Due Diligence, Password Cracking & New Tool Features

Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Speaker 1 (00:12):
come on music.
Hello, hello everybody.
I don't think the music'scoming in now, but do you want
me to sing?
No no, I'd rather Let me hitpause, let me see if the music
comes, let me see I got someangelic Very nice, very nice

(00:33):
Music.
Yeah, my thing got confused,let's try it now.
Ah, everybody, oh, there we go,there we go.
I laughed.
Welcome everybody.
There we go, there we go, atlast.

(00:53):
Welcome to the DigitalForensics Now podcast.
Thankfully, heather's singingfree, and free as in not singing
.
Today is Thursday, July 11th2024.
My name is Alexis Brignone, akaBriggs, and I'm accompanied by
my co-host, the Hash Wrangler,the Don't Leave Any Stone

(01:16):
Unturned perspective, the.
This Is Important To your Case,and Let Me Tell you why.
Examiner the one and onlyHeather Charpentier.
The music is Higher Up by ShaneIvers.
Eventually, it was and can befound at tillermansoundcom.
Heather, we survived theroughest intro in these 21

(01:37):
episodes.
It would have been a lot rougherif I started singing.
You know beauty's in the ear ofthe beholder, but yeah, let's
not test that theory.
How are you?

Speaker 2 (01:50):
I am good.

Speaker 1 (01:53):
How are you Good?
Good, it's been good.
I'm happy to be back.
We had a little bit of a hiatus.
We did, we did A pause, if Isaid it right.
Yeah, we work and other thingsand so we have to lay low for a
little bit.

Speaker 2 (02:08):
Yep, we're not up on my main screen.
Are we up on your main screen?

Speaker 1 (02:13):
We're not.
I think we should, so peoplecan actually see us.

Speaker 2 (02:16):
We should.
It's a pretty background, but Ithink our pretty faces should
show.

Speaker 1 (02:20):
Yeah, I mean, if you are listening podcast there we
go, you don't really care yeah,that's true, that's true hello
everybody, we're here.
Um, so yeah, so uh.
No, I was, uh, I was.
I was at my mom's down by thegulf, the beautiful uh gulf
coast of florida, so that wasnice took the, the children

(02:43):
there, to see grandma and verynice had a great nice.
You know 4th of Julycelebration and weekend
fireworks and everything.

Speaker 2 (02:51):
Very good, Very good.
I kind of did the same type ofthing.
I went and visited my familyand then, I don't know, we've
been off from the show for a fewweeks.
So I did start watching thePython study group stuff again.
I swear I'm going to.
I know, I know you're happyabout that.

Speaker 1 (03:09):
I am.
I am extremely happy and that'swhy you know when I'm happy,
you know what happens, right.

Speaker 2 (03:14):
Oh, the fireworks, why?
Thank you.

Speaker 1 (03:17):
Thank you for you know actually following up on
your Python for studies.
That's good.

Speaker 2 (03:22):
Yeah, so I've run into a few issues for everybody
to know with the Python.
And of course Alex asks me well, have you watched the videos
from the study group yet?
And I haven't watched them all.
So I guess if I'm going to askfor help, I need to make sure
I'm trying to figure it out onmy own first.

Speaker 1 (03:40):
Well, you know, we'll be talking about a little bit
about conscious incompetence andconscious competence, so I
think it'll be an interestingdiscussion.

Speaker 2 (03:49):
What are you trying to say?

Speaker 1 (03:51):
Nothing I'm saying nothing.
I'm going to blame Brett, theauthor of the article.

Speaker 2 (03:56):
Yeah, definitely so, speaking of that, yeah, you want
to start there.

Speaker 1 (04:01):
Yeah, before we start .
Hey, look behind me.
What do we have?

Speaker 2 (04:04):
Oh my God.
So, for those of you listening,alex is trying to show me up
with the wall signs, the lightup wall signs.
He had one, so I got one.
I'm like, oh, we match now andnow, how many do you have?
Seven of them there.

Speaker 1 (04:18):
Yeah, because you know, if one is good, then six
more.

Speaker 2 (04:22):
You're completely surrounded by neon wall signs.

Speaker 1 (04:27):
And I'm going to get one.
Somebody suggested in LinkedInto get one that says it depends,
Because that's our phrase,right.

Speaker 2 (04:33):
Yeah, you do need.

Speaker 1 (04:34):
It depends.
Yeah, I'm going to get it.
I kid you not, I'm going to getit, I'm going to figure out how
to reorganize it I was going tosay where are you going to put
it?
I'm going to put it right herein front of my face.
Okay, upgrade, upgrade.
No, but I know you have one youhaven't put up yet.

Speaker 2 (04:50):
I do.
I do have another one.
I'm debating, though, if it'sgoing to replace the live nerd
sign or if I'm going to haveboth.
We'll see.
I don't want to be all offbalance no put it on the other
side All site so all right,anyways, I have to get it hung
up for folks that are listening.

Speaker 1 (05:04):
You need to go to youtube and and then see check
out our sites.

Speaker 2 (05:07):
Yeah, I have.

Speaker 1 (05:08):
The one I like a lot is the one on top of my head
says cool kids club andunderneath it says all are
welcome, which is uh kind oflike the vibe here in this
podcast, right, yeah, we can allbe all belong.
We all belong, righteverybody's a cool kid exactly.
I got a koi fish and peopledidn't know.
I have a tattoo of a koi fishin my arm.

Speaker 2 (05:26):
Yeah.

Speaker 1 (05:26):
So now I'm showing off a little bit here my art.

Speaker 2 (05:29):
Very nice Matching on the wall.

Speaker 1 (05:31):
Yeah, the beautiful mountains of Denver, a place
that I really appreciate.

Speaker 2 (05:36):
Very nice.

Speaker 1 (05:37):
And people close to my heart and yeah, so.
Anyways, going back to thetopic, we're talking about the
things that we know and thingsthat we don't know, so we have a
new article.
What's going on with that?

Speaker 2 (05:51):
Well, first quick.

Speaker 1 (05:52):
Kevin wants to know how many power strips you're
using.
Look, it's one, right.
And then there is you're aboutto get a visit from the fire
department.
Very good, it could be a firehazard.
So I'm closer to the firehazard range of fire strip, of
fire of power strips.

Speaker 2 (06:11):
So all right the article.
So fred shavers uh, has a newarticle out that, um, let me put
the the link to that up and thetitle is DFIR competence Are
you truly skilled or justfooling yourself?
And I have a little screenshotfrom his article to share.
But everybody should go overthere and check it out because

(06:32):
it's really good.
There we go.
So in the article I'll givejust a brief overview he talks
about the various stages ofincompetence and competence
conscious incompetence andunconscious incompetence and the
question I guess kind of posedfrom the article is do you know

(06:54):
your competence level?
And it goes on to say DFIRexaminer skills can degrade over
time.
So there's some examples of theunconscious and conscious
incompetence and competence herewhich is really hard to say a
lot in the screenshot.

Speaker 1 (07:10):
Sounds like a little tongue twister.

Speaker 2 (07:11):
It is a little bit.

Speaker 1 (07:13):
But the matrix is really good because his example
really drives it home.
Right, he says well, there's aperson that I love, the name of
the examiner, alex, right, kindof close to mind.
Right, this examiner neverheard about a tool, right?
Right, so he's not aware ofthis tool.
He's incompetent on it becausehe doesn't even know it.
Know about it, right, but thenhe's aware of it.
Right, so he's conscious aboutit, but then he doesn't know how

(07:35):
to use it.
He's still incompetent about it.
But then you're conscious andthen you're competent because
you know how to use it.
But you have have to gocarefully.
What step goes next?
What second step, third step?
Right, brett says he was goingto use Brett in the example.
Alex is fine, I like it.
And then you have unconsciouscompetence and when we do things

(07:59):
, we know how to use a tooleffortlessly, and that's from my
perspective.
We fall a lot into that.
We get really comfortable witha set of procedures or tools to
the point that we're unconsciousabout doing it.
We're proficient at it, butBrett makes a great point of
this being somewhere we couldfail, right, right, because

(08:19):
we're limiting ourselves.
Right, and when we do that, wedon't have or we don't, uh, open
space for improvement because,oh, I know how to do this, I
just do it.
And he gives an example, thisarticle.
It's like when you drive fromwork to home, from home from
work, every day, you startdriving then like, oh, I got to
work, how did I get here?
You're like I just I just gothere.

(08:40):
Do you think about it?
You think about many things,but you're not really thinking
about the driving.
It becomes kind of automaticand a road in a sense, and you
don't like, not subconsciously,you're awake but you don't think
about it and you get to work oryou get to work.
Actually, it has happened thatI'm so used to going, let's say,
to work that it's a weekend andI need to go somewhere else and
I just drive to work and I,where it was supposed to be

(09:00):
going, right, it was supposed tobe going somewhere else, and
that's the problem, right, if weget to that, a lot of examiners
get to that and then we don'timprove, we don't really think
about how can, even in theprocesses that we know how to do
effortlessly, how can we bebetter?
Because we can always be better.
I think he calls it eternal,not eternal.
What's the word I should havememorized.

(09:26):
Oh, here it is Infinitecompetence right, that's right
there on the screen.
If I could read Infinitecompetence, where you're
constantly trying to see wherecan I improve, because I know
this process like the back of myhand and I would take it even
further, right?
Well, not I.
Actually Brett did that for us.
He uses the example.
Everybody, please read thisarticle.
He uses the Penrose stairs as anexample, and that's pretty cool
, because it's kind of like a.

(09:47):
It's not kind of, it's like avisual trick.
What's that word for that?
Like illusion, what's the wordfor that?
We have like visual illusionsthat, for example, these stairs
are going up at all times butalso going down at the same time
.
I forgot what the word for thatis.
It's like a visual illusion.

