Digital Forensics Now
A podcast by digital forensics examiners for digital forensics examiners. Hear about the latest news in digital forensics and learn from researcher interviews with field memes sprinkled in.
Digital Forensics Now
The Future: Talking to Your Digital Forensic Tools?
Discover the intersection of digital innovation and forensic expertise as we celebrate and honor the incredible legacy of computing pioneer Mark Dean during Black History Month. With a salute to unsung heroes like Johann, who fuel the open-source tools we rely on, this episode is a tribute to the collaborative spirit that propels digital forensics forward.
Peek behind the curtain of the Photos SQLite database with insights from the Forensic Scooter blog, uncovering the depths of data crucial to forensic investigations. We explore how metadata comparison can reveal content manipulation, the importance of distinguishing between cloud and device media origins, and the crafty skills required to validate findings in a world where AI is becoming a pivotal tool. This episode isn't just about the tools we use; it's about the critical thinking and validation skills necessary to ensure AI assists rather than misleads.
Fasten your seatbelt as we navigate the evolving landscape of vehicle forensics and tackle the challenges posed by encryption in new vehicle modules. Reflect on how data from vehicle systems can be leveraged in accident reconstruction and criminal investigations, emphasizing the need to stay ahead of technological advancements. Wrapping up, we delve into the latest from the LEAPPs framework and the implications of Android's multi-user support, underscoring the episode's commitment to sharing knowledge that keeps the digital forensics community at the cutting edge.
Notes-
Black History Month Notable Contributor to Digital Forensics-Mark Dean
https://web.eecs.utk.edu/~markdean/
Device Set-up – Transferring data to new iPhone & Effects to Photos.sqlite
https://theforensicscooter.com/2024/02/04/device-setup-transferring-data-to-new-iphone-effects-to-photos-sqlite/
Dissecting the Android WiFiConfigStore.xml for Forensic Analysis
https://blog.digital-forensics.it/2024/02/dissecting-android-wificonfigstorexml.html
AI Generated Imagery
https://us5.campaign-archive.com/?u=a5a2a1131e612711f02b96e2c&id=81d1b025e7
Magnet Idea Lab-Project Goose
https://magnetidealab.com/projects/project-goose/
Vehicle Forensics
How to access logical files in a QNX partition- https://www.youtube.com/watch?v=8SAZthXjT5s
The LEAPPS
https://github.com/abrignoni
Hello everybody. We are live once again. Today is Thursday, february 15th 2024. My name is Alexis Brignoni, aka Briggs, and I'm accompanied by my co-hosts. The one that wakes up the roosters in the morning, the hardest working woman in the digital forensics field, the one that will stop learning only and only when she's dead the one and only Heather Charpentier. The music is higher up by Shane Ivers and can be found at SilvermanSoundcom. Hello, heather, hello. I'll have it off on a abrupt end into the music. Sorry about that.
Speaker 2:Thank you for the great introduction again. You're crazy.
Speaker 1:I'm just stating facts here.
Speaker 2:Well, thank you, thank you.
Speaker 1:They are unrebudded, so.
Speaker 2:Oh my gosh.
Speaker 1:Well, another week has passed and, as everybody knows, some people might have.
Speaker 2:Valentine hangovers.
Speaker 1:I guess they were Valentineing too hard. Ronan is here saying hi and yeah, that's why the chat is getting populated little by little. Johannes is also around. People are rolling in from all the Valentineing they did yesterday.
Speaker 2:Well, I'm glad everybody could make it after their big day.
Speaker 1:Yeah, no, we got folks even from all the way, from Melbourne in Australia, oh wow.
Speaker 2:You joined us in the chat so good to see you again, my friend.
Speaker 1:So what's happening? What happened since you're happening since last time we were here, heather, what's going on?
Speaker 2:Not a ton of happenings, except for my lovely co-host helping me work on my very first artifact for Aleep.
Speaker 1:Wait, that definitely requires what's it called? A few fireworks here. So you want fireworks, I'll do your fireworks. I don't know what you have to do. No, that's laser lights. Let me get your fireworks. There we go.
Speaker 2:Celebration. But that's what we've been working on and, yes, I'm so excited to be figuring it out.
Speaker 1:Yeah, I know she is, and we haven't merged the artifact yet into the proper repository. What that means is that she pars a good database and it's going to be available for everybody. So we're going to do that soon. But after she's done that she'll be a published. I say published, but an actual programmer Can you believe that, heather?
Speaker 2:No, I'm not sure we can quite say that yet.
Speaker 1:Oh yeah, I'm going to put you on the contributor list, and that's another thing. If you contribute anybody that wants to contribute to the project, the Aleep and the Aleeps and we'll talk about that a little bit at the end you can do so and you'll be a contributor, you know yeah.
Speaker 2:Very excited to be joining.
Speaker 1:No, you're awesome.
Speaker 2:Jerry.
