0:22:02.76,0:22:04.68,Default,,0000,0000,0000,,different from a digital forensics
Dialogue: 0,0:22:04.68,0:22:07.32,Default,,0000,0000,0000,,standpoint, starting with how you
Dialogue: 0,0:22:07.32,0:22:08.48,Default,,0000,0000,0000,,access the data.
Dialogue: 0,0:22:08.48,0:22:12.72,Default,,0000,0000,0000,,Remote forensics: Remote forensics is the opportunity
Dialogue: 0,0:22:12.72,0:22:16.08,Default,,0000,0000,0000,,to develop skills for collecting and
Dialogue: 0,0:22:16.08,0:22:19.24,Default,,0000,0000,0000,,analyzing data from a remote location.
Dialogue: 0,0:22:19.24,0:22:22.00,Default,,0000,0000,0000,,This is happening more frequently now as
Dialogue: 0,0:22:22.00,0:22:26.00,Default,,0000,0000,0000,,we become more telework-dependent.
Dialogue: 0,0:22:26.00,0:22:28.96,Default,,0000,0000,0000,,In multiple cases--my own company, for example, knowing my
Dialogue: 0,0:22:28.96,0:22:31.24,Default,,0000,0000,0000,,job with the government, but owning my own
Dialogue: 0,0:22:31.24,0:22:33.52,Default,,0000,0000,0000,,company--I have been doing more remote digital forensics in the last
Dialogue: 0,0:22:33.52,0:22:36.08,Default,,0000,0000,0000,,two, three years, probably two years.
Dialogue: 0,0:22:38.07,0:22:39.76,Default,,0000,0000,0000,,Digital forensics that
Dialogue: 0,0:22:39.76,0:22:41.96,Default,,0000,0000,0000,,than probably ever before in my life. So, this
Dialogue: 0,0:22:41.96,0:22:44.80,Default,,0000,0000,0000,,is an important skill to develop as well.
Dialogue: 0,0:22:44.80,0:22:47.68,Default,,0000,0000,0000,,Case management: This is how we use
Dialogue: 0,0:22:47.68,0:22:49.76,Default,,0000,0000,0000,,digital forensics case management to
Dialogue: 0,0:22:49.76,0:22:52.88,Default,,0000,0000,0000,,organize and track investigations. I mentioned to
Dialogue: 0,0:22:52.88,0:22:55.84,Default,,0000,0000,0000,,you that I go to court very often--more
Dialogue: 0,0:22:55.84,0:23:00.04,Default,,0000,0000,0000,,often than I want, very, very often.
Dialogue: 0,0:23:00.04,0:23:04.28,Default,,0000,0000,0000,,Okay. And they scrutinize every
Dialogue: 0,0:23:04.28,0:23:06.48,Default,,0000,0000,0000,,single protocol you present, every single
Dialogue: 0,0:23:06.48,0:23:08.88,Default,,0000,0000,0000,,artifact, every single document, and the
Dialogue: 0,0:23:08.88,0:23:11.32,Default,,0000,0000,0000,,specific chronological order. This is a
Dialogue: 0,0:23:11.32,0:23:14.60,Default,,0000,0000,0000,,complex process. It’s not just collecting
Dialogue: 0,0:23:14.60,0:23:17.76,Default,,0000,0000,0000,,the data, performing the digital forensics
Dialogue: 0,0:23:17.76,0:23:20.00,Default,,0000,0000,0000,,analysis, and going to court to testify.
Dialogue: 0,0:23:20.00,0:23:22.96,Default,,0000,0000,0000,,Okay? The process is much more
Dialogue: 0,0:23:22.96,0:23:25.20,Default,,0000,0000,0000,,complex than this.
Dialogue: 0,0:23:25.20,0:23:27.40,Default,,0000,0000,0000,,Collaboration: Collaborate with other
Dialogue: 0,0:23:27.40,0:23:29.24,Default,,0000,0000,0000,,experts and there's one in the middle
Dialogue: 0,0:23:29.24,0:23:31.52,Default,,0000,0000,0000,,that I'm going to highlight in a few.
Dialogue: 0,0:23:31.52,0:23:34.08,Default,,0000,0000,0000,,Collaborate with other experts, law
Dialogue: 0,0:23:34.08,0:23:37.04,Default,,0000,0000,0000,,enforcement, or organizations for complex
Dialogue: 0,0:23:37.04,0:23:40.12,Default,,0000,0000,0000,,cases. Cases are different from one another.
Dialogue: 0,0:23:40.12,0:23:41.88,Default,,0000,0000,0000,,Of course, this is okay, and I know you
Dialogue: 0,0:23:41.88,0:23:44.88,Default,,0000,0000,0000,,know that. Okay? But you have some cases
Dialogue: 0,0:23:44.88,0:23:47.08,Default,,0000,0000,0000,,sometimes in which the forensic analysis
Dialogue: 0,0:23:47.08,0:23:50.28,Default,,0000,0000,0000,,becomes very complex. In those particular
Dialogue: 0,0:23:50.28,0:23:53.12,Default,,0000,0000,0000,,cases, my advice is to collaborate with
Dialogue: 0,0:23:53.12,0:23:55.72,Default,,0000,0000,0000,,others. Okay? You do better when you work
Dialogue: 0,0:23:55.72,0:23:58.40,Default,,0000,0000,0000,,as part of a team and not when you work
Dialogue: 0,0:23:58.40,0:24:01.16,Default,,0000,0000,0000,,independently. I’ll skip the data
Dialogue: 0,0:24:01.16,0:24:04.12,Default,,0000,0000,0000,,privacy compliance for a minute because
Dialogue: 0,0:24:04.12,0:24:07.52,Default,,0000,0000,0000,,this is relevant. Every single state,
Dialogue: 0,0:24:07.52,0:24:09.40,Default,,0000,0000,0000,,every single... No
Dialogue: 0,0:24:09.40,0:24:14.00,Default,,0000,0000,0000,,exception. A state court operates on the
Dialogue: 0,0:24:14.00,0:24:16.44,Default,,0000,0000,0000,,different requirements. So, you want to
Dialogue: 0,0:24:16.44,0:24:19.32,Default,,0000,0000,0000,,make sure that you follow the privacy
Dialogue: 0,0:24:19.32,0:24:22.80,Default,,0000,0000,0000,,regulations in your specific place. Okay?
Dialogue: 0,0:24:22.80,0:24:24.60,Default,,0000,0000,0000,,And by the way, I'm going to ask you a
Dialogue: 0,0:24:24.60,0:24:27.48,Default,,0000,0000,0000,,question. I'm not expecting any response.
Dialogue: 0,0:24:27.48,0:24:30.44,Default,,0000,0000,0000,,But the question is: by any chance, do you
Dialogue: 0,0:24:30.44,0:24:33.40,Default,,0000,0000,0000,,know the specific digital forensic
Dialogue: 0,0:24:33.40,0:24:36.36,Default,,0000,0000,0000,,regulations in the place you live? Ask
Dialogue: 0,0:24:36.36,0:24:38.92,Default,,0000,0000,0000,,yourself this question, and probably some
Dialogue: 0,0:24:38.92,0:24:42.32,Default,,0000,0000,0000,,of you are going to respond "no." This is a
Dialogue: 0,0:24:42.32,0:24:45.28,Default,,0000,0000,0000,,critical thing. Continuous learning: You
Dialogue: 0,0:24:45.28,0:24:48.32,Default,,0000,0000,0000,,need to keep asking about what we do. Okay?
Dialogue: 0,0:24:48.32,0:24:51.80,Default,,0000,0000,0000,,Cybersecurity is an specialization of IT. From
Dialogue: 0,0:24:51.80,0:24:54.52,Default,,0000,0000,0000,,my point of view, it's the most fascinating
Dialogue: 0,0:24:54.52,0:24:57.32,Default,,0000,0000,0000,,topic in the world. This is
Dialogue: 0,0:24:57.32,0:25:00.28,Default,,0000,0000,0000,,the only topic I can talk about
Dialogue: 0,0:25:00.28,0:25:04.40,Default,,0000,0000,0000,,for 25 hours without drinking water.
Dialogue: 0,0:25:04.40,0:25:07.64,Default,,0000,0000,0000,,This is my life. I dedicate multiple
Dialogue: 0,0:25:07.64,0:25:10.36,Default,,0000,0000,0000,,hours every single day, seven days a week,
Dialogue: 0,0:25:10.36,0:25:13.04,Default,,0000,0000,0000,,even when it creates some personal
Dialogue: 0,0:25:13.04,0:25:15.96,Default,,0000,0000,0000,,problems with my family, etc. This is in
Dialogue: 0,0:25:15.96,0:25:19.96,Default,,0000,0000,0000,,my DNA. I encourage each of you, if you
Dialogue: 0,0:25:19.96,0:25:23.68,Default,,0000,0000,0000,,are not doing so, to dedicate your life to
Dialogue: 0,0:25:23.68,0:25:27.12,Default,,0000,0000,0000,,become a digital forensics expert. Digital
Dialogue: 0,0:25:27.12,0:25:30.32,Default,,0000,0000,0000,,forensic is one of the most fascinating
Dialogue: 0,0:25:30.32,0:25:33.12,Default,,0000,0000,0000,,topics in the planet. Okay. And you want
Dialogue: 0,0:25:33.12,0:25:36.56,Default,,0000,0000,0000,,to be attentive to these type of things.
Dialogue: 0,0:25:36.56,0:25:38.52,Default,,0000,0000,0000,,Report and presentation: When you go to
Dialogue: 0,0:25:38.52,0:25:41.36,Default,,0000,0000,0000,,the court or when you present your
Dialogue: 0,0:25:41.36,0:25:44.08,Default,,0000,0000,0000,,outcomes of all the digital forensic
Dialogue: 0,0:25:44.08,0:25:46.60,Default,,0000,0000,0000,,outcomes to your organization, you want
Dialogue: 0,0:25:46.60,0:25:48.36,Default,,0000,0000,0000,,to make sure that you use clear
Dialogue: 0,0:25:48.36,0:25:52.32,Default,,0000,0000,0000,,language, you are concise, and you are
Dialogue: 0,0:25:52.32,0:25:54.56,Default,,0000,0000,0000,,ready for the presentation questions and
Dialogue: 0,0:25:54.56,0:25:56.68,Default,,0000,0000,0000,,answers. You never want to go to the
Dialogue: 0,0:25:56.68,0:25:59.00,Default,,0000,0000,0000,,court unprepared. Okay? Never in your
Dialogue: 0,0:25:59.00,0:26:00.88,Default,,0000,0000,0000,,life. This is not appropriate because, at
Dialogue: 0,0:26:00.88,0:26:04.44,Default,,0000,0000,0000,,the end your assessment, you have the
Dialogue: 0,0:26:04.44,0:26:07.52,Default,,0000,0000,0000,,possibility to put somebody in jail or
Dialogue: 0,0:26:07.52,0:26:09.08,Default,,0000,0000,0000,,somebody will be fired from the
Dialogue: 0,0:26:09.08,0:26:12.32,Default,,0000,0000,0000,,organization or not. So what we said is
Dialogue: 0,0:26:12.32,0:26:16.20,Default,,0000,0000,0000,,relevant. Our wording has a huge impact
Dialogue: 0,0:26:16.20,0:26:18.96,Default,,0000,0000,0000,,in other people's lives. It's important
Dialogue: 0,0:26:18.96,0:26:21.40,Default,,0000,0000,0000,,to be attentive to that. One of the most
Dialogue: 0,0:26:21.40,0:26:24.72,Default,,0000,0000,0000,,relevant topic that I have been using in
Dialogue: 0,0:26:24.72,0:26:27.68,Default,,0000,0000,0000,,my practice is the use of artificial
Dialogue: 0,0:26:27.68,0:26:30.76,Default,,0000,0000,0000,,intelligence in digital forensic. Since
Dialogue: 0,0:26:30.76,0:26:35.92,Default,,0000,0000,0000,,2017, this is not a topic that is well
Dialogue: 0,0:26:35.92,0:26:39.48,Default,,0000,0000,0000,,known. At this point, the reason why I
Dialogue: 0,0:26:39.48,0:26:41.92,Default,,0000,0000,0000,,really want to share my experience--
Dialogue: 0,0:26:41.92,0:26:44.92,Default,,0000,0000,0000,,practical experience with you guys,
Dialogue: 0,0:26:44.92,0:26:47.92,Default,,0000,0000,0000,,digital evidence analysis, how artificial
Dialogue: 0,0:26:47.92,0:26:51.72,Default,,0000,0000,0000,,intelligence can help us. Well, everybody
Dialogue: 0,0:26:51.72,0:26:55.32,Default,,0000,0000,0000,,knows that we have multiple applications
Dialogue: 0,0:26:55.32,0:26:58.40,Default,,0000,0000,0000,,that we can use in order to analyze
Dialogue: 0,0:26:58.40,0:27:00.48,Default,,0000,0000,0000,,the different kind of media that can be
Dialogue: 0,0:27:00.48,0:27:03.44,Default,,0000,0000,0000,,generated. For example, text, image, and
Dialogue: 0,0:27:03.44,0:27:06.28,Default,,0000,0000,0000,,videos, artificial intelligence studies
Dialogue: 0,0:27:06.28,0:27:09.16,Default,,0000,0000,0000,,have the ability to detect and flag
Dialogue: 0,0:27:09.16,0:27:11.32,Default,,0000,0000,0000,,potential relevant content for
Dialogue: 0,0:27:11.32,0:27:13.40,Default,,0000,0000,0000,,investigations, especially from the
Dialogue: 0,0:27:13.40,0:27:17.00,Default,,0000,0000,0000,,timing standpoint. Digital forensic is
Dialogue: 0,0:27:17.00,0:27:19.92,Default,,0000,0000,0000,,extremely time consuming, very, very
Dialogue: 0,0:27:19.92,0:27:23.20,Default,,0000,0000,0000,,time consuming and complex. This is
Dialogue: 0,0:27:23.20,0:27:27.00,Default,,0000,0000,0000,,probably along with data recovery the
Dialogue: 0,0:27:27.00,0:27:29.26,Default,,0000,0000,0000,,most complex specialization in
Dialogue: 0,0:27:29.26,0:27:32.76,Default,,0000,0000,0000,,cybersecurity. So the use of artificial
Dialogue: 0,0:27:32.76,0:27:35.68,Default,,0000,0000,0000,,intelligence, in our favor, is very
Dialogue: 0,0:27:35.68,0:27:38.16,Default,,0000,0000,0000,,convenient. And at the end, I'm going to
Dialogue: 0,0:27:38.16,0:27:40.72,Default,,0000,0000,0000,,include as well or actually I included
Dialogue: 0,0:27:40.72,0:27:44.04,Default,,0000,0000,0000,,in the list a particular artificial
Dialogue: 0,0:27:44.04,0:27:45.92,Default,,0000,0000,0000,,intelligence tool that you can use in
Dialogue: 0,0:27:45.92,0:27:49.16,Default,,0000,0000,0000,,your favor. The other use of artificial
Dialogue: 0,0:27:49.16,0:27:51.60,Default,,0000,0000,0000,,intelligence is pattern
Dialogue: 0,0:27:51.60,0:27:54.16,Default,,0000,0000,0000,,recognition. Artificial intelligence can
Dialogue: 0,0:27:54.16,0:27:56.96,Default,,0000,0000,0000,,identify patterns in data, helping
Dialogue: 0,0:27:56.96,0:27:59.72,Default,,0000,0000,0000,,investigators recognize anomalies or
Dialogue: 0,0:27:59.72,0:28:02.72,Default,,0000,0000,0000,,correlations in digital artifacts that
Dialogue: 0,0:28:02.72,0:28:05.72,Default,,0000,0000,0000,,may indicate criminal activity.