Speaker 2 (10:06):
Yeah, it's not coming to me.
Sorry, I'm no help with thisone.

Speaker 1 (10:10):
Oh no, it's fine.
It's fine Actually, I feel likeOptical illusion.
Optical illusion.

Speaker 2 (10:13):
Brett's saving you.
Brett's saving you.

Speaker 1 (10:15):
There we go, so I like it.
It's like an optical illusionup and down.
Right, because you have toconstantly be improving, because
you will always at some pointbe incompetent, because new
things will always be coming, soyou got to be constantly going
up those never ending stairs,right?
And I really like this topicsfrom Brett, because there are a

(10:36):
lot of philosophy which I'm kindof.
You know I'm partial to it.
I love it, but it also makes methink about being better and
and and, as he gives you kind ofa plan on how to do that
Reflection he makes a greatpoint about.
That is so important and youhave to catch yourself, you have
to make an effort.
If you're doing something andnot making an effort on it,

(10:58):
that's an indication that youneed to think about what you're
doing.

Speaker 2 (11:01):
Yeah, I relate this a lot to training, even
especially with myself.
So I've been to so manytrainings over the last nine and
a half years and I think a lotof people myself included I've
been to that training already.
I don't need that again, and Ido because you have to
constantly be learning and notthink that something you learned

(11:22):
eight years ago is still what'sbeing taught in in those
training courses, if that makessense.

Speaker 1 (11:28):
Oh no, there's, there's, there's always, always,
always new stuff, and andthat's the, the infinite
competence you get to a level asan examiner when you can do
certain things, something, andthis is that, let me, I'm going
a little bit, not a tangent, butsomething that I'm seeing is
how can I say this?
Not a tangent, but somethingthat I'm seeing is, how can I
say this?
Like conscious incompetence,but not so much in the fact that

(11:50):
you know what you don't know.
I'm going to change it a littlebit.
People are consciously wantingto be incompetent.
In other words, I know how todo the one thing and I don't
need and I don't want to do orlearn anything else, and I don't
know how Brett would make thata stage or not.
And I'm seeing that a littlebit, where folks are like can

(12:15):
you strive to be better?
Can you strive to move?
No, I just don't want to, Ijust want to do the one thing,
and sometimes I don't even do itright.

Speaker 2 (12:25):
Yeah, I've seen examples of that recently too.
Where you're a hundred percentright, it's I.
I know how to do this one thing, that's all I'm doing.
I'm not moving out of thatrealm, so.

Speaker 1 (12:36):
Yeah, and and and in this field, that is a problem.
And that is a problem actuallybecause I'm going to, I'm going
to share something here on thescreen real quick.
A problem actually because I'mgonna, I'm gonna share something
here on the screen real quick.
Um, we have to think about onlyus in two terms, right, us
being uh good examiners, uh,having due diligence something
that we've both been discussing,you know, heather and myself

(12:56):
discussing lately.
What is due diligence?
What is expected of us?
What do the, the stakeholders,in our case are victims or
expect from us?
That's one thing.
What's our due diligence?
But also think about ourselvesand I mean, do we want to be
employed in the future?
And let's be real, I mean we,we need those necessities, right
.
So let me actually, if I, if Iopened the file, then I can

(13:22):
share it, right.

Speaker 2 (13:23):
While you're looking for that, brett says new neon
sign idea be constantly learning.

Speaker 1 (13:28):
Yeah, yeah, no, absolutely.
It's a long sign, but maybe Ineed more wall to fit some of
those.

Speaker 2 (13:35):
We'll have to put that one on my side.
It's the only place it'll fit.

Speaker 1 (13:39):
Actually right on top of your head.
I agree, All right, so this iswhat I'm talking about here.
Um, so I had this meme, I thinklast week or this week, where
you have the a person kind ofsitting in pews, like maybe in a
church or something like that,and there's this person sitting
there and it's labeled thebutton pusher, and then behind
that person is a is this personwith a gun to the person's head,

(14:01):
like about to shoot him?
Right, and I labeled thosetools.
But behind the automation toolsis another person with another
gun, called AI, right, but thenall the way in the mezzanine up
in the rafters, whatever,there's somebody with a sniper
rifle pointing at them, right,and it's called.
I labeled it actual digitalforensics experts, and what I

(14:22):
meant by that is if you're inthe state of conscious
incompetence and I kind of opted, co-opted the term from Brett,
but it's not how he defines it,it's just me redefining for this
particular point where youconsciously want one thing to be
incompetent, right, being thatbutton pusher, you will be
pushed out by the automationtools.
You'll be subservient to themif you still have a job, because
at some point I'm pretty suretechnology can push the button

(14:45):
for you.
We won't need you.
We don't need George Jetsons,right?
Okay, and then AI will kind oftake some of that.
So if you want to still berelevant in this work, moving
forward, because technologyadvances in leaps and bounds,
you're like, well, ai is coming,but it won't affect me, I'm
retiring.
In the next 10 years I shouldhave plenty enough time to coast
over to my retirement.

Speaker 2 (15:07):
Ai could possibly retire you way earlier than that
, let me stop sharing this.

Speaker 1 (15:14):
So yeah, and again I'm co-opting that term and kind
of misusing it a little bit,but just because that Brett's
article made me think aboutthose things and I think are
important, that we all shouldshould take some time to reflect
on them.

Speaker 2 (15:27):
Yeah, really great article, and I'll put the link
to that in the show notes on thepodcast website.

Speaker 1 (15:34):
Hey look, if Arsenal is saying plus one for the meme,
I'll take it.
Yeah, arsenal, great, greatcompany, great software.
Always good to have them hereand hear from them.
Great company, great software.
Always good to have them hereand hear from them?

Speaker 2 (15:45):
Yeah, definitely.
So one thing we wanted toannounce is Oxygen Forensics put
out a call for speaker at the2024 International User Summit
coming up.
It is going to take placeOctober 15th through the 18th.
I actually have a littlescreenshot to share here and
it's in Alexandria, Virginia.

Speaker 1 (16:07):
Beautiful Alexandria Virginia.

Speaker 2 (16:09):
There we go.
You could submit a topic andshare your knowledge.
So if anybody listening hasthought, oh, I really want to, I
really want to get in there andshare some of the things that,
some of the things I've learned,some of the things that I've
written about, some of thethings I haven't shared yet, go
in there, apply, go speak at atthe user summit.
It's a great place to getstarted With.

(16:32):
Whatever topic you have in mind, you can submit it right at the
web, at their website.

Speaker 1 (16:37):
Absolutely.
And oxygen I also agree.
I agree Company Lee a great guy, the CEO a great, a great
company.
Uh lee a great guy, the ceo Ihad the pleasure of, of
presenting with him in someevents, so it's always a good
time with the oxygen folks.

Speaker 2 (16:49):
so definitely consider that and submit for it
yeah, if, if you're notsubmitting, if you're attending,
I'll tell you right now.
I've listened to a couple oflee's presentations and he's
really really good at presentingexcellent topics and just a
captivating speaker.
Absolutely, absolutely, allright.

(17:11):
Let me move that, all right.
So next up, we have talkedabout a tool on past episodes
called YouFade.
It is created by ChristianPeter and he's out of Germany
and we've talked about it a fewtimes and its capabilities, but
there's some major updates to it.
Um, there's a whole new userinterface and there's a chat

(17:34):
capture feature that I want toshow everybody live, so
hopefully it doesn't screw up onme while I'm trying to show it
live and before you show it live, just tell the folks, maybe
they missed those episodes.

Speaker 1 (17:45):
What's what's?
What's you fit about it?
What's it, what does it do?

Speaker 2 (17:47):
um, all kinds of capabilities I'm going to go
through the differentcapabilities inside of it, but
all kinds of capabilities withios devices so you can pull the
sysdiagnose logs, you can dological extractions, itunes,
backups, um, there's all kindsof other logs from the device
that you can pull.
And now, with the newestfeature, there's the chat
capture.

Speaker 1 (18:08):
That's awesome.

Speaker 2 (18:09):
Yeah.

Speaker 1 (18:11):
And as Heather is setting up, prepping up her demo
, which I always love whenHeather does the demos- Until I
can't share the screen.
Yeah right, this is a tool thatChristian I think Christian's
in the house right now is in thechat.
It's free to use.
So it's amazing how thosecapabilities that you see in
other tools that cost a lot, yousee this over here in a

(18:34):
community tool.
It's absolutely free.
So it's amazing.

Speaker 2 (18:38):
Yeah, so I really liked it when we showed it
before, but this is just a lotof improvements.
I really love it now.
So I mean I loved it before.
But let me share my window here.
Oh yeah, the watchOS devices.
I forgot to mention that.

Speaker 1 (18:57):
Also for the watchOS devices that are able to be
accessed.
There's support for it, sothat's pretty cool too.

Speaker 2 (19:02):
So here's the interface.
I'm going to take that off too.
So here's the interface.
I'm going to take that off thescreen.
Here's the interface and youcan see the device information.
As soon as I what I did is Iplugged my iPhone seven into the
computer, trusted with thecomputer, and then fired up the
Ufade tool.

(19:22):
You can see all of the deviceinformation on the left-hand
side, and then it's asking me tochoose an output directory for
any of the logs I may pull orextractions I may pull.
I'm just going to leave itdefault.
It defaults to the folder whereUfade is.

Speaker 1 (19:39):
And, for those that are listening, great graphical
user interface really well done.
On the left side you have allthe device information model,
hardware, product serials,disuse, wi-fi, mac A lot of
information on the left side andthen the right side.
Really nice, well-defined,beautiful interface.

Speaker 2 (19:58):
So there's an option to save out that device
information and installed apps,sim and companion devices.
There's acquisition options, sothere's a logical backup, a
logical plus backup, a logicalplus backup UFED style, so it
actually provides you with thezip file, the logical zip file

(20:19):
and a UFD file, so it makes itmore seamless to bring into
Celebrite, if that's the toolyou're using to parse the data.
And then there's a file systembackup for jailbroken devices.

