Digital Forensics Now
A podcast by digital forensics examiners for digital forensics examiners. Hear about the latest news in digital forensics and learn from researcher interviews with field memes sprinkled in.
Digital Forensics Now
Blogs, blogs & blogs!
A baby camel, a high-speed chase, and a heartfelt tribute set the stage for a season opener that is equal parts human and hard-nosed.
We pause to honor Mark Baker, mentor, officer, and friend.
This episode spotlights a free Belkasoft AI course along with the much-anticipated release of Rabbit Hole v3, designed to tackle complex data structures.
From there, it is all about blogs, and there are plenty of them. Mattia explores extraction nuances, showing how AFU versus BFU states and encryption classes still determine what you can recover from iOS and Android. Hexordia provides important guidance on first responder missteps, emphasizing how early handling and precise thinking safeguard the integrity of a case.
We also showcase open-source and budget-friendly tools such as Autopsy and IPED, which expand analysis capacity without breaking the bank.
A hands-on demo of Gallery Builder illustrates how to create courtroom-ready visuals, paired with a reminder that “vibe coding” with LLMs is no substitute for validated forensic standards.
Finally, we close with the latest LEAPP and LAVA updates, which continue to push practical workflows forward for the field.
Notes:
BelkaGPT: Effective Artificial Intelligence in DFIR
https://belkasoft.com/belkagpt-training
Training First Responders in Digital Evidence Handling: How To Protect Your Department from Case-Destroying Mistakes
https://www.hexordia.com/blog/training-first-responders-in-digital-evidence-handling
The Packd Byte
https://www.thepackdbyte.org/
Two New Blogs from Mattia
http://blog.digital-forensics.it/2025/09/exploring-data-extraction-from-android.html
https://blog.digital-forensics.it/2025/09/exploring-data-extraction-from-ios.html
SWGDE
https://www.swgde.org/documents/published-complete-listing/16-f-002-considerations-for-required-minimization-of-digital-evidence-seizure/
Gallery Builder
https://github.com/charpy4n6/GalleryBuilder
Welcome to the Digital Forensics Now podcast. Today is October 2nd, 2025. My name is Alexis Brignoni, and I'm accompanied by my co-host, the New York David Attenborough, the peepee long stocking of Digital Forensics, the one and only Heather Charpentier. Oh my god. The music is higher up by Shane Evers and can be found at silvermansound.com. Heather. Yes, David did I pronounce David Attenborough right? Hopefully.
SPEAKER_00:I have no idea.
SPEAKER_03:Oh my goodness. That's true because you live in the woods. See, Sir David Attenborough, he was a naturalist and he had all these nature shows when we were growing up, and he still has some to this day. I think he's doing one now at either Disney Plus or something like that about the oceans. So uh do you know who Pippy Longstocking is? At least you don't know.
SPEAKER_00:I got the Pippy Longstocking reference, and everybody will understand it in a minute, but I did get the Pippi Longstocking reference.
SPEAKER_03:You saw you saw the books or just the the show, the TV show.
SPEAKER_00:The TV show.
SPEAKER_03:Oh, yeah, TV show was the best growing up.
SPEAKER_00:Yeah.
SPEAKER_03:All the youngest listed, like the what?
unknown:Yeah.
SPEAKER_00:Oh, definitely. Half of my office would be like, who? I've never heard of that. Yeah. Never heard of that. Thank you for the great introduction as always.
SPEAKER_03:Absolutely. I'm happy that you're gonna share with us all those references now.
SPEAKER_00:Yeah. So yeah, so uh what's been going on? Uh uh I just got back from vacation, which is why we skipped uh a couple weeks there on the podcast episodes. I just got back from a vacation to an animal farm, and I've got some pictures to share with everybody.
SPEAKER_03:I'm telling you, she seems like she's a naturalist. She's a naturalist, of course.
SPEAKER_00:So my sister and I took a road trip to Tennessee last week, and we went to a Koei Riverside farm. We stayed in a covered wagon. It was called the Welcome Wagon. It was awesome. And I just have pictures of all of the animals that I have to show everyone. So the first guy was the first uh animal to greet us. That's Picasso, the llama, and blackjack the blackjack the donkey, and then Prince Ali, my favorite animal on the farm. Uh he's a white baby camel who I loved. And then my sister and I got to just go in and interact with all of the animals the entire time. It was so awesome. We were petting baby highland cows, feeding them bottles. You can see uh Fennec fox that we were holding in the picture. We got to hold and bottle feed kangaroos. Okay, look at it.
SPEAKER_02:I I want I want to uh direct everybody's attention to Heather's hairdo.
SPEAKER_00:Yeah, so uh Holly gave me some braids on the farm, and that's the Pippi Longstocking reference for anybody who's too young.
SPEAKER_03:So yeah, and by the way, look at her lifting all these animals like super strong, like like like her, you know.
SPEAKER_00:So kangaroo.
SPEAKER_03:Yeah, it it it it you know it's amazing your strength. It's incredible.
SPEAKER_00:I don't know about that. But here we were with the camels and the monkey. There was a little spider monkey named Georgie. Oh uh, it was awesome. This trip was so amazing. Um, and Holly and I went horseback riding. Uh, my horse was named Trip because that's what he does, he trips, so that was fun.
SPEAKER_03:I was hoping it was like a great trip. No, no, no. He just he falls over.
SPEAKER_00:And then the sloths. Uh, so the the way I found this farm actually was I wanted to hold a sloth. And if anybody doesn't know sloths, don't really like to be held. There's very few places that you can find where the sloths are actually trained to like human contact. And these sloths were raised from babies to actually want to have contact with humans. So we got to hold a baby sloth and feed them. It was so much fun.
SPEAKER_03:Well, I mean, I think that's your spirit animal, if I'm not mistaken.
unknown:Hey, hey, hey, hey!
SPEAKER_03:See, but your first reaction was it is. Oh, wait, I shouldn't say that. Let me let me push back now.
SPEAKER_00:I wish I could have a day like a sloth. And then I ended my little slideshow with my my favorite guy, Prince Ali, again, the the white baby camel. He was just so cool. So um, it was it was an awesome vacation. And then we we uh actually drove home and we did the whole 14 hours straight. My sister drove the whole 14 hours. We didn't stop and spend the night or anything, and we ended it in New York State with a high-speed chase on the throughway. So we weren't in the high speed chase.
SPEAKER_03:Oh, I was gonna say, did the police catch up to you? Is that uh did you escape?
SPEAKER_00:No, but we had some uh we had some entertainment at the end of our trip there with a high speed chase on the throughway in New York.
SPEAKER_03:So I don't know if that's entertainment, but it was something. But yeah, hopefully everybody if everything went fine.
SPEAKER_00:Yeah, I think they got them.
SPEAKER_03:So good, good, good.
SPEAKER_00:Yeah, but the vacation was so amazing and just too short as vacation always is.
SPEAKER_03:See, see, that's why that's why C wanted to get whole relief. So you so it's it's the it's the person that's being chased, is the cops chasing them, and then you all chasing the cops.
SPEAKER_00:Yeah, yep, yeah. We got to speed because of it. No, I'm just kidding. But yeah, so it was a it was a great time. Uh, what were you up to while I was gone?
SPEAKER_03:Uh me, uh nothing, nothing, much much of nothing, especially now for we for resources beyond our my control.
SPEAKER_00:Yeah, we won't get into that, huh?
SPEAKER_03:Well, I mean, I'm doing a lot, but okay, let's let's not get into that, yes.
SPEAKER_00:Yeah, but no, you were you were doing things while I was gone because I saw some really good pictures on your social media of the dancing you've been doing.
SPEAKER_03:Oh my shit. And she takes the one that I need a hairbrush, but it's okay.
SPEAKER_00:Uh so I love this picture. Him and his wife dancing. It was a great picture.
SPEAKER_03:Yeah, yeah. She she makes the picture a hundred percent better. I agree.
SPEAKER_00:Well, she definitely makes the picture a hundred percent better. But you were out dancing.