Speaker 1:Saying hi to Jerry there. Alright, so, yeah, so what have I done? So, yeah, so I've also been obviously doing some coding. One of the libraries that we use for the open source tools that I just mentioned, community tools just changed some of their licensing and how they plan on having access, so we're kind of dealing with that. The tooling still works as normal, but we're moving away. A big shout out to Johan who's in the chat. He's going to help me and I appreciate you man he's going to help me see if we can change that requirement to something that actually works for us and works for the community. Kevin for being my right hand person working with all this stuff, and James and a whole bunch of other folks. So you know a heart for you all. I appreciate you. Do I have a heart reaction?
Speaker 2:I was going to say where was it when you just did the heart?
Speaker 1:I do because my love for them and the community is a lot Alright. Enough messing around. So last episode with February. We're still in February, we're still celebrating Black History Month, so Heather was going to bring us a person that we should know about. That's important to the art field and the computer field in general. So why do you talk to us about who's the person to remember in this Black History Month?
Speaker 2:Sure, let me share my screen here. And our notable contributor to Digital Forensic for Black History Month this week is Mark Dean. So Mark Dean is an American inventor and computer engineer, one of the most prominent black inventors in the field of computers. He started working at IBM in 1980 and he's a co-inventor of the personal computer, of the PC. He holds three of the nine patents for being the co-creator of the IBM personal computer released in 1981. He's the first African American to become an IBM Fellow, which is the highest level of technical excellence at their company. He's been inducted into the National Inventors Hall of Fame as well as numerous other accomplishments, and one of his biggest contributions in the PC's early days was a whole new ecosystem of IBM compatible peripheral devices, and he now continues to give back to the Digital Forensics community. He's a professor with the Department of Electrical Engineering and Computer Science at the University of Tennessee. So that is the website for his personal accomplishments and his CV. If anybody wants to go, check it out.
Speaker 1:Oh, and I was looking at some of the patents he has, which is a bunch, and you know he's still around, he's still teaching, that you mentioned and he's almost 70 and he's still cranking out patents Right, and it's amazing.
Speaker 1:Some of them are about neural networks and I remember it was in college neural networks being like a thing it still is. It's kind of that AI kind of builds on some of that neural networks technology and how these circuits kind of train themselves to do certain things. So he has really a lot of patents on that, I hope. But I mean, I don't expect myself to have a patent, like ever a patent, but at least I hope in my 70s to still be kicking it, you know, in the field. So that's, that's, that's the. I want to emulate him in that sense. So thank you, heather for the introduction.
Speaker 2:If I had a guess, I would say you will be.
Speaker 1:I'm going to be the old, the old little grandpa nerd. That's what I'm going to be, oh there you go. I think I might be that right now, a lot of young people in the office anyway. So we got to celebrate the good folks that do good contributions and keep them in our thoughts, you know, and emulate them Definitely. All right so a lot of stuff is happening in the blog, in the blogosphere, for our field, so we're going to highlight a couple of them. So what's the first one that's coming up? Good blog article.
Speaker 2:Nick Scooter has another great article with the photos SQLite always because he has all of the best data and blogs on the photos SQLite database but one directly relates to transferring data to an iPhone right. So it relates to how a device records and stores data when the device was set up, via data transferred versus restored from an iCloud backup. The blog specifically addresses the local photo library and it aims to answer the question why particular media files are located in the local photo library versus the cloud photo library. He has an entire testing blog set up where he uses commercial tools as well as open source tools to perform the testing and answer the questions that were presented to him regarding this topic. Let's see, I have the and this will be in the notes when we put it up on the website, but this is the link to the forensic scooter blog and that particular blog article, and you know I get a lot of value out of this database, and can you?
Speaker 1:can we share with our folks, what value you get from it, and now I'll do the same.
Speaker 2:Oh my gosh. Yeah, so the photos, the photos database, the photos that's equal database contains so much data about your photos that isn't parsed by the commercial tools, so, going in, I mean there's so much more to find. And these blogs that the forensic scooter has been sharing with the community actually outline a lot of the artifacts and the different things you can find out about the photos stored on your, on your device.
Speaker 1:Oh yeah, and look, and let me give you a couple of examples for the folks. What is this important? If you want to determine if a picture was taken with the phone, you gotta, you gotta look at certain factors, right? You look at the metadata, you look at the path, you look at creation timestamps. There is a really nice field in one of these, in one of the tables in the database, for the bundle ID origin. I forgot what the name of the table is, but you know, scott has it in his blog collection, right? So it's pretty neat, because if it has a bundle ID if you're not familiar with this, I'm fucking listening A bundle ID is the name of the internal name of the application.
Speaker 1:If you're using WhatsApp, most sites are gonna be called comcomwhatsapp, like a URL in reverse. They also call it reverse URL names or bundle IDs, and those are the names internal to the app and the names that show up in when the developers are working on their, their programs. Okay, so if it's there, you know that that picture came from that app. It's another point of confirmation. If that entry in the database is empty, it was generated by one of the functionalities of the device, of the phone itself, which is super useful. Another thing is iOS. I think since iOS correct me if I'm wrong, heather since iOS 16 or 16 or 15, I don't know which- I think 16, yeah 16,.