Speaker 1 (20:31):
And I like the UFIT style because those that are
familiar with UFIT if you openit's just a text file, right?
So you open the UFD file, youhave all the information about
the device and at the bottom youhave the hash.
I think it's SHA-256, right.

Speaker 2 (20:45):
It is.
I'm actually going to bringthat up.
I ran a logical with the UFEDoption earlier, so let me just
bring that up for everybody.
I already had it up, of course.
Now I have found it.
There we go, Okay.

(21:06):
So this should look familiar toanybody who uses Celebrite.
It is the information about theextraction, the information
about the device and then thetool that you use to acquire it
this one particular I acquiredwith Ufade and more information

(21:26):
about the type of extraction,and at the bottom you have that
SHA-256 hash of the zip file ofthe extracted data I.

Speaker 1 (21:33):
I love that because then you can import it into you
know seller by tooling and andyou can verify the hash.
Or even if you don't, you canalways, you know, make sure that
when you're done with your workyou can validate to the hash.

Speaker 2 (21:45):
So so, so useful all right, let's present that again.
There we go.
So those are the extractionoptions.
There's also collect unifiedlogs which I'm not going to
click on because it kicks it offwhich I tested it earlier, and

(22:07):
you get a log archive of theunified logs and then developer
options is where that new chatcapture feature is that I'm
going to show, but you can takescreenshots of the device screen
.
There's a chat capture capturefile system to text.
I haven't tested that out yet,so hopefully somebody listening
is going to go in and test thatout and then unmount developer

(22:28):
disk image.

Speaker 1 (22:29):
Maybe Kevin Kevin is saying that he looks forward to
playing with the Windows version.

Speaker 2 (22:33):
Ah, all right, so cool.
So you're going to test thatout and tell me how it is.
But the chat capture is what Ithought was so cool for this
week.
So I'm just going to unlock myphone here and the chat
application that we're going totake a look at is I'm going to
do Facebook Messenger and it'son my test device, so just click

(22:54):
Chat Capture.
I'm going to name my appMessenger and then the name of
the chat.
The messages are with AmyFarrah Fowler.

Speaker 1 (23:04):
And for those that are listening, the interface
allows you to put those namingfields.
It's right there for you totype and it's all graphical.
You can click and type whateveryou need.

Speaker 2 (23:15):
So then I'm just going to kick it off and you see
what I see on my screen of mydevice sitting here right at my
desk.
So this is my chat messageswith Amy Farrah Fowler.
And in a second, after it hasdone its screenshots of that
screen, you just see it movedown to the next screen and it's
now capturing automaticallyscreenshots of it's capturing

(23:37):
the chat for me.
So you can see it moving andeach time it pages down down in
the right-hand side, you can seescreenshot saved as and it's
saving those screenshots of thechat.

Speaker 1 (23:52):
That's just fantastic .

Speaker 2 (23:53):
I know I love it.

Speaker 1 (23:55):
Yeah.

Speaker 2 (23:57):
While it's capturing all of the screenshots.
I'll just tell you that Istruggled all day to figure out
how to do this because I don'tknow I'm not great at all of the
Python stuff but I found someerrors that were user errors on
my part, and Christian, whocreated the tool, was kind
enough to help me today realizewhat my errors were.

(24:18):
And one was just my Pythonversion and I didn't even think
of it.
I'm like all right, I havePython installed, I've got all
of the dependencies installed.
This should be working.
Why isn't it working?
And he's like well, you're on adifferent version of Python,
try this.
And as soon as I did it, itstarted working.

Speaker 1 (24:33):
Read, read the docs please.
Oh, so yeah, I know I knowwe're all guilty of that, so I'm
giving you a hard time, butwe're all guilty of that.

Speaker 2 (24:43):
We are so, um, this has now captured the chats and
I'm going to just pop back andshow you what it looks like for
output.
So let me remove that from thescreen and go find my output.

Speaker 1 (25:01):
Present.

Speaker 2 (25:07):
There we go.
So in the Ufade directorythere's a folder called
screenshots, and then there's afolder called messenger and
there's a folder called AmyFarrah Fowler because that's
what I named my chats, and youcan see inside.
There's a whole bunch ofscreenshots that I captured
earlier too, but you can seeinside the screenshots of the

(25:33):
chats between Sheldon Cooper ismy test phone and Amy Farrah
Fowler's phone.

Speaker 1 (25:38):
That's awesome.

Speaker 2 (25:39):
And they they save right in there with the naming
convention that you gave them inthe Ufaid tool and the entire
chat is captured there withinthe screenshots folder.

Speaker 1 (25:53):
That's awesome.

Speaker 2 (25:55):
Yeah, I love it.
I was really excited to showthis one, so I was really hoping
that none of my user errorswould show on screen, and I
think it went okay.

Speaker 1 (26:05):
All right, the demo gods were pleased with you today
.

Speaker 2 (26:08):
Yeah, definitely, there is one other option.

Speaker 1 (26:27):
I'm not gonna put it back up on the screen, but
there's extract crash reports.
There's a WhatsApp export fromthe device 17s.
There's no support for them,right.
And you might have a phone thatcomes in with a passcode or
from a victim or a cooperatingwitness and you need to pull out
a chat that that cooperatingwitness wants to provide Right.

(26:48):
To provide right.
Okay, they bring out the camera, which again the video camera.
That's an option.
But if you can just go and say,okay, I'm going to pair it, I'm
going to select the chat that Iwant and then just hit go and
yes, just chit-chat, as thething is going taking the
screenshots.
I think that's way preferable.

Speaker 2 (27:07):
So the support for iOS 17 is being worked on.
Ios under 17 is currentlysupported.

Speaker 1 (27:19):
Oh, and not all iOS 16s are supported, by the way.
So it depends on the type ofiPhone that you have.
Right, Some are supported, someare not.
So just because you're like,well, I have iOS 16 and my tool
supports iOS 16.
No, it doesn't.
You have to check.
And if it doesn't, because itcould happen, then you have this
other option to pull thosechats when you have access to

(27:41):
that device Again, an examplebeing cooperating witness or you
know just some consent so youcan work on that.
So it's pretty neat.
Thanks to Kristen Peters forthis work.
Yeah, awesome, Please continue.
We appreciate it, the communityappreciates it and we will and
we use it.
So thank you very much Magic.

Speaker 2 (28:02):
Dave is asking is this a free program?
It is.
It's on Christian's GitHub.
I have the link up on thescreen right now, but it will
also be in the show notes on ourour podcast page.
Or you can just Google Ufadeand it comes right up.
And then Christian says iOS 17is supported in the CLI version.

Speaker 1 (28:21):
There we go, there we go, perfect, no, and we'll keep
highlighting, as, as Christiankeeps, keeps, keeps, you know
updating it, we'll keephighlighting those updates.
We're really happy that that'sgoing on.

Speaker 2 (28:35):
Oh, absolutely, I'm looking forward to whatever the
next update is going to be.

Speaker 1 (28:39):
Absolutely.

Speaker 2 (28:41):
So, um, another thing , that so we were we're.
I'm all in a WhatsApp groupwith a bunch of people and Matt
beers I don't know if anybodyknows Matt beers, but he has
canine ASCII.
So if you've met canine ASCII,you've met Matt.
So you probably remember canineASCII, though.

Speaker 1 (28:59):
First of all, a group of folks in a, in a, in a
WhatsApp, like your sign, tellsyou who they are.
What's your sign, say they'rewhat.

Speaker 2 (29:05):
Oh, the nerds, yeah, so it's a nerd group.
It's a nerd group in WhatsApp,but a group of really smart
people in a nerd group.
We were all chatting the otherday about Windows logon
passwords, about how to breakthem pretty much, and Matt was
in there and he was chattingback and forth and showed us a
contraption that he has made outof a Raspberry Pi, so I'll let

(29:29):
you talk a little bit about it,too, here.

Speaker 1 (29:34):
So us here in the show we're really mobile centric
, but we also get some computersevery now and then.
And it's pretty neat because hesays, look, we got this
Raspberry Pi 0 on all the olderones and he found some
repositories that have someinformation.
It's pretty cool.
What that does is it uses theNTLM way of communicating or
authenticating between a Windowsdevice and a Windows server and

(29:58):
it kind of turns it on its head.
What you do is you set up theRaspberry Pi Zero, which, again,
I heard about it and Iimmediately bought one.
We both bought one.

Speaker 2 (30:07):
Everybody in the nerd chat bought one.
I think they're sold out onAmazon.

Speaker 1 (30:11):
It's our fault now.
If you want one sold out onAmazon, it's our fault now.
If you want one, you can get it.
It's our fault.
We bought them all.
So it's as long as my finger atmost, at most, and that little
thing, you know, that's thecutest little heat sink you can
put on it.
Anyhow, I digress.
So what that does is thesoftware.
It pretty much turns theRaspberry Pi into like a

(30:31):
quote-unquote Windows server andthe Windows server communicates
to the network and there's waysof setting that up over to the
device and says, hey,authenticate with me using this
older protocol.
Right, and that older protocol.
What it does is it sends thathash out which we gladly grab,

(30:51):
and with the hash from thataccount, from that password,
then it's pretty obvious we'rejust going to try to brute force
it.
You know, or you know, have adictionary on it or I guess
rainbow tables will still beapplicable because it's an older
network, older protocol, don'tquote me on it and the point is
you use, you know, pure bruteforcing and it shouldn't be too

(31:11):
bad if it's obviously a simplepassword.
And it's genius because we allknow how those protocols work.
And I never thought of sayingmaybe I should impersonate a
server and have it.
Give me the hashes out, becausesome other techniques of
getting those hashes requiresome sort of entering into the

(31:33):
system, right, but if you can't,and but, and, then let's try to
do it through a network, and Ithink it's genius and it's a
great little actually.

