<br /> Digital<br /> The Quarterly Magazine for Digital Forensics Practitioners Issue 39 · May 2019<br /> ForensicS<br /> Magazine<br /> Forensics Europe Expo<br /> DFM Forensics Conference 2019<br /> Featured Papers INSIDE!<br /> Including…<br /> Driver<br /> Attribution in<br /> Connected<br /> Cars<br /> PLUS<br /> Human Super Recognisers<br /> Digital Forensic International Standards<br /> Complexity Theory and Artificial Intelligence<br /> 9<br /> From the Lab: Setting Up Your Digital Forensics Lab772042 061004<br /> 39<br /> Issue 39 / £14.99 TR Media<br /> <br /> Editorial<br /> W<br /> ell, it's in…! After a significant amount<br /> of work, much of which was provided<br /> Pro-Bono from<a title="DFM39 page 1" href="http://viewer.zmags.com/publication/8cd3f7ae?page=1"> Digital The Quarterly Magazine for Digital Fore</a> <a title="DFM39 page 2" href="http://viewer.zmags.com/publication/8cd3f7ae?page=2"> </a> <a title="DFM39 page 3" href="http://viewer.zmags.com/publication/8cd3f7ae?page=3"> Editorial W </a> <a title="DFM39 page 4" href="http://viewer.zmags.com/publication/8cd3f7ae?page=4"> B uilding on the suc</a> <a title="DFM39 page 5" href="http://viewer.zmags.com/publication/8cd3f7ae?page=5"> Contents FEATURES 8 Making Sense of Digital Fore</a> <a title="DFM39 page 6" href="http://viewer.zmags.com/publication/8cd3f7ae?page=6"> NEWS News Defrauded NHS Trust is Paid Back £1.2m</a> <a title="DFM39 page 7" href="http://viewer.zmags.com/publication/8cd3f7ae?page=7"> per minute, per honeypot. The honeypots were set </a> <a title="DFM39 page 8" href="http://viewer.zmags.com/publication/8cd3f7ae?page=8"> FORENSIC EUROPE EXPO SPONSORED EVENT Forensics Eu</a> <a title="DFM39 page 9" href="http://viewer.zmags.com/publication/8cd3f7ae?page=9"> Editor-in-Chief, Roy Isbell The conference </a> <a title="DFM39 page 10" href="http://viewer.zmags.com/publication/8cd3f7ae?page=10"> FEATURE INTERMEDIATE Making Sense of Digital For</a> <a title="DFM39 page 11" href="http://viewer.zmags.com/publication/8cd3f7ae?page=11"> • Reducing costs of information collection, </a> <a title="DFM39 page 12" href="http://viewer.zmags.com/publication/8cd3f7ae?page=12"> FEATURE INTERMEDIATE Figur</a> <a title="DFM39 page 13" href="http://viewer.zmags.com/publication/8cd3f7ae?page=13"> Figure 2. Second Plan and Standards Mapping was</a> <a title="DFM39 page 14" href="http://viewer.zmags.com/publication/8cd3f7ae?page=14"> FEATURE INTERMEDIATE Making sense of the Digita</a> <a title="DFM39 page 15" href="http://viewer.zmags.com/publication/8cd3f7ae?page=15"> </a> <a title="DFM39 page 16" href="http://viewer.zmags.com/publication/8cd3f7ae?page=16"> MAIN FEATURE ADVANCED Driver Attribution in Conn</a> <a title="DFM39 page 17" href="http://viewer.zmags.com/publication/8cd3f7ae?page=17"> Why OBD2? The demonstration of the method in this</a> <a title="DFM39 page 18" href="http://viewer.zmags.com/publication/8cd3f7ae?page=18"> MAIN FEATURE ADVANCED Figure 3</a> <a title="DFM39 page 19" href="http://viewer.zmags.com/publication/8cd3f7ae?page=19"> Figure 4 Time Series pattern for Female (left), M</a> <a title="DFM39 page 20" href="http://viewer.zmags.com/publication/8cd3f7ae?page=20"> MAIN FEATURE ADVANCED </a> <a title="DFM39 page 21" href="http://viewer.zmags.com/publication/8cd3f7ae?page=21"> that drivers’ classification in modern cars genera</a> <a title="DFM39 page 22" href="http://viewer.zmags.com/publication/8cd3f7ae?page=22"> </a> <a title="DFM39 page 23" href="http://viewer.zmags.com/publication/8cd3f7ae?page=23"> LEGAL Editorial T here</a> <a title="DFM39 