If you are visually impaired or blind, you can visit the PDF version by Pressing CONTROL + ALT + 4
<br /> Digital<br /> The Quarterly Magazine for Digital Forensics Practitioners Issue 39 · May 2019<br /> ForensicS<br /> Magazine<br /> Forensics Europe Expo<br /> DFM Forensics Conference 2019<br /> Featured Papers INSIDE!<br /> Including…<br /> Driver<br /> Attribution in<br /> Connected<br /> Cars<br /> PLUS<br /> Human Super Recognisers<br /> Digital Forensic International Standards<br /> Complexity Theory and Artificial Intelligence<br /> 9<br /> From the Lab: Setting Up Your Digital Forensics Lab772042 061004<br /> 39<br /> Issue 39 / £14.99 TR Media<br /> <br /> Editorial<br /> W<br /> ell, it's in…! After a significant amount<br /> of work, much of which was provided<br /> Pro-Bono from<a title="DFM39 - Online page 1" href="https://secure.viewer.zmags.com/publication/8cd3f7ae?page=1"> Digital The Quarterly Magazine for Digital Fore</a> <a title="DFM39 - Online page 2" href="https://secure.viewer.zmags.com/publication/8cd3f7ae?page=2"> </a> <a title="DFM39 - Online page 3" href="https://secure.viewer.zmags.com/publication/8cd3f7ae?page=3"> Editorial W </a> <a title="DFM39 - Online page 4" href="https://secure.viewer.zmags.com/publication/8cd3f7ae?page=4"> B uilding on the suc</a> <a title="DFM39 - Online page 5" href="https://secure.viewer.zmags.com/publication/8cd3f7ae?page=5"> Contents FEATURES 8 Making Sense of Digital Fore</a> <a title="DFM39 - Online page 6" href="https://secure.viewer.zmags.com/publication/8cd3f7ae?page=6"> NEWS News Defrauded NHS Trust is Paid Back £1.2m</a> <a title="DFM39 - Online page 7" href="https://secure.viewer.zmags.com/publication/8cd3f7ae?page=7"> per minute, per honeypot. The honeypots were set </a> <a title="DFM39 - Online page 8" href="https://secure.viewer.zmags.com/publication/8cd3f7ae?page=8"> FORENSIC EUROPE EXPO SPONSORED EVENT Forensics Eu</a> <a title="DFM39 - Online page 9" href="https://secure.viewer.zmags.com/publication/8cd3f7ae?page=9"> Editor-in-Chief, Roy Isbell The conference </a> <a title="DFM39 - Online page 10" href="https://secure.viewer.zmags.com/publication/8cd3f7ae?page=10"> FEATURE INTERMEDIATE Making Sense of Digital For</a> <a title="DFM39 - Online page 11" href="https://secure.viewer.zmags.com/publication/8cd3f7ae?page=11"> • Reducing costs of information collection, </a> <a title="DFM39 - Online page 12" href="https://secure.viewer.zmags.com/publication/8cd3f7ae?page=12"> FEATURE INTERMEDIATE Figur</a> <a title="DFM39 - Online page 13" href="https://secure.viewer.zmags.com/publication/8cd3f7ae?page=13"> Figure 2. Second Plan and Standards Mapping was</a> <a title="DFM39 - Online page 14" href="https://secure.viewer.zmags.com/publication/8cd3f7ae?page=14"> FEATURE INTERMEDIATE Making sense of the Digita</a> <a title="DFM39 - Online page 15" href="https://secure.viewer.zmags.com/publication/8cd3f7ae?page=15"> </a> <a title="DFM39 - Online page 16" href="https://secure.viewer.zmags.com/publication/8cd3f7ae?page=16"> MAIN FEATURE ADVANCED Driver Attribution in Conn</a> <a title="DFM39 - Online page 17" href="https://secure.viewer.zmags.com/publication/8cd3f7ae?page=17"> Why OBD2? The demonstration of the method in this</a> <a title="DFM39 - Online page 18" href="https://secure.viewer.zmags.com/publication/8cd3f7ae?page=18"> MAIN FEATURE ADVANCED Figure 3</a> <a title="DFM39 - Online page 19" href="https://secure.viewer.zmags.com/publication/8cd3f7ae?page=19"> Figure 4 Time Series pattern for Female (left), M</a> <a title="DFM39 - Online page 20" href="https://secure.viewer.zmags.com/publication/8cd3f7ae?page=20"> MAIN FEATURE ADVANCED </a> <a title="DFM39 - Online page 21" href="https://secure.viewer.zmags.com/publication/8cd3f7ae?page=21"> that drivers’ classification in modern cars genera</a> <a title="DFM39 - Online page 22" href="https://secure.viewer.zmags.com/publication/8cd3f7ae?page=22"> </a> <a title="DFM39 - Online page 23" href="https://secure.viewer.zmags.com/publication/8cd3f7ae?page=23"> LEGAL Editorial T here</a> <a title="DFM39 - Online page 24" href="https://secure.viewer.zmags.com/publication/8cd3f7ae?page=24"> Scott Zimmerman investigates this issue and prese</a> <a title="DFM39 - Online page 25" href="https://secure.viewer.zmags.com/publication/8cd3f7ae?page=25"> into anything that might appear unusual. If the s</a> <a title="DFM39 - Online page 26" href="https://secure.viewer.zmags.com/publication/8cd3f7ae?page=26"> LEGAL FEATURE walk the court through the pro</a> <a title="DFM39 - Online page 27" href="https://secure.viewer.zmags.com/publication/8cd3f7ae?page=27"> two [or more] sets of results. To sum up: using n</a> <a title="DFM39 - Online page 28" href="https://secure.viewer.zmags.com/publication/8cd3f7ae?page=28"> LEGAL NEWS LEGAL News brother to upload salacious</a> <a title="DFM39 - Online page 29" href="https://secure.viewer.zmags.com/publication/8cd3f7ae?page=29"> </a> <a title="DFM39 - Online page 30" href="https://secure.viewer.zmags.com/publication/8cd3f7ae?page=30"> FROM THE LAB ENTRY Digital Forensics Lab Nihad </a> <a title="DFM39 - Online page 31" href="https://secure.viewer.zmags.com/publication/8cd3f7ae?page=31"> The floor plan in Figure 1 is a suggested des</a> <a title="DFM39 - Online page 32" href="https://secure.viewer.zmags.com/publication/8cd3f7ae?page=32"> FROM THE LAB ENTRY </a> <a title="DFM39 - Online page 33" href="https://secure.viewer.zmags.com/publication/8cd3f7ae?page=33"> • Mandiant Redline: Live memory analysis; in</a> <a title="DFM39 - Online page 34" href="https://secure.viewer.zmags.com/publication/8cd3f7ae?page=34"> FROM THE LAB ENTRY Lab Pol</a> <a title="DFM39 - Online page 35" href="https://secure.viewer.zmags.com/publication/8cd3f7ae?page=35"> </a> <a title="DFM39 - Online page 36" href="https://secure.viewer.zmags.com/publication/8cd3f7ae?page=36"> FEATURE INTERMEDIATE AI in Digital Forensics Zen</a> <a title="DFM39 - Online page 37" href="https://secure.viewer.zmags.com/publication/8cd3f7ae?page=37"> A neural network is based on a collection of</a> <a title="DFM39 - Online page 38" href="https://secure.viewer.zmags.com/publication/8cd3f7ae?page=38"> FEATURE INTERMEDIATE In general, we trai</a> <a title="DFM39 - Online page 39" href="https://secure.viewer.zmags.com/publication/8cd3f7ae?page=39"> Figure 2. Chip Extraction for further Digital Inv</a> <a title="DFM39 - Online page 40" href="https://secure.viewer.zmags.com/publication/8cd3f7ae?page=40"> ADVERTORIAL UNIVERSITY OF WARWICK CYBER SECURITY,</a> <a title="DFM39 - Online page 41" href="https://secure.viewer.zmags.com/publication/8cd3f7ae?page=41"> 41</a> <a title="DFM39 - Online page 42" href="https://secure.viewer.zmags.com/publication/8cd3f7ae?page=42"> FEATURE INTERMEDIATE Cutting Us Some Slack Jose</a> <a title="DFM39 - Online page 43" href="https://secure.viewer.zmags.com/publication/8cd3f7ae?page=43"> Review is Important It's important to remember, f</a> <a title="DFM39 - Online page 44" href="https://secure.viewer.zmags.com/publication/8cd3f7ae?page=44"> FEATURE INTERMEDIATE The implementation </a> <a title="DFM39 - Online page 45" href="https://secure.viewer.zmags.com/publication/8cd3f7ae?page=45"> Figure 2. Onna Audit Logging of Data </a> <a title="DFM39 - Online page 46" href="https://secure.viewer.zmags.com/publication/8cd3f7ae?page=46"> FEATURE INTERMEDIATE Rather than dealing</a> <a title="DFM39 - Online page 47" href="https://secure.viewer.zmags.com/publication/8cd3f7ae?page=47"> Figure 6. CPSO Search Using Onna </a> <a title="DFM39 - Online page 48" href="https://secure.viewer.zmags.com/publication/8cd3f7ae?page=48"> COMPETITION Competition Fancy winning a nifty li</a> <a title="DFM39 - Online page 49" href="https://secure.viewer.zmags.com/publication/8cd3f7ae?page=49"> </a> <a title="DFM39 - Online page 50" href="https://secure.viewer.zmags.com/publication/8cd3f7ae?page=50"> FEATURE ENTRY Complexity Theory & Artificial Inte</a> <a title="DFM39 - Online page 51" href="https://secure.viewer.zmags.com/publication/8cd3f7ae?page=51"> Phases of Digital Forensics DF is a science that </a> <a title="DFM39 - Online