Digital Forensics Best Practices: From Data Acquisition to Analysis

Rollback to version 2

0:00 - 0:02

Hello everyone, and welcome to today's
0:02 - 0:06

session digital forensics, best practices
0:06 - 0:09

from data acquisition to analysis. I'm
0:09 - 0:11

Shilpago Swami and I'll be your host
0:11 - 0:13

for the day. Before we get
0:13 - 0:16

started, we would like to go over a few
0:16 - 0:18

house rules for our attendees. The
0:18 - 0:20

session will be in listen only mode and
0:20 - 0:23

will last for an hour, out of which the
0:23 - 0:26

last 15 minutes will be dedicated to Q&A.
0:26 - 0:28

If you have any questions during the
0:28 - 0:31

webinar to our organizers or our
0:31 - 0:34

speakers, use the Q&A window also if you
0:34 - 0:36

face any audio, video challenges, please
0:36 - 0:38

check your internet connections or you
0:38 - 0:41

may log out and log in again. An
0:41 - 0:44

important announcement for our audiences,
0:44 - 0:46

we have initiated CPE credit
0:46 - 0:49

certificates for our participants, and to
0:49 - 0:51

qualify for one attendees are required
0:51 - 0:54

to attend the entire webinar and then
0:54 - 0:58

send an email to cyber talks at e
0:58 - 1:01

council.org, after which our team will
1:01 - 1:04

issue the CPE certificate. Also, we would
1:04 - 1:06

like to announce our audiences about the
1:06 - 1:09

special handouts take the screenshot of
1:09 - 1:11

the running webinar, and post in your
1:11 - 1:15

social media LinkedIn or Twitter tagging
1:15 - 1:18

EC counil and #cybertalks, we will
1:18 - 1:21

share free handouts to first 15
1:21 - 1:24

audiences as a commitment to closing the
1:24 - 1:27

cyber security Workforce Gap by creating
1:27 - 1:30

multi-domain cyber technicians e-Council
1:30 - 1:35

pledges, $3.5 million dollar towards, CCT
1:35 - 1:37

education and certification scholarship
1:37 - 1:40

to certify approximately 10,000 cyber
1:40 - 1:43

professionals ready to contribute to the
1:43 - 1:45

industry. Did you know that you can be
1:45 - 1:46

part of the lucrative cyber security
1:46 - 1:50

industry, even top companies like Google,
1:50 - 1:54

Microsoft, Amazon, IBM, Facebook, and Dell
1:54 - 1:56

all hire cyber security professionals,
1:56 - 1:59

the cyber security industry has a 0%
1:59 - 2:00

unemployment rate. The, the average salary
2:00 - 2:02

for an entry-level cyber security job is
2:02 - 2:05

about $100,000 per year in the United
2:05 - 2:07

States. Furthermore, you don't need to
2:07 - 2:10

know coding and learn from your home and
2:10 - 2:11

you get a scholarship to Kickstart your
2:11 - 2:15

career apply. Now, EC council is pledging
2:15 - 2:19

a 3.5 million CCT scholarship for cyber
2:19 - 2:21

security career starters, scan the QR
2:21 - 2:22

code on the screen to apply for the
2:22 - 2:26

scholarship. Fill out the
2:29 - 2:32

form.
2:32 - 2:34

Now about our
2:34 - 2:38

speaker Dr. Lewis. Dr. Lewis Noguerol is the
2:38 - 2:40

information system security officer for
2:40 - 2:44

the US Department of Commerce, no OAA,
2:44 - 2:45

where he oversees a cyber security
2:45 - 2:47

operation for six states in the
2:47 - 2:50

Southeast region. Dr. Lewis is also the
2:50 - 2:52

president, and CEO of the advanced
2:52 - 2:54

division of informatics and
2:54 - 2:58

Technology Inc. A company that focuses on
2:58 - 3:01

data recovery digital for forensics and
3:01 - 3:03

penetration. He is a world renowned
3:03 - 3:06

expert in data recovery digital
3:06 - 3:08

forensics and penetration testing. He
3:08 - 3:11

holds multiple globally recognized
3:11 - 3:12

information technology and cyber
3:12 - 3:15

security certifications and accredition,
3:15 - 3:17

and is the recipient of multiple awards
3:17 - 3:19

in technology cyber security and
3:19 - 3:23

mathematics. He currently serves prono as
3:23 - 3:25

an editorial board member reviewer of
3:25 - 3:27

American Journal of Information science
3:27 - 3:30

and technology, and is a member of the
3:30 - 3:32

prestigious high edging professor for
3:32 - 3:34

undergraduate, and graduate programs at
3:34 - 3:37

multiple universities in the US. And as a
3:37 - 3:39

reviewer for the doctoral program at the
3:39 - 3:42

University of Karachi in Pakistan, he is
3:42 - 3:44

the author of multiple cyber security
3:44 - 3:47

publication and articles including cyber
3:47 - 3:50

security issues in blockchain challenges
3:50 - 3:52

and possible solution. And he is one of
3:52 - 3:54

the co-authors and reviewers of the
3:54 - 3:57

worldwide acclaimed book intrusion
3:57 - 3:59

detection
3:59 - 4:01

guide prior to obtaining his doctoral
4:01 - 4:03

degree in information systems and
4:03 - 4:05

Technologies from the University of
4:05 - 4:08

Phoenix. Dr. Lewis earned a bachelor's in
4:08 - 4:12

sciences and radio technical and
4:12 - 4:14

electronic engineering
4:14 - 4:15

bachelor in science in
4:15 - 4:18

telecommunications, and networking and a
4:18 - 4:20

master in science in mathematics and
4:20 - 4:21

computer
4:21 - 4:23

sciences. Without any further delay, I
4:23 - 4:26

would hand over the session to you, Dr.
4:26 - 4:30

Lewis. Thank you very much. Thanks. Okay.
4:30 - 4:33

Good morning, everybody. Good afternoon.
4:33 - 4:35

Good night depending of the specific
4:35 - 4:38

area in which you decide, we are going to
4:38 - 4:40

have an interesting conversation today
4:40 - 4:42

about digital forensic best practice
4:42 - 4:44

from data acquisition to analysis. This
4:44 - 4:47

is the title of the presentation of the
4:47 - 4:51

subject, and I'm more than happy to be
4:51 - 4:53

here with you guys and sharing some of
4:53 - 4:58

my expertise. So let's go and start the
4:58 - 5:01

conference. Okay, she already mentioned
5:01 - 5:03

some of my
5:03 - 5:05

credentials. I have been working in cyber
5:05 - 5:09

security at this point for over 41 years.
5:09 - 5:12

This is on my DNA a topic that I really
5:12 - 5:14

like and respect in love as I cannot
5:14 - 5:17

talk about any other topic in my life
5:17 - 5:21

before we go I have here a segment that
5:21 - 5:24

I put together for you okay digital
5:24 - 5:26

forensic best practice well
5:26 - 5:29

consideration number one just to break
5:29 - 5:31

off the eyes is that in the Lain of
5:31 - 5:35

cyber space where shs dance through ened
5:35 - 5:38

passage and data Whispers it Secrets the
5:38 - 5:42

digital detective emerg This Is Us the
5:42 - 5:44

digital forensic expert clat in lines of
5:44 - 5:48

code and armed with algorithms they seek
5:48 - 5:52

to youing Treasures of through and
5:52 - 5:55

solving anyma cyber crimes with a visual
5:55 - 5:58

magnifying glass this is what we do they
5:58 - 6:01

desect or we desect the digital tapestry
6:01 - 6:04

prevailing the footprints of elusive
6:04 - 6:08

cyber cul this is what cyber forensic or
6:08 - 6:11

digital forensic is about is stroke and
6:11 - 6:14

pixel holds a clue something that we can
6:14 - 6:18

use in our favor and in this mesmerizing
6:18 - 6:23

worlds of the digital era one and zeros
6:23 - 6:26

the app of digital forensic you Falls
6:26 - 6:29

youling the secret of the digital real
6:29 - 6:34

so forensic is about finding evidence
6:34 - 6:36

that can lead to a particular process it
6:36 - 6:39

can be a legal process it can be any
6:39 - 6:41

other kind of process but what is
6:41 - 6:44

digital forensic from my point of view
6:44 - 6:47

well I mention I guess already that I'm
6:47 - 6:50

working in cyber security for 41 years
6:50 - 6:53

my specializations are in penetration
6:53 - 6:55

testing data recovery and digital
6:55 - 6:57

currency have been working for the
6:57 - 6:59

police department at multiple places
6:59 - 7:03

doing digital forensic for l so I try to
7:03 - 7:06

put the easy definition for you from my
7:06 - 7:08

standpoint about what digital forensic
7:08 - 7:12

is digital forensic investigate digital
7:12 - 7:15

devices and electronic data to un cover
7:15 - 7:18

evidence please note that I don't say
7:18 - 7:20

electronic information I use the word
7:20 - 7:22

data
7:22 - 7:24

intentionally understand digital events
7:24 - 7:28

and TR illicit activities this is a key
7:28 - 7:31

component of digital forensic normally
7:31 - 7:34

speaking digital forensic happens of
7:34 - 7:37

course after the facts and the idea of
7:37 - 7:41

digital forensic is identifying phes
7:41 - 7:44

okay that lead to a particular data that
7:44 - 7:46

we can convey together and make a
7:46 - 7:49

conclusion it involves the systematic
7:49 - 7:52

collection preservation analysis and
7:52 - 7:54

presentation of digital evidence IL
7:54 - 7:57

legal proceedings and this is a key
7:57 - 7:59

today because we are technology defend
7:59 - 8:02

then and there are multiple States at
8:02 - 8:05

least in USA in some other countries in
8:05 - 8:07

which digital forensic is still in a
8:07 - 8:10

limbo because it's not accepted in the
8:10 - 8:13

court of law okay so this is very
8:13 - 8:16

important to keep in mind what are we
8:16 - 8:18

going to do from the digital forensic
8:18 - 8:21

standpoint the data collection process
8:21 - 8:23

and the analysis digital forensic
8:23 - 8:26

experts use specialized techniques and
8:26 - 8:29

tools to find out data from computers
8:29 - 8:32

smartphones networks and digital storage
8:32 - 8:35

media to support investigations and
8:35 - 8:38

resolve legal matter so this is
8:38 - 8:41

basically what the digital forensic is
8:41 - 8:43

about let's go and start with the