Speaker 1:You can also, you know, have that ability but also change the geolocation and the timestamps of your pictures.
Speaker 2:Gosh, I think that might even be older yeah.
Speaker 1:Older? Yeah, I think it might be older, yeah, so the thing is that when it changes that it doesn't go to metadata the picture and change it. It changes it in the database, right? So what I do is I did an artifact and I discussed it in the past that you compare the metadata of the picture with the data made out of the database and you can figure out if there's been some shenanigans. If the person's trying to be, you know off, you skate some of the some of the activity. Now your tooling will most likely pick out the correct timestamp because they're going off of the actual picture, not the entries of the database. But intent is important, right? Why would a person try to change the timestamp and the geolocation of a compromising picture? And if you're not looking for that information, you'll be missing a piece of the context of your case. Hopefully that makes sense. If it doesn't make sense, heather, just no, it makes sense.
Speaker 1:Throw something at me from the screen.
Speaker 2:No, it definitely makes sense.
Speaker 1:Yeah, and there's a lot of functionality. Knowing if it's coming from the cloud, like photos, equal like cloud, or actually the device, it's also super important. Yeah, and I can assume that if it's in a photo of SQLite, without looking that it came from that device, right, it could have been another device that pushes top off of the cloud. So really require reading if you're working these type of you know, media origin cases.
Speaker 2:So I think some to some of the some of the commercial tools are stating now whether the media was possibly captured by the device. So you can use that, definitely use that photossqlite to go and validate what they're showing you in your forensic tools.
Speaker 1:Oh, it's a necessity. And again, I do appreciate Scott really making his mark around this database because he's leading the everybody, the community, on that. And look, we cannot do it all. One person cannot do it all right, like I don't have the bandwidth to deal with photossqlite, in the same way that he might not have the bandwidth to deal with the leaps and you don't have the bandwidth to deal with all the other stuff that you're dealing with. So we come together and we make each other, each everybody, better. So let's, you know, let's continue to do that.
Speaker 2:Yeah, definitely. Also contributing with a new blog is Matia. Again, he did a blog with the Android Wi-Fi config store XML file, so anybody that's not familiar with that. It stores the Wi-Fi data. It's stored in the user partition of an Android device. The file is parsed by most commercial and open source tools, but all of the data that's available in that XML file is not always parsed. So in my recent test data for one of my Android devices, I used a few of the commercial tools that I always use in every case and what was parsed from this file was the SSID, the security and the password. So those are three things that were parsed for me. But Matia's blog outlines other data that can be recovered from this file. Some of it includes like if the Wi-Fi network was auto joined or how many reboots were since the last use has the device ever connected? And other artifacts such as that.
Speaker 1:Yeah, and that whole MAC address and settings and all that stuff. That's super important. And I can make a quick point Just because a tool has an artifact for something doesn't mean it's going to show you everything for that something, all right. So this is the case with this XML file. It was the case a couple of years ago with a Dropbox app I want to say it was Android, but don't quote me on it. It's on my blog, somewhere in my blog, where there were so many tables in regards to how many times did you access this image through the service, right, dropbox, if the service, if the picture was shared and to whom and where? A whole bunch of stuff.
Speaker 1:So it's really worthwhile to always revisit some of the stuff. So look why, if I can fix the XML, I've seen that a million times A new version can put new stuff in there, and I've seen that happen as well. So again, mattia, you know in Italy, he's doing also a great job putting that content. For again, we're going to put all these links on the notes. So don't sweat it if you're listening as you're driving or walking or whatever, don't worry, you don't have to stop the recording to write it down. We're going to put it in the notes, both on the podcast and on the YouTube channel, so you can get them there.
Speaker 2:So another new article that came out I actually saw this on the CCL Solutions Group page is an article out of the UK related to AI-generated imagery. So they did a research project to identify the use of AI platforms on a host machine. So they looked at Chrome and Windows artifacts of interest and they include, but are not limited to, like jump lists, prefetch files, amp cache, event logs, windows activity timeline, most recently used a whole bunch of other artifacts. So the researchers used a variety of commercial and open source tools and they identified both visual and non-visual indicators, including file names, urls and file system artifacts that relate to AI-generated imagery.
Speaker 1:And I mean this research is important. You say, well, okay, why do I care if I can find artifacts that indicate that a picture was made with, let's say, my journey or Dolly or some of the other image generators? Well, there's a couple of things there. Again, a little bit of a warning there. We're going to quickly briefly talk about child exploitation here for a second In graphic. For a second, there is, if you look at the statutes, at least federal statutes if you take, if you make a depiction of a known child, even if it's synthetic a synthetic I mean not generated by a computer you will be prosecuted for it. So you can use this type of tooling to create contraband images that are illegal. So some of us that work in this field, we're going to make sure that we understand work and we find those artifacts.