page 52" href="https://secure.viewer.zmags.com/publication/8cd3f7ae?page=52"> FEATURE ENTRY (“solvers”) have allowed to occ</a> <a title="DFM39 - Online page 53" href="https://secure.viewer.zmags.com/publication/8cd3f7ae?page=53"> Real Cases: File Sharing Hypotheses A Judge reque</a> <a title="DFM39 - Online page 54" href="https://secure.viewer.zmags.com/publication/8cd3f7ae?page=54"> FEATURE ENTRY The preferences list (rela</a> <a title="DFM39 - Online page 55" href="https://secure.viewer.zmags.com/publication/8cd3f7ae?page=55"> Figure 5. Matrix from GPS Device Positions </a> <a title="DFM39 - Online page 56" href="https://secure.viewer.zmags.com/publication/8cd3f7ae?page=56"> MORE THAN A MAG Digital Forensics Magazine prides</a> <a title="DFM39 - Online page 57" href="https://secure.viewer.zmags.com/publication/8cd3f7ae?page=57"> </a> <a title="DFM39 - Online page 58" href="https://secure.viewer.zmags.com/publication/8cd3f7ae?page=58"> FEATURE INTERMEDIATE Human Super Recognisers Mic</a> <a title="DFM39 - Online page 59" href="https://secure.viewer.zmags.com/publication/8cd3f7ae?page=59"> This added to the work of Dr Anna Bobak fro</a> <a title="DFM39 - Online page 60" href="https://secure.viewer.zmags.com/publication/8cd3f7ae?page=60"> FEATURE INTERMEDIATE The existen</a> <a title="DFM39 - Online page 61" href="https://secure.viewer.zmags.com/publication/8cd3f7ae?page=61"> that losses from shoplifting have now reached ove</a> <a title="DFM39 - Online page 62" href="https://secure.viewer.zmags.com/publication/8cd3f7ae?page=62"> FEATURE INTERMEDIATE In addition</a> <a title="DFM39 - Online page 63" href="https://secure.viewer.zmags.com/publication/8cd3f7ae?page=63"> important contribution as data and imagery sharin</a> <a title="DFM39 - Online page 64" href="https://secure.viewer.zmags.com/publication/8cd3f7ae?page=64"> FEATURE ENTRY Operation Bitcoins The fo</a> <a title="DFM39 - Online page 65" href="https://secure.viewer.zmags.com/publication/8cd3f7ae?page=65"> as part of the case file that I had a pendrive wit</a> <a title="DFM39 - Online page 66" href="https://secure.viewer.zmags.com/publication/8cd3f7ae?page=66"> FEATURE ENTRY September</a> <a title="DFM39 - Online page 67" href="https://secure.viewer.zmags.com/publication/8cd3f7ae?page=67"> as well as the system that was hacked. He is </a> <a title="DFM39 - Online page 68" href="https://secure.viewer.zmags.com/publication/8cd3f7ae?page=68"> FEATURE ENTRY Conclusio</a> <a title="DFM39 - Online page 69" href="https://secure.viewer.zmags.com/publication/8cd3f7ae?page=69"> </a> <a title="DFM39 - Online page 70" href="https://secure.viewer.zmags.com/publication/8cd3f7ae?page=70"> 360 36 Letters, emails, tweets, connections and m</a> <a title="DFM39 - Online page 71" href="https://secure.viewer.zmags.com/publication/8cd3f7ae?page=71"> TWITTER We are regularly tweeting tools, tips and</a> <a title="DFM39 - Online page 72" href="https://secure.viewer.zmags.com/publication/8cd3f7ae?page=72"> LIBRARY SUBSCRIPTIONS NOW AVAILABLE You can get</a> <a title="DFM39 - Online page 73" href="https://secure.viewer.zmags.com/publication/8cd3f7ae?page=73"> NEXT ISSUE NEXT Issue Continuing our aim of bring</a> <a title="DFM39 - Online page 74" href="https://secure.viewer.zmags.com/publication/8cd3f7ae?page=74"> </a> <a title="DFM39 - Online page 75" href="https://secure.viewer.zmags.com/publication/8cd3f7ae?page=75"> BOOK Reviews T he is t</a> <a title="DFM39 - Online page 76" href="https://secure.viewer.zmags.com/publication/8cd3f7ae?page=76"> REVIEWS BOOKS W </a> <a title="DFM39 - Online page 77" href="https://secure.viewer.zmags.com/publication/8cd3f7ae?page=77"> BACK ISSUES BACK Issues 37 Mitigating the Nightma</a> <a title="DFM39 - Online page 78" href="https://secure.viewer.zmags.com/publication/8cd3f7ae?page=78"> IRQ IRQ Artificial Stupidity? R </a> <a title="DFM39 - Online page 79" href="https://secure.viewer.zmags.com/publication/8cd3f7ae?page=79"> </a> <a title="DFM39 - Online page 80" href="https://secure.viewer.zmags.com/publication/8cd3f7ae?page=80"> </a>