top of page


Download PDF versions of previous talks presented at Forensic Summits and events.

KHedley MUS2022 Presentation on Tool Validation

April 2022

How Do You Know It Works As Intended?

Why you should validate your tools, when to validate and how to validate, with a walked example and comparison of some common file carving tools.

PDF file hash (SHA1):

May 2021

Pining for Data - PinePhone forensic analysis

The PinePhone is one of the first true Linux-based smartphone projects that has released mobile devices, available to the general public, with a smartphone-specific variant of Linux pre-flashed onto the device. These devices can be used out of the box, or can be re-flashed with other Linux variants. Available devices are still very much in the development phase, which brings the added fun of the occasional device or application crash, and some hardware not being supported at all by some Linux variants. However, there is the prospect of such devices becoming more common in the future, and it's fun to see what data may be stored on a device, where, and how we can acquire it, to work out how it may be useful to a digital forensic investigation if one of these devices was seized.

PDF File Hash (SHA1):


PinePhone Research KHedley
Tool Validation KHedley

Feb 2019

The Importance of Validation

We rely on many tools to do our day jobs and tell us what's going on in our systems and networks, but are they giving us the right information and how would we know whether they were or not? Validation of tools is often one of those tasks that ends up being forgotten or omitted due to lack of time or resources. Is it really important? Spoiler alert... yes!

PDF File Hash (SHA1):


Oct 2018

System Profiler - Automating the Routine Stuff

This presentation outlines a number of shortcomings in existing tools used to parse information from a disk, and demonstrates a script that uses a combination of existing tools and manual parsing to automatically produce some routinely required sections of a forensic report.

PDF File Hash (SHA1):


Automating Routine Stuff KHedley
bottom of page