page 24" href="http://viewer.zmags.com/publication/8cd3f7ae?page=24"> Scott Zimmerman investigates this issue and prese</a> <a title="DFM39 page 25" href="http://viewer.zmags.com/publication/8cd3f7ae?page=25"> into anything that might appear unusual. If the s</a> <a title="DFM39 page 26" href="http://viewer.zmags.com/publication/8cd3f7ae?page=26"> LEGAL FEATURE walk the court through the pro</a> <a title="DFM39 page 27" href="http://viewer.zmags.com/publication/8cd3f7ae?page=27"> two [or more] sets of results. To sum up: using n</a> <a title="DFM39 page 28" href="http://viewer.zmags.com/publication/8cd3f7ae?page=28"> LEGAL NEWS LEGAL News brother to upload salacious</a> <a title="DFM39 page 29" href="http://viewer.zmags.com/publication/8cd3f7ae?page=29"> </a> <a title="DFM39 page 30" href="http://viewer.zmags.com/publication/8cd3f7ae?page=30"> FROM THE LAB ENTRY Digital Forensics Lab Nihad </a> <a title="DFM39 page 31" href="http://viewer.zmags.com/publication/8cd3f7ae?page=31"> The floor plan in Figure 1 is a suggested des</a> <a title="DFM39 page 32" href="http://viewer.zmags.com/publication/8cd3f7ae?page=32"> FROM THE LAB ENTRY </a> <a title="DFM39 page 33" href="http://viewer.zmags.com/publication/8cd3f7ae?page=33"> • Mandiant Redline: Live memory analysis; in</a> <a title="DFM39 page 34" href="http://viewer.zmags.com/publication/8cd3f7ae?page=34"> FROM THE LAB ENTRY Lab Pol</a> <a title="DFM39 page 35" href="http://viewer.zmags.com/publication/8cd3f7ae?page=35"> </a> <a title="DFM39 page 36" href="http://viewer.zmags.com/publication/8cd3f7ae?page=36"> FEATURE INTERMEDIATE AI in Digital Forensics Zen</a> <a title="DFM39 page 37" href="http://viewer.zmags.com/publication/8cd3f7ae?page=37"> A neural network is based on a collection of</a> <a title="DFM39 page 38" href="http://viewer.zmags.com/publication/8cd3f7ae?page=38"> FEATURE INTERMEDIATE In general, we trai</a> <a title="DFM39 page 39" href="http://viewer.zmags.com/publication/8cd3f7ae?page=39"> Figure 2. Chip Extraction for further Digital Inv</a> <a title="DFM39 page 40" href="http://viewer.zmags.com/publication/8cd3f7ae?page=40"> ADVERTORIAL UNIVERSITY OF WARWICK CYBER SECURITY,</a> <a title="DFM39 page 41" href="http://viewer.zmags.com/publication/8cd3f7ae?page=41"> 41</a> <a title="DFM39 page 42" href="http://viewer.zmags.com/publication/8cd3f7ae?page=42"> FEATURE INTERMEDIATE Cutting Us Some Slack Jose</a> <a title="DFM39 page 43" href="http://viewer.zmags.com/publication/8cd3f7ae?page=43"> Review is Important It's important to remember, f</a> <a title="DFM39 page 44" href="http://viewer.zmags.com/publication/8cd3f7ae?page=44"> FEATURE INTERMEDIATE The implementation </a> <a title="DFM39 page 45" href="http://viewer.zmags.com/publication/8cd3f7ae?page=45"> Figure 2. Onna Audit Logging of Data </a> <a title="DFM39 page 46" href="http://viewer.zmags.com/publication/8cd3f7ae?page=46"> FEATURE INTERMEDIATE Rather than dealing</a> <a title="DFM39 page 47" href="http://viewer.zmags.com/publication/8cd3f7ae?page=47"> Figure 6. CPSO Search Using Onna </a> <a title="DFM39 page 48" href="http://viewer.zmags.com/publication/8cd3f7ae?page=48"> COMPETITION Competition Fancy winning a nifty li</a> <a title="DFM39 page 49" href="http://viewer.zmags.com/publication/8cd3f7ae?page=49"> </a> <a title="DFM39 page 50" href="http://viewer.zmags.com/publication/8cd3f7ae?page=50"> FEATURE ENTRY Complexity Theory & Artificial Inte</a> <a title="DFM39 page 51" href="http://viewer.zmags.com/publication/8cd3f7ae?page=51"> Phases of Digital Forensics DF is a science that </a> <a title="DFM39 