Speaker 2 (31:41):
He made a video showing us how it works he did
and it's pretty sick so he also,because I mean, we all ordered
our raspberry pies, but now what?
Like I'm not fluent in how toset the raspberry pi up to do
that.
So matt actually put togetherum a step-by-step on what to do
and how to set it up.
I have a link to his um.

(32:01):
It's not really an article,it's like an interactive um
step-by-step guide how to setthe raspberry pi up to be able
to perform these uh attacks onthe pass, and I'll put that in
the show notes.
But he did that last night, Ithink.

Speaker 1 (32:16):
Yeah, yeah.

Speaker 2 (32:16):
So that we could share with everybody.

Speaker 1 (32:18):
Oh yeah and and for folks looking at it it's a super
long URL, but I think for theshow notes we'll try to make a
little tiny URL for it, so it'seasy.

Speaker 2 (32:27):
Oh yeah, sorry.

Speaker 1 (32:28):
It is.
Yeah, yeah, sorry.
Yeah, it's humongously long thelink, but don't worry.

Speaker 2 (32:38):
By the time we have the show notes later on tonight,
there will be a simple linkthat will take you there.
So quick did everybody get allthose numbers that are up on the
screen?

Speaker 1 (32:43):
Sorry, 4, 7, C, b, a, B, c, d, A, e, g, F, g, f, O, p
, g.
Yeah, you know me, you knowit's pretty, pretty wild, but we
will.
We will put a oh and you knowKevin's saying it's pretty
ingenious, it is super ingenious.
It's one of those things likewhy didn't I think of that
before?
Right.

Speaker 2 (32:58):
Right.
Yeah, I can't wait to test itout, but I definitely would have
been struggling on how to evenget started with setting it up,
Cause it's just not.
It's just not something I'veever done before, and to have
the step-by-step guide is justawesome.
He also he let us know beforewe bought our Raspberry Pi to
get the Raspberry Pi Zero W.
It won't work with theRaspberry Pi Zero 2.

(33:20):
So just a public serviceannouncement there.

Speaker 1 (33:23):
Oh no, yeah, yeah, so get the other model, but it's
pretty neat and there's obviouslimitations.
If you're not securing let'ssay you log in not with a
regular password but using likea pin or whatever well, that's
not going to work.
You know that protocol is notgoing to be able to give you a
hash for that right, um.
So there's some limitations onit, but it's always.
It's always a good, a good try.
And again, going back to whatbrett said right, I was what

(33:47):
unconsciously incompetent,because I didn't, I, I didn't, I
was incompetent.
I don't know how to use it andI didn't even know existed.

Speaker 2 (33:53):
Right, yeah, same.

Speaker 1 (33:55):
But, but.
But now we know, and RaspberryPis don't feel intimidated.
The storage is usually a littleSD card, so if you get the
image for it, you're good to go.
And I'm actually.
I use Raspberry Pis the regularones for all sorts of little
things, for a calendar and fordifferent things.
So I really, you know, hopefolks start looking into that as

(34:17):
a solutions for some of ourforensic problems.

Speaker 2 (34:21):
Yeah, one more thing on that too.
So he, he does, he does coursesor speeches, talks about
password cracking.
So if anybody ever sees hisname on the itinerary of a
conference, or, or, or, orwhatever training they're at,
really sign up for that.
Um, a bunch of my, a bunch ofmy coworkers, went to one of his
password cracking classes at um, the ICAC conference in Atlanta

(34:42):
, and said it was really good.
So make sure to catch his,catch his talks on the password
cracking.

Speaker 1 (34:48):
Yeah, matt, matt, uh, matt beers, right.
Yeah, yeah, I like it becausesometimes he goes by Matt
Cervezas, which I really got akick out of yeah that's good, I
see, hey, matt Cervezas, I justlove it, so I'm going to put it
in the chat.
Some folks are asking MattBeers was a really, really,

(35:09):
really cool dude.

Speaker 2 (35:12):
Okay, so next topic exploratory versus explanatory.

Speaker 1 (35:18):
Oh, yeah, yeah, absolutely, that's so.
You know one of those thoughtswhen you're like in the shower
or sitting down and you're inthe throne and you're like
thinking about things about life, you know.
So I had one of those the otherday um, um, do, do you have the
uh meme about it?
Yeah, so so I put a meme justto highlight the talk.

(35:40):
So you know, it's a picture ofof, like a galaxy or a black
hole.
It says me, born too early toexplore space, right, and then a
picture of the earth born toolate to explore, explore earth.
And then, and then a picture ofa tablet, a computer, a cell
phone, and it says born just intime to explore data.
True is not as the same level,I guess, as space and earth, but

(36:02):
there's a lot of things thatthat are important about
exploring data and that made methink about, you know,
exploration and explanations.
Right, exploratory versusexplanatory, and we had to be
really careful.
Again, going back also to Matt,to Brett's points, we explore

(36:24):
and we explore data when we haveoutput from data viewers, when
we have output from tool viewers, and the problem sometimes is
that we think that isexplanatory.
We think that if I have a toolreport.
I'm explaining something.
You're not explaining anything,right.
You're exploring the data, anda good example that I have from
a great book calledVisualization of Data I think

(36:47):
that's the title I'll put in thenotes because I don't have the
book in front of me right nowGive an example of how, for
example, you want to get pearlsright and pearls happen to be
found in oysters.
Okay, does every oyster have apearl?
Of course not.
Of course not right.
Some do, some don't andactually the minority have

(37:07):
pearls.
So you might have to go througha hundred oysters to get the
one or two pearls right.
So the question is so it'ssaying well, you know what?
For the sake of completion,make sure I have everything.
I'm going to show you all the100 pearls, I mean all the 100
oysters right.
Are you explaining anything?
No, you're exploring.
You explore the oysters, butwhat I care about is not how

(37:28):
many oysters you explored.
I care about the pearls right,and you need to tell me a story
about those pearls and what'simportant about that, the value,
and you can talk about theeffort of getting there, what
your procedure was, but theactual oysters are not the
explanation.
That's the exploration andthat's something that I was
thinking about because, again,like I said before, we have to

(37:52):
have our due diligence and makesure we explore, make sure we
use the viewers, make sure weuse the tools to get the context
of what's happening, because ifyou don't have the context, you
will not be able to exploreSomething.
That Brett is saying and Ithink I said it also in my post
when you show everything, youshow nothing, and that's
absolutely correct.

(38:13):
Yeah, we have this 300 pages ofwho cares, right, was it there?
Sure, it was there, but thepoint is not telling me yeah,
there's 100 oysters, I don'tcare about the oysters, tell me
about the first.
And pearls, pearls, oh, mygoodness, I'm killing it.

Speaker 2 (38:26):
The pearls are lost in that.

Speaker 1 (38:53):
Yeah, yeah, exactly no, it is.
So I said in the post, thenarrative reports it was turns
the exploratory into explanatory, because you actually build the
story.
You answer questions, right,that provide to the listener, to
the consumer, actionableinformation, right.
Then you're explaining, and ourjob as examiners, our main job,
is the explaining.
But that comes after a processof exploration, of getting
immersed in the data, of tryingto understand what it means
within the context of ourinvestigation, of our work,
whatever it is.
Then we can explain and we takeit even further.
I didn't mention that in thepost, but explanatory in your

(39:17):
narrative also goes into notonly how you write it, also how
you verbalize it.
Right, how do you make thosethoughts come across and put it
from your head in somebodyelse's head that you can
actually visualize on the storythat you're trying to build and
it's not your story, right, it'sa story by and for.

(39:37):
The data is what the dataactually tells us, okay, so I
just you know again, one ofthose shower thoughts that's the
most important thing.

Speaker 2 (39:44):
um, when it comes to reporting, everybody always
hears me, uh, talk aboutreporting and the most important
thing is to make sure you'regetting that point across.
And this meme and theexplanatory and exploratory kind
of sums it up perfectly.
And Brett's comment sums it upperfectly If you're doing a
report of absolutely everything,you are not showing anything

(40:05):
and explaining anything.
And even if there is somethinggood in there, whoever the
report is for, whoever thestakeholder is, they're going to
miss that.

Speaker 1 (40:12):
Like you said, they're going to miss the pearls
and ask yourself have Iexplored enough to find all the
pearls that might be there,right?
And some folks say, look, I'min a hurry, I want to close this
case.
I found the one thing done,Okay.
What about the 20 bodies in thefreezer?

(40:33):
Do you want to open the freezer?
Can you do that?
Because I know there's someillegal parking in the front,
but there's some informationhere about this possible murders
.
Of course I'm making a made upscenario.
Right, we're in the hurry.
You know we have 20 casesclosed.
Look, there might be moreinformation about more important

(40:54):
, pressing matters that you arewillingly overlooking because
your exploration you're cuttingit short, okay, or because you
don't want to really spend thetime to put it all together, to
properly explain, right, thatexplanatory phase?
And I want to add that to mythought process.
You know, is my explorationcomplete?
And is my explanatory phasebeing properly informed of my

(41:14):
exploration?
And I want to add that to myfuture spiels I teach.
Hopefully that helps people outhow they think about these
things.

Speaker 2 (41:21):
Yeah, one case closed correctly, where there's
context and where it's actuallyexplained and where it's
solvable, is better than 20cases closed any day.

Speaker 1 (41:33):
Oh, you know what?
I need to write that downBecause I want to.
I want to use that.
Hey, Josh says uh, some prosyou might not want to find, but
you still need to find and showthem.
And that's just that duediligence.
We need to make the point inour work in and if, especially,
you're a supervisor or a or a ora sergeant or a lieutenant in

(41:54):
charge of a unit, do diligence.
That's a concept that either wejust verbally say it but not
really live it, or we just don'teven think about it.
And what is due diligence?
You need to find them, weexpect you to find them, the
victim expects you to find them,Society expects you to find
these things.
So do your best effort or yourtool and your knowledge to get

(42:15):
to the bottom of things.
And if you're rushing, you'renot getting there.

