DFS101: 1.1 Introduction to digital forensics

(upbeat music) - Welcome back everyone. Today we're going to be talking a little bit about what you can actually do with digital forensics. You've started this course, you might be thinking, "What am I gonna learn and how can I actually use it?

" So today we're going to go through what exactly do you learn whenever you're doing digital forensics? And how can you use the skills that you acquire? What can you do afterwards?

So digital forensics actually teaches you quite a few things. First, we learn how computers work. So this is the basis of doing digital forensics, you have to understand how computers work, how mobile devices work, how networks work to be able to investigate these digital devices.

So the biggest thing is that you actually learn how computers and computer systems work. We understand, or we learn how data is stored and accessed. Going through digital forensics, you get a good understanding of how data actually travels through the internet, how and where it's stored on our devices, on our phones, in the cloud, all of these different things.

And that type of information, if you understand how and where data is stored then a lot of other things start to make sense to you, for example, legislation that's being passed in your country. So if you understand where data is at and what information is contained in that data then you get a better understanding of maybe how you want to protect that data or how that data should be accessible to other people. Next, how to manage large amounts of data efficiently.

So all of us now we live in a very connected society. We all have computers and a lot of devices and we have a lot of data, some of which is personal information that we don't want shared, some of it is not personal information that maybe we don't mind sharing, but we get a better understanding of how to first off manage and organize that data and find the things that we're looking for easier. So imagine your computer at home, you might have files from the last 10 years.

If you want to find something from 10 years ago how do you actually find it efficiently and quickly? So whenever you think about digital forensics, it gives you this better idea about where data's located, how you can find that data very quickly and efficiently where other people who aren't used to managing data it might take them a much longer time. And all of this of course translates into our everyday lives, I wanna find a KakaoTalk message very quickly that contains an address.

Well, how can I do that faster than my friends basically? Doing digital forensic investigation also teaches you how to think logically. So whenever we're doing an investigation, we have to go through this logical thought process to put all of this potentially evidence together to support or deny some hypothesis that's being made.

And we'll talk about what a hypothesis is in later lectures, but this this logical thought process going through and thinking about how do we actually make arguments? How do we actually convince people that we are right? How do we know that we are right?

A lot of people don't actually formally think about why they think something is correct. So doing digital forensic investigation helps you to at least see the argumentation structure, whenever you're making some claim, it helps you to have kind of this evidence-based reasoning or learn how to do evidence-based reasoning that's usually much stronger than what kind of an average person would have, who has never studied either argumentation or investigation before. So digital investigation also can change the way a little bit that you think, you'll be much more objective, you'll be much more evidence seeking afterwards and hopefully you'll be more correct.

And that's really what we're aiming for is correctness and truth. How to connect concepts. So again, doing digital investigation, we need to look at a lot of different data sources, maybe a lot of different devices.

A server in another country, a computer, maybe in Korea a cell phone in the United States, something like that. And we have to take all of the evidence we can get from all of these different sources and make essentially a story out of it. Can we reconstruct the story of what happened in this particular cyber crime or this particular criminal action that we're investigating?

So we need to think about or we do think about how to actually connect these concepts. And if you don't practice actually putting concepts together most people tend to make a lot of assumptions about what happened rather than again, finding evidence and thinking logically about it. So learning digital investigations also helps you connect sometimes relatively abstract concepts, connect them a little bit better, or gives you the practice to connect them a little bit better.

And then finally how to write and communicate. So writing and communication is extremely important everywhere in the world. Now we are a country I guess, developed countries are the countries that are producing ideas.

We need to produce and very clearly state what our ideas and what our positions are. And doing digital forensic investigation, like I said, teaches you how to think critically but it also helps you to actually communicate in your writing and your statements in a very objective and hopefully truthful and supported type of way. So writing and communication is extremely important.

Again, everywhere, we need to be able to communicate effectively with whatever we're trying to say and doing digital forensic investigation helps you to communicate because every sentence you're saying or claiming, every claim you make, you have to ask yourself, is this actually true or not? And in our everyday lives, we don't usually assess whether our claims or every single claim is true or not, sometimes we make assumptions but with digital investigations you can't. So it kind of helps you to communicate more effectively and be able to support again, your reasoning.

So all of these things, how computers work, how data is stored an accessed, how to manage large amounts of data efficiently, how to think logically, how to connect concepts, and how to write and communicate effectively. This is what you learn in digital forensic investigations but where can you apply this? Well, you can apply it literally in everything.

