Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Speaker 1 (00:06):
I know you can't hear
it.
No, you cannot hear it, butstill move with me.
Welcome to the G-Star ForensicsNow podcast.
Today is May 1st.
I don't know how that happenedalready half the year, no 325.
And I'm here, accompanied by myhost, the amazing, the
(00:27):
incredible girl that stumps onthe curb, that bites into her
car and then forgets she boughtthem.
The chair to my table, and whenI mean chair, class chair, the
one and only the fantasticalHeather Charpentier.
And by the way we're sitting,we're sharing one space, amazing
(00:48):
.
Speaker 2 (00:48):
We're together.
Speaker 1 (00:50):
The music is hired up
by Shane Ivers and can be found
at silvermansoundcom.
Yeah, I kind of messed up thevolume, but it's all good.
You had to say it.
I fell off the curb.
Speaker 2 (01:00):
I didn't say it.
I said you stomped it.
Oh okay, you had to say it.
I fell off the curb.
Speaker 1 (01:03):
I didn't say it.
I said you stomped it oh okay,so you called yourself out.
So tell us what happened withthe curb.
First day on my new feet yeah,you're a baby, you're a baby, so
what's going on, heather?
So tell the folks.
You see our logo shirts.
Oh yeah, what are we doing here?
Speaker 2 (01:21):
We are.
Speaker 3 (01:21):
And where are we to?
Speaker 1 (01:22):
begin with.
Speaker 2 (01:22):
We are in sunny
Orlando, florida, at the IASIS
conference teaching the advancedmobile device forensics class.
Speaker 1 (01:31):
That's right, yeah,
so welcome, welcome home.
Welcome to my house.
Yeah, yeah, I've been livinghere for almost 20 years.
Speaker 2 (01:37):
It's not even as hot
as I expected, so I'm happy.
Yeah, just wait another week,yeah I know Next week will be as
hot as it can be.
Speaker 1 (01:44):
Yeah, you might be
here.
Speaker 2 (01:47):
I will be.
Speaker 1 (01:47):
I'll be here, yeah so
the class is two weeks and we
teach mobile forensics.
It's more of a data structureclass and we have a couple of
folks from these structures thatwe're going to talk to them
about the class, about theirlives, what they're doing.
Actually, let me put here thefolks that are talking so I can
follow them.
And yeah, also, this is aspecial show, first of all
(02:08):
because we're in the same space.
Speaker 2 (02:09):
We are.
Speaker 1 (02:10):
We don't need to use
headphones, even though Heather
wanted some headphones.
Speaker 2 (02:13):
I feel like I need
them.
Speaker 1 (02:14):
They're missing and
I'm right next to you, you can
hear me, but we have no script.
This is totally ad lib, totallylive, right.
So we got a few ideas, topicsI'm going to talk about, but
nothing, nothing planned.
So so what we're gonna do is,um, we're gonna talk a little
bit about the class and thentalk about the couple of topics,
and then bring other folks injust to chit chat for a little
bit.
So, class heather how's classgoing?
Speaker 2 (02:35):
class is awesome.
We have a really really goodclass, whole bunch of smart
students who are learning newthings, but also super advanced
already yeah, it's about almosta little bit.
Speaker 1 (02:45):
Look at that.
You know what?
Let me show some of you.
Now you're leaving.
Now you're leaving.
No, I'm just kidding.
I'm just kidding.
I'm just kidding.
We got a few folks here, butthey're shy like that.
They're computer experts, notmovie stars.
Speaker 2 (03:00):
The nerds don't want
to be on TV.
They don't want to be on TV?
Speaker 1 (03:02):
They don't want.
They all have their drinksready to see us make fun of
ourselves.
Speaker 2 (03:05):
You would think they
would have brought us a drink.
Speaker 1 (03:08):
You know what?
That's a good idea.
Speaker 2 (03:09):
Yeah right.
Speaker 1 (03:09):
You know, maybe you
know they don't get picked on in
class tomorrow.
So, all kidding aside, theclass is really good.
The class is great.
We got about a little bit under50 students 38?
Speaker 2 (03:20):
Okay.
Speaker 1 (03:21):
Yeah, 38, 50.
Same, thing, same thing Samething and we cover all sorts of
topics from data structures,protocol, sqlite, sqlite, json
in depth.
We talk about the seg Bs.
The seg Bs, we talk about alittle bit of malware
identification for Androiddevices and the like.
So that's what we're doing.
We love it.
It's my favorite event of theyear yes.
Speaker 2 (03:49):
And I plan to
continue doing so as long as the
universe and my workplace allowme to.