Speaker 1:So all the stuff that's new is built on stuff that's not new, and all that Heather mentioned it's stuff that we know how it works, we know where it is. The question is, how does that apply to this new set of indicators of activity, in this case AI? So they're doing that. I would hope they come out with one for mobiles, and I know we're mobile-centric here, but we're just mobile-centric because that's what people use the most. They carry their cell phones on top of them, they don't carry their laptops as much, and that's pretty much it Always think about. New technology comes in. How does that leave a print in my devices? Or in the cloud somewhere else, based on stuff that I already know, and we go from the known to the unknown. And can I gather those pieces? I think yeah, absolutely.
Speaker 2:The article really does a great job of outlining where you can find each of the artifacts and what types of exactly what types of file names you're looking for for each of the different AI platforms too, so it's definitely a great read worth the read. Yeah, and if you're a developer.
Speaker 1:I say developer, look, let me take that back. If you're in digital forensics and you want to really up your expertise and your capabilities, try to learn a little bit of script or coding. Why? Because you can take this information and then you automate it. The whole point of you knowing yeah, this is where it's at, this is how it would be named, this is the locations, this is how it was found is for you to not have to do it manually every single time. With a piece of paper, reading and finding it. You can actually make a process that automates that fine search and extract, right, and if you can automate the finding, the searching and the extraction of this data, you'll be miles ahead in your workload. So, yeah, take some time and take it to the next level and automate that type of stuff.
Speaker 2:And I don't know if anybody has seen, but Magnets Idea Lab. If you're not a member of the Idea Lab, you should sign up and join. Ai is the future, so Magnets Idea Lab is a platform where you can go and contribute to different ideas in the community, and Project Goose is a new project that has been started in the Idea Lab, where you can examine images to determine the likelihood that they were created with the common AI tools. They outline stable diffusion, journey and dolly, and you can analyze videos to gain insight into their authenticity. They use MedEx forensics, I believe, as part of this right, and you could build filters in Axiom, too, related to the AI artifacts. So it looks like a really cool project.
Speaker 1:Well, and it has a lot of stuff. So, folks to understand, I mean we discussed this a few block posts a few pockets ago Magnet forensics. They were acquired by a bigger conglomerate and they'll be on a binds pretty lately. Right, they bought we talked about a few episodes ago an exploit outfit to you know up those capabilities, metaphorics and also video for a whole bunch of stuff. Now, this is why this is relevant and that's why I have for folks that are listening behind me, how little marquee with light and it says AI is the future.
Speaker 1:I think this tool I mean I might be wrong, maybe folks in the check and tell me if I'm wrong or not it's the first tool in our field, in detail forensics field, that has generative AI integrated into it. And generative AI what that does is you talk to the thing. I say talk, but you typed to the thing, but in human like sentences, and they give an example. Maybe you can put a picture up as I'm describing it. So you imagine you have a humongous collection of data, terabytes and terabytes, and say millions of chats because you're doing something right. If you want to narrow down on something specific, a topic, you can tell the AI. You can see here example on the screen.
Speaker 1:Those folks are can watch. Do they talk about exchanging money? And the AI says, yes, they discuss exchanging money in the context of purchasing, see this and that, and actually puts up a couple of quotations and then puts up a couple of view citations. I assume I haven't used this tool is still under their kind of testing, beta testing, I want to say beta. I don't know if it's beta, but testing phase and I want to assume they got you can click on it and then go to that source data or some other representation, representation of it. Right, and to me this is huge because AI usually before this. When they tell you we have AI on the tool, what was it usually, heather, do you know? You remember?
Speaker 1:what's that Usually, when they say we have AI integrating in our tool, they didn't meant this. What did they meant?
Speaker 2:Oh for pictures for pictures, exactly.
Speaker 1:Oh look, you can look for guns, you can look for money, you can look for all these things, right, right. And do you think it did a good job?
Speaker 2:No, so yeah, no, no.
Speaker 1:I mean, we're not haters, but we're also not chill, so, and we're talking about in general, right, I'm not picking on anybody, but for at least I think we share the same opinion. Most of the tools in the space did a really poor job using that type of quote, unquote, ai to find those type of things, right, but the technology, at least for generative AI and we'll see how that applies to pictures at some other point but like actually telling the system hey, give me the context. I think it's game changing. Ai is the future, right, and it's the part of the show where I get in my soapbox now and let everybody know what I think about things. I don't know, if you watch the Simpsons, things that grind my gears no, no, it's not gear grinding, no, all right. So what are my thoughts on this? Okay, soapbox moment.
Speaker 1:If you're in this field, right, and you're used to saying, well, I'm just gonna run this tool, pull the report and push the report out and be done and be done for your day, this field is not for you anymore, right? You will be expected to be able to have not only the technical skills in knowing where the stuff is, to verify and validate. You'll be expected to be able to kind of have the soft skills to communicate with the AI in a way that's effective, right? You say, well, do they discuss about changing money? And the system says, yes, a, b and C. Well, you know what that A, b and C might lead to. You know FGH questions or whatever other letters you want to use. Okay, so you'd have to interact with the system. And you might say, well, why would I do that? Again, imagine you have terabytes upon terabytes upon terabytes of data.