Dialogue: 0,0:28:05.72,0:28:07.64,Default,,0000,0000,0000,,Out of the whole sentence, the most
Dialogue: 0,0:28:07.64,0:28:12.00,Default,,0000,0000,0000,,important question is: "What is the key word?" The key word,
Dialogue: 0,0:28:12.00,0:28:15.08,Default,,0000,0000,0000,,correlation. How do we correlate data by
Dialogue: 0,0:28:15.08,0:28:17.04,Default,,0000,0000,0000,,using artificial intelligence? The
Dialogue: 0,0:28:17.04,0:28:19.40,Default,,0000,0000,0000,,process is going to be simplified
Dialogue: 0,0:28:19.40,0:28:22.00,Default,,0000,0000,0000,,dramatically. Speaking based on my
Dialogue: 0,0:28:22.00,0:28:25.08,Default,,0000,0000,0000,,personal experience, the other component is
Dialogue: 0,0:28:25.08,0:28:28.24,Default,,0000,0000,0000,,NLP. This can be used to analyze
Dialogue: 0,0:28:28.24,0:28:31.44,Default,,0000,0000,0000,,text-based evidence, including logs
Dialogue: 0,0:28:31.44,0:28:33.92,Default,,0000,0000,0000,,and emails, to uncover communication
Dialogue: 0,0:28:33.92,0:28:37.04,Default,,0000,0000,0000,,patterns or hidden minutes. A lot of
Dialogue: 0,0:28:37.04,0:28:39.68,Default,,0000,0000,0000,,evidence that we collect, about
Dialogue: 0,0:28:39.68,0:28:43.76,Default,,0000,0000,0000,,65%, is included in emails, chats,
Dialogue: 0,0:28:43.76,0:28:48.08,Default,,0000,0000,0000,,documents, etc., so this is when NLP plays
Dialogue: 0,0:28:48.08,0:28:49.96,Default,,0000,0000,0000,,a predominant role in artificial
Dialogue: 0,0:28:49.96,0:28:52.12,Default,,0000,0000,0000,,intelligence in the digital forensic
Dialogue: 0,0:28:52.12,0:28:55.40,Default,,0000,0000,0000,,analysis for image and video analysis. It provides
Dialogue: 0,0:28:55.40,0:28:58.16,Default,,0000,0000,0000,,incredible benefits. Okay? You have the
Dialogue: 0,0:28:58.16,0:29:00.04,Default,,0000,0000,0000,,ability to analyze multimedia
Dialogue: 0,0:29:00.04,0:29:02.56,Default,,0000,0000,0000,,content to identify objects, people, and
Dialogue: 0,0:29:02.56,0:29:05.00,Default,,0000,0000,0000,,potentially illegal or
Dialogue: 0,0:29:05.00,0:29:08.32,Default,,0000,0000,0000,,sensitive content. I’m sure a word
Dialogue: 0,0:29:08.32,0:29:11.20,Default,,0000,0000,0000,,is coming to your mind right now, steganography.
Dialogue: 0,0:29:11.20,0:29:14.00,Default,,0000,0000,0000,,Yes, this is part of steganography, but it's
Dialogue: 0,0:29:14.00,0:29:18.48,Default,,0000,0000,0000,,not similar to doing steganography by using a
Dialogue: 0,0:29:18.48,0:29:20.44,Default,,0000,0000,0000,,particular application. When you
Dialogue: 0,0:29:20.44,0:29:23.16,Default,,0000,0000,0000,,employ artificial intelligence tools
Dialogue: 0,0:29:23.16,0:29:25.28,Default,,0000,0000,0000,,that are dedicated exclusively to
Dialogue: 0,0:29:25.28,0:29:28.36,Default,,0000,0000,0000,,digital forensics, the benefit is really
Dialogue: 0,0:29:28.36,0:29:31.08,Default,,0000,0000,0000,,awesome. Predictive analysis: Machine
Dialogue: 0,0:29:31.08,0:29:33.72,Default,,0000,0000,0000,,learning models can predict potential
Dialogue: 0,0:29:33.72,0:29:37.12,Default,,0000,0000,0000,,areas of interest in an investigation,
Dialogue: 0,0:29:37.12,0:29:39.56,Default,,0000,0000,0000,,guiding forensic experts to focus on
Dialogue: 0,0:29:39.56,0:29:42.04,Default,,0000,0000,0000,,critical evidence. Imagine that you are
Dialogue: 0,0:29:42.04,0:29:45.28,Default,,0000,0000,0000,,analyzing a hard drive that is one
Dialogue: 0,0:29:45.28,0:29:49.04,Default,,0000,0000,0000,,terabyte holds a lot of
Dialogue: 0,0:29:49.04,0:29:52.60,Default,,0000,0000,0000,,documents, videos, pictures, sounds, etc. You
Dialogue: 0,0:29:52.60,0:29:55.08,Default,,0000,0000,0000,,know that, right? If you are
Dialogue: 0,0:29:55.08,0:29:56.96,Default,,0000,0000,0000,,attending this conference, it’s because you
Dialogue: 0,0:29:56.96,0:29:59.36,Default,,0000,0000,0000,,are very familiar with information
Dialogue: 0,0:29:59.36,0:30:02.88,Default,,0000,0000,0000,,technology, cybersecurity, and digital forensics.
Dialogue: 0,0:30:02.88,0:30:06.64,Default,,0000,0000,0000,,Well, how do you find the specific data you
Dialogue: 0,0:30:06.64,0:30:09.48,Default,,0000,0000,0000,,need to prove something in a court of
Dialogue: 0,0:30:09.48,0:30:12.36,Default,,0000,0000,0000,,law? You have to be very careful
Dialogue: 0,0:30:12.36,0:30:14.52,Default,,0000,0000,0000,,about the pieces of data you pick for
Dialogue: 0,0:30:14.52,0:30:17.76,Default,,0000,0000,0000,,the analysis, otherwise, your
Dialogue: 0,0:30:17.76,0:30:20.08,Default,,0000,0000,0000,,assessment is not appropriate. And again,
Dialogue: 0,0:30:20.08,0:30:23.00,Default,,0000,0000,0000,,every single word we say in a court
Dialogue: 0,0:30:23.00,0:30:26.16,Default,,0000,0000,0000,,of law or in the organization we
Dialogue: 0,0:30:26.16,0:30:29.72,Default,,0000,0000,0000,,are working for is relevant. It implies
Dialogue: 0,0:30:29.72,0:30:31.80,Default,,0000,0000,0000,,that probably somebody will be in jail
Dialogue: 0,0:30:31.80,0:30:35.08,Default,,0000,0000,0000,,for 30 years, or probably somebody, if we’re
Dialogue: 0,0:30:35.08,0:30:38.44,Default,,0000,0000,0000,,talking about a huge crime like an
Dialogue: 0,0:30:38.44,0:30:41.56,Default,,0000,0000,0000,,assassination or child pornography abuse,
Dialogue: 0,0:30:41.56,0:30:45.32,Default,,0000,0000,0000,,will face consequences like death. Our
Dialogue: 0,0:30:45.32,0:30:48.60,Default,,0000,0000,0000,,assessment is critical. Okay? We become
Dialogue: 0,0:30:48.60,0:30:51.72,Default,,0000,0000,0000,,the main players when
Dialogue: 0,0:30:51.72,0:30:53.88,Default,,0000,0000,0000,,digital forensics is involved. We have to
Dialogue: 0,0:30:53.88,0:30:56.24,Default,,0000,0000,0000,,be very careful about the way we do it.
Dialogue: 0,0:30:56.24,0:30:59.48,Default,,0000,0000,0000,,This is not a joke; it's very serious. Okay?
Dialogue: 0,0:30:59.48,0:31:01.48,Default,,0000,0000,0000,,Predictive analysis, machine learning
Dialogue: 0,0:31:01.48,0:31:03.60,Default,,0000,0000,0000,,models, or artificial intelligence are
Dialogue: 0,0:31:03.60,0:31:06.32,Default,,0000,0000,0000,,pretty close in this concept and can predict
Dialogue: 0,0:31:06.32,0:31:08.48,Default,,0000,0000,0000,,potential areas of interest in an
Dialogue: 0,0:31:08.48,0:31:11.24,Default,,0000,0000,0000,,investigation. But we also talk about
Dialogue: 0,0:31:11.24,0:31:12.88,Default,,0000,0000,0000,,detection. Artificial intelligence
Dialogue: 0,0:31:12.88,0:31:15.72,Default,,0000,0000,0000,,driving security tools can identify
Dialogue: 0,0:31:15.72,0:31:17.96,Default,,0000,0000,0000,,cyber threats and potential cybercrime
Dialogue: 0,0:31:17.96,0:31:21.30,Default,,0000,0000,0000,,activities, helping law enforcement and cybersecurity
Dialogue: 0,0:31:21.30,0:31:23.60,Default,,0000,0000,0000,,teams respond effectively and
Dialogue: 0,0:31:23.60,0:31:27.24,Default,,0000,0000,0000,,proactively. More importantly, the
Dialogue: 0,0:31:27.24,0:31:30.04,Default,,0000,0000,0000,,majority of us have multiple tools that
Dialogue: 0,0:31:30.04,0:31:31.44,Default,,0000,0000,0000,,we call proactive
Dialogue: 0,0:31:31.44,0:31:34.52,Default,,0000,0000,0000,,in our place of work. Okay? We
Dialogue: 0,0:31:34.52,0:31:37.60,Default,,0000,0000,0000,,have different kinds of monitors, etc. But
Dialogue: 0,0:31:37.60,0:31:39.84,Default,,0000,0000,0000,,the possibility to do something in a
Dialogue: 0,0:31:39.84,0:31:43.40,Default,,0000,0000,0000,,proactive mode is really what we want.
Dialogue: 0,0:31:43.40,0:31:45.64,Default,,0000,0000,0000,,Evidence authentication: Artificial
Dialogue: 0,0:31:45.64,0:31:47.12,Default,,0000,0000,0000,,intelligence can assist in the
Dialogue: 0,0:31:47.12,0:31:49.36,Default,,0000,0000,0000,,authentication of digital evidence,
Dialogue: 0,0:31:49.36,0:31:51.44,Default,,0000,0000,0000,,ensuring its integrity and the
Dialogue: 0,0:31:51.44,0:31:54.20,Default,,0000,0000,0000,,possibility of this data being admitted
Dialogue: 0,0:31:54.20,0:31:57.40,Default,,0000,0000,0000,,in court. Data recovery: Artificial
Dialogue: 0,0:31:57.40,0:32:00.44,Default,,0000,0000,0000,,intelligence helps with the recovery of
Dialogue: 0,0:32:00.44,0:32:02.28,Default,,0000,0000,0000,,data that has been deleted
Dialogue: 0,0:32:02.28,0:32:05.32,Default,,0000,0000,0000,,intentionally or unintentionally. It
Dialogue: 0,0:32:05.32,0:32:07.40,Default,,0000,0000,0000,,doesn't matter. When we do digital
Dialogue: 0,0:32:07.40,0:32:10.92,Default,,0000,0000,0000,,forensics, we want to have as much data as
Dialogue: 0,0:32:10.92,0:32:14.88,Default,,0000,0000,0000,,we can to make a case
Dialogue: 0,0:32:14.88,0:32:17.60,Default,,0000,0000,0000,,against a particular party. From the
Dialogue: 0,0:32:17.60,0:32:20.20,Default,,0000,0000,0000,,malware analysis standpoint,
Dialogue: 0,0:32:20.20,0:32:23.24,Default,,0000,0000,0000,,artificial intelligence brings a lot of
Dialogue: 0,0:32:23.24,0:32:25.96,Default,,0000,0000,0000,,speed, and this is needed because, again,
Dialogue: 0,0:32:25.96,0:32:29.24,Default,,0000,0000,0000,,you are looking for a needle in a ton of
Dialogue: 0,0:32:29.24,0:32:33.04,Default,,0000,0000,0000,,water or in a ton of sand, and this
Dialogue: 0,0:32:33.04,0:32:35.64,Default,,0000,0000,0000,,is very complex. From the network
Dialogue: 0,0:32:35.64,0:32:37.88,Default,,0000,0000,0000,,forensic standpoint, we are accustomed to
Dialogue: 0,0:32:37.88,0:32:40.72,Default,,0000,0000,0000,,using tools such as Wireshark, which everybody
Dialogue: 0,0:32:40.72,0:32:44.48,Default,,0000,0000,0000,,knows, well, anyway,
Dialogue: 0,0:32:44.48,0:32:46.56,Default,,0000,0000,0000,,there are now specific artificial
Dialogue: 0,0:32:46.56,0:32:49.20,Default,,0000,0000,0000,,intelligence tools for network forensic
Dialogue: 0,0:32:49.20,0:32:53.24,Default,,0000,0000,0000,,analysis. I have included two of
Dialogue: 0,0:32:53.24,0:32:56.04,Default,,0000,0000,0000,,those tools in the list on the last
Dialogue: 0,0:32:56.04,0:32:59.44,Default,,0000,0000,0000,,slide. Automated trace: This is one of the
Dialogue: 0,0:32:59.44,0:33:01.56,Default,,0000,0000,0000,,most important considerations for you to
Dialogue: 0,0:33:01.56,0:33:04.00,Default,,0000,0000,0000,,consider with artificial intelligence in
Dialogue: 0,0:33:04.00,0:33:08.12,Default,,0000,0000,0000,,digital forensics. Speed is key. It’s basically
Dialogue: 0,0:33:08.12,0:33:11.04,Default,,0000,0000,0000,,the ability to do
Dialogue: 0,0:33:11.04,0:33:15.96,Default,,0000,0000,0000,,correlation between large data sets. Case
Dialogue: 0,0:33:15.96,0:33:18.40,Default,,0000,0000,0000,,priority: Artificial intelligence can
Dialogue: 0,0:33:18.40,0:33:20.48,Default,,0000,0000,0000,,assist investigators in
Dialogue: 0,0:33:20.48,0:33:23.52,Default,,0000,0000,0000,,prioritizing cases based on factors like
Dialogue: 0,0:33:23.52,0:33:25.96,Default,,0000,0000,0000,,severity, potential impact, or resource
Dialogue: 0,0:33:25.96,0:33:29.20,Default,,0000,0000,0000,,allocation, meaning timing.
Dialogue: 0,0:33:29.20,0:33:31.92,Default,,0000,0000,0000,,Predictive policing: This is super important
Dialogue: 0,0:33:31.92,0:33:35.04,Default,,0000,0000,0000,,because, until today, digital forensics has
Dialogue: 0,0:33:35.04,0:33:38.40,Default,,0000,0000,0000,,always been reactive. We react to
Dialogue: 0,0:33:38.40,0:33:40.84,Default,,0000,0000,0000,,something that happened. The possibility to
Dialogue: 0,0:33:40.84,0:33:44.12,Default,,0000,0000,0000,,make predictions in digital forensics is
Dialogue: 0,0:33:44.12,0:33:46.52,Default,,0000,0000,0000,,fantastic. It has never happened before.