Speaker 1 (03:52):
That's the thing, as
long as the workplace allows us,
right.
So we want to talk quicklyabout a couple of topics that
are of interest.
You know, even the crowd agrees.
Speaker 2 (03:58):
Yep.
Speaker 1 (04:00):
We're being cheered
right.
So lately there's been thisbuzz around here in Florida
about the course system startingto require search warrants
every 10 days for everyelectronic item that's being
seized, specifically phones.
So if you seize a phone andyou're working on it with your
search warrant every 10 days,you need to report to that.
(04:22):
And there has been some alittle bit of a I wouldn't say
uproar it's a big of a word butsome comments in the community
about it.
So what have you been hearing,heather?
Speaker 2 (04:31):
Just that.
It's insane that if a phone isbrute forcing, you'll have to go
back for a new warrant every 10days, and I agree it is insane.
Speaker 1 (04:42):
Your Honor.
Take note that she said that'sinsane.
I do, I think it's insane, andshe's from New York.
Okay, so the Florida persondidn't say anything like that
okay.
The one that has to do withstuff here.
Well, these are your rules downhere, so no well, I think that
speaks to a larger point, right,Because people say, well,
that's, some people might opine,oh, that's unreasonable.
So every 10 days, all theoverhead is going to create the
(05:03):
backlog in regards to thedifferent court orders that need
to be processed.
But I speak to a larger pointof do we want to have
never-ending search warrants,For example?
A big complaint with possiblythis process is that what if I
have a phone brute forcing for acouple of months?
Speaker 2 (05:22):
I have one that's
been brute forcing for six and a
half years.
Speaker 1 (05:25):
Six and a half years.
Speaker 2 (05:26):
Yes, six and a half
years.
Speaker 1 (05:27):
Okay, that's older
than some children.
I know A lot of children.
Speaker 2 (05:31):
I calculated it and
by now I would have needed to go
get 230 search warrants signed.
Oh geez, at least that'srounding down.
Speaker 1 (05:39):
But the question is,
when do you stop?
When he turns 18 and goes tocollege?
I mean, at what point do westop brute forcing?
And that's the question, right,what's the reasonable amount of
oversight versus?
It's not convenience, but theability to accomplish the
mission that we're set to do,which is serve the warrant right
, and even speaks to thedifference.
(06:01):
Possibly we don't know yet.
We're not lawyers, we're notjudges.
We're not lawyers, we're notjudges, we're not congresspeople
.
But when you have a searchwarrant, is serving a search
warrant included in the breakinginto the phone, getting into
the device to actually executethat search warrant?
Where does execution start?
Does execution start of thesearch warrant at the starting
(06:25):
to get into the device or doesit apply when you're already in
the device?
Right?
Speaker 2 (06:30):
We need to have these
things defined.
Speaker 1 (06:32):
I mean we can apply
all day long.
For example I mean, if youcease it under a search one
that's your authority then theclock should start running.
Maybe, maybe not, and that'ssomething that we need to really
discuss, because folks that aretechnical, like us, here we are
Yo.
We're the ones that will informthe people that make the
(06:54):
decisions in regards to what'stechnically feasible or not, and
under what time frame.
Right, right, because we can'tclaim that.
So Maynard had a big argument.
Speaker 2 (07:04):
We did.
Speaker 1 (07:13):
Yes, because we can't
, we can't claim that.
So Maynard had a big argument.
We did yes, she was really.
You know, it was more of amisunderstanding because we both
came from the approach of yeah,search wants to be limited, but
I didn't get that part.
Speaker 2 (07:23):
I thought she was
totally defending the unlimited
time to do something,considering her phone's six
years old.
Yeah, no, I was totally sayingthat the 10 days is insane.
Yeah, um, but it didn't comeacross the text messages in the
right way, I guess yeah, andagain your honor.
Speaker 1 (07:31):
I did not say it was
insane.
I got no opinions on it.
Okay, now that's me so we'llsee how that shakes out and
again, we'll see that also, forexample, with uh, timestamp,
timestamps and evidence.
What are we seeing on that,heather?
Speaker 2 (07:42):
Right, I mean.
So we had a discussion today inthe class about the warrants,
with the timestamp parametersset to short periods of time,
and what do you do?
Speaker 1 (07:53):
Well, for example,
they tell you okay, so here's
the data, but you have to filterit before looking at it for a
time period From, let's say, mayto December 2024.
And that sounds kind of like,well, you know, things have
timestamps.
We should be able to do that.