Speaker 1:Is the system has this broad understanding of it and you can use an introvert I say I'm gonna say verbal, I will always type but sentence like interactions with the system, you can really, I believe, narrow down what you need to get to pretty fast, right, like, instead of me having to read 500 messages to get to something, I can say, hey, can you find me something about this topic? Go there, and I could go deeper. And then you ask the next question hey, this about this topic? Did they go into this other thing? And then it might lead you to another thing and that requires soft skills, right, and let me tell you and you correct me, I mean, let me know what you think, but you can have the investigator kind of interrogate the system.
Speaker 1:But at some point there'll be some questions that the investigator cannot ask of the digital forensics AI, because I would hope in the future I can tell the world. Can you tell me in what databases is located, right? Can you tell me if there is another entry for this? At the same time, in the SEG-B, you know battery system format, right, and then you can start in that interaction adding artifacts, right? As you're having this conversation with the system, which I believe is going to change how we interface with our data in a way that we cannot imagine, right? Am I crazy by saying this or what do you think?
Speaker 2:Definitely not crazy, I agree. I think I completely, 100% agree that if you're a button pusher and think that's what forensics is going to be with all of this new technology, then yeah, you may want to look into something different, because it's going to be a lot of validation.
Speaker 1:Well, and most people think, well, if I have an AI, then I don't have to really go into these other things, right? Because, like, how can I say, this AI will not take the place of your bottom pushing, or let me rephrase that no.
Speaker 1:The AI will not take the place of you validating things. I guess that's the next level of it, right, because the AI can tell you all these things. And the AI at some point can make and could make an erroneous correlation. And why would he, wouldn't it? Even tools that don't have AI can make and have made, erroneous correlations, right or erroneous, and not that the data is wrong, but the way they present the data might be confusing or might be misleading. Not wrong, right, and we have, I have. We're not going to discuss it because a lot of cases are still ongoing, but I know of current cases that are happening where the name of a field in a database has become a point of contention in a murder trial, for example right?
Speaker 2:Oh, yeah, definitely.
Speaker 1:And and the name is misleading unless you understand. You know what I mean. So you have to really look at that context. Your work as an examiner, working with AI, means that you need to verify and validate, and I think this is my second. I got a couple of points here, but my second point is you need to really focus on the artifacts, not as the artifact, but as the data stores or data structures. Let me explain what I mean by that.
Speaker 1:We're used to train in our field, as in. Here's a tool, you're gonna take the extraction, you're gonna run it and then you have an output. And this is how the output works with. The output tells you and push it forward, right? Well, that concept of learning to the tool has to change, because there is no, there's no learning or teaching to the tool when it's AI. You talk to it, you know. So what am I going to teach you? Right, like you know, talk to it.
Speaker 1:You got to know what to ask. So how do I know what to ask? Well, you got to understand the case, which is another soapbox moment for another day. But you also got to understand the data structures themselves, the artifacts, but the data structures themselves Like well, where is this data located? Is it a Jainson file? What are the keys that are relevant to it? Right, you have to be able to do that, especially if it's nested among, you know, inside of another one, right? And there's a lot of artifacts that are nested, like that, data structures inside the structures. How does AI play into that? Another point I got a lot of points here because this is like my thing, for the week Vendors.
Speaker 1:Usually you know they put the data and they either give you two things they give you the end result, which is fine, but when you want to validate, they give you either the offset or maybe the name if it's a SQL database, the name of the table and the name of the fields, but they don't tell you how they, how they their fields are, or the tables are joined or connected or not, right Under what keys.
Speaker 1:They don't tell you any of that. And when you say, well, look, here's the here's, this information is offset, and you go to the offset and you, yeah, I see something there, but whatever's around is not helping me, right? I believe that at least I would hope vendors with AI would be more transparent in how they show or how they will have us track back to the source. Just giving me the offset or where it's sitting in the data store or the extraction, it's not going to cut it, right, Because we need to have the context to be able to track it down. Just going to court and saying, well, I got this because I asked the AI about it and the AI told me that and I believe the AI is not going to cut it. The AI is not going to testify for you, Okay.
Speaker 2:I was going to say that they're going to want to call the AI as a witness on the stand. That's not happening. Do you sort?
Speaker 1:of tell the truth and nothing about the truth. Yeah, the AI. I mean, I guess we can build an AI that says that, but that's not going to be accepted, right, right, so we need more transparency. How do we get that? Now there might be some issues with some vendors because maybe revealing how that traceability might give away some secret sauce on how they decode things, maybe I don't know, that thing is going to be an ongoing conversation as AI becomes more ubiquitous in our tool. Another thing is, and last, two things, because I know I'm meeting a lot of time, but, oh, you're fine. Oh, before I go to do other things, I did propose, and I put that in LinkedIn Very interesting, go into my LinkedIn and check it out.