8:43 - 8:46

technical part which is the topic I like
8:46 - 8:49

more okay let's go and talk about those
8:49 - 8:52

30 best practices that I'm putting
8:52 - 8:54

together for you at the end of the
8:54 - 8:55

presentation you will be having the
8:55 - 8:58

opportunity to ask as many questions as
8:58 - 9:01

you like no number one you have to
9:01 - 9:04

follow the legal and ethical standards
9:04 - 9:06

for this particular first one I am not
9:06 - 9:09

going to make any comment I believe that
9:09 - 9:12

ethics is a component is a key component
9:12 - 9:15

of cyber security expert do we always
9:15 - 9:18

have to follow the rules we always must
9:18 - 9:21

follow the legal procedures in the
9:21 - 9:24

places in which we operate because every
9:24 - 9:27

single place is different component
9:27 - 9:31

number two resar the original evidence
9:31 - 9:33

this is a key okay you always have to
9:33 - 9:35

maintain the Integrity of the original
9:35 - 9:38

evidence to ensure it is admissible in
9:38 - 9:42

court any kind of manipulation any kind
9:42 - 9:46

of modification is going to end in
9:46 - 9:49

disqualification from the court system
9:49 - 9:51

document everything this is something
9:51 - 9:53

that technical people like me doesn't
9:53 - 9:56

like to much but when when it comes to
9:56 - 9:59

digital currency we have to document
9:59 - 10:01

every every single step we do we have to
10:01 - 10:04

do video recording of all the steps we
10:04 - 10:07

follow and we we want to make sure that
10:07 - 10:10

everything is documented and recorded in
10:10 - 10:13

the specific chronological order this is
10:13 - 10:16

a key component as well for the digital
10:16 - 10:19

forensic or investigation to be accepted
10:19 - 10:23

in the law in the code of law secur the
10:23 - 10:26

ass ensure that physical and digital
10:26 - 10:28

crime Maes are secured to prevent
10:28 - 10:30

contamination or
10:30 - 10:33

if you present anything in the court and
10:33 - 10:35

the opposite
10:35 - 10:38

part have the ability to prove that
10:38 - 10:40

something was not preserved the
10:40 - 10:43

conversation is over chain of custody
10:43 - 10:45

and I'm going to repeat that more than
10:45 - 10:48

once during the presentation I'm
10:48 - 10:52

sorry chain of custody is how you
10:52 - 10:53

establish and
10:53 - 10:56

maintain the evidence and the process
10:56 - 10:59

that facilitate how the track of the
10:59 - 11:02

track tring process is handled use right
11:02 - 11:04

blocking tools this is another key
11:04 - 11:07

component of digital forensic it means
11:07 - 11:10

that you have to use the the appropriate
11:10 - 11:12

hardware and software that allows for
11:12 - 11:14

right blockers when you are collecting
11:14 - 11:18

data to prevent alteration there are a
11:18 - 11:20

set of tools you can use and at the end
11:20 - 11:22

of the presentation I'm going to provide
11:22 - 11:26

you with the set of tools a specific set
11:26 - 11:29

of tools you can use as a a right
11:29 - 11:33

blocking tools verifies hashing or hash
11:33 - 11:36

values is how you calculate and compare
11:36 - 11:39

hash values to confirm data Integrity
11:39 - 11:41

there is a confusion about integrity
11:41 - 11:44

confidentiality and availability in
11:44 - 11:47

digital forensic the most important
11:47 - 11:50

component is integrity it means that we
11:50 - 11:53

have to do every single effort to make
11:53 - 11:55

sure that the data is not modified in
11:55 - 11:58

any possible ways from the time we
11:58 - 12:00

arrive to the
12:00 - 12:02

to the time that we present the evidence
12:02 - 12:06

in the Cod and after that as well so the
12:06 - 12:09

other component is collect volatile data
12:09 - 12:13

s okay it it make obviously perfect
12:13 - 12:16

sense so you have to prioritize this
12:16 - 12:18

type of data collection as it can be
12:18 - 12:20

lost or modified when the syst is
12:20 - 12:23

powered down for many of you what I'm
12:23 - 12:25

going to tell you probably is going to
12:25 - 12:28

sound not appropriate and this is the
12:28 - 12:30

following
12:30 - 12:32

assessment we have the perception we
12:32 - 12:34

have been told from the time that we
12:34 - 12:37

arrived to the school and even at work
12:37 - 12:40

that information or data data no
12:40 - 12:43

information data in R memory Random
12:43 - 12:45

Access Memory disappear when the
12:45 - 12:50

computer is shooting down back ER in
12:50 - 12:53

2019 I make a presentation similar to
12:53 - 12:55

this one for this Council as well in
12:55 - 12:58

which I prove that the data in R memory
12:58 - 13:01

can be recover okay so what we have been
13:01 - 13:04

learning in multiple places what you can
13:04 - 13:07

easily find in Google that data in Ram
13:07 - 13:09

is lost when the computer when the
13:09 - 13:12

computers are powered down is not
13:12 - 13:15

exactly correct the other component is
13:15 - 13:17

forensic Imaging you have to create
13:17 - 13:20

forensic image of a storage devices to
13:20 - 13:23

work with copies and always have to
13:23 - 13:25

preser the original evidence this is a
13:25 - 13:30

requirement in the court of law you must
13:30 - 13:33

pres the original evidence every single
13:33 - 13:35

time the other component is the data
13:35 - 13:39

recovery data recovery is very close
13:39 - 13:42

Associated to digital forensic for
13:42 - 13:44

obvious reason okay and you have to
13:44 - 13:47

employ a specialize tools to recover
13:47 - 13:51

deleted or hidden data this is also H
13:51 - 13:54

something to keep in mind and at the end
13:54 - 13:56

I'm going to provide some specific
13:56 - 13:58

applications you can use to do data
13:58 - 14:00

recover
14:00 - 14:03

timeline analysis you have to construct
14:03 - 14:06

and analyze timelines to understand the
14:06 - 14:09

sequence of event what happen first the
14:09 - 14:13

chronological order is a mandatory
14:13 - 14:15

requirement in the court of law you
14:15 - 14:17

cannot provide evidence in the court of
14:17 - 14:20

law in a random manner you have to
14:20 - 14:22

follow the specific chronological order
14:22 - 14:25

the other consideration is preserving
14:25 - 14:28

the metadata ensuring metadata Integrity
14:28 - 14:31

to verify The Source timing and
14:31 - 14:34

authenticity of the digital artifact you
14:34 - 14:36

are going to present in the court of law
14:36 - 14:40

use the non good reference data and it
14:40 - 14:42

means that you have to compare the
14:42 - 14:45

collected the collected data with non
14:45 - 14:47

good reference data to identify
14:47 - 14:51

anomalies this is in statistical process
14:51 - 14:54

statistic mathematic many times you have
14:54 - 14:57

to do to do that as well anti forensic
14:57 - 15:00

awareness you have to be aware of the
15:00 - 15:03

anti-forensic techniques and conent act
15:03 - 15:06

then there are multiple applications
15:06 - 15:09

that work against digital forensic so
15:09 - 15:12

you have to be aware of that and before
15:12 - 15:15

you start the digital forensic
15:15 - 15:19

analysis why you are doing or working in
15:19 - 15:22

the digital forensic data collection
15:22 - 15:24

process you want to make sure that you
15:24 - 15:27

don't have any anti-forensic awareness
15:27 - 15:30

tool install or appli ation in the
15:30 - 15:33

particular host or host in which you are
15:33 - 15:36

going to conduct the investigation other
15:36 - 15:38

very important component is cross
15:38 - 15:41

validation this is what brings actually
15:41 - 15:45

reputation and respect to the data you
15:45 - 15:49

are presenting in the court of law okay
15:49 - 15:51

so the standard operating procedures
15:51 - 15:54

very important component that is many
15:54 - 15:56

times Overlook at and it's about
15:56 - 15:59

developing and follow so be that
15:59 - 16:02

maintain or to maintain consistency this
16:02 - 16:05

is why documentation is key and it was
16:05 - 16:08

presented in a slide number one training
16:08 - 16:11

in certification is other component and
16:11 - 16:13

this is relevant the reason why it's
16:13 - 16:15

relevant I understand that you can learn
16:15 - 16:19

many things by yourself this is becoming
16:19 - 16:22

most popular as we become more
16:22 - 16:25

technology dependent this is normal and
16:25 - 16:28

is expected but certifications still
16:28 - 16:31

having a particular value and there are
16:31 - 16:33

multiple questions in certification
16:33 - 16:37

exams in general terms not only in Easy
16:37 - 16:40

couns certifications or others in which
16:40 - 16:42

most likely if you don't go through the
16:42 - 16:45

certification process you will never
16:45 - 16:47

find out and this is what people said or
16:47 - 16:50

some people said well this is a
16:50 - 16:53

theoretical information digital forensic
16:53 - 16:56

involve a lot of theoretical information
16:56 - 16:58

a lot remember that we are doing the
16:58 - 17:01

analysis is at a low
17:01 - 17:05

level from the technical standpoint so
17:05 - 17:07

theory is extremely important and
17:07 - 17:11

relevant when when we do forensic
17:11 - 17:13

investigation digital forensic the same
17:13 - 17:16

happens with the medical doctors when
17:16 - 17:18

the medical doctors do a forensic
17:18 - 17:20

analysis into a body of somebody that
17:20 - 17:23

pass away they also employ a lot of
17:23 - 17:25

theoretical knowledge they have been
