Friends of the University of New Haven Library: Dr. Baggili – "Personality Pathology Within…"

[Dr. Abe Baggili]: Thank you for coming, and like I asked before – I’d like to ask one more time – who’s here [Dr. Abe Baggili]: for extra credit? Okay [Dr. Abe Baggili]: Who’s here because they want to? [Dr. Abe Baggili]: And you guys are here because you have to, I get that [Dr. Abe Baggili]: Well thank you for coming and I think what you’ll find – maybe, maybe not – but I think [Dr. Abe Baggili]: more than likely you’ll find that the topic within cyber forensics or digital forensics [Dr. Abe Baggili]: is a very timely, very interesting topic – not because I think so, because it really [Dr. Abe Baggili]: truly is given the scope and the landscape of what’s happening in cyber security, which [Dr. Abe Baggili]: you hear about every single day [Dr. Abe Baggili]: So let’s – let’s break some misconceptions to start off with [Dr. Abe Baggili]: So how many of you think that computer science majors do certain things? [Dr. Abe Baggili]: So this is what friends think I do – this is what my mom thinks I do, this is what my [Dr. Abe Baggili]: dad thinks I do, this is what society thinks I do – which is the matrix – what I think [Dr. Abe Baggili]: I do – . In reality what I do is break computers all the time [Dr. Abe Baggili]: That’s pretty much what we do in computer science, is we find ways to break computers [Dr. Abe Baggili]: in order to improve them [Dr. Abe Baggili]: That’s kind of the underlying thing [Dr. Abe Baggili]: When you’re talking about information security – and you’ll notice I have a couple of memes [Dr. Abe Baggili]: on there – hopefully you’ll smile – if you’re not smiling then you’re weird, I’m not weird [Dr. Abe Baggili]: But information security is part of the sub-discipline of what I’m talking about as well [Dr. Abe Baggili]: What my parents think I do is that I’m a hacker [Dr. Abe Baggili]: What users think I do, what society thinks I do, what my boss thinks I do, what IT managers [Dr. Abe Baggili]: think I do – what I actually do is sit in lab and play with things all day [Dr. Abe Baggili]: Here’s another one [Dr. Abe Baggili]: What my friends think I do, what my mom thinks I do, what society thinks I do, what my boss [Dr. Abe Baggili]: thinks I do, what I think I do, and what I actually do is what the cat’s doing [Dr. Abe Baggili]: You will find that there’s some sort of a correlation between eclectic people and cats [Dr. Abe Baggili]: Security analyst – what my friends think I do, what my mom thinks I do, what society [Dr. Abe Baggili]: thinks I do is print money of course – my boss thinks I do, what I think I do – I think [Dr. Abe Baggili]: of myself as a ninja – you can see I’m not a ninja [Dr. Abe Baggili]: What I actually do is play with servers all day [Dr. Abe Baggili]: Now here’s why I put this in there – because we’re talking about computer science, we’re [Dr. Abe Baggili]: talking about information security, and now we’re talking about forensic science [Dr. Abe Baggili]: Because all these three things is what I have to do [Dr. Abe Baggili]: It’s not just one thing that I have to do [Dr. Abe Baggili]: I have to understand computer science, I haveto understand information security, and I [Dr. Abe Baggili]: also have to understand forensic science [Dr. Abe Baggili]: What my friends think I do, what my mom thinks I do, what society thinks I do, what criminals [Dr. Abe Baggili]: think I do, what I think I do – what I really do is document and write reports quite a bit, [Dr. Abe Baggili]: which is a lot more boring than what you see in CSI [Dr. Abe Baggili]: How many of you watch CSI? [Dr. Abe Baggili]: How many of you like CSI? [Dr. Abe Baggili]: How many of you think that CSI is real? [Dr. Abe Baggili]: Nobody put their hand up, that’s interesting [Dr. Abe Baggili]: So let’s talk about some quick facts [Dr. Abe Baggili]: The USA is ranked number three in the in the number of mobile users worldwide [Dr. Abe Baggili]: These are the number of mobile phones, and that’s the population [Dr. Abe Baggili]: As you can see, the number of phones is larger than the population [Audience Member]: Hey, I’ve got two [Dr. Abe Baggili]: There you go [Dr. Abe Baggili]: People have two, three – does anyone have more than one phone? [Dr. Abe Baggili]: No? [Dr. Abe Baggili]: You do? [Dr. Abe Baggili]: One for one girlfriend and – . Separate your life [Dr. Abe Baggili]: Is that how it works? [Dr. Abe Baggili]: USA is ranked number two in the number of internet users – who do you think number one is? [Audience Member]: China? [Dr. Abe Baggili]: China [Dr. Abe Baggili]: 90% of American adults have a cell phone, 58% of American adults have a smartphone, [Dr. Abe Baggili]: 32% of American adults own an eReader, 42% of American adults own a tablet [Dr. Abe Baggili]: The penetration of technology is ridiculous [Dr. Abe Baggili]: Think about that for a second [Dr. Abe Baggili]: Think about what you do with your phone every single day [Dr. Abe Baggili]: Why are you smiling? [Dr. Abe Baggili]: Stop Snapchating [Dr. Abe Baggili]: Is that what you’re doing? You’re Snapchating [Dr. Abe Baggili]: No? Okay [Dr. Abe Baggili]: But you did at some point, right? Yeah [Dr. Abe Baggili]: Looking at some reports – and this is a report from Verison – in terms of data breach investigations, [Dr. Abe Baggili]: you can see there are multiple sectors that are effected when it comes to cyber security, [Dr. Abe Baggili]: it’s not just one sector

[Dr. Abe Baggili]: It’s not like they just attack education [Dr. Abe Baggili]: What really – I find interesting is many of these reports don’t touch on how much education is effected [Dr. Abe Baggili]: You see our website going down every once in a while, right? [Dr. Abe Baggili]: I wonder why. Does anyone know why? [Dr. Abe Baggili]: No we don’t know why [Dr. Abe Baggili]: Like, we’re isolated from the reasons why our website goes down [Audience Member]: They keep telling us they have to do updates [Dr. Abe Baggili]: Could be a security update [Audience Member]: Oh, of course [Dr. Abe Baggili]: Public sector, energy, utility, healthcare, travel – all of the sectors you can think [Dr. Abe Baggili]: about are actually effected when it comes to information security [Dr. Abe Baggili]: Here’s some more quick facts – and this is from 2013, so you’d expect things to change by 2014, and 2015 [Dr. Abe Baggili]: 6.5 million malware created in the first quarter of 2013 [Dr. Abe Baggili]: If you don’t know what malware is, it’s malicious software. Bad software [Audience Member]: Does that mean different malware? [Dr. Abe Baggili]: Yes [Dr. Abe Baggili]: One out of 5 online adults has been a victim of social/mobile crime [Dr. Abe Baggili]: 1.5 million cyber crime victims per day in 2013 [Dr. Abe Baggili]: 67.6% global spam rate, with the highest being sex/dating spam [Dr. Abe Baggili]: Think about that for a second [Dr. Abe Baggili]: The list goes on, I don’t want to bore you with stats, I just want to possibly shock [Dr. Abe Baggili]: you, or maybe not. Maybe you don’t care. You should though [Dr. Abe Baggili]: There’s a new survey by Price Water – Price Water House Cooper, 2014 [Dr. Abe Baggili]: Banking and finance, government, healthcare, information telecom – big one right now – insurance, right [Dr. Abe Baggili]: Before the whole Anthem deal, we didn’t really talk about insurance companies being effected, [Dr. Abe Baggili]: but in reality they were being effected, but we just didn’t really talk about it – but [Dr. Abe Baggili]: now there’s something big that happened – boom – the media takes it and now we’re talking [Dr. Abe Baggili]: about it all of the sudden [Dr. Abe Baggili]: And the question is – are we safe? [Dr. Abe Baggili]: Well, we did a small study where we tested about 19 applications that are – that are [Dr. Abe Baggili]: used by most of us youngsters – I consider myself young – stop laughing – and we found [Dr. Abe Baggili]: that a lot of them are not secure [Dr. Abe Baggili]: Meaning that the data can be leaked very easily from the applications, and it could be intercepted [Dr. Abe Baggili]: very easily from these applications [Dr. Abe Baggili]: And I don’t know if you saw, but we put the videos on YouTube, they went viral, media [Dr. Abe Baggili]: caught onto it, but before we did that, we actually contacted all the companies, we informed [Dr. Abe Baggili]: them that there are security vulnerabilities with their apps [Dr. Abe Baggili]: You think they responded? They didn’t respond [Dr. Abe Baggili]: Then we went public with it, then they responded. One week later, a lot of them were patched [Dr. Abe Baggili]: But I’m gonna show you a quick video of one of the videos from that [voice-over]: Hi, I’m a member of the University of New Haven’s [voice-over]: Cyber Forensics Research and Educations Group, and throughout five videos we’ll be showcasing [voice-over]: security issues in over a dozen android apps [voice-over]: The goal of this research is to inform both the user and the developer of these issues [voice-over]: This is day one of five [voice-over]: Today’s we’ll be looking at security issues in instagram, OkCupid, and ooVoo [voice-over]: For the network analysis, we created a test network using Windows 7 virtual mini-port adapter – [Dr. Abe Baggili]: So if you pay attention to me – what we did was we created a wireless network on [Dr. Abe Baggili]: the computer, we connected our phone to it, and them we started testing the applications [Dr. Abe Baggili]: to see if we can intercept any of the data that’s being sent from and to the phone [voice-over]: – so we created out test network, had our android device connected to the test network, started [voice-over]: up NetworkMiner, had the android device send a picture in Instagram Direct, and once that picture [voice-over]: was sent, it was picked up in NetworkMiner [voice-over]: Next, we’ll have the IOS device send a picture to the android device [voice-over]: And once that picture was viewed, it was picked up in NetworkMiner as well [voice-over]: We recorded network traffic in Wireshark to see if files remained on the server [voice-over]: For instagram, we found an image that we sent weeks ago still on their server, unencrypted, and without authentication [voice-over]: Next, we opened up OkCupid, and went to the keywords tab in NetworkMiner