SPEAKER_03:Uh yeah, I I do that on the weekends. Like uh I try to do it every weekend. I mean, you can't do it every weekend, but I I try. I and honestly, the the only thing that's keeping my mental sanity right now is it's dancing. I would I would think that maybe exercise, but no, it's although dancing is kind of a kind of exercise, but it's it's it's dancing. It's just the the fact that you had to focus on learning, you know, whatever the moves is and the music and the interaction with other human beings outside of a stressful situation like the ones that we had to deal with day to day because of what we do, right? It's a good change of pace. So it's been keeping my sanity uh lately. So I'll keep doing that.
SPEAKER_00:You do the dance, animals, yeah.
SPEAKER_03:A little bit of sanity that I have, sanity, yeah. Keep it.
SPEAKER_00:Awesome. Well, that's awesome. So, yeah, sorry it's taken us so long to have episode zero of season three. We're on season three, so we're starting our third year. This is insane. I can't even believe it.
SPEAKER_03:Yeah, it's it's it's gone so fast.
SPEAKER_00:Definitely. So go ahead.
SPEAKER_03:No, I say it goes faster when we have shows for a full month.
SPEAKER_00:Yeah, that's true. We did skip a full month.
SPEAKER_03:No, but we're we're back, we're back.
SPEAKER_00:Yeah, definitely. So I want to take a minute um just to mention something before we get started with the topic. So um, these past couple weeks, uh during the past couple weeks, we actually um lost uh a friend. So we want to take a moment to honor the life um and sacrifice of Mark Baker. He was killed in the line of duty in York, Pennsylvania. Um, he served as the training manager for IASUS, which uh Alex and I both volunteer at IASIS and and knew Mark very well. He was an officer, a husband, a father, and a friend. And his leadership, dedication, and impact on our community will be remembered. And his absence is gonna absolutely be felt uh by the IASIS family as well as the digital forensic community for for such a long time. Um, he was a great person, and we just wanted to take a moment here quickly to honor him.
SPEAKER_03:Uh absolutely. And um impossible to to uh replace him in in on in in everything. So um um we'll never forget him.
SPEAKER_00:Yeah, absolutely. So let's uh let's get into our topics. Um first topic I have for tonight, uh Belka GPT. If you haven't been following Belkasoft on LinkedIn or any other social media, follow them. They are offering another course. So um it's entitled Effective Artificial Intelligence in DFDR. And the course is gonna be free exclusively to Belcasoft LinkedIn group followers. So if you don't already follow Belcasoft in their group, go to their page and follow Belcasoft because that'll be free if you're a follower. If not, the fee for the class is$999, which still isn't bad, but who doesn't love free? Right? Um, once you go register, they'll send you a link to the course materials in the period between November 3rd through November 15th. So don't expect your materials right right away. That's not happening till November. And then once you have your materials, you'll have free online access to the course anytime you want until December 15th. Um, after that period, if you want to take the course, it'll still be available for that$999 fee. Uh, you'll get certificates of completion and achievement, and you'll get um the opportunity to earn six CPE credits. So we'll have that up in the show notes at the end. Uh, the website where you can go register for that. And there's actually also on that website the link to go follow the LinkedIn group.
SPEAKER_03:Yeah, and even if you don't, if you're not a user of the tool, it's a good opportunity to get familiarized with yourself with another tool set. There's always something that you can learn uh from these types of events. And uh I've taken a few of the past courses uh from Bel Casa, and they're actually pretty good. So uh I would say, and look, the CPEs, if you have uh certifications that require that, like ISC2 or some other that requires CPEs throughout the years to be able to keep your accreditations, then there's one way of doing it, and it's it's just gonna cost you some time and and you'll do some learning. So it's you can't go wrong with that.
SPEAKER_00:Also, they're incorporating AI into their tools, and it whether we like it or not, it's a hot topic. And go try it out, see how theirs is related to, I don't know, maybe other tools you've tried too. I've heard it's good in Belkasoft, and I can't wait to try it out. So I'm gonna try it out and then give uh Erie my review.
SPEAKER_03:Yeah, I mean, I mean, I I'm a I'm a well I might say well known in regards to our field, critic of the whole AI thing, but um that doesn't mean that we just ignore it. That's that's being a critic doesn't mean uh the opposite. Actually, a critic is the one, it's a person that definitely does not ignore it. We want to know more about it. And actually, we would hope that and no no no not only uh AI, LLM stuff, but any technology, any new way of doing things, we have to be critics and uh first to to make sure that we get the tooling or the resources or the solutions to the level that they need to be, because we are the ones as a community, the the practitioners, the ones that know how the end product should look. So uh so yeah, no, uh being a critic isn't I don't believe it's a bad thing, it's a good thing. And look, and and have a have a have open minds, right? Um uh again, I'm a critic, but I'm also happy to be wrong. So uh then the way to you go ahead.
SPEAKER_00:I was just gonna say I registered for it today and I'm excited to to check it out.
SPEAKER_03:No, and and the way that you're saying the way to actually be able to know is to do. So let's do it.
SPEAKER_00:Absolutely. I don't have this on our list of topics, but I just saw on LinkedIn, um, I saw from CCL Solutions that rabbit hole version three is gonna be released, and they're actually going to do an announc, a big announcement about version three sometime next week. So if you're not following CCL Solutions on social media, follow them because I think this is gonna be a big release, and they're gonna talk about it.
SPEAKER_03:So no, yeah, and and if you're not familiar, uh you're maybe like a you know one of the newer new to our podcast. Uh Rabbit Hole is a great tool. This company in the UK they put out, and it allows you to look at pretty much any data source. When I say data source, I mean data structures like uh um level DBs, um, what's the what's the other one that uh the protobuffs, which are pretty hard, kind of hard to deal with. Um XML, segB files. Oh yeah. So it supports all of those, and it's pretty cool because then as you look at your source data and you find the path where the data is, and then you go and you parse it with the tool to get what you need, you can save that work that you did, and then reapply it in the future to other similar uh data extractions, right? Kind of saving your work. So it's a great tool. Um, we use it, and correct me if I'm wrong, but I think we both use it mostly to do a lot of our research to be able to figure out what things mean, what things are.
SPEAKER_01:Absolutely.
SPEAKER_03:So uh it's a it's a worth tool to use. We use it in our class as well, the in the advanced mobile device forensics that we teach for our ACES. So yeah, keep your eye out. And even again, even if you don't have it, it's good to know what's out there, what are the capabilities of the tooling.
SPEAKER_00:And if you don't have it, they do offer a 30-day free trial. So give it give it a minute for the new version to come out and go try the new version with the trial. You're gonna want it if you try the if you try the trial for sure.
SPEAKER_03:No, and and for sure people need to understand that we don't get paid anything to promote nothing.
SPEAKER_01:Right.
SPEAKER_03:So so we just you're just talking about our experience of using tools and and and and the like. But yeah, we don't we don't get sponsored by nobody. So I gotta make that clear.
SPEAKER_00:Um, I want to point out some uh recent blogs that have come out. So uh Debbie Gardner from Hexordia actually recently wrote a blog called Training First Respect Responders in Digital Evidence Handling, How to Protect Your Department from Case Destroying Mistakes. Um great article. It stresses that digital evidence is now present at nearly every crime scene and that first responders often risk destroying it if if they just don't follow these simple tasks that need to be done in preserving evidence. Um it's a great blog. I'll put the link up for everybody in the show notes afterwards, but a great blog about how to kind of mitigate some of those issues you may run into when pr uh handling and preserving data.
SPEAKER_03:Actually, I'm gonna freestyle here because I had a meme about it. Here it is. Oh let me see if I can uh I can show it here on the screen without messing this up. So not too long ago, and and it's it's so great that when things kind of converge like that, I had a uh let me see which screen do I want to share. Um one second here, everybody. See, that's that's what happens when you try to freestyle things. But I will share it though, because I'm not gonna quit. I'm not a quitter.
SPEAKER_00:You're like me when I'm trying to share the screen, except I have all my stuff ready.
SPEAKER_03:Oh, that that is true. That is true. But what I'm gonna do is I'm gonna quickly, with my fantastic uh Mac computer, snip it and then show the screen.
SPEAKER_00:There you go. That'll work. That'll work.