So what could be a problem withthat?
Speaker 2 (08:11):
Crimes are planned
maybe prior to that time period
and we're missing all of thatevidence.
Or maybe they were talked aboutafter the end of the time
period and we miss all of that.
Speaker 1 (08:21):
Yeah and like, let me
start the bill.
He's not here now, but he wastalking about.
Well, different artifacts havebracketing timestamps, right,
and the event might happen, youknow, before your starting point
.
Speaker 2 (08:36):
Right.
Speaker 1 (08:36):
And the file gets
information during that time and
it could stop after or beforethat right.
So how do you capture that?
Because the timestamps are notgoing to reflect that the
activity happened within thetime period, which obviously is
what the court is trying toachieve, which is narrow that
right, Exactly.
So we talk about solutions.
Education is one I floated,possibly like tank teams, for
(08:58):
that.
I mean, it's kind of like anidea that I have, and I take
that from cases where you havelegal documents in them and
they're protected.
So you have a person notinvolved with the investigation,
filter those out and then givethe rest to the person that's
actually going to do the work.
So maybe somebody can look atall the timestamps, identify
what's relevant and then pass itover to the investigative team.
(09:19):
Is that feasible or not?
I don't know.
Speaker 2 (09:23):
One of Bill's big
points today was just making
sure you keep in contact withthe prosecutors on those
restraints.
You want to discuss it withthem and make sure it fits the
case.
Speaker 1 (09:34):
And be proactive.
If the time to tell theprosecutors, when the prosecutor
says, well, we've got a searchwarrant, but you can only do
this, well, it's a little bittoo late.
We weren't able to be involvedin the process, so it requires a
little bit of being proactiveon that, if you can, and if your
ADs are, if your attorneys, das, are amenable to it, right.
Speaker 2 (09:52):
Right, right, exactly
.
Speaker 1 (09:54):
So enough about
serious stuff.
Now I'm really happy becauseI'm putting it on the screen.
The leaves have been added toPaladin from Sumori Software.
So everybody, a round ofapplause.
We're going to take over theworld of forensics and I'll be
poor through the whole thing, sothat's great.
(10:16):
Yeah, oh yeah, we'll get atthat.
So now we're in Paladin andit's an open source tool project
.
Despite that, it's been adoptedby a whole bunch of other
forensic outfits.
I think it's a point of prideto the work that some of the
(10:37):
folks are going to meet Because,by the way, we always talk
about Johan, we talk about Jamesand John and world premiere on
the podcast.
We'll have him on today, soit'll be fantastic.
Special guest, special guest,special guest.
Speaker 2 (10:48):
We have an actual
live crowd right here today too.
I don't think they want to beon camera, but there's a nice
little crowd behind the camera,yeah.
Speaker 1 (10:57):
All right, so yeah,
so we've seen the pictures.
Paladin has the leaps there andyou can run them.
This is the latest release, soyou want to see it there and run
it from there.
You can get it, and I couldn'tbe more stoked about it.
So it's fantastic.
And Johan had some conversationwith Steve Wan, or maybe they
can collaborate and we cancollaborate on that.
(11:18):
So that's awesome.
Nice, stop looking at yourphone, all right.
The next thing is so we're inclass, right, and somebody says,
hey, could we add a little bitof a logo of my agency Because
it's not serious enough.
I'm like what?
Yeah, yeah, some guy, some guythat might be here or not.
(11:42):
And I'm like is the littleApple logo not serious enough
for you?
You know, little glasses withtape in it, I mean that's pretty
serious.
So they want their logo and I'm,like you know, hedging my bets.
Well, I mean, I don't know, itmight take months In lava.
We'll redevelop it down theyear.
So what happens?
What happens next?
Speaker 2 (12:01):
What happened next is
there was a logo in there in
about four minutes and I don'tknow how that was added so
quickly, but I'm always sayingon the podcast that you know,
make sure you're updating theleaps, because they update
things every 10 seconds.
He literally heard can we get alogo?
And it was there.
What the next morning?
The next morning?
Speaker 1 (12:17):
It was it right.
Speaker 2 (12:17):
Yeah, the next
morning, making sure we asked
the right person right here, sothat's exciting.
Speaker 1 (12:22):
So here's how it
looks.
So we have here.
If you go to the case databutton in the interface, you'll
see that the pop-up has changed.
You used to have your casenumber and your name and the
name of the agency, but now youhave the logo as an add file.
And it's pretty neat because itwill check the type, the MIME
(12:44):
type, of the file to make sureit's a logo, so you won't trick
us, and then it will add it toyour report and it will look
really nice, something like this, right In honor of being in
IASIS 2025 here in Orlando.