[voice-over]: We set a key word as Uncle Tido, and once the device sent the phrase Uncle Tido, it was picked up over [voice-over]: http, and in the context tab we can see what was sent, and who it was sent to [voice-over]: So next we opened up ooVoo and had the android device send they key phrase “sparkle horse”, [voice-over]: and once it was sent, it was picked up in NetworkMiner – [Dr. Abe Baggili]: You get the point [Dr. Abe Baggili]: The point is, you’re using these applications every single day to send things that are personal, [Dr. Abe Baggili]: that are private, and that you have the impression – or the perception – that some of these things are secure [Dr. Abe Baggili]: As long as you’re connected to a wifi network in a coffee shop, someone that knows just [Dr. Abe Baggili]: a little bit – which we call a script kiddy – someone that doesn’t have to know a lot about technology, [Dr. Abe Baggili]: can just use existing tools, just like we did, sniff the network – boom – capture everything [Dr. Abe Baggili]: you’re sending back and fort – if there is not encryption in place [Dr. Abe Baggili]: So after we did this and we released it – and by the way, the amount of people – that the [Dr. Abe Baggili]: vulnerabilities we found affect about 1 billion users [Dr. Abe Baggili]: So you can imagine – one billion users can be effected because of this stuff [Dr. Abe Baggili]: That’s not something – that’s not a small thing, it’s actually quite a big thing [Dr. Abe Baggili]: Now what I do in most of my career – and what my students help me do – and what they do [Dr. Abe Baggili]: as well – is we focus on the investigative aspect [Dr. Abe Baggili]: There’s a protection aspect, of course, but we focus on if an incident does occur, what do you do? [Dr. Abe Baggili]: How do you stop it from happening if you learn what happened in the first place? [Dr. Abe Baggili]: But in forensics that’s typically what happens right? [Dr. Abe Baggili]: Something happens, then you start investigating [Dr. Abe Baggili]: But the process of how you investigate – the techniques, the tools – are built on computer [Dr. Abe Baggili]: science foundations [Dr. Abe Baggili]: And, not to mention you have to have investigative skills [Dr. Abe Baggili]: But in forensic sciences across the board – it doesn’t matter what forensic science [Dr. Abe Baggili]: you talk about – weather it’s chemistry, or weather it’s digital, there’s two things that [Dr. Abe Baggili]: make forensics, forensics, and if they’re not there, then you’re not doing forensics [Dr. Abe Baggili]: If there’s no law, and there’s no science to what you do, then you’re not doing forensics, [Dr. Abe Baggili]: you’re doing something else, and that’s something you have to keep in mind So what we do in my domain, most of the [Dr. Abe Baggili]: time, is we try to find ways to extract digital evidence [Dr. Abe Baggili]: So for example, the latest thing that we did – which we sent in for publication – is how [Dr. Abe Baggili]: do you extract evidence from smart watches? [Dr. Abe Baggili]: What is the process of taking a smart watch and extracting evidence from the smart watch? [Dr. Abe Baggili]: Who can, for example, tell me what evidence you think we can get from a smart watch? [Dr. Abe Baggili]: Come on, let’s be interactive here [Audience Member]: Pictures and texts [Dr. Abe Baggili]: Text messages – does anyone know what smart watches do? [Audience Member]: They connect to you’re phone [Dr. Abe Baggili]: They connect to your phone, they sync with you’re phone, and what -what sort of thing [Dr. Abe Baggili]: can you do with a smart watch? [Audience Member]: Notifications on email [Dr. Abe Baggili]: Notifications from email – what else? [Dr. Abe Baggili]: Yes? [Audience Member]: Answer phone calls [Dr. Abe Baggili]: You can answer phone calls with some models, yes. What else? [Audience Member]: [inaudible comment] [Dr. Abe Baggili]: Yeah – so number of steps you take, right? [Dr. Abe Baggili]: So now I know the number of steps you take – I can also know you’re heartbeat [Audience Member]: Location? [Dr. Abe Baggili]: Location, especially if you’re syncing up with a phone [Dr. Abe Baggili]: So now think about this for a minute, investigative perspective – if I can find a way to get all [Dr. Abe Baggili]: this data, and I can correlate it, I can, perhaps, predict some of the thing’s you’re doing [Dr. Abe Baggili]: If I know you’re heart rate was really high, and you’re steps were going – you were moving [Dr. Abe Baggili]: quite a it – then I know perhaps you were running [Dr. Abe Baggili]: If I know that you were not walking and you’re heart rate shoots up, and it’s still up, then [Dr. Abe Baggili]: you might be doing something else – I’m not saying what it is, but it could be something else [Dr. Abe Baggili]: Just – I’ll leave that open to you’re imagination [Dr. Abe Baggili]: Especially if you are next to – I don’t know – you’re in Las Vegas, somewhere remote, and [Dr. Abe Baggili]: all of the sudden you’re heart rate shoots up, and we have you’re GPS location, and you [Dr. Abe Baggili]: say, “Oh, I didn’t do that” – Yeah, you did. Probably [Dr. Abe Baggili]: I haven’t – I have something that says perhaps that’s what you did [Dr. Abe Baggili]: So it’s interesting with what you can predict, to some extent, when you can augment this [Dr. Abe Baggili]: data, when you can correlate it

[Dr. Abe Baggili]: All of the sudden we have a lot of things that we can tell about you [Dr. Abe Baggili]: And that’s good from an investigative perspective, right? [Dr. Abe Baggili]: It’s bad from a privacy perspective, which we’ll touch on in a second [Dr. Abe Baggili]: But the overall field of cyber forensics – if you can think of an umbrella, there’s an umbrella [Dr. Abe Baggili]: called information assurance, cyber security, other terms – information security, digital [Dr. Abe Baggili]: security, e-security, so on and so forth [Dr. Abe Baggili]: You have this umbrella, and under it, you have this area called incidence response [Dr. Abe Baggili]: How do you respond to an incident when it does, in fact, happen? [Dr. Abe Baggili]: And this effects multiple different areas, like law enforcement, private sector, public sector, and academia [Dr. Abe Baggili]: We’re all players in that domain [Dr. Abe Baggili]: It’s not just – it’s not a one – it’s not just one entity that plays a role in this [Dr. Abe Baggili]: whole domain – there’s multiple different entities that play a role in this domain, [Dr. Abe Baggili]: and something for you to consider [Dr. Abe Baggili]: So one of the things that we are doing right now is we’re running a needs analysis survey, [Dr. Abe Baggili]: and we have about 91 responses so far, and – so that we can start understanding it’s feel [Dr. Abe Baggili]: So this domain is not old [Dr. Abe Baggili]: It really started coming about about 10, 15 years ago, and I think I was one of the first [Dr. Abe Baggili]: people from my University – from Purdue, where I was at – to actually finish a PhD and really [Dr. Abe Baggili]: focus in that area. And this was not too long ago. I said I was young, I wasn’t lying [Dr. Abe Baggili]: Well, maybe I was. So 2009 [Dr. Abe Baggili]: I was one of the first people to actually get a PhD and focus in that area [Dr. Abe Baggili]: And one of the questions we asked in that survey – and these results are not out, but [Dr. Abe Baggili]: it will be published within the next, probably couple of months, we’re gonna send that out for publication [Dr. Abe Baggili]: So one of the questions we asked was, “Do you think cyber forensics is a formal science?” [Dr. Abe Baggili]: Some people said no, most people said yes [Dr. Abe Baggili]: Then I asked, ‘Do you believe cyber forensics is an engineering discipline?” [Dr. Abe Baggili]: Many people said yes, some people said no [Dr. Abe Baggili]: So let me ask you a question now – what’s the difference between science and engineering? [Audience Member]: I guess science could be, like, the theory and