Speaker 1:I propose a possible way. For example, I need to trace this back. Or maybe the tooling can provide me, for example, the file. Some path over the stuff is identify the data structures, right. Is there records and fields in it? Provide those as well, right, and provide any acquiring or processing logic, be it a SQLite queries. If this key value pairs, then what are those right? What are the keys that you're getting this value out of? Either nested? Where is the traceability of those nested key value pairs. All right, and then after that give me a link to an alternate presentation. Maybe it will be the spreadsheet-like presentations that we always use and there's nothing wrong with them, right? But I want to have that ability to go from the conversation to the sourcing, traceability, understanding where the stuff came from, and then show me if I requested a more traditional rows and columns, excel spreadsheet visualization of what the data is. And I think folks are commenting on the chat. What are they saying?
Speaker 2:Yeah, so Matt Beers says I think that the tools' responsibility to tell us their query, we, as examiners, should have the skillset to build this ourselves. Yeah.
Speaker 1:And the thing is that some I agree with you I would hope they would do that and queries just a SQLite query is an example. It's the most known mobile forensics data structure format and I do believe that's going to be in the past, moving forward pretty soon. But some queries kind of get pretty wild, pretty rowdy. You're joining 20 tables and pivoting on so many things and it could become an issue there. But we need to be able to parse that. But I cannot go through it if you don't share that logic with me. So that's something to be kind of mindful of. What are other folks talking about?
Speaker 2:JE, there's going to be more need for scrutiny in that regard as well, because people will try to take shortcuts. I couldn't agree with that one more.
Speaker 1:Oh no, I mean, and it's going to bite them in the posterior. It's like the lawyer you saw in the news, the lawyer that asked chat GPT about, hey, can you tell me about this case law about this? And chat GPT said, of course, I can tell you about this case law. There's this case, you know, horse versus cat and talk about that and they put it in a pleading or whatever it was, and the cases were made up Like chat GPT dreamed them up.
Speaker 2:Yes, one of our commenters wrote in, like those court cases where lawyers used AI to generate motions and it referenced non-existing cases, and that's exactly what you're talking about.
Speaker 1:Like JE and me, we're like in that same wavelength, we're like right there together. And how would that look in this type of in our field? I think that companies like I say Axiom is the first implementation that I've seen, but others that will also follow suit, because they will follow suit, I'm pretty sure they will put some logic for the AI not to make up stuff. I believe that I'm pretty sure. But that's actually a great segue and thank you for that. My next point and my soul block is about how things are presented, and when I talk about presentation, what I mean by that is the context and the intent. Intent is the word I was looking for. I was gonna, you know, go and spin my gears.
Speaker 1:Intent. Right, you can talk about something that happened, but the way you describe it, the way you presented, might change the meaning of the whole thing, even though you didn't change the actual thing, right? Does that make sense, heather?
Speaker 2:Absolutely. Whatever you describe something that you're reporting on, is really, really important to make sure you're describing it accurately, especially since it's going to people who are not in our field. Right, it's gonna go to a case investigator or a prosecutor who they're not in our field. They don't understand how to, I guess, interpret it themselves, so we're interpreting it for it. We're interpreting it for them.
Speaker 1:Well and absolutely, and even within the AI, right, because they're the consumers of that. But if you say the AI, they were talking about laundering money and they go, yeah, they were talking about laundering and money in this context. And then you go it's like, well, actually, the word money here, they were meaning something else, right? Maybe the conversation between the participants, money was a euphemism for something else, or I don't know, washing clothes, I don't know, right, because it's expensive clothes. They were talking about their. I don't know, I don't buy expensive clothes. Look, I wear a free conference polo shirt for work, whatever an expensive piece of clothing that they were actually gonna wash it. They call it money because it's expensive. I came up with that on the fly, as you can tell. But well, the AI might not have the contextual knowledge to make sense of that nuance and you ask it a question and if you just take it at face value, you're gonna make a big, huge mistake. There was maybe no laundering of no money, okay, so so testing and validation will move from not move, but will be incremented. It won't be only the testing and validation of data and process, but also of how you query those AI's right and what are the responses the AI gives you and if see if the AI's intent in its response I say intent in quotations, it's not a person, right? So, according to the intent of the answer Actually matches what the source data is presenting, right, as a human, you need to do that. So that's like my next to last point. So, because I could segue there and now comes to the last one, which you did mention, that presentation to the stakeholders, right, we need to make sure the intent is correct and then translate that.
Speaker 1:And we talked about last episode not to make anybody happy. I'm not here to make anybody happy, I'm here to just a state fact period. If you're happy or not happy about it, as I don't see, I don't. I couldn't care any less or anymore. I'm so sweet like that today, I don't know. Yeah.
Speaker 2:Valentine's Day is bleeding over.