SPEAKER_03:So yeah, so on on this meme, I'm gonna go back here to just share it. On this meme, I like it because it's a picture of a guy sitting in a chair, and I'll show you in a second as I'm I'll be describing as I'm looking for it. Uh the guy is sitting in a chair, and of course, if I open the picture, I could actually share it. And there's another guy that's kind of standing, kind of uh looking at him. Where's my screenshot? Where did it go? Uh see, I hate, I hate, I hate myself now. That's alright.
SPEAKER_00:That's alright.
SPEAKER_03:No, no, well, well, I'll get it. I'll get it, people. Bear with me, wear with me. Bear with me, it'll be half a sec, it'll be a second now. Where do you go? There we go, here it is. All right, so the guy is sitting in a chair, right? And and I'm now gonna share it so we can actually see it. Goes here, goes here, goes here, and goes here, and allow, and here it is. Okay, so so there's there's so people are listening. So there's this guy in this chair, and it says digital device. That the guy in the chest is the digital device, and it's another guy that just took a shot at this guy, so he killed killed the dude in the chair, and it and the guy that's making that shooting, uh, the the caption says, fingers the screen, alters data, makes no effort to preserve access, right? So literally killed that digital evidence, and then that guy turns around and says, Why is the digital forensics lab so useless?
SPEAKER_00:Oh, that's great, that's perfect for this topic.
SPEAKER_03:And the comment that I made is like, again, this is look, any similarity to actual events is pure coincidence. But my my comment was device gets wiped before getting to the lab, but after it's seized, right? Yeah, and uh again, this is this is me uh, like I said, it has no relation with reality necessarily, but it could happen, right? Devices can get wiped. Are you doing the proper isolation of that device at seizure time? And that's up to the first responders. Uh I mean, look, if you have uh an examiner with you, hey, that's great. But I would say, you correct me if I'm wrong, but at least nine times out of ten, you're not gonna have an examiner with you right at at seizure time or a first response time, right? So articles like this one from Exordia are so important, and I'm I'm so happy that that we're having those.
SPEAKER_00:Yeah, it it definitely just puts across the point that early handling of evidence can make or break your case.
SPEAKER_03:So yes, absolutely.
SPEAKER_00:Um, let's see, another new blog, and this one's new, new. I saw it today on LinkedIn. It's called the Pact Byte, and it was a LinkedIn post by Mike Zito. And the Pact Byte, according to the website, is a place for forensicators to publish research, information, and topics for the betterment of the digital forensic community. And the platform is geared towards those who don't have the time, energy, or resources to like make their own blog. So we've talked on the podcast numerous times about how you can give back to the forensic community. And it's like, make sure you share your research. You can create your own blog. Well, if you don't want to create your own blog, this is gives you another option. You can just post your research to this blog. There's um on the website, there's a join button, you can join it, and then there's um uh email address to request access to post your own blogs. And Kevin Pagano messaged today when I said, Oh, I'm gonna throw this out on the podcast tonight, and he's gonna put it on the start me page too, the forensic start me page.
SPEAKER_03:Fantastic. Yeah, the the more the more um venues we have to share information, uh, absolutely the better.
SPEAKER_00:Yeah, absolutely. This looked really cool. There's already a few articles up on it, too. So go check out. I think there's like six or seven articles already up there for for our viewing pleasure.
SPEAKER_02:There we go.
SPEAKER_00:All right, more blogs. We found a lot of blogs, but we've also been off for a month, so people have been doing a bunch of work.
SPEAKER_03:It's the blog episode to start the year.
SPEAKER_00:So I entitled this one Two New Blogs from Matia because Mattia uh did two new blogs related to exploring data extractions um from Androids and iOS. One of the blogs is about Androids, one is about iOS, and it's what data you can access and how. So the Android um blog explains how data can be extracted from Android devices and digital forensics. It highlights that access depends on two factors, the device state, right? Is it unlocked or or locked? And then um whether or not you know the code. Um, and then it talks about Android's file-based encryption and how how pretty much how we get into these devices that are encrypted and the different types of encryption related to Android. Um, and then different acquisition methods related to Android. Um the key takeaway from this blog would be that no single method works on all cases, and that investigators have to choose based on the situation that they have with their with their phone. The iOS blog, uh similar, talks about all of the same topics, but with iOS, the difference between full file system and um advanced techniques to provide varying levels of access. The main takeaway is that the available evidence depends on the encryption class, the device state, and the chosen method. So investigators must adapt their approach to each case.
SPEAKER_03:Well, I mean, I mean, this is really foundational stuff. And I'm happy that Mattia, and as you know, Mattia, Mattia Epifani, he's from Italy, uh really well-known examiner. I actually had the pleasure of meeting him uh this year, the beginning of the year, in the Netherlands for one of the conferences there. And uh this is foundational stuff that you need to know, right? Most examiner you tell them, well, uh, what's the difference between an AFU and a BFU? And they'll tell you, well, you get less on the BFU. What does that even mean? Less less of what? And of and how much less of like what does that mean, right? Right. And and something as like like like he's explaining in the blog, right? Between um uh credential and crypto storage and not, right? It's the difference that, for example, between if your phone rings and you haven't logged in for and into it after you turn it on, well, it will ring, but the screen won't tell you who's calling, versus yeah, I logged in once, it's locked, and now it rings, it will tell me who is actually calling. The name is gonna show up. But why is that, right? Well, their phones are into different states, right? One is before you logged in, and the other ones after you logged in. And different of these encrypted storage spaces have different levels of permission and access to data depending on what the state of that phone is. These are things we need to understand. Why? Because they will inform how we process and deal with phones in those states. And not only that, when it's time for you to explain this stuff at court, if you're in the criminal sector, or you have to explain something in regards to user intent in a uh civil civil procedure, then you actually know what you're talking about. But just just saying, well, it's more and the other one has less, uh, that doesn't really tell us much of anything. So please, if you you it sounds like, oh, I I know what a logical extraction is, I know what AFU and BFU stand for. I mean, do we? Do we really know? Do we really understand? Blogs like this are so important, and and and Mate is such a great uh uh writer and and author, and and and like you know, his English is perfect, even though my assumption is that his first language is Italian the same way that mine is Spanish, but he's great. So uh it'll be really good for everybody to follow him and and check those those uh posts out.
SPEAKER_00:Yeah, so uh they're so incredibly valuable too. So I I'm just gonna bring up a listserv post I saw this week or last week. Someone was raising uh what had a question because uh there was a courtroom challenge to one of their cases, and it was related to the type of extraction they performed on the device. They did an AFU extraction, it sounds like, because they didn't have the PIN code to the device to get the full file system. And whoever the opposing counsel was was raising the issue that instead of doing an AFU extraction, you should have done a selective logical extraction with celebrate. I don't even know what a selective logical extraction means. I'm guessing they were meaning like a selective app extraction, but if they meant logical extraction, you're not doing that if you don't have the pin code anyway. So it is a bit confusing. But these types of blogs uh they just could help in a situation like that, right? So Matias is explaining what types of extractions you need, what you get with those extractions, and these types of blogs could help in a case where you're being challenged on what type of extraction you performed and being able to answer those questions in court.
SPEAKER_03:Well, me, even in that example, again, we don't know what that means, that selective app. No, I know what it means. But let's assume it means, well, do you get the data directory for the app, right? That's better than getting an AFU. Well, is it really, right? Yeah, because there's a lot of data that relates to the app outside of the directory where the app is. For example, network usage. Has the app being used? Not only has it been used, but how many bits and bytes were coming out in and out of it of the app? And it was it through Wi-Fi? Was it through a LAN connection? Uh was it through these cell towers? Like all that type of information doesn't live where the app is, it lives outside in another place that's managed by the operating system. Do I want access to that? Do I want access to the biome directories that tells me about install states when the thing was installed on installed uh or mobile installation logs? None of that lives with the app, lives outside of the app directories. So you can't tell me that a selective, assuming that's what it means, is superior. Because what? What are we talking about here? And again, knowing what you're talking about here will then illuminate people to make the decision and figure out what actually the correct course was, which in this case would be the course you took as an expert, right?
