Blogs, blogs & blogs!

Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
SPEAKER_03 (00:16):
Welcome to the Digital Forensics Now podcast.
Today is October 2nd, 2025.
My name is Alexis Brignoni, andI'm accompanied by my co-host,
the New York David Attenborough,the peepee long stocking of

(00:36):
Digital Forensics, the one andonly Heather Charpentier.
Oh my god.
The music is higher up by ShaneEvers and can be found at
silvermansound.com.
Heather.
Yes, David did I pronounce DavidAttenborough right?
Hopefully.

SPEAKER_00 (00:54):
I have no idea.

SPEAKER_03 (00:56):
Oh my goodness.
That's true because you live inthe woods.
See, Sir David Attenborough, hewas a naturalist and he had all
these nature shows when we weregrowing up, and he still has
some to this day.
I think he's doing one now ateither Disney Plus or something
like that about the oceans.
So uh do you know who PippyLongstocking is?
At least you don't know.

SPEAKER_00 (01:14):
I got the Pippy Longstocking reference, and
everybody will understand it ina minute, but I did get the
Pippi Longstocking reference.

SPEAKER_03 (01:21):
You saw you saw the books or just the the show, the
TV show.

SPEAKER_00 (01:24):
The TV show.

SPEAKER_03 (01:24):
Oh, yeah, TV show was the best growing up.

SPEAKER_00 (01:26):
Yeah.

SPEAKER_03 (01:27):
All the youngest listed, like the what?

unknown (01:29):
Yeah.

SPEAKER_00 (01:29):
Oh, definitely.
Half of my office would be like,who?
I've never heard of that.
Yeah.
Never heard of that.
Thank you for the greatintroduction as always.

SPEAKER_03 (01:40):
Absolutely.
I'm happy that you're gonnashare with us all those
references now.

SPEAKER_00 (01:43):
Yeah.
So yeah, so uh what's been goingon?
Uh uh I just got back fromvacation, which is why we
skipped uh a couple weeks thereon the podcast episodes.
I just got back from a vacationto an animal farm, and I've got
some pictures to share witheverybody.

SPEAKER_03 (02:02):
I'm telling you, she seems like she's a naturalist.
She's a naturalist, of course.

SPEAKER_00 (02:06):
So my sister and I took a road trip to Tennessee
last week, and we went to a KoeiRiverside farm.
We stayed in a covered wagon.
It was called the Welcome Wagon.
It was awesome.
And I just have pictures of allof the animals that I have to
show everyone.
So the first guy was the firstuh animal to greet us.

(02:29):
That's Picasso, the llama, andblackjack the blackjack the
donkey, and then Prince Ali, myfavorite animal on the farm.
Uh he's a white baby camel who Iloved.
And then my sister and I got tojust go in and interact with all
of the animals the entire time.
It was so awesome.
We were petting baby highlandcows, feeding them bottles.

(02:53):
You can see uh Fennec fox thatwe were holding in the picture.
We got to hold and bottle feedkangaroos.
Okay, look at it.

SPEAKER_02 (03:01):
I I want I want to uh direct everybody's attention
to Heather's hairdo.

SPEAKER_00 (03:06):
Yeah, so uh Holly gave me some braids on the farm,
and that's the PippiLongstocking reference for
anybody who's too young.

SPEAKER_03 (03:16):
So yeah, and by the way, look at her lifting all
these animals like super strong,like like like her, you know.

SPEAKER_00 (03:21):
So kangaroo.

SPEAKER_03 (03:23):
Yeah, it it it it you know it's amazing your
strength.
It's incredible.

SPEAKER_00 (03:27):
I don't know about that.
But here we were with the camelsand the monkey.
There was a little spider monkeynamed Georgie.
Oh uh, it was awesome.
This trip was so amazing.
Um, and Holly and I wenthorseback riding.
Uh, my horse was named Tripbecause that's what he does, he
trips, so that was fun.

SPEAKER_03 (03:46):
I was hoping it was like a great trip.
No, no, no.
He just he falls over.

SPEAKER_00 (03:51):
And then the sloths.
Uh, so the the way I found thisfarm actually was I wanted to
hold a sloth.
And if anybody doesn't knowsloths, don't really like to be
held.
There's very few places that youcan find where the sloths are
actually trained to like humancontact.
And these sloths were raisedfrom babies to actually want to
have contact with humans.

(04:11):
So we got to hold a baby slothand feed them.
It was so much fun.

SPEAKER_03 (04:16):
Well, I mean, I think that's your spirit animal,
if I'm not mistaken.

unknown (04:19):
Hey, hey, hey, hey!

SPEAKER_03 (04:21):
See, but your first reaction was it is.
Oh, wait, I shouldn't say that.
Let me let me push back now.

SPEAKER_00 (04:26):
I wish I could have a day like a sloth.
And then I ended my littleslideshow with my my favorite
guy, Prince Ali, again, the thewhite baby camel.
He was just so cool.
So um, it was it was an awesomevacation.
And then we we uh actually drovehome and we did the whole 14

(04:47):
hours straight.
My sister drove the whole 14hours.
We didn't stop and spend thenight or anything, and we ended
it in New York State with ahigh-speed chase on the
throughway.
So we weren't in the high speedchase.

SPEAKER_03 (04:58):
Oh, I was gonna say, did the police catch up to you?
Is that uh did you escape?

SPEAKER_00 (05:02):
No, but we had some uh we had some entertainment at
the end of our trip there with ahigh speed chase on the
throughway in New York.

SPEAKER_03 (05:09):
So I don't know if that's entertainment, but it was
something.
But yeah, hopefully everybody ifeverything went fine.

SPEAKER_00 (05:16):
Yeah, I think they got them.

SPEAKER_03 (05:18):
So good, good, good.

SPEAKER_00 (05:19):
Yeah, but the vacation was so amazing and just
too short as vacation always is.

SPEAKER_03 (05:25):
See, see, that's why that's why C wanted to get whole
relief.
So you so it's it's the it's theperson that's being chased, is
the cops chasing them, and thenyou all chasing the cops.

SPEAKER_00 (05:33):
Yeah, yep, yeah.
We got to speed because of it.
No, I'm just kidding.
But yeah, so it was a it was agreat time.
Uh, what were you up to while Iwas gone?

SPEAKER_03 (05:44):
Uh me, uh nothing, nothing, much much of nothing,
especially now for we forresources beyond our my control.

SPEAKER_00 (05:55):
Yeah, we won't get into that, huh?

SPEAKER_03 (05:57):
Well, I mean, I'm doing a lot, but okay, let's
let's not get into that, yes.

SPEAKER_00 (06:00):
Yeah, but no, you were you were doing things while
I was gone because I saw somereally good pictures on your
social media of the dancingyou've been doing.

SPEAKER_03 (06:09):
Oh my shit.
And she takes the one that Ineed a hairbrush, but it's okay.

SPEAKER_00 (06:12):
Uh so I love this picture.
Him and his wife dancing.
It was a great picture.

SPEAKER_03 (06:16):
Yeah, yeah.
She she makes the picture ahundred percent better.
I agree.

SPEAKER_00 (06:19):
Well, she definitely makes the picture a hundred
percent better.
But you were out dancing.

SPEAKER_03 (06:26):
Uh yeah, I I do that on the weekends.
Like uh I try to do it everyweekend.
I mean, you can't do it everyweekend, but I I try.
I and honestly, the the onlything that's keeping my mental
sanity right now is it'sdancing.
I would I would think that maybeexercise, but no, it's although
dancing is kind of a kind ofexercise, but it's it's it's
dancing.
It's just the the fact that youhad to focus on learning, you
know, whatever the moves is andthe music and the interaction

(06:49):
with other human beings outsideof a stressful situation like
the ones that we had to dealwith day to day because of what
we do, right?
It's a good change of pace.
So it's been keeping my sanityuh lately.
So I'll keep doing that.

SPEAKER_00 (07:01):
You do the dance, animals, yeah.

SPEAKER_03 (07:04):
A little bit of sanity that I have, sanity,
yeah.
Keep it.

SPEAKER_00 (07:07):
Awesome.
Well, that's awesome.
So, yeah, sorry it's taken us solong to have episode zero of
season three.
We're on season three, so we'restarting our third year.
This is insane.
I can't even believe it.

SPEAKER_03 (07:19):
Yeah, it's it's it's gone so fast.

SPEAKER_00 (07:22):
Definitely.
So go ahead.

SPEAKER_03 (07:25):
No, I say it goes faster when we have shows for a
full month.

SPEAKER_00 (07:28):
Yeah, that's true.
We did skip a full month.

SPEAKER_03 (07:31):
No, but we're we're back, we're back.

SPEAKER_00 (07:32):
Yeah, definitely.
So I want to take a minute umjust to mention something before
we get started with the topic.
So um, these past couple weeks,uh during the past couple weeks,
we actually um lost uh a friend.
So we want to take a moment tohonor the life um and sacrifice
of Mark Baker.
He was killed in the line ofduty in York, Pennsylvania.

(07:55):
Um, he served as the trainingmanager for IASUS, which uh Alex
and I both volunteer at IASISand and knew Mark very well.
He was an officer, a husband, afather, and a friend.
And his leadership, dedication,and impact on our community will
be remembered.
And his absence is gonnaabsolutely be felt uh by the

(08:17):
IASIS family as well as thedigital forensic community for
for such a long time.
Um, he was a great person, andwe just wanted to take a moment
here quickly to honor him.