Dialogue: 0,0:33:46.52,0:33:49.24,Default,,0000,0000,0000,,This is new, at least for me. I started
Dialogue: 0,0:33:49.24,0:33:51.60,Default,,0000,0000,0000,,using artificial intelligence back in my own
Dialogue: 0,0:33:51.60,0:33:54.92,Default,,0000,0000,0000,,company in 2017, and I have been able to
Dialogue: 0,0:33:54.92,0:33:55.96,Default,,0000,0000,0000,,that in
Dialogue: 0,0:33:55.96,0:33:59.40,Default,,0000,0000,0000,,multiple cases for the police department
Dialogue: 0,0:33:59.40,0:34:02.60,Default,,0000,0000,0000,,in Miami and in other two cities in
Dialogue: 0,0:34:02.60,0:34:06.64,Default,,0000,0000,0000,,Florida: Tampa and St. Petersburg. The
Dialogue: 0,0:34:06.64,0:34:09.24,Default,,0000,0000,0000,,results have been amazing. Document
Dialogue: 0,0:34:09.24,0:34:12.28,Default,,0000,0000,0000,,analysis: You know that NLP can extract
Dialogue: 0,0:34:12.28,0:34:14.80,Default,,0000,0000,0000,,information from documents and analyze
Dialogue: 0,0:34:14.80,0:34:17.12,Default,,0000,0000,0000,,sexual content for investigations.
Dialogue: 0,0:34:17.12,0:34:19.08,Default,,0000,0000,0000,,Artificial intelligence dramatically minimizes
Dialogue: 0,0:34:19.08,0:34:21.44,Default,,0000,0000,0000,,the time needed for that.
Dialogue: 0,0:34:21.44,0:34:24.64,Default,,0000,0000,0000,,Emotional recognition: Everybody
Dialogue: 0,0:34:24.64,0:34:27.76,Default,,0000,0000,0000,,knows what happened with the DSP
Dialogue: 0,0:34:27.76,0:34:31.56,Default,,0000,0000,0000,,algorithms. Okay? So we can use artificial
Dialogue: 0,0:34:31.56,0:34:33.92,Default,,0000,0000,0000,,intelligence to analyze videos,
Dialogue: 0,0:34:33.92,0:34:38.04,Default,,0000,0000,0000,,which is awesome because our eyes, our
Dialogue: 0,0:34:38.04,0:34:40.24,Default,,0000,0000,0000,,muscles in our eyes, don't have the
Dialogue: 0,0:34:40.24,0:34:43.40,Default,,0000,0000,0000,,ability to lie. We can lie when we speak,
Dialogue: 0,0:34:43.40,0:34:46.08,Default,,0000,0000,0000,,or we can try, but our eyes’ reactions
Dialogue: 0,0:34:46.08,0:34:49.12,Default,,0000,0000,0000,,to a particular stimulus cannot be hidden
Dialogue: 0,0:34:49.12,0:34:51.96,Default,,0000,0000,0000,,or cannot be modified. So this is unique.
Dialogue: 0,0:34:51.96,0:34:54.48,Default,,0000,0000,0000,,From the data privacy and compliance standpoint, you
Dialogue: 0,0:34:54.48,0:34:57.12,Default,,0000,0000,0000,,also have the ability to
Dialogue: 0,0:34:57.12,0:35:02.68,Default,,0000,0000,0000,,automate the specific data you want to
Dialogue: 0,0:35:02.68,0:35:06.80,Default,,0000,0000,0000,,include as part of your report. Okay? Now,
Dialogue: 0,0:35:06.80,0:35:09.28,Default,,0000,0000,0000,,digital forensic data acquisition steps:
Dialogue: 0,0:35:09.28,0:35:12.40,Default,,0000,0000,0000,,From my standpoint, after 41 years of experience,
Dialogue: 0,0:35:12.40,0:35:15.48,Default,,0000,0000,0000,,preservation--we already talked about this.
Dialogue: 0,0:35:15.48,0:35:18.16,Default,,0000,0000,0000,,Documentation: Preservation is integrity.
Dialogue: 0,0:35:18.16,0:35:21.32,Default,,0000,0000,0000,,Okay? This is the most important
Dialogue: 0,0:35:21.32,0:35:24.12,Default,,0000,0000,0000,,consideration, categorically speaking, in
Dialogue: 0,0:35:24.12,0:35:25.88,Default,,0000,0000,0000,,any kind of digital forensic
Dialogue: 0,0:35:25.88,0:35:28.40,Default,,0000,0000,0000,,investigation. You have to preserve the
Dialogue: 0,0:35:28.40,0:35:31.32,Default,,0000,0000,0000,,data as it is. And remember, you never use
Dialogue: 0,0:35:31.32,0:35:33.12,Default,,0000,0000,0000,,the original data for your forensic
Dialogue: 0,0:35:33.12,0:35:36.52,Default,,0000,0000,0000,,analysis—-never. You always use a copy. And
Dialogue: 0,0:35:36.52,0:35:40.47,Default,,0000,0000,0000,,to do copies, you have to use bit-by-bit
Dialogue: 0,0:35:40.47,0:35:43.32,Default,,0000,0000,0000,,applications. Bit-by-bit—you cannot
Dialogue: 0,0:35:43.32,0:35:46.80,Default,,0000,0000,0000,,copy bytes, or you cannot copy data
Dialogue: 0,0:35:46.80,0:35:49.16,Default,,0000,0000,0000,,and forget about the information. So,
Dialogue: 0,0:35:49.16,0:35:52.36,Default,,0000,0000,0000,,preservation is the most important thing.
Dialogue: 0,0:35:52.36,0:35:54.52,Default,,0000,0000,0000,,Documentation: We already know that
Dialogue: 0,0:35:54.52,0:35:56.96,Default,,0000,0000,0000,,everything needs to be documented, okay?
Dialogue: 0,0:35:56.96,0:35:59.96,Default,,0000,0000,0000,,From the crime scene to the
Dialogue: 0,0:35:59.96,0:36:02.60,Default,,0000,0000,0000,,last point. Chain of custody: One more
Dialogue: 0,0:36:02.60,0:36:04.64,Default,,0000,0000,0000,,time, and I guess I’m going to
Dialogue: 0,0:36:04.64,0:36:07.12,Default,,0000,0000,0000,,mention this one more time because chain
Dialogue: 0,0:36:07.12,0:36:10.28,Default,,0000,0000,0000,,of custody means or opens the door for
Dialogue: 0,0:36:10.28,0:36:13.08,Default,,0000,0000,0000,,you to present a case in the court of
Dialogue: 0,0:36:13.08,0:36:17.40,Default,,0000,0000,0000,,law or to prove, in
Dialogue: 0,0:36:17.40,0:36:20.04,Default,,0000,0000,0000,,your organization, that what you
Dialogue: 0,0:36:20.04,0:36:22.52,Default,,0000,0000,0000,,are presenting is appropriate. You have
Dialogue: 0,0:36:22.52,0:36:25.84,Default,,0000,0000,0000,,to plan how you are going to collect the
Dialogue: 0,0:36:25.84,0:36:29.16,Default,,0000,0000,0000,,data. you have to plan with anticipation
Dialogue: 0,0:36:29.16,0:36:31.64,Default,,0000,0000,0000,,the specific tools you are going to use
Dialogue: 0,0:36:31.64,0:36:34.76,Default,,0000,0000,0000,,what methods are you going to consider
Dialogue: 0,0:36:34.76,0:36:37.20,Default,,0000,0000,0000,,in your data collection process this is
Dialogue: 0,0:36:37.20,0:36:40.08,Default,,0000,0000,0000,,relevant and you always have to consider
Dialogue: 0,0:36:40.08,0:36:44.04,Default,,0000,0000,0000,,the coms coms is probably more important
Dialogue: 0,0:36:44.04,0:36:47.52,Default,,0000,0000,0000,,than PR when you select or decided to
Dialogue: 0,0:36:47.52,0:36:51.12,Default,,0000,0000,0000,,use a particular application for the
Dialogue: 0,0:36:51.12,0:36:54.16,Default,,0000,0000,0000,,data acquisition you always want to
Dialogue: 0,0:36:54.16,0:36:57.36,Default,,0000,0000,0000,,focus on the negative people usually
Dialogue: 0,0:36:57.36,0:36:59.68,Default,,0000,0000,0000,,tends to talk about the positive oh I
Dialogue: 0,0:36:59.68,0:37:02.08,Default,,0000,0000,0000,,like why the Shar because this and that
Dialogue: 0,0:37:02.08,0:37:03.56,Default,,0000,0000,0000,,it's better that you focus on the
Dialogue: 0,0:37:03.56,0:37:06.88,Default,,0000,0000,0000,,negative in Information Technology
Dialogue: 0,0:37:06.88,0:37:09.60,Default,,0000,0000,0000,,everything has cross and comes no
Dialogue: 0,0:37:09.60,0:37:13.24,Default,,0000,0000,0000,,exceptions exceptions do not exist there
Dialogue: 0,0:37:13.24,0:37:16.84,Default,,0000,0000,0000,,is not one exception everything positive
Dialogue: 0,0:37:16.84,0:37:18.76,Default,,0000,0000,0000,,have something negative in information
Dialogue: 0,0:37:18.76,0:37:20.88,Default,,0000,0000,0000,,technology and this is what you want to
Dialogue: 0,0:37:20.88,0:37:24.60,Default,,0000,0000,0000,,focus on it to avoid problems at the end
Dialogue: 0,0:37:24.60,0:37:27.80,Default,,0000,0000,0000,,Okay so
Dialogue: 0,0:37:27.80,0:37:29.80,Default,,0000,0000,0000,,how about the verification process you
Dialogue: 0,0:37:29.80,0:37:33.80,Default,,0000,0000,0000,,have to verify before you work with the
Dialogue: 0,0:37:33.80,0:37:36.64,Default,,0000,0000,0000,,real data that the tools and methods you
Dialogue: 0,0:37:36.64,0:37:39.96,Default,,0000,0000,0000,,selected work okay you never want to
Dialogue: 0,0:37:39.96,0:37:42.56,Default,,0000,0000,0000,,mess up with the original data needed
Dialogue: 0,0:37:42.56,0:37:45.36,Default,,0000,0000,0000,,with a copy you want to test in a test
Dialogue: 0,0:37:45.36,0:37:48.36,Default,,0000,0000,0000,,environment your tools your methods your
Dialogue: 0,0:37:48.36,0:37:50.40,Default,,0000,0000,0000,,approach the steps you are going to
Dialogue: 0,0:37:50.40,0:37:53.44,Default,,0000,0000,0000,,follow is very time consuming it is but
Dialogue: 0,0:37:53.44,0:37:56.96,Default,,0000,0000,0000,,by the way it's also very well paid is
Dialogue: 0,0:37:56.96,0:37:58.92,Default,,0000,0000,0000,,very well paid the only thing I can tell
Dialogue: 0,0:37:58.92,0:38:00.88,Default,,0000,0000,0000,,you that it's very well paid you have no
Dialogue: 0,0:38:00.88,0:38:04.36,Default,,0000,0000,0000,,idea if you become a cyber security
Dialogue: 0,0:38:04.36,0:38:07.20,Default,,0000,0000,0000,,expert and specialize in digital
Dialogue: 0,0:38:07.20,0:38:10.68,Default,,0000,0000,0000,,forensic this is where the money is and
Dialogue: 0,0:38:10.68,0:38:13.24,Default,,0000,0000,0000,,trust me this is where the money is okay
Dialogue: 0,0:38:13.24,0:38:17.60,Default,,0000,0000,0000,,I'm telling you first person duplication
Dialogue: 0,0:38:17.60,0:38:21.00,Default,,0000,0000,0000,,we talk about that already the only way
Dialogue: 0,0:38:21.00,0:38:23.96,Default,,0000,0000,0000,,to do that is by creating bit forbit
Dialogue: 0,0:38:23.96,0:38:27.12,Default,,0000,0000,0000,,image there is no other ways okay this
Dialogue: 0,0:38:27.12,0:38:29.92,Default,,0000,0000,0000,,is why you you want to use PR blocking
Dialogue: 0,0:38:29.92,0:38:31.92,Default,,0000,0000,0000,,devices software and Hardware I
Dialogue: 0,0:38:31.92,0:38:34.56,Default,,0000,0000,0000,,mentioned that before Tex rooms and
Dialogue: 0,0:38:34.56,0:38:37.04,Default,,0000,0000,0000,,hatching different concepts that some
Dialogue: 0,0:38:37.04,0:38:40.16,Default,,0000,0000,0000,,people are still confusing about it okay
Dialogue: 0,0:38:40.16,0:38:42.04,Default,,0000,0000,0000,,there is a huge difference between the
Dialogue: 0,0:38:42.04,0:38:46.04,Default,,0000,0000,0000,,two the main one is that Asing is a
Dialogue: 0,0:38:46.04,0:38:49.76,Default,,0000,0000,0000,,oneway function you go from the left to
Dialogue: 0,0:38:49.76,0:38:51.92,Default,,0000,0000,0000,,the right and usually you don't have the
Dialogue: 0,0:38:51.92,0:38:53.72,Default,,0000,0000,0000,,ability to come back to replicate the
Dialogue: 0,0:38:53.72,0:38:56.84,Default,,0000,0000,0000,,process of course if you have the
Dialogue: 0,0:38:56.84,0:38:59.28,Default,,0000,0000,0000,,algorithms on hand then you can do
Dialogue: 0,0:38:59.28,0:39:02.04,Default,,0000,0000,0000,,reverse engineering this is obvious but
Dialogue: 0,0:39:02.04,0:39:04.32,Default,,0000,0000,0000,,this is not what happen in regular
Dialogue: 0,0:39:04.32,0:39:06.92,Default,,0000,0000,0000,,conditions okay so check zoom and
Dialogue: 0,0:39:06.92,0:39:10.32,Default,,0000,0000,0000,,hatching both minimize the possibility
Dialogue: 0,0:39:10.32,0:39:13.20,Default,,0000,0000,0000,,that you mistake in your digital
Dialogue: 0,0:39:13.20,0:39:15.64,Default,,0000,0000,0000,,forensic ER
Dialogue: 0,0:39:15.64,0:39:18.24,Default,,0000,0000,0000,,analysis the other component is
Dialogue: 0,0:39:18.24,0:39:21.60,Default,,0000,0000,0000,,acquisition okay so how are you going to
Dialogue: 0,0:39:21.60,0:39:23.60,Default,,0000,0000,0000,,collect the data what particular tools
Dialogue: 0,0:39:23.60,0:39:26.04,Default,,0000,0000,0000,,are you going to use you always have to
Dialogue: 0,0:39:26.04,0:39:29.36,Default,,0000,0000,0000,,maintain a strict R only access to the
Dialogue: 0,0:39:29.36,0:39:31.56,Default,,0000,0000,0000,,source if you have the ability to
Dialogue: 0,0:39:31.56,0:39:34.64,Default,,0000,0000,0000,,manipulate the data in the source you
Dialogue: 0,0:39:34.64,0:39:37.64,Default,,0000,0000,0000,,have the ability to tamper with actually
Dialogue: 0,0:39:37.64,0:39:39.68,Default,,0000,0000,0000,,the most important consideration out of
Dialogue: 0,0:39:39.68,0:39:43.68,Default,,0000,0000,0000,,the CIA which is integrity if the
