How Digital Forensics Contributes to InfoSec

Introduction

The Enfuse Conference is a great conference for the DFIR and E-Discovery industries. The industries get together to share their most recent experiences and new knowledge. There are also speakers, attendees, and vendors who are in fields related to these industries, and they share their knowledge as well. Enfuse 2018 was no exception. I was able to talk with, learn from, and network with SysAdmins. Even from judges, public relations agents, and artificial intelligence researchers. I got a glimpse into how the DFIR and E-Discovery industries interact with these other fields. How machine learning can speed up a digital investigation. How dialogue between InfoSec analysts and network administrators before an incident occurs can improve prevention.

Testifying as a Digital Forensics Expert Witness

I attended a presentation by a member of one of these tangential fields: forensic audio and video analysis. The presentation was given by Herbert Joe, a forensic analyst of audio and video. He’s the person you go to when you want to confirm the authenticity of a recording, picture, or video, or to identify a voice in a recording for investigative purposes. But his particular area of expertise is not what he gave his presentation on. Rather, it was on the necessary legal qualifications someone must have to act as a digital forensics expert witness in a United States court. Joe and his company have been retained “thousands” of times, and have acted as forensic expert witnesses countless times. Giving him the authority to present on this topic.
 
His presentation walked through the court cases that set a precedent for expert witness testimony, most notably Frye vs. US and Daubert vs. Merrell Dow Pharma. His presentation showed how the standards set were applied and further refined in other cases, such as State vs. Geo. Zimmerman and Kumho Tires Co. vs. Carmichael. Joe broke down the Federal Rules of Evidence 702 to explain what qualifies someone as an expert witness, and what an expert witness might look like in the DFIR and E-Discovery industries. Joe tested our recently acquired knowledge by offering an informal quiz about the rules regarding expert witness testimony.

Conclusion

While this presentation was only one of many at EnFuse, it not only served as an example of how Enfuse and conferences like it bring together the DFIR and E-Discovery industries, but also how people who aren’t formally in these industries still promote and further them. Because of their nature, the industries are constantly changing, adapting, and improving, and the contributions of people like Herbert Joe help all of us to be better at what we do. My thanks go out to OpenText for hosting Enfuse, and welcoming related industries into the event, as well as Champlain College for enabling students to attend.
 
To learn more about the LCDI  or our projects.  Follow us on our Facebook and Twitter pages or send an email to lcdi@champlain.edu!