ideology, when engineering’s like the application [Dr. Abe Baggili]: That’s exactly it [Dr. Abe Baggili]: And in digital forensics, as much as we don’t want to admit it, it’s – we’re doing quite [Dr. Abe Baggili]: a bit of applied research, which really fits into this notion of engineering [Dr. Abe Baggili]: But there are also some theories that still need to be formulated that relate to cyber [Dr. Abe Baggili]: forensic science that we still have not achieved [Dr. Abe Baggili]: So there’s still so much that we can do in this area [Dr. Abe Baggili]: There’s – it’s like a brand – think of it as the start of biology – and people are starting [Dr. Abe Baggili]: to discover all this stuff, and there was really no organized corpus of knowledge, and [Dr. Abe Baggili]: all of the sudden now we’re faced with the same dilemma with a new field called cyber forensics [Dr. Abe Baggili]: And it continues to be that way [Dr. Abe Baggili]: That’s something my major adviser Marcus Rogers used to say at Purdue, and it still holds true [Dr. Abe Baggili]: to this day. And there are various different reasons why that’s the case [Dr. Abe Baggili]: Because of funding – that’s one reason why we’re not progressing as much as we should [Dr. Abe Baggili]: So we asked another survey question, we said, “Select up to two categories you believe most [Dr. Abe Baggili]: need an increase in funding”, and which one’s the highest there? Education [Dr. Abe Baggili]: Because we’re really not being funded enough in this area to really make it progress as [Dr. Abe Baggili]: fast as it should, even though no one can argue that we don’t – we need this stuff [Dr. Abe Baggili]: Can anyone argue that companies are not being hacked? [Dr. Abe Baggili]: Can anyone say, “Hey, yeah, that’s an argument” [Dr. Abe Baggili]: No [Dr. Abe Baggili]: Every single day you hear of something happening [Dr. Abe Baggili]: Like how many millions of dollars were stolen from banks just a couple of days ago? [Dr. Abe Baggili]: The Anthem hack. What else was there? [Dr. Abe Baggili]: Kevin you know all this stuff, keep track of it [Kevin]: Home Depot? [Dr. Abe Baggili]: Home Depot. What else? [Kevin]: Ectcetera [Dr. Abe Baggili]: Ectcetera, okay [Dr. Abe Baggili]: And then we said, “Select two categories you believe most need an increase in education [Dr. Abe Baggili]: training certification opportunities” [Dr. Abe Baggili]: And still education was high.Not as high as state police – law enforcement [Dr. Abe Baggili]: But that also goes back to funding [Dr. Abe Baggili]: ‘Cause most law enforcement agencies are not funded enough to be able to handle some of these things [Dr. Abe Baggili]: Alright, so now we get into this dilemma

[Dr. Abe Baggili]: So my job – and all my students do – is they break stuff in lab all day [Dr. Abe Baggili]: For example, Jason here – his project that he published was on the forensics of an Xbox One [Dr. Abe Baggili]: Because criminals can be using an Xbox One to actually conduct criminal investigations [Dr. Abe Baggili]: Our findings were – interesting, because we didn’t find as much as we wanted to, but still [Dr. Abe Baggili]: something we had to do [Dr. Abe Baggili]: A lot of other projects we’re working on [Dr. Abe Baggili]: But if you think about it, by breaking things, and by reverse engineering things, and by [Dr. Abe Baggili]: understanding how they work, we’re also understanding how to violate you’re privacy in one form or another [Dr. Abe Baggili]: So there’s a fine line there, right? [Dr. Abe Baggili]: So if I’m a bad person, I could use what I know to do bad things to you, and therefore I should not [Dr. Abe Baggili]: But my purpose inherently is to discover evidence, it’s not to invade you’re privacy [Dr. Abe Baggili]: So now you get into this dilemma that people don’t like [Dr. Abe Baggili]: It’s almost, in some ways – in some ways, not 100%, because I have my own views on that [Dr. Abe Baggili]: – similar to how there are agencies that are collecting data about you all the time [Dr. Abe Baggili]: They are – are they violating you’re privacy? [Dr. Abe Baggili]: Yes [Dr. Abe Baggili]: But might they use that for a certain situation in order to curb what something bad might happen? [Dr. Abe Baggili]: Yes [Dr. Abe Baggili]: But that’s another discussion, because there are so many issues with massive data collection [Dr. Abe Baggili]: that we’re not getting – get into this specific talk [Dr. Abe Baggili]: So that’s kind of the thing [Dr. Abe Baggili]: And not only do we focus on retrieving evidence, but we focus on retrieving deleted stuff [Dr. Abe Baggili]: ‘Cause that’s kind of the key there [Dr. Abe Baggili]: You delete a file from your computer – who thinks its really deleted? [Dr. Abe Baggili]: Put your hand up if you think that when you delete something its deleted [Dr. Abe Baggili]: Nobody? [Dr. Abe Baggili]: It’s not. It’s not really deleted. We can get it back [Dr. Abe Baggili]: We can get it back from your mobile phone, we can get it back from your smartwatch, [Dr. Abe Baggili]: we can get it back from your hard drive, we can get it back from your laptop, okay [Dr. Abe Baggili]: So next time you think that you have something and you want to delete it, just keep in mind [Dr. Abe Baggili]: we’ll get it back. We’ll find a way. ‘Cause that’s what we do [Dr. Abe Baggili]: And the way you apply the techniques within our domain is also – they also have a context [Dr. Abe Baggili]: What do I mean by that? [Dr. Abe Baggili]: Well, if you’re looking at law enforcement, their primary objective is persecution, right [Dr. Abe Baggili]: Something bad happened, we want to take someone to court, let’s find the evidence [Dr. Abe Baggili]: Military operations is not the same. Even though – their major objective is, ‘Let’s continue our operations’ [Dr. Abe Baggili]: ‘Cause what happens if their operations stop? [Dr. Abe Baggili]: What happens if the missile control systems are stopped? [Dr. Abe Baggili]: Your not interested to know? [Dr. Abe Baggili]: Think about it, what would happen? [Dr. Abe Baggili]: just did an attack and they stop your missile operations, and now they can [Dr. Abe Baggili]: control them remotely. Yup [Audience Member]: It’s a state of weakness [Dr. Abe Baggili]: Only a state of weakness? It’s a state of chaos, alright. Think about that. Stay awake [Dr. Abe Baggili]: Their secondary objective is prosecution, and the environment they work in is real time [Dr. Abe Baggili]: They cannot afford to wait ten days – which is pretty much what law enforcement has to [Dr. Abe Baggili]: do, and they wait for more then ten days [Dr. Abe Baggili]: I’ve been in different countries, spoken at different conferences, met with different [Dr. Abe Baggili]: police departments, and when it comes to digital forensics – computer forensics in specific [Dr. Abe Baggili]: – some labs are backlogged up to five years. Five years [Dr. Abe Baggili]: They get a case, they have to wait five years until they get to it [Dr. Abe Baggili]: Yeah. ‘Cause think about your hard drive. Compare your hard drive to a house [Dr. Abe Baggili]: If you go into a house, you have how many rooms you can look into? [Audience Member]: Dozen? [Dr. Abe Baggili]: I don’t know, are you a billionaire and you have a million rooms? Okay [Dr. Abe Baggili]: Think about your dorm room, or think about something small – ‘Cause that’s kind of what [Dr. Abe Baggili]: your house is compared to a hard drive. A hard drive has thousands of folders [Dr. Abe Baggili]: So our job is to actually automate that process as well, which we’ll touch on in a second [Dr. Abe Baggili]: And then there’s business and industry, and I always give this example – what happens [Dr. Abe Baggili]: if Amazon goes down for two hours? [Dr. Abe Baggili]: I know what happens to you, what happens to them? [Audience Member]: Well you’re talking revenue, but you’re also talking all the services that they host,