Speaker 1:I spent on my love yesterday. That's why I'm a love deficit now. All right, so yeah, so that's my AI spiel for the for the week, heather, thank you. Thank you for letting me put it out there.
Speaker 2:Yeah, so you have your topic every week where you can get on your soapbox. I like it, I like.
Speaker 1:We're gonna make it an official, an official thing now moving forward.
Speaker 2:Yeah, yeah, it's like the intro for me and your soapbox.
Speaker 1:Those are our things there we go, there we go write it down.
Speaker 2:write it down, okay, all right, add it to the list. Another topic we're gonna talk about this week we mentioned last week we were gonna talk about vehicle forensics a little bit. So I Don't know about you. Do you do a lot of vehicles in your, in your regular, every day?
Speaker 1:So I do, I do some of the parsing of it. I don't actually interact with the vehicles themselves. We have some folks obviously that do and both at the, at the state and, and you know, local and federal level, we got folks that do that. Do that, do that part. I have been trained for that. But I'm Tested with mostly the, the analysis partner, with the pulling the stuff out.
Speaker 1:So yeah, I guess, I guess, I guess a long answer to say I do, but not, not from the beginning, more at the end, at the end, part of it, I guess.
Speaker 2:Right, right. So I'm similar. I've been trained in vehicle forensics, but I don't go out and take the modules out of the vehicles. There's a bunch of people, a bunch of people in my office that do that part I've been doing. Mostly they're bringing back the modules and my part has been the chip offs. Lately we have had so many Modules that need a chip off, so that's kind of what I've been doing and a Lot of the vehicles that we're getting. The file system we're seeing is the Q and X file system.
Speaker 1:Which.
Speaker 2:I'm sure you're seeing in your parsing If you're out there and you're seeing the Q and X part partition or the Q and X file system, there's a video on Alexis's YouTube on how to access the logical files in a Q and X partition. I have done this on actual cases and if I can do it, everybody else can. So I Just highly recommend going out and watching that video to be able to access those logical files.
Speaker 1:Yeah and and and. Let me give people a quick brief. Like, cars have a lot of information right, both at the level of the vehicle the internal network of the sensors of the vehicle In regards to how fast things are going, but also the infotainment system. What that means is the computers that run your little screens that tells you the door is open again, how fast you're going, and there's different ways of you accessing those data stores and pulling that data out. Like Heather's saying, sometimes involves a chip off and those that don't know what a chip office is. You know chips on the computer. You got to take them off and that's a pretty involved process. I think you told me that you did one the other day on the first go right.
Speaker 2:Yes, I got it to go immediately. I didn't have to fight with it, no trouble shooting. That's why I'm cleaning of the chip, it just went. That's like rare, it's very rare, like a unicorn.
Speaker 1:You need to do is run and play the power ball after that, because the luck, the luck the luck was on you and we're joking about it, but it's really involved, involved, process a lot of time, go ahead.
Speaker 2:Yeah, no, no, definitely so. We use, we use burla in our office to to parse the data and they they'll handle those chip off Extractions and they they actually do a lot of their own extractions as well and parsing. I Believe that there, if your members of like some of the user groups out there, there's a whole bunch of people too talking about ISPs on on vehicles. I haven't done an ISP so On any vehicles yet.
Speaker 1:Can you, can you, can you, can you give a quick, a super to sentence? Recent explanation why ISP is to the folks.
Speaker 2:Oh yeah, so it stands for in system programming and it's where you solder hair wire to test points on the board. So you'll solder hair wire to the points that you need to be able to pull the data from the chip. So it doesn't involve actually removing that memory chip, it just involves pulling the data from it off of the board.
Speaker 1:Yeah, and and being able to find those, those contact points, and knowing that those contact points. I give you access to the data. It's huge right. It's way less involved than having to. You know melt. You know a chip out of it or whatever technique you're using to get it out, you know.
Speaker 2:Right. Well, finding those test points can be quite, quite a chore, but there's a lot of people who who do that out out in the community and share so, even on mobile devices. They'll share the pinouts, like what you need to be able to solder to to pull data from mobile phones. There's, there's a ton of that shared on the groups out in the community, so Thank you to everybody who does that. I actually had a message in my LinkedIn this week asking me if I plan on doing that, and I would Love to if I could find some extra time but yeah, 24 hours in a day.
Speaker 1:Yeah, the day's need to be long to me to move me, to move to Mars or something. I don't know if Mars has longer days. I'm making that up.
Speaker 2:Wherever that place is.
Speaker 1:Well, and and the thing with that mobile forensics you know we're talking about a second ago. It's like you get all this data and you know it's independent of, like you don't need a. They say the phone is unavailable, but you know the the. The suspect were traveling on this vehicle. You were to identify it. You can see that data, store and query it and get important information for your case. And that's Evening, it's used and it's not. It's not nothing new is old, right, when there's car crashes and you know there might be a person that dies in the car crash, you need to figure out who's fault, who was at fault.