So Johan put in an IASIS logothere and I love how it's
formatted, kind of to the leftof the case data information, so
it looks very nice.
We made a picture not in darkmode.
Speaker 2 (13:07):
Yeah, I know which
I'm offended by Listen.
I like the light mode, he likesthe dark mode.
But look, I win.
I don't know my eyes arebleeding with all the brightness
here.
Speaker 1 (13:16):
So we're happy.
We're happy to have it.
So thank you, Johan, for that.
Speaker 2 (13:25):
Before we go on,
let's see what's going on.
So what is Josh saying?
Speaker 1 (13:26):
Okay, we're both like
leaning into the computer.
Yeah, we're trying to figureout.
Speaker 2 (13:28):
See, that's what
happens when you don't have a
script right, see, damien agrees, damien, I'm going to find you.
Speaker 1 (13:36):
Damien is an expert.
Speaker 2 (13:36):
Dark mode for the win
.
Speaker 1 (13:38):
An expert's expert
and agrees with me.
So thank you.
Anybody that agrees with her,I'm not going to put them on the
screen, so don't try it.
Speaker 2 (13:46):
Christian's writing
about iLeap for his master's
thesis.
Speaker 1 (13:50):
That's awesome,
because we are going to be
talking about you in our classtomorrow.
Speaker 2 (13:54):
Yes, tomorrow we're
going to be talking about you.
Speaker 1 (13:56):
A little quid pro quo
, without even knowing it's both
ways.
So yeah, we'll send you apicture of your stuff in our
class and oh, you're going to bechecking it out tomorrow.
You'll tell people about it,All right?
So I got a question aboutacoustic and voiceprint, but I'm
(14:17):
really not ready to answer thatquestion.
Speaker 2 (14:19):
So, josh, if you
shoot us a message afterwards,
maybe on LinkedIn we'll answerthe question about the acoustic
versus voiceprint.
Speaker 1 (14:28):
There you go.
All right, so let's introduce acouple of the folks.
Well, it will be three of them,but let's go for a couple.
Let's start with, uh, startwith johan, right?
Yeah, so yeah, come on over.
Come on over.
As you can see, they're thepillars of this outfit and I
when I say that, I say itbecause you know I'm really tiny
next to him.
Speaker 2 (14:45):
Don't bend down,
stand up I'm not even getting
out of the chair because I looklike yeah, I'm gonna sit down
again, so I don't look as tinyas I am.
Speaker 1 (14:55):
I'm bigger on the
inside.
That's why I eat so much.
All right, so so, johan, whereare you coming from?
Where you come from?
From France, a Frenchman, yeahfantastic hey.
Speaker 5 (15:07):
I got a Puerto.
Speaker 3 (15:08):
Rican accent.
Speaker 1 (15:11):
What accent you have?
You're even a New Yorker accent.
I don't know.
I got a Puerto Rican accent.
What accent do you have?
You don't even have a NewYorker accent.
I don't know.
Speaker 2 (15:14):
I have a country
bumpkin accent.
Oh, it's beautiful.
We love it.
Speaker 1 (15:18):
We love it.
All right, johan.
So what do you work for?
What's your deal?
I work in Switzerland.
I'm a.
I keep talking about war.
Speaker 5 (15:26):
Okay, I get you, I'm
a rich from law enforcement, and
now I work at the School ofCriminal Justice at the
University of Lausanne,switzerland.
Speaker 1 (15:35):
So obviously I know
that already, but when we heard
he was coming, I'm like dude,what am I going to teach you?
Speaker 2 (15:42):
Oh, my God, yeah, I
totally freaked out.
Speaker 3 (15:46):
You teach me so much
I did.
Speaker 1 (15:48):
Actually.
So we're talking about SQLiteJSON and I'm teaching that and
Johan says I never heard aboutthis before and I made the whole
class clap because I couldn'tbelieve that Johan learned
something.
And it's been a special classbecause Johan's been like the
additional instructor, eventhough he's a student.
Speaker 3 (16:05):
Yeah.
Speaker 1 (16:06):
So I appreciate you
being here.
We collaborated online for along time and actually seeing
him in person makes me a lot ofjoy, man, so I'm like I'm not
going to let you go.
Either you stay here in Orlandoor you take me to.
Speaker 2 (16:16):
Switzerland.
Yeah, switzerland is wherewe're going.
Speaker 1 (16:19):
I think that's the
best option right now.
Yeah definitely.