SPEAKER_00:Absolutely, absolutely. And I actually have an example of that as well. So recently I was doing a little bit of research into um the Google Pixels new function where you can take call notes, and well, we're gonna talk about that later because in the leap section, but call notes essentially you can record the call, and then the device is using AI to transcribe that phone call. Um, I wanted to do some testing on it, but I wanted to do it with my own personal phone, so I don't want a full file system extraction of my own personal phone. So I use the selection selective app um option and just pulled the call logs. Well, guess what? The call notes data is not in there, it doesn't pull that. So I I don't even understand the selective application extractions anyway, because you're gonna miss so much. But there's an example right there where you actually do miss part of the actual call.
SPEAKER_03:Well, I you make a great point in regard to testing. If you use this whatever feature, not a selective app, but whatever feature it is, and you test it out, you know what you can get, what you don't don't get. And there might be situations. So let's say, for example, like your example, maybe the I need only the call logs, and we we get those based on your testing. Now, I won't get the transcripts, but I do get the call logs, then I'm okay because that's only what I need, right? But if you don't understand what you can get or not get, same thing with understanding what AFU, BFU, and the different states are of the phone, then then you won't be able to make the best decision also for the amount of time. At least in law enforcement, and based on our experience, we have more time to actually try to grab as much as we can. But in certain other uh scenarios, especially in civilian work or or you know, work like that that's not criminal, right? Um, that maybe the client is paying by the minute. I don't know. They might want to minimize that cost and really get to whatever you need to get. Again, like like we'll show later. It it all depends.
SPEAKER_00:Yeah. There's there's a good article on SWIG DE as well, um, entitled Considerations for Required Minimization of Digital Um Evidence Seizure. Anybody that's being questioned on the type of extraction that they did, I would push them to go read that document that's been recently published by SWIG DE as well. And I'll put a link, I'll put a link to it. Yeah. So this one's all you.
SPEAKER_03:Yeah, so so let's start with a meme that was pretty popular um uh this uh this week. So it says, Mon, mom, can we have and there's a little gray key symbol and the old celebrite premium symbol because it's not called premium per se now. Now it's in inside insights insights premium? I don't even know. All right. So can we have that? And the mom says, No, there is the same logos, right? The great key and premium at home. When you get at home, what you have is iTunes backup and IDB, right? And if you've done extractions, you know the feeling, right? Um, you you can only get so much from tools that uh either come with the devices or open in the environment. Uh, there are some tooling that will require you to do a certain investment of money and time. Money because they cost the licensing costs and time for you to understand how to use them properly and get to what you need, right? And that made me think a little bit about cost. Uh, these types of technologies, there's a lot of uh a lot of uh RD research and development that goes into them, and they do cost money. But I think everybody can agree that our budgets are getting shorter and and shorter. Um and that's uh that means that the power that we have to acquire some of these tools is being diminished because the tools are not getting any cheaper. And you know, we can have a discussion in regards to well, is it is it fair that this there they're being cost or priced at at those levels, and uh that's a pretty hard conversation, right? Um, because as users or customers, we don't have the view from the other side of the vendor or how they justify it, right? Right. Um, so what can we do about it? And I was thinking about well if we have to shift resources around, my thought process on that is well, there's some tools that we cannot avoid having, right? Especially specifically the extraction tools. And I've been saying this for years. I think the companies that will really continue to grow market share are the ones that are really focusing their resources. Into lawful access. Okay. Lawful access means that we're able to get into the devices to extract the data that's relevant to the cases in a way that's lawful through a court order from a search warrant from the judge or through properly obtained consent of the owner of that device. Lawful consent. And if we're or lawful means, right? Lawful extractions. Companies that do that will continue to grow market share. Those are things that we'll need to buy, and those are a tooling that cannot be in the open because the moment they are, then we lose that access. But let's say we save our beans or money to get those tools. Then how do we save money? We have to be cutting short on some other parts. So one of the parts that we might be cutting short is on the analysis portion. And that's where you come in as an examiner. Um, you might not be able to buy 20 license licenses to process your extraction, but there's some things you can do as an examiner, right? There's options, open source options like um for computers, uh, autopsy, and autopsy from basic technologies, used to uh sleuthkit basis technologies, it's not uh maintained as often as it used to be, but it's still a pretty solid uh solution to look at Windows systems. There are uh open source uh frameworks like the Leaps, that the ones that I started, and now the community has taken over. Well, we'll help you with some of that parsing. There's tools that are maybe lower priced, maybe either still paid but lower priced, like the rabbit holes of the world, right? Where you can use also use to start and do that analysis. So you might be able to maybe save some money on the analysis portion so you can save your money for the extraction piece. That's the kind of the groundwork, the basis that you have to have. Um, but that requires then for you to kind of upkeep and grow in your understanding of of the technologies and of how to do the analysis. Because um, there is no free lunch, right? People think, well, if I go open source, then you know it's and I'll get there, Christian. I was gonna mention that. Um you can uh say what's a free lunch. Well, it's open source. I'm saving all this money on tooling. Well, no, now that money will go into training people, right? Um, there will be a cost, a human cost. Whenever you take the cost out of the tooling and try to save that cost, then you have to invest in some way in the person. Um, and sometimes that means that you have to invest in yourself, right? Um, there's uh other tools like like Christian's iPad to get uh data. It also works for Windows. So by the way, I did not know it worked for Windows data, but it does.
SPEAKER_00:I maybe which one's iPad.
SPEAKER_03:Uh let me see if I can give you the link real quick.
SPEAKER_00:Oh, that's that's all right. Keep talking, I'll look it up.
SPEAKER_03:Yeah, yeah, look it up.
SPEAKER_00:Yeah.
SPEAKER_03:Because we we we'll talk about it in the show, but again, we talk about so many tools in the show. Um, and and and same with with other toolings, right? Um for uh doing logical extraction even of devices, right? There are many tools out there, open source, but at the end of the day, when resources are short, the mission doesn't stop because you have less resources. Well, you know, they cut my budget. I guess I'm not solving the case. No, we we expect you to do the job, right? And even if it means you know using uh your hex editor, whatever, what whatever it takes, you you need to do that, right? Um, so in in in we're coming into an era, at least on budget-wise, for most agencies, again, I'm talking about law enforcement, where our budgets might be uh short, then we should start thinking of expanding our view in regards to how we analyze our data. How can we take some of that work and offload it from a tool, but it's a paid tool, and figure out if there's open source, free tools, and your own understanding of how forensics works to kind of carry you over this this period. I don't know if that makes sense to you, Heather. What do you think?
SPEAKER_00:Yeah, it absolutely does make sense to me. Um, I think uh we're never gonna be able to do the extraction ourselves, uh the the type of extraction, the full file system extraction. At least I I can't. I don't know if you can, I can't. Um, so we need the tools for that. But you're right, there's plenty of other tools that we can use for analysis that could help with those budget issues.
SPEAKER_03:Look, if I could get full file system extraction uh instructions, I will have my own company and I will be marketing it and order undercutting some people. Absolutely, absolutely, but but that's not happening. No, but even like something as simple as I say simple, it's not simple, but knowing how to say uh you have a bit locker drive, well, I mean you might need to brute force it, for example. Well, how do you do that? Do you have a tool to do that?
SPEAKER_01:Right, right, exactly.
SPEAKER_03:Or or do you have ways of going around certain encryptions or certain extractions? There will always be some tooling that's needed for that, and that's gonna be pretty pricey. Yeah, but we then then that I guess my suggestion is on the analysis section, grow more in your own understanding, use open source tools, and and also try to contribute to the to the uh community. If if you know how to do code a little bit, make uh an artifact for the leaps or make an artifact from autopsy because autopsy also accepts you know, you can do artifacts with it and pull stuff out for analysis, um, or even make your own tool. If people are making their own tools also all the time and share with the community, and and uh because at the end of the day, we want to accomplish the mission, right? And and having a budget be short, the mission still remains, and we need to try to step up to that no matter what circumstances we're in.
SPEAKER_00:Yeah, absolutely. Um, it was today that I learned what iPad is, by the way. Um, so iPad is on GitHub, it's a digital forensic tool, open source, and can be used to process and analyze digital evidence, often seized at crime scenes by law enforcement, it says, or in a corporate investigation by private examiners. Um, I've actually never heard of that, Christian, so thank you. Um first timer here for that one. He's uh Christian wrote back and said it's a bit like op autopsy.