17:25 - 17:28

accumulating digital forensic is not
17:28 - 17:29

different
17:29 - 17:32

the other consideration is the expert
17:32 - 17:35

testimony okay I am for example I live
17:35 - 17:39

in Miami Florida USA and I am one of the
17:39 - 17:43

11 experts certified by the legal system
17:43 - 17:48

in the 11 District meaning that when you
17:48 - 17:50

go to the court you have to be
17:50 - 17:53

classified as an expert in order to
17:53 - 17:58

provide comments and evidence otherwise
17:58 - 18:00

probably you know more than big about
18:00 - 18:02

technology but you will not be able to
18:02 - 18:04

speak in the court because what we said
18:04 - 18:07

in the court is relevant for the case
18:07 - 18:10

and with our wording or statement and
18:10 - 18:13

through the evidence we provide we have
18:13 - 18:16

the ability to put somebody in jail or
18:16 - 18:19

release this person from being in jail
18:19 - 18:23

so this is extremely important okay so
18:23 - 18:26

evidence storage this is one of the most
18:26 - 18:28

important component you oponent in the
18:28 - 18:31

cour or in your company is going to try
18:31 - 18:34

their best in order to Cho down what you
18:34 - 18:36

are presenting so you have to safely
18:36 - 18:39

store and protect evidence to maintains
18:39 - 18:42

its Integrity Integrity is the most
18:42 - 18:45

important characteristic or
18:45 - 18:48

consideration in digital forensic
18:48 - 18:52

without any other close to so Integrity
18:52 - 18:55

is everything in digital forening okay
18:55 - 18:58

data encryption there are multiple cases
18:58 - 19:00

in which is you are going to do digital
19:00 - 19:04

forensic in in encrypted storage devices
19:04 - 19:07

in encrypted data in encrypted
19:07 - 19:11

applications you you need to develop the
19:11 - 19:14

possibility to handle the encrypted data
19:14 - 19:17

and understand ention methods I have
19:17 - 19:19

between the Publications I have I have
19:19 - 19:22

over 25 Publications about different
19:22 - 19:25

topics and Concepts in cyber security a
19:25 - 19:28

few of them probably five or six are
19:28 - 19:31

specifically about encryption if we want
19:31 - 19:35

to do digital forensic we want to become
19:35 - 19:39

data encryption expert there is no other
19:39 - 19:41

ways I understand that multiple people
19:41 - 19:46

doesn't like math statistics physics Etc
19:46 - 19:48

but this is a requirement to do an
19:48 - 19:50

appropriate digital forensic assessment
19:50 - 19:54

is a necessity today okay the other
19:54 - 19:56

consideration and this is for the people
19:56 - 19:59

that love technology like me attend in
19:59 - 20:02

or watching this conference is Network I
20:02 - 20:04

am a big fan of network I have been
20:04 - 20:08

working in network straight for 41 years
20:08 - 20:10

my doctoral degree is in
20:10 - 20:13

telecommunications and cyber security so
20:13 - 20:17

network is on my DNA I love network over
20:17 - 20:20

every other other topic in Information
20:20 - 20:23

Technology network analysis is the
20:23 - 20:25

possibility for you to analyze Network
20:25 - 20:29

traffic logs and data to trace digital
20:29 - 20:31

Footprints I'm pretty sure that
20:31 - 20:34

everybody have a tool on M and of course
20:34 - 20:38

this tool most likely is part of the
20:38 - 20:40

tools that I have been that I'm going to
20:40 - 20:42

provide in the last slide for you guys
20:42 - 20:45

but network analysis today from the
20:45 - 20:47

digital forensic standpoint is
20:47 - 20:50

everything everything is Network related
20:50 - 20:53

one or another way mware analysis we
20:53 - 20:56

need to develop the possibility to
20:56 - 20:59

understand mware behavior and analys
20:59 - 21:03

and how those mwar impact on systems
21:03 - 21:05

this needs to be incorporated as part of
21:05 - 21:08

the cyber security analysis when you
21:08 - 21:11

perform digital forensic today Cloud
21:11 - 21:14

forensic I don't have to highlight how
21:14 - 21:17

important Cloud operation is okay we are
21:17 - 21:20

moving the operation to the cloud and
21:20 - 21:22

for the one that is still having or
21:22 - 21:25

ruling the operation on premise there is
21:25 - 21:27

a high expectation that sooner than
21:27 - 21:29

later to move the operation to the cloud
21:29 - 21:31

multiple convenience but the
21:31 - 21:33

consideration at this point is not the
21:33 - 21:37

benefit of all comes of the cloud from
21:37 - 21:40

the forensic standpoint when you do
21:40 - 21:42

Cloud forensic the situation is little
21:42 - 21:45

different from when you do a
21:45 - 21:48

investigations on premise so you have to
21:48 - 21:51

adapt methodologies for investigating
21:51 - 21:53

data in the cloud in dependently of the
21:53 - 21:56

cloud provided it doesn't matter if this
21:56 - 22:00

is AWS Google assur whoever it is the
22:00 - 22:03

operation in the cloud is somehow
22:03 - 22:05

different from the digital forensic
22:05 - 22:07

standpoint starting from the way you
22:07 - 22:08

access the
22:08 - 22:13

data remote forensic is the opportunity
22:13 - 22:16

to develop a skills for collecting and
22:16 - 22:19

analyzing data from a remote location
22:19 - 22:22

this is happening more frequent now as
22:22 - 22:26

we become more ping work related in
22:26 - 22:29

multiple cases my own company knowing my
22:29 - 22:31

job at the government but on my own
22:31 - 22:34

company I have been doing in the last
22:34 - 22:36

two years three years probably two years
22:36 - 22:40

so at more remote digital forensic that
22:40 - 22:42

probably never before in my life so this
22:42 - 22:45

is an important skill to develop as way
22:45 - 22:48

case management is the way we use
22:48 - 22:50

digital forensic case management to
22:50 - 22:53

organize and investigations I mention to
22:53 - 22:56

you I go to the court very often more
22:56 - 23:00

often than what I want very very often
23:00 - 23:04

okay and they goes and scrutinize every
23:04 - 23:06

single protocol you present every single
23:06 - 23:09

artifact every single document the
23:09 - 23:11

specific chronological order this is a
23:11 - 23:15

complex process it's not only collecting
23:15 - 23:18

the data the digital forensic data doing
23:18 - 23:20

the analysis and going to the court and
23:20 - 23:23

talking okay the process is much more
23:23 - 23:25

complex than this
23:25 - 23:27

collaboration collaborate with other
23:27 - 23:29

experts and I leave one in the middle
23:29 - 23:32

that I'm going to highlight in a few
23:32 - 23:34

collaborate with other experts law
23:34 - 23:37

enforcement or Organization for complex
23:37 - 23:40

cases cases are different in between of
23:40 - 23:42

course this is obvious and I know you
23:42 - 23:45

know that okay but you have some cases
23:45 - 23:47

sometimes in which the forensic analysis
23:47 - 23:50

become very complex on those particular
23:50 - 23:53

cases my advice is collaborate with
23:53 - 23:56

others okay you do better when you work
23:56 - 23:58

as part of the team and not when we work
23:58 - 24:01

independently and I es skip the data
24:01 - 24:04

privacy compliance for a minute because
24:04 - 24:08

this is relevant every single state
24:08 - 24:09

every single no
24:09 - 24:14

exception a state court operate on the
24:14 - 24:16

different requirements so you want to
24:16 - 24:19

make sure that you follow the Privacy
24:19 - 24:23

regulations in your specific place okay
24:23 - 24:25

and by the way I'm going to ask you a
24:25 - 24:27

question I'm not expecting any response
24:27 - 24:30

but the question is by any chance do you
24:30 - 24:33

know the specific digital forensic
24:33 - 24:36

regulations in the place you live ask
24:36 - 24:39

the question yourself and probably some
24:39 - 24:42

of you is going to respond no this is a
24:42 - 24:45

critical thing continuous learning you
24:45 - 24:49

need to F pass for what we do okay cyber
24:49 - 24:52

security is an specialization of it from
24:52 - 24:55

my point of view the most fascinating
24:55 - 24:57

Topic in the world in the planet this is
24:57 - 25:00

the only topic I can talk myself about
25:00 - 25:04

it for 25 hours without drinking water
25:04 - 25:08

this is my life I dedicate multiple
25:08 - 25:10

hours every single day seven days a week
25:10 - 25:13

even when it creates some personal
25:13 - 25:16

problems with my family Etc this is on
25:16 - 25:20

my DNA I encourage each of you if you
25:20 - 25:24

are not doing to dedicate your life to
25:24 - 25:27

become a digital forensic expert digital
25:27 - 25:30

forensic is one of the most fascinating
25:30 - 25:33

topics in the planet okay and you want
25:33 - 25:37

to be atten to this type of things
25:37 - 25:39

report and presentation when you go to
25:39 - 25:41

the court or when you present your
25:41 - 25:44

outcomes of all the digital foric
25:44 - 25:47

outcomes to your organization you want
25:47 - 25:48

to make sure that you use a clear
25:48 - 25:52

language you are concise and you go
25:52 - 25:55

ready for the presentation questions and
25:55 - 25:57

answers you never wants to go to the
25:57 - 25:59

court you prepared okay never in your
25:59 - 26:01

life this is not appropriate because at
26:01 - 26:04

the end your assessment have the
26:04 - 26:08

possibility to put somebody in jail or
26:08 - 26:09

somebody will be fired from the
26:09 - 26:12

organization or not so what we said is