Speaker 2 (16:22):
As I told you, I have
two backpacks Yep.
Speaker 1 (16:27):
We're both going to
fit in his backpack.
I'm tiny, I'm not that tiny,all right, so let's bring James.
James come over here.
So again, let me stand next toJames.
Speaker 2 (16:36):
Now I'm going to stay
sitting.
I'm too short.
Speaker 1 (16:37):
Because if Johan was
tall, James is even taller.
Speaker 2 (16:41):
His head doesn't even
fit in the screen.
Speaker 1 (16:44):
The good thing is
that his heart is just as big as
his tallness.
I'm used to getting my head cutoff in pictures.
Speaker 5 (16:55):
Well, you might have
to squat or get a chair because
your head is getting cut off?
No, but so.
Speaker 1 (17:00):
The wind is blowing
my hair out of the way anyway.
So so, James, I'm going to saysomething about James.
So you know James.
If you've been in the world fora while, you've known James.
Are you taking courses withJames?
Or you know his coding?
He works in NK.
So a legend, a living legend.
So if you've been around, youknow james.
Now, that being said, um,you're working with us with the
leaf.
So are you doing with the leafsand collaborating with the
(17:22):
community on why, why and what,what?
Speaker 5 (17:25):
uh, well, why, uh, I
I needed some of the modules
that the, the leaps had that Icouldn't find in commercial
tools when I was doing somelitigation support cases, and so
I found, I found the module wasthere and I was able to to get
it and actually parse it and dothe the job that I needed to do.
(17:45):
And and then that, uh, thatbrought me back to my, uh, my
roots of of digging intotechnical coding and stuff like
that.
Speaker 1 (17:53):
So I was like I see
some things I could add to the
project and here I am, A fewthings like a whole new viewer
that can actually deal withmillions of data in a row, which
we couldn't, and get away withHTML.
So James is again anotherunofficial instructor of our
class, right yeah, and ad hocinstructors.
Speaker 2 (18:16):
Yeah, oh, yeah, yeah.
Speaker 1 (18:18):
So and you know,
we're going to make sure that
he's here next year.
So we're talking about class,about FCMs, and James says, well
, maybe we can develop anexercise where we can actually
have some FCM.
And folks, you're listening andyou don't know what FCM?
It's really easy.
It's really easy, come to theclass, come to the class and
you'll know what it is Okay.
(18:39):
So he's like hey, how about weuse FCM and use this type of
model and send pushnotifications?
Students can't get it.
So I'm like okay, man, thatsounds great.
Speaker 2 (18:46):
You know, comes out,
yeah like at least six months,
or maybe just in time for nextyear's class.
Speaker 1 (18:53):
So, like four hours
pass.
It's like, hey, you want to seehow this works.
I'm like dude, what the heck?
No, but it worked really welland obviously we're going to
implement that in class, so weappreciate it.
So, yeah, you can stay too.
Everybody.
Stay here, john, come on over.
Come on over, we'll get you intoo.
Speaker 2 (19:10):
You're coming in,
we're coming in.
Speaker 3 (19:12):
Yeah.
Speaker 1 (19:17):
Look at this you
might have to get that chair and
get up.
Get up on the chair.
Speaker 2 (19:21):
You're short with us?
Speaker 1 (19:22):
Yeah, we're the short
people here, we're the oompa
loompas, so so so John, I mean.
So I, I heard John at the mostpertinent time.
So I was looking at some LHCdata in one of my phones and I
found out that it disappeared.
And I'm like what the heck?
And I think I reached out toyou first, right.
Speaker 2 (19:39):
I think so.
Speaker 1 (19:40):
Or no, it wasn't
Geraldine, it might have.
Speaker 2 (19:42):
Yeah, no, it was
Geraldine.
It was Geraldine.
Speaker 1 (19:50):
It was definitely
Geraldine.
Speaker 3 (19:51):
And she's like I
don't know.
Yeah, we got right.
It's a mouthful Not good atnicking names, no, but I mean I
like it, it's good.
Speaker 1 (19:59):
So John did some
great work the first person ever
to work on the ZigBee files ina forensic manner, obviously
outside of Apple, and it wasamazing work.
It opened the door for thewhole community, the whole
industry, to actually get backpattern of life data.
So we appreciate it, man, andknowing that because you knew
him from, you know I did.
Speaker 2 (20:20):
John is from New York
with me.
So, yeah, he actually, whenthis whole SegV thing happened,
mentioned it to me and I'm like,yeah, all right, I'll check it
out with you and then, yeah, Inever did.