SPEAKER_03:Yeah, no, and it actually looks it look it looks great. I actually I confused it with another tool we talked about, so no, we haven't talked about this one yet. Yeah, no, yeah, but no, actually, actually it looks pretty legit. So that's something we definitely need to check out.
SPEAKER_00:Yep, definitely. Um so speaking of open source and low-cost options, though, uh, I have a little sneak peek that Christian Peter actually sent to me. Let me pull it up here. So we are going to have a new tool soon. It is not available yet, but I have a little sneak peek for everybody.
SPEAKER_03:And and and and and and I I want I want to thanks, I want to thank Christian for naming this tool in my honor. Uh obviously everybody knows that it's because of me that this tool exists. So thank you, Christian, for calling it.
SPEAKER_00:Christian, if you're listening to me, I know you are. You have to change the name of this tool. So the name the name of the tool is Android Logical Extractor. And for short, it will be Alex, which we have to change it.
SPEAKER_03:And since it's gonna be such a great tool, and it is a great tool. It's gonna be called Alex Is, you know. So I think that's gonna be the most proper name we can give to it because it is really good.
SPEAKER_00:So we have to brainstorm a little more about this name, please.
SPEAKER_03:No, we don't.
SPEAKER_00:But um, so uh Christian actually sent me some screenshots to share with everybody. But Android logical extractor, it looks a lot like you fade.
SPEAKER_03:So I I love that it's green to make it really obvious it's Android, you know?
SPEAKER_00:Yep, yep. Uh I rolls hard, Kevin says.
SPEAKER_03:Uh the the the envious uh jealous haters always showing up. I'm sorry, but that there's no A in Kevin for Android. Sorry, Kevin. You know, you don't have a name that kind of flows like that.
SPEAKER_00:Sorry. So in the screenshots, I'm still I'm showing the uh early stages of the interface for Android logical extractor Alex. Um, you can see on the left-hand side we have the information about the Android device that Christian had connected. Um, there's reporting options, acquisition options, logging options, and then advanced options. Um there's uh sys dump, there's uh logcat dump. Let's see what else we have. He sent me some screenshots. So the uh tool will have the capability to take screenshots. So there's a little example of that there on oh I love that.
SPEAKER_02:That's great.
SPEAKER_00:Yeah, it's cool. Um, it has a chat capture function, which is awesome, um, where you can actually capture the chat in the state that you're seeing it on the device.
SPEAKER_03:And and that's so important for apps that you can't really pull out, then you can take your you find the chat that you care about and then you just go taking those screenshots down. That's perfect, that's perfect.
SPEAKER_00:Yeah. Yeah, it's it's like a it's a different view when you can actually say here's what it looks like exactly on the device versus like a uh just a CSV of chat messages. Gives gives more uh I guess a better look for courtroom presentation. Um there's the options here to save the device info out and create a PDF, a printable PDF report. And then he sent me a nice screenshot of the tool actually performing a data extraction. So I cannot wait till it's released and we can actually do a demo and I can play around with it, which hopefully when is that?
SPEAKER_01:Yeah, right.
SPEAKER_00:I don't know yet, but it's in its early stages. He did tell me today, too, um, that there will be um there will be a UFED style backup also planned. So yay.
SPEAKER_03:Yeah, I I I I I love how he says in German, das selbing grun. I know I said it right, but something but in green, I love it. And obviously, um Kevin thinks it's his favorite tool. He hasn't used it yet, used it yet.
SPEAKER_00:I have to agree. I'm like really, really excited to use it, so I can't wait for that very first release.
SPEAKER_03:No, absolutely, and that speaks to the point of there's a lot of things coming out in the open source community. Uh, this is free, but the the quality of the work and the outputs are are great level, they're they're fantastic. So to open your mind, not not again. If your budgets are being cut, you need to make sure you understand where to allocate the resources where you need, and then open your mind to other technologies, open source projects, community projects that will assist you in in accomplishing the mission with whatever resources you're able to have. So something that we need to start wrapping our heads around.
SPEAKER_00:Yep, absolutely. So let's see here. Um, so I created a little thing, but I didn't create it. Um, I had a request um for a gallery view of images and videos for a casework. And um, so you know, if you kick out a tool report, you have all of your images and videos, but they're there with all of the information that goes along with them. Well, a request was made. I just want to see a gallery view of the images and videos. And so I created, and I say I created because I did use AI. Don't kill me. I see your face.
SPEAKER_03:Uh you prompted it, uh but you did nothing. Okay.
SPEAKER_00:I know, I know. I'm gonna fully admit to that in just a moment. Um, so I used AI in conjunction with a little bit of stuff that I fixed, by the way, uh, to create uh what I'm calling gallery builder. And I just kind of wanted to show you guys that, and then I'm gonna talk about some of the issues with what I did. But I have it up on my GitHub. If anybody wants to use it, go ahead. But if you're requesting any changes or updates, I may not know how to do that. So like it as it is, please. Um, but I do want to share, I just want to share what it looks like and what the output looks like. And anybody's welcome to use it. I'm using it for um that that nice gallery view for for presenting. So let me pull it up here. There we go. So this is what it looks like, and it's very easy and straightforward. The photos, if you want to put photos in a gallery view, you hit browse. You browse to the folder where all of the photos are. I will say they have to have extensions. So if your tool of choice outputs those images um or videos with no extension, you need to include an extension on the file. Um, you can name the page title, you can then name your output report. It's gonna output into HTML.
SPEAKER_03:Or or you could check the mime uh or headers or for the H media and then find out what picture, what type of it is, but like I said, uh easy. I'm just I'm just hating on you. I'm just hating on you.
SPEAKER_00:Yes. So um, and then you just click build photo gallery and it kicks off your photo gallery. I have another tab where you can use it for videos. The reason it's separate is um it's using ffmpeg to create posters to have the videos shown in the HTML, and I'll show you that in a second. Um, and then one of my coworkers is like, oh, I like it, but I want my images and videos mixed. So I did one for a mixed um assortment of images and videos as well, so that you can view those all in an HTML file. So I'm going to pop up really quick just what the um what the output looks like. So let me just open that. All right, and share my screen to the entire screen. There we go. So I have my pictures here from my trip that I used for it. Um and they're all in just a little gallery view. If you click on the picture, it comes out in a new tab to a a full screen, a larger picture. And you can do that with any of the images. And then if you were to do the videos.
SPEAKER_03:I will say it looks pretty cool. So I love it.
SPEAKER_00:I love it.
SPEAKER_03:Yeah, I I I I I I can't I can't hate how it looks because it's actually pretty straightforward. Actually, it looks pretty nice.
SPEAKER_00:So with the videos, you can either play the video right here in the um in the get the gallery view, or you can hit um oh, it's playing the sound. Or you can open it up into here, I'll open this one, into a new tab, and that comes out full screen. Can you hear the music?
SPEAKER_03:No, I can't. Oh, okay.
SPEAKER_00:I hear the music in my ears, so so and it it'll play those videos open in a new tab for you. Um I I know it's not perfect. Uh I know that a lot of my code is flawed. I know that there's a lot of repetitive repetitive garbage in it because I was told that from somebody else who knows how to code. And it was not Alexis, by the way. It was another person that knows how to code. They're like, I don't even know why you have this in there. It's so repetitive, but it works. So if anybody would like to use that, go ahead. Keep in mind, I'm not so sure that I can make changes to at this point, but I am making it my job to go through every line of code and know what it means eventually. Uh, know why it's there, know if it's necessary. I'll take out things as I go that aren't necessary. But that kind of rolls into our next topic. So there's been like a bunch of buzz around the words vibe coding. I didn't even know what it meant. Jessica Hyde said it to me and she was like, oh, vibe coding. And I'm like, I have no idea what you mean. So I I Googled it. And I mean, that's kind of what I did. I used AI to do my coding for me. But there are issues with that, and specifically issues with me doing it in the tool that I built. Um, I don't know what it means. I need that basic foundational knowledge of coding before I can use the AI to code at least trustworthy and know what I'm doing, right? Um relying on the AI to generate the code, it's just not the right way to do it. We're gonna run into problems eventually. With my gallery builder, it's not that big a deal. I can go look in the folder of images and videos and see those are the images and videos. It got it right. But if we're using it to uh decode data to parse data, if we're using the vibe coding idea to parse uh returns or we're using it to parse any any data really, um, how are we validating that? How are we checking it? And how how do we ensure that that code doesn't have a bunch of garbage in it that's going to negatively affect our cases? What are your thoughts?