26:12 - 26:16

relevant our wording have a huge impact
26:16 - 26:19

in other people's lives it's important
26:19 - 26:21

to be attentive to that one of the most
26:21 - 26:25

relevant topic that I have been using in
26:25 - 26:28

my practice is the use of artificial
26:28 - 26:31

intelligence in digital forensic since
26:31 - 26:36

2017 this is not a topic that is well
26:36 - 26:39

known at this point the reason why I
26:39 - 26:42

really want to share my experience
26:42 - 26:45

practical experience with you guys
26:45 - 26:48

digital evidence analysis how artificial
26:48 - 26:52

intelligence can help us well everybody
26:52 - 26:55

knows that we have multiple applications
26:55 - 26:58

that we can use in order to analyze
26:58 - 27:00

the different kind of media that can be
27:00 - 27:03

generated as for example text image and
27:03 - 27:06

videos artificial intelligence studes
27:06 - 27:09

have the ability to detect and flag
27:09 - 27:11

potential relevant content for
27:11 - 27:13

investigations especially from the
27:13 - 27:17

timing standpoint digital forensic is
27:17 - 27:20

extremely time consuming very very time
27:20 - 27:23

consuming it's extremely complex this is
27:23 - 27:27

probably along with data recovery the
27:27 - 27:30

most comp Flex specialization in cyber
27:30 - 27:33

security so the use of artificial
27:33 - 27:36

intelligence in our favor is very
27:36 - 27:38

convenient and at the end I'm going to
27:38 - 27:41

include as well or actually I included
27:41 - 27:44

in the list a particular artificial
27:44 - 27:46

intelligence tool that you can use in
27:46 - 27:49

your favor the other use of artificial
27:49 - 27:52

intelligence is par
27:52 - 27:54

recognition artificial intelligence can
27:54 - 27:57

identifies parents in data helping
27:57 - 28:00

investigator recognize anomalies or
28:00 - 28:03

correlations in digital artifacts that
28:03 - 28:06

may indicate the criminal activity and
28:06 - 28:08

out of the whole sentence the most
28:08 - 28:10

important question is the and no
28:10 - 28:12

question what the key word is
28:12 - 28:15

correlation how we correlate data by
28:15 - 28:17

using artificial intelligence the
28:17 - 28:19

process is going to be simplified
28:19 - 28:22

dramatically speaking based of my
28:22 - 28:25

personal experience the other component
28:25 - 28:28

is the NLP this can be used to
28:28 - 28:31

text based evidence including sh logs
28:31 - 28:34

and emails to uncover communication
28:34 - 28:37

patterns or hearing minuts the lot of
28:37 - 28:40

evidence that we collect about
28:40 - 28:44

65% is included in emails chats
28:44 - 28:48

documents Etc so this is when NLP plays
28:48 - 28:50

a predominant role artificial
28:50 - 28:52

intelligence in the digital forensic
28:52 - 28:55

analysis for image and video analysis
28:55 - 28:58

incredible benefits okay you have the
28:58 - 29:00

ability to analyze the multimedia
29:00 - 29:03

content to identify object pH and
29:03 - 29:05

potentially illegal or
29:05 - 29:08

sensitive content I'm sure that a word
29:08 - 29:11

is coming to your mind right now estigo
29:11 - 29:14

yes this is part of the estigo but it's
29:14 - 29:18

not similar of doing atigo by using a
29:18 - 29:20

particular application that when you
29:20 - 29:23

employ artificial intelligence tools
29:23 - 29:25

that are dedicated exclusively for
29:25 - 29:28

digital forensic the benefit is really
29:28 - 29:31

awesome predictive analysis machine
29:31 - 29:34

learning models can predict potential
29:34 - 29:37

areas of interest in an investigation
29:37 - 29:40

guiding forensic expert to focus on
29:40 - 29:42

critical evidence imagine that you are
29:42 - 29:45

analyzing the hard dve that is one
29:45 - 29:49

terabyte okay one terabyte hold a lot of
29:49 - 29:53

documents videos pictures sounds Etc you
29:53 - 29:55

know that okay you know that if you are
29:55 - 29:57

attending these conferences because you
29:57 - 29:59

are very familiar with information
29:59 - 30:03

technology C security digital forensic
30:03 - 30:07

well how you find the specific data un
30:07 - 30:09

need to prove something in the court of
30:09 - 30:12

law well you have to be very careful
30:12 - 30:15

about the pieces of data you pick for
30:15 - 30:18

the analysis otherwise probably your
30:18 - 30:20

assessment is not appropriate and again
30:20 - 30:23

every single word we said in the court
30:23 - 30:26

of law or in the organization that we
30:26 - 30:30

are working for are relevant it implies
30:30 - 30:32

that probably somebody will be in jail
30:32 - 30:35

for 30 years probably somebody if we
30:35 - 30:38

talking about a huge crime like an
30:38 - 30:42

assassination a child pornography abuse
30:42 - 30:45

that implies somebody that die Etc our
30:45 - 30:49

assessment is critical okay we become
30:49 - 30:52

the role of the main role player when
30:52 - 30:54

digital forensic is involved we have to
30:54 - 30:56

be very careful about the way we do it
30:56 - 30:59

this is not a joke is very serious okay
30:59 - 31:01

predictive analysis machine learning
31:01 - 31:04

models or artificial intelligence are
31:04 - 31:06

pretty close in this concept can predict
31:06 - 31:08

potential areas of interest in
31:08 - 31:11

investigation but we talk about that
31:11 - 31:13

detection artificial intelligence
31:13 - 31:16

driving security tools can identify
31:16 - 31:18

cyber threats and potential cyber crime
31:18 - 31:21

activities helping laws en foring cyber
31:21 - 31:24

security things respond effectively and
31:24 - 31:27

proactively more important we all the
31:27 - 31:30

majority of us have multiple tools that
31:30 - 31:31

we call
31:31 - 31:35

Proactive H in our place of work okay we
31:35 - 31:38

have different kind of monitors Etc but
31:38 - 31:40

the possibility to do something in a
31:40 - 31:43

proactive mode is really what we want
31:43 - 31:46

evidence authentication artificial
31:46 - 31:47

intelligence can assist in the
31:47 - 31:49

authentication of digital evidence
31:49 - 31:51

ensuring its integrity and the
31:51 - 31:54

possibility of this data to be admitted
31:54 - 31:57

in cour data recovery artificial
31:57 - 32:00

intelligence help with the recovery of
32:00 - 32:02

the data that have been deleted
32:02 - 32:05

intentionally or un intentionally it
32:05 - 32:07

doesn't matter when we do digital
32:07 - 32:11

forensic we want to have as much data as
32:11 - 32:15

we can that serves to make a case
32:15 - 32:18

against a particular party from the
32:18 - 32:20

malware analysis standpoint the dig the
32:20 - 32:23

artificial intelligence bring a lot of
32:23 - 32:26

speed and this is needed because again
32:26 - 32:29

you are looking for needle in a ton of
32:29 - 32:33

water okay or in a tone of sand and this
32:33 - 32:36

is very complex from the network
32:36 - 32:38

forensic standpoint we are customed to
32:38 - 32:41

use tools as for example wih everybody
32:41 - 32:44

knows wih and I know that well anyways
32:44 - 32:47

there are so specific artificial
32:47 - 32:49

intelligence tools for Network forensic
32:49 - 32:53

analysis nowadays and I included two of
32:53 - 32:56

those tools in the list in in the last
32:56 - 32:59

slide automated trace this is one of the
32:59 - 33:02

most important consideration for you to
33:02 - 33:04

consider artificial intelligence in the
33:04 - 33:08

digital forensic speed okay it basically
33:08 - 33:11

this is the possibility to do
33:11 - 33:16

correlation between large data sets case
33:16 - 33:18

priori artificial intelligence can
33:18 - 33:20

assist investigators in priority
33:20 - 33:24

prioritizing cases based on factors like
33:24 - 33:26

severity potential impact or resource
33:26 - 33:29

allocation and it means timing
33:29 - 33:32

predictive policing super important
33:32 - 33:35

because until today digital forensic is
33:35 - 33:38

always reacted more we react to
33:38 - 33:41

something that happen the possibility to
33:41 - 33:44

make predictions in digital forensic is
33:44 - 33:47

fantastic it never happened before this
33:47 - 33:49

is new at least for me I start using
33:49 - 33:52

artificial intelligence back on my own
33:52 - 33:55

company 2017 and I have been able to use
33:55 - 33:56

that in
33:56 - 33:59

multiple cases for the police department
33:59 - 34:03

in Miami and another two cities in
34:03 - 34:07

Florida Tampa in St Petersburg and the
34:07 - 34:09

result have been amazing document
34:09 - 34:12

analysis you know that NLP can extract
34:12 - 34:15

information from documents and analyze
34:15 - 34:17

sexual content for investigations
34:17 - 34:19

artificial intelligence minimize
34:19 - 34:21

dramatically speaking the time needed
34:21 - 34:25

for that emotional recognition everybody
34:25 - 34:28

knows what happened with the desp
34:28 - 34:32

algorithms okay so we can use artificial
34:32 - 34:34

intelligence basically to analyze videos
34:34 - 34:38

which is awesome because our eyes our
34:38 - 34:40

muscles in our eyes doesn't have the
34:40 - 34:43

ability to lie we can lie when we speak
34:43 - 34:46

or we can try but the eyes the reaction
34:46 - 34:49

to a particular stimulus cannot be high
34:49 - 34:52

or cannot be modified so this is unique
34:52 - 34:54

from the data privacy and compliance
34:54 - 34:57

also you have the ability to out autom
34:57 - 35:00

attic to automate B
35:00 - 35:03

