Presentations
Download PDF versions of previous talks presented at Forensic Summits and events.
April 2022
How Do You Know It Works As Intended?
Why you should validate your tools, when to validate and how to validate, with a walked example and comparison of some common file carving tools.
​
PDF file hash (SHA1):
4cc7a5b462265e2948ddbf73ebc498300a8212ab
May 2021
Pining for Data - PinePhone forensic analysis
The PinePhone is one of the first true Linux-based smartphone projects that has released mobile devices, available to the general public, with a smartphone-specific variant of Linux pre-flashed onto the device. These devices can be used out of the box, or can be re-flashed with other Linux variants. Available devices are still very much in the development phase, which brings the added fun of the occasional device or application crash, and some hardware not being supported at all by some Linux variants. However, there is the prospect of such devices becoming more common in the future, and it's fun to see what data may be stored on a device, where, and how we can acquire it, to work out how it may be useful to a digital forensic investigation if one of these devices was seized.
​
PDF File Hash (SHA1):
65047b8f4d0c360f3cc8ec7d8194f98acc7c07df
Feb 2019
The Importance of Validation
We rely on many tools to do our day jobs and tell us what's going on in our systems and networks, but are they giving us the right information and how would we know whether they were or not? Validation of tools is often one of those tasks that ends up being forgotten or omitted due to lack of time or resources. Is it really important? Spoiler alert... yes!
​
PDF File Hash (SHA1):
7f6b4b2cf439eb5800b444c470027c2c2dd40c96
Oct 2018
System Profiler - Automating the Routine Stuff
This presentation outlines a number of shortcomings in existing tools used to parse information from a disk, and demonstrates a script that uses a combination of existing tools and manual parsing to automatically produce some routinely required sections of a forensic report.
​
PDF File Hash (SHA1):
e7f99c898382bd24f21fc4df8b842cb6d9d53365