Everyone is using technology now, everyone is trying or is communicating constantly. We are constantly communicating with each other and we don't communicate very well. A lot of people make assumptions.

You've probably heard a lot about fake news now. How can fake news exist, if everyone was actually critically analyzing and looking for evidence for every claim that was being made? It couldn't.

So not only do these skills help you in your everyday life to assess and evaluate in a reasonable way, what's true and what's false, but it also helps you potentially in every job. So think about any job that you might want to get, you will have to communicate effectively with people. You will have to evaluate whether, what you are telling them and what they are telling you is true or not.

So every basically job and your daily lives will be greatly affected by the skills that you can learn in here. So I don't want you to think that by learning digital forensics you're only getting technical skills. No, if you wanna do digital forensic investigation well, you really have to evaluate how you think and question why you think the way you do.

And if you can do that, you will be extremely effective at basically any job. So although we are teaching you the technical skills, it applies to a much greater area than just digital forensic investigation. So what can you do with digital forensics?

Just like I said, almost anything really. Whenever you learn digital forensic investigation if you have a good idea about how computers work, maybe you learned a little bit of programming, maybe you know how computers work, maybe you know how data is stored and you're interested in legislation. Well, I mean, you can apply those areas that knowledge to many many different areas that are extremely needed right now for example, information security.

So common jobs, I have a list here are, for example police. Police in almost every country have at least one digital forensic laboratory but some police officers, for example, Korea there's over a thousand digital investigators in Korea and it's growing, I mean, it's not getting smaller and they are constantly busy with the amount of cyber crime they have. So law enforcement, police have a lot of positions doing digital forensic investigation, prosecution services as well.

Almost every country has a digital forensic lab or group within the prosecutors to validate and check examples. Korea also has a relatively large digital forensics analysis team in the Korean prosecution. Military, military in almost every country are investing heavily in cyber, the cyber area.

Now a lot of that is offensive. So trying to get people who can hack and potentially defend against hacking, so security experts, but some of that or quite a bit of it is also including digital forensic investigations. Most of those people need to know how to do some digital forensics if they want to understand how different attacks work.

So in the military, digital forensics and offensive and defensive security usually go hand in hand but there are a lot of positions in military and basically every country. Intelligence services, so for example, like the CIA, in Korea, the NIS, they also have digital forensic investigations services or essentially the same type of services as police, military and prosecutors. Because all of our communications now are over some sort of digital media they are very interested, for example, if a terrorist is planning something using their cell phone, well, if we get the cell phone, how can we actually extract that information about the terrorist's plan?

So intelligence services also invest a lot in information security and digital investigations. That's kind of the government sector. So most government organizations probably have at least some interest in digital forensic investigation directly.

And that's not even considering the information security aspects other than just direct digital forensic investigator jobs. Law firms, consulting companies, and banks. So banks obviously are very interested in securing their products and they get hacked a lot.

Whenever they actually have some sort of hack happen, they have to understand what happened so they can fix it and that is digital forensic investigation. Most banks tend to either hire full-time a consulting company that does digital forensics or more likely they have some digital forensic capability in house. So they hire digital forensic investigators to help secure their infrastructure.

Law firms and consulting companies are usually doing something like e-discovery, which is very similar to digital forensics with usually the goal of a civil investigation rather than a criminal investigation, which we'll talk about. But law firms, most of the big law firms in Korea and the rest of the world have digital forensic investigators working full time and providing services. Corporate investigators, so think about any big company basically, any actually medium to large company, they're all using technology.

And they're all usually using that technology for human resources management, financial transaction management, things like that. And they are constantly being targeted by cyber criminals. So a lot of big companies also hire digital forensic experts internally to help secure their network and help investigate whenever something happens.

So again, that's most companies. So most companies, most government organizations, law firms, consulting, banks, that's most business basically in every country. Reporters and NGOs.

So reporters now I see a lot of non-governmental organizations and also agencies, reporting agencies using some type of digital forensics. For example, there was a recent case where JTBC analyzed a tablet, they got a tablet from a desk, they analyzed the tablet to try to extract the information from the tablet. Now, did they use digital forensic practices for that?

I actually don't know, I didn't hear how they extracted it. If they just turned it on and started looking through everything, then how do we know that they didn't change something? Nobody asked that question because it's not a criminal investigation, they just found it and they claim they had it.

