Attending conferences is a crucial way our staff can keep up to date with cutting-edge research, be introduced to important new ideas and perspectives, and help inspire and support the next generation of cyber security professionals. Our ID Cyber Solutions Conference Report series aims to showcase some exciting and ground breaking ideas presented at these events.
Report by Cary Hendricks, Global Operations Director
The 9th INTERPOL Digital Forensics Expert Group (DFEG) conference ran from 19–21 June 2024 at Edinburgh Napier University.
The event was very well attended by law enforcement officers from all over the world coming to Scotland where the event was held for the very first time. Many thanks to The Cyber Academy (particularly Basil Manoussos) and the School of Computing, Engineering and the Built Environment at Edinburgh Napier University, which hosted the event.
The three days were packed with exciting and valuable talks, and it would be impossible to write about every talk. The summaries below represent just a small selection.
Day 1
AI was covered extensively, including the advances in AI’s role in law enforcement and how it has had a very pronounced effect, in that it can make digital forensic investigations much faster by doing very monotonous tasks and then processing the results from those tasks. Tasks that used to take weeks, and sometimes months, can now be processed in a few hours.
The role of AI is changing. For example Dr Hans Henseler from the Netherlands Forensic Institute and Leiden University of Applied Sciences showed how Copilot could be made extremely useful in trawling through huge amounts of data. The main objective was to keep the AI from external influences and only work on the data it was given. Adding this capability to their forensic software (Hansken) means they can now offer DfAAS (digital forensics as a service).
Adrien Vincart from PWC gave a fascinating insight to further extend digital forensics using AI, where resources are very scarce and the process needs to accelerate to enable investigators and researchers to investigate and deliver their results in a timeous fashion. Waiting times of many months, even years are now slashed to very manageable timescales, freeing up investigators.
Scott Fitzmaurice, Forensic Analytics, showed how behavioural investigation in location data could be used along with AI to process a huge amount of location data from various devices, including vehicles.
Another excellent presentation by Pavel Goldman-Kalaydin showed the extraordinary tasks that law enforcement now face with the advent of deepfake images and videos and the investigation of those materials. The research and techniques show that AI is getting better at generating the data but using AI to spot those AI generated images is key without human bias.
Along the same track Marco Fontani gave a complementing insight on how deep learning is vital for image and video forensics. These techniques were based on clearing up very poor digital images like, for example, vehicle registration marks (number plates to us).
A particular challenge that law enforcement faces is child sexual abuse material (CSAM) and Ian Stevenson from Cyacomb gave a compelling talk about how new technology is supercharging the fight against this. No longer would victims have to wait months before any action, but also any accused can now be processed really quickly (minutes...) and be given the all clear or notice that they would be charged for offences.
Day 2
Following from the previous day, the focus was on triage: how to quickly find out what is important and focus on that. This has had a profound way how cyber security and digital forensic incidents are being investigated.
Simon Foster, Detective Inspector – POLIT, gave an hopeful account of how technology is making the investigations go a lot faster by citing examples where the technology has excelled. The time to get information, processing, and reacting made a huge difference in protecting children who are being abused. This massively reduced the trauma and increased the prosecution of individuals who perpetrate these crimes.
Alex Caithness, Principal Analyst (R&D), CCL Forensics gave an in depth discussion of open tools for browser forensics. Although this was an product agnostic talk, it delved into the technology that makes up a browser and how it can be investigated. It added valuable information to any investigator who can now extract more information from artifacts than what some forensic products can do. This gave a real insight of how far we have come, but also how long the path is forward.
Stephen Lewington, BERLA gave an excellent presentation about vehicle telematics (the stuff the car stores about you) and how it is used to investigate crimes. This is vital for law enforcement but also has information useful to insurance companies. Some of the data is stored only for the short time but can drastically assist in the investigation into fatal road accidents. The talk also includedinformation on how you could ensure that only the necessary data was being stored and how that data is being used by your vehicle.
Some of the futuristic investigations ventured into the Metaverse, that AI online world where avatars rule the day... We heard a great presentation by Sundaresan Ramachandran on how crimes are committed in the Metaverse and how law enforcement would go about investigating it. From NFT (Non Fungible Tokens) to crypto currency, all of it had links to our “real world”. This is an area where investigations are going to grow a lot in the future.
Day 3
This was a day featuring lots of weird and esoteric technologies. It started with data acquisition from ‘non-standard’ devices. These devices might be medical devices, for example, or devices that can provide information (like logs) but have absolutely no interface to provide that information. This was a deep dive into collecting that information.
Other presentations were more about automotive cyber security and the challenges and opportunities to obtain data for investigations. All the weird and wonderful technology that surrounds us can help to give a fuller picture of what really happened. For those who are thinking that this is a massive surveillance exercise, it is not. It is the information at the point in time to help figure out what happened and from a safety point improve and save lives in the future.
The future is here, but as investigators we are being overwhelmed with data and it is technology’s role to make it easier to make sense of it all.