[Audience Member]: so when they have the hosting services and cloud services going down, the impact goes [Audience Member]: to education, companies – anyone that’s using that service loses functionality [Dr. Abe Baggili]: Right. But let’s just – if we just focus on buying a book – just like – that’s just – let’s just focus on that, right [Dr. Abe Baggili]: How much revenue will they lose if it goes down for two hours? [Dr. Abe Baggili]: ‘Cause how much sales does – do you think Amazon does within two hours? Probably quite a bit, right [Dr. Abe Baggili]: They don’t want to lose money [Dr. Abe Baggili]: So, again, they’re similar to the military in some ways – they have to operate in real time [Dr. Abe Baggili]: They cannot wait for you to take their servers offline, get – start investigating [Dr. Abe Baggili]: They’ll be like, ‘No, can’t do that, we need to make our money. That’s important” [Dr. Abe Baggili]: So the traditional model – which is what we call computer forensics – is let’s take the [Dr. Abe Baggili]: hard drive out, make a copy, make sure that we don’t contaminate the original evidence, [Dr. Abe Baggili]: and then we work on the copy. We don’t work on the original [Dr. Abe Baggili]: And there are assumptions there – was your computer off when we got there? [Dr. Abe Baggili]: Was your computer on? [Dr. Abe Baggili]: ‘Cause if your computer’s on, now we have RAM, which is basically memory that’s in the [Dr. Abe Baggili]: background, and when you turn your computer off, RAM is gone – not really [Dr. Abe Baggili]: It’s still there for a little bit, and it also depends on the RAM chips you’re using [Dr. Abe Baggili]: There’s so many ‘ifs’ and ‘ifs’ and ‘ifs’ and ‘ifs’ [Dr. Abe Baggili]: So the traditional model is get the computer off, unplug it, get the hard drive out, let’s [Dr. Abe Baggili]: acquire the evidence, make a copy – let’s start analyzing the copy [Dr. Abe Baggili]: So it’s a tedious process. And there’s three “A’s”. The three “A’s” are – and all my students know them, right? [Dr. Abe Baggili]: You should know the three “A’s”. You know the three “A’s”? You forgot them? Are they there? [Dr. Abe Baggili]: Acquire, authenticate, analyze [Dr. Abe Baggili]: You acquire the evidence, you authenticate it and make sure that nothing is changed, [Dr. Abe Baggili]: and you analyze it. Alright, so where can we get data from? [Dr. Abe Baggili]: Does anyone know where the computer is in this picture? [Audience Member]: Can’t see it very well. There’s a monitor, there’s a printer [Dr. Abe Baggili]: So where’s the computer? It’s the guitar. Does anyone know what this is? [Dr. Abe Baggili]: That’s a home-built wireless access point [Dr. Abe Baggili]: This old Atari has been converted into a computer with a CD-ROM drive [Dr. Abe Baggili]: This sushi is not really sushi obviously, right? [Dr. Abe Baggili]: If you want to eat it, feel free to do so, but I wouldn’t advise [Dr. Abe Baggili]: This bathroom stool is a computer. You don’t sound excited. Or you don’t look excited [Dr. Abe Baggili]: Don’t you want to sit down on a stool, work, you know. Okay [Dr. Abe Baggili]: I wouldn’t do that, but something for you to think about [Dr. Abe Baggili]: That’s why we have cell phones, it’s easier, right [Dr. Abe Baggili]: So who was telling me – Oh, you were telling me you play games while you’re in the bathroom [Dr. Abe Baggili]: Who does – does anyone play games while they’re in their bathroom? [Dr. Abe Baggili]: No? Okay [Dr. Abe Baggili]: I mean games on the – that’s the kind game I was taking about. Alright [Dr. Abe Baggili]: And then you have this picture. Where’s the computer here? [Dr. Abe Baggili]: The Super Nintendo is the computer [Dr. Abe Baggili]: Chips, Fit Bits, phones, applications, gaming devices, Smart TVs [Dr. Abe Baggili]: This is a computer right here as well [Dr. Abe Baggili]: It’s been embedded into that small TV [Dr. Abe Baggili]: Yes? [Audience Member]: This is all stuff that’s just been modified by some individual just to hide what you’re – ? [Dr. Abe Baggili]: These are examples of non-traditional devices, but this is not, this is just a Fit Bit, right? [Dr. Abe Baggili]: This is just a chip, this is the cloud. So what’s the cloud? You want to talk about what the cloud is? [Dr. Abe Baggili]: Now does anyone know what the cloud is – put your hand up if you know what the cloud is [Dr. Abe Baggili]: Okay, nobody knows what the cloud is. I disagree, okay [Dr. Abe Baggili]: There’s so many definitions as to what a cloud is, there’s no defined – in fact I ran a whole [Dr. Abe Baggili]: survey just to understand what people’s definition of the cloud is, and that’s another discussion [Dr. Abe Baggili]: that we can have, alright. You can get close, but you can’t really get the whole picture [Dr. Abe Baggili]: That’s a computer. The point is, you can get data from a lot of things. Not just one thing, a lot of things, alright [Dr. Abe Baggili]: Think about you – who has at least two or three electronic devices? [Dr. Abe Baggili]: Put your hand up [Dr. Abe Baggili]: Who has four? [Dr. Abe Baggili]: Only – alright – [Audience Member]: You expect me to count them? [Dr. Abe Baggili]: Really only – come on, think about this one more time – who has four? Put your hand up if you have four

[Dr. Abe Baggili]: Alright, you don’t have your hand up, I’m gonna ask you a question – you have a cell phone? [Audience Member]: Me? [Dr. Abe Baggili]: Yeah [Audience Member]: Yeah [Dr. Abe Baggili]: Do you have a TV? [Audience Member]: Yeah [Dr. Abe Baggili]: Do you have a smart watch? [Audience Member]: No [Dr. Abe Baggili]: Do you have – let’s see – a Fit Bit? [Audience Member]: No [Dr. Abe Baggili]: Do you have – we’re gonna get there – do you have any gaming device whatsoever? [Audience Member]: I don’t really like technology, so – [Dr. Abe Baggili]: It doesn’t matter whether you like technology or not – do you have a car? [Audience Member]: Yeah [Dr. Abe Baggili]: Do you have a GPS system? [Audience Member]: No [Dr. Abe Baggili]: Okay – there’s no GPS system in your car? [Audience Member]: No [Dr. Abe Baggili]: Do you have a sound system? [Audience Member]: Yeah [Dr. Abe Baggili]: Okay – we have to get one more – we have to get one more [Dr. Abe Baggili]: We – we have to think together, come on, help me, help me. We have two do far. Do you have a laptop? [Audience Member]: Yeah [Dr. Abe Baggili]: You have a desktop? [Audience Member]: No [Dr. Abe Baggili]: Okay, so that’s three. We have to get one more. Ipod? [Audience Member]: No [Dr. Abe Baggili]: You didn’t own one before? Mp3 player? [Audience Member]: No [Dr. Abe Baggili]: USB stick? [Audience Member]: Yeah [Dr. Abe Baggili]: Okay, that’s four. We had to get four. I wasn’t gonna stop until I got four. Alright [Audience Member]: You gonna count my dishwasher? [Dr. Abe Baggili]: It – yeah, sometimes, if you can connect like smart dishwashers. Are they becoming smart? I don’t know [Dr. Abe Baggili]: Are dishwashers smart now? Does anyone have Google glass? No? [Dr. Abe Baggili]: Okay, good, ’cause it’s dead. Right now. It will be resurrected at some point in the future [Dr. Abe Baggili]: But the point is, cyber forensics has many different sub areas, and really – if you’re [Dr. Abe Baggili]: interested in the domain as a student, you can actually focus on it from different perspectives [Dr. Abe Baggili]: And that’s something for you to keep in mind. You can do network forensics [Dr. Abe Baggili]: You can do small scale digital device forensics, which is basically mobile phones, USBs, anything [Dr. Abe Baggili]: that can fit into your pocket. MalWare forensics [Dr. Abe Baggili]: You can do email forensics, memory forensics, cloud forensics, computer forensics, text [Dr. Abe Baggili]: forensics, social media forensics, hashing techniques – which is basically – we’ll touch [Dr. Abe Baggili]: on this in a second – forensic psychology as it applied to cyber criminology. Criminology as it applied to the digital world [Dr. Abe Baggili]: All of these things are really part of this big domain, it’s not just the one – it’s not [Dr. Abe Baggili]: just technical, it’s technical and more, alright [Dr. Abe Baggili]: Because when you’re investigating something, you’re not just investigating the system, [Dr. Abe Baggili]: you’re investigating the people behind the system as well [Dr. Abe Baggili]: And you’ve gotta keep that in the back of your mind [Dr. Abe Baggili]: You can profile people from their social media. That’s possible [Dr. Abe Baggili]: We can try and get a better picture of what kind of person you are [Dr. Abe Baggili]: So where are we now in this domain? [Dr. Abe Baggili]: Well the state of the art and acquisition, which is basically making a copy of the hard [Dr. Abe Baggili]: drive, it takes about 400 – 400 gigabytes take about 2.5 hours to 3 hours – 400 gigs [Dr. Abe Baggili]: Who has a hard drive in here that’s larger than 400 gigs? Put your hand up. Most of us [Dr. Abe Baggili]: Some of you might not know, ’cause you might be asleep right now, but you shouldn’t be [Dr. Abe Baggili]: State of the art analysis – many labs are backlogged two to three years, sometimes up to five years [Dr. Abe Baggili]: State of the art in Malware forensic tools – not much there, we’re trying to change that [Dr. Abe Baggili]: Mike is one of our students, and he’s working really hard to change that [Dr. Abe Baggili]: We have a tool kit that he’s developed and he continues to develop, and every day he [Dr. Abe Baggili]: comes to me, he’s like, “Check out these results Abe”, I’m like, “yeah, we’ve got to get better results” [Dr. Abe Baggili]: You gotta get better results [Dr. Abe Baggili]: So he’s sitting down there laughing, he doesn’t – I don’t know if he likes it or he doesn’t, [Dr. Abe Baggili]: but we’ll find that out in the future. Memory forensics – how do you analyze the memory of the system? [Dr. Abe Baggili]: Remember when you get to the computer, the things that are on the screen, which is what’s [Dr. Abe Baggili]: on the screen right now – sometimes there’s nothing on the disc, sometimes you need the [Dr. Abe Baggili]: data from the memory [Dr. Abe Baggili]: It could be something as simple as a child molester sending a message to a girl on some [Dr. Abe Baggili]: instant messaging program and – boom [Dr. Abe Baggili]: Now you know where that person is, you know where they’re going, you know what the name [Dr. Abe Baggili]: of the girl is – or boy for that matter – something to consider [Dr. Abe Baggili]: The state of automation. Not much there. Can you automate some of these processes? [Dr. Abe Baggili]: You know, as computer scientists, we’re lazy people. We are [Dr. Abe Baggili]: Every time we see something we’re like, “I can do this better because I can automate it [Dr. Abe Baggili]: I can just click a button and it’ll do it for me”. Yes? No? [Dr. Abe Baggili]: Who agrees with me? Yeah. Alice is like, yeah. Okay. That’s something [Dr. Abe Baggili]: Laziness drives innovation, believe it or not. It can drive innovation [Dr. Abe Baggili]: If you can find a way to make something easier for you, that’s innovative [Dr. Abe Baggili]: That’s pretty much what we do all day, is we find a way to make things easier for us [Dr. Abe Baggili]: But it’s hard when you want to automate the digital forensics process because you can’t