But whenever they found that tablet or any digital device, they should be going through very specific digital forensic investigation processes to extract the information in a way that everyone can trust. Now whether they did that or not, I'm not sure but reporters also needs to understand technology and how to manage data whenever they're running a story about technology. Non-governmental organizations are also working a lot more related to cyber crime.

They understand for example, networking and how networks work and they are helping to push governments to combat cyber crime a little bit more effectively whenever they think government is ignoring different problems online. So there's been a lot of that recently. And then there's also just the normal jobs.

I can say, normal, the jobs that have existed for a long time, PC technician and network administrator. If you understand digital forensic investigation well, then that means you understand computers. If you understand computers well enough, then you can be someone who fixes computers or manages networks or anything related to technology basically.

And again, almost every company has some sort of PC technician or network administrator in their company. It's an extremely important job. And with digital forensic investigation skills you not only understand how to manage computers but also how to secure them potentially and investigate them if something happens.

So there's a lot more value if you understand how to do digital forensic investigations whenever you're doing administration. So don't overlook basically the older technical jobs as well digital forensic investigation helps you to get in any of those areas. Like I said, almost all companies use computers for service or finances.

All companies that are providing a service even by email, if their email gets hacked, they need some investigation so they understand how that happened and how they can secure themselves in the future. Everyone is using technology, that means that basically any type of area you wanna go in, that's related to technology, digital forensic investigation can help you to get started in that area. So here I have, how do you start?

A lot of people actually recently have asked me, how do you start in digital forensic investigations? And I would say, if you have no experience at all, the CompTIA A+ Certification about basically hardware and software, computer hardware and software is a good certification to start if you want. Or I also recommend a book called "Operating System Concepts" which I have in the slides, that book will tell you basically everything about how a computer in general works.

And then it gets to some more advanced topics later but it's an incredibly good book to get started with. So if you want to read that book, it's a little bit long, but if you wanna read that book before you actually get started with this course, I highly recommend "Operating System Concepts" and it's currently in its ninth edition. This course, you can read that book of course, to get an idea of how computers and how technology works, but you don't have to.

In this course, we assume that you don't really know anything about maybe even computers or digital forensics. We try to take you from the basics, the very beginning. So if you don't know anything, no problem, you can still follow this course okay, but if you have that background information, it will help you a lot in the future.

There's also a free online book, it's the "Linux Leo Beginner's Guide" and that book helps to teach you about Linux Command Line. how the Linux operating system works and how Linux Command Line works. I also recommend learning Windows Command Line.

So a lot of people know how to use Windows, very few people know how to use Windows Command Line. So basically for starting, I highly recommend understanding how computers work and a little bit about operating systems, Linux, Mac, OSX, and also Linux Command Line, Windows Command Line. The reason I recommend command line is because the more you know, the more you know about it, the more you'll be able to navigate a computer and basically do a lot of more advanced topics or more advanced commands later.

So a lot of people ask me, do I need to know programming? To be a digital forensic investigator, do I need to be a professional programmer or a mathematician or some sort of math wizard? No, not necessarily.

I know a lot of digital forensic investigators that know almost no programming at all. Now, if you learn programming of any type, it will help you. I write a lot of programs that help me do digital forensic investigations, but I don't have to.

So if you are interested in programming, I highly recommend you try to learn at least one language just to get an idea of it. It will also help you again, programming skills help you in a lot of different areas as well but you don't have to learn programming to be a good digital forensic investigator, but it will help you. If you want to learn some programming languages, I just have an order of the languages that I tend to use top to bottom.

Recommended languages would be Linux Bash, again Linux Command Line, and writing scripts for that, Python, HTML5 and JavaScript. Go is a relatively new language, so Go Lang. C and C++, Perl and Java.

So I use Linux Bash by far the most and then Python kind of second, HTML and JavaScript is probably third, Go Lang probably fourth. And then how do you keep learning? Basically read a lot.

Our last lecture is how to do research in digital investigations, so we'll talk more about that later and also practice a lot. There are a lot of challenges provided online, digital investigation challenges from digital investigation communities. So if you want to practice doing digital forensics, go online, search for digital forensic challenge and you'll find a lot of different kind of like online exams.

They give you these problems, you have to use digital forensic techniques to solve them. And they are a really good way for networking, to meet other people who are interested in digital forensics and also a good way to learn what current problems are and how to solve those problems. So I highly recommend trying to build a community or getting involved in the community and learning as much as possible.

So we'll talk about all of these topics much more throughout the course. Thank you very much.