Yeah, big deal, the biggestartifacts to come out of ios in
the last five ten years, yeah,yeah.
Speaker 1 (20:35):
So I'm like, yeah,
whatever, well, I won't do that
again, for sure, for sure.
So.
So tell us a little bit aboutyou and and also your partner
and all the good stuff I uh workfor the uh putnam sheriff's
office in new york.
Speaker 3 (20:48):
Um, I have a canine
partner.
I didn't bring her down becauseI didn't know if she'd be able
to be by the pool, so she'sresting in the room.
Speaker 1 (20:56):
Just like Heather
would like to be resting too now
here Going upstairs with Hannah.
And what does she do?
What's your daughter do?
Speaker 3 (21:04):
Yes, she's an
electronic storage detection
canine trained by ConnecticutState Police.
Had her for about six years now, so she's been my partner for a
while.
Hopefully, when it's time forretirement, we'll both maybe
retire together, unless I staylonger, we'll see.
Speaker 1 (21:21):
It's great because we
have the class pet Like literal
pet, it's not the favoritestudent.
Speaker 2 (21:26):
Everybody loves her.
Speaker 1 (21:28):
Belly rubs, belly
rubs, all around.
Speaker 2 (21:29):
Oh yes, Lots of hair
all over the place.
Speaker 1 (21:33):
Which now, you know,
the uniform now is black and
then I have like black pants.
So they're all full of dog hair,but you know what?
Totally worth it.
Totally worth it.
So the folks you see here andto include all of us, heather,
we're the main developers of thelist.
We're missing Kevin Pagano andand Bruno saw a lot of work on
Stanso, but he's in Argentina,so I wanted to get him.
And who else am I missing?
(21:54):
All the main ones that areactive now.
There's so many developers,dozens of them but the main
active ones, the core ones thatdeal with the kind of core
functionalities, are pretty muchhere, which is awesome.
Speaker 2 (22:04):
Yeah, we get to kind
of hang out.
Yeah, absolutely so excited tomeet each other, but just split
up.
Speaker 1 (22:16):
Well, for the
recorded version of this, I'll
put, like Kevin, you know, aipicture somewhere floating
around.
He can float right here.
Yeah, like seven feet tall,like you, so, yeah, so this is
the crew and we're having a goodtime.
Yeah, john was teachingvariants today and my ears were
(22:37):
bleeding, but I learned, Ilearned.
So we touched a lot of topicsand, no, it's been a good time.
It's been a good time.
Speaker 5 (22:43):
Yeah, definitely.
It's been great to sit togetherand talk over some of the
architecture that we've beenworking on the internals of the
LEAP tools forap tools for sixmonths eight months now, redoing
a lot of it, been doing a lotof work of processing
improvement, speed improvement,reliability, error handling, a
(23:04):
lot of that kind of stuff thatmakes it all together a better
tool.
But we're pushing forward moreand more, getting close to a
release of the new viewer, theLava, and we're at the final
stages of iLeap, at least to getthe first release going for
(23:25):
Lava.
So we're pretty excited.
We got to chat with Johan and abunch of stuff.
Speaker 1 (23:31):
You can tell we're
really excited about the whole
thing.
If you're listening to thepodcast, you're missing out
Exactly All right, no, and loveis going to be a game changer
for us and for the communitybecause it really allows us to
do way more and with way moredata.
(23:51):
One of the things that's beenmost satisfying for me outside
of the teaching part is walkingto the hallways and I'll tell
the folks here.
We got an investigator for NewMexico telling me hey, nice to
meet you, my name is so-and-soand I had this case that I have
this uh, motorola and thetooling did not work and we run
on a leap and I was able to getall I needed to get my homicide
(24:13):
indictment.
And I'm like I mean, how muchmoney is that worth?
Right, there's no price thatyou can put on that right being
able to solve cases.
We got another gentleman fromsouth africa telling about how
the tool was useful to theircases.
Folks that stop and say, hey,let's take a picture together,
because I appreciate what you doand I'm like dude, I'm, you
know, okay, it feels sometimes alittle bit odd, right.
Speaker 5 (24:37):
But that's the price
that we charge.
Yeah, pretty much.
Speaker 2 (24:42):
Tell the story, tell
the story.
Speaker 1 (24:44):
Tell the story.
Yeah, tell us if it's usefuland how, and obviously how we we
make it better.
And uh, and if you don't likeit, it's okay.
You're money by guarantee, allthe money you spend on the tool,
you're getting it back all zerodollars on it.
So, uh, rebecca here is is inthe chat.