SPEAKER_03 (08:28):
Uh absolutely.
And um impossible to to uhreplace him in in on in in
everything.
So um um we'll never forget him.

SPEAKER_00 (08:41):
Yeah, absolutely.
So let's uh let's get into ourtopics.
Um first topic I have fortonight, uh Belka GPT.
If you haven't been followingBelkasoft on LinkedIn or any
other social media, follow them.
They are offering anothercourse.
So um it's entitled EffectiveArtificial Intelligence in DFDR.

(09:07):
And the course is gonna be freeexclusively to Belcasoft
LinkedIn group followers.
So if you don't already followBelcasoft in their group, go to
their page and follow Belcasoftbecause that'll be free if
you're a follower.
If not, the fee for the class is$999, which still isn't bad, but
who doesn't love free?

(09:28):
Right?
Um, once you go register,they'll send you a link to the
course materials in the periodbetween November 3rd through
November 15th.
So don't expect your materialsright right away.
That's not happening tillNovember.
And then once you have yourmaterials, you'll have free
online access to the courseanytime you want until December
15th.

(09:48):
Um, after that period, if youwant to take the course, it'll
still be available for that$999fee.
Uh, you'll get certificates ofcompletion and achievement, and
you'll get um the opportunity toearn six CPE credits.
So we'll have that up in theshow notes at the end.
Uh, the website where you can goregister for that.

(10:09):
And there's actually also onthat website the link to go
follow the LinkedIn group.

SPEAKER_03 (10:14):
Yeah, and even if you don't, if you're not a user
of the tool, it's a goodopportunity to get familiarized
with yourself with another toolset.
There's always something thatyou can learn uh from these
types of events.
And uh I've taken a few of thepast courses uh from Bel Casa,
and they're actually prettygood.
So uh I would say, and look, theCPEs, if you have uh
certifications that requirethat, like ISC2 or some other

(10:37):
that requires CPEs throughoutthe years to be able to keep
your accreditations, thenthere's one way of doing it, and
it's it's just gonna cost yousome time and and you'll do some
learning.
So it's you can't go wrong withthat.

SPEAKER_00 (10:49):
Also, they're incorporating AI into their
tools, and it whether we like itor not, it's a hot topic.
And go try it out, see howtheirs is related to, I don't
know, maybe other tools you'vetried too.
I've heard it's good inBelkasoft, and I can't wait to
try it out.
So I'm gonna try it out and thengive uh Erie my review.

SPEAKER_03 (11:09):
Yeah, I mean, I mean, I I'm a I'm a well I might
say well known in regards to ourfield, critic of the whole AI
thing, but um that doesn't meanthat we just ignore it.
That's that's being a criticdoesn't mean uh the opposite.
Actually, a critic is the one,it's a person that definitely
does not ignore it.
We want to know more about it.
And actually, we would hope thatand no no no not only uh AI, LLM

(11:31):
stuff, but any technology, anynew way of doing things, we have
to be critics and uh first to tomake sure that we get the
tooling or the resources or thesolutions to the level that they
need to be, because we are theones as a community, the the
practitioners, the ones thatknow how the end product should
look.
So uh so yeah, no, uh being acritic isn't I don't believe

(11:51):
it's a bad thing, it's a goodthing.
And look, and and have a have ahave open minds, right?
Um uh again, I'm a critic, butI'm also happy to be wrong.
So uh then the way to you goahead.

SPEAKER_00 (12:02):
I was just gonna say I registered for it today and
I'm excited to to check it out.

SPEAKER_03 (12:06):
No, and and the way that you're saying the way to
actually be able to know is todo.
So let's do it.

SPEAKER_00 (12:12):
Absolutely.
I don't have this on our list oftopics, but I just saw on
LinkedIn, um, I saw from CCLSolutions that rabbit hole
version three is gonna bereleased, and they're actually
going to do an announc, a bigannouncement about version three
sometime next week.
So if you're not following CCLSolutions on social media,

(12:33):
follow them because I think thisis gonna be a big release, and
they're gonna talk about it.

SPEAKER_03 (12:38):
So no, yeah, and and if you're not familiar, uh
you're maybe like a you know oneof the newer new to our podcast.
Uh Rabbit Hole is a great tool.
This company in the UK they putout, and it allows you to look
at pretty much any data source.
When I say data source, I meandata structures like uh um level

(12:59):
DBs, um, what's the what's theother one that uh the
protobuffs, which are prettyhard, kind of hard to deal with.
Um XML, segB files.
Oh yeah.
So it supports all of those, andit's pretty cool because then as
you look at your source data andyou find the path where the data
is, and then you go and youparse it with the tool to get
what you need, you can save thatwork that you did, and then

(13:21):
reapply it in the future toother similar uh data
extractions, right?
Kind of saving your work.
So it's a great tool.
Um, we use it, and correct me ifI'm wrong, but I think we both
use it mostly to do a lot of ourresearch to be able to figure
out what things mean, whatthings are.

SPEAKER_01 (13:36):
Absolutely.

SPEAKER_03 (13:38):
So uh it's a it's a worth tool to use.
We use it in our class as well,the in the advanced mobile
device forensics that we teachfor our ACES.
So yeah, keep your eye out.
And even again, even if youdon't have it, it's good to know
what's out there, what are thecapabilities of the tooling.

SPEAKER_00 (13:52):
And if you don't have it, they do offer a 30-day
free trial.
So give it give it a minute forthe new version to come out and
go try the new version with thetrial.
You're gonna want it if you trythe if you try the trial for
sure.

SPEAKER_03 (14:03):
No, and and for sure people need to understand that
we don't get paid anything topromote nothing.

SPEAKER_01 (14:07):
Right.

SPEAKER_03 (14:08):
So so we just you're just talking about our
experience of using tools andand and and the like.
But yeah, we don't we don't getsponsored by nobody.
So I gotta make that clear.

SPEAKER_00 (14:18):
Um, I want to point out some uh recent blogs that
have come out.
So uh Debbie Gardner fromHexordia actually recently wrote
a blog called Training FirstRespect Responders in Digital
Evidence Handling, How toProtect Your Department from
Case Destroying Mistakes.
Um great article.
It stresses that digitalevidence is now present at

(14:40):
nearly every crime scene andthat first responders often risk
destroying it if if they justdon't follow these simple tasks
that need to be done inpreserving evidence.
Um it's a great blog.
I'll put the link up foreverybody in the show notes
afterwards, but a great blogabout how to kind of mitigate

(15:01):
some of those issues you may runinto when pr uh handling and
preserving data.

SPEAKER_03 (15:07):
Actually, I'm gonna freestyle here because I had a
meme about it.
Here it is.
Oh let me see if I can uh I canshow it here on the screen
without messing this up.
So not too long ago, and andit's it's so great that when
things kind of converge likethat, I had a uh let me see
which screen do I want to share.

(15:28):
Um one second here, everybody.
See, that's that's what happenswhen you try to freestyle
things.
But I will share it though,because I'm not gonna quit.
I'm not a quitter.

SPEAKER_00 (15:39):
You're like me when I'm trying to share the screen,
except I have all my stuffready.

SPEAKER_03 (15:44):
Oh, that that is true.
That is true.
But what I'm gonna do is I'mgonna quickly, with my fantastic
uh Mac computer, snip it andthen show the screen.

SPEAKER_00 (15:53):
There you go.
That'll work.
That'll work.

SPEAKER_03 (15:55):
So yeah, so on on this meme, I'm gonna go back
here to just share it.
On this meme, I like it becauseit's a picture of a guy sitting
in a chair, and I'll show you ina second as I'm I'll be
describing as I'm looking forit.
Uh the guy is sitting in achair, and of course, if I open
the picture, I could actuallyshare it.
And there's another guy that'skind of standing, kind of uh

(16:17):
looking at him.
Where's my screenshot?
Where did it go?
Uh see, I hate, I hate, I hatemyself now.
That's alright.

SPEAKER_00 (16:25):
That's alright.

SPEAKER_03 (16:26):
No, no, well, well, I'll get it.
I'll get it, people.
Bear with me, wear with me.
Bear with me, it'll be half asec, it'll be a second now.
Where do you go?
There we go, here it is.
All right, so the guy is sittingin a chair, right?
And and I'm now gonna share itso we can actually see it.
Goes here, goes here, goes here,and goes here, and allow, and

(16:48):
here it is.
Okay, so so there's there's sopeople are listening.
So there's this guy in thischair, and it says digital
device.
That the guy in the chest is thedigital device, and it's another
guy that just took a shot atthis guy, so he killed killed
the dude in the chair, and itand the guy that's making that
shooting, uh, the the captionsays, fingers the screen, alters

(17:09):
data, makes no effort topreserve access, right?
So literally killed that digitalevidence, and then that guy
turns around and says, Why isthe digital forensics lab so
useless?

SPEAKER_00 (17:19):
Oh, that's great, that's perfect for this topic.

SPEAKER_03 (17:23):
And the comment that I made is like, again, this is
look, any similarity to actualevents is pure coincidence.
But my my comment was devicegets wiped before getting to the
lab, but after it's seized,right?
Yeah, and uh again, this is thisis me uh, like I said, it has no
relation with realitynecessarily, but it could
happen, right?

(17:43):
Devices can get wiped.
Are you doing the properisolation of that device at
seizure time?
And that's up to the firstresponders.
Uh I mean, look, if you have uhan examiner with you, hey,
that's great.
But I would say, you correct meif I'm wrong, but at least nine
times out of ten, you're notgonna have an examiner with you
right at at seizure time or afirst response time, right?