[Dr. Abe Baggili]: totally remove the human element out of it [Dr. Abe Baggili]: But sometimes, maybe, there are ways to do that [Dr. Abe Baggili]: State of the art integrating with social sciences. Not much there as well [Dr. Abe Baggili]: Again, psychology, sociology, criminology – all of these disciplines have to feed into [Dr. Abe Baggili]: this area because we are talking about people at the end of the day, not just systems [Dr. Abe Baggili]: And then we have this idea of triage. Does anyone know what triage is? [Dr. Abe Baggili]: Put your hand up if you’ve heard of the word triage [Dr. Abe Baggili]: You’ve heard of triage? [Dr. Abe Baggili]: Yeah? No? Triage? Triage? Triage? Triage? No? [Dr. Abe Baggili]: Have you ever been to the hospital, and they did a quick checkup on you to see if you should [Dr. Abe Baggili]: be admitted? Has that ever happened to you? No? [Dr. Abe Baggili]: Come on, help me out here. Speak [Alice]: All you have to do is have blood running and the triage puts you first in line [Alice]: If you don’t have blood running, you get last in line [Dr. Abe Baggili]: So according to Alice, just cut yourself and go to the hospital [Dr. Abe Baggili]: But triage actually is a French word and it really means sorting [Dr. Abe Baggili]: And it came about – they attribute it to Baron Dominique Jean Larrey, whose a chief surgeon with Napoleon’s imperial guard [Dr. Abe Baggili]: And back then they had these wars, people would come in, and some of them might be, [Dr. Abe Baggili]: I don’t know, shot or their hand would be cut off – maybe they can treat that person [Dr. Abe Baggili]: – some other person might have something really bad that they can’t really treat them, they [Dr. Abe Baggili]: know, pretty much, that this person’s gonna die – but they were treating everyone equally [Dr. Abe Baggili]: Every case was given the same priority, right [Dr. Abe Baggili]: So sometimes you’d be working on a case, and you pretty much know this person might die, [Dr. Abe Baggili]: but then you’re like – “Yeah, by the time you get to this other person you could’ve [Dr. Abe Baggili]: helped, they’re about to die as well”. That’s not good, right? [Dr. Abe Baggili]: So what they came up with is this concept called triage – let’s prioritize people as [Dr. Abe Baggili]: they come in in the medical world [Dr. Abe Baggili]: And that’s sort of the thing that became popular in digital forensics [Dr. Abe Baggili]: Well, what if we can examine the system on the scene to see if it’s worth taking back [Dr. Abe Baggili]: in the first place – since we’re backlogged by up to five years [Dr. Abe Baggili]: So there’s some process improvement there [Dr. Abe Baggili]: And that’s something that basically happened in our domain, and people started trying to [Dr. Abe Baggili]: develop triage tools.In fact, I partnered up with a company in the United Kingdom, [Dr. Abe Baggili]: and we actually built a triage tool, and it was really cool [Dr. Abe Baggili]: Some people use it, some people don’t, but I still think it’s pretty cool [Dr. Abe Baggili]: Improvement two is memory forensics [Dr. Abe Baggili]: Again I said, the old-school way of doing things is unplug the machine [Dr. Abe Baggili]: Now they’re like, ‘wait, maybe there’s something in memory that we should investigate [Dr. Abe Baggili]: Improvement three, file system forensics [Dr. Abe Baggili]: We pretty much understand file systems, which is basically the way things are organized [Dr. Abe Baggili]: on a hard drive or on a storage medium [Dr. Abe Baggili]: Very similar to the dewy decimal system, and how books are stored in the library [Dr. Abe Baggili]: Because in computers, you have the operating system, and then you have the file system, [Dr. Abe Baggili]: which is installed before the operating system [Dr. Abe Baggili]: The file system is basically how things are organized on the disk [Dr. Abe Baggili]: The operating system interacts with the file system to ask it for files [Dr. Abe Baggili]: So when you delete a file, you’re not really deleting a file, you’re deleting an index to that file [Dr. Abe Baggili]: If you open a book, you see an index in the book, right? [Dr. Abe Baggili]: This – I don’t know – this topic is on this page number [Dr. Abe Baggili]: If you remove that, you no longer know where that file is – or where that page is in the book [Dr. Abe Baggili]: That’s pretty much what’s happening when you delete a file. It’s still there [Dr. Abe Baggili]: And a lot of these tools are open source now, so many people can use them for free [Dr. Abe Baggili]: Rise of research and education [Dr. Abe Baggili]: More people are beginning to conduct research in this domain, but to do really good research, you need more money [Dr. Abe Baggili]: And if we don’t have enough funding, we can’t continue to do really awesome research [Dr. Abe Baggili]: Improvement five, which one of the major experts in similarity matching is actually at UNH, [Dr. Abe Baggili]: Dr. Frank Breitinger, who is not with us today – whose doing something else [Dr. Abe Baggili]: Basically, the big idea here is – we were talking about improving the process of an [Dr. Abe Baggili]: investigation, and I said that there could be many, many files on a computer system, right? [Dr. Abe Baggili]: So one of the things they devised is they created algorithms, which were actually used [Dr. Abe Baggili]: for cryptography, they’re called cryptographic hashes [Dr. Abe Baggili]: You take this algorithm, this formula, and you give it a file, or you give it any data, [Dr. Abe Baggili]: and it spits out a signature – and if you store this signature – a good example of that [Dr. Abe Baggili]: would be child pornography pictures

[Dr. Abe Baggili]: When you’re investigating child pornography pictures on a computer system, you really [Dr. Abe Baggili]: don’t want to see the child pornography photos, right? [Dr. Abe Baggili]: Because that’s illegal [Dr. Abe Baggili]: So what you do is you have a database of all these signatures, and if you find one signature [Dr. Abe Baggili]: that matches that file on the system, then you know that there’s actually child pornography on this system [Dr. Abe Baggili]: The problem with that is, if you change one bit in the file, then that signature changes [Dr. Abe Baggili]: If you change one very small thing in that file – boom – that signature no longer works [Dr. Abe Baggili]: And that’s why we devise something called similarity matching, or approximate matching [Dr. Abe Baggili]: The idea now is not to find the exact same match, but to find similar matches [Dr. Abe Baggili]: And that’s a big improvement for us [Dr. Abe Baggili]: So even though there are some improvements, there’s so much more that we can do [Dr. Abe Baggili]: There’s so much more still to be done in this domain [Dr. Abe Baggili]: And here are some challenges that – that exist, and that will continue to exist [Dr. Abe Baggili]: One’s encryption [Dr. Abe Baggili]: The more things become encrypted, the harder it is for us to crack that encryption, and [Dr. Abe Baggili]: the harder it is for us to get the data – or the evidence [Dr. Abe Baggili]: Lack of truly multidisciplinary initiatives [Dr. Abe Baggili]: People are not working together on issues – as I explained – that relate to psychology [Dr. Abe Baggili]: or social sciences, that relate to cyber criminology [Dr. Abe Baggili]: There’s not enough of that being done [Dr. Abe Baggili]: And we have to do more of that, because we have to understand the human beings [Dr. Abe Baggili]: We have to understand the ethical dimensions as it relates to digital forensics [Dr. Abe Baggili]: The authenticity of the data [Dr. Abe Baggili]: How can you prove that the data is authentic – that’s an interesting question [Dr. Abe Baggili]: And as things start changing, the old techniques we use will not – will no longer become applicable [Dr. Abe Baggili]: Cloud computing [Dr. Abe Baggili]: Now, when you’re storing data on your phone, you’re not just storing it on your phone, [Dr. Abe Baggili]: you’re storing it somewhere where you don’t know where it’s at [Dr. Abe Baggili]: Does anyone use DropBox here? Okay [Dr. Abe Baggili]: Keep your hand up if you use DropBox. Just keep your hand up, keep your hand up [Dr. Abe Baggili]: Do you know where the servers are? Do you know where