SPEAKER_03:Well, look, I mean, in regards to your project, again, I like I like how it looks, but something as as simple as, for example, the code, I look at it quickly. It mixes the HTML part with the actual scripting part. And they're in turn mixed there. And that's tough, right? If you want to update the view of the program, then you have to look go through all the lines and try to fix, try to change that view. And but if you use like a templating system that exists to handle the the graphical user interface or the HTML separate from the code that fills the screen, it's easier to to work with. Now, I say that because for small, and Her is correct, for small projects, something quick, it's it it works, it's it's no big deal. And again, I'm not I'm not religiously against AI, right? Um for for small things, sure, why not? Like I was I was uh kind of let's say let's say I was bored, right? So I did a quick retirement calculator. Because for some reason I'm thinking about retirement lately.
SPEAKER_00:14 seconds, 14 seconds. You're not counting enough, are you?
SPEAKER_03:Oh no, of course I uh the the program is doing that. Uh I mean it's a simple thing. Do do I want to how do I take this out of the screen, Heather? Take it out of the screen.
SPEAKER_01:I'll get it, yeah.
SPEAKER_03:Yeah, so do I do I do I want to sit down and and and code a retirement calculator? Well, I just went chat GPT and kind of asked it. And it was funny because so I asked, they gave me something, and it gave me, well, do you want me to add this? Do you want me to add that? You want to make it, you know, and keep asking me questions. I said, yes, yes, yes. And at some point, it was a big mess. And I did it kind of on purpose. So I I was kind of running the code at each iteration, and then I picked the one that I like best from all the iterations. But the more I added to it, the more uh weird and discombobulated the thing became. And and the code at the code that it gave me at the start, which kind of was pretty okay, with the code that gave me at the end, it was a big difference, and it did not behave in ways that I expected. And you know, that tells you about how these uh systems operate, right? And how they don't really keep good track of context because they're not really thinking, of course. They have a limited set of tokens they're working with. And that's uh what are tokens a topic for another day. Um, but they they can have a use now, like Heather's saying, and in regards to my thoughts on that, um I'd be really weary of just vibing into things um for things that are important and make assumptions because when you're the the underlying problem is that when you buy code, you're you're coding on assumptions. Because if you knew how to code, there would be no assumptions, right? You would just you know you know what you're doing, right? But you're assuming the system is understanding what you're asking and it's providing an output and that that's correct. And you can say, well, I'll verify, like Heather said. Yeah, if if it's small data sets, that's great. But if they're really large, um are you gonna try to code that? I mean, I'm I'm sorry, well, you're not gonna code it, but you're gonna try to verify that, validate that. And if you look at that code, uh you're gonna look at depending on what you asked and for how long, at thousands and thousands of lines of code when you don't even know where to start. Um, so it's a problem with some what's the due diligence when we do this, right? Where's where's our attention to detail? Where's our moral property when we're trying to have these systems do the work? And some people tell me, well, you're more efficient if somebody that knows how to use the AI also uses the AI. And it's like you're like a like a big nanny for the AI. And I will contend that in large projects that's not even really that efficient either. Um, so I think AI in this type of coding context could be seen as a resource to like in like how you used we used to use uh Google without the AI, or used uh what was this web page for coding? It's called uh oh there's a page I forgot the name right now. Okay, that folks that got a forum, you make I make a question and people that code answer that question, right? Then then sure that's that's gonna help you. But offloading that cognitive work to the LLM, that that could be a problem. Yeah, um, look, so for example, Kevin says vibe coding is good for GUI building, it's not as well for parsing. And and actually that makes sense to me, right? How do how the interface is gonna look, especially using Python and the different graphical libraries, that's a good starting point. But yeah, but the actual meat and potatoes of the thing, you need to know exactly what's happening, how you're doing it, right?
SPEAKER_00:Right. So if we're using it to parse things, but you don't understand the code, which I don't, so I would not be able to do it. But if I'm using it to code to parse things, I can't even go back and check the code to make sure AI got the code correct. I don't even know what it means. Um, somebody like you could use it and then be able to tell like what it means. I just I can't right now.
SPEAKER_03:Oh, and and and and and sometimes it's the the time investment in doing that part if you still so so where's the time savings, right? And again, uh these systems are being sold as the solution to things and magic. No, look, the whatever you used to do at the front, right? Getting ready to do your script, your parsing, your stuff, well, the LLM will do it, but that work doesn't disappear. Now that work is done at the back end because you have to do the same process to make sure the thing worked properly, and if it didn't, or it only worked properly in certain instances. Remember, a broken clock can be right twice a day, right? If it only works in certain proper circumstances, then actually you're taking more time. There, there's a kind of a joke on LinkedIn. Folks, people I say joke, but is it really a joke? Putting in their profiles bive coding cleanup specialist. Like a position, right? Like bive cleanup coding specialist. That's not a yeah, if if if we're if we're getting into that, that's a problem with how we're trying to address or uh add these LLM tools into our workflows. Again, I I'm not saying that you shouldn't use them, but I'm saying you should be really careful. If you don't know how to parse something and you ask the LLM and you're getting some results that look right, they might just look right.
SPEAKER_00:Yeah, they may not be right.
SPEAKER_03:Yeah, that the look is not enough.
SPEAKER_00:But the problem is so definitely regular coders who understand it will see that. I won't I won't see that. Uh, people who don't know coding at all will not see that. And we run the risk of then presenting data that just is not right.
SPEAKER_03:Well, and and again, that there's a moral aspect to it, right? Uh should we be satisfied with with just getting that output? No, we we have again our responsibility to do proper due diligence, attention to detail, and and our property. Uh is this thing to the specs and the standards that we expect from our field and from the work that you will do as a human. And the compare and the base of comparison can be well, human makes mistakes. That that doesn't I I I hate that comment, and I get it all the time. Well, LLMs are just as bad as people, then then then I don't I don't want things that are as bad as people. I want things that are that do better. Like the standard should not should not be the human that messes up because that's what we need to avoid. We don't need to perpetrate it and then make it uh bigger at scale. Yeah, we have this solution that's so human, it it messes up like humans, therefore it's good. Right, okay. Treat it as a co-worker. Actually, what studies shown, and going off, see, you got me into this AI topic.
SPEAKER_01:Sorry.
SPEAKER_03:What what recent studies shown, or study that came out a couple days ago, and I make a quick mention of my LinkedIn, is that uh uh co-workers that get input from other co-workers that's being produced with AI, right? And when they get that product, now it's their problem. Somebody put some prompts, whatever the output was, they pass it over to the next co-worker in that, you know, uh that line of work. Now it comes to me to do my part, and I know it's AI stuff because it's crap and it's not done well. Well, the people that receive that are think will think less of the coworker that sent it to them, and that disrupts the cohesiveness and the cooperation that we want within our working groups. That's what the studies show. They will think less of you if you throw some AI slop at them that that it looked right and you send it out, right? And that really messes up the workflow not only of the data that you're working with, but between the human beings, the real people that are supposed to be interacting. You send me this now. I have to redo your work or push it back, but then you get mad, and then that does that make sense. So there's a lot of hidden costs that that we need to consider when we implement these solutions, and and and where do these solutions uh fit within our workflows? And that's something that we need to really think about uh before we go all in on them.
SPEAKER_00:Yeah, absolutely. So, yeah, again, everybody is welcome to use the gallery builder. Uh, there are no guarantees that it's gonna do what you want it to do, but it did what I wanted it to do, and I'm gonna make improvements to it as I learn more and more about coding as I go.