(18:06):
So articles like this one fromExordia are so important, and
I'm I'm so happy that that we'rehaving those.

SPEAKER_00 (18:12):
Yeah, it it definitely just puts across the
point that early handling ofevidence can make or break your
case.

SPEAKER_03 (18:18):
So yes, absolutely.

SPEAKER_00 (18:21):
Um, let's see, another new blog, and this one's
new, new.
I saw it today on LinkedIn.
It's called the Pact Byte, andit was a LinkedIn post by Mike
Zito.
And the Pact Byte, according tothe website, is a place for
forensicators to publishresearch, information, and
topics for the betterment of thedigital forensic community.
And the platform is gearedtowards those who don't have the

(18:44):
time, energy, or resources tolike make their own blog.
So we've talked on the podcastnumerous times about how you can
give back to the forensiccommunity.
And it's like, make sure youshare your research.
You can create your own blog.
Well, if you don't want tocreate your own blog, this is
gives you another option.
You can just post your researchto this blog.
There's um on the website,there's a join button, you can

(19:06):
join it, and then there's um uhemail address to request access
to post your own blogs.
And Kevin Pagano messaged todaywhen I said, Oh, I'm gonna throw
this out on the podcast tonight,and he's gonna put it on the
start me page too, the forensicstart me page.

SPEAKER_03 (19:24):
Fantastic.
Yeah, the the more the more umvenues we have to share
information, uh, absolutely thebetter.

SPEAKER_00 (19:30):
Yeah, absolutely.
This looked really cool.
There's already a few articlesup on it, too.
So go check out.
I think there's like six orseven articles already up there
for for our viewing pleasure.

SPEAKER_02 (19:40):
There we go.

SPEAKER_00 (19:42):
All right, more blogs.
We found a lot of blogs, butwe've also been off for a month,
so people have been doing abunch of work.

SPEAKER_03 (19:48):
It's the blog episode to start the year.

SPEAKER_00 (19:51):
So I entitled this one Two New Blogs from Matia
because Mattia uh did two newblogs related to exploring data
extractions um from Androids andiOS.
One of the blogs is aboutAndroids, one is about iOS, and
it's what data you can accessand how.
So the Android um blog explainshow data can be extracted from

(20:13):
Android devices and digitalforensics.
It highlights that accessdepends on two factors, the
device state, right?
Is it unlocked or or locked?
And then um whether or not youknow the code.
Um, and then it talks aboutAndroid's file-based encryption
and how how pretty much how weget into these devices that are
encrypted and the differenttypes of encryption related to

(20:36):
Android.
Um, and then differentacquisition methods related to
Android.
Um the key takeaway from thisblog would be that no single
method works on all cases, andthat investigators have to
choose based on the situationthat they have with their with
their phone.
The iOS blog, uh similar, talksabout all of the same topics,

(20:58):
but with iOS, the differencebetween full file system and um
advanced techniques to providevarying levels of access.
The main takeaway is that theavailable evidence depends on
the encryption class, the devicestate, and the chosen method.
So investigators must adapttheir approach to each case.

SPEAKER_03 (21:15):
Well, I mean, I mean, this is really
foundational stuff.
And I'm happy that Mattia, andas you know, Mattia, Mattia
Epifani, he's from Italy, uhreally well-known examiner.
I actually had the pleasure ofmeeting him uh this year, the
beginning of the year, in theNetherlands for one of the
conferences there.
And uh this is foundationalstuff that you need to know,

(21:37):
right?
Most examiner you tell them,well, uh, what's the difference
between an AFU and a BFU?
And they'll tell you, well, youget less on the BFU.
What does that even mean?
Less less of what?
And of and how much less of likewhat does that mean, right?
Right.
And and something as like likelike he's explaining in the
blog, right?
Between um uh credential andcrypto storage and not, right?

(21:58):
It's the difference that, forexample, between if your phone
rings and you haven't logged infor and into it after you turn
it on, well, it will ring, butthe screen won't tell you who's
calling, versus yeah, I loggedin once, it's locked, and now it
rings, it will tell me who isactually calling.
The name is gonna show up.
But why is that, right?
Well, their phones are intodifferent states, right?

(22:19):
One is before you logged in, andthe other ones after you logged
in.
And different of these encryptedstorage spaces have different
levels of permission and accessto data depending on what the
state of that phone is.
These are things we need tounderstand.
Why?
Because they will inform how weprocess and deal with phones in
those states.
And not only that, when it'stime for you to explain this

(22:41):
stuff at court, if you're in thecriminal sector, or you have to
explain something in regards touser intent in a uh civil civil
procedure, then you actuallyknow what you're talking about.
But just just saying, well, it'smore and the other one has less,
uh, that doesn't really tell usmuch of anything.
So please, if you you it soundslike, oh, I I know what a

(23:03):
logical extraction is, I knowwhat AFU and BFU stand for.
I mean, do we?
Do we really know?
Do we really understand?
Blogs like this are soimportant, and and and Mate is
such a great uh uh writer andand author, and and and like you
know, his English is perfect,even though my assumption is
that his first language isItalian the same way that mine
is Spanish, but he's great.

(23:24):
So uh it'll be really good foreverybody to follow him and and
check those those uh posts out.

SPEAKER_00 (23:29):
Yeah, so uh they're so incredibly valuable too.
So I I'm just gonna bring up alistserv post I saw this week or
last week.
Someone was raising uh what hada question because uh there was
a courtroom challenge to one oftheir cases, and it was related
to the type of extraction theyperformed on the device.
They did an AFU extraction, itsounds like, because they didn't
have the PIN code to the deviceto get the full file system.

(23:51):
And whoever the opposing counselwas was raising the issue that
instead of doing an AFUextraction, you should have done
a selective logical extractionwith celebrate.
I don't even know what aselective logical extraction
means.
I'm guessing they were meaninglike a selective app extraction,
but if they meant logicalextraction, you're not doing
that if you don't have the pincode anyway.

(24:12):
So it is a bit confusing.
But these types of blogs uh theyjust could help in a situation
like that, right?
So Matias is explaining whattypes of extractions you need,
what you get with thoseextractions, and these types of
blogs could help in a case whereyou're being challenged on what
type of extraction you performedand being able to answer those

(24:34):
questions in court.

SPEAKER_03 (24:35):
Well, me, even in that example, again, we don't
know what that means, thatselective app.
No, I know what it means.
But let's assume it means, well,do you get the data directory
for the app, right?
That's better than getting anAFU.
Well, is it really, right?
Yeah, because there's a lot ofdata that relates to the app
outside of the directory wherethe app is.
For example, network usage.
Has the app being used?
Not only has it been used, buthow many bits and bytes were

(24:57):
coming out in and out of it ofthe app?
And it was it through Wi-Fi?
Was it through a LAN connection?
Uh was it through these celltowers?
Like all that type ofinformation doesn't live where
the app is, it lives outside inanother place that's managed by
the operating system.
Do I want access to that?
Do I want access to the biomedirectories that tells me about
install states when the thingwas installed on installed uh or

(25:20):
mobile installation logs?
None of that lives with the app,lives outside of the app
directories.
So you can't tell me that aselective, assuming that's what
it means, is superior.
Because what?
What are we talking about here?
And again, knowing what you'retalking about here will then
illuminate people to make thedecision and figure out what
actually the correct course was,which in this case would be the

(25:41):
course you took as an expert,right?

SPEAKER_00 (25:42):
Absolutely, absolutely.
And I actually have an exampleof that as well.
So recently I was doing a littlebit of research into um the
Google Pixels new function whereyou can take call notes, and
well, we're gonna talk aboutthat later because in the leap
section, but call notesessentially you can record the
call, and then the device isusing AI to transcribe that
phone call.

(26:03):
Um, I wanted to do some testingon it, but I wanted to do it
with my own personal phone, so Idon't want a full file system
extraction of my own personalphone.
So I use the selection selectiveapp um option and just pulled
the call logs.
Well, guess what?
The call notes data is not inthere, it doesn't pull that.
So I I don't even understand theselective application

(26:24):
extractions anyway, becauseyou're gonna miss so much.
But there's an example rightthere where you actually do miss
part of the actual call.

SPEAKER_03 (26:32):
Well, I you make a great point in regard to
testing.
If you use this whateverfeature, not a selective app,
but whatever feature it is, andyou test it out, you know what
you can get, what you don'tdon't get.
And there might be situations.
So let's say, for example, likeyour example, maybe the I need
only the call logs, and we weget those based on your testing.
Now, I won't get thetranscripts, but I do get the

(26:53):
call logs, then I'm okay becausethat's only what I need, right?
But if you don't understand whatyou can get or not get, same
thing with understanding whatAFU, BFU, and the different
states are of the phone, thenthen you won't be able to make
the best decision also for theamount of time.
At least in law enforcement, andbased on our experience, we have
more time to actually try tograb as much as we can.
But in certain other uhscenarios, especially in

(27:15):
civilian work or or you know,work like that that's not
criminal, right?
Um, that maybe the client ispaying by the minute.
I don't know.
They might want to minimize thatcost and really get to whatever
you need to get.
Again, like like we'll showlater.
It it all depends.

SPEAKER_00 (27:32):
Yeah.
There's there's a good articleon SWIG DE as well, um, entitled
Considerations for RequiredMinimization of Digital Um
Evidence Seizure.
Anybody that's being questionedon the type of extraction that
they did, I would push them togo read that document that's
been recently published by SWIGDE as well.
And I'll put a link, I'll put alink to it.