the servers are? [Dr. Abe Baggili]: Do you know where the servers are? Do you know where the servers are? [Dr. Abe Baggili]: Keep your hand up. No? [Dr. Abe Baggili]: Does anyone know where the DropBox servers are? Alright, so you’re storing data in a [Dr. Abe Baggili]: place where you don’t know where it’s located [Dr. Abe Baggili]: Interesting dilemma [Dr. Abe Baggili]: And it’s not only a technical issue – it’s also a legal issue [Dr. Abe Baggili]: Because now if I’m investigating data that was stored in Russia, it’s a completely different [Dr. Abe Baggili]: jurisdiction than in the United States – how do I deal with that? [Dr. Abe Baggili]: Remember, forensics is law plus science [Dr. Abe Baggili]: If there’s no law in science, then there’s no forensics. Technology keeps changing [Dr. Abe Baggili]: There’s a lack of strong research base [Dr. Abe Baggili]: There’s a lack of a common body of knowledge [Dr. Abe Baggili]: There’s proprietary systems, there’s lack of training and education, there’s no golden [Dr. Abe Baggili]: standard for certification. There are problems with error rates. Yes [Audience Member]: In a situation like that where, say something is stored in somewhere like Russia – are you [Audience Member]: able to reach out and communicate with them, or is it just a done deal? [Dr. Abe Baggili]: It depends. Are they willing to communicate with you? [Audience Member]: Well, like is that usually an option? Like will you make an attempt to reach out? [Dr. Abe Baggili]: Of course. You can always try. It doesn’t mean it’s gonna work out, you know [Dr. Abe Baggili]: And now with the whole Apple situation, Apple pretty much said – on many levels – you know, [Dr. Abe Baggili]: our devices are blocked [Dr. Abe Baggili]: How true that is is another story, but that’s pretty much what they’re saying. I don’t know if – [Alice]: If you reach out to a company in Russia to get the data, they could [Alice]: report the data to you, or they could falsify it – how are you gonna know? [Dr. Abe Baggili]: That’s a possibility. And then you have error rates in testing [Dr. Abe Baggili]: If you actually get into the admissibility of evidence rules, one of the main things is error rates [Dr. Abe Baggili]: Do you know that the method that you’re extracting – to actually extract the evidence is [Dr. Abe Baggili]: 100% proof? 90% proof? 80% proof? And how do you measure that? [Dr. Abe Baggili]: That’s a big problem [Dr. Abe Baggili]: Probably in all forensics sciences, but mostly in out field right now that we need to focus on [Dr. Abe Baggili]: Lack of standards, the volume of data, the lack of open-source tools in mobile forensics especially [Dr. Abe Baggili]: They pretty much are non-existent [Dr. Abe Baggili]: There’s maybe a couple of things here and there that you could use [Dr. Abe Baggili]: Lack of a unified artifact language, which we’re working on [Dr. Abe Baggili]: We have a grant to work on that, and we have the two folks responsible for building that [Dr. Abe Baggili]: are right here, you can talk to them afterwards [Dr. Abe Baggili]: But we’re calling it the artifact genome project. What’s an artifact? [Dr. Abe Baggili]: It’s something that’s left on the system or a computer or a hard drive, or a mobile phone [Dr. Abe Baggili]: that can signify that there was an action that was taken of some sort [Dr. Abe Baggili]: So it’s like an evidence that’s left behind. That’s pretty much what it is

[Dr. Abe Baggili]: So you installed software and you used Google Maps [Dr. Abe Baggili]: The artifact from Google Maps that we can extrapolate is an example of an artifact [Dr. Abe Baggili]: Like your location, the date and time you went, the – where you – yeah, why are you [Dr. Abe Baggili]: laughing, that’s your thesis. You gotta do that [Dr. Abe Baggili]: Process automation. Machine learning. Does anyone know what machine learning is? [Dr. Abe Baggili]: Mike, do you know what machine learning is? What’s machine learning? [Mike]: Trying to use machine learning stuff [Dr. Abe Baggili]: Trying to use machine learning stuff [Dr. Abe Baggili]: Mike does machine learning every single day, he’s been doing that for the past two months [Dr. Abe Baggili]: One of the things we’re doing is we’re trying to develop artificial intelligence techniques [Dr. Abe Baggili]: where we give it an android application and it says, “this is malicious” or “this is benign” [Dr. Abe Baggili]: And you can only do that with algorithms, with machine learning [Dr. Abe Baggili]: So you train the system – and the certain example that we’re doing – we’re creating [Dr. Abe Baggili]: a classifier that can classify an application as either benign or malicious [Dr. Abe Baggili]: Moving from postmortem to real time [Dr. Abe Baggili]: So the whole idea of forensics has been, for quite some time, let’s investigate after something happens [Dr. Abe Baggili]: But what if we can find out what’s happening in real time? [Dr. Abe Baggili]: It’s an interesting question [Dr. Abe Baggili]: And we’re actually working on something with SAIG University, which is the University [Dr. Abe Baggili]: I was at when they [unrecognizable speech] – we have a grant where we created an agent that can go on your system that can [Dr. Abe Baggili]: log everything that’s happening on your computer [Dr. Abe Baggili]: Do you see where I’m going with that? Yes? [Audience Member]: Wouldn’t that cause a privacy issue? [Dr. Abe Baggili]: Right. We’re doing that for research purposes right now [Dr. Abe Baggili]: So when we’re logging the data, we get data, and then we can analyze the data and then [Dr. Abe Baggili]: find behaviors that look weird [Dr. Abe Baggili]: And if you find those behaviors from the data, then we can start saying, “Hey there’s something [Dr. Abe Baggili]: – there’s an anomaly here. We should investigate that” [Dr. Abe Baggili]: And if we can do that in real time that’s really good. Okay [Dr. Abe Baggili]: It doesn’t mean that that agent can’t be installed on the work computer when you graduate at your company [Dr. Abe Baggili]: So you’re talking about privacy issues as they relate to you as a person – when you [Dr. Abe Baggili]: work in a company, there is no privacy [Dr. Abe Baggili]: Don’t expect them not to save everything that you’re doing on every single computer system [Dr. Abe Baggili]: that’s given to you, or mobile phone or whatever it is [Dr. Abe Baggili]: So if you want to have a private life, get another phone and another laptop and don’t [Dr. Abe Baggili]: use your work phone and your work laptop for the same purposes as your personal life [Dr. Abe Baggili]: Try not to do that. Alright [Dr. Abe Baggili]: Here are some projects that we have in the pipeline and that we’re – that we’re trying to push out [Dr. Abe Baggili]: We’re trying to work on ways to create skeletal images [Dr. Abe Baggili]: Rather than take an exact copy of the hard drive, can we actually find a way to get the [Dr. Abe Baggili]: important parts? That’s something we’re trying to do [Dr. Abe Baggili]: We’re trying to create a tool kit that enables investigators to analyze android malware right now [Dr. Abe Baggili]: We’re trying to create – hopefully in the future, which we haven’t started enough of [Dr. Abe Baggili]: that – open source tool kits for doing mobile phone forensic analysis [Dr. Abe Baggili]: We’re trying to do – there’s this thing called natural language processing, which is processing [Dr. Abe Baggili]: text and processing language, so you can get more things – or you can profile a person [Dr. Abe Baggili]: based on the words that they’re using, for example, in an email – there’s something called authorship attribution [Dr. Abe Baggili]: By getting your emails, I can actually write an algorithm that goes through your emails [Dr. Abe Baggili]: and learns the way that you write as a person – and therefore, when you write something [Dr. Abe Baggili]: else, I can compare it to what we already know, using computer programming, and then [Dr. Abe Baggili]: I can say, “There’s a 99% chance that you were the one that actually wrote this” [Dr. Abe Baggili]: And that is powerful in so many ways [Dr. Abe Baggili]: Needs analysis surveys, and I showed you a little bit of results from our surveys [Dr. Abe Baggili]: Distributed file system forensics – that’s changing [Dr. Abe Baggili]: Basically – right now a file system resides on one computer, but file systems are becoming [Dr. Abe Baggili]: distributed amongst different computers. So now we’re dealing with yet another layer of problems [Dr. Abe Baggili]: So here are some more research ideas [Dr. Abe Baggili]: If you’re really interested in doing more things that are technical as it relates to [Dr. Abe Baggili]: this field, do some unusual device forensics [Dr. Abe Baggili]: Take the recei – the At&T receiver, brake it apart, see if you can get data out of it [Dr. Abe Baggili]: Smart TVs, smart watches, gaming devices – ISP wireless routers [Dr. Abe Baggili]: Okay one of my students was going to work on a project – which somebody did something [Dr. Abe Baggili]: similar – where – it’s a robot that walks around, finds wireless networks, hacks it