SPEAKER_03:Oh, oh, oh, and actually, one more thing. I just reminded me. And one last thing. And I get off my soapbox. Um, these systems are trained on data. Obviously, it's a large language model, right? It's a a smaller subset of information gathered from all sorts of sorts of sources, right? That's what a model is, a smaller version of a thing or things. There is again a moral dimension in regards to how these tools are trained, specifically in our field, where vendors are putting LLMs and we don't know the provenance. Provenance means how they were trained and from what data sources. Well, all these data sources uh properly licensed and copyrighted, for example, and again, this is me talking as a user. Um, I think uh some LLMs that create videos for people. If you ask them, yeah, I want a video of Mickey Mouse smoking weed, right? For example, which is something that Disney will never do or approve, right? And number two is something that Disney Disney does not license Mickey like that, right? And then, yeah, they're pretty, they're pretty, you know, pretty sealous or sellless or jealous with their with their IP, right? Intellectual property. These AIs are actually creating these Mickey Mouse characters smoking weed. Again, I'm making a made-up example. Well, how does the LLM know what Mickey Mouse is? Did they get Disney to license the the the the these uh intellectual properties and the use of their Mickey Mouse characters? Are they licensed? Uh and again, again, I'm not I'm not a lawyer, so I know nothing about law, but I'm saying I'm applying that not to speak about these LLMs specifically, but about our field. How were they trained? Were they properly licensed? The last thing I want is to create some output and then figure out that the LLM provenance at court found out that it was not properly licensed, there were some copyright violations, and then I'm going to court using a product that's being found liable for a copyright crime, right? And we don't have so so what that means to me as me as a Tanjubi as a as a looking forward practitioner is vendors, you need to tell me, look, is this some proprietary LLM? Did you train it with proper licensing? Can you guarantee that to me that this will not be a liability later at court or a proceeding of any sort, right? Can you make sure that I'm protected as as the buyer of your product from future copyright violations based on how you train your LLM? Does that make sense, Heather?
SPEAKER_00:Yeah, it does. Absolutely. Absolutely does.
SPEAKER_03:And I I don't hear anybody talking about that in our field, uh, other than myself. So I would hope that it resonates in somebody's ear at some point and we get some sort of again. I could be wrong. Maybe, maybe there, maybe that's already solved or some somehow.
SPEAKER_00:That'd be great.
SPEAKER_03:But I I would like to hear about it.
SPEAKER_00:So yeah, definitely, definitely. One last thing about the gallery builder before uh before you take it, uh, too, is I only have the images and videos with the file name in the um HTML, the MD5 hash, and all of the information about where those images are coming from are not included in the gallery builder. So please still include your report that has all of that information that you'll need to properly testify in court.
SPEAKER_03:I mean, it it's a great tool to show the things.
SPEAKER_00:Yeah, that's what I wanted it for. Presentation purposes only.
SPEAKER_03:Yeah, yeah, yeah. But it's definitely not to do uh here's the analysis of the pictures. That's not what that's not what it's for.
SPEAKER_00:Absolutely not. I may have to put that disclaimer in the little read me thing.
SPEAKER_03:You know what? That's that uh that's a I think that's a good idea.
SPEAKER_00:I do have the disclaimer in there that it was written with with uh the help of Chat GPT, mostly Chat GPT.
SPEAKER_02:Gotcha.
SPEAKER_00:Um, so we are at what's new with the leaps. So what's new with the leaps? The the one thing that I saw that was new with the leaps is Alexis. Uh he coded for Android the call notes from the the Google Pixel data that I was talking about earlier. So the Google Pixel has now the capability to do call call notes. What the call notes is, is you an enable uh call notes on the call. As soon as your call starts, you hit the enable. And the person on the other end and yourself. We'll hear a message that says your call is now being recorded. Um, it records the call, and then at the end of the call, when you hang up, you can see it working. The AI is working to transcribe that message. I will tell you, I tested it with my sister. It absolutely does not understand how we talk because it got tons of stuff wrong in what we said, but it was funny to read. Um, so if you're seeing that in your case data, just please know that that may not be what the people on the phone call actually said. Um, so listen to the recording as well. The recording is there as well. Um, but I believe that Alexis is the very first person to code parsing that uh from the Google Pixel data in the newest uh iOS or newest Android release.
SPEAKER_03:Yeah, and uh I I I was kind of pressuring poor Heather because I wanted to do it first before everybody else.
SPEAKER_00:Like I'm doing it on my personal phone. Hold on.
SPEAKER_03:Can you give me that data, please?
SPEAKER_00:No.
SPEAKER_03:So a couple of things. It's not I'm not finished. I just kind of put it out there just to have something out. Um let me take that away. Yeah, I'm not I'm not finished because um uh you'll you'll see now. I'm gonna look, let's look at a data source. And the data source uh identifies the cut the the people that are talking based on a number, but there's another data source, I think it's a SQLite database, that does have the correlation between the number and the user. So there's still some work to do. But the main point I wanted to get out is at least people be aware that if there's a recorded conversation that's being trans uh transcribed by AI, at least you have a report that tells you, hey, there's something here, and you can read it. And then, like Heather says, you can follow up with the recordings and the like. Which again, side note, there's been a lot of tools that do AI transcription from from body cam recorders and stuff, and AGs have tried it and they found out that it's better for the agent to just or the investigator to just listen and write it versus transcribe it for many reasons. But that's another topic for another day. Now, I wanted to show to everybody all these data sources as as you uh um parse it, I think it's protobuf originally, and then you turn it into a JSON file. The utility of using graphical JSON viewers to do your analysis. That's what I would like to everybody to kind of go walk away with this in this section, okay? If you look at JSON, let's say as you see here on the left column, it's indented. That means that it tells you the relationship based on what position it is, right? The farther away the data is, well, the more related is to what's underneath, right? And the less related it's gonna be to what's on the left, right? So, and like a hierarchical structure. But this is hard, like trying to try to make sense of what goes where when it's kind of going in and out, in and out, in and out, it's it's tough, right? If you look at JSON, that's uh pre-printed or properly indented is hard. But if you look at a graph, it's not that it's easy, but at least you can see a lot of those relationships graphically way faster and way easier. Like in this sense, I see this big graph, it's hard to see on the screen, but you see all this JSON, right? And I see, well, these things on the far left are definitely the entry points, right? So let me focus on that, and you'll see if you focus, it's all the graphical. Look how easy I did that analysis. I look, oh look, there's 13 items in this uh JSON, and you see that little bracket that means it's a list, so it's 13 things in a list, one after the other. Well, let's analyze some of those. Let me take away the uh comments on the stage so folks can see better here on their own screen. There we go. So let's go to let's go to the top here. So if I go to the top here, you'll see. Oh, look, there is the first item, here's the one here of that list. Oh, look, that's it's a dictionary. You see the squiggly brackets there, two keys. Oh, it's a dictionary, it's two keys. Let's look at this first one here. You have oh, a timestamp, that's Unix epoch timestamp, and a number. And then you hear, did you just hear that? The next message, a timestamp and a number. And then the answer is yep, a timestamp and a different number. So now I can see that oh, I see every item, it's part of that conversation as being transcribed, and then you got user number two saying things, and user number three responding or talking or doing whatever the person is doing, and now I can go graphically kind of just analyze this. This helps me a lot because then when I'm gonna code this thing, I know that what I need is really pretty much in this first list. Now you'll have situations where you might need to start digging deeper into that JSON to get things all the way in here. But guess what? By having it graphically organized this way, if you know a little bit of coding, you'll be able to pick out even far-off values from keys all the way out here because you know what the path you need to take based on the graphical interface. Does that make sense here to you a little bit?
SPEAKER_00:Yeah, I love it. I love the view you give it in the graphical interface because when you go look at the the raw data just as is, it's so hard to make out, especially if you're not a coder or not familiar with the the different data structures too. Tools like tools like you're using are just um super helpful to give a full picture.