(27:53):
Yeah.
So this one's all you.

SPEAKER_03 (27:58):
Yeah, so so let's start with a meme that was
pretty popular um uh this uhthis week.
So it says, Mon, mom, can wehave and there's a little gray
key symbol and the old celebritepremium symbol because it's not
called premium per se now.
Now it's in inside insightsinsights premium?
I don't even know.
All right.

(28:18):
So can we have that?
And the mom says, No, there isthe same logos, right?
The great key and premium athome.
When you get at home, what youhave is iTunes backup and IDB,
right?
And if you've done extractions,you know the feeling, right?
Um, you you can only get so muchfrom tools that uh either come
with the devices or open in theenvironment.
Uh, there are some tooling thatwill require you to do a certain

(28:41):
investment of money and time.
Money because they cost thelicensing costs and time for you
to understand how to use themproperly and get to what you
need, right?
And that made me think a littlebit about cost.
Uh, these types of technologies,there's a lot of uh a lot of uh
RD research and development thatgoes into them, and they do cost
money.
But I think everybody can agreethat our budgets are getting

(29:05):
shorter and and shorter.
Um and that's uh that means thatthe power that we have to
acquire some of these tools isbeing diminished because the
tools are not getting anycheaper.
And you know, we can have adiscussion in regards to well,
is it is it fair that this therethey're being cost or priced at
at those levels, and uh that's apretty hard conversation, right?

(29:27):
Um, because as users orcustomers, we don't have the
view from the other side of thevendor or how they justify it,
right?
Right.
Um, so what can we do about it?
And I was thinking about well ifwe have to shift resources
around, my thought process onthat is well, there's some tools
that we cannot avoid having,right?

(29:50):
Especially specifically theextraction tools.
And I've been saying this foryears.
I think the companies that willreally continue to grow market
share are the ones that arereally focusing their resources.
Into lawful access.
Okay.
Lawful access means that we'reable to get into the devices to
extract the data that's relevantto the cases in a way that's
lawful through a court orderfrom a search warrant from the

(30:12):
judge or through properlyobtained consent of the owner of
that device.
Lawful consent.
And if we're or lawful means,right?
Lawful extractions.
Companies that do that willcontinue to grow market share.
Those are things that we'll needto buy, and those are a tooling
that cannot be in the openbecause the moment they are,
then we lose that access.
But let's say we save our beansor money to get those tools.

(30:36):
Then how do we save money?
We have to be cutting short onsome other parts.
So one of the parts that wemight be cutting short is on the
analysis portion.
And that's where you come in asan examiner.
Um, you might not be able to buy20 license licenses to process
your extraction, but there'ssome things you can do as an
examiner, right?
There's options, open sourceoptions like um for computers,

(31:00):
uh, autopsy, and autopsy frombasic technologies, used to uh
sleuthkit basis technologies,it's not uh maintained as often
as it used to be, but it's stilla pretty solid uh solution to
look at Windows systems.
There are uh open source uhframeworks like the Leaps, that
the ones that I started, and nowthe community has taken over.

(31:20):
Well, we'll help you with someof that parsing.
There's tools that are maybelower priced, maybe either still
paid but lower priced, like therabbit holes of the world,
right?
Where you can use also use tostart and do that analysis.
So you might be able to maybesave some money on the analysis
portion so you can save yourmoney for the extraction piece.
That's the kind of thegroundwork, the basis that you

(31:43):
have to have.
Um, but that requires then foryou to kind of upkeep and grow
in your understanding of of thetechnologies and of how to do
the analysis.
Because um, there is no freelunch, right?
People think, well, if I go opensource, then you know it's and
I'll get there, Christian.
I was gonna mention that.
Um you can uh say what's a freelunch.

(32:06):
Well, it's open source.
I'm saving all this money ontooling.
Well, no, now that money will gointo training people, right?
Um, there will be a cost, ahuman cost.
Whenever you take the cost outof the tooling and try to save
that cost, then you have toinvest in some way in the
person.
Um, and sometimes that meansthat you have to invest in
yourself, right?
Um, there's uh other tools likelike Christian's iPad to get uh

(32:30):
data.
It also works for Windows.
So by the way, I did not know itworked for Windows data, but it
does.

SPEAKER_00 (32:36):
I maybe which one's iPad.

SPEAKER_03 (32:39):
Uh let me see if I can give you the link real
quick.

SPEAKER_00 (32:41):
Oh, that's that's all right.
Keep talking, I'll look it up.

SPEAKER_03 (32:44):
Yeah, yeah, look it up.

SPEAKER_00 (32:45):
Yeah.

SPEAKER_03 (32:45):
Because we we we'll talk about it in the show, but
again, we talk about so manytools in the show.
Um, and and and same with withother toolings, right?
Um for uh doing logicalextraction even of devices,
right?
There are many tools out there,open source, but at the end of
the day, when resources areshort, the mission doesn't stop

(33:06):
because you have less resources.
Well, you know, they cut mybudget.
I guess I'm not solving thecase.
No, we we expect you to do thejob, right?
And even if it means you knowusing uh your hex editor,
whatever, what whatever ittakes, you you need to do that,
right?
Um, so in in in we're cominginto an era, at least on
budget-wise, for most agencies,again, I'm talking about law

(33:28):
enforcement, where our budgetsmight be uh short, then we
should start thinking ofexpanding our view in regards to
how we analyze our data.
How can we take some of thatwork and offload it from a tool,
but it's a paid tool, and figureout if there's open source, free
tools, and your ownunderstanding of how forensics

(33:49):
works to kind of carry you overthis this period.
I don't know if that makes senseto you, Heather.
What do you think?

SPEAKER_00 (33:54):
Yeah, it absolutely does make sense to me.
Um, I think uh we're never gonnabe able to do the extraction
ourselves, uh the the type ofextraction, the full file system
extraction.
At least I I can't.
I don't know if you can, Ican't.
Um, so we need the tools forthat.
But you're right, there's plentyof other tools that we can use
for analysis that could helpwith those budget issues.

SPEAKER_03 (34:17):
Look, if I could get full file system extraction uh
instructions, I will have my owncompany and I will be marketing
it and order undercutting somepeople.
Absolutely, absolutely, but butthat's not happening.
No, but even like something assimple as I say simple, it's not
simple, but knowing how to sayuh you have a bit locker drive,

(34:37):
well, I mean you might need tobrute force it, for example.
Well, how do you do that?
Do you have a tool to do that?

SPEAKER_01 (34:42):
Right, right, exactly.

SPEAKER_03 (34:44):
Or or do you have ways of going around certain
encryptions or certainextractions?
There will always be sometooling that's needed for that,
and that's gonna be prettypricey.
Yeah, but we then then that Iguess my suggestion is on the
analysis section, grow more inyour own understanding, use open
source tools, and and also tryto contribute to the to the uh

(35:04):
community.
If if you know how to do code alittle bit, make uh an artifact
for the leaps or make anartifact from autopsy because
autopsy also accepts you know,you can do artifacts with it and
pull stuff out for analysis, um,or even make your own tool.
If people are making their owntools also all the time and
share with the community, andand uh because at the end of the
day, we want to accomplish themission, right?

(35:26):
And and having a budget beshort, the mission still
remains, and we need to try tostep up to that no matter what
circumstances we're in.

SPEAKER_00 (35:35):
Yeah, absolutely.
Um, it was today that I learnedwhat iPad is, by the way.
Um, so iPad is on GitHub, it's adigital forensic tool, open
source, and can be used toprocess and analyze digital
evidence, often seized at crimescenes by law enforcement, it
says, or in a corporateinvestigation by private
examiners.
Um, I've actually never heard ofthat, Christian, so thank you.

(35:57):
Um first timer here for thatone.
He's uh Christian wrote back andsaid it's a bit like op autopsy.

SPEAKER_03 (36:04):
Yeah, no, and it actually looks it look it looks
great.
I actually I confused it withanother tool we talked about, so
no, we haven't talked about thisone yet.
Yeah, no, yeah, but no,actually, actually it looks
pretty legit.
So that's something wedefinitely need to check out.

SPEAKER_00 (36:16):
Yep, definitely.
Um so speaking of open sourceand low-cost options, though,
uh, I have a little sneak peekthat Christian Peter actually
sent to me.
Let me pull it up here.
So we are going to have a newtool soon.
It is not available yet, but Ihave a little sneak peek for

(36:39):
everybody.

SPEAKER_03 (36:40):
And and and and and and I I want I want to thanks, I
want to thank Christian fornaming this tool in my honor.
Uh obviously everybody knowsthat it's because of me that
this tool exists.
So thank you, Christian, forcalling it.

SPEAKER_00 (36:52):
Christian, if you're listening to me, I know you are.
You have to change the name ofthis tool.
So the name the name of the toolis Android Logical Extractor.
And for short, it will be Alex,which we have to change it.

SPEAKER_03 (37:04):
And since it's gonna be such a great tool, and it is
a great tool.
It's gonna be called Alex Is,you know.
So I think that's gonna be themost proper name we can give to
it because it is really good.

SPEAKER_00 (37:15):
So we have to brainstorm a little more about
this name, please.

SPEAKER_03 (37:19):
No, we don't.

SPEAKER_00 (37:21):
But um, so uh Christian actually sent me some
screenshots to share witheverybody.
But Android logical extractor,it looks a lot like you fade.