Dialogue: 0,0:39:43.68,0:39:46.92,Default,,0000,0000,0000,,opponent is the opposite part to you in
Dialogue: 0,0:39:46.92,0:39:49.56,Default,,0000,0000,0000,,your organization the defendant in other
Dialogue: 0,0:39:49.56,0:39:53.52,Default,,0000,0000,0000,,words have the ability to prove that
Dialogue: 0,0:39:53.52,0:39:56.88,Default,,0000,0000,0000,,the the original data or source can be
Dialogue: 0,0:39:56.88,0:39:58.96,Default,,0000,0000,0000,,manipulated in any way the conversation
Dialogue: 0,0:39:58.96,0:40:01.92,Default,,0000,0000,0000,,is 100% over and the case will be
Dialogue: 0,0:40:01.92,0:40:04.32,Default,,0000,0000,0000,,dismissed categorically speaking it's no
Dialogue: 0,0:40:04.32,0:40:07.84,Default,,0000,0000,0000,,more conversation so this is a humongous
Dialogue: 0,0:40:07.84,0:40:10.44,Default,,0000,0000,0000,,responsibility when it comes to data
Dialogue: 0,0:40:10.44,0:40:12.92,Default,,0000,0000,0000,,acquisition what protocols you use what
Dialogue: 0,0:40:12.92,0:40:14.80,Default,,0000,0000,0000,,the specific tools how do you plan it
Dialogue: 0,0:40:14.80,0:40:17.04,Default,,0000,0000,0000,,how you document is a very painful
Dialogue: 0,0:40:17.04,0:40:21.32,Default,,0000,0000,0000,,process in other words okay now data
Dialogue: 0,0:40:21.32,0:40:24.48,Default,,0000,0000,0000,,recovery we already talk about the
Dialogue: 0,0:40:24.48,0:40:27.40,Default,,0000,0000,0000,,complexity of finding a needle in a tone
Dialogue: 0,0:40:27.40,0:40:30.44,Default,,0000,0000,0000,,of s this is super complex okay but it's
Dialogue: 0,0:40:30.44,0:40:34.08,Default,,0000,0000,0000,,doable the only thing you have to use is
Dialogue: 0,0:40:34.08,0:40:36.00,Default,,0000,0000,0000,,the appropriate tools and you you need
Dialogue: 0,0:40:36.00,0:40:38.44,Default,,0000,0000,0000,,to have a specific plan because every
Dialogue: 0,0:40:38.44,0:40:41.96,Default,,0000,0000,0000,,single case is 100% different digital
Dialogue: 0,0:40:41.96,0:40:44.80,Default,,0000,0000,0000,,signatures sign the acquire data in
Dialogue: 0,0:40:44.80,0:40:48.40,Default,,0000,0000,0000,,hatches with a dig digital signature for
Dialogue: 0,0:40:48.40,0:40:50.44,Default,,0000,0000,0000,,authentication there are multiple cases
Dialogue: 0,0:40:50.44,0:40:53.96,Default,,0000,0000,0000,,today in which H signatures are not
Dialogue: 0,0:40:53.96,0:40:56.96,Default,,0000,0000,0000,,accepted anymore in the go government I
Dialogue: 0,0:40:56.96,0:40:58.80,Default,,0000,0000,0000,,am a Federal Officer for the US
Dialogue: 0,0:40:58.80,0:41:01.92,Default,,0000,0000,0000,,Department of Commerce in USA in the
Dialogue: 0,0:41:01.92,0:41:04.56,Default,,0000,0000,0000,,government we are not allowed to sign
Dialogue: 0,0:41:04.56,0:41:07.68,Default,,0000,0000,0000,,anything by hand for many years back
Dialogue: 0,0:41:07.68,0:41:11.60,Default,,0000,0000,0000,,many years okay digital signatures have
Dialogue: 0,0:41:11.60,0:41:15.72,Default,,0000,0000,0000,,a specific component that minimize
Dialogue: 0,0:41:15.72,0:41:18.24,Default,,0000,0000,0000,,dramatically speaking the possibility of
Dialogue: 0,0:41:18.24,0:41:20.72,Default,,0000,0000,0000,,replication and this is why this is
Dialogue: 0,0:41:20.72,0:41:23.36,Default,,0000,0000,0000,,accepted in the court of law
Dialogue: 0,0:41:23.36,0:41:26.00,Default,,0000,0000,0000,,verification R verifies the Integrity of
Dialogue: 0,0:41:26.00,0:41:29.44,Default,,0000,0000,0000,,that Qui image by comparing hash values
Dialogue: 0,0:41:29.44,0:41:32.24,Default,,0000,0000,0000,,with those calculated before the hash
Dialogue: 0,0:41:32.24,0:41:36.28,Default,,0000,0000,0000,,values must be exact no difference not
Dialogue: 0,0:41:36.28,0:41:39.08,Default,,0000,0000,0000,,even in one
Dialogue: 0,0:41:39.08,0:41:43.28,Default,,0000,0000,0000,,0.001 percentage most much 100%
Dialogue: 0,0:41:43.28,0:41:46.52,Default,,0000,0000,0000,,categorically speaking otherwise the
Dialogue: 0,0:41:46.52,0:41:49.12,Default,,0000,0000,0000,,court is going to dismiss the case as
Dialogue: 0,0:41:49.12,0:41:52.24,Default,,0000,0000,0000,,well or the organization probably is not
Dialogue: 0,0:41:52.24,0:41:55.12,Default,,0000,0000,0000,,going to take the appropriate action vus
Dialogue: 0,0:41:55.12,0:41:59.12,Default,,0000,0000,0000,,in a particular individual or problem or
Dialogue: 0,0:41:59.12,0:42:03.08,Default,,0000,0000,0000,,process okay LS and no we already talk
Dialogue: 0,0:42:03.08,0:42:05.56,Default,,0000,0000,0000,,about documentation at the beginning you
Dialogue: 0,0:42:05.56,0:42:09.28,Default,,0000,0000,0000,,have to actually make sure that
Dialogue: 0,0:42:09.28,0:42:12.24,Default,,0000,0000,0000,,everything is timestamped as I mentioned
Dialogue: 0,0:42:12.24,0:42:15.04,Default,,0000,0000,0000,,before at the beginning digital forensic
Dialogue: 0,0:42:15.04,0:42:18.44,Default,,0000,0000,0000,,must be collected in a particular order
Dialogue: 0,0:42:18.44,0:42:21.40,Default,,0000,0000,0000,,analyzed in the similar Manner and
Dialogue: 0,0:42:21.40,0:42:24.60,Default,,0000,0000,0000,,presented in the report in the specific
Dialogue: 0,0:42:24.60,0:42:28.04,Default,,0000,0000,0000,,order in which the process was done
Dialogue: 0,0:42:28.04,0:42:31.16,Default,,0000,0000,0000,,otherwise the process is going to be
Dialogue: 0,0:42:31.16,0:42:33.72,Default,,0000,0000,0000,,disqualified and this is exclusively at
Dialogue: 0,0:42:33.72,0:42:36.88,Default,,0000,0000,0000,,this point our own responsibility and
Dialogue: 0,0:42:36.88,0:42:41.52,Default,,0000,0000,0000,,nobody else okay the storage we already
Dialogue: 0,0:42:41.52,0:42:44.88,Default,,0000,0000,0000,,know that gain of custody is one of the
Dialogue: 0,0:42:44.88,0:42:46.52,Default,,0000,0000,0000,,most important component there are
Dialogue: 0,0:42:46.52,0:42:49.16,Default,,0000,0000,0000,,multiple forms depending of the state in
Dialogue: 0,0:42:49.16,0:42:51.96,Default,,0000,0000,0000,,which you live and the countries as well
Dialogue: 0,0:42:51.96,0:42:54.68,Default,,0000,0000,0000,,that you have to follow anything if you
Dialogue: 0,0:42:54.68,0:42:57.56,Default,,0000,0000,0000,,miss a check mark or if you put a check
Dialogue: 0,0:42:57.56,0:43:00.40,Default,,0000,0000,0000,,mark on those particular forms you are
Dialogue: 0,0:43:00.40,0:43:04.08,Default,,0000,0000,0000,,basically dismissing you the case you
Dialogue: 0,0:43:04.08,0:43:06.72,Default,,0000,0000,0000,,intentionally the court doesn't work in
Dialogue: 0,0:43:06.72,0:43:10.04,Default,,0000,0000,0000,,the way many of us believe okay we have
Dialogue: 0,0:43:10.04,0:43:12.28,Default,,0000,0000,0000,,the possibility to put somebody in the
Dialogue: 0,0:43:12.28,0:43:16.36,Default,,0000,0000,0000,,electric share or to release to provide
Dialogue: 0,0:43:16.36,0:43:18.52,Default,,0000,0000,0000,,to this particular individual or
Dialogue: 0,0:43:18.52,0:43:21.88,Default,,0000,0000,0000,,organization what we said is relevant
Dialogue: 0,0:43:21.88,0:43:24.40,Default,,0000,0000,0000,,okay this is very important the brift
Dialogue: 0,0:43:24.40,0:43:26.12,Default,,0000,0000,0000,,you always have to be in Comm
Dialogue: 0,0:43:26.12,0:43:29.64,Default,,0000,0000,0000,,communication with all parties both the
Dialogue: 0,0:43:29.64,0:43:32.36,Default,,0000,0000,0000,,one presenting the digital process or
Dialogue: 0,0:43:32.36,0:43:35.36,Default,,0000,0000,0000,,ruling the process and the other part as
Dialogue: 0,0:43:35.36,0:43:39.52,Default,,0000,0000,0000,,well you cannot hide anything Zero from
Dialogue: 0,0:43:39.52,0:43:41.88,Default,,0000,0000,0000,,your opponents in the court of law or
Dialogue: 0,0:43:41.88,0:43:44.72,Default,,0000,0000,0000,,for the defendant part never in your
Dialogue: 0,0:43:44.72,0:43:47.56,Default,,0000,0000,0000,,life this is why the first bullet in the
Dialogue: 0,0:43:47.56,0:43:50.04,Default,,0000,0000,0000,,whole presentation was as you may
Dialogue: 0,0:43:50.04,0:43:54.08,Default,,0000,0000,0000,,remember ethics okay in digital forensic
Dialogue: 0,0:43:54.08,0:43:57.48,Default,,0000,0000,0000,,we provide what we known to the other
Dialogue: 0,0:43:57.48,0:44:00.44,Default,,0000,0000,0000,,parties as well even to the defendant to
Dialogue: 0,0:44:00.44,0:44:03.12,Default,,0000,0000,0000,,the opponents every single time no
Dialogue: 0,0:44:03.12,0:44:06.52,Default,,0000,0000,0000,,exception and we provide every single
Dialogue: 0,0:44:06.52,0:44:09.56,Default,,0000,0000,0000,,artifact with the most clear possible
Dialogue: 0,0:44:09.56,0:44:12.48,Default,,0000,0000,0000,,explanation to the opponents this is how
Dialogue: 0,0:44:12.48,0:44:14.88,Default,,0000,0000,0000,,the digital forensic process work
Dialogue: 0,0:44:14.88,0:44:17.72,Default,,0000,0000,0000,,otherwise it will be dismissed as well
Dialogue: 0,0:44:17.72,0:44:20.84,Default,,0000,0000,0000,,in the court steing you have to make
Dialogue: 0,0:44:20.84,0:44:24.16,Default,,0000,0000,0000,,sure that every single piece of digital
Dialogue: 0,0:44:24.16,0:44:27.00,Default,,0000,0000,0000,,evidence is
Dialogue: 0,0:44:27.00,0:44:30.52,Default,,0000,0000,0000,,properly still then that you follow the
Dialogue: 0,0:44:30.52,0:44:32.72,Default,,0000,0000,0000,,process by the book again if you Skip
Dialogue: 0,0:44:32.72,0:44:36.64,Default,,0000,0000,0000,,One Step just one out of 100 or 200s
Dialogue: 0,0:44:36.64,0:44:39.52,Default,,0000,0000,0000,,depending of the case the case is going
Dialogue: 0,0:44:39.52,0:44:42.72,Default,,0000,0000,0000,,to be this measure no exceptions the Cod
Dialogue: 0,0:44:42.72,0:44:46.32,Default,,0000,0000,0000,,goes by the book as you can imagine and
Dialogue: 0,0:44:46.32,0:44:48.00,Default,,0000,0000,0000,,your opponent is going to be very
Dialogue: 0,0:44:48.00,0:44:50.20,Default,,0000,0000,0000,,attentive to to the minimum possible
Dialogue: 0,0:44:50.20,0:44:53.84,Default,,0000,0000,0000,,failure to dismiss the case okay so how
Dialogue: 0,0:44:53.84,0:44:56.20,Default,,0000,0000,0000,,you transport the data from one place to
Dialogue: 0,0:44:56.20,0:44:59.24,Default,,0000,0000,0000,,the other place chain of custody this is
Dialogue: 0,0:44:59.24,0:45:02.76,Default,,0000,0000,0000,,the key component chain of custody data
Dialogue: 0,0:45:02.76,0:45:06.20,Default,,0000,0000,0000,,encryption you have to make sure that
Dialogue: 0,0:45:06.20,0:45:10.44,Default,,0000,0000,0000,,you prevent or actually Pro prevent a
Dialogue: 0,0:45:10.44,0:45:13.12,Default,,0000,0000,0000,,Integrity manipulation and you always
Dialogue: 0,0:45:13.12,0:45:16.32,Default,,0000,0000,0000,,want to meure the confidentiality of the
Dialogue: 0,0:45:16.32,0:45:19.00,Default,,0000,0000,0000,,data CIA we already talked about the
Dialogue: 0,0:45:19.00,0:45:21.52,Default,,0000,0000,0000,,component confidentiality Integrity
Dialogue: 0,0:45:21.52,0:45:23.48,Default,,0000,0000,0000,,availability from the digital forensic
Dialogue: 0,0:45:23.48,0:45:26.32,Default,,0000,0000,0000,,standpoint the most important no
Dialogue: 0,0:45:26.32,0:45:29.88,Default,,0000,0000,0000,,exception is integrity and also the
Dialogue: 0,0:45:29.88,0:45:32.32,Default,,0000,0000,0000,,confidentiality okay so from the
Dialogue: 0,0:45:32.32,0:45:35.20,Default,,0000,0000,0000,,recovery image standpoint you always
Dialogue: 0,0:45:35.20,0:45:37.96,Default,,0000,0000,0000,,want to have a duplicate for validation
Dialogue: 0,0:45:37.96,0:45:40.76,Default,,0000,0000,0000,,and reanalysis and remember that you
Dialogue: 0,0:45:40.76,0:45:43.56,Default,,0000,0000,0000,,always want to work with a copy of the
Dialogue: 0,0:45:43.56,0:45:47.92,Default,,0000,0000,0000,,digital evidence 100% of the time no 9
Dialogue: 0,0:45:47.92,0:45:50.68,Default,,0000,0000,0000,,you have to preserve the original
Dialogue: 0,0:45:50.68,0:45:52.72,Default,,0000,0000,0000,,evidence this is part of our