Speaker 2 (42:19):
Or this could happen.
Brett says it's okay if youmiss something important because
your opposing expert will findit for you.
Ouch, that couldn't be moretrue.
You know?
I don't know, Do you have a lotof defense experts where you
are, alex, like, do a lot ofyour cases have defense experts?

(42:40):
I mean, you're federal, I'mstate, I'm just curious.

Speaker 1 (42:44):
Yeah, I mean some do.
I wouldn't want to characterizewhat the numbers are because
you know, in all honesty, a lotof our cases plea.
So there might be an expert,but I don't hear from the expert
, right, because maybe rightright.
I'm assuming here, maybethey're just confirming my
analysis and then we're good,right?

Speaker 2 (43:01):
But no, I've seen plenty.
We don't have a lot Like.
I haven't.
I've seen one in my cases sinceI started nine and a half years
, so I've had one.
And I think it's reallyimportant to point out that that
even if you've neverencountered an opposing expert
for one of your cases, they'rethere.
Be prepared for it every time,even if you don't know one is

(43:22):
assigned to your case.
Know they're there.

Speaker 1 (43:30):
Know that they're actually becoming more prevalent
and they will find that thingthat you missed Yep, oh yeah.
Or if they don't find somethingthat you missed, your
explanatory is not informedenough by the context, by the
exploration, and they will takesomething you say and
misconstrue it in some ways thatyou didn't think of but, in

(43:52):
people that are not informed.
right, because the juries arenot examiners, the judges are
not you know technical folks,they will believe it.
Right, because we didn't do theproper work that we needed to
do and you might say well, thisis what happened.
And the other side and againthis goes obviously a little bit
biased, quote unquote in thesense of I'm a law enforcement,

(44:14):
so this is my context.
Right, again, we're notcriticizing defense attorneys or
their experts.
They're super important, I lovehaving them there, they're
needed and it's a good thing.
Right, but using that context,we can use civil in the civil
arena, which is a little bitmore.
You know less problems there.
So you have the two opposingparties trying to make a point.

(44:35):
Right, equally, you know bothsides civilly.
Let's use that example betterand you make a point on one side
and guess what the other sidewill take that and if you don't
do the proper job, they willcome up with another scenario
that might fit those set offacts, wrongly or not right.
And then what?
So there's a lot ofresponsibility.
Our due diligence is so, so, soimportant.

Speaker 2 (44:55):
Definitely, let me get that.
So previous episodes we havehad questions, I guess questions
online and then questions inthe chat on the episodes, about
trainings that you can attend ifyou're a beginner, if you're
trying to get into digitalforensics or really even if you

(45:18):
just want to brush up on thefundamentals.
And I think Geraldine actuallymentioned these trainings by
Catherine Headley at SANS in oneof the chats in a previous
episode.
But on the SANS website, undertheir webinars webcast, there is
a series of, I guess, minitrainings, webinars put out by

(45:41):
Catherine Headley and the titleis the Secret Life of Devices a
series of workshops on digitalforensics fundamentals.
So there's I think there's six,six parts to it.
It's designed for beginners andit's meant to understand data
storage, interpret timestamps,learn how to extract critical

(46:01):
evidence, navigate forensicimages, convert between data
formats.
But it's geared toward all lawenforcement, it or just people
who are curious about digitalforensics.
So some of the parts are likeconversions of binary, hex,
decimal and ASCII files withsignature and metadata, carving,

(46:22):
converting timestamps, evidencewith mounted images and then a
beginner's guide to encoding anddecoding on base 64.
I've gone through trainingswith all of those, all of those
different types of things.
I think this is great for abeginner, but I also think it's
going to be great for me when Igo watch every single part of it
and brush up on the skills thatmaybe we've gotten a little

(46:42):
rusty because I learned thesethings eight, nine years ago,
right?

Speaker 1 (46:48):
No, and it reminds me of martial arts, right?
So you go and you start withthe basics, right, and you build
your knowledge as you gothrough all the belts and then
you get to a black belt, right,and the funny thing is that when
you get to a black belt, yourealize that a black belt is
nothing more field.
It's kind of the same thing.
You're like well, when will Iuse Hex and ASCII conversions?
You know when?
When you reach that high level,it's kind of funny, right, we

(47:17):
teach that at the beginning, butyou get to really really use it
when you're a high-levelpractitioner.
And to me that's mind-blowingbecause it's like when I get to
the high-level practitioner, I'mactually just going back to the
beginning and really puttinginto use that knowledge.
Right, when you're looking atdata sets that are not parsed or
that are in different encodings, what do you do?
You go back to thosefundamentals.

(47:39):
So this is important, you mightthink.
Well, I mean, the tool doesthese for me.
Let me tell you, if you get toharder problems as an
experienced examiner, thefundamentals it will get you
through it, and this is one goodway of doing it.
Sans has excellent instructors.
Catherine is a tremendousinstructor, and this is at the
cost of free.

Speaker 2 (47:57):
Yeah, yeah, just create an account on their
website, yeah.

Speaker 1 (48:00):
SANS quality teaching for free.
Sign me up.
Sign me up any every day.

Speaker 2 (48:08):
I feel like sometimes too, like newer examiners.
Maybe you know they start, theyget pushed into the mix of
things.
Everybody's busy, they gettheir vendor tool trainings and
maybe miss some of this too.
So I think these are.
This is a great, a greatresource for anybody who needs
to go back.

Speaker 1 (48:24):
No, I absolutely agree.
Advanced skills are simply thebasics.
Mastered that's a good way ofsummarizing what you said by
Brett, so I appreciate that.
I totally agree mastered,that's a good way of summarizing
what you said by Brett, so Iappreciate that.

Speaker 2 (48:40):
I totally agree, definitely All right.
So next one's kind of a publicservice announcement I think I
already said that once today,but this has been out, I think,
for a few weeks now, or maybeeven a couple of months, but
BitLocker on by default onWindows 11.
So let me just share this.
So Microsoft began pushingBitLocker with Windows 11 and
the specific update was 23H2.

(49:00):
It was on for default with newinstallations, but with 24H2,
that setting expands toreinstallations on any system
that has run expands toreinstallations on any system
that has run 24-H2 or later.
So BitLocker is now showing upon by default.
I didn't know that until one ofmy coworkers, kevin, who's in

(49:22):
the chat tonight.
He pointed it out and he wasactually taking a look at it on
his own machine and he actuallyprovided me with a screenshot.
Let me show you what he saw inhis computer.
All right, so he did.
He has Windows 11 on his andwhen he did the update he had

(49:49):
the BitLocker waiting foractivation.
So it's already there and ready.
It's waiting for the user toactivate it.

Speaker 1 (49:58):
Yeah, it has a little icon there for the lock and the
alert icon.
It says turn on BitLocker andyou just need to hit it, yep,
both for the operating systemdrive, and then you can use
BitLock locker also on fixeddata drives.
Um, and so it's.
The options are right there,and you know, I mean obviously
that's good for uh, for my usersecurity perspective.

(50:20):
Absolutely it's a little bit ofa challenge for uh, us as the
collectors of evidence, but asalways there's, you know, we
need to just think about how canwe lawfully obtain those and
different techniques and methodsto access that.

Speaker 2 (50:33):
Yeah, and he noticed this when the update came
through, and I think it'simportant to make sure we get
that information out there foranybody who may have missed that
.
It's now on by default, becausehow did we used to seize
computers, pull the plug,package it up, submit it to the
lab?
Don't do that anymore.
I think it's been a while sincewe've known we shouldn't be

(50:54):
doing that right, but this justkind of further solidifies that
thought.

Speaker 1 (51:01):
Yeah, and usually the latest thought process was well
, just in case there's someencryption, extra encryption
there, we want to capture thatmemory, don't turn it off.
Or capture the memory and don'tturn it off, yeah, sure, but
now with this is another reasonwhy we need to keep that thing
alive, if it's already on,because I think Brett just had

(51:22):
another great.

Speaker 2 (51:23):
Yeah, I'm laughing.

Speaker 1 (51:24):
Brett is just hitting it like out of the park, like
too many things, too many words,too many times in a row.
It's great, I love it.

Speaker 2 (51:30):
He's on fire tonight.

Speaker 1 (51:32):
Can you read it for us?
What is he saying?

Speaker 2 (51:33):
So if you pull the plug on running Windows 11
machines and image a dead box,you can reduce your backlog.

Speaker 1 (51:42):
Yeah, yeah, if I'm your sergeant, you're going to
be reducing your usefulness tothe unit as well.
Pretty quick.

Speaker 2 (51:50):
Yeah, that's great.
So Kevin, who was my coworkerthat, actually told me about the
BitLocker.
He says there's also norecovery key generated, so if
that computer is turned off orlocked you're out of luck with
the password.

Speaker 1 (52:04):
So for his computer in particular, yeah, I want to
look into that.
In regards to how is that?
Is then the password tied tothe user account password.
I mean, honestly, I haven'ttried it out, so I want to also
look into that.
Yeah, definitely it's aseparate password, or it's just
machine boots and then ask forthe user password and then the

(52:25):
decryption happens.
Honestly, again, I'm more of amobile guy.

Speaker 2 (52:30):
Oh, me too, but we should be up to date with our
computer skills.

Speaker 1 (52:35):
We have to, we can't.
I know we have to, we can't.

Speaker 2 (52:37):
I know.

Speaker 1 (52:37):
You got to be consciously competent.

Speaker 2 (52:39):
Exactly.