SPEAKER_03 (37:31):
So I I love that it's green to make it really
obvious it's Android, you know?

SPEAKER_00 (37:35):
Yep, yep.
Uh I rolls hard, Kevin says.

SPEAKER_03 (37:38):
Uh the the the envious uh jealous haters always
showing up.
I'm sorry, but that there's no Ain Kevin for Android.
Sorry, Kevin.
You know, you don't have a namethat kind of flows like that.

SPEAKER_00 (37:51):
Sorry.
So in the screenshots, I'm stillI'm showing the uh early stages
of the interface for Androidlogical extractor Alex.
Um, you can see on the left-handside we have the information
about the Android device thatChristian had connected.
Um, there's reporting options,acquisition options, logging
options, and then advancedoptions.

(38:13):
Um there's uh sys dump, there'suh logcat dump.
Let's see what else we have.
He sent me some screenshots.
So the uh tool will have thecapability to take screenshots.
So there's a little example ofthat there on oh I love that.

SPEAKER_02 (38:29):
That's great.

SPEAKER_00 (38:29):
Yeah, it's cool.
Um, it has a chat capturefunction, which is awesome, um,
where you can actually capturethe chat in the state that
you're seeing it on the device.

SPEAKER_03 (38:40):
And and that's so important for apps that you
can't really pull out, then youcan take your you find the chat
that you care about and then youjust go taking those screenshots
down.
That's perfect, that's perfect.

SPEAKER_00 (38:50):
Yeah.
Yeah, it's it's like a it's adifferent view when you can
actually say here's what itlooks like exactly on the device
versus like a uh just a CSV ofchat messages.
Gives gives more uh I guess abetter look for courtroom
presentation.
Um there's the options here tosave the device info out and
create a PDF, a printable PDFreport.

(39:12):
And then he sent me a nicescreenshot of the tool actually
performing a data extraction.
So I cannot wait till it'sreleased and we can actually do
a demo and I can play aroundwith it, which hopefully when is
that?

SPEAKER_01 (39:27):
Yeah, right.

SPEAKER_00 (39:27):
I don't know yet, but it's in its early stages.
He did tell me today, too, um,that there will be um there will
be a UFED style backup alsoplanned.
So yay.

SPEAKER_03 (39:41):
Yeah, I I I I I love how he says in German, das
selbing grun.
I know I said it right, butsomething but in green, I love
it.
And obviously, um Kevin thinksit's his favorite tool.
He hasn't used it yet, used ityet.

SPEAKER_00 (39:54):
I have to agree.
I'm like really, really excitedto use it, so I can't wait for
that very first release.

SPEAKER_03 (40:00):
No, absolutely, and that speaks to the point of
there's a lot of things comingout in the open source
community.
Uh, this is free, but the thequality of the work and the
outputs are are great level,they're they're fantastic.
So to open your mind, not notagain.
If your budgets are being cut,you need to make sure you

(40:21):
understand where to allocate theresources where you need, and
then open your mind to othertechnologies, open source
projects, community projectsthat will assist you in in
accomplishing the mission withwhatever resources you're able
to have.
So something that we need tostart wrapping our heads around.

SPEAKER_00 (40:36):
Yep, absolutely.
So let's see here.
Um, so I created a little thing,but I didn't create it.
Um, I had a request um for agallery view of images and
videos for a casework.
And um, so you know, if you kickout a tool report, you have all

(40:56):
of your images and videos, butthey're there with all of the
information that goes along withthem.
Well, a request was made.
I just want to see a galleryview of the images and videos.
And so I created, and I say Icreated because I did use AI.
Don't kill me.
I see your face.

SPEAKER_03 (41:12):
Uh you prompted it, uh but you did nothing.
Okay.

SPEAKER_00 (41:16):
I know, I know.
I'm gonna fully admit to that injust a moment.
Um, so I used AI in conjunctionwith a little bit of stuff that
I fixed, by the way, uh, tocreate uh what I'm calling
gallery builder.
And I just kind of wanted toshow you guys that, and then I'm
gonna talk about some of theissues with what I did.
But I have it up on my GitHub.
If anybody wants to use it, goahead.

(41:36):
But if you're requesting anychanges or updates, I may not
know how to do that.
So like it as it is, please.
Um, but I do want to share, Ijust want to share what it looks
like and what the output lookslike.
And anybody's welcome to use it.
I'm using it for um that thatnice gallery view for for
presenting.
So let me pull it up here.

(41:58):
There we go.
So this is what it looks like,and it's very easy and
straightforward.
The photos, if you want to putphotos in a gallery view, you
hit browse.
You browse to the folder whereall of the photos are.
I will say they have to haveextensions.
So if your tool of choiceoutputs those images um or
videos with no extension, youneed to include an extension on

(42:19):
the file.
Um, you can name the page title,you can then name your output
report.
It's gonna output into HTML.

SPEAKER_03 (42:28):
Or or you could check the mime uh or headers or
for the H media and then findout what picture, what type of
it is, but like I said, uh easy.
I'm just I'm just hating on you.
I'm just hating on you.

SPEAKER_00 (42:42):
Yes.
So um, and then you just clickbuild photo gallery and it kicks
off your photo gallery.
I have another tab where you canuse it for videos.
The reason it's separate is umit's using ffmpeg to create
posters to have the videos shownin the HTML, and I'll show you
that in a second.
Um, and then one of my coworkersis like, oh, I like it, but I
want my images and videos mixed.
So I did one for a mixed umassortment of images and videos

(43:06):
as well, so that you can viewthose all in an HTML file.
So I'm going to pop up reallyquick just what the um what the
output looks like.
So let me just open that.
All right, and share my screento the entire screen.

(43:28):
There we go.
So I have my pictures here frommy trip that I used for it.
Um and they're all in just alittle gallery view.
If you click on the picture, itcomes out in a new tab to a a
full screen, a larger picture.
And you can do that with any ofthe images.
And then if you were to do thevideos.

SPEAKER_03 (43:51):
I will say it looks pretty cool.
So I love it.

SPEAKER_00 (43:54):
I love it.

SPEAKER_03 (43:54):
Yeah, I I I I I I can't I can't hate how it looks
because it's actually prettystraightforward.
Actually, it looks pretty nice.

SPEAKER_00 (44:01):
So with the videos, you can either play the video
right here in the um in the getthe gallery view, or you can hit
um oh, it's playing the sound.
Or you can open it up into here,I'll open this one, into a new
tab, and that comes out fullscreen.
Can you hear the music?

SPEAKER_03 (44:21):
No, I can't.
Oh, okay.

SPEAKER_00 (44:22):
I hear the music in my ears, so so and it it'll play
those videos open in a new tabfor you.
Um I I know it's not perfect.
Uh I know that a lot of my codeis flawed.
I know that there's a lot ofrepetitive repetitive garbage in
it because I was told that fromsomebody else who knows how to
code.
And it was not Alexis, by theway.

(44:44):
It was another person that knowshow to code.
They're like, I don't even knowwhy you have this in there.
It's so repetitive, but itworks.
So if anybody would like to usethat, go ahead.
Keep in mind, I'm not so surethat I can make changes to at
this point, but I am making itmy job to go through every line
of code and know what it meanseventually.
Uh, know why it's there, know ifit's necessary.

(45:05):
I'll take out things as I gothat aren't necessary.
But that kind of rolls into ournext topic.
So there's been like a bunch ofbuzz around the words vibe
coding.
I didn't even know what itmeant.
Jessica Hyde said it to me andshe was like, oh, vibe coding.
And I'm like, I have no ideawhat you mean.
So I I Googled it.
And I mean, that's kind of whatI did.

(45:27):
I used AI to do my coding forme.
But there are issues with that,and specifically issues with me
doing it in the tool that Ibuilt.
Um, I don't know what it means.
I need that basic foundationalknowledge of coding before I can
use the AI to code at leasttrustworthy and know what I'm

(45:49):
doing, right?
Um relying on the AI to generatethe code, it's just not the
right way to do it.
We're gonna run into problemseventually.
With my gallery builder, it'snot that big a deal.
I can go look in the folder ofimages and videos and see those
are the images and videos.
It got it right.
But if we're using it to uhdecode data to parse data, if

(46:11):
we're using the vibe coding ideato parse uh returns or we're
using it to parse any any datareally, um, how are we
validating that?
How are we checking it?
And how how do we ensure thatthat code doesn't have a bunch
of garbage in it that's going tonegatively affect our cases?
What are your thoughts?

SPEAKER_03 (46:31):
Well, look, I mean, in regards to your project,
again, I like I like how itlooks, but something as as
simple as, for example, thecode, I look at it quickly.
It mixes the HTML part with theactual scripting part.
And they're in turn mixed there.
And that's tough, right?
If you want to update the viewof the program, then you have to
look go through all the linesand try to fix, try to change

(46:52):
that view.
And but if you use like atemplating system that exists to
handle the the graphical userinterface or the HTML separate
from the code that fills thescreen, it's easier to to work
with.
Now, I say that because forsmall, and Her is correct, for
small projects, something quick,it's it it works, it's it's no

(47:13):
big deal.
And again, I'm not I'm notreligiously against AI, right?
Um for for small things, sure,why not?
Like I was I was uh kind oflet's say let's say I was bored,
right?
So I did a quick retirementcalculator.
Because for some reason I'mthinking about retirement

(47:34):
lately.

SPEAKER_00 (47:35):
14 seconds, 14 seconds.
You're not counting enough, areyou?