Speaker 2 (25:02):
let's see what she's
saying yay, can't wait to see
lava.
Alexis already helped me oncewhen I couldn't get the data to
load there we go in my pleasure.
Speaker 1 (25:12):
My pleasure always
lava will definitely help with
that so what else what we haveto bring in?
We?
Speaker 2 (25:17):
have lee, come on,
come on, come on look this.
Speaker 1 (25:21):
This man is really
like he was.
Hey, why don't they shut?
I'll be right back.
And he got ready.
You know, he got boom, ready togo.
Speaker 2 (25:28):
So introduce yourself
my name is Lee Harris.
Speaker 4 (25:30):
I'm with the
Cybersecurity Division, the city
of San Marcos in Texas.
Speaker 1 (25:35):
By the way, from the
next episode I'm going to
contract him out to the introswith his voice Way better than
mine.
Speaker 4 (25:44):
You got to talk about
the book though.
You've got to talk about thebook though the DFIR
Investigative Mindset.
Speaker 2 (25:48):
Yes, the book we talk
about all the time.
Speaker 1 (25:51):
Brett's in the chat.
Oh, Brett's in the chat.
Speaker 4 (25:53):
There you go.
I was contacted by the awesomeBrett Shavers I don't know two
years ago and he asked me to bethe technical editor of a new
book that he was writing and ofcourse, I said yes, I'm
absolutely honored editor of anew book that he was.
He was writing and of course, Isaid yes, I'm absolutely
honored.
We collaborated for for severalmonths on the book uh, tossing
ideas back and forth.
(26:13):
I think we did a really, reallygood job together and, like I
said, it truly an honor to be apart of a a wonderful book, I
think for both seasonedinvestigators and new, uh
digital forensic investigatorsdefinitely.
Speaker 2 (26:26):
It's a book we handed
out to all of the students in
the advanced mobile classbecause we saw the value in it
and made that part of our classtoo.
Speaker 4 (26:35):
Thank, you, heather,
we really appreciate it.
Speaker 2 (26:36):
It's excellent, it's
excellent.
Speaker 1 (26:38):
No, we got.
The first copies came out andBrad was so nice to you know,
kind of dedicate it to us andsign all that.
I'll do.
Speaker 2 (26:44):
$5 autographs, yeah
there we go, there we go.
We've got the crowd here.
You want to autographs?
Speaker 1 (26:52):
Mine are free.
I think they'll just pay me notto give an autograph.
No, it's a great book.
We got advanced copies thefirst ones and we read it cover
to cover.
I didn't write it because it'ssigned by the author, so I
didn't want to mess it up.
Oh, signed by the author, sothe author, so I didn't want to.
Speaker 2 (27:06):
I didn't want to mess
it up.
I know.
Speaker 1 (27:07):
Yeah, I'm not going
to highlight it.
I bought another copy that Ican actually highlight.
Speaker 4 (27:10):
I'll stop by tomorrow
and sign it for you too there
we go, there we go.
Speaker 2 (27:15):
Awesome.
Speaker 1 (27:16):
So you're going to be
here next week too.
I am.
Speaker 4 (27:18):
Yep.
Speaker 1 (27:22):
I'm in the cyber
incident forensic great class.
Speaker 4 (27:23):
The instructors are
phenomenal.
I'm having a great time.
They're all hilariouspersonalities.
They work really well togetherand I'm learning a whole lot.
It's especially beneficial withmy transition from straight
digital forensics to nowcybersecurity.
So, important, so important.
It's perfect.
I'm loving it, I'm ready to gohome.
(27:45):
You have another week.
I'm a little homesick, butanother week I can handle.
I'm having a great time here inOrlando.
Speaker 1 (27:52):
That's fantastic.
And, folks, I got three yearsto retirement from my main
workplace and that's important.
How do we acquire skills thatare important, that serve us
well now, but also in thattransition over to fully private
sector or your own business,whatever it is, yeah, and
there's one place you can dothat you know, yeah, it's an
IASIS place to be.
Speaker 4 (28:12):
Yeah, definitely.
Speaker 2 (28:13):
Definitely.
Where is everybody?
Everybody that's in the chat.
You should be here.
Speaker 1 (28:19):
So no, I'm glad to
see Brett in the chassis here.
Somebody wants them to bringalong to hang out.
Well, you got to be an Aces tohang out.
Sorry, and we got the crowdthere having their beers and
sorry, their drinks, their applejuices.
Speaker 4 (28:37):
Their refreshing
beverages.