Speaker 1:That data comes into play as well. So you got the extraction piece that you just mentioned and you have the understanding of the, the coding piece. How do I access the file system? The video that you mentioned on my youtube I talk about. How can I use free tools like linux to be able to mount a qnx file system, pull the data as a logical extraction and a zip file, and then how can I go through it and find things of value? Right, so there's all those pieces Then. Then you can build your case off of them. So what are folks talking about in the chat?
Speaker 2:Uh, shannon bergitt burgers says we need celebrate magnet to hop on vehicle. For unzix new gm modules run a Aos, so chip off isp is no longer a solution and that kind of was going to actually be my next point. I wonder how much longer we'll be able to do chip off an isp as a method for vehicles, because I believe they're going to start Rolling out encryption on more and more modules. They come out of vehicles. I know some of the newer modules already have encryption present. And yeah, I'm wondering, I mean the cards that we can do the chip offs on. Let's face it, they're going to be around for a while.
Speaker 2:So oh, yeah, oh yeah, so it's not going to be phased out completely, but I do believe that some of the newer vehicles Coming out are going to have that encryption on by default.
Speaker 1:Yeah, and that's something that I was telling a few years ago back telling folks yeah, they got encrypted. They're like why would they encrypt it? That's not needed. I remember people kind of arguing with me with it and like In my mind, just wait three years or two years and you'll see.
Speaker 1:Now, I don't, now I don't remember who it was, so I cannot even gloat about it, but no it's. I mean it will require of, I guess, for us in the field to look at cars as we look at phones in a sense. Right, how can we find some exploits to be able to get some sort of Privilege access to the, to the infotainment system, and then ask it, ask it for the file system, right? So yeah, I mean I hope vendors really get on on that train soon, um, because that's what the future is.
Speaker 2:I'd be willing to bet. Burl is already working on methods for that. Um, I'd be willing to bet, but I mean, and again, folks I'm not familiar.
Speaker 1:burl is a company in that space that deals with this type of vehicle forensics and, uh, there's always a financial incentive, um, to be able to provide this access. Lawful access, I would like to say that lawful access, access, um to some of this data, and you know, if I'm, if I'm trying to solve a kidnapping and I have the car, um that was used in the kidnapping, well, maybe the car has the information I need to find that victim right or whatever it is. So lawful access, it's, it's important and and hopefully we can continue to do that, moving forward.
Speaker 2:Yeah, I've heard too, um, that burl is developing a chip off course. I hope they incorporate isp as well if we're going to see some isp announced for boards. But, um, there's chip off courses at a lot of different um vendors, but I would love to see what theirs is going to be like as well.
Speaker 1:Yeah, no, absolutely. And again, don't don't sleep on on the car thing. People need to be aware of those capabilities and I had cases where I talked to the agent say, hey, hey, you know, do they have the car? What car do they have? Oh, they have this car, you know what. Maybe you want to look into this right and they're like we know what. I didn't even think of that right. And yeah, that could very well be.
Speaker 2:Yeah, I think one of the most frustrating things for the vehicle forensics for me personally is I want to validate everything and I'll do that with a test phone. Right, I'll go get an android phone and generate test data and test what I'm seeing in a mobile device, but I'm not going to go pick up a afford and um, drive it around and test it and be able to validate everything I'm seeing. So it's kind of frustrating to me a little bit that you have to you kind of have to rely on what the tool Is showing you a little more than you would in in mobile forensics or computer forensics.
Speaker 1:Well, yeah, so now you, now you give me an. Uh, you know, now you put the box out again, the soap box out, and I'm gonna step on it one more time. Okay, sorry, look, my experience with this type of stuff and I'm in generalities, right, in the digital forensics world, when we talk about computers or phones we like to talk about, you know black and white, once in the zeros, you know black and white, once in zeros. But in the mobile forensics, phones, I believe, the tolerances are different. Right, when you talk about a car being at a location at a particular speed, um, it's not gonna be like. Well, it was at 55.555 to 51 miles. Right, the system will give you a speed, but it's a tolerance. Right, it might be between a range. Right, the sensitivity of the sensors in a car have tolerances. Right, how, how the the car deploys a, a, an airbag, right, how much force is to be exerted to deploy? That there's a tolerance is right. So there's a. There's a lot of gray air. I say a lot, let me never phrase that.
Speaker 1:There's a lot of things you need to consider what you're doing with Vehicle forensics and what those sensors are telling you, and that's separate right from If the sensors in that vehicle are properly calibrated, because the car might be registering 55 miles per hour, but it's actually going at 40. So how do you know that right? Right, and in certain cases you might need to go to the proper channels and you might have to take this suspect car and drive it and measure it to say, look, it's highly likely that these are the, these are the tolerances, and what? The speed was right? Um, in some cases, if the car is total right, you might not be able to do that, and then you have to really you have to live with those unknowns and look at things that look within the starrences. This is the likely scenario Of what happened and there's no other scenarios that do not fit this pattern.
Speaker 1