SPEAKER_03 (47:38):
Oh no, of course I uh the the program is doing
that.
Uh I mean it's a simple thing.
Do do I want to how do I takethis out of the screen, Heather?
Take it out of the screen.

SPEAKER_01 (47:48):
I'll get it, yeah.

SPEAKER_03 (47:48):
Yeah, so do I do I do I want to sit down and and
and code a retirementcalculator?
Well, I just went chat GPT andkind of asked it.
And it was funny because so Iasked, they gave me something,
and it gave me, well, do youwant me to add this?
Do you want me to add that?
You want to make it, you know,and keep asking me questions.
I said, yes, yes, yes.
And at some point, it was a bigmess.
And I did it kind of on purpose.

(48:10):
So I I was kind of running thecode at each iteration, and then
I picked the one that I likebest from all the iterations.
But the more I added to it, themore uh weird and
discombobulated the thingbecame.
And and the code at the codethat it gave me at the start,
which kind of was pretty okay,with the code that gave me at
the end, it was a bigdifference, and it did not

(48:33):
behave in ways that I expected.
And you know, that tells youabout how these uh systems
operate, right?
And how they don't really keepgood track of context because
they're not really thinking, ofcourse.
They have a limited set oftokens they're working with.
And that's uh what are tokens atopic for another day.
Um, but they they can have a usenow, like Heather's saying, and
in regards to my thoughts onthat, um I'd be really weary of

(48:58):
just vibing into things um forthings that are important and
make assumptions because whenyou're the the underlying
problem is that when you buycode, you're you're coding on
assumptions.
Because if you knew how to code,there would be no assumptions,
right?
You would just you know you knowwhat you're doing, right?
But you're assuming the systemis understanding what you're
asking and it's providing anoutput and that that's correct.

(49:21):
And you can say, well, I'llverify, like Heather said.
Yeah, if if it's small datasets, that's great.
But if they're really large, umare you gonna try to code that?
I mean, I'm I'm sorry, well,you're not gonna code it, but
you're gonna try to verify that,validate that.
And if you look at that code, uhyou're gonna look at depending
on what you asked and for howlong, at thousands and thousands
of lines of code when you don'teven know where to start.

(49:42):
Um, so it's a problem with somewhat's the due diligence when we
do this, right?
Where's where's our attention todetail?
Where's our moral property whenwe're trying to have these
systems do the work?
And some people tell me, well,you're more efficient if
somebody that knows how to usethe AI also uses the AI.
And it's like you're like a likea big nanny for the AI.

(50:03):
And I will contend that in largeprojects that's not even really
that efficient either.
Um, so I think AI in this typeof coding context could be seen
as a resource to like in likehow you used we used to use uh
Google without the AI, or useduh what was this web page for
coding?

(50:23):
It's called uh oh there's a pageI forgot the name right now.
Okay, that folks that got aforum, you make I make a
question and people that codeanswer that question, right?
Then then sure that's that'sgonna help you.
But offloading that cognitivework to the LLM, that that could
be a problem.
Yeah, um, look, so for example,Kevin says vibe coding is good

(50:45):
for GUI building, it's not aswell for parsing.
And and actually that makessense to me, right?
How do how the interface isgonna look, especially using
Python and the differentgraphical libraries, that's a
good starting point.
But yeah, but the actual meatand potatoes of the thing, you
need to know exactly what'shappening, how you're doing it,
right?

SPEAKER_00 (51:03):
Right.
So if we're using it to parsethings, but you don't understand
the code, which I don't, so Iwould not be able to do it.
But if I'm using it to code toparse things, I can't even go
back and check the code to makesure AI got the code correct.
I don't even know what it means.
Um, somebody like you could useit and then be able to tell like
what it means.

(51:23):
I just I can't right now.

SPEAKER_03 (51:25):
Oh, and and and and and sometimes it's the the time
investment in doing that part ifyou still so so where's the time
savings, right?
And again, uh these systems arebeing sold as the solution to
things and magic.
No, look, the whatever you usedto do at the front, right?
Getting ready to do your script,your parsing, your stuff, well,

(51:45):
the LLM will do it, but thatwork doesn't disappear.
Now that work is done at theback end because you have to do
the same process to make surethe thing worked properly, and
if it didn't, or it only workedproperly in certain instances.
Remember, a broken clock can beright twice a day, right?
If it only works in certainproper circumstances, then
actually you're taking moretime.
There, there's a kind of a jokeon LinkedIn.

(52:08):
Folks, people I say joke, but isit really a joke?
Putting in their profiles bivecoding cleanup specialist.
Like a position, right?
Like bive cleanup codingspecialist.
That's not a yeah, if if ifwe're if we're getting into
that, that's a problem with howwe're trying to address or uh
add these LLM tools into ourworkflows.

(52:29):
Again, I I'm not saying that youshouldn't use them, but I'm
saying you should be reallycareful.
If you don't know how to parsesomething and you ask the LLM
and you're getting some resultsthat look right, they might just
look right.

SPEAKER_00 (52:40):
Yeah, they may not be right.

SPEAKER_03 (52:42):
Yeah, that the look is not enough.

SPEAKER_00 (52:44):
But the problem is so definitely regular coders who
understand it will see that.
I won't I won't see that.
Uh, people who don't know codingat all will not see that.
And we run the risk of thenpresenting data that just is not
right.

SPEAKER_03 (52:58):
Well, and and again, that there's a moral aspect to
it, right?
Uh should we be satisfied withwith just getting that output?
No, we we have again ourresponsibility to do proper due
diligence, attention to detail,and and our property.
Uh is this thing to the specsand the standards that we expect
from our field and from the workthat you will do as a human.
And the compare and the base ofcomparison can be well, human

(53:21):
makes mistakes.
That that doesn't I I I hatethat comment, and I get it all
the time.
Well, LLMs are just as bad aspeople, then then then I don't I
don't want things that are asbad as people.
I want things that are that dobetter.
Like the standard should notshould not be the human that
messes up because that's what weneed to avoid.
We don't need to perpetrate itand then make it uh bigger at

(53:46):
scale.
Yeah, we have this solutionthat's so human, it it messes up
like humans, therefore it'sgood.
Right, okay.
Treat it as a co-worker.
Actually, what studies shown,and going off, see, you got me
into this AI topic.

SPEAKER_01 (53:59):
Sorry.

SPEAKER_03 (53:59):
What what recent studies shown, or study that
came out a couple days ago, andI make a quick mention of my
LinkedIn, is that uh uhco-workers that get input from
other co-workers that's beingproduced with AI, right?
And when they get that product,now it's their problem.
Somebody put some prompts,whatever the output was, they
pass it over to the nextco-worker in that, you know, uh

(54:21):
that line of work.
Now it comes to me to do mypart, and I know it's AI stuff
because it's crap and it's notdone well.
Well, the people that receivethat are think will think less
of the coworker that sent it tothem, and that disrupts the
cohesiveness and the cooperationthat we want within our working
groups.
That's what the studies show.

(54:41):
They will think less of you ifyou throw some AI slop at them
that that it looked right andyou send it out, right?
And that really messes up theworkflow not only of the data
that you're working with, butbetween the human beings, the
real people that are supposed tobe interacting.
You send me this now.

(55:02):
I have to redo your work or pushit back, but then you get mad,
and then that does that makesense.
So there's a lot of hidden coststhat that we need to consider
when we implement thesesolutions, and and and where do
these solutions uh fit withinour workflows?
And that's something that weneed to really think about uh
before we go all in on them.

SPEAKER_00 (55:23):
Yeah, absolutely.
So, yeah, again, everybody iswelcome to use the gallery
builder.
Uh, there are no guarantees thatit's gonna do what you want it
to do, but it did what I wantedit to do, and I'm gonna make
improvements to it as I learnmore and more about coding as I
go.

SPEAKER_03 (55:41):
Oh, oh, oh, and actually, one more thing.
I just reminded me.
And one last thing.
And I get off my soapbox.
Um, these systems are trained ondata.
Obviously, it's a large languagemodel, right?
It's a a smaller subset ofinformation gathered from all
sorts of sorts of sources,right?
That's what a model is, asmaller version of a thing or

(56:03):
things.
There is again a moral dimensionin regards to how these tools
are trained, specifically in ourfield, where vendors are putting
LLMs and we don't know theprovenance.
Provenance means how they weretrained and from what data
sources.
Well, all these data sources uhproperly licensed and
copyrighted, for example, andagain, this is me talking as a

(56:26):
user.
Um, I think uh some LLMs thatcreate videos for people.
If you ask them, yeah, I want avideo of Mickey Mouse smoking
weed, right?
For example, which is somethingthat Disney will never do or
approve, right?
And number two is something thatDisney Disney does not license

(56:48):
Mickey like that, right?
And then, yeah, they're pretty,they're pretty, you know, pretty
sealous or sellless or jealouswith their with their IP, right?
Intellectual property.
These AIs are actually creatingthese Mickey Mouse characters
smoking weed.
Again, I'm making a made-upexample.
Well, how does the LLM know whatMickey Mouse is?

(57:08):
Did they get Disney to licensethe the the the these uh
intellectual properties and theuse of their Mickey Mouse
characters?
Are they licensed?
Uh and again, again, I'm not I'mnot a lawyer, so I know nothing
about law, but I'm saying I'mapplying that not to speak about
these LLMs specifically, butabout our field.
How were they trained?

