Digital forensics workshop with Simon Biles

by Gwenyth Rooijackers

A group of 8 persons gathered on Wednesday the 25th of April to start off the conference with Simon Biles’ workshop on digital forensics. As life moves more and more into the digital world, so does crime. Simon Biles gave us a short introduction to a key part in this rather new area of prosecution.

The day started with a look at the life in digital forensics. Along with a couple of insights into the emotional aspects of being an expert witness in digital forensics, we looked at the handling of evidence and guidelines by the Association of Police Officers.

In the scenario set up for the workshop, we were acting for the prosecution. The case regarded a group of people accused of stealing cars, creating new VINs, copying keys etc. After a raid on the garage only a 1 GB USB-drive was recovered. We are here to examine this USB-drive.

Before even having lunch, Biles guides us through imaging the content of the drive without making any changes to the drive itself (i.e. the evidence), mounting the image to access stored information and a browse through the partitions of the drive. We also had a look at the deleted files (including the file evil_plans.txt revealing the plans of the criminals 🙂 ).

In the afternoon we were introduced to Autopsy. This programme allows us to get a quick, automated overview of the examinations we did manually before noon.

To round up the workshop, there was a nice discussion with questions to the speaker. Thank you for today, Simon!

Want to learn more about digital forensics? Biles recommended Forensic Computing: A Practitioner’s Guide by Anthony Sammes and Brian Jenkinson for an introduction to digital forensics or File System Forensic Analysis by Brian Carrier for an introduction to file systems.