automate the specific data you want to
35:03 - 35:07

include as part of your report okay now
35:07 - 35:09

digital forensic data acquisition step
35:09 - 35:12

from my standpoint after 41 years
35:12 - 35:15

preservation we already talk about this
35:15 - 35:18

documentation preservation is integrity
35:18 - 35:21

okay this is the most important
35:21 - 35:24

consideration categorically speaking in
35:24 - 35:26

any kind of digital forensic
35:26 - 35:28

investigation you have to preserve the
35:28 - 35:31

data as it is and remember you never use
35:31 - 35:33

the original data for your forensic
35:33 - 35:37

analysis never you always use copy and
35:37 - 35:40

to do copies you have to use a bit by
35:40 - 35:43

bit applications bit by bit you cannot
35:43 - 35:47

copy bites or you cannot copy even data
35:47 - 35:49

and forget it about information so
35:49 - 35:52

preservation is the most important thing
35:52 - 35:55

documentation we already know that
35:55 - 35:57

everything needs to be documented okay
35:57 - 36:00

from the crime machine office to the
36:00 - 36:03

last Point chain of custody one more
36:03 - 36:05

time and I guess that I'm I'm going to
36:05 - 36:07

mention this one more time because gain
36:07 - 36:10

of custody means or opens the door for
36:10 - 36:13

you to present a case in the court of
36:13 - 36:17

law or to basically have the ability in
36:17 - 36:20

your organization to prove that what you
36:20 - 36:23

are presenting is appropriate you have
36:23 - 36:26

to plan how are you going to collect the
36:26 - 36:29

data you have to plan with anticipation
36:29 - 36:32

the specific tools you are going to use
36:32 - 36:35

what methods are you going to consider
36:35 - 36:37

in your data collection process this is
36:37 - 36:40

relevant and you always have to consider
36:40 - 36:44

the coms coms is probably more important
36:44 - 36:48

than PR when you select or decided to
36:48 - 36:51

use a particular application for the
36:51 - 36:54

data acquisition you always want to
36:54 - 36:57

focus on the negative people usually
36:57 - 37:00

tends to talk about the positive oh I
37:00 - 37:02

like why the Shar because this and that
37:02 - 37:04

it's better that you focus on the
37:04 - 37:07

negative in Information Technology
37:07 - 37:10

everything has cross and comes no
37:10 - 37:13

exceptions exceptions do not exist there
37:13 - 37:17

is not one exception everything positive
37:17 - 37:19

have something negative in information
37:19 - 37:21

technology and this is what you want to
37:21 - 37:25

focus on it to avoid problems at the end
37:25 - 37:28

Okay so
37:28 - 37:30

how about the verification process you
37:30 - 37:34

have to verify before you work with the
37:34 - 37:37

real data that the tools and methods you
37:37 - 37:40

selected work okay you never want to
37:40 - 37:43

mess up with the original data needed
37:43 - 37:45

with a copy you want to test in a test
37:45 - 37:48

environment your tools your methods your
37:48 - 37:50

approach the steps you are going to
37:50 - 37:53

follow is very time consuming it is but
37:53 - 37:57

by the way it's also very well paid is
37:57 - 37:59

very well paid the only thing I can tell
37:59 - 38:01

you that it's very well paid you have no
38:01 - 38:04

idea if you become a cyber security
38:04 - 38:07

expert and specialize in digital
38:07 - 38:11

forensic this is where the money is and
38:11 - 38:13

trust me this is where the money is okay
38:13 - 38:18

I'm telling you first person duplication
38:18 - 38:21

we talk about that already the only way
38:21 - 38:24

to do that is by creating bit forbit
38:24 - 38:27

image there is no other ways okay this
38:27 - 38:30

is why you you want to use PR blocking
38:30 - 38:32

devices software and Hardware I
38:32 - 38:35

mentioned that before Tex rooms and
38:35 - 38:37

hatching different concepts that some
38:37 - 38:40

people are still confusing about it okay
38:40 - 38:42

there is a huge difference between the
38:42 - 38:46

two the main one is that Asing is a
38:46 - 38:50

oneway function you go from the left to
38:50 - 38:52

the right and usually you don't have the
38:52 - 38:54

ability to come back to replicate the
38:54 - 38:57

process of course if you have the
38:57 - 38:59

algorithms on hand then you can do
38:59 - 39:02

reverse engineering this is obvious but
39:02 - 39:04

this is not what happen in regular
39:04 - 39:07

conditions okay so check zoom and
39:07 - 39:10

hatching both minimize the possibility
39:10 - 39:13

that you mistake in your digital
39:13 - 39:16

forensic ER
39:16 - 39:18

analysis the other component is
39:18 - 39:22

acquisition okay so how are you going to
39:22 - 39:24

collect the data what particular tools
39:24 - 39:26

are you going to use you always have to
39:26 - 39:29

maintain a strict R only access to the
39:29 - 39:32

source if you have the ability to
39:32 - 39:35

manipulate the data in the source you
39:35 - 39:38

have the ability to tamper with actually
39:38 - 39:40

the most important consideration out of
39:40 - 39:44

the CIA which is integrity if the
39:44 - 39:47

opponent is the opposite part to you in
39:47 - 39:50

your organization the defendant in other
39:50 - 39:54

words have the ability to prove that
39:54 - 39:57

the the original data or source can be
39:57 - 39:59

manipulated in any way the conversation
39:59 - 40:02

is 100% over and the case will be
40:02 - 40:04

dismissed categorically speaking it's no
40:04 - 40:08

more conversation so this is a humongous
40:08 - 40:10

responsibility when it comes to data
40:10 - 40:13

acquisition what protocols you use what
40:13 - 40:15

the specific tools how do you plan it
40:15 - 40:17

how you document is a very painful
40:17 - 40:21

process in other words okay now data
40:21 - 40:24

recovery we already talk about the
40:24 - 40:27

complexity of finding a needle in a tone
40:27 - 40:30

of s this is super complex okay but it's
40:30 - 40:34

doable the only thing you have to use is
40:34 - 40:36

the appropriate tools and you you need
40:36 - 40:38

to have a specific plan because every
40:38 - 40:42

single case is 100% different digital
40:42 - 40:45

signatures sign the acquire data in
40:45 - 40:48

hatches with a dig digital signature for
40:48 - 40:50

authentication there are multiple cases
40:50 - 40:54

today in which H signatures are not
40:54 - 40:57

accepted anymore in the go government I
40:57 - 40:59

am a Federal Officer for the US
40:59 - 41:02

Department of Commerce in USA in the
41:02 - 41:05

government we are not allowed to sign
41:05 - 41:08

anything by hand for many years back
41:08 - 41:12

many years okay digital signatures have
41:12 - 41:16

a specific component that minimize
41:16 - 41:18

dramatically speaking the possibility of
41:18 - 41:21

replication and this is why this is
41:21 - 41:23

accepted in the court of law
41:23 - 41:26

verification R verifies the Integrity of
41:26 - 41:29

that Qui image by comparing hash values
41:29 - 41:32

with those calculated before the hash
41:32 - 41:36

values must be exact no difference not
41:36 - 41:39

even in one
41:39 - 41:43

0.001 percentage most much 100%
41:43 - 41:47

categorically speaking otherwise the
41:47 - 41:49

court is going to dismiss the case as
41:49 - 41:52

well or the organization probably is not
41:52 - 41:55

going to take the appropriate action vus
41:55 - 41:59

in a particular individual or problem or
41:59 - 42:03

process okay LS and no we already talk
42:03 - 42:06

about documentation at the beginning you
42:06 - 42:09

have to actually make sure that
42:09 - 42:12

everything is timestamped as I mentioned
42:12 - 42:15

before at the beginning digital forensic
42:15 - 42:18

must be collected in a particular order
42:18 - 42:21

analyzed in the similar Manner and
42:21 - 42:25

presented in the report in the specific
42:25 - 42:28

order in which the process was done
42:28 - 42:31

otherwise the process is going to be
42:31 - 42:34

disqualified and this is exclusively at
42:34 - 42:37

this point our own responsibility and
42:37 - 42:42

nobody else okay the storage we already
42:42 - 42:45

know that gain of custody is one of the
42:45 - 42:47

most important component there are
42:47 - 42:49

multiple forms depending of the state in
42:49 - 42:52

which you live and the countries as well
42:52 - 42:55

that you have to follow anything if you
42:55 - 42:58

miss a check mark or if you put a check
42:58 - 43:00

mark on those particular forms you are
43:00 - 43:04

basically dismissing you the case you
43:04 - 43:07

intentionally the court doesn't work in
43:07 - 43:10

the way many of us believe okay we have
43:10 - 43:12

the possibility to put somebody in the
43:12 - 43:16

electric share or to release to provide
43:16 - 43:19

to this particular individual or
43:19 - 43:22

organization what we said is relevant
43:22 - 43:24

okay this is very important the brift
43:24 - 43:26

you always have to be in Comm
43:26 - 43:30

communication with all parties both the
43:30 - 43:32

one presenting the digital process or
43:32 - 43:35

ruling the process and the other part as
43:35 - 43:40

well you cannot hide anything Zero from
43:40 - 43:42

your opponents in the court of law or
43:42 - 43:45

for the defendant part never in your
43:45 - 43:48

life this is why the first bullet in the
43:48 - 43:50

whole presentation was as you may
43:50 - 43:54

remember ethics okay in digital forensic
43:54 - 43:57

we provide what we known to the other
