Saint Petersburg International Legal Forum 2013

At the St. Petersburg International Legal Forum I gave a presentation on forensic investigation digital evidence within Europe also from our ENFSI Forensic IT Working group perspective. This conference was very well attended. Prime Minister Dmitry Medvedev opened the conference and our Minister of Security and Justice Ivo Opstelten gave a presentation from the celebration of 400 years collaboration between the Netherlands and Russia. 

Many questions where asked during the forum meetings, and lots of discussion. Also the standardization of Digital Evidence and the ISO 17025 with the new ISO-standards on digital evidence where seen as an important step on harmonization. 

In the meantime I was also looking in bitcoin mining and the properties of bitcoins as well as cloud computing on virtual machines, since there were some questions concerning forensic investigations. I installed some mining software on different cloud virtual machines of different vendors, however as mentioned, it is not cost effective, and certainly energy waisting. Buying ASIC hardware might be more cost effective in the short term, however I assume that either the exchange rate of bitcoins will drop if it gets to easy or the complexity is improved in the meantime. It is interesting to see some of the discussions on forensic investigation of these bitcoins. One can pay with them at Amazon, and at conferences such as Ohm 2013. However bitcoins might disappear according to strategists.

May 2013

It appears to become a nice month, with some project proposals that appear. Last month I invited Nick Goldman at the NFI for a presentation on storage of data  on DNA. At the moment it somewhat costly, however DNA can store the information for thousands of years, something that current digital storage devices are not able to. Since one can store on 1 gram of DNA 2.2 million gigabits of information, this would be 468.000 DVDs, so it is in theory big data. Also developments of data storage in graphene or interesting to watch. Retrieving digital evidence might get more challenging if these developments continue.

This month, I am looking forward since I was invited for the Legal Forum in St Petersburg Russia, to give a presentation there and also in Shanghai, China to a forensic conference on some developments in forensic digital and multimedia evidence. Currently we are also working on the ENFSI Forensic IT Working group meeting in September in Linköping, Sweden, where new developments will be presented.

Currently working on different project proposals for R&D, some casework, reviews, and looking into collaboration and funding possibilities.

 

April 2013

During eastern some time to review reports and papers, and also to have a look at my website and do some updates and further work.

Currently working on several cases and applying for some funds for R&D projects, however as usual not always successful (since many people apply for funding and there is competition, and moreover it is a challenge to write understandable proposals for evaluators, however we learn from every comment).

In April we will also prepare for the conference in September of the ENFSI Forensic IT Working group which will be held from 24-27 September in Linkoping, Sweden.

For R&D projects we also have some intern-ships  and I prefer to have more students working on the same topic, since it appears to me often more efficient.They are available for universities and sometimes we also have students from outside the EU, however it takes somewhat more time for getting approval. Also looking for further collaboration with the University of Amsterdam.

As you can see below, it is interesting to see the number of threats and the countries that they originate from to my website according to the software that I use. I can see also the more complicated captcha protection does not work always that well, and see several dictionary attacks so 2-step verification methods should be used. Currently I use more open source software, however it is important to keep them updated.

In response to growing international interest, DFRWS.org is working with our European colleagues to organize a conference in Amsterdam in Spring 2014. The DFRWS Europe Conference will he held in addition to the DFRWSConference that is held in North America every August.

To help the DFRWS grow, please complete the following survey:

Survey - DFRWS Europe Conference in Amsterdam
http://www.surveymonkey.com/s/3QR85TS

March 2013

As usual making some new planning and development with three highlights of this month

1. Currently I am working on a Research and Development plan for Digital Evidence and Biometrics in forensic science. When writing down the issues,  there seem to exist some paradoxes in the forensics and creativity of humans.We have the risk paradox, risks have to be taken to develop a new method which fits also in agile careers, and besides that we also have the automation paradox as we saw in airline industry. If we would like to have the newest methods implemented by engineers and scientist, we always take some risk. Mostly in forensic science this will be covered by validation and verification experiments in the real world, though sometimes judges ask for methods that are experimental and not completely validated yet (this should always be stated in the report).

2. For ENFSI new best practice guides are developed in many different field. Sometimes people ask me best practice, does it mean good practice or the best practice. Of course in reality it means good practice, however best practice is a management term which is used in ISO 9000. We try to write best practice as such, to the best effort we have. Smart practice is another means of making it more efficient for a lower price, however in forensic science this is not often used to my knowledge, since the goal is minimizing the errors in the findings. Best practice methods can change from one day on another due to rapid developments, and certainly in digital evidence.