Dialogue: 0,0:45:52.72,0:45:56.48,Default,,0000,0000,0000,,responsibility and this is why we do bit
Dialogue: 0,0:45:56.48,0:46:00.48,Default,,0000,0000,0000,,by bit analysis and bit by bit copy it's
Dialogue: 0,0:46:00.48,0:46:04.20,Default,,0000,0000,0000,,complex okay now a specific step in
Dialogue: 0,0:46:04.20,0:46:06.08,Default,,0000,0000,0000,,digital forensics to analyze the
Dialogue: 0,0:46:06.08,0:46:08.72,Default,,0000,0000,0000,,collected data at this point you already
Dialogue: 0,0:46:08.72,0:46:10.88,Default,,0000,0000,0000,,went through multiple process and spent
Dialogue: 0,0:46:10.88,0:46:14.36,Default,,0000,0000,0000,,a lot of time how do you analyze the
Dialogue: 0,0:46:14.36,0:46:16.08,Default,,0000,0000,0000,,data you have because you are going to
Dialogue: 0,0:46:16.08,0:46:19.40,Default,,0000,0000,0000,,have probably terabytes of data okay
Dialogue: 0,0:46:19.40,0:46:23.68,Default,,0000,0000,0000,,well you have to make sure that hashing
Dialogue: 0,0:46:23.68,0:46:27.44,Default,,0000,0000,0000,,and TS digital signatures and the chain
Dialogue: 0,0:46:27.44,0:46:31.48,Default,,0000,0000,0000,,of custody have been followed data
Dialogue: 0,0:46:31.48,0:46:34.00,Default,,0000,0000,0000,,priorization what happens and what is
Dialogue: 0,0:46:34.00,0:46:35.88,Default,,0000,0000,0000,,more relevant you cannot present in the
Dialogue: 0,0:46:35.88,0:46:38.80,Default,,0000,0000,0000,,court two terabytes of data or 2,000
Dialogue: 0,0:46:38.80,0:46:41.64,Default,,0000,0000,0000,,Pages this is Irrelevant for the case
Dialogue: 0,0:46:41.64,0:46:44.24,Default,,0000,0000,0000,,okay you have to make sure that you use
Dialogue: 0,0:46:44.24,0:46:47.24,Default,,0000,0000,0000,,keywords in order to provide a solid
Dialogue: 0,0:46:47.24,0:46:49.68,Default,,0000,0000,0000,,report to the court for this particular
Dialogue: 0,0:46:49.68,0:46:52.84,Default,,0000,0000,0000,,case for the keywords artificial
Dialogue: 0,0:46:52.84,0:46:56.00,Default,,0000,0000,0000,,intelligence have been proven to me that
Dialogue: 0,0:46:56.00,0:46:59.32,Default,,0000,0000,0000,,is of huge help file caring you have to
Dialogue: 0,0:46:59.32,0:47:02.12,Default,,0000,0000,0000,,use a specialized tool to recover files
Dialogue: 0,0:47:02.12,0:47:05.48,Default,,0000,0000,0000,,that may been deleted or you
Dialogue: 0,0:47:05.48,0:47:08.76,Default,,0000,0000,0000,,intentionally hiting timeline analysis
Dialogue: 0,0:47:08.76,0:47:11.44,Default,,0000,0000,0000,,we talk about you have to do everything
Dialogue: 0,0:47:11.44,0:47:13.92,Default,,0000,0000,0000,,by following a particular sequence of
Dialogue: 0,0:47:13.92,0:47:16.72,Default,,0000,0000,0000,,activities in other words you have to
Dialogue: 0,0:47:16.72,0:47:18.76,Default,,0000,0000,0000,,present and do the analysis in
Dialogue: 0,0:47:18.76,0:47:21.28,Default,,0000,0000,0000,,chronological order in the way that you
Dialogue: 0,0:47:21.28,0:47:23.88,Default,,0000,0000,0000,,collect the data this is the exact way
Dialogue: 0,0:47:23.88,0:47:26.04,Default,,0000,0000,0000,,you do the analysis and later you do
Dialogue: 0,0:47:26.04,0:47:28.12,Default,,0000,0000,0000,,correlation okay but you have to follow
Dialogue: 0,0:47:28.12,0:47:30.76,Default,,0000,0000,0000,,a particular chronological order data
Dialogue: 0,0:47:30.76,0:47:33.44,Default,,0000,0000,0000,,recovery you have to do your best to
Dialogue: 0,0:47:33.44,0:47:35.52,Default,,0000,0000,0000,,reconstruct the data that have been
Dialogue: 0,0:47:35.52,0:47:38.56,Default,,0000,0000,0000,,deleted or probably damaged even by a
Dialogue: 0,0:47:38.56,0:47:40.88,Default,,0000,0000,0000,,physical or electronic condition in the
Dialogue: 0,0:47:40.88,0:47:43.68,Default,,0000,0000,0000,,storage media the metadata analysis is
Dialogue: 0,0:47:43.68,0:47:46.24,Default,,0000,0000,0000,,also complex okay this is the next
Dialogue: 0,0:47:46.24,0:47:49.24,Default,,0000,0000,0000,,component after the time the timeline
Dialogue: 0,0:47:49.24,0:47:52.04,Default,,0000,0000,0000,,analysis metadata includes multiple kind
Dialogue: 0,0:47:52.04,0:47:54.88,Default,,0000,0000,0000,,of data so this part of the analysis is
Dialogue: 0,0:47:54.88,0:47:57.36,Default,,0000,0000,0000,,going to be complete colle and more time
Dialogue: 0,0:47:57.36,0:47:59.52,Default,,0000,0000,0000,,consuming than the data collection and
Dialogue: 0,0:47:59.52,0:48:02.32,Default,,0000,0000,0000,,the data collection is already very time
Dialogue: 0,0:48:02.32,0:48:04.76,Default,,0000,0000,0000,,consuming content analysis you have to
Dialogue: 0,0:48:04.76,0:48:06.28,Default,,0000,0000,0000,,be very careful because this is
Dialogue: 0,0:48:06.28,0:48:08.96,Default,,0000,0000,0000,,basically what the forensic analysis is
Dialogue: 0,0:48:08.96,0:48:12.24,Default,,0000,0000,0000,,going to be parent recognition how you
Dialogue: 0,0:48:12.24,0:48:15.80,Default,,0000,0000,0000,,can match one bit of data with another
Dialogue: 0,0:48:15.80,0:48:19.04,Default,,0000,0000,0000,,bit okay is there any association
Dialogue: 0,0:48:19.04,0:48:23.36,Default,,0000,0000,0000,,between bits between bites between data
Dialogue: 0,0:48:23.36,0:48:26.64,Default,,0000,0000,0000,,between words this is a iCal
Dialogue: 0,0:48:26.64,0:48:29.40,Default,,0000,0000,0000,,component communication analysis again
Dialogue: 0,0:48:29.40,0:48:31.32,Default,,0000,0000,0000,,you want to make sure that you include
Dialogue: 0,0:48:31.32,0:48:34.68,Default,,0000,0000,0000,,everything emails today are probably the
Dialogue: 0,0:48:34.68,0:48:37.76,Default,,0000,0000,0000,,most relevant component of digital
Dialogue: 0,0:48:37.76,0:48:39.80,Default,,0000,0000,0000,,forening analysis you wants to make sure
Dialogue: 0,0:48:39.80,0:48:42.84,Default,,0000,0000,0000,,that you master email analysis as well
Dialogue: 0,0:48:42.84,0:48:45.64,Default,,0000,0000,0000,,data encryption you always have to keep
Dialogue: 0,0:48:45.64,0:48:48.08,Default,,0000,0000,0000,,in mind the confidentiality and when we
Dialogue: 0,0:48:48.08,0:48:50.52,Default,,0000,0000,0000,,are talking about the recovery or the
Dialogue: 0,0:48:50.52,0:48:53.16,Default,,0000,0000,0000,,recovery image I mentioned that as well
Dialogue: 0,0:48:53.16,0:48:56.04,Default,,0000,0000,0000,,similar to the chain of custody before
Dialogue: 0,0:48:56.04,0:48:58.16,Default,,0000,0000,0000,,because you always have to pres the
Dialogue: 0,0:48:58.16,0:49:01.24,Default,,0000,0000,0000,,digital the original data evidence
Dialogue: 0,0:49:01.24,0:49:03.00,Default,,0000,0000,0000,,examination you want to make sure that
Dialogue: 0,0:49:03.00,0:49:06.00,Default,,0000,0000,0000,,you verify the Integrity of the data you
Dialogue: 0,0:49:06.00,0:49:08.80,Default,,0000,0000,0000,,have been acquiring including hash value
Dialogue: 0,0:49:08.80,0:49:11.44,Default,,0000,0000,0000,,digital signature and the chain of
Dialogue: 0,0:49:11.44,0:49:14.12,Default,,0000,0000,0000,,custodies we talk about this already
Dialogue: 0,0:49:14.12,0:49:16.88,Default,,0000,0000,0000,,this is a repeat of the slide by the way
Dialogue: 0,0:49:16.88,0:49:20.48,Default,,0000,0000,0000,,okay so database examination and you
Dialogue: 0,0:49:20.48,0:49:23.76,Default,,0000,0000,0000,,foring a duplicate slide so this slide
Dialogue: 0,0:49:23.76,0:49:27.68,Default,,0000,0000,0000,,is the same to this okay so my apology
Dialogue: 0,0:49:27.68,0:49:30.68,Default,,0000,0000,0000,,for that it's my fault data database
Dialogue: 0,0:49:30.68,0:49:33.00,Default,,0000,0000,0000,,examination investigate databases for
Dialogue: 0,0:49:33.00,0:49:35.48,Default,,0000,0000,0000,,valueable valuable information including
Dialogue: 0,0:49:35.48,0:49:38.76,Default,,0000,0000,0000,,structure data and locks entries Etc
Dialogue: 0,0:49:38.76,0:49:41.24,Default,,0000,0000,0000,,media analysis this is a very complex
Dialogue: 0,0:49:41.24,0:49:43.96,Default,,0000,0000,0000,,process because it's usually about atigo
Dialogue: 0,0:49:43.96,0:49:47.20,Default,,0000,0000,0000,,or include testigo and this is about
Dialogue: 0,0:49:47.20,0:49:50.04,Default,,0000,0000,0000,,image videos audios geolocation in
Dialogue: 0,0:49:50.04,0:49:52.32,Default,,0000,0000,0000,,digital signatures Network traffic
Dialogue: 0,0:49:52.32,0:49:56.36,Default,,0000,0000,0000,,analysis tools as why the Shar h but my
Dialogue: 0,0:49:56.36,0:49:59.16,Default,,0000,0000,0000,,suggestion is that you use all the tools
Dialogue: 0,0:49:59.16,0:50:02.12,Default,,0000,0000,0000,,that are part of the artificial
Dialogue: 0,0:50:02.12,0:50:04.72,Default,,0000,0000,0000,,intelligence applications we can use
Dialogue: 0,0:50:04.72,0:50:06.84,Default,,0000,0000,0000,,today and are available in the
Dialogue: 0,0:50:06.84,0:50:10.52,Default,,0000,0000,0000,,market estigo is always complex okay
Dialogue: 0,0:50:10.52,0:50:14.08,Default,,0000,0000,0000,,because stigo include not only image but
Dialogue: 0,0:50:14.08,0:50:16.88,Default,,0000,0000,0000,,in many cases audio as well and this is
Dialogue: 0,0:50:16.88,0:50:19.72,Default,,0000,0000,0000,,very complex time consuming you always
Dialogue: 0,0:50:19.72,0:50:22.36,Default,,0000,0000,0000,,wants to make sure that you use the
Dialogue: 0,0:50:22.36,0:50:24.36,Default,,0000,0000,0000,,appropriate estigo analysis techniques
Dialogue: 0,0:50:24.36,0:50:27.16,Default,,0000,0000,0000,,and that are multiple specific for
Dialogue: 0,0:50:27.16,0:50:29.96,Default,,0000,0000,0000,,volatile analysis as I mentioned before
Dialogue: 0,0:50:29.96,0:50:33.44,Default,,0000,0000,0000,,there is multiple ways to do
Dialogue: 0,0:50:33.44,0:50:37.60,Default,,0000,0000,0000,,data acquisition from RAM memory when we
Dialogue: 0,0:50:37.60,0:50:41.24,Default,,0000,0000,0000,,turn off the computer all the data from
Dialogue: 0,0:50:41.24,0:50:44.20,Default,,0000,0000,0000,,Ram doesn't goes off this is what
Dialogue: 0,0:50:44.20,0:50:47.32,Default,,0000,0000,0000,,everybody said this is what Google said
Dialogue: 0,0:50:47.32,0:50:48.96,Default,,0000,0000,0000,,this is what people that never do
Dialogue: 0,0:50:48.96,0:50:51.92,Default,,0000,0000,0000,,forensic investigation repeat this is
Dialogue: 0,0:50:51.92,0:50:54.92,Default,,0000,0000,0000,,not appropriate if you know how to do it
Dialogue: 0,0:50:54.92,0:50:57.48,Default,,0000,0000,0000,,and again I make the presentation for e
Dialogue: 0,0:50:57.48,0:51:00.44,Default,,0000,0000,0000,,councel in 2019 if you Google my name in
Dialogue: 0,0:51:00.44,0:51:02.64,Default,,0000,0000,0000,,this presentation you will be able to
Dialogue: 0,0:51:02.64,0:51:05.88,Default,,0000,0000,0000,,find a particular video in which I was
Dialogue: 0,0:51:05.88,0:51:08.36,Default,,0000,0000,0000,,able to recover data from RAM memory
Dialogue: 0,0:51:08.36,0:51:12.12,Default,,0000,0000,0000,,after the computer was took down took
Dialogue: 0,0:51:12.12,0:51:15.00,Default,,0000,0000,0000,,down believe it or not go for the other
Dialogue: 0,0:51:15.00,0:51:16.84,Default,,0000,0000,0000,,presentation that this is DC councel
Dialogue: 0,0:51:16.84,0:51:19.08,Default,,0000,0000,0000,,database and you will be able to see the
Dialogue: 0,0:51:19.08,0:51:21.64,Default,,0000,0000,0000,,video okay comparison you have to do
Dialogue: 0,0:51:21.64,0:51:24.36,Default,,0000,0000,0000,,cross reference every single time to
Dialogue: 0,0:51:24.36,0:51:27.04,Default,,0000,0000,0000,,make sure that the data you identify is
Dialogue: 0,0:51:27.04,0:51:30.36,Default,,0000,0000,0000,,appropriate and you always identify
Dialogue: 0,0:51:30.36,0:51:32.76,Default,,0000,0000,0000,,identity deviations and
Dialogue: 0,0:51:32.76,0:51:35.24,Default,,0000,0000,0000,,inconsistency before you do the final
Dialogue: 0,0:51:35.24,0:51:38.08,Default,,0000,0000,0000,,report I told you already when you
Dialogue: 0,0:51:38.08,0:51:40.84,Default,,0000,0000,0000,,present the report in the court of law