(57:28):
Were they properly licensed?
The last thing I want is tocreate some output and then
figure out that the LLMprovenance at court found out
that it was not properlylicensed, there were some
copyright violations, and thenI'm going to court using a
product that's being foundliable for a copyright crime,

(57:50):
right?
And we don't have so so whatthat means to me as me as a
Tanjubi as a as a lookingforward practitioner is vendors,
you need to tell me, look, isthis some proprietary LLM?
Did you train it with properlicensing?
Can you guarantee that to methat this will not be a
liability later at court or aproceeding of any sort, right?
Can you make sure that I'mprotected as as the buyer of

(58:12):
your product from futurecopyright violations based on
how you train your LLM?
Does that make sense, Heather?

SPEAKER_00 (58:18):
Yeah, it does.
Absolutely.
Absolutely does.

SPEAKER_03 (58:20):
And I I don't hear anybody talking about that in
our field, uh, other thanmyself.
So I would hope that itresonates in somebody's ear at
some point and we get some sortof again.
I could be wrong.
Maybe, maybe there, maybe that'salready solved or some somehow.

SPEAKER_00 (58:31):
That'd be great.

SPEAKER_03 (58:32):
But I I would like to hear about it.

SPEAKER_00 (58:33):
So yeah, definitely, definitely.
One last thing about the gallerybuilder before uh before you
take it, uh, too, is I only havethe images and videos with the
file name in the um HTML, theMD5 hash, and all of the
information about where thoseimages are coming from are not
included in the gallery builder.

(58:55):
So please still include yourreport that has all of that
information that you'll need toproperly testify in court.

SPEAKER_03 (59:01):
I mean, it it's a great tool to show the things.

SPEAKER_00 (59:04):
Yeah, that's what I wanted it for.
Presentation purposes only.

SPEAKER_03 (59:08):
Yeah, yeah, yeah.
But it's definitely not to do uhhere's the analysis of the
pictures.
That's not what that's not whatit's for.

SPEAKER_00 (59:13):
Absolutely not.
I may have to put thatdisclaimer in the little read me
thing.

SPEAKER_03 (59:17):
You know what?
That's that uh that's a I thinkthat's a good idea.

SPEAKER_00 (59:21):
I do have the disclaimer in there that it was
written with with uh the help ofChat GPT, mostly Chat GPT.

SPEAKER_02 (59:27):
Gotcha.

SPEAKER_00 (59:28):
Um, so we are at what's new with the leaps.
So what's new with the leaps?
The the one thing that I sawthat was new with the leaps is
Alexis.
Uh he coded for Android the callnotes from the the Google Pixel
data that I was talking aboutearlier.
So the Google Pixel has now thecapability to do call call

(59:49):
notes.
What the call notes is, is youan enable uh call notes on the
call.
As soon as your call starts, youhit the enable.
And the person on the other endand yourself.
We'll hear a message that saysyour call is now being recorded.
Um, it records the call, andthen at the end of the call,
when you hang up, you can see itworking.
The AI is working to transcribethat message.

(01:00:11):
I will tell you, I tested itwith my sister.
It absolutely does notunderstand how we talk because
it got tons of stuff wrong inwhat we said, but it was funny
to read.
Um, so if you're seeing that inyour case data, just please know
that that may not be what thepeople on the phone call
actually said.
Um, so listen to the recordingas well.
The recording is there as well.

(01:00:31):
Um, but I believe that Alexis isthe very first person to code
parsing that uh from the GooglePixel data in the newest uh iOS
or newest Android release.

SPEAKER_03 (01:00:43):
Yeah, and uh I I I was kind of pressuring poor
Heather because I wanted to doit first before everybody else.

SPEAKER_00 (01:00:49):
Like I'm doing it on my personal phone.
Hold on.

SPEAKER_03 (01:00:52):
Can you give me that data, please?

SPEAKER_00 (01:00:54):
No.

SPEAKER_03 (01:00:54):
So a couple of things.
It's not I'm not finished.
I just kind of put it out therejust to have something out.
Um let me take that away.
Yeah, I'm not I'm not finishedbecause um uh you'll you'll see
now.
I'm gonna look, let's look at adata source.
And the data source uhidentifies the cut the the
people that are talking based ona number, but there's another
data source, I think it's aSQLite database, that does have
the correlation between thenumber and the user.

(01:01:16):
So there's still some work todo.
But the main point I wanted toget out is at least people be
aware that if there's a recordedconversation that's being trans
uh transcribed by AI, at leastyou have a report that tells
you, hey, there's somethinghere, and you can read it.
And then, like Heather says, youcan follow up with the
recordings and the like.
Which again, side note, there'sbeen a lot of tools that do AI

(01:01:36):
transcription from from body camrecorders and stuff, and AGs
have tried it and they found outthat it's better for the agent
to just or the investigator tojust listen and write it versus
transcribe it for many reasons.
But that's another topic foranother day.
Now, I wanted to show toeverybody all these data sources
as as you uh um parse it, Ithink it's protobuf originally,

(01:02:00):
and then you turn it into a JSONfile.
The utility of using graphicalJSON viewers to do your
analysis.
That's what I would like toeverybody to kind of go walk
away with this in this section,okay?
If you look at JSON, let's sayas you see here on the left
column, it's indented.
That means that it tells you therelationship based on what

(01:02:20):
position it is, right?
The farther away the data is,well, the more related is to
what's underneath, right?
And the less related it's gonnabe to what's on the left, right?
So, and like a hierarchicalstructure.
But this is hard, like trying totry to make sense of what goes
where when it's kind of going inand out, in and out, in and out,
it's it's tough, right?
If you look at JSON, that's uhpre-printed or properly indented

(01:02:43):
is hard.
But if you look at a graph, it'snot that it's easy, but at least
you can see a lot of thoserelationships graphically way
faster and way easier.
Like in this sense, I see thisbig graph, it's hard to see on
the screen, but you see all thisJSON, right?
And I see, well, these things onthe far left are definitely the
entry points, right?
So let me focus on that, andyou'll see if you focus, it's

(01:03:06):
all the graphical.
Look how easy I did thatanalysis.
I look, oh look, there's 13items in this uh JSON, and you
see that little bracket thatmeans it's a list, so it's 13
things in a list, one after theother.
Well, let's analyze some ofthose.
Let me take away the uh commentson the stage so folks can see
better here on their own screen.
There we go.
So let's go to let's go to thetop here.

(01:03:29):
So if I go to the top here,you'll see.
Oh, look, there is the firstitem, here's the one here of
that list.
Oh, look, that's it's adictionary.
You see the squiggly bracketsthere, two keys.
Oh, it's a dictionary, it's twokeys.
Let's look at this first onehere.
You have oh, a timestamp, that'sUnix epoch timestamp, and a
number.
And then you hear, did you justhear that?

(01:03:49):
The next message, a timestampand a number.
And then the answer is yep, atimestamp and a different
number.
So now I can see that oh, I seeevery item, it's part of that
conversation as beingtranscribed, and then you got
user number two saying things,and user number three responding
or talking or doing whatever theperson is doing, and now I can
go graphically kind of justanalyze this.

(01:04:12):
This helps me a lot because thenwhen I'm gonna code this thing,
I know that what I need isreally pretty much in this first
list.
Now you'll have situations whereyou might need to start digging
deeper into that JSON to getthings all the way in here.
But guess what?
By having it graphicallyorganized this way, if you know
a little bit of coding, you'llbe able to pick out even far-off

(01:04:35):
values from keys all the way outhere because you know what the
path you need to take based onthe graphical interface.
Does that make sense here to youa little bit?

SPEAKER_00 (01:04:44):
Yeah, I love it.
I love the view you give it inthe graphical interface because
when you go look at the the rawdata just as is, it's so hard to
make out, especially if you'renot a coder or not familiar with
the the different datastructures too.
Tools like tools like you'reusing are just um super helpful
to give a full picture.

SPEAKER_03 (01:05:02):
Oh yeah, and look, in some circumstances, if you're
in a pinch, you might just putin the graphical graphical
viewer and take a screenshot ofcertain certain things, right?
If it's something that you needlike exigent circumstance, yeah,
then you can do it that way, andthen you can code it later, or
if you don't know how to codeit, um get help somebody, and if
you use chat GPT, then use that,and then also get help later.

(01:05:25):
Yeah, you you need the helpeither way.
But so yeah, so and a lot of thework that that we do, you know,
there's some some ways of goingabout it.
You don't have to sit and waitfor a paid tool to do it for
you, and sometimes you don't youcan't, you have to accomplish
the mission right away.
So open your mind tounderstanding what data
structures are, what a JSONstructure is, and play with some

(01:05:47):
of these uh graphical viewers.
This one is calledJSONCrack.com.
Now, this version is online, youdon't want to put your data
online.
So if you're gonna, I'm notsaying you should buy this or
not, it's just one that I pickedrandomly from the Google search.
But if there's one that youlike, make sure there has an
offline feature where you youpay for it, you download it, and
then you do all that graphicalanalysis uh on your on your

(01:06:09):
computer locally.
You don't want to be sendingyour stuff out there, much less
case data out there because whoknows who's on the other side,
okay?

SPEAKER_01 (01:06:16):
Please do not.

SPEAKER_03 (01:06:16):
Yeah, so yeah.
So um, there's a lot of stuff.
I mean, Keller, please take thatout of the screen, please.
Um, so yeah, there's some otherstuff that we're working on in
regards to the leap.
Lava is coming out soonish.
Um we wanted to have it outsooner, but we we're adding, and
by we I mean uh John uh Johan onthe leap side, and and um and

(01:06:39):
Kevin also on the leap side.
John is now also dealing withthe lava side, and who am I
missing?