Speaker 1 (52:40):
So we're going to be doing some experiments on that,
yeah.

Speaker 2 (52:44):
All right.
So we are at what's New withthe Leaps.

Speaker 1 (52:49):
Yes, yes.
So again the community alwaysstepping up with new stuff.
Do you have screenshots?
You didn't get screenshots forthis one.

Speaker 2 (52:57):
I do.
I have some.
We're going to do Androidnotifications first.

Speaker 1 (53:09):
Let me share.

Speaker 2 (53:09):
A lot of artifacts coming in.
There we go, the Androidnotifications are.
I actually checked my samsungphone when, uh, when this
article came out, because I'mlike, oh my god, I've never even
seen that.
But on my samsung test phone,the android notifications are
turned off by default and thefile containing the
notifications if it happens tobe on and you find it in one of

(53:32):
your examinations is a protoboffile.
And evangelos and I don'trecall his last name, evangelos
recently, recently put supportin the leaps for these Android
notifications in a leap.

Speaker 1 (53:49):
Oh yeah, and, and, and it's fantastic.
I want to see evangelosDragones, I think that's that's
his last name and he's.
He's been doing a lot ofresearch, cutting-edge research
on all things mobile, and we'lltalk about him again in a second
.
Is that, since you have theSamsung?
Was that like an overallnotification or was it for an

(54:12):
app?
Because I'm assuming that youwill get notifications.
You don't have to do anythingto get them right.

Speaker 2 (54:17):
So the history that you still get your notifications
, but the device will log thehistory and that history file is
the protobuf file thatEvangelos talks about.
On my Samsung test phone thatwas turned off by default.
I didn't find exactly the samesetting on my Pixel, but I did
find a notification setting onmy pixel and it was turned on

(54:38):
and I didn't turn it on.
So I'm not sure if there's adifference between the two
devices, but, um, the historywill actually be stored there in
that protobuf file If the userhas turned it on.
I've now turned it on on mytest phone and I'm going to use
it for a little bit and then, um, see what it looks like in the
leaps.
I'm assuming it's going to looka lot like what the screenshot
looks right here.

Speaker 1 (54:59):
Oh, yeah, yeah, oh, and that's why you actually hit
it where I asked, because I'm apixel user.
So that's why I'm like thoselittle differences between those
implementation, between theSamsung's and the pure Google
ones.
Yeah, because I never I don'tremember either having to set it
on right or something like thatright.
So I would think that somethingsimilar in pixels are going to

(55:20):
be on by default.
But that's part of the researchand that's why we're here, so
folks can go out also and dotheir own testing on it.
The example that we have on thescreen I like it because it's a
notification from ThoughtCrime.
Which.
What application is that?
Signal Signal, right, so Signalsignal.
We know it's encrypted and younotice there the text of that

(55:41):
message is you know the pass orthe password is in a value,
right?
Well, it's now in clear text inthe notification.
So how good is that?
pretty awesome of course peoplecan also set the notifications
to not show stuff, but we knowthat Right.
But the fact is that most folksaccept notifications because
they want to be able to read,have a preview of what it is on

(56:03):
the screen before they decide togo in and let the other person
know that they read the message,right, right, do you see the
message?
No, I didn't see the message.
No, I haven't, of course youdid.
You saw the notification, themessage, you know I haven't.
Of course you did.
You saw identification liar,you know.
So, a pretty, pretty usefulcapability.
Um, ios has something similar.

(56:23):
I think it's, is it?
Uh, segb files?

Speaker 2 (56:25):
I think I don't yeah, they're in the segb.

Speaker 1 (56:26):
Yes, yeah, actually geraldina, myself were the first
one to do some of that work.
Um, um, but yeah, it's, uh,it's, it's, um, all right, so,
so, kevin, let's see.
So there's just a couple ofsome information here.
Kevin Pagano is saying um,still turn off by default pixel,
but I do remember turning it onon my personal phone.

(56:47):
Okay, so that's, that's theanswer.

Speaker 2 (56:48):
Okay, so I must've turned it on and just forgot.

Speaker 1 (56:51):
Yeah, yeah, and then so the other.

Speaker 2 (57:04):
what's new with the Leaps is chat GPT parsers, so
the chat GPT mobile app.
There's parsers in iLeap, aLeapand rLeap that Evangelos
actually created as well, andwith those new parsers I don't
have a screenshot for that, butI'm going to put up on the
screen.
There's an article.

Speaker 1 (57:23):
Yeah, before you I want to mention it.
So some of this research also.
Costas Labrindunakis andPanagiotis Nakouris so they're
Greek, so hopefully I made honorin their pronunciation of their
names.
Yeah, so I want to mention alsotheir names because they were
also instrumental in that, inthat research.
Oh, and Kevin says don't quoteme, so I don't want to, I don't

(57:44):
want to throw them out there,right?
Okay, sorry about that.

Speaker 2 (57:50):
So yeah, so there's a , there's an article about the
chat GP, um mobile applicationand how the data is stored, and
then um new support in the leaps.
Um.
Let's see what else I have.
That's what I had for the leapsfor this week, unless you have
anything to add no, the chat.

Speaker 1 (58:06):
I would just want to say that chat gpt, like it's,
it's so, so crazy in use rightnow and, uh, so we're used to
looking at, okay, I want, I wantto look at the search history,
right, what was the personsearching for and trying to get
information on?
Whatever it was, right, youknow how to you know, murder
somebody without getting caughtby the police, right, and look

(58:28):
at that search, right.
But what happens when they'removing?
Because they are being moved toChatGPT now and people
mistakenly, from my perspective,my opinion they're using chat
GPT as a search engine andthat's what they do and they
will ask the questions they usedto ask at a search engine.
They move it to chat GPT.
Are we aware, and not only chatGPT?
Are we aware of other you knowLLMs that might be living within

(58:50):
these devices, either the metaone or some other ones, where
folks are asking questions thatmight go to intent, might go to
the key matter of the case?
Right, we have to do those andagain I thank Evangelos and his
team for doing that.
That article is in a peer reviewmagazine.
I'm really honored that theydecided to use the Leafs as a

(59:13):
platform to apply that research.
I think in you know, I think Imight be wrong, but I think our
platform is the only one thatactually grabs that data right
now.
Yeah, the tool really does it.
So I guess a good point of ofof healthy pride and and and
love of community.

(59:33):
So again, uh, I appreciate himand his team for doing that yeah
, awesome addition.

Speaker 2 (59:38):
So I use chat gpt daily, so there we go yeah,
you'll find a lot of data on myphone if you get it.
Um, there's a good conversationgoing on in the comments about
the bitlocker too.
Um, so kevin, my co-worker,saying the physical acquisition
performed live with ftk imagershowed the system and arsenal's
actually reaching out to him inthe chats and they're going to

(01:00:01):
talk about the BitLocker statuson his computer.

Speaker 1 (01:00:04):
Oh, there we go, there we go.
We'll do further research.

Speaker 2 (01:00:09):
It's a meeting point of the latest.

Speaker 1 (01:00:11):
SpringSync technology right here in the podcast.

Speaker 2 (01:00:14):
Yeah, so he hadn't enabled the BitLocker on his
device when the update camethrough it.
It enabled it and he stillhasn't fully set it up.
So I'm curious to see what heand Arsenal work out in research
and maybe we can talk aboutthat again on a future episode.

Speaker 1 (01:00:28):
Absolutely.
I hit that button here.
I turned my lights on.

Speaker 2 (01:00:32):
You've got enough lights no that is true, that is
true.
So we are everybody's favoritepart of the show, the meme of
the week.
Yeah, oh, wait, we have to goback.
No meme of the week yet.
Oh, what happens?
Celebrate I forgot there's a newcelebrate update.
So, with insights, physicalanalyzer, there are some.

(01:00:57):
There's a new beta version 10.3is out and it's updated with
improvements to the media reviewand they revamped their entire
support matrix.
If you are not a member of thedesign partner group with
Celebrite, you can join that andbecome a beta user.
You just have to sign up ontheir website and then you

(01:01:20):
provide your Celebrite licensenumber to them and they validate
that you have your Celebritelicense and you can become a
beta tester for that, so you canget the newest version before
it's even released.
I downloaded it today.
Haven't had a chance to messaround with it yet, but we were
provided a few um screenshots ofsome of the updates, so I'm

(01:01:42):
going to show the updates to thesupport portal because or the
supported app list.
Sorry, if everybody remembers,the supported app list for
physical analyzer was an excelspreadsheet and it wasn't super
intuitive and not great toreally look through.
But now we have this newsupported app list with the

(01:02:03):
capability of filtering andsearching to see what's
supported in the newest versions.
I just thought this was areally good update to that.

Speaker 1 (01:02:13):
Yeah, and let me quickly describe for the folks
that are listening.
You have the platform columns.
Tells you this android, ios ifthe app is native, obviously
comes with the os or what typeof app, what name of the app it
is, the version numbers, andthen, on models, it has a like a
little series of little icons,which is pretty neat because
instead of looking at aspreadsheet that's 50 columns

(01:02:33):
long, you can look at thoseicons and pretty much quickly
okay, I have telephonic data forthis app, I have geolocation
data for this app, some Wi-Fidata.
You know what I mean.
Like you can really easilyfigure out what types of data
are being parsed by the tool forthat particular app, just by
looking at the icons.
Of course, if you don't knowwhat an icon is, I think you can

(01:02:53):
either hover it or go to thelegend and then figure out what
that icon means.
And we don't have enough usageyou you can have, not even with
usage.
By looking at it, you canfigure out that's an email,
right, yeah, an email icon.
So it might be email data there.
So, uh, it's pretty, it'spretty awesome I'm just gonna
put another one up.

Speaker 2 (01:03:09):
So, um, there's actually a search being
performed in this one and thejust WI and you can see it
filters.
We now have SwiftKey, twitter,wicker, anything that hits with
the WI for the search feature.