Dialogue: 0,0:51:40.84,0:51:44.36,Default,,0000,0000,0000,,and minimum mistake something minimum
Dialogue: 0,0:51:44.36,0:51:46.84,Default,,0000,0000,0000,,will be disqualified in the case for
Dialogue: 0,0:51:46.84,0:51:49.60,Default,,0000,0000,0000,,example in this presentation I include
Dialogue: 0,0:51:49.60,0:51:53.48,Default,,0000,0000,0000,,IED by mistake this slide and this slide
Dialogue: 0,0:51:53.48,0:51:56.00,Default,,0000,0000,0000,,if I do that in the in the court of flow
Dialogue: 0,0:51:56.00,0:51:56.96,Default,,0000,0000,0000,,is
Dialogue: 0,0:51:56.96,0:52:00.04,Default,,0000,0000,0000,,dismiss okay that's it it's no more
Dialogue: 0,0:52:00.04,0:52:02.40,Default,,0000,0000,0000,,conversation the emotion analysis we
Dialogue: 0,0:52:02.40,0:52:04.68,Default,,0000,0000,0000,,have talk about that we are talking
Dialogue: 0,0:52:04.68,0:52:07.84,Default,,0000,0000,0000,,about persons digital evidence is always
Dialogue: 0,0:52:07.84,0:52:11.92,Default,,0000,0000,0000,,related to people in process processes
Dialogue: 0,0:52:11.92,0:52:14.84,Default,,0000,0000,0000,,applications Hardware software so we
Dialogue: 0,0:52:14.84,0:52:17.92,Default,,0000,0000,0000,,want to make sure that what we present
Dialogue: 0,0:52:17.92,0:52:20.16,Default,,0000,0000,0000,,is accurate and from the documentation
Dialogue: 0,0:52:20.16,0:52:22.72,Default,,0000,0000,0000,,at some point it was the second point in
Dialogue: 0,0:52:22.72,0:52:25.40,Default,,0000,0000,0000,,the presentation we have to document
Dialogue: 0,0:52:25.40,0:52:28.24,Default,,0000,0000,0000,,everything reporting is about compiling
Dialogue: 0,0:52:28.24,0:52:31.56,Default,,0000,0000,0000,,in a clear and comprehensive manner
Dialogue: 0,0:52:31.56,0:52:33.72,Default,,0000,0000,0000,,including summaries methodologist and
Dialogue: 0,0:52:33.72,0:52:35.88,Default,,0000,0000,0000,,supporting evidence you have to include
Dialogue: 0,0:52:35.88,0:52:39.00,Default,,0000,0000,0000,,or at least in my case I always include
Dialogue: 0,0:52:39.00,0:52:41.96,Default,,0000,0000,0000,,the recordings of everything I do
Dialogue: 0,0:52:41.96,0:52:43.96,Default,,0000,0000,0000,,everything means even if I open my
Dialogue: 0,0:52:43.96,0:52:46.28,Default,,0000,0000,0000,,personal email or if a notification come
Dialogue: 0,0:52:46.28,0:52:48.80,Default,,0000,0000,0000,,to my computer and I open something in
Dialogue: 0,0:52:48.80,0:52:52.64,Default,,0000,0000,0000,,my my in my WhatsApp for example this is
Dialogue: 0,0:52:52.64,0:52:55.76,Default,,0000,0000,0000,,part of the recording as well okay so
Dialogue: 0,0:52:55.76,0:52:58.36,Default,,0000,0000,0000,,you have to make sure that you provide
Dialogue: 0,0:52:58.36,0:53:00.92,Default,,0000,0000,0000,,an expert testimony in order to do that
Dialogue: 0,0:53:00.92,0:53:02.36,Default,,0000,0000,0000,,you have to be an expert in digital
Dialogue: 0,0:53:02.36,0:53:06.00,Default,,0000,0000,0000,,currency Feer review consult with other
Dialogue: 0,0:53:06.00,0:53:08.28,Default,,0000,0000,0000,,with your partners with the opponent
Dialogue: 0,0:53:08.28,0:53:10.68,Default,,0000,0000,0000,,with the defendant part before you
Dialogue: 0,0:53:10.68,0:53:12.24,Default,,0000,0000,0000,,present it's not that you are going to
Dialogue: 0,0:53:12.24,0:53:14.80,Default,,0000,0000,0000,,modify to report because the defendant
Dialogue: 0,0:53:14.80,0:53:16.64,Default,,0000,0000,0000,,doesn't like it this is not what I'm
Dialogue: 0,0:53:16.64,0:53:18.92,Default,,0000,0000,0000,,telling you it's just that you are going
Dialogue: 0,0:53:18.92,0:53:21.36,Default,,0000,0000,0000,,to provide the report and by the way you
Dialogue: 0,0:53:21.36,0:53:24.12,Default,,0000,0000,0000,,must provide the report to the defendant
Dialogue: 0,0:53:24.12,0:53:26.72,Default,,0000,0000,0000,,before you go to the Court by the time
Dialogue: 0,0:53:26.72,0:53:28.48,Default,,0000,0000,0000,,you stand up in the court everything
Dialogue: 0,0:53:28.48,0:53:30.24,Default,,0000,0000,0000,,needs to be done the other part need to
Dialogue: 0,0:53:30.24,0:53:32.68,Default,,0000,0000,0000,,know exactly what you are going to
Dialogue: 0,0:53:32.68,0:53:35.28,Default,,0000,0000,0000,,present this is how the legal systems
Dialogue: 0,0:53:35.28,0:53:38.28,Default,,0000,0000,0000,,work okay with deceptions of very few
Dialogue: 0,0:53:38.28,0:53:41.00,Default,,0000,0000,0000,,countries but in the world this is how
Dialogue: 0,0:53:41.00,0:53:44.40,Default,,0000,0000,0000,,it work so the quality assurance is just
Dialogue: 0,0:53:44.40,0:53:46.24,Default,,0000,0000,0000,,making sure that what you present is
Dialogue: 0,0:53:46.24,0:53:49.48,Default,,0000,0000,0000,,appropriate the case management is how
Dialogue: 0,0:53:49.48,0:53:51.40,Default,,0000,0000,0000,,you use the digital forensic and manage
Dialogue: 0,0:53:51.40,0:53:53.68,Default,,0000,0000,0000,,system to track everything in analysis
Dialogue: 0,0:53:53.68,0:53:56.44,Default,,0000,0000,0000,,process and from the data privacy
Dialogue: 0,0:53:56.44,0:53:58.56,Default,,0000,0000,0000,,compliance I told you already every
Dialogue: 0,0:53:58.56,0:54:00.44,Default,,0000,0000,0000,,single place every single City every
Dialogue: 0,0:54:00.44,0:54:02.56,Default,,0000,0000,0000,,single state operate under different
Dialogue: 0,0:54:02.56,0:54:04.92,Default,,0000,0000,0000,,conditions popular tool for digital
Dialogue: 0,0:54:04.92,0:54:08.68,Default,,0000,0000,0000,,forensic few of those in Cas
Dialogue: 0,0:54:08.68,0:54:11.72,Default,,0000,0000,0000,,autopsy Access Data everybody know how
Dialogue: 0,0:54:11.72,0:54:14.56,Default,,0000,0000,0000,,is a forensic tool kit hway forensic
Dialogue: 0,0:54:14.56,0:54:17.96,Default,,0000,0000,0000,,celebrity vola volatility wi sh
Dialogue: 0,0:54:17.96,0:54:20.52,Default,,0000,0000,0000,,everybody most likely know oxygen
Dialogue: 0,0:54:20.52,0:54:22.84,Default,,0000,0000,0000,,forensic detective and the digital
Dialogue: 0,0:54:22.84,0:54:25.32,Default,,0000,0000,0000,,evidence and forensic tool kit so some
Dialogue: 0,0:54:25.32,0:54:28.16,Default,,0000,0000,0000,,of those are included in Cali others do
Dialogue: 0,0:54:28.16,0:54:31.36,Default,,0000,0000,0000,,not some are open source others are
Dialogue: 0,0:54:31.36,0:54:34.12,Default,,0000,0000,0000,,extremely expensive for example in case
Dialogue: 0,0:54:34.12,0:54:37.28,Default,,0000,0000,0000,,which is very very expensive some
Dialogue: 0,0:54:37.28,0:54:39.28,Default,,0000,0000,0000,,relevant reference about digital
Dialogue: 0,0:54:39.28,0:54:43.00,Default,,0000,0000,0000,,forensic I prefer to use keywords and
Dialogue: 0,0:54:43.00,0:54:45.60,Default,,0000,0000,0000,,not particular reference or books
Dialogue: 0,0:54:45.60,0:54:49.00,Default,,0000,0000,0000,,because I don't recommend any specific
Dialogue: 0,0:54:49.00,0:54:51.96,Default,,0000,0000,0000,,book instead the combination of content
Dialogue: 0,0:54:51.96,0:54:54.16,Default,,0000,0000,0000,,and knowledge and expertise but some
Dialogue: 0,0:54:54.16,0:54:56.48,Default,,0000,0000,0000,,words or key words you can use if you
Dialogue: 0,0:54:56.48,0:54:58.96,Default,,0000,0000,0000,,want to expand more in digital forensic
Dialogue: 0,0:54:58.96,0:55:02.08,Default,,0000,0000,0000,,are digital forensic best practice
Dialogue: 0,0:55:02.08,0:55:04.84,Default,,0000,0000,0000,,challenge iMobile digital forensic
Dialogue: 0,0:55:04.84,0:55:07.00,Default,,0000,0000,0000,,Network forensic techniques Cloud
Dialogue: 0,0:55:07.00,0:55:09.56,Default,,0000,0000,0000,,forensic investigations Internet of
Dialogue: 0,0:55:09.56,0:55:12.84,Default,,0000,0000,0000,,Things forensic memory forensic analysis
Dialogue: 0,0:55:12.84,0:55:14.80,Default,,0000,0000,0000,,because you want to stop repeating what
Dialogue: 0,0:55:14.80,0:55:17.12,Default,,0000,0000,0000,,you have been learning for years when
Dialogue: 0,0:55:17.12,0:55:19.16,Default,,0000,0000,0000,,you took down the computer with the
Dialogue: 0,0:55:19.16,0:55:21.24,Default,,0000,0000,0000,,computer is turn it
Dialogue: 0,0:55:21.24,0:55:24.12,Default,,0000,0000,0000,,off and there is a lot of data that
Dialogue: 0,0:55:24.12,0:55:26.76,Default,,0000,0000,0000,,remains in r memory for a particular
Dialogue: 0,0:55:26.76,0:55:30.52,Default,,0000,0000,0000,,amount of time of course okay so try to
Dialogue: 0,0:55:30.52,0:55:32.88,Default,,0000,0000,0000,,expand on this topic malware analysis in
Dialogue: 0,0:55:32.88,0:55:35.44,Default,,0000,0000,0000,,digital forensic and cyber security and
Dialogue: 0,0:55:35.44,0:55:37.84,Default,,0000,0000,0000,,digital forensic Trends those are
Dialogue: 0,0:55:37.84,0:55:41.24,Default,,0000,0000,0000,,keywords that will be facilitating your
Dialogue: 0,0:55:41.24,0:55:44.28,Default,,0000,0000,0000,,expansion or you expanding on digital
Dialogue: 0,0:55:44.28,0:55:48.24,Default,,0000,0000,0000,,forensic knowledge other
Dialogue: 0,0:55:48.24,0:55:50.88,Default,,0000,0000,0000,,considerations are some particular
Dialogue: 0,0:55:50.88,0:55:54.24,Default,,0000,0000,0000,,journals okay I in this case I'm going
Dialogue: 0,0:55:54.24,0:55:56.80,Default,,0000,0000,0000,,to risk and recommend the digital
Dialogue: 0,0:55:56.80,0:55:59.72,Default,,0000,0000,0000,,investigation that is published by xier
Dialogue: 0,0:55:59.72,0:56:02.48,Default,,0000,0000,0000,,is one of the top in the world the other
Dialogue: 0,0:56:02.48,0:56:04.60,Default,,0000,0000,0000,,one is the Journal of digital forensic
Dialogue: 0,0:56:04.60,0:56:07.56,Default,,0000,0000,0000,,security and law and forensic science
Dialogue: 0,0:56:07.56,0:56:12.16,Default,,0000,0000,0000,,International digital investigation
Dialogue: 0,0:56:12.84,0:56:15.52,Default,,0000,0000,0000,,report I'm open to any question you may
Dialogue: 0,0:56:15.52,0:56:19.32,Default,,0000,0000,0000,,have and one more time I want before I
Dialogue: 0,0:56:19.32,0:56:22.44,Default,,0000,0000,0000,,close my lips I want to sincerely thank
Dialogue: 0,0:56:22.44,0:56:25.16,Default,,0000,0000,0000,,you EC Council for another opportunity
Dialogue: 0,0:56:25.16,0:56:27.76,Default,,0000,0000,0000,,to talk about this fascinating topic
Dialogue: 0,0:56:27.76,0:56:29.88,Default,,0000,0000,0000,,thank you very much for all the staff in
Dialogue: 0,0:56:29.88,0:56:34.08,Default,,0000,0000,0000,,the e Council that work tily who made
Dialogue: 0,0:56:34.08,0:56:37.08,Default,,0000,0000,0000,,this presentation a possibility and
Dialogue: 0,0:56:37.08,0:56:39.00,Default,,0000,0000,0000,,thank you so much as well for you guys
Dialogue: 0,0:56:39.00,0:56:41.16,Default,,0000,0000,0000,,attending the conf the conference and
Dialogue: 0,0:56:41.16,0:56:44.44,Default,,0000,0000,0000,,for the questions that you may
Dialogue: 0,0:56:44.88,0:56:47.56,Default,,0000,0000,0000,,ask thank you very much Dr Lewis for
Dialogue: 0,0:56:47.56,0:56:49.20,Default,,0000,0000,0000,,such an insightful and informative
Dialogue: 0,0:56:49.20,0:56:50.76,Default,,0000,0000,0000,,session that was really a very
Dialogue: 0,0:56:50.76,0:56:52.88,Default,,0000,0000,0000,,interesting webinar and we hope it was
Dialogue: 0,0:56:52.88,0:56:55.48,Default,,0000,0000,0000,,worth your time too now now before we
Dialogue: 0,0:56:55.48,0:56:57.28,Default,,0000,0000,0000,,begin with the Q&A I would like to
Dialogue: 0,0:56:57.28,0:56:59.68,Default,,0000,0000,0000,,inform all the attendees that EC
Dialogue: 0,0:56:59.68,0:57:03.12,Default,,0000,0000,0000,,council's CH maps to the forensic
Dialogue: 0,0:57:03.12,0:57:05.32,Default,,0000,0000,0000,,investigator and the consultant digital
Dialogue: 0,0:57:05.32,0:57:07.76,Default,,0000,0000,0000,,forensics anyone with the chfi
Dialogue: 0,0:57:07.76,0:57:10.08,Default,,0000,0000,0000,,certification is eligible for 4,000 plus
Dialogue: 0,0:57:10.08,0:57:12.20,Default,,0000,0000,0000,,job vacancies globally with an average