Speaker 1 (28:40):
So yeah, so that's
what we got here.
Oh, here we go.
That being said, so we offerall sorts of courses, like Lee
was saying, and that course ismore like an intrusion response
or what's the… Correct?
Speaker 4 (28:51):
Yeah, it's an IR.
It's the IR of the DF.
Speaker 1 (28:58):
The F world the.
Speaker 2 (28:59):
IR of the DF.
Speaker 1 (29:01):
Yeah, and cybercrime
nowadays really requires all
those skill sets, not only theforensic side, but also how did
it happen, how to mitigate it,how to remediate that stuff.
So I guess it gives thosecourses on the specialized
courses.
We also have courses on droneforensics.
There's courses on the mobilephones.
There's two of those that wegive.
Speaker 4 (29:18):
RAM analysis.
Ram analysis, that soundsreally interesting.
I want to take that class.
Speaker 2 (29:23):
Yeah, mac forensics
definitely.
I heard there's a new linuxclass as well, linux for law
enforcement?
Speaker 1 (29:30):
yeah, they're next
door.
I'm trying to hear, but youknow the the class chair.
Speaker 4 (29:35):
Yeah, the class chair
doesn't let me leave ah, you're
, you're busy, you're busy, I'msorry I really like all the swag
from the vendors as well, oh,oh, do you have some here?
Speaker 1 (29:45):
yeah, I think I so.
So there's t-shirts.
So digital intelligence, theones that make the freds you
know first being legendary,right, they made.
I put on my linkedin a littlefred made out of legos and I'm
like, oh, this might be somecheap old chinese legos, oh, no,
no, I mean no hate, for thechinese legos are great, but but
the legit legos from where?
They're?
(30:06):
Sweden and I'm nor Norway, Idon't even know they're the real
Legos, the European ones, Idon't know which country,
denmark, denmark.
I should have known.
I don't know where they're from, beautiful, like a little like
a collectible.
So I know you all hate me onInstagram, I mean on LinkedIn,
sorry oh, you know who's gonnahate you for having them what.
Kevin Pagano oh yeah, he's goingto want one of those.
Speaker 2 (30:24):
You better stop by
the table and see if they have
any more.
Speaker 1 (30:26):
They left already.
Speaker 3 (30:27):
Oh, they did leave oh
no, bekemishacom.
Speaker 1 (30:30):
Yeah, says the
disembodied head on my left.
There we go.
Now can we see you?
Yeah no, for sure.
So they have that.
What else do you all get, Likeyou got?
Speaker 2 (30:43):
Yep and the tumblers.
Speaker 1 (30:44):
And the tumblers, yep
.
So I'm going to put those upduring the day tomorrow.
I was supposed to do it todaybut I didn't.
I haven't put up the post onthe Leafs on Paladin also, so
I'll do that tonight.
Right, right, and pretty muchthat's it.
Speaker 2 (30:57):
Yeah, we have just
hanging out by the pool.
Speaker 1 (31:05):
So we have?
Yeah, all right, so anythingelse for the don't know?
I think we're running out oftopics now.
We got 20 people, everybody'squiet.
I know everybody is quiet no,but all kidding aside, we
appreciate you kind of hangingout with us.
We'll continue to teach here.
Please check out our socialmedia to know what we're up to
in regards to the class.
Any questions, any comments.
(31:26):
Some of you we didn't get toyou on the chat because we don't
have the resources to answeryou now, but we'll get back to
you, and by we I mean Heather.
Speaker 2 (31:33):
Yeah, just send me
the message All right.
Speaker 1 (31:36):
So are you sure you
know I'll be in the show?
Speaker 2 (31:39):
Yeah, come on over,
guys Come on.
Get over here.
We have to do a parade.
Speaker 1 (31:48):
No go we have shy,
shy people.
They believe they're undercoveragents, but they're not.
They're just examiners, shyexaminers, shy examiners.
Alright, well, thank youeverybody for watching.
Don't worry, in two weeks we'llgive you a serious program.
Yes, with the artifacts and allthe new stuff thanks to Johan,
thanks to John, thanks to Lee,thanks to James, thanks to
Heather, and thank you all forwatching.
So we'll be seeing each othersoon and I need to find the
(32:11):
music to say goodbye.
Where is it?
Where's the music?
Oh, there you go.
There we go.
Let me see.
Nobody can hear about me.
See you next time, take care,you can stop now.
I stop the music.
You can stop now.
You stopped the music.
I didn't.
It's too cold.
See you next time.
Oh, we can see a film in theback.
(32:33):
That's amazing.