43:57 - 44:00

parties as well even to the defendant to
44:00 - 44:03

the opponents every single time no
44:03 - 44:07

exception and we provide every single
44:07 - 44:10

artifact with the most clear possible
44:10 - 44:12

explanation to the opponents this is how
44:12 - 44:15

the digital forensic process work
44:15 - 44:18

otherwise it will be dismissed as well
44:18 - 44:21

in the court steing you have to make
44:21 - 44:24

sure that every single piece of digital
44:24 - 44:27

evidence is
44:27 - 44:31

properly still then that you follow the
44:31 - 44:33

process by the book again if you Skip
44:33 - 44:37

One Step just one out of 100 or 200s
44:37 - 44:40

depending of the case the case is going
44:40 - 44:43

to be this measure no exceptions the Cod
44:43 - 44:46

goes by the book as you can imagine and
44:46 - 44:48

your opponent is going to be very
44:48 - 44:50

attentive to to the minimum possible
44:50 - 44:54

failure to dismiss the case okay so how
44:54 - 44:56

you transport the data from one place to
44:56 - 44:59

the other place chain of custody this is
44:59 - 45:03

the key component chain of custody data
45:03 - 45:06

encryption you have to make sure that
45:06 - 45:10

you prevent or actually Pro prevent a
45:10 - 45:13

Integrity manipulation and you always
45:13 - 45:16

want to meure the confidentiality of the
45:16 - 45:19

data CIA we already talked about the
45:19 - 45:22

component confidentiality Integrity
45:22 - 45:23

availability from the digital forensic
45:23 - 45:26

standpoint the most important no
45:26 - 45:30

exception is integrity and also the
45:30 - 45:32

confidentiality okay so from the
45:32 - 45:35

recovery image standpoint you always
45:35 - 45:38

want to have a duplicate for validation
45:38 - 45:41

and reanalysis and remember that you
45:41 - 45:44

always want to work with a copy of the
45:44 - 45:48

digital evidence 100% of the time no 9
45:48 - 45:51

you have to preserve the original
45:51 - 45:53

evidence this is part of our
45:53 - 45:56

responsibility and this is why we do bit
45:56 - 46:00

by bit analysis and bit by bit copy it's
46:00 - 46:04

complex okay now a specific step in
46:04 - 46:06

digital forensics to analyze the
46:06 - 46:09

collected data at this point you already
46:09 - 46:11

went through multiple process and spent
46:11 - 46:14

a lot of time how do you analyze the
46:14 - 46:16

data you have because you are going to
46:16 - 46:19

have probably terabytes of data okay
46:19 - 46:24

well you have to make sure that hashing
46:24 - 46:27

and TS digital signatures and the chain
46:27 - 46:31

of custody have been followed data
46:31 - 46:34

priorization what happens and what is
46:34 - 46:36

more relevant you cannot present in the
46:36 - 46:39

court two terabytes of data or 2,000
46:39 - 46:42

Pages this is Irrelevant for the case
46:42 - 46:44

okay you have to make sure that you use
46:44 - 46:47

keywords in order to provide a solid
46:47 - 46:50

report to the court for this particular
46:50 - 46:53

case for the keywords artificial
46:53 - 46:56

intelligence have been proven to me that
46:56 - 46:59

is of huge help file caring you have to
46:59 - 47:02

use a specialized tool to recover files
47:02 - 47:05

that may been deleted or you
47:05 - 47:09

intentionally hiting timeline analysis
47:09 - 47:11

we talk about you have to do everything
47:11 - 47:14

by following a particular sequence of
47:14 - 47:17

activities in other words you have to
47:17 - 47:19

present and do the analysis in
47:19 - 47:21

chronological order in the way that you
47:21 - 47:24

collect the data this is the exact way
47:24 - 47:26

you do the analysis and later you do
47:26 - 47:28

correlation okay but you have to follow
47:28 - 47:31

a particular chronological order data
47:31 - 47:33

recovery you have to do your best to
47:33 - 47:36

reconstruct the data that have been
47:36 - 47:39

deleted or probably damaged even by a
47:39 - 47:41

physical or electronic condition in the
47:41 - 47:44

storage media the metadata analysis is
47:44 - 47:46

also complex okay this is the next
47:46 - 47:49

component after the time the timeline
47:49 - 47:52

analysis metadata includes multiple kind
47:52 - 47:55

of data so this part of the analysis is
47:55 - 47:57

going to be complete colle and more time
47:57 - 48:00

consuming than the data collection and
48:00 - 48:02

the data collection is already very time
48:02 - 48:05

consuming content analysis you have to
48:05 - 48:06

be very careful because this is
48:06 - 48:09

basically what the forensic analysis is
48:09 - 48:12

going to be parent recognition how you
48:12 - 48:16

can match one bit of data with another
48:16 - 48:19

bit okay is there any association
48:19 - 48:23

between bits between bites between data
48:23 - 48:27

between words this is a iCal
48:27 - 48:29

component communication analysis again
48:29 - 48:31

you want to make sure that you include
48:31 - 48:35

everything emails today are probably the
48:35 - 48:38

most relevant component of digital
48:38 - 48:40

forening analysis you wants to make sure
48:40 - 48:43

that you master email analysis as well
48:43 - 48:46

data encryption you always have to keep
48:46 - 48:48

in mind the confidentiality and when we
48:48 - 48:51

are talking about the recovery or the
48:51 - 48:53

recovery image I mentioned that as well
48:53 - 48:56

similar to the chain of custody before
48:56 - 48:58

because you always have to pres the
48:58 - 49:01

digital the original data evidence
49:01 - 49:03

examination you want to make sure that
49:03 - 49:06

you verify the Integrity of the data you
49:06 - 49:09

have been acquiring including hash value
49:09 - 49:11

digital signature and the chain of
49:11 - 49:14

custodies we talk about this already
49:14 - 49:17

this is a repeat of the slide by the way
49:17 - 49:20

okay so database examination and you
49:20 - 49:24

foring a duplicate slide so this slide
49:24 - 49:28

is the same to this okay so my apology
49:28 - 49:31

for that it's my fault data database
49:31 - 49:33

examination investigate databases for
49:33 - 49:35

valueable valuable information including
49:35 - 49:39

structure data and locks entries Etc
49:39 - 49:41

media analysis this is a very complex
49:41 - 49:44

process because it's usually about atigo
49:44 - 49:47

or include testigo and this is about
49:47 - 49:50

image videos audios geolocation in
49:50 - 49:52

digital signatures Network traffic
49:52 - 49:56

analysis tools as why the Shar h but my
49:56 - 49:59

suggestion is that you use all the tools
49:59 - 50:02

that are part of the artificial
50:02 - 50:05

intelligence applications we can use
50:05 - 50:07

today and are available in the
50:07 - 50:11

market estigo is always complex okay
50:11 - 50:14

because stigo include not only image but
50:14 - 50:17

in many cases audio as well and this is
50:17 - 50:20

very complex time consuming you always
50:20 - 50:22

wants to make sure that you use the
50:22 - 50:24

appropriate estigo analysis techniques
50:24 - 50:27

and that are multiple specific for
50:27 - 50:30

volatile analysis as I mentioned before
50:30 - 50:33

there is multiple ways to do
50:33 - 50:38

data acquisition from RAM memory when we
50:38 - 50:41

turn off the computer all the data from
50:41 - 50:44

Ram doesn't goes off this is what
50:44 - 50:47

everybody said this is what Google said
50:47 - 50:49

this is what people that never do
50:49 - 50:52

forensic investigation repeat this is
50:52 - 50:55

not appropriate if you know how to do it
50:55 - 50:57

and again I make the presentation for e
50:57 - 51:00

councel in 2019 if you Google my name in
51:00 - 51:03

this presentation you will be able to
51:03 - 51:06

find a particular video in which I was
51:06 - 51:08

able to recover data from RAM memory
51:08 - 51:12

after the computer was took down took
51:12 - 51:15

down believe it or not go for the other
51:15 - 51:17

presentation that this is DC councel
51:17 - 51:19

database and you will be able to see the
51:19 - 51:22

video okay comparison you have to do
51:22 - 51:24

cross reference every single time to
51:24 - 51:27

make sure that the data you identify is
51:27 - 51:30

appropriate and you always identify
51:30 - 51:33

identity deviations and
51:33 - 51:35

inconsistency before you do the final
51:35 - 51:38

report I told you already when you
51:38 - 51:41

present the report in the court of law
51:41 - 51:44

and minimum mistake something minimum
51:44 - 51:47

will be disqualified in the case for
51:47 - 51:50

example in this presentation I include
51:50 - 51:53

IED by mistake this slide and this slide
51:53 - 51:56

if I do that in the in the court of flow
51:56 - 51:57

is
51:57 - 52:00

dismiss okay that's it it's no more
52:00 - 52:02

conversation the emotion analysis we
52:02 - 52:05

have talk about that we are talking
52:05 - 52:08

about persons digital evidence is always
52:08 - 52:12

related to people in process processes
52:12 - 52:15

applications Hardware software so we
52:15 - 52:18

want to make sure that what we present
52:18 - 52:20

is accurate and from the documentation
52:20 - 52:23

at some point it was the second point in
52:23 - 52:25

the presentation we have to document
52:25 - 52:28

everything reporting is about compiling
52:28 - 52:32

in a clear and comprehensive manner
52:32 - 52:34

including summaries methodologist and
52:34 - 52:36

supporting evidence you have to include
52:36 - 52:39

or at least in my case I always include
