VIDEOS: from Rüschlikon, Switzerland: a review of the Digital Investigations Conference 2017

Für die deutsche Version klicken Sie hier

 20th of June 2017 

Hotel Belvoir, Rüschlikon, Switzerland

 

Sponsored by:

www.arina.ch/en

2 October 2017 – This past June I spent three glorious days in Zurich, my focus the Digital Investigations Conference (DIC), an event held annually for the last five years, where this year I was the keynote speaker.

NOTE: a huge hat tip to Nico Van der Beken who recommended me as keynote speaker to Arina and whom I have known and worked with across Europe for 10+ years. Nico has unparalleled experience in the e-discovery/forensics field: working with lawyers, IT people and suppliers – negotiating and delivering cost-effective solutions and project management. Just getting things done. 

And a very special note to the entire staff at the Hotel Belvoir. A simply superb venue for a conference … and the perfect venue for just a few days relaxation and as a jump-off point to see Zurich.  Please see my notes/comments at the end of this post. 

The DIC is truly a one-of-a-kind event. It is Switzerland’s only such conference that provides a platform for computer forensic experts, vendors, partners and sponsors working in digital investigations and e-Discovery. It features keynotes and offers workshops to increase skills and to learn more about soft- and hardware solutions in the market.

The event focus hits everybody: academics, advisories, corporates, government, law enforcement, law firms, and military organizations and is run and organized by the brainiacs behind Arina AG, the very well-known and dominant reseller for globally leading products in the areas of digital forensics, mobile forensics, e-discovery, cybersecurity, data duplication systems and network forensics. They are the leader in the DACH region (Austria, Germany and Switzerland).

Before I get to the event itself and my video interviews with the various vendors, here is my chat with Markus Mosca (founder/CEO) and Roman Locher (CTO) of Arina. They talk about the founding of the company, the array of services and technology they provide, and the purpose of the Digital Investigations Conference:

MY KEYNOTE ADDRESS

For most of us in the information management trade, artificial intelligence is a nifty tool. We see the benefit of artificial intelligence in deep learning patterns, methodology, and strategy.

In my keynote I tried to give the audience a view “from 10,000 feet up”, an overview of the computational process of machine learning, statistics, and database systems. Oh, and a tribute to Oskar Schlemmer who in 1915 displayed his prophetic dancing robots … and predicted our “serene mechanical simulacra that will be so typical of what will become our automated period”.

NOTE: at the end of my keynote video I have a link to my blog post where you can find my suggested sources to help you get an understanding of artificial intelligence. If you want to go directly to that page click here.

The following is the “abridged” version of my keynote, the one hour presentation reduced to 30 minutes of what I thought were my key points. It includes all of the slides/graphics I used in the presentation:

 

THE CONFERENCE

In any event of this magnitude, it is difficult to report on and comment on everything. You can get a feel of the wide range of topics by reading the conference agenda (click here). So herein a few highlights based on several sessions I attended:

• FORENSICS: in brief, several of the more popular forensic workshops focused on acquiring data from various mobile devices … the usual suspects such as smartphones, tablets and health trackers … and now the spreading use of home devices like Amazon Echo and Google Home. We discussed the recent case where police charged suspects in two separate murder cases based on evidence taken from a Fitbit tracker and a home smart water meter. I could not attend all the forensic sessions and I apologize to the vendors I missed, but a few comments:
  • Daniel Jones (Solutions Consultant, Nuix) in a session entitled Forensics in a mobile world noted that current mobile forensic tools only allow analysis and investigation of mobile devices in isolation of the rest of the digital evidence, which makes it hard to draw links between evidence sources, and results in individual investigations per device type, rather than a holistic view of the case. Digital evidence now comes from many different sources. These include body worn video, the public sector, commercial and private CCTV footage, mobile phone images and video from the public, still images and video from crime scenes, digital interviews, text-based documents, ANPR, patrol car video, audio from contact centres … the list is long and growing all the time. He explained how Nuix technology was making the holistic view happen. Please also see our video interview below with Nick Pollard of Nuix.
  • Tatiana Pankova (Marketing Manager, Oxygen Forensics) did a presentation titled Deep Diving for Forensic Gold and focused on how all the vital evidence you need is usually is stored in apps: contacts, group and private chats, plans, geo coordinates, cache and much more. You need to decrypt and retrieve securely stored data in apps, like Whatsapp, Snapchat, Telegram,Threema, etc. She explained how apps are constantly changing: popular apps are updated almost every week and forensic software manufacturers have to catch up with it adding support for newer versions. She also did a very concise review of encryption. We generally hear about two types of encryption, symmetric and asymmetric encryption. Symmetric encryption uses one shared key for encrypting and decrypting data. Asymmetric encryption, on the other hand, uses one key for encrypting data and another separate, but related, key for decrypting data. Please see our video interview with Tatiana below.
  • Olga Koksharova (Marketing Director, Elcomsoft) focused on backups, clouds and synced bits and pieces that are often much more important than the content of the device in a presentation titled The New Age of Mobile Forensics: Cloud Data Acquisition. Cloud computing is the motivating factor for the progress of these applications. Emerging mobile cloud computing has introduced a new architecture that law enforcement must deal with. She said that since most mobile devices come with the ability to back up their contents into the cloud, depending on the platform, cloud backups may contain as much as the full content of the device complete with the call histories and messages. She explained why over-the-air is the standard for the transmission and reception of application-related information in a wireless communications system, and how Elcomsoft’s mobile forensic tool assist clients in over-the-air acquisition and backup analysis of mobile devices. We have a video interview with Olga below.
  • Dmitry Sumin (President, Passware) in his presentation titled Efficient Decryption with Passware took us down the rabbit hole – decryption of electronic evidence, a common problem for many computer examiners. He examined the new challenges of getting access to encrypted evidence – from now-standard full disk encryption for Windows and macOS to new TrueCrypt successors. He covered new ways of getting the data decrypted – data acquisition from locked computers, encryption triage, leveraging live memory analysis, distributed network attacks and hardware acceleration, using data acquired to improve decryption success rates. We have a video interview with Dmitry below.
  • Jim Borecki (Business Development, Digital Intelligence) had a great session titled Analyzing Systems Hardware for Forensic Software Optimization in which he said based on a thorough testing on a range of processors, RAM quantities, and storage media (mechanical and solid state drives, PCI/NVME media, and RAID options) in a forensic system, he could discuss the testing methodology and various hardware configurations that will have the most impact on the performance of the forensic software. Digital Intelligence is currently focusing on EnCase (testing complete), FTK (testing ongoing), and NUIX software (future) as the basis of this systematic testing. It was a brilliant tutorial … if that is what Jim intended … on forensic software system analysis as a problem-solving technique that breaks down a system into its component pieces for the purpose of the studying how well those component parts work and interact to accomplish their purpose.
• GDPR: It seems you cannot call yourself a digital forensics/e-discovery conference without some sessions on the soon-to-be-upon us General Data Protection Regulation (GDPR). One excellent presentation was by Simon Viney (Vice President, Stroz Friedberg) and Alex Carte (Managing Director, Stroz Friedberg). They explained how the GDPR delivers a fundamental change in how data controllers and data processors handle personal data. Instead of an “add-on” or afterthought within business operations, protections for personal data will now have to be designed into the very fabric of data processing systems, meaning that entities will need to re-examine how they approach the use of technology in their organisations. Technology is, in other words, the principal problem that data protection law is trying to solve. As such, it is obvious that, as well as being the problem, technology must provide the solution. If entities are storing too much personal data, for example, technology needs to deliver delete, erase, de-duplication and minimisation functionality. However, the way that data protection has operated in practice tells a different story and Stroz’s experience in this area backs this up: despite technology being both the problem and the solution, technology systems have not been designed and deployed from the perspective of the requirements of data protection law.
• TSUNAMI OF DATA: Nick Rich (Vice President, Stroz Friedberg) addressed the gorilla in the room (at least for lawyers): try visualising the mountains of data at issue in corporate, litigation and regulatory investigations that span months or years. On desktops, laptops, tablets and mobile devices – generating emails, text messages, social media postings, audio and video recordings, and other potentially key sources of vital data. In his presentation titled Evolving Data, Revolutionary Approaches he discussed how the various e-discovery analytics software tools that Stroz can offer have visualization capabilities that allow it to present data graphically. A visual approach to analytics can help attorneys rapidly determine what is and what isn’t relevant to a case. Legal teams can visualize trends, summarize data, see multiple decision points, and drill down and out of data quickly and dynamically to identify an issue’s key factors. In fact, visualizing data in lawyer-friendly ways is one of the most compelling advances in analytics software used in e-discovery – and a great boon to firms with limited or constrained financial and human resources.
• RED TEAM SECURITY TESTING: Red Team security testing is fast becoming a key tool in assessing an organization’s security posture and ability to detect and respond to an attack. The practice is similar, but not identical to, Penetration Testing, and involves the pursuit of one or more objectives. They are designed to simulate a concerted breach by a group of professional hackers – with all the myriad human factors that can come into play. In a session titled Lessons from the Red Team Trenches, Justin Clarke-Salt (Managing Director, Gotham Digital Science) did a deep dive into his company’s Red Team, discussing real scenarios from their last year of testing. He did a detailed presentation on what Red Team testing is and why you may want to consider doing it. He also discussed some of the effective defenses his company has encountered, and he shared numerous examples from what they’ve seen in the field and shed light on some of his company’s attack strategies.