Speaker 1 (01:03:24):
And then I have another little screenshot here
by the way, as you're changingscreens, I love how our
background is a big.
I like the insights.
I mean the insot eye, so it'skind of-.

Speaker 2 (01:03:34):
Wasn't that planned?

Speaker 1 (01:03:41):
It's all coincidence and we have the the insults.

Speaker 2 (01:03:42):
I in the back there.
Yeah, and then.
So for support, there's.
The normal icon means theartifact should be included.
Partial is some artifacts ofthis type will be included, but
not necessarily all.
Uh, the protected icon meansaccess to this artifact requires
keychain or keystore access.
So it's really a good legend.
If you think you're missingdata, come look at the legend.
This may be why Maybe youdidn't get the type of

(01:04:03):
extraction that can pull a keychain or key store access, and
if that's the case, that couldbe the reason why you're missing
specific artifacts that youthink should be there.

Speaker 1 (01:04:13):
Oh, you made the excellent point, as always.
That will really inform whatthe next steps are if you're not
getting what you're expecting,and maybe why, Maybe what's the
case, and even if you cannot getto it, then you can tell your
stakeholder look, the reason weweren't able to get X, Y and Z
is because these reasons right,and then we could discuss other
possible solutions to get aroundor over what the problem is.

(01:04:34):
I think it's a great update tomake the information more
digestible.
The Excel spreadsheet you wereso kind in your description the
Excel spreadsheet was not it.

Speaker 2 (01:04:45):
Oh, my God no way.

Speaker 1 (01:04:46):
This is way better.
So, and again, we mightcriticize you, but we also give
you some props when you do agood thing, and Celerbite has
done a great thing by doingthose changes.
Do we have more screenshots?
Or that's pretty much it.

Speaker 2 (01:04:59):
I have.
Let me just I have somescreenshots.
It's a lot of reading on theseother screenshots, which is why
I didn't throw them up, but wecan throw them up there.
My favorite part of the newrelease on 10.3 is I got an
email today and um celebrateresolved one of my support

(01:05:21):
tickets in 10.3.
So I can't wait to go see ifit's resolved and I'm sure it is
.
They wouldn't tell me it was ifit wasn't, but I can't wait to
go see it resolved.

Speaker 1 (01:05:31):
Um, I'm, I'm, I'm, I'm putting some faith in that,
yeah me too, so this is actuallyreally cool too.

Speaker 2 (01:05:37):
I'm glad you told me to bring these up.
Model definition so there'sdefinitions of what some of the
artifacts mean.
Right, so like activities,application usage.
But do you always have the bestdescription of what the
artifacts mean?
And now you do.
Each column has a littledescription of what type of data
is there.

Speaker 1 (01:05:57):
And that definition is so key because we're not
going to go into details andexamples, but a lot of problems
happen when, since there's nodefinition, the person assumes
something and makes theincorrect interpretation of the
data based on an incorrect re inorder to interpretation

(01:06:18):
incorrect interpretation of whata column means the column says
search and timestamp.
What does that mean?
Well, let's go to datadefinition for that artifact so
we can make the proper.
Uh, you know, understanding,right, that that legend, that
that definition will inform youto make the proper
interpretations.
Because we're looking at thisas an abstraction, right?

(01:06:39):
You got the data on the device,it goes through the tool and
the tool is a report that tellsyou these are the pearls, right,
and we look at it through theirkind of viewpoint, the tool
viewpoint, which means the toolmaker and I give props to
Celebrite is now telling youthis is our definition, this
abstraction is defined in thesecertain ways.

(01:06:59):
So then you can make the properinterpretation.
And sometimes I'll be straightSometimes that definition might
not be enough.
And it's not criticizing thetool, it's the fact that we, as
examiners, we have to then go tothe original right, to that
source data, and make sureeverything is working correctly,
make sure the tool didn't misssomething or make sure that
those mappings are correct.
But having this actually aidsyou and accelerates that process

(01:07:23):
.
So, tool vendors, I encouragethem to continue to do this.
I would hope that somebody ormaybe in the future, with some
more bandwidth, I will be ableto do that with the leaps, and
it's really hard.
This is hard work, especiallyif your budget for your tool is
$0, like mine, yeah that's true.

(01:07:43):
But companies that do this for aliving definitely make
available those data definitionsfor your artifacts, for your
reports.
It's super important if youwant to actually make proper
interpretations using your tool.
Beautiful.

Speaker 2 (01:07:58):
All right, so Josh is over in the comments.
I'm just going to throw this upHover or legend.
And then he says field glossaryto what fields mean in certain
models.

Speaker 1 (01:08:07):
That's exactly what I'm talking about how important
those are Super important.

Speaker 2 (01:08:13):
Now we are, to everybody's favorite time, the
meme of the week.
Let me pull that up here Foranybody listening.
There's lights and confetti allaround Alex right now, and

(01:08:34):
balloons, oh great.

Speaker 1 (01:08:43):
So you guys, you explain, yeah, yeah, you have,
this guy has like a coat rightand he's just shaking the coat
off and he has a chest full ofmedals and ribbons and
recognitions right and he shakesit off and then he pulls it
down.
You know, uh, pic Picard style.
You know, I don't know, youknow, I know, you don't know who
he is, but no, I don't.
Picard, the captain of theenterprise, kind of pulling his
shirt down, and it says LinkedIn, be like CSSP, ccna, cea, csus,

(01:09:09):
gsec, casp, oscp, right System.
You know GCFA, like we,especially LinkedIn.
It's tongue in cheek right InLinkedIn us and I'm going to
include myself, I'm a bigLinkedIn user we put a lot of
really letters on behind ourname, right, it's like my name
is Alexis and then you knowthree pages of letters and so

(01:09:33):
the point of this of my post wasjust having you know, kind of
have a discussion and thinkabout are certifications
important?
And my answer was yes, no andit depends.
So it normally depends allthree of them, and I made a
little scenario for each right.
Well, are they useful?
Well, yes, they can be usefulin the context of you putting

(01:09:54):
your foot in the door for aninterview for a corporation.
Right, at least you can showyou have some sort of baseline,
assuming that company valuesthat certification.
Right, so it has some use.
Now, does that mean me havinglike a CISSP, which is kind of
like a to-have thing in thecorporate world?
Does that mean I'm an expert?
I say no and this is my takeand I'll die on that hill.

(01:10:16):
That does not make you an expert.
Having 200 certifications donot make you an expert.
There are experts that havezero certifications, right, and
it just makes sense.
The certifications measure abody of knowledge.
Well, guess what?
That body of knowledge wasgenerated, created and compiled
before the certification right.
So are you going to tell me thepeople that did that are not

(01:10:37):
experts?
Well, they are right, they arethe ones.
Their knowledge is the one thatmakes a certification possible,
right?
What came first?
The chicken or the egg, right?
You know the chicken right, andI never was able to lay eggs
right.
So there has to be somebody,some expert, before

(01:11:03):
certification even exists, totell you this is important, this
is valuable, right.
And then I say it depends,right.
And it depends because, again,do you need it?
Again, it depends right.
And some folks like, if you are, if work pays for it, for
example, well, take them.
I mean you- oh, definitely.
The worst thing that can happenis what you learn, something
that maybe you didn't know right, or you have some more letters
to kind of put in your metalchest.

(01:11:24):
That's something you care about.
Some people do, some peopledon't but but if you're paying
for it yourself, well then mytake is you need to make your
research Right, because some ofthese certification will be six
thousand dollars for a classthat's a week long, and then
whatever $1,000, I'm making thenumbers up, but $1,000, although
they're not that far off $1,000for the actual test.
And some of these tests aregoing to be just filling the

(01:11:46):
bubbles.
Some are going to be on thecomputer, some are going to be
some practical examples orpractical exercises, or a
combination of both.
So just think about those thingsIf you're new in the field, or
a combination of both.
So just think about thosethings If you're new in the
field.
You can get a lot of expertiseby doing things, having a
portfolio, and then be judiciousin how you use your money with
certifications.

(01:12:06):
At the end of the day, what youknow is only valuable if you
can show it, if you can actuallyshow that you know, at least
from my perspective.
So that was kind of the topic,my thought process on the meme.

Speaker 2 (01:12:21):
When my perspective so that was kind of the topic of
my thought process on the memewhat, what when you saw it, what
, what came to mind.
So I think there are a lot ofcertifications that are
unnecessary.
Your schooling, a lot of thefundamentals training, a lot of
the non-vendor, non-tool,specific trainings that don't
give you the letters at the endof your name, are just as
important.
I think whatever trainings andwhatever whatever trainings you

(01:12:42):
do that actually get you to thenext level right, and that was
kind of flashing too much,wasn't it?
Whatever, whatever gets you tothe next level, whatever gives
you that expertise, whateverhelps you in your casework it
doesn't necessarily have to bebecause you have four letters at
the end of your name.
There's some certifications thattake a look at things that

(01:13:03):
you've already done.
They'll take a look atschooling you have.
They'll take a look at timesyou've testified or the number
of cases that you've completed,and they'll say, okay, you're
certified.
Now that's not a certification.
That's taking everything Ialready have and now telling me
I'm certified I can explain thatmyself and charging me money
for it, by the way.
I don't know.

Speaker 1 (01:13:29):
The thing with that method that I don't like is that
, okay, experience is valuable,but how do we measure the
experience?
Right?
The experience, I'll bestraight with you.
The experience that you have asa state examiner, the volume of
work that you have is my volumeof work is way less.
I'll be honest with you.
That's just how it is right.
So we cannot say that yourlevel of expertise in certain
things were the same.

