Forensic research awards highlight the difficulty of digital privacy

At OpenText, we talk often about digital transformation. Technology makes businesses more competitive, opens access to information and provides new opportunities for everyone.

Unfortunately, it also creates new vehicles for hackers, scammers and criminals. To effectively stop hackers, prosecute criminals and uncover wrongdoing – investigators must understand what happens on digital devices and networks via a process called digital forensics.

Digital forensics is the collection and examination of digital evidence residing on electronic devices. Digital forensic experts apply their skills to criminal, civil and corporate investigations, or in cybersecurity to locate data breaches, malware and more.

Despite that rather simple definition, digital forensics is not widely understood and sometimes viewed as a sort of “dark art”. Digital forensic experts must constantly adapt to new devices (think drones and IoT), new tools and new tactics from criminals and hackers. Everything leaves forensic residue: running applications, clicking files, accessing data, opening email attachments and surfing the internet. Expert investigators can identify and piece together this evidence to build a case or identify a problem.

A close-knit community of investigators and researchers constantly find and publish new forensic “artifacts”. Artifacts are forensic speak for residual evidence left behind when users or applications interact with an operating system. These breadcrumbs marking our digital trail are not well understood, and the people discovering them are rarely recognized for their research.

Winners of the Forensic Artifact Research Awards

We created the Forensic Artifact Research Program as a platform to recognize these forensic researchers for their important work. In its first year, the program received 24 qualified submissions and awarded 11 cash prizes, ranging from $500 to $5,000.

The winning submission came from Justin Bartshe, an investigator with the Naval Criminal Investigative Service (NCIS). During the course of an investigation, Justin discovered that a popular free antivirus program tracked and stores users’ internet activity. Even if users leveraged private browsing modes, or cleared their history, Justin was still able to find records of internet activity. In Justin’s line of work, these types of forensic artifacts provide key evidence as to the actions their suspect has taken online or with a device.

“As a digital forensic examiner, my job is to constantly look for new methods to find evidence leading to the truth, as it pertains to the events of a crime or situation. I’m thrilled to receive this award and hope that more programs will shine a light on forensic investigations to help with knowledge sharing and awareness.” – Justin Bartshe {Investigative Computer Specialist, NCIS}

Another notable entry, more in the domain of internet forensics/vulnerability research, found that by modifying the source for a popular open-source torrent platform, the researcher could generate a list of all users watching any specific video at any specific time. This list includes IP addresses and TCP port numbers of the peers viewing that video.

Recognizing the community (and our judges)

Forensic artifacts are critically important to the criminal investigators and law-enforcement who prosecute crime, both on and offline. Forensic researchers help protect victims, end abuse and save lives. In the cybersecurity space, forensic artifacts help security teams defend against breaches and protect against the next advanced attack.

The professionals that make up the community of digital forensic investigators do research, largely without reward or recognition. For this program, we turned to several distinguished members of that community to help us evaluate submissions. A special thank you to all of our judges:

1. Amber Schroader
2. Dave Cowen (@HECFBlog)
3. Jake Williams (@MalwareJake)
4. Paul Shomo (@ShomoBits)
5. Simon Key (@SimonDCKey)

We were proud to sponsor this program and hope it will lead to more recognition and similar campaigns in the future.

Paul Shomo

Paul Shomo is a senior technical manager for third party technologies at OpenText. A veteran of cybersecurity, Paul Shomo has spent more than 15 years as a software engineer with experience working in security and forensics, networking and storage, and several years in his current role managing strategic partnerships and advising on M&A activity. Paul is a regular contributor to Dark Reading. He has been extensively quoted on cybersecurity issues by outlets like FoxNews, Network World, eWeek, SC Magazine, CSO Online, etc.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.