🔥 Hot take 🔥
If you only pump out tool reports because you don't have time to do actual #DigitalForensics the only person you are fooling is yourself.
Cases dropped or plead low because the examiner couldn't be inconvenienced with looking into a database.
If you only pump out tool reports because you don't have time to do actual #DigitalForensics the only person you are fooling is yourself.
Cases dropped or plead low because the examiner couldn't be inconvenienced with looking into a database.
Acquittals because the examiner never took the time to understand the artifacts so they could be properly understood by the jurors.
But wait, you say, I press that Generate Report button like it's going out of business and that has never happened to me.
To that I say... Yet.
But wait, you say, I press that Generate Report button like it's going out of business and that has never happened to me.
To that I say... Yet.
Do we need to do this on all artifacts on all cases?
Of course not! But if the artifact matters YOU, the examiner, needs to verify that it is correct and if there is more to it than what the tool shows you.
Of course not! But if the artifact matters YOU, the examiner, needs to verify that it is correct and if there is more to it than what the tool shows you.
We practice constantly to keep our marksmanship skills high for something that hopefully might never come to pass. That is a good thing.
Am I being lax on my digital forensics skill usage & development? Lax on something that affect cases, victims, & the accused on a daily basis?
Am I being lax on my digital forensics skill usage & development? Lax on something that affect cases, victims, & the accused on a daily basis?
As managers, are we really measuring the effectiveness of our programs?
Are we spreading the load fairly?
Are we striving to develop our folks beyond sending them to a class here or there?
Are we making sure we meet the high expectations of our citizens?
Are we spreading the load fairly?
Are we striving to develop our folks beyond sending them to a class here or there?
Are we making sure we meet the high expectations of our citizens?
As managers, are awards & recognitions meaningful expressions of gratitude for outstanding work or have they become the new participation trophies?
And to be clear this is not really a tool problem.
Tools are great.
They focus our examination but what they produce is not the examination itself.
The tool doesn't testify, the examiner does!
Tool reports are not the data. The data is the data. Validate everything that matters.
Tools are great.
They focus our examination but what they produce is not the examination itself.
The tool doesn't testify, the examiner does!
Tool reports are not the data. The data is the data. Validate everything that matters.
With all this being said there are tons of resources available. Courses, educational orgs, peer groups, websites, tools & more to be the best examiners we can and should be.
I use tools but I never forget that I am the biggest tool. Digital forensics tool that is. So can you. 😜
I use tools but I never forget that I am the biggest tool. Digital forensics tool that is. So can you. 😜
@threadreaderapp unroll
• • •
Missing some Tweet in this thread? You can try to
force a refresh