52:39 - 52:42

the recordings of everything I do
52:42 - 52:44

everything means even if I open my
52:44 - 52:46

personal email or if a notification come
52:46 - 52:49

to my computer and I open something in
52:49 - 52:53

my my in my WhatsApp for example this is
52:53 - 52:56

part of the recording as well okay so
52:56 - 52:58

you have to make sure that you provide
52:58 - 53:01

an expert testimony in order to do that
53:01 - 53:02

you have to be an expert in digital
53:02 - 53:06

currency Feer review consult with other
53:06 - 53:08

with your partners with the opponent
53:08 - 53:11

with the defendant part before you
53:11 - 53:12

present it's not that you are going to
53:12 - 53:15

modify to report because the defendant
53:15 - 53:17

doesn't like it this is not what I'm
53:17 - 53:19

telling you it's just that you are going
53:19 - 53:21

to provide the report and by the way you
53:21 - 53:24

must provide the report to the defendant
53:24 - 53:27

before you go to the Court by the time
53:27 - 53:28

you stand up in the court everything
53:28 - 53:30

needs to be done the other part need to
53:30 - 53:33

know exactly what you are going to
53:33 - 53:35

present this is how the legal systems
53:35 - 53:38

work okay with deceptions of very few
53:38 - 53:41

countries but in the world this is how
53:41 - 53:44

it work so the quality assurance is just
53:44 - 53:46

making sure that what you present is
53:46 - 53:49

appropriate the case management is how
53:49 - 53:51

you use the digital forensic and manage
53:51 - 53:54

system to track everything in analysis
53:54 - 53:56

process and from the data privacy
53:56 - 53:59

compliance I told you already every
53:59 - 54:00

single place every single City every
54:00 - 54:03

single state operate under different
54:03 - 54:05

conditions popular tool for digital
54:05 - 54:09

forensic few of those in Cas
54:09 - 54:12

autopsy Access Data everybody know how
54:12 - 54:15

is a forensic tool kit hway forensic
54:15 - 54:18

celebrity vola volatility wi sh
54:18 - 54:21

everybody most likely know oxygen
54:21 - 54:23

forensic detective and the digital
54:23 - 54:25

evidence and forensic tool kit so some
54:25 - 54:28

of those are included in Cali others do
54:28 - 54:31

not some are open source others are
54:31 - 54:34

extremely expensive for example in case
54:34 - 54:37

which is very very expensive some
54:37 - 54:39

relevant reference about digital
54:39 - 54:43

forensic I prefer to use keywords and
54:43 - 54:46

not particular reference or books
54:46 - 54:49

because I don't recommend any specific
54:49 - 54:52

book instead the combination of content
54:52 - 54:54

and knowledge and expertise but some
54:54 - 54:56

words or key words you can use if you
54:56 - 54:59

want to expand more in digital forensic
54:59 - 55:02

are digital forensic best practice
55:02 - 55:05

challenge iMobile digital forensic
55:05 - 55:07

Network forensic techniques Cloud
55:07 - 55:10

forensic investigations Internet of
55:10 - 55:13

Things forensic memory forensic analysis
55:13 - 55:15

because you want to stop repeating what
55:15 - 55:17

you have been learning for years when
55:17 - 55:19

you took down the computer with the
55:19 - 55:21

computer is turn it
55:21 - 55:24

off and there is a lot of data that
55:24 - 55:27

remains in r memory for a particular
55:27 - 55:31

amount of time of course okay so try to
55:31 - 55:33

expand on this topic malware analysis in
55:33 - 55:35

digital forensic and cyber security and
55:35 - 55:38

digital forensic Trends those are
55:38 - 55:41

keywords that will be facilitating your
55:41 - 55:44

expansion or you expanding on digital
55:44 - 55:48

forensic knowledge other
55:48 - 55:51

considerations are some particular
55:51 - 55:54

journals okay I in this case I'm going
55:54 - 55:57

to risk and recommend the digital
55:57 - 56:00

investigation that is published by xier
56:00 - 56:02

is one of the top in the world the other
56:02 - 56:05

one is the Journal of digital forensic
56:05 - 56:08

security and law and forensic science
56:08 - 56:12

International digital investigation
56:13 - 56:16

report I'm open to any question you may
56:16 - 56:19

have and one more time I want before I
56:19 - 56:22

close my lips I want to sincerely thank
56:22 - 56:25

you EC Council for another opportunity
56:25 - 56:28

to talk about this fascinating topic
56:28 - 56:30

thank you very much for all the staff in
56:30 - 56:34

the e Council that work tily who made
56:34 - 56:37

this presentation a possibility and
56:37 - 56:39

thank you so much as well for you guys
56:39 - 56:41

attending the conf the conference and
56:41 - 56:44

for the questions that you may
56:45 - 56:48

ask thank you very much Dr Lewis for
56:48 - 56:49

such an insightful and informative
56:49 - 56:51

session that was really a very
56:51 - 56:53

interesting webinar and we hope it was
56:53 - 56:55

worth your time too now now before we
56:55 - 56:57

begin with the Q&A I would like to
56:57 - 57:00

inform all the attendees that EC
57:00 - 57:03

council's CH maps to the forensic
57:03 - 57:05

investigator and the consultant digital
57:05 - 57:08

forensics anyone with the chfi
57:08 - 57:10

certification is eligible for 4,000 plus
57:10 - 57:12

job vacancies globally with an average
57:12 - 57:13

salary of
57:13 - 57:15

$95,000 if you're interested to learn
57:15 - 57:17

more andly take part in the poll that's
57:17 - 57:19

going to be conducted now let us know
57:19 - 57:20

your preferred mode of training and we
57:20 - 57:23

will reach out to you
57:24 - 57:27

soon
57:27 - 57:29

uh Dr L shall we start with the
57:29 - 57:32

Q&A yes I'm ready
57:32 - 57:35

for okay our first question is how to
57:35 - 57:39

prove in court of law that the collected
57:39 - 57:41

evidence is from the same object and not
57:41 - 57:43

collected from any other
57:43 - 57:46

object this is a very important question
57:46 - 57:49

I really appreciate the clarification on
57:49 - 57:52

this topic as I said we have to be very
57:52 - 57:54

careful about the way we collect the
57:54 - 57:56

data when we are talking about objects
57:56 - 58:00

objects are associated to bits not to
58:00 - 58:02

bikes only but Bits And as I mention
58:02 - 58:06

multiple times when we do the copy of
58:06 - 58:09

the original data we want to make sure
58:09 - 58:12

that we always do bit by bit when you do
58:12 - 58:17

bit by bit and not B by B because a bit
58:17 - 58:22

implies up to 3.4 volts in electricity
58:22 - 58:24

we are eliminating the possibility of
58:24 - 58:28

mistake objects are bigger a bit do not
58:28 - 58:31

constitute an object objects are formed
58:31 - 58:34

by multiple bits this is why we have to
58:34 - 58:37

do the analysis bit by bit and I
58:37 - 58:40

mentioned that multiple
58:42 - 58:44

times thank you for answering that
58:44 - 58:47

question our next question is what kind
58:47 - 58:49

of forensic data can we obtain from the
58:49 - 58:51

encrypted data where the key is not
58:51 - 58:54

available to decrypt the
58:54 - 58:58

data could you please repeat the
58:59 - 59:02

question what kind of forensic data can
59:02 - 59:04

be obtained from the encrypted data
59:04 - 59:06

where the key is not available to
59:06 - 59:09

decrypt the
59:09 - 59:13

data you encryp
59:13 - 59:16

data uh I'll just P the question to you
59:16 - 59:20

on chat uh Dr
59:20 - 59:23

Ls I'm not watching the chat right now
59:23 - 59:27

something happened
59:28 - 59:30

I'm not watching the
59:30 - 59:35

shat sorry H long hello hello hello can
59:35 - 59:36

you hear
59:36 - 59:40

me yes I can hear you yes I have posted
59:40 - 59:43

the question on the chat Dr leis okay
59:43 - 59:47

okay please yes I have already pasted
59:47 - 59:51

okay let me check
59:54 - 59:56

here
59:56 - 60:00

okay give me a second okay what kind of
60:00 - 60:01

forensic data can be obtained from
60:01 - 60:05

encrypted data oh okay okay well this is
60:05 - 60:07

another misperception okay everybody
60:07 - 60:10

knows that when the data is encrypted we
60:10 - 60:13

cannot open the data or the particular
60:13 - 60:16

file document video any kind of Digital
60:16 - 60:19

forening Data let me tell you something
60:19 - 60:21

there are multiple forensic tools that
60:21 - 60:24

have the ability to decrypt the data
60:24 - 60:26

even when we don't have the key this and
60:26 - 60:29

I understand the key component and I
60:29 - 60:30

understand that the two type of
60:30 - 60:33

encryptions symmetric and asymmetric and
60:33 - 60:35

as I said I have multiple Publications
60:35 - 60:36

about
60:36 - 60:40

encryption ER but there is most likely
60:40 - 60:44

always the possibility to encrypt data
60:44 - 60:47

without having the encryption key I
60:47 - 60:50

understand that it doesn't sounds
60:50 - 60:52

popular it's not what we hear every
60:52 - 60:55

single time but when we spend specialize
60:55 - 60:59

on digital forensic we have usually the
60:59 - 61:02

tools we need to decrypt the data
61:02 - 61:04

especially if you are using artificial
61:04 - 61:07

intelligence also in the government at
61:07 - 61:09

least in the US government in my
61:09 - 61:12

operation in the operation I direct I
61:12 - 61:15

handle I supervise we are using
61:15 - 61:16

artificial intelligence for multiple
61:16 - 61:20

things in cyber security since
61:20 - 61:22

2017 and we are also using Quantum
61:22 - 61:25

Computing Quantum Computing is not not