Dialogue: 0,0:57:12.20,0:57:13.24,Default,,0000,0000,0000,,salary of
Dialogue: 0,0:57:13.24,0:57:15.32,Default,,0000,0000,0000,,$95,000 if you're interested to learn
Dialogue: 0,0:57:15.32,0:57:17.08,Default,,0000,0000,0000,,more andly take part in the poll that's
Dialogue: 0,0:57:17.08,0:57:18.84,Default,,0000,0000,0000,,going to be conducted now let us know
Dialogue: 0,0:57:18.84,0:57:20.24,Default,,0000,0000,0000,,your preferred mode of training and we
Dialogue: 0,0:57:20.24,0:57:23.04,Default,,0000,0000,0000,,will reach out to you
Dialogue: 0,0:57:23.80,0:57:26.60,Default,,0000,0000,0000,,soon
Dialogue: 0,0:57:26.60,0:57:29.44,Default,,0000,0000,0000,,uh Dr L shall we start with the
Dialogue: 0,0:57:29.44,0:57:32.12,Default,,0000,0000,0000,,Q&A yes I'm ready
Dialogue: 0,0:57:32.12,0:57:35.32,Default,,0000,0000,0000,,for okay our first question is how to
Dialogue: 0,0:57:35.32,0:57:38.64,Default,,0000,0000,0000,,prove in court of law that the collected
Dialogue: 0,0:57:38.64,0:57:40.84,Default,,0000,0000,0000,,evidence is from the same object and not
Dialogue: 0,0:57:40.84,0:57:43.16,Default,,0000,0000,0000,,collected from any other
Dialogue: 0,0:57:43.16,0:57:46.40,Default,,0000,0000,0000,,object this is a very important question
Dialogue: 0,0:57:46.40,0:57:48.72,Default,,0000,0000,0000,,I really appreciate the clarification on
Dialogue: 0,0:57:48.72,0:57:51.64,Default,,0000,0000,0000,,this topic as I said we have to be very
Dialogue: 0,0:57:51.64,0:57:53.52,Default,,0000,0000,0000,,careful about the way we collect the
Dialogue: 0,0:57:53.52,0:57:56.40,Default,,0000,0000,0000,,data when we are talking about objects
Dialogue: 0,0:57:56.40,0:57:59.76,Default,,0000,0000,0000,,objects are associated to bits not to
Dialogue: 0,0:57:59.76,0:58:02.36,Default,,0000,0000,0000,,bikes only but Bits And as I mention
Dialogue: 0,0:58:02.36,0:58:05.76,Default,,0000,0000,0000,,multiple times when we do the copy of
Dialogue: 0,0:58:05.76,0:58:08.68,Default,,0000,0000,0000,,the original data we want to make sure
Dialogue: 0,0:58:08.68,0:58:11.96,Default,,0000,0000,0000,,that we always do bit by bit when you do
Dialogue: 0,0:58:11.96,0:58:16.64,Default,,0000,0000,0000,,bit by bit and not B by B because a bit
Dialogue: 0,0:58:16.64,0:58:21.60,Default,,0000,0000,0000,,implies up to 3.4 volts in electricity
Dialogue: 0,0:58:21.60,0:58:24.12,Default,,0000,0000,0000,,we are eliminating the possibility of
Dialogue: 0,0:58:24.12,0:58:27.84,Default,,0000,0000,0000,,mistake objects are bigger a bit do not
Dialogue: 0,0:58:27.84,0:58:31.04,Default,,0000,0000,0000,,constitute an object objects are formed
Dialogue: 0,0:58:31.04,0:58:34.20,Default,,0000,0000,0000,,by multiple bits this is why we have to
Dialogue: 0,0:58:34.20,0:58:37.04,Default,,0000,0000,0000,,do the analysis bit by bit and I
Dialogue: 0,0:58:37.04,0:58:40.24,Default,,0000,0000,0000,,mentioned that multiple
Dialogue: 0,0:58:42.08,0:58:44.20,Default,,0000,0000,0000,,times thank you for answering that
Dialogue: 0,0:58:44.20,0:58:46.52,Default,,0000,0000,0000,,question our next question is what kind
Dialogue: 0,0:58:46.52,0:58:48.84,Default,,0000,0000,0000,,of forensic data can we obtain from the
Dialogue: 0,0:58:48.84,0:58:51.04,Default,,0000,0000,0000,,encrypted data where the key is not
Dialogue: 0,0:58:51.04,0:58:53.72,Default,,0000,0000,0000,,available to decrypt the
Dialogue: 0,0:58:53.72,0:58:58.28,Default,,0000,0000,0000,,data could you please repeat the
Dialogue: 0,0:58:58.52,0:59:01.52,Default,,0000,0000,0000,,question what kind of forensic data can
Dialogue: 0,0:59:01.52,0:59:04.08,Default,,0000,0000,0000,,be obtained from the encrypted data
Dialogue: 0,0:59:04.08,0:59:05.88,Default,,0000,0000,0000,,where the key is not available to
Dialogue: 0,0:59:05.88,0:59:08.60,Default,,0000,0000,0000,,decrypt the
Dialogue: 0,0:59:09.32,0:59:13.04,Default,,0000,0000,0000,,data you encryp
Dialogue: 0,0:59:13.04,0:59:16.12,Default,,0000,0000,0000,,data uh I'll just P the question to you
Dialogue: 0,0:59:16.12,0:59:19.60,Default,,0000,0000,0000,,on chat uh Dr
Dialogue: 0,0:59:19.60,0:59:23.20,Default,,0000,0000,0000,,Ls I'm not watching the chat right now
Dialogue: 0,0:59:23.20,0:59:26.64,Default,,0000,0000,0000,,something happened
Dialogue: 0,0:59:28.32,0:59:30.36,Default,,0000,0000,0000,,I'm not watching the
Dialogue: 0,0:59:30.36,0:59:34.68,Default,,0000,0000,0000,,shat sorry H long hello hello hello can
Dialogue: 0,0:59:34.68,0:59:35.96,Default,,0000,0000,0000,,you hear
Dialogue: 0,0:59:35.96,0:59:39.96,Default,,0000,0000,0000,,me yes I can hear you yes I have posted
Dialogue: 0,0:59:39.96,0:59:43.44,Default,,0000,0000,0000,,the question on the chat Dr leis okay
Dialogue: 0,0:59:43.44,0:59:47.48,Default,,0000,0000,0000,,okay please yes I have already pasted
Dialogue: 0,0:59:47.48,0:59:50.60,Default,,0000,0000,0000,,okay let me check
Dialogue: 0,0:59:53.64,0:59:56.40,Default,,0000,0000,0000,,here
Dialogue: 0,0:59:56.40,0:59:59.68,Default,,0000,0000,0000,,okay give me a second okay what kind of
Dialogue: 0,0:59:59.68,1:00:01.40,Default,,0000,0000,0000,,forensic data can be obtained from
Dialogue: 0,1:00:01.40,1:00:04.80,Default,,0000,0000,0000,,encrypted data oh okay okay well this is
Dialogue: 0,1:00:04.80,1:00:07.24,Default,,0000,0000,0000,,another misperception okay everybody
Dialogue: 0,1:00:07.24,1:00:09.80,Default,,0000,0000,0000,,knows that when the data is encrypted we
Dialogue: 0,1:00:09.80,1:00:12.64,Default,,0000,0000,0000,,cannot open the data or the particular
Dialogue: 0,1:00:12.64,1:00:16.08,Default,,0000,0000,0000,,file document video any kind of Digital
Dialogue: 0,1:00:16.08,1:00:18.52,Default,,0000,0000,0000,,forening Data let me tell you something
Dialogue: 0,1:00:18.52,1:00:21.00,Default,,0000,0000,0000,,there are multiple forensic tools that
Dialogue: 0,1:00:21.00,1:00:23.60,Default,,0000,0000,0000,,have the ability to decrypt the data
Dialogue: 0,1:00:23.60,1:00:26.08,Default,,0000,0000,0000,,even when we don't have the key this and
Dialogue: 0,1:00:26.08,1:00:28.64,Default,,0000,0000,0000,,I understand the key component and I
Dialogue: 0,1:00:28.64,1:00:30.04,Default,,0000,0000,0000,,understand that the two type of
Dialogue: 0,1:00:30.04,1:00:32.60,Default,,0000,0000,0000,,encryptions symmetric and asymmetric and
Dialogue: 0,1:00:32.60,1:00:34.76,Default,,0000,0000,0000,,as I said I have multiple Publications
Dialogue: 0,1:00:34.76,1:00:35.96,Default,,0000,0000,0000,,about
Dialogue: 0,1:00:35.96,1:00:40.16,Default,,0000,0000,0000,,encryption ER but there is most likely
Dialogue: 0,1:00:40.16,1:00:43.84,Default,,0000,0000,0000,,always the possibility to encrypt data
Dialogue: 0,1:00:43.84,1:00:47.48,Default,,0000,0000,0000,,without having the encryption key I
Dialogue: 0,1:00:47.48,1:00:49.56,Default,,0000,0000,0000,,understand that it doesn't sounds
Dialogue: 0,1:00:49.56,1:00:52.28,Default,,0000,0000,0000,,popular it's not what we hear every
Dialogue: 0,1:00:52.28,1:00:55.16,Default,,0000,0000,0000,,single time but when we spend specialize
Dialogue: 0,1:00:55.16,1:00:58.52,Default,,0000,0000,0000,,on digital forensic we have usually the
Dialogue: 0,1:00:58.52,1:01:01.84,Default,,0000,0000,0000,,tools we need to decrypt the data
Dialogue: 0,1:01:01.84,1:01:04.32,Default,,0000,0000,0000,,especially if you are using artificial
Dialogue: 0,1:01:04.32,1:01:07.40,Default,,0000,0000,0000,,intelligence also in the government at
Dialogue: 0,1:01:07.40,1:01:09.28,Default,,0000,0000,0000,,least in the US government in my
Dialogue: 0,1:01:09.28,1:01:12.16,Default,,0000,0000,0000,,operation in the operation I direct I
Dialogue: 0,1:01:12.16,1:01:14.64,Default,,0000,0000,0000,,handle I supervise we are using
Dialogue: 0,1:01:14.64,1:01:16.48,Default,,0000,0000,0000,,artificial intelligence for multiple
Dialogue: 0,1:01:16.48,1:01:19.60,Default,,0000,0000,0000,,things in cyber security since
Dialogue: 0,1:01:19.60,1:01:22.32,Default,,0000,0000,0000,,2017 and we are also using Quantum
Dialogue: 0,1:01:22.32,1:01:24.76,Default,,0000,0000,0000,,Computing Quantum Computing is not not
Dialogue: 0,1:01:24.76,1:01:28.84,Default,,0000,0000,0000,,coming quantum computer is in use in the
Dialogue: 0,1:01:28.84,1:01:31.56,Default,,0000,0000,0000,,US government for years now so we are
Dialogue: 0,1:01:31.56,1:01:34.52,Default,,0000,0000,0000,,using Quantum Computing for years there
Dialogue: 0,1:01:34.52,1:01:37.32,Default,,0000,0000,0000,,are multiple ways to decrypt the data
Dialogue: 0,1:01:37.32,1:01:40.64,Default,,0000,0000,0000,,when the encryption key is not available
Dialogue: 0,1:01:40.64,1:01:42.72,Default,,0000,0000,0000,,multiple ways multiple applications as
Dialogue: 0,1:01:42.72,1:01:45.32,Default,,0000,0000,0000,,well that help with the process it's
Dialogue: 0,1:01:45.32,1:01:47.80,Default,,0000,0000,0000,,very time consuming but there is a
Dialogue: 0,1:01:47.80,1:01:50.76,Default,,0000,0000,0000,,possibility for that and this is a great
Dialogue: 0,1:01:50.76,1:01:53.24,Default,,0000,0000,0000,,question because the question is okay
Dialogue: 0,1:01:53.24,1:01:55.56,Default,,0000,0000,0000,,how about the hard drive is encrypted
Dialogue: 0,1:01:55.56,1:01:57.76,Default,,0000,0000,0000,,there is nothing that I can do right no
Dialogue: 0,1:01:57.76,1:02:00.00,Default,,0000,0000,0000,,this is not like that there is always
Dialogue: 0,1:02:00.00,1:02:02.48,Default,,0000,0000,0000,,ways to decrypt the data always it
Dialogue: 0,1:02:02.48,1:02:04.92,Default,,0000,0000,0000,,doesn't matter how strong the encryption
Dialogue: 0,1:02:04.92,1:02:06.96,Default,,0000,0000,0000,,is but you need to have the appropriate
Dialogue: 0,1:02:06.96,1:02:09.64,Default,,0000,0000,0000,,tools of place for example I'm going to
Dialogue: 0,1:02:09.64,1:02:13.32,Default,,0000,0000,0000,,mention just one in case when I present
Dialogue: 0,1:02:13.32,1:02:17.32,Default,,0000,0000,0000,,this some tools that I suggest before I
Dialogue: 0,1:02:17.32,1:02:20.84,Default,,0000,0000,0000,,said that in case is very expensive in
Dialogue: 0,1:02:20.84,1:02:24.08,Default,,0000,0000,0000,,case do magic between quotation man in
Dialogue: 0,1:02:24.08,1:02:26.24,Default,,0000,0000,0000,,case do multiple things that we don't
Dialogue: 0,1:02:26.24,1:02:28.80,Default,,0000,0000,0000,,learn in the school
Dialogue: 0,1:02:28.80,1:02:31.76,Default,,0000,0000,0000,,okay so I can see the other question
Dialogue: 0,1:02:31.76,1:02:33.84,Default,,0000,0000,0000,,here how to adapt to investigation in
Dialogue: 0,1:02:33.84,1:02:35.88,Default,,0000,0000,0000,,the cloud since the clouds provided do
Dialogue: 0,1:02:35.88,1:02:38.16,Default,,0000,0000,0000,,not allow most of important operation to
Dialogue: 0,1:02:38.16,1:02:41.52,Default,,0000,0000,0000,,access media when you have to do a case
Dialogue: 0,1:02:41.52,1:02:45.40,Default,,0000,0000,0000,,or conduct digital forensic in the cloud
Dialogue: 0,1:02:45.40,1:02:48.80,Default,,0000,0000,0000,,the cloud providers 99% of the time I
Dialogue: 0,1:02:48.80,1:02:50.52,Default,,0000,0000,0000,,don't want to say 100 because I don't
Dialogue: 0,1:02:50.52,1:02:52.96,Default,,0000,0000,0000,,want to risk on that but usually the
Dialogue: 0,1:02:52.96,1:02:56.48,Default,,0000,0000,0000,,cloud providers include in the SLA in
Dialogue: 0,1:02:56.48,1:02:58.52,Default,,0000,0000,0000,,the service level agreement what is
Dialogue: 0,1:02:58.52,1:03:01.60,Default,,0000,0000,0000,,going to happen if a digital forensic or
Dialogue: 0,1:03:01.60,1:03:04.16,Default,,0000,0000,0000,,any kind of Investigation needs to do
Dialogue: 0,1:03:04.16,1:03:08.08,Default,,0000,0000,0000,,needs to be performed in the cloud space
Dialogue: 0,1:03:08.08,1:03:11.08,Default,,0000,0000,0000,,so most likely the cloud operator is
Dialogue: 0,1:03:11.08,1:03:13.60,Default,,0000,0000,0000,,going to facilitate access to everything
Dialogue: 0,1:03:13.60,1:03:16.36,Default,,0000,0000,0000,,you need sometime you have to move and