[Dr. Abe Baggili]: on its own, and then displays the password to you. Could be fun. Stop smiling, that was you [Dr. Abe Baggili]: Ways of finding evidence quickly. That another thing that we really need to start doing [Dr. Abe Baggili]: So perhaps we should use statistical sampling models in order to do that [Dr. Abe Baggili]: So what we’ve accomplished over the last 1.25 years – here’s some of the stuff we’ve been able to do [Dr. Abe Baggili]: We’ve done Xbox One forensics, android malware forensics toolkit, we did a process model [Dr. Abe Baggili]: as it related to privacy, we have the AGP, the android genome project, we created a toolkit [Dr. Abe Baggili]: for forensically analyzing an iPhone, we did blackberry playboy forensic – blackberry playbook [Dr. Abe Baggili]: forensics, not playboy – using – using similarity matching on network traffic [Dr. Abe Baggili]: So one of the techniques we presented, which we – which was really authored by Frank Breitinger [Dr. Abe Baggili]: who is, again, not here – he was the lead author on this – and he came up with a technique [Dr. Abe Baggili]: in order to detect files that are being sent on the network, which could be really useful [Dr. Abe Baggili]: in data leakage prevention [Dr. Abe Baggili]: So in the Snowden case, if data was being sent over the network and you had very private [Dr. Abe Baggili]: data that should not have left that network, we have a technique of detecting that [Dr. Abe Baggili]: Forensics 20/20 triage, which is the triage tool I talked about – banking applications [Dr. Abe Baggili]: security quantification, catrecord, which is the agent I spoke about in terms of it [Dr. Abe Baggili]: collecting data on your computer, ChatON forensics which is a program that’s used for chatting on [Dr. Abe Baggili]: Samsung phones, or web private browsing forensics [Dr. Abe Baggili]: So you can actually download Orweb on your mobile phone, and what that does is that – it [Dr. Abe Baggili]: anonymizes your network traffic [Dr. Abe Baggili]: Can we get data from your phone that signifies the website you actually visited and the answer is yes [Dr. Abe Baggili]: Cyber crime censorship perception and bypassing controls – and this is a very social scientific [Dr. Abe Baggili]: study that I ran not too long ago – cloud forensic survey, Amazon Kindle Fire HD forensics, [Dr. Abe Baggili]: and there’s a lot more in the pipeline on what we’re working on [Dr. Abe Baggili]: So what’s, you know, what’s happening in terms of what’s going to happen in this domain? [Dr. Abe Baggili]: Well that’s really – a subject that we could talk about for hours, but the main thing is [Dr. Abe Baggili]: research, innovation. I recently wrote an article on LinkedIn which I’ve gotten a lot of interesting feedback [Dr. Abe Baggili]: from multiple different academics on, and I believe the title was, “Scholarship Drives Learning, [Dr. Abe Baggili]: and it’s Not the Other Way Around”, okay [Dr. Abe Baggili]: If I sit in a classroom and read the lecture slides in front of you – which is sort of [Dr. Abe Baggili]: what I did right now – okay – are you learning anything? We can debate that [Dr. Abe Baggili]: But if you actually work on a research project with me, and you try to innovate and create [Dr. Abe Baggili]: new knowledge where you really learn something – compare both learning – I mean compare both models [Dr. Abe Baggili]: In order for you to learn and really learn, you have to think outside of the box, you [Dr. Abe Baggili]: have to conduct research, you have to. You have to teach yourself new things [Dr. Abe Baggili]: You have to sit down in the lab, break things, play with things – and that’s really the major [Dr. Abe Baggili]: case in anything that you do as it applied in your life [Dr. Abe Baggili]: Even if you go out and you work in a company and you want to improve their system, [Dr. Abe Baggili]: you have to sit down and do research on your own [Dr. Abe Baggili]: That’s just the name of the game, no matter what field you’re in. That’s just the name of the game [Dr. Abe Baggili]: So love is all you need – false – all you need is science. And art [Dr. Abe Baggili]: I’m quite – I love art as well, because – and I’m gonna end with this – there is no good science without good art [Dr. Abe Baggili]: You have to be artistic in your mindset and think outside of the box to create good science, [Dr. Abe Baggili]: and that’s really what’s gonna push this field forward and hopefully – maybe, if I inspired [Dr. Abe Baggili]: at least one of you today – or two of you, or three of you – to want to pursue this area [Dr. Abe Baggili]: – it’s an open marketplace for you. You can do so much with it. Thank you for coming [Audience Member]: Does anybody have any questions? [Dr. Abe Baggili]: Yup [Audience Member]: I have a question. So when you’re teaching people to do these various things to protect or, more to investigate

[Audience Member]: forms of cyber battery, how do you avoid teaching students to be unethical? [Audience Member]: I mean you’re giving them all the tools to go out and be a snoop, right, so how do you [Audience Member]: also teach the – you know, how do you avoid accidentally training the next, you know, [inaudible name]? [Dr. Abe Baggili]: So can I answer your question with a question? [Audience Member]: I don’t know [Dr. Abe Baggili]: Alright. How do you avoid teaching – well let’s say you’re a medical doctor, right, and you’re [Dr. Abe Baggili]: going through med school – how can you make sure that that medical doctor when they graduate [Dr. Abe Baggili]: is not gonna go out and rip someone’s kidney out and sell it on the black market? [Audience Member]: Because there are all kinds of systems that prevent – and in all professional training [Audience Member]: which I’m aware – there are professional systems that prevent people from being able to function [Audience Member]: in any kind of coordinated way [Audience Member]: I mean like, yeah you could probably teach somebody to take out – [Alice]: Can I also add a piece to his answer? [Audience Member]: Yeah [Alice]: We don’t teach courses, we teach a curriculum [Dr. Abe Baggili]: But with that – [Alice]: He’s teaching an elective course which I think is really important, and I put my students into it [Alice]: I’m teaching the required course, and it’s a professional ethics course [Dr. Abe Baggili]: So – so that’s another thing I wanted to say is within the courses that I actually teach, [Dr. Abe Baggili]: I always remind the students that you should be doing this for the greater good, obviously [Dr. Abe Baggili]: – but is there a way that you can 100% say that what I’m teaching you is not gonna be used in a bad way? [Dr. Abe Baggili]: No. And in certain courses what I’ve done is I actually have the students sign a paper that [Dr. Abe Baggili]: says, ‘hey, you know, I’m learning this stuff’ – and especially when I used to teach the [Dr. Abe Baggili]: ethical hacking course – [figured quotations] ethical hacking and – which my students ended [Dr. Abe Baggili]: up hacking me, and I don’t – we can talk about that later – but they – . You know, I had [Dr. Abe Baggili]: them sign a paper saying, ‘you’re not gonna do this for anything bad – and if you do do [Dr. Abe Baggili]: it for something bad if the future, it’s not my responsibility’ – in one form or another, so [Dr. Abe Baggili]: But that’s a very good question and, in fact, recently the University of Alabama is actually [Dr. Abe Baggili]: putting on a conference that’s sponsored by NSF on professional ethics in digital forensics, [Dr. Abe Baggili]: because that is becoming an area that’s scaring people, and it’s an area of research that [Dr. Abe Baggili]: does not really exist at this point in time [Dr. Abe Baggili]: I’m the editor and chief of a journal, and we’ve only received one paper in that domain [Dr. Abe Baggili]: – professional ethics in digital forensics [Dr. Abe Baggili]: So there’s a lot of work that needs to be done, 100%, as it applies to ethics. Yeah? [Audience Member]: So, pretty much like – what you’re teaching people to be, like, is cl – called like a white hat. Like, you know. If that makes sense [Dr. Abe Baggili]: I mean, if you’re looking at if from a hacking perspective, okay [Dr. Abe Baggili]: I mean, digital forensics is not hacking. I said – I mentioned that in the beginning [Dr. Abe Baggili]: Digital forensics – and I said the – I showed the misconceptions and things like that [Dr. Abe Baggili]: If you’re teaching a penetration testing or an ethical hacking course, definitely, you’d [Dr. Abe Baggili]: want to teach them to become white hackers [Dr. Abe Baggili]: But with that said – with that said, I also saw an interesting article once [Dr. Abe Baggili]: There are two paths you can take to become – to have a really good job in the future, [Dr. Abe Baggili]: okay – and I saw – and it’s kind of funny, but it’s also true [Dr. Abe Baggili]: One path is – become a digital forensics examiner, become sort of a hacker, you know, and learn [Dr. Abe Baggili]: ethical hacking and, you know, have a career ahead of you, but build it up slowly over [Dr. Abe Baggili]: time – and the other one is be a sixteen year old kid, hack some major