3. When looking in my website  www.forensic.to I see that there appear to happen more sophisticated attacks to the website itself and they also try to make some exploits for mobile phones. So I used some additional shields, mostly it appears to be iframe-injection and vulnerabilities in old scripts that I have used, so I have updated all of them. I also see that the attacks are becoming better, since they appear to be adapt quickly to some filtering methods I use. For that reason I use a combination of off the shelf methods and own developments. Intelligent logging analysis methods remain important to use to watch exploits that are not yet detected by commercial software, so it keeps me busy :)

February 2013

The American Academy of Forensic Sciences is having a meeting in Washington DC with more than 4000 people that registered. During this meeting I chaired a workshop on image analysis - 3D imaging and virtopsies and with a nice discussion on Bayesian reasoning versus Baconian and Pascalian reasoning by William Oliver MD who was the co chair. Also during the meeting there were some papers with Likelihood Ratios being given, so it appears the methods are evolving. Once challenge that remains is determining the priors.

Furthermore I have a presentation on camera identification on social networks and one on biometric comparison of hands. It appears the session of the section Digital and Multimedia Sciences is well attended, and with the papers on social networks, there was very much interest.

I also finalized my term of 3 years as a director of the Digital and Multimedia Sciences section, which was an honor for me to do.

Guest Post by Sara Dawkins

Aspects of Forensic Science on Social Networks

Since the inception of the Internet, people have used it for a variety of purposes. As social networking
developed, many have flocked to these sites to share their opinions and beliefs. Since the late 2000s,
some of these social networking people have gone so far as to post his or her crimes as they commit
them. Could this be a form of bragging rights to friends, or a desperate plea for help?

However, not all criminals are so blunt. Most of them unwittingly leave breadcrumbs for law
enforcement to follow to facilitate a capture. As millions of people take to social networking sites on a
regular basis, forensic science has been made to adapt. What you post on your profile could lead to
future activities and you may become a suspect.

1. Posting Comments - Commenting on someone's video or Facebook wall is a common practice for
many of us. However, if you're posts are frequently of a specific nature, forensic psychologists could
plot a criminal activity. When you are on the Internet, the lack of physical contact gives you the sense
that you are safe from repercussions of your actions and you feel more comfortable by writing exactly
what you think. In today's world, that frame of mind is farther from the truth. Your activity and
comments could lead law enforcement right to you if you've committed a crime and are social-network-
active.

2. Videos - One of the easiest methods of getting yourself caught is posting the activity on sites such as
YouTube. This has got to be one of the most asinine ways of exposing yourself possible. People
constantly make the news as being arrested for something that had uploaded to this active social site.
YouTube is a way to entertain, not create a historical database of your crimes.

3. Networking Activity - Comments and videos can be a fruitful method of gathering evidence for
digital forensic teams. However, the amount of activity on social networking could also be beneficial.
Websites, files, and more can open a great deal of information about a person on his or her computer.

For instance: if there was a local bombing and your computer was full of websites relating to
explosives and detonation devices, you could be in trouble. Although, it takes more than just visiting a
few websites in order to be solid evidence. That's when the forensic team starts looking into your
emails and social networking posts to see if there is any correlation.

What gets posted onto the Internet, stays on the Internet. Even items you think you've deleted can still
have a way of coming back to haunt you. Every second, website content is being indexed, saved, and
backed-up on various servers. If you don't want something to come back and bite you, don't post it.
The best advice to take from this is to never post anything that could incriminate you.

Author Bio

Sara is an active nanny as well as an active freelance writer. She is a frequent contributor of http://
www.nannypro.com. Learn more about her http://www.nannypro.com/blog/sara-dawkins/.

January 2013

1. The start of the new year is always excellent, since we have time to plan and look to unfinished tasks if they are necessary. As always, many new challenges to solve, and in February the American Academy of Forensic Sciences has it conference in Washington DC, where I am looking forward to meet the colleagues. Currently also finalizing the work on workshop 17 'Image Analysis — 3D Imaging and Virtopsies:  Developments, Methods, and Reasoning About Images'.
2. Teamwork remains important, where we have multidisciplinary teams that become more creative in finding new solutions. Currently working on implementing new methods how to improve this in R&D projects. There are also many new challenges, and of course budget constraints is one of them.
3. We see that the CSI effect at universities appears to work for getting people interested in forensic science and that they are aware of the real issues.
4. The opening of the European Cybercrime Center at Europol om 1 January 2013 is an important event for the fight against cybercrime.