SPEAKER_03:Oh yeah, and look, in some circumstances, if you're in a pinch, you might just put in the graphical graphical viewer and take a screenshot of certain certain things, right? If it's something that you need like exigent circumstance, yeah, then you can do it that way, and then you can code it later, or if you don't know how to code it, um get help somebody, and if you use chat GPT, then use that, and then also get help later. Yeah, you you need the help either way. But so yeah, so and a lot of the work that that we do, you know, there's some some ways of going about it. You don't have to sit and wait for a paid tool to do it for you, and sometimes you don't you can't, you have to accomplish the mission right away. So open your mind to understanding what data structures are, what a JSON structure is, and play with some of these uh graphical viewers. This one is called JSONCrack.com. Now, this version is online, you don't want to put your data online. So if you're gonna, I'm not saying you should buy this or not, it's just one that I picked randomly from the Google search. But if there's one that you like, make sure there has an offline feature where you you pay for it, you download it, and then you do all that graphical analysis uh on your on your computer locally. You don't want to be sending your stuff out there, much less case data out there because who knows who's on the other side, okay?
SPEAKER_01:Please do not.
SPEAKER_03:Yeah, so yeah. So um, there's a lot of stuff. I mean, Keller, please take that out of the screen, please. Um, so yeah, there's some other stuff that we're working on in regards to the leap. Lava is coming out soonish. Um we wanted to have it out sooner, but we we're adding, and by we I mean uh John uh Johan on the leap side, and and um and Kevin also on the leap side. John is now also dealing with the lava side, and who am I missing?
SPEAKER_00:Um James.
SPEAKER_03:James, James, and James, which is the main developer for the lava side. Without James, we would we wouldn't have lava, period.
SPEAKER_00:I think we have some interns now too.
SPEAKER_03:Yes, so so thanks to Bruno.
SPEAKER_00:Shout out to the interns.
SPEAKER_03:Bruno Constanzo, I think Maite is one of the ones. I forgot the name of the other dude, so I'm sorry for that. But their interns from uh uh amazing college professor, Bruno Constanzo, is a good friend from Argentina, from Ufasta University, down in Mar del Plata. And they're they're the interns are really helping out uh cleaning up all the artifacts to make lava compliant, and the work that they're doing is so impactful. Again, just because you are not like a super coder or had years of experience does not mean that you can make an impact. You can. And and like like Kevin's saying, the developer team is growing, which I'm really happy to do that. People that have a really uh big heart and and and want to give out to the community because again, they're not we're not none of us is paid. This is all a work of love for for ourselves and you know also to make our our work easier. So so there's a lot a lot that's coming out. Um, some other artifacts that being working on, but again, I'm gonna wait till the future to kind of uh talk about those. Yeah, also because I'm not super in the weeds with them. Um quick short story. When I started, it was pretty much me and Yogesh kind of doing the leap stuff, and then Yogesh left for you know reasons, work and all stuff. He had to move and work in in different places, so he couldn't keep up with the project anymore, and it was just me. And I I I I quickly realized I cannot do it on my own, right? And I had such great human beings like Heather here and Kevin, all the folks that we mentioned, just jumping in. And the project is large enough that I cannot I just cannot keep track of it on my own. Some of the stuff that's being done, I depend on on the dev team to actually explain to me how to how to accomplish certain things or what's going on, right? So so uh again, uh my heart, my heart goes out to all of them for for the great work they're doing for the community. So I couldn't think thank them enough.
SPEAKER_00:So absolutely, thank you. Um just a quick note on the the call notes thing. We showed the data and showed um told you that it's now supported in the leaps for parsing. I'm working on a blog to actually talk about how the data is stored and where inside of the extracted the extraction. So look for that. I'm gonna try and finish it by the end of this weekend and um I'll put that up so everybody knows where to find the call notes data.
SPEAKER_03:Absolutely, and and and absolutely also that will pressure me a little bit into finishing the script to actually match, put the names of the people that are talking. I also add the part the audio because the audio is is kept if you if I remember correctly. Yeah, it is so I I need to make a report with all the audios and then how do they relate to the conversation? So we're there's still stuff that need to do.
SPEAKER_00:So right, right, absolutely.
SPEAKER_03:And by we and me, and by me, I mean we so that brings us to the end.
SPEAKER_00:We have a meme of the week, as always. So this week we have the bird that's saying, So I said it depends.
SPEAKER_03:Oh, wait, but what the the word you're missing some concept.
SPEAKER_00:I I do, you do it.
SPEAKER_03:The bird is sitting in a in a in a in a high chair, right? At a comedy, at a comedy club, right? He's in his I guess it's open mic at the comedy club. And the the crow is making the joke and says, So I said it depends, and expecting less, and people say, Boo, boo, get better material. And the poor crow bird looks at his notes and they all say, It depends, it depends, it depends, it depends, right? And the joke about that is that every Digital First representation is this in a nutshell, it depends, right? And that's like our favorite, favorite thing to say. It depends, it depends, it depends, it depends. So we're kind of that bird. That's kind of like the relation or us being be able to relate to the joke comes from because we use it so much.
SPEAKER_00:It is the answer to every question in digital forensics. It it is, it really is. Most of the time, because the question that's being asked just isn't giving enough information yet. I mean, it they'll get there, but the question being asked isn't isn't providing enough information to even answer the question.
SPEAKER_03:And I I love that you said that because that's oh, I love that, because that speaks on something that I'm also a little bit like a how can I say this, like a pet peeve of mine, right? I'm I'm really adamant and and I I try to hold myself to it. Use the proper terminology in regards to what I'm trying to say, be it if I'm coding, be data forensics, because if I use the proper terminology, when I try to convey to you, uh, you know, pass from my mind a concept or an idea to your mind, you'll you'll be able to understand it. If I make a question, you'll be able to understand the question. And we take so well, it's it's in a yeah, it's in a database. And then, well, it's actually a put a buff. Well, that's not a database. Well, you know what I mean. No, I don't know what you mean. Because you say database, I might think SQLite, right? And and and it's not like that, right? Uh you know, you use another like you're confusing me now, right?
SPEAKER_00:I feel like you're directly calling me out right now. Oh I do that all the time. I'll be like, oh, it's this or it's that. And I'll be like, what are you talking about? Like, you know what I'm talking about. Yes, but I'm gonna make you say it the correct way.
SPEAKER_03:Look, I'm not gonna say the shoe sit fits, but if the shoe fits, I don't know. But but that but that goes with asking questions as well, right? Um the the we when we need to ask a question about somebody. If you're asking for help from a person in the community, don't don't have me guess what you're trying to get at. Absolutely or don't have me do the research. No, make a give me a good question with all the context that I need so I can answer you. Yeah, all the details. Yeah, because if not, you're gonna get it depends and you say boo, and I'll tell you, well, ask me a better question, so then you get an answer, actual answer, you know.
SPEAKER_00:Yeah, or they're gonna be like, this Alexis guy has no idea what he's doing.
SPEAKER_03:I mean, that might be true, but not but not for the reasons they they expect, right? It's not because of the forensics, it's because you I don't I don't understand what the heck you're asking.
SPEAKER_00:Exactly. So I think that wraps up the show for the week.
SPEAKER_03:Yeah, no, actually, actually, I I was a little bit kind of down with the weather. No, well, because I'm sick, because it was kind of cloudy and all that, and things are happening, but I feel so much uh better mood after the show.
SPEAKER_00:So thank you for uh thank you for this. Yeah, thank you.
SPEAKER_03:All right, everybody. Thanks for staying with us. Obviously, a little bit over the hour, but uh we appreciate it that you're here, or the folks that listen live, all the folks that are listening now afterwards or watching afterwards. Um you can find uh else in LinkedIn, Dita French the Dita Francis Now podcast. We also have recently a new leaps page, L-E-A-P-P-S, also in LinkedIn. Uh that uh our amazing webmaster and responsible of all our online presence, Kevin, will continue to uh help us maintain and where you can get information about the leaps, also leaps.org, so you can sign off for the newsletter. So uh and the announcements of when lava comes out. If you're in the in the in the list email list, you will get that email immediately so you can go and download it. So leaps.org, our leaps page, it are for instance now podcast in LinkedIn, and uh we can interact, chat there, and uh and see what's going on. Yeah, anything else for the good or the order, Heather?
SPEAKER_00:That's it. Thank you so much, everybody who tuned in.
SPEAKER_03:Thank you, everybody, and uh with that we put the out music and we'll see you hopefully in a couple of weeks.
unknown:Yeah.
SPEAKER_03:Take care, everybody.