 

 

THE VENDORS/SPONSORS: VIDEO INTERVIEWS

Time constraints prevented us from doing video interviews with all of the vendors and sponsors of the event (some were speaking but not exhibiting) so we felt lucky we were able to capture all the vendors in the exhibit hall.  Here are those interviews:

CELLEBRITE

We had a chat with Alexander Schuetterle of Cellebrite. Herein, Alex talks about the company’s advanced analysis tools for law enforcement professionals:

For more information about Cellebrite click the following link: www.cellebrite.com  

TEELTECHNOLOGIES

 

We had a chat with Maggie Gaffney of TEELtechnologies. Maggie summarises the mobile device forensics solutions, services, and training the company offers for local, state, and federal law.

For more information about TEELtechnologies click the following link: www.teeltech.com

MSAB

In our chat with Gerhard Gunst of MSAB, Gerhard talks about the MSAB Ecosystem of tools for law enforcement which provide a significant increase in investigation efficiency.

For more information about MSAB click on the following link: www.msab.com

MAGNET FORENSICS

Magnet Forensics provides a complete digital forensics investigation platform allowing examiners to acquire, analyze, and share evidence all within one tool. Peter Warnke points out that the tool, Magnet AXIOM 1.1, is now being used by digital forensics professionals seeking evidence that other tools cannot find, to verify data, to do in-depth examinations of data using multiple views and intelligent technology to focus on results and link relevant data, and to integrate images acquired with other forensics tools – all into a single case file for examination. Please note that the company uses technology from their partners at Passware (see Passware interview below):

For more about Magnet Forensics click on the following link: www.magnetforensics.com

PASSWARE

Dimitry Sumin, founder and CEO of Passware, talks about “Passware Kit Forensic”, a complete electronic evidence discovery solution that reports all password-protected items on a computer and decrypts them.

For more about Passware click on the following link: www.passware.com

OXYGEN FORENSICS

Oxygen Forensics was founded in 2000 as a PC-to-Mobile Communication software company. This experience has allowed their team of mobile device experts to become unmatched in understanding mobile device communication protocols. Oxygen Forensic products have been successfully used in more than 100 countries across the globe. Tatiana Pankova of Oxygen Forensics provides an overview of their products:

 

For more about Oxygen Forensics click on the following link: www.oxygen-forensic.com/en/

ELCOMSOFT

Elcomsoft password recovery solutions allow gaining access to password-protected, locked and encrypted onformation created in a variety of applications. Their unique technologies and deep knowledge in information security implemented in our products allow investigators recovering the most complex passwords faster or even instantly. A chat with Olga Koksharova of Elcomsoft about their products:

For more about Elcomsoft click on the following link: www.elcomsoft.com

 

 

BLACKBAG TECHNOLOGIES

BlackBag Technologies develops innovative forensic acquisition, triage, and analysis software for Windows, Android, iPhone/iPad, and Mac OS X devices. James Buckland talks about the challenges in forensic acquisition and how Black Bag Technologies can help:

 

For more about BlackBag Technologies click on the following link:  www.blackbagtech.com

 

 

NUIX

Most mobile forensic tools only allow analysis and investigation of mobile devices in isolation of the rest of the digital evidence, which makes it hard to draw links between evidence sources, and results in individual investigations per device type, rather than a holistic view of the case. Nick Pollard explains how Nuix technology can making the holistic view happen:

For more about Nuix click on the following link: www.nuix.com

 

THE CONFERENCE VENUE: THE HOTEL BELVOIR