SPEAKER_00 (01:06:43):
Um James.

SPEAKER_03 (01:06:46):
James, James, and James, which is the main
developer for the lava side.
Without James, we would wewouldn't have lava, period.

SPEAKER_00 (01:06:51):
I think we have some interns now too.

SPEAKER_03 (01:06:53):
Yes, so so thanks to Bruno.

SPEAKER_00 (01:06:55):
Shout out to the interns.

SPEAKER_03 (01:06:56):
Bruno Constanzo, I think Maite is one of the ones.
I forgot the name of the otherdude, so I'm sorry for that.
But their interns from uh uhamazing college professor, Bruno
Constanzo, is a good friend fromArgentina, from Ufasta
University, down in Mar delPlata.
And they're they're the internsare really helping out uh
cleaning up all the artifacts tomake lava compliant, and the

(01:07:18):
work that they're doing is soimpactful.
Again, just because you are notlike a super coder or had years
of experience does not mean thatyou can make an impact.
You can.
And and like like Kevin'ssaying, the developer team is
growing, which I'm really happyto do that.
People that have a really uh bigheart and and and want to give
out to the community becauseagain, they're not we're not

(01:07:40):
none of us is paid.
This is all a work of love forfor ourselves and you know also
to make our our work easier.
So so there's a lot a lot that'scoming out.
Um, some other artifacts thatbeing working on, but again, I'm
gonna wait till the future tokind of uh talk about those.
Yeah, also because I'm not superin the weeds with them.
Um quick short story.

(01:08:02):
When I started, it was prettymuch me and Yogesh kind of doing
the leap stuff, and then Yogeshleft for you know reasons, work
and all stuff.
He had to move and work in indifferent places, so he couldn't
keep up with the projectanymore, and it was just me.
And I I I I quickly realized Icannot do it on my own, right?
And I had such great humanbeings like Heather here and
Kevin, all the folks that wementioned, just jumping in.

(01:08:25):
And the project is large enoughthat I cannot I just cannot keep
track of it on my own.
Some of the stuff that's beingdone, I depend on on the dev
team to actually explain to mehow to how to accomplish certain
things or what's going on,right?
So so uh again, uh my heart, myheart goes out to all of them
for for the great work they'redoing for the community.

(01:08:46):
So I couldn't think thank themenough.

SPEAKER_00 (01:08:48):
So absolutely, thank you.
Um just a quick note on the thecall notes thing.
We showed the data and showed umtold you that it's now supported
in the leaps for parsing.
I'm working on a blog toactually talk about how the data
is stored and where inside ofthe extracted the extraction.
So look for that.
I'm gonna try and finish it bythe end of this weekend and um

(01:09:10):
I'll put that up so everybodyknows where to find the call
notes data.

SPEAKER_03 (01:09:14):
Absolutely, and and and absolutely also that will
pressure me a little bit intofinishing the script to actually
match, put the names of thepeople that are talking.
I also add the part the audiobecause the audio is is kept if
you if I remember correctly.
Yeah, it is so I I need to makea report with all the audios and
then how do they relate to theconversation?
So we're there's still stuffthat need to do.

SPEAKER_00 (01:09:34):
So right, right, absolutely.

SPEAKER_03 (01:09:36):
And by we and me, and by me, I mean we so that
brings us to the end.

SPEAKER_00 (01:09:42):
We have a meme of the week, as always.
So this week we have the birdthat's saying, So I said it
depends.

SPEAKER_03 (01:09:52):
Oh, wait, but what the the word you're missing some
concept.

SPEAKER_00 (01:09:56):
I I do, you do it.

SPEAKER_03 (01:09:57):
The bird is sitting in a in a in a in a high chair,
right?
At a comedy, at a comedy club,right?
He's in his I guess it's openmic at the comedy club.
And the the crow is making thejoke and says, So I said it
depends, and expecting less, andpeople say, Boo, boo, get better
material.
And the poor crow bird looks athis notes and they all say, It

(01:10:18):
depends, it depends, it depends,it depends, right?
And the joke about that is thatevery Digital First
representation is this in anutshell, it depends, right?
And that's like our favorite,favorite thing to say.
It depends, it depends, itdepends, it depends.
So we're kind of that bird.
That's kind of like the relationor us being be able to relate to
the joke comes from because weuse it so much.

SPEAKER_00 (01:10:37):
It is the answer to every question in digital
forensics.
It it is, it really is.
Most of the time, because thequestion that's being asked just
isn't giving enough informationyet.
I mean, it they'll get there,but the question being asked
isn't isn't providing enoughinformation to even answer the
question.

SPEAKER_03 (01:10:54):
And I I love that you said that because that's oh,
I love that, because that speakson something that I'm also a
little bit like a how can I saythis, like a pet peeve of mine,
right?
I'm I'm really adamant and and II try to hold myself to it.
Use the proper terminology inregards to what I'm trying to
say, be it if I'm coding, bedata forensics, because if I use
the proper terminology, when Itry to convey to you, uh, you

(01:11:17):
know, pass from my mind aconcept or an idea to your mind,
you'll you'll be able tounderstand it.
If I make a question, you'll beable to understand the question.
And we take so well, it's it'sin a yeah, it's in a database.
And then, well, it's actually aput a buff.
Well, that's not a database.
Well, you know what I mean.
No, I don't know what you mean.
Because you say database, Imight think SQLite, right?
And and and it's not like that,right?

(01:11:38):
Uh you know, you use anotherlike you're confusing me now,
right?

SPEAKER_00 (01:11:43):
I feel like you're directly calling me out right
now.
Oh I do that all the time.
I'll be like, oh, it's this orit's that.
And I'll be like, what are youtalking about?
Like, you know what I'm talkingabout.
Yes, but I'm gonna make you sayit the correct way.

SPEAKER_03 (01:11:56):
Look, I'm not gonna say the shoe sit fits, but if
the shoe fits, I don't know.
But but that but that goes withasking questions as well, right?
Um the the we when we need toask a question about somebody.
If you're asking for help from aperson in the community, don't
don't have me guess what you'retrying to get at.
Absolutely or don't have me dothe research.
No, make a give me a goodquestion with all the context

(01:12:18):
that I need so I can answer you.
Yeah, all the details.
Yeah, because if not, you'regonna get it depends and you say
boo, and I'll tell you, well,ask me a better question, so
then you get an answer, actualanswer, you know.

SPEAKER_00 (01:12:28):
Yeah, or they're gonna be like, this Alexis guy
has no idea what he's doing.

SPEAKER_03 (01:12:33):
I mean, that might be true, but not but not for the
reasons they they expect, right?
It's not because of theforensics, it's because you I
don't I don't understand whatthe heck you're asking.

SPEAKER_00 (01:12:41):
Exactly.
So I think that wraps up theshow for the week.

SPEAKER_03 (01:12:46):
Yeah, no, actually, actually, I I was a little bit
kind of down with the weather.
No, well, because I'm sick,because it was kind of cloudy
and all that, and things arehappening, but I feel so much uh
better mood after the show.

SPEAKER_00 (01:12:56):
So thank you for uh thank you for this.
Yeah, thank you.

SPEAKER_03 (01:13:01):
All right, everybody.
Thanks for staying with us.
Obviously, a little bit over thehour, but uh we appreciate it
that you're here, or the folksthat listen live, all the folks
that are listening nowafterwards or watching
afterwards.
Um you can find uh else inLinkedIn, Dita French the Dita
Francis Now podcast.
We also have recently a newleaps page, L-E-A-P-P-S, also in

(01:13:21):
LinkedIn.
Uh that uh our amazing webmasterand responsible of all our
online presence, Kevin, willcontinue to uh help us maintain
and where you can getinformation about the leaps,
also leaps.org, so you can signoff for the newsletter.
So uh and the announcements ofwhen lava comes out.
If you're in the in the in thelist email list, you will get

(01:13:44):
that email immediately so youcan go and download it.
So leaps.org, our leaps page, itare for instance now podcast in
LinkedIn, and uh we caninteract, chat there, and uh and
see what's going on.
Yeah, anything else for the goodor the order, Heather?

SPEAKER_00 (01:13:58):
That's it.
Thank you so much, everybody whotuned in.

SPEAKER_03 (01:14:01):
Thank you, everybody, and uh with that we
put the out music and we'll seeyou hopefully in a couple of
weeks.

unknown (01:14:07):
Yeah.

SPEAKER_03 (01:14:08):
Take care, everybody.

All Episodes

Episode Transcript

Popular Podcasts

Stuff You Should Know

Dateline NBC

The Breakfast Club

.css-15opob5{left:0;position:absolute;top:0.8rem;} All Episodes

.css-14f5ked{margin:0;word-break:break-word;display:-webkit-box;-webkit-box-orient:vertical;box-orient:vertical;-webkit-line-clamp:2;overflow:hidden;}Blogs, blogs & blogs!

Episode Transcript

Popular Podcasts

.css-r6mb8g{margin:0;word-break:break-word;display:-webkit-box;-webkit-box-orient:vertical;box-orient:vertical;-webkit-line-clamp:1;overflow:hidden;}Stuff You Should Know

Dateline NBC

The Breakfast Club

All Episodes

Blogs, blogs & blogs!

Stuff You Should Know