61:25 - 61:29

coming quantum computer is in use in the
61:29 - 61:32

US government for years now so we are
61:32 - 61:35

using Quantum Computing for years there
61:35 - 61:37

are multiple ways to decrypt the data
61:37 - 61:41

when the encryption key is not available
61:41 - 61:43

multiple ways multiple applications as
61:43 - 61:45

well that help with the process it's
61:45 - 61:48

very time consuming but there is a
61:48 - 61:51

possibility for that and this is a great
61:51 - 61:53

question because the question is okay
61:53 - 61:56

how about the hard drive is encrypted
61:56 - 61:58

there is nothing that I can do right no
61:58 - 62:00

this is not like that there is always
62:00 - 62:02

ways to decrypt the data always it
62:02 - 62:05

doesn't matter how strong the encryption
62:05 - 62:07

is but you need to have the appropriate
62:07 - 62:10

tools of place for example I'm going to
62:10 - 62:13

mention just one in case when I present
62:13 - 62:17

this some tools that I suggest before I
62:17 - 62:21

said that in case is very expensive in
62:21 - 62:24

case do magic between quotation man in
62:24 - 62:26

case do multiple things that we don't
62:26 - 62:29

learn in the school
62:29 - 62:32

okay so I can see the other question
62:32 - 62:34

here how to adapt to investigation in
62:34 - 62:36

the cloud since the clouds provided do
62:36 - 62:38

not allow most of important operation to
62:38 - 62:42

access media when you have to do a case
62:42 - 62:45

or conduct digital forensic in the cloud
62:45 - 62:49

the cloud providers 99% of the time I
62:49 - 62:51

don't want to say 100 because I don't
62:51 - 62:53

want to risk on that but usually the
62:53 - 62:56

cloud providers include in the SLA in
62:56 - 62:59

the service level agreement what is
62:59 - 63:02

going to happen if a digital forensic or
63:02 - 63:04

any kind of Investigation needs to do
63:04 - 63:08

needs to be performed in the cloud space
63:08 - 63:11

so most likely the cloud operator is
63:11 - 63:14

going to facilitate access to everything
63:14 - 63:16

you need sometime you have to move and
63:16 - 63:19

go physically to the place in which the
63:19 - 63:21

data is
63:21 - 63:23

host don't believe that the cloud
63:23 - 63:26

provider doesn't know where the data is
63:26 - 63:29

host we know where the data is host
63:29 - 63:31

specifically I have been in San Diego
63:31 - 63:34

California and another States in Hawaii
63:34 - 63:36

back in
63:36 - 63:38

2019 as well doing forensic
63:38 - 63:41

investigation in a cloud environment it
63:41 - 63:43

was actually for something government
63:43 - 63:46

related and I was given the permission I
63:46 - 63:49

need to do any kind of Investigation so
63:49 - 63:52

Cloud providers facilitate forensic
63:52 - 63:55

analysis because forensic analysis are
63:55 - 63:58

usually related to legal cases there are
63:58 - 64:01

multiple cases in which in USA we don't
64:01 - 64:03

have access to this data and I'm going
64:03 - 64:07

to mention an example Tik Tok Tik Tok
64:07 - 64:09

the problem between the US government
64:09 - 64:12

and Tik Tok is that when Tik Tok get the
64:12 - 64:15

authorization to operate in USA the
64:15 - 64:19

government was one step behind behind
64:19 - 64:21

Okay and we don't regulate Tik Tok at
64:21 - 64:25

this point Tik Tok has the ability to
64:25 - 64:28

prevent forensic investigation in the
64:28 - 64:31

Tik Tok platforms for the US government
64:31 - 64:35

cour system or legal system okay but
64:35 - 64:38

again usually Cloud providers facilitate
64:38 - 64:41

investigation in the cloud 100% they
64:41 - 64:43

cooperate in every single manage they
64:43 - 64:48

have to facilitate the forensic
64:50 - 64:52

investigation thank you for answering
64:52 - 64:54

that question uh we'll take last
64:54 - 64:57

question for the day uh what is the best
64:57 - 65:00

open source free tools for social media
65:00 - 65:04

forensics there is no best open source
65:04 - 65:06

tool that is a combination of tools
65:06 - 65:09

number one digital forensic cannot be
65:09 - 65:11

performed categorically speaking with
65:11 - 65:15

one or two tools this is a complex time
65:15 - 65:18

consuming and expensive process I made
65:18 - 65:21

some suggestions it's included in the
65:21 - 65:26

slide ER let me see a slide
65:27 - 65:29

slide
65:29 - 65:31

number
65:31 - 65:34

16 okay this is the slide in which I
65:34 - 65:37

include in case autopsy the S some of
65:37 - 65:41

them are upper cases as I I'm sorry open
65:41 - 65:43

source as I mentioned before but there
65:43 - 65:46

is not a particular tool or two or three
65:46 - 65:48

tools that I will recommend because in
65:48 - 65:52

top of that every single forensic
65:52 - 65:55

investigation is about the different
65:55 - 65:57

process you cannot use the similar tools
65:57 - 66:01

this is why there are very at least in
66:01 - 66:04

USA very small amount of organizations
66:04 - 66:07

companies that specialize in digital
66:07 - 66:10

forensic as my company does the reason
66:10 - 66:14

why is because between many other things
66:14 - 66:16

lack of expertise and
66:16 - 66:19

expenses okay so I do not recommend a
66:19 - 66:22

particular tool instead the combination
66:22 - 66:24

of tools there are multiple open source
66:24 - 66:28

I mention a few in a slide number 16 of
66:28 - 66:31

my PowerPoint presentation but again
66:31 - 66:33

those are not sufficient those are the
66:33 - 66:36

most popular and
66:36 - 66:39

strong ER more accurate uh tools that
66:39 - 66:42

you can use for digital forensic but a
66:42 - 66:44

particular tool one or two to do
66:44 - 66:47

forensic investigation it doesn't exist
66:47 - 66:50

is impossible
66:52 - 66:54

doesn't thank you again to our wonderful
66:54 - 66:56

speaker Dr Lewis for answering those
66:56 - 66:58

questions and for the great presentation
66:58 - 67:00

and knowledge shared with our Global
67:00 - 67:02

audiences it was a pleasure to have you
67:02 - 67:04

with us and we are looking for more and
67:04 - 67:05

more sessions with you before we
67:05 - 67:07

conclude the webinar Dr LS would you
67:07 - 67:08

like to give a small message to our
67:08 - 67:11

audiences
67:11 - 67:14

please well no just want to thanks
67:14 - 67:17

everybody again the one that work
67:17 - 67:21

tiously behind the presentation to you
67:21 - 67:24

in e Council as always thank you very
67:24 - 67:25

much for the support for all the
67:25 - 67:28

attendees I hope you learn something new
67:28 - 67:32

let me clarify that every single content
67:32 - 67:34

wording words Etc that I have been
67:34 - 67:37

presenting for you is my original
67:37 - 67:39

creation 100% not
67:39 - 67:43

99.99 but 100% categorically speaking
67:43 - 67:45

and I put together those notes and
67:45 - 67:48

reflection for you guys with the hope
67:48 - 67:49

that you can come back to your
67:49 - 67:52

organization and ser better that you can
67:52 - 67:55

become a public servant
67:55 - 67:57

ER and go to the court and testify in
67:57 - 68:01

favor of the park that deserve your
68:01 - 68:04

benefits and I sincerely thank you for
68:04 - 68:06

the opportunity to share my expertise
68:06 - 68:09

with you guys have a nice weekend okay
68:09 - 68:10

thank you very much for the time in
68:10 - 68:13

question thank you so
68:14 - 68:17

much thank you so much Dr Louis for your
68:17 - 68:19

message before we end the session I
68:19 - 68:20

would like to announce the next cyber
68:20 - 68:23

talk session why are strong foundational
68:23 - 68:25

cyber securities skills essential for
68:25 - 68:27

every IT professional which is scheduled
68:27 - 68:29

on November 8 2023 this session is an
68:29 - 68:31

export presentation by Roger Smith
68:31 - 68:34

director car Managed IT industry fellow
68:34 - 68:37

at Australian Defense Force Academy to
68:37 - 68:38

register for this session please do go
68:38 - 68:40

visit our website
68:40 - 68:43

www.ccu.edu cybert talks the link is
68:43 - 68:45

given in the chat section hope to see
68:45 - 68:48

you all on November 8th with this VN the
68:48 - 68:50

session with this you may disconnect
68:50 - 68:52

your lines thank you thank you so much
68:52 - 68:55

Dr leis pleasure having you
68:55 - 68:57

likewise thank you very much for the
68:57 - 69:02

opportunity thank you have a good day

Title:: Digital Forensics Best Practices: From Data Acquisition to Analysis
Description:: more » « less
Video Language:: English
Duration:: 01:09:00

	OEVIDEOS edited English subtitles for Digital Forensics Best Practices: From Data Acquisition to Analysis
	OEVIDEOS edited English subtitles for Digital Forensics Best Practices: From Data Acquisition to Analysis
	OEVIDEOS edited English subtitles for Digital Forensics Best Practices: From Data Acquisition to Analysis
	OEVIDEOS edited English subtitles for Digital Forensics Best Practices: From Data Acquisition to Analysis
	OEVIDEOS edited English subtitles for Digital Forensics Best Practices: From Data Acquisition to Analysis

English subtitles

Revisions Compare revisions

Revision 5 Edited

OEVIDEOS
Revision 4 Edited

OEVIDEOS
Revision 3 Edited

OEVIDEOS
Revision 2 Edited

OEVIDEOS
Revision 1 Uploaded

OEVIDEOS

	Revision Number	Author	Created
	5	OEVIDEOS
	4	OEVIDEOS
	3	OEVIDEOS
	2	OEVIDEOS
	1	OEVIDEOS

Digital Forensics Best Practices: From Data Acquisition to Analysis

Revisions Compare revisions

Our website uses cookies

Operating cookies (Required)