servers, do a lot [Dr. Abe Baggili]: of damage, and then the government will take you on and you’ll have a decent career in the future [Dr. Abe Baggili]: So it’s kind of like – it’s interesting to see that dichotomy, 100 percent [Dr. Abe Baggili]: So – but I don’t know if that’s – if that’s 100% true [Dr. Abe Baggili]: I know there are cases where that has happened, obviously, but I don’t know of how often that will actually happen [Audience Member]: Yeah, and when it comes to like starting a career in, like, cyber forensics – what are [Audience Member]: the steps, like, a person should take to get that? [Audience Member]: Like does it start off with like a bachelors in computer science, or is there an undergrad, [Audience Member]: like – and I know, like, you have a masters in cyber forensics, right? Here? Or – ? [Dr. Abe Baggili]: No. The way we’re doing things within the engineering college is – we understand that people need [Dr. Abe Baggili]: the technical knowledge. In fact most of the government agencies are asking for specific amounts of credits in [Dr. Abe Baggili]: technical courses and mathematics as well – as well as private sector right now – So [Dr. Abe Baggili]: they’re moving in that direction where they really want people with technical degrees [Dr. Abe Baggili]: to be doing this stuff. Now – so the – . What we do, at least at UNH, is you go through a computer science degree,

[Dr. Abe Baggili]: or you go through a cyber systems degree, and you compliment all your technical courses [Dr. Abe Baggili]: – be it programming and other things – with the digital forensics courses [Dr. Abe Baggili]: This is not to say that there are other courses we’d like to introduce that are not so technical [Dr. Abe Baggili]: into – into our program – but again, between those two, it’s very hard to have even more [Dr. Abe Baggili]: courses because students are already overwhelmed with the amount of credits and amount of courses [Dr. Abe Baggili]: they have to take and so on and so forth [Dr. Abe Baggili]: Now it doesn’t mean that – a lot of people – what they do is they realize that they like [Dr. Abe Baggili]: this, so they get into it in the masters rather than their bachelors. So that’s also a possibility [Dr. Abe Baggili]: With that said, it’s been my personal experience that you’re almost better off – and many education [Dr. Abe Baggili]: folks around the world would disagree withme because – especially since there are a [Dr. Abe Baggili]: lot of Universities that are offering digital forensics degrees right now – I would say [Dr. Abe Baggili]: you’re better off having a – like a computer science bachelors degree and then moving on [Dr. Abe Baggili]: and now getting – or maybe in your senior year starting to get into digital forensics [Dr. Abe Baggili]: But the key thing – the key thing throughout the whole process no matter what process or [Dr. Abe Baggili]: what method you take is research. That’s the key thing [Dr. Abe Baggili]: You have to teach yourself things, you have to not only – go outside and beyond the classroom [Dr. Abe Baggili]: and learn things – go to lab, you know, build a network at home, play with it [Dr. Abe Baggili]: That’s really what’s gonna drive you towards becoming successful in order to have a good [Dr. Abe Baggili]: career in the future, and that’s kind of been my opinion and my experience as well [Audience Member]: So it’d be better – like, from a bachelor’s point of view – to start off with computer science [Audience Member]: and then mold in to, like, forensics – [Dr. Abe Baggili]: And do like what we – what we call a focus area. In our program, yes. Yes? [Audience Member]: Apparently it was revealed recently that the NSA was putting firmware on hard drives as [Audience Member]: a – there’s the potential that people are gonna be moving away from the – those hard [Audience Member]: drives made by Western Digital and CBA and some other brands here in the United States – [Alice]: What I heard about that is that it’s affected all of them [Audience Member]: Ah, it’s affected all of them [Audience Member]: So I mean it looks like the backlash might be changing the way that folks are buying hard [Audience Member]: drives due to – that are overseas – how’s that gonna impact cyber forensics? [Dr. Abe Baggili]: So first of all – this is just news, I heard, right? [Dr. Abe Baggili]: So I don’t know how true that news is at this point in time [Dr. Abe Baggili]: This just came out I think yesterday, or before yesterday [Dr. Abe Baggili]: The interesting thing, however – however – is that I was at a conference last year in Colorado [Dr. Abe Baggili]: and there was a hacker there that illustrated something very, very similar if not basically [Dr. Abe Baggili]: the same idea, so I kind of knew about that to some extent from a hacker’s perspective, [Dr. Abe Baggili]: not from an agency installing something on a hard drive in order to monitor certain things [Dr. Abe Baggili]: Now what is that going to do to digital forensics? [Dr. Abe Baggili]: I don’t know if it’s gonna do much in terms of the hard drives because you still have [Dr. Abe Baggili]: a hard drive, you still are gonna image it, you’re still gonna investigate it [Dr. Abe Baggili]: What would be interesting though is – which I think many of us have not seen – if that [Dr. Abe Baggili]: firmware is really modifying data on the disk, you should be able to see that somehow with [Dr. Abe Baggili]: the dates and times in the file system, which I have not seen anyone find that out yet – So [Dr. Abe Baggili]: I don’t know, again – I don’t know how that thing works yet, I haven’t – I haven’t looked [Dr. Abe Baggili]: at it in close enough regards, but especially if it messes up the dates and time stamps [Dr. Abe Baggili]: of certain files being on a disk – and as you know from an investigative perspective, [Dr. Abe Baggili]: building a big picture is strongly – depends on the dates and times of when events occurred [Dr. Abe Baggili]: – in any forensic science for that matter – then we’re gonna have an issue [Dr. Abe Baggili]: But I have not seen that yet [Alice]: What if it’s just snooping? Look-see? [Dr. Abe Baggili]: That’s also a possibility [Dr. Abe Baggili]: Again, I personally don’t know – I mean, I’ve heard about it, I’ve read the articles about [Dr. Abe Baggili]: – all the articles are extremely high level, and I have not seen, like an implementation, [Dr. Abe Baggili]: or have not seen – you know – something really technical about this specific topic as of yet [Dr. Abe Baggili]: When that comes about, we’ll be able to look at it more closely [Dr. Abe Baggili]: If you have seen something really technical, please let me know, because I have not [Dr. Abe Baggili]: I’ve just seen words right now [Audience Member]: Words – it’s just coming out right now, so we’re in, like, day two right now – finding out how many hard [Audience Member]: drives have been affected – it seems like maybe it could be all of them, some are saying [Audience Member]: that it’s just the overseas ones – the ones going to Iran and China [Alice]: Ah [Dr. Abe Baggili]: Yeah, they said that – [Alice]: They said they haven’t found any evidence of any American – [Dr. Abe Baggili]: They did – the one thing I read was – it said that it highly correlated with what was happening

[Dr. Abe Baggili]: with Stuxnet I believe [Audience Member]: Right [Dr. Abe Baggili]: So that’s why they came to the conclusion that perhaps it was led by the United States, [Dr. Abe Baggili]: but I don’t know if there’s any definitive facts about that as of right now [Dr. Abe Baggili]: We’ll find out [Audience Member]: Western Digital see gets here that they – not putting any – any type of firmware on their drives, so I don’t know if it’s interception [Audience Member]: or putting malware on it or no – their putting the firmware on, actually [Dr. Abe Baggili]: Everything is possible [Audience Member]: Yeah, if they’re gonna start making like homemade drives, you know, how’s that change – [Dr. Abe Baggili]: You can do home brew stuff right now, actually to some extent, but yeah [Dr. Abe Baggili]: I don’t know. Again, as I said in my lecture, like, I don’t know, we have to figure it out [Dr. Abe Baggili]: Like I don’t have the answers to everything, by no means [Alice]: You know, if Western Digital says they’re not putting any firmware on their drives, they could just [Alice]: be responding to a national security letter, they’re not allowed to say [Audience Member]: Or they don’t want to hurt their own bottom line – [Alice]: They’re not allowed to say [Audience Member]: Look what happened to Cisco after their release, right? [Audience Member]: Now nobody from China is buying Cisco and they’ve had to downsize [Dr. Abe Baggili]: I think – yeah [Dr. Abe Baggili]: Cisco will continue to exist for quite some time though, they have a pretty – . Yeah but [Dr. Abe Baggili]: I think they’re – I think they’re okay to some extent [Dr. Abe Baggili]: Especially compared to other companies so – we’ll see where that goes [Dr. Abe Baggili]: Any other questions? No other questions? Nothing? Nope? [Dr. Abe Baggili]: Alright, thank you. Thank you for coming