page 52" href="http://viewer.zmags.com/publication/8cd3f7ae?page=52"> FEATURE ENTRY (“solvers”) have allowed to occ</a> <a title="DFM39 page 53" href="http://viewer.zmags.com/publication/8cd3f7ae?page=53"> Real Cases: File Sharing Hypotheses A Judge reque</a> <a title="DFM39 page 54" href="http://viewer.zmags.com/publication/8cd3f7ae?page=54"> FEATURE ENTRY The preferences list (rela</a> <a title="DFM39 page 55" href="http://viewer.zmags.com/publication/8cd3f7ae?page=55"> Figure 5. Matrix from GPS Device Positions </a> <a title="DFM39 page 56" href="http://viewer.zmags.com/publication/8cd3f7ae?page=56"> MORE THAN A MAG Digital Forensics Magazine prides</a> <a title="DFM39 page 57" href="http://viewer.zmags.com/publication/8cd3f7ae?page=57"> </a> <a title="DFM39 page 58" href="http://viewer.zmags.com/publication/8cd3f7ae?page=58"> FEATURE INTERMEDIATE Human Super Recognisers Mic</a> <a title="DFM39 page 59" href="http://viewer.zmags.com/publication/8cd3f7ae?page=59"> This added to the work of Dr Anna Bobak fro</a> <a title="DFM39 page 60" href="http://viewer.zmags.com/publication/8cd3f7ae?page=60"> FEATURE INTERMEDIATE The existen</a> <a title="DFM39 page 61" href="http://viewer.zmags.com/publication/8cd3f7ae?page=61"> that losses from shoplifting have now reached ove</a> <a title="DFM39 page 62" href="http://viewer.zmags.com/publication/8cd3f7ae?page=62"> FEATURE INTERMEDIATE In addition</a> <a title="DFM39 page 63" href="http://viewer.zmags.com/publication/8cd3f7ae?page=63"> important contribution as data and imagery sharin</a> <a title="DFM39 page 64" href="http://viewer.zmags.com/publication/8cd3f7ae?page=64"> FEATURE ENTRY Operation Bitcoins The fo</a> <a title="DFM39 page 65" href="http://viewer.zmags.com/publication/8cd3f7ae?page=65"> as part of the case file that I had a pendrive wit</a> <a title="DFM39 page 66" href="http://viewer.zmags.com/publication/8cd3f7ae?page=66"> FEATURE ENTRY September</a> <a title="DFM39 page 67" href="http://viewer.zmags.com/publication/8cd3f7ae?page=67"> as well as the system that was hacked. He is </a> <a title="DFM39 page 68" href="http://viewer.zmags.com/publication/8cd3f7ae?page=68"> FEATURE ENTRY Conclusio</a> <a title="DFM39 page 69" href="http://viewer.zmags.com/publication/8cd3f7ae?page=69"> </a> <a title="DFM39 page 70" href="http://viewer.zmags.com/publication/8cd3f7ae?page=70"> 360 36 Letters, emails, tweets, connections and m</a> <a title="DFM39 page 71" href="http://viewer.zmags.com/publication/8cd3f7ae?page=71"> TWITTER We are regularly tweeting tools, tips and</a> <a title="DFM39 page 72" href="http://viewer.zmags.com/publication/8cd3f7ae?page=72"> LIBRARY SUBSCRIPTIONS NOW AVAILABLE You can get</a> <a title="DFM39 page 73" href="http://viewer.zmags.com/publication/8cd3f7ae?page=73"> NEXT ISSUE NEXT Issue Continuing our aim of bring</a> <a title="DFM39 page 74" href="http://viewer.zmags.com/publication/8cd3f7ae?page=74"> </a> <a title="DFM39 page 75" href="http://viewer.zmags.com/publication/8cd3f7ae?page=75"> BOOK Reviews T he is t</a> <a title="DFM39 page 76" href="http://viewer.zmags.com/publication/8cd3f7ae?page=76"> REVIEWS BOOKS W </a> <a title="DFM39 page 77" href="http://viewer.zmags.com/publication/8cd3f7ae?page=77"> BACK ISSUES BACK Issues 37 Mitigating the Nightma</a> <a title="DFM39 page 78" href="http://viewer.zmags.com/publication/8cd3f7ae?page=78"> IRQ IRQ Artificial Stupidity? R </a> <a title="DFM39 page 79" href="http://viewer.zmags.com/publication/8cd3f7ae?page=79"> </a> <a title="DFM39 page 80" href="http://viewer.zmags.com/publication/8cd3f7ae?page=80"> </a>