top of page
Podium

Presentations

Download PDF versions of previous talks presented at Forensic Summits and events.

KHedley MUS2022 Presentation on Tool Validation

April 2022

How Do You Know It Works As Intended?

Why you should validate your tools, when to validate and how to validate, with a walked example and comparison of some common file carving tools.

​

PDF file hash (SHA1):
4cc7a5b462265e2948ddbf73ebc498300a8212ab

May 2021

Pining for Data - PinePhone forensic analysis

The PinePhone is one of the first true Linux-based smartphone projects that has released mobile devices, available to the general public, with a smartphone-specific variant of Linux pre-flashed onto the device. These devices can be used out of the box, or can be re-flashed with other Linux variants. Available devices are still very much in the development phase, which brings the added fun of the occasional device or application crash, and some hardware not being supported at all by some Linux variants. However, there is the prospect of such devices becoming more common in the future, and it's fun to see what data may be stored on a device, where, and how we can acquire it, to work out how it may be useful to a digital forensic investigation if one of these devices was seized.

​

PDF File Hash (SHA1):

65047b8f4d0c360f3cc8ec7d8194f98acc7c07df

PinePhone Research KHedley
Tool Validation KHedley

Feb 2019

The Importance of Validation

We rely on many tools to do our day jobs and tell us what's going on in our systems and networks, but are they giving us the right information and how would we know whether they were or not? Validation of tools is often one of those tasks that ends up being forgotten or omitted due to lack of time or resources. Is it really important? Spoiler alert... yes!

​

PDF File Hash (SHA1):

7f6b4b2cf439eb5800b444c470027c2c2dd40c96

Oct 2018

System Profiler - Automating the Routine Stuff

This presentation outlines a number of shortcomings in existing tools used to parse information from a disk, and demonstrates a script that uses a combination of existing tools and manual parsing to automatically produce some routinely required sections of a forensic report.

​

PDF File Hash (SHA1):

e7f99c898382bd24f21fc4df8b842cb6d9d53365

Automating Routine Stuff KHedley
bottom of page