(01:13:49):
Well, we're not.
Actually, you have way moremore expertise in a lot of
things because the volume ofwork that you do, right, I have
more expertise because I canspend my time more on some other
different or harder problemscontextually to what I do, my
type of kids that I receive,right, and so I wouldn't try to
certify it that way because it'snot a real measure of knowledge
, right, it's not apples toapples, so I don't like that and

(01:14:13):
it's quite hard.
Also, take into account thatand again, this is my opinion.
Again, look anything we say inthe show or in our social media.
It's not reflective of ouremployers.

Speaker 2 (01:14:23):
Oh, yeah, definitely not.

Speaker 1 (01:14:30):
Yeah, this is just our opinion as examiners and
nothing that we say.
We do not speak for them at all, right?
So, that being said, some ofthese certification bodies you
know, yearly or every couple ofyears, is going to be 500 bucks,
ouch.
The one that I keep is a CSSPbecause first of all, it was
kind of a lot of time investmentfor me to get it and I think
there's still some value in thatfoot in the door thing maybe

(01:14:52):
when I retire.
So I want to keep that.
But a lot of certifications Icannot afford the renewals.
I'm sorry I don't have themoney.
Like the job goes, puts youthrough it, but then they don't
give you the budget to renew itor renew that certification and
then the actual stamp or medalgoes away because I cannot

(01:15:13):
afford it.
If you have 12 of these or 20of these and they're like $400
each every couple of years, howmuch is that?

Speaker 2 (01:15:23):
Well, and if my certification in a specific tool
any tool, I'm not picking onanybody, but my certification in
a tool ends tomorrow, do Iforget everything about the tool
?
Do I not know how to use thetool anymore?
I mean, I do, but I didn't paymy renewal fee, so I don't
anymore.
And you know that stuff can bebrought up in court, right?

(01:15:44):
So you used this tool.
Are you certified in the use ofthat tool?
And I think a lot of weight isput on are you certified in that
tool where it should be?
Are you certified or are youtrained in knowing what the
artifacts that came from usingthat tool actually mean?
That's way more important.

Speaker 1 (01:16:02):
I know we have to stop the show, but that's like
my soapbox.
One of my pet peeves is thetool doesn't certify my work.
Right For overload the term.
I certify the tool.
The tool doesn't tell me what'sup.
I tell the tool what's up and Iwill override the tool because
I'm the examiner and I'm abovethe tool.
Right, I deal with the data ata level the tool will never be

(01:16:24):
able to, and that's somethingthat I hope our prosecutors and
even defense attorneys, courtsstart to understand that a tool
certification.
Again, I'm not saying youshouldn't have it, you should
have it, it's great to have.
But the examiner is not howmany certifications you got?
I mean, make a tool thatthere's certification for the

(01:16:46):
leaps.
Well, have you been certifiedin the usage of the leaps?
Well, first of all, there isnone.
But even if they were, whocares right?
Can you speak to the truth ofthis data, independent of the
tool?
Well, I can.
I'm an expert.
I can speak to the truth of it.
I can talk about SQLite, asimple example about the SQLite,
and talk about all that all daylong without using the tool, if

(01:17:07):
need be.
The tool is just a presentationof how to show something.
That's it Right.
And the false equivalency iswell, if you're not certified,
then whatever you say about itis not valid, and that's.
I think that's ridiculous, andridiculous.
And when we do that let's say, aprosecutor trying to discredit
a defense attorney, for example,a defense attorney, a defense

(01:17:29):
expert, because they're notcertifying some tool I don't
think we should do that.
It's not about the particular,particular particularities of
the tool, it's about theparticular aspects of the
evidence, of the actual data.
That's what we should focus on.

Speaker 2 (01:17:45):
That is an easy thing for them to go after, though,
because there's a misconceptionthat all of those are necessary
to be able to work in the field.

Speaker 1 (01:17:55):
And it becomes in certain spheres.
It becomes a I just gonna I'mnot gonna address the data, I'm
just gonna discredit you andaddress you because if I can
shoot you down, then hopefullypeople don't put any value in
what the evidence is.
And yeah, and that goes bothways.
It goes both ways, sadly, andwe need we need to, I think,
educate uh, everybody and avoidthat yeah let me share something

(01:18:17):
here Brett's killing thecomments.

Speaker 2 (01:18:19):
I hope that's the one you're sharing.

Speaker 1 (01:18:21):
Folks, if you're listening or watching later,
come live and benefit.
We've got really good expertsin the chat.
Just throw in those pearls.
Again to using that examplethrowing the pearls out, right.
What is that saying?

Speaker 2 (01:18:32):
Oh yeah, so it might not be certified but can be
competent, could be certifiedbut incompetent.

Speaker 1 (01:18:40):
A hundred percent.
There's folks on the LinkedInthread where I put the meme out
of saying one guy saying, look,I employ a couple of guys who
have certification.
There were like the worst, yeah, this other guy didn't have the
certs, but we have a goodinterview and he's been killing
it from day one.
Right, and I guess it goes formanagement.
Certifications are great in thecontext of hey, this is

(01:19:03):
something I might want to, aperson might want to look at,
but that's it.
Right, you need to make sureyou have a robust interview
process where you're able tomake proper, have discretion.
If your interview process andgive you discretion to really go
into depth into the analysis ofwho the candidate is and if
you're going to hire them or not, that's a problem and I think

(01:19:23):
that's another topic for anotherday.

Speaker 2 (01:19:26):
Yeah, there we go.
We'll put it on the list fornext time.

Speaker 1 (01:19:29):
No, yeah, the whole interview hiring process for
folks in this field.
I have thoughts, but we'llleave it for another episode.

Speaker 2 (01:19:44):
I may let you soapbox .

Speaker 1 (01:19:44):
On that one I have thoughts too, but Well, you're a
boss, so there's so much youcan you can talk about.

Speaker 2 (01:19:48):
Yeah, I don't want to actually speak for the employer
, yeah.

Speaker 1 (01:19:51):
But I'm not a boss, I don't hire anybody, so I can, I
can, I can say whatever I want.
All right, good point Again wedon don't hire anybody, so I can
, I can, I can say whatever Iwant.
All right, good point again wedon't speak for our employers
all right, yeah, no one.
Last thing, and again, kevin isabsolutely correct, right?
Um, sometimes certs are acheckbox on a resume, right, and
just to get 90 of the time toget to a, to get through the hr,
that hr uh, yeah, you know wallor limitations, right, if, if,

(01:20:14):
if, you want your, your resumeto be looked at, make sure you
hit those, whatever certs.
And it's sad, that's how thegame is played, but that's how
it is.
The question is, you know, wecan decide not to play the game
and that has some consequences,but we had to play it and also
there's some consequences there.
It's all, that's how it is.

(01:20:34):
Oh, my goodness, josh is alsokilling it.
Not all it's, it's all it.
That's how it is.
Oh, my goodness, josh is alsokilling it.
Not all certificates are areequal, right, until we as a
community come together andagree on a set of skills, the
alphabet soups will continue.
And but that's tough, right,and I maybe we need to bring
josh one day to the show.
I think we should I think soit's.
We're volunteering him right nowyeah, right, it's a fine, fine

(01:20:55):
line between look, do I want theflexibility to do the job as an
expert I need to do, orpossibly do we want to have some
sort of rigid set of parametersbeing posed by us by an
external entity that might notbe adequate for us and that's a
tough one, right?
Do we want the state, forexample, to say, well, to be an

(01:21:16):
examiner, you need to feel thesethings right and you might say,
well, that's good, at leastthere's a baseline.
But the problem with some ofthose checkboxes or baselines is
that then people just get tothose right and they don't feel
the need to go beyond thoseright, or we might be
constrained into how thedefinition of our work should be
and there's no evolution onthat.
Again, that's another longtopic for another episode, the

(01:21:39):
whole.
Should folks be like examiners,like doctors, right, have like
this collegiate certificationbody that everybody needs to
have it before they get, be ableto practice, you know, be a
practitioner?
Is that something we want forthis field or not?
That's a big topic ofdiscussion, but we run out of
time.

Speaker 2 (01:21:57):
I'll write it down for next time.

Speaker 1 (01:21:59):
Absolutely All right.

Speaker 2 (01:22:03):
Well, heather again we've come to the end.

Speaker 1 (01:22:06):
For this week.
Thank you everybody that havebeen in the chat.
It was a great conversation.
The folks that will listenlater also.
Thank you for listening andbeing part of the community.
Let us know in our LinkedIn orsocial media pages topics you
want to hear from us, your ownopinions that you would love to
share with the community.
If you have any projects thatyou're developing and putting
out for the community as well,and if you are just doing

(01:22:29):
research, also let us know.
We'll be good to share thosewith everybody else and build on
it.
So anything else for the goodof the order, heather.

Speaker 2 (01:22:36):
That's it.
So anything else for the GoodyOrder, that's it.
Thank you everybody forlistening.
We're watching.

Speaker 1 (01:22:40):
Exactly All the above Right, so we'll be seeing you
all in the next episode.
Keep track of our social mediaand we'll see you then.
Take care, bye.
Bye, we'll see you next time.

All Episodes

Episode Transcript

Popular Podcasts

On Purpose with Jay Shetty

Stuff You Should Know

Dateline NBC

.css-15opob5{left:0;position:absolute;top:0.8rem;} All Episodes

.css-14f5ked{margin:0;word-break:break-word;display:-webkit-box;-webkit-box-orient:vertical;box-orient:vertical;-webkit-line-clamp:2;overflow:hidden;}Due Diligence, Password Cracking & New Tool Features

Episode Transcript

Popular Podcasts

.css-r6mb8g{margin:0;word-break:break-word;display:-webkit-box;-webkit-box-orient:vertical;box-orient:vertical;-webkit-line-clamp:1;overflow:hidden;}On Purpose with Jay Shetty

Stuff You Should Know

Dateline NBC

All Episodes

Due Diligence, Password Cracking & New Tool Features

On Purpose with Jay Shetty