Dialogue: 0,1:03:16.36,1:03:19.32,Default,,0000,0000,0000,,go physically to the place in which the
Dialogue: 0,1:03:19.32,1:03:20.96,Default,,0000,0000,0000,,data is
Dialogue: 0,1:03:20.96,1:03:23.48,Default,,0000,0000,0000,,host don't believe that the cloud
Dialogue: 0,1:03:23.48,1:03:25.64,Default,,0000,0000,0000,,provider doesn't know where the data is
Dialogue: 0,1:03:25.64,1:03:28.92,Default,,0000,0000,0000,,host we know where the data is host
Dialogue: 0,1:03:28.92,1:03:31.40,Default,,0000,0000,0000,,specifically I have been in San Diego
Dialogue: 0,1:03:31.40,1:03:34.12,Default,,0000,0000,0000,,California and another States in Hawaii
Dialogue: 0,1:03:34.12,1:03:35.80,Default,,0000,0000,0000,,back in
Dialogue: 0,1:03:35.80,1:03:38.44,Default,,0000,0000,0000,,2019 as well doing forensic
Dialogue: 0,1:03:38.44,1:03:40.84,Default,,0000,0000,0000,,investigation in a cloud environment it
Dialogue: 0,1:03:40.84,1:03:43.08,Default,,0000,0000,0000,,was actually for something government
Dialogue: 0,1:03:43.08,1:03:46.48,Default,,0000,0000,0000,,related and I was given the permission I
Dialogue: 0,1:03:46.48,1:03:49.28,Default,,0000,0000,0000,,need to do any kind of Investigation so
Dialogue: 0,1:03:49.28,1:03:52.00,Default,,0000,0000,0000,,Cloud providers facilitate forensic
Dialogue: 0,1:03:52.00,1:03:54.64,Default,,0000,0000,0000,,analysis because forensic analysis are
Dialogue: 0,1:03:54.64,1:03:58.08,Default,,0000,0000,0000,,usually related to legal cases there are
Dialogue: 0,1:03:58.08,1:04:01.04,Default,,0000,0000,0000,,multiple cases in which in USA we don't
Dialogue: 0,1:04:01.04,1:04:02.76,Default,,0000,0000,0000,,have access to this data and I'm going
Dialogue: 0,1:04:02.76,1:04:06.60,Default,,0000,0000,0000,,to mention an example Tik Tok Tik Tok
Dialogue: 0,1:04:06.60,1:04:08.64,Default,,0000,0000,0000,,the problem between the US government
Dialogue: 0,1:04:08.64,1:04:11.84,Default,,0000,0000,0000,,and Tik Tok is that when Tik Tok get the
Dialogue: 0,1:04:11.84,1:04:14.84,Default,,0000,0000,0000,,authorization to operate in USA the
Dialogue: 0,1:04:14.84,1:04:18.56,Default,,0000,0000,0000,,government was one step behind behind
Dialogue: 0,1:04:18.56,1:04:21.08,Default,,0000,0000,0000,,Okay and we don't regulate Tik Tok at
Dialogue: 0,1:04:21.08,1:04:25.20,Default,,0000,0000,0000,,this point Tik Tok has the ability to
Dialogue: 0,1:04:25.20,1:04:28.28,Default,,0000,0000,0000,,prevent forensic investigation in the
Dialogue: 0,1:04:28.28,1:04:31.40,Default,,0000,0000,0000,,Tik Tok platforms for the US government
Dialogue: 0,1:04:31.40,1:04:34.60,Default,,0000,0000,0000,,cour system or legal system okay but
Dialogue: 0,1:04:34.60,1:04:37.68,Default,,0000,0000,0000,,again usually Cloud providers facilitate
Dialogue: 0,1:04:37.68,1:04:40.76,Default,,0000,0000,0000,,investigation in the cloud 100% they
Dialogue: 0,1:04:40.76,1:04:43.24,Default,,0000,0000,0000,,cooperate in every single manage they
Dialogue: 0,1:04:43.24,1:04:48.00,Default,,0000,0000,0000,,have to facilitate the forensic
Dialogue: 0,1:04:49.80,1:04:51.72,Default,,0000,0000,0000,,investigation thank you for answering
Dialogue: 0,1:04:51.72,1:04:53.88,Default,,0000,0000,0000,,that question uh we'll take last
Dialogue: 0,1:04:53.88,1:04:56.84,Default,,0000,0000,0000,,question for the day uh what is the best
Dialogue: 0,1:04:56.84,1:05:00.28,Default,,0000,0000,0000,,open source free tools for social media
Dialogue: 0,1:05:00.28,1:05:03.56,Default,,0000,0000,0000,,forensics there is no best open source
Dialogue: 0,1:05:03.56,1:05:05.64,Default,,0000,0000,0000,,tool that is a combination of tools
Dialogue: 0,1:05:05.64,1:05:08.56,Default,,0000,0000,0000,,number one digital forensic cannot be
Dialogue: 0,1:05:08.56,1:05:10.64,Default,,0000,0000,0000,,performed categorically speaking with
Dialogue: 0,1:05:10.64,1:05:14.52,Default,,0000,0000,0000,,one or two tools this is a complex time
Dialogue: 0,1:05:14.52,1:05:18.24,Default,,0000,0000,0000,,consuming and expensive process I made
Dialogue: 0,1:05:18.24,1:05:21.16,Default,,0000,0000,0000,,some suggestions it's included in the
Dialogue: 0,1:05:21.16,1:05:26.08,Default,,0000,0000,0000,,slide ER let me see a slide
Dialogue: 0,1:05:27.32,1:05:29.40,Default,,0000,0000,0000,,slide
Dialogue: 0,1:05:29.40,1:05:31.00,Default,,0000,0000,0000,,number
Dialogue: 0,1:05:31.00,1:05:34.12,Default,,0000,0000,0000,,16 okay this is the slide in which I
Dialogue: 0,1:05:34.12,1:05:37.40,Default,,0000,0000,0000,,include in case autopsy the S some of
Dialogue: 0,1:05:37.40,1:05:40.52,Default,,0000,0000,0000,,them are upper cases as I I'm sorry open
Dialogue: 0,1:05:40.52,1:05:43.36,Default,,0000,0000,0000,,source as I mentioned before but there
Dialogue: 0,1:05:43.36,1:05:46.04,Default,,0000,0000,0000,,is not a particular tool or two or three
Dialogue: 0,1:05:46.04,1:05:48.12,Default,,0000,0000,0000,,tools that I will recommend because in
Dialogue: 0,1:05:48.12,1:05:52.32,Default,,0000,0000,0000,,top of that every single forensic
Dialogue: 0,1:05:52.32,1:05:54.64,Default,,0000,0000,0000,,investigation is about the different
Dialogue: 0,1:05:54.64,1:05:57.44,Default,,0000,0000,0000,,process you cannot use the similar tools
Dialogue: 0,1:05:57.44,1:06:00.72,Default,,0000,0000,0000,,this is why there are very at least in
Dialogue: 0,1:06:00.72,1:06:04.40,Default,,0000,0000,0000,,USA very small amount of organizations
Dialogue: 0,1:06:04.40,1:06:07.04,Default,,0000,0000,0000,,companies that specialize in digital
Dialogue: 0,1:06:07.04,1:06:10.44,Default,,0000,0000,0000,,forensic as my company does the reason
Dialogue: 0,1:06:10.44,1:06:13.52,Default,,0000,0000,0000,,why is because between many other things
Dialogue: 0,1:06:13.52,1:06:15.92,Default,,0000,0000,0000,,lack of expertise and
Dialogue: 0,1:06:15.92,1:06:19.24,Default,,0000,0000,0000,,expenses okay so I do not recommend a
Dialogue: 0,1:06:19.24,1:06:21.80,Default,,0000,0000,0000,,particular tool instead the combination
Dialogue: 0,1:06:21.80,1:06:24.44,Default,,0000,0000,0000,,of tools there are multiple open source
Dialogue: 0,1:06:24.44,1:06:27.80,Default,,0000,0000,0000,,I mention a few in a slide number 16 of
Dialogue: 0,1:06:27.80,1:06:30.76,Default,,0000,0000,0000,,my PowerPoint presentation but again
Dialogue: 0,1:06:30.76,1:06:33.28,Default,,0000,0000,0000,,those are not sufficient those are the
Dialogue: 0,1:06:33.28,1:06:35.56,Default,,0000,0000,0000,,most popular and
Dialogue: 0,1:06:35.56,1:06:39.48,Default,,0000,0000,0000,,strong ER more accurate uh tools that
Dialogue: 0,1:06:39.48,1:06:41.76,Default,,0000,0000,0000,,you can use for digital forensic but a
Dialogue: 0,1:06:41.76,1:06:43.68,Default,,0000,0000,0000,,particular tool one or two to do
Dialogue: 0,1:06:43.68,1:06:47.16,Default,,0000,0000,0000,,forensic investigation it doesn't exist
Dialogue: 0,1:06:47.16,1:06:49.84,Default,,0000,0000,0000,,is impossible
Dialogue: 0,1:06:51.72,1:06:54.04,Default,,0000,0000,0000,,doesn't thank you again to our wonderful
Dialogue: 0,1:06:54.04,1:06:56.00,Default,,0000,0000,0000,,speaker Dr Lewis for answering those
Dialogue: 0,1:06:56.00,1:06:57.96,Default,,0000,0000,0000,,questions and for the great presentation
Dialogue: 0,1:06:57.96,1:06:59.72,Default,,0000,0000,0000,,and knowledge shared with our Global
Dialogue: 0,1:06:59.72,1:07:01.72,Default,,0000,0000,0000,,audiences it was a pleasure to have you
Dialogue: 0,1:07:01.72,1:07:03.56,Default,,0000,0000,0000,,with us and we are looking for more and
Dialogue: 0,1:07:03.56,1:07:05.20,Default,,0000,0000,0000,,more sessions with you before we
Dialogue: 0,1:07:05.20,1:07:06.88,Default,,0000,0000,0000,,conclude the webinar Dr LS would you
Dialogue: 0,1:07:06.88,1:07:08.24,Default,,0000,0000,0000,,like to give a small message to our
Dialogue: 0,1:07:08.24,1:07:10.68,Default,,0000,0000,0000,,audiences
Dialogue: 0,1:07:10.68,1:07:14.16,Default,,0000,0000,0000,,please well no just want to thanks
Dialogue: 0,1:07:14.16,1:07:16.76,Default,,0000,0000,0000,,everybody again the one that work
Dialogue: 0,1:07:16.76,1:07:21.16,Default,,0000,0000,0000,,tiously behind the presentation to you
Dialogue: 0,1:07:21.16,1:07:23.56,Default,,0000,0000,0000,,in e Council as always thank you very
Dialogue: 0,1:07:23.56,1:07:25.44,Default,,0000,0000,0000,,much for the support for all the
Dialogue: 0,1:07:25.44,1:07:28.00,Default,,0000,0000,0000,,attendees I hope you learn something new
Dialogue: 0,1:07:28.00,1:07:31.56,Default,,0000,0000,0000,,let me clarify that every single content
Dialogue: 0,1:07:31.56,1:07:34.16,Default,,0000,0000,0000,,wording words Etc that I have been
Dialogue: 0,1:07:34.16,1:07:36.56,Default,,0000,0000,0000,,presenting for you is my original
Dialogue: 0,1:07:36.56,1:07:39.12,Default,,0000,0000,0000,,creation 100% not
Dialogue: 0,1:07:39.12,1:07:42.92,Default,,0000,0000,0000,,99.99 but 100% categorically speaking
Dialogue: 0,1:07:42.92,1:07:44.96,Default,,0000,0000,0000,,and I put together those notes and
Dialogue: 0,1:07:44.96,1:07:47.96,Default,,0000,0000,0000,,reflection for you guys with the hope
Dialogue: 0,1:07:47.96,1:07:49.44,Default,,0000,0000,0000,,that you can come back to your
Dialogue: 0,1:07:49.44,1:07:52.36,Default,,0000,0000,0000,,organization and ser better that you can
Dialogue: 0,1:07:52.36,1:07:54.76,Default,,0000,0000,0000,,become a public servant
Dialogue: 0,1:07:54.76,1:07:57.12,Default,,0000,0000,0000,,ER and go to the court and testify in
Dialogue: 0,1:07:57.12,1:08:00.80,Default,,0000,0000,0000,,favor of the park that deserve your
Dialogue: 0,1:08:00.80,1:08:03.60,Default,,0000,0000,0000,,benefits and I sincerely thank you for
Dialogue: 0,1:08:03.60,1:08:05.60,Default,,0000,0000,0000,,the opportunity to share my expertise
Dialogue: 0,1:08:05.60,1:08:08.64,Default,,0000,0000,0000,,with you guys have a nice weekend okay
Dialogue: 0,1:08:08.64,1:08:10.20,Default,,0000,0000,0000,,thank you very much for the time in
Dialogue: 0,1:08:10.20,1:08:13.16,Default,,0000,0000,0000,,question thank you so
Dialogue: 0,1:08:14.28,1:08:16.92,Default,,0000,0000,0000,,much thank you so much Dr Louis for your
Dialogue: 0,1:08:16.92,1:08:19.12,Default,,0000,0000,0000,,message before we end the session I
Dialogue: 0,1:08:19.12,1:08:20.48,Default,,0000,0000,0000,,would like to announce the next cyber
Dialogue: 0,1:08:20.48,1:08:23.04,Default,,0000,0000,0000,,talk session why are strong foundational
Dialogue: 0,1:08:23.04,1:08:24.76,Default,,0000,0000,0000,,cyber securities skills essential for
Dialogue: 0,1:08:24.76,1:08:26.96,Default,,0000,0000,0000,,every IT professional which is scheduled
Dialogue: 0,1:08:26.96,1:08:29.28,Default,,0000,0000,0000,,on November 8 2023 this session is an
Dialogue: 0,1:08:29.28,1:08:31.44,Default,,0000,0000,0000,,export presentation by Roger Smith
Dialogue: 0,1:08:31.44,1:08:34.28,Default,,0000,0000,0000,,director car Managed IT industry fellow
Dialogue: 0,1:08:34.28,1:08:36.72,Default,,0000,0000,0000,,at Australian Defense Force Academy to
Dialogue: 0,1:08:36.72,1:08:38.36,Default,,0000,0000,0000,,register for this session please do go
Dialogue: 0,1:08:38.36,1:08:40.40,Default,,0000,0000,0000,,visit our website
Dialogue: 0,1:08:40.40,1:08:43.44,Default,,0000,0000,0000,,www.ccu.edu cybert talks the link is
Dialogue: 0,1:08:43.44,1:08:45.28,Default,,0000,0000,0000,,given in the chat section hope to see
Dialogue: 0,1:08:45.28,1:08:48.00,Default,,0000,0000,0000,,you all on November 8th with this VN the
Dialogue: 0,1:08:48.00,1:08:49.88,Default,,0000,0000,0000,,session with this you may disconnect
Dialogue: 0,1:08:49.88,1:08:52.08,Default,,0000,0000,0000,,your lines thank you thank you so much
Dialogue: 0,1:08:52.08,1:08:55.24,Default,,0000,0000,0000,,Dr leis pleasure having you
Dialogue: 0,1:08:55.24,1:08:57.32,Default,,0000,0000,0000,,likewise thank you very much for the
Dialogue: 0,1:08:57.32,1:09:01.92,Default,,0000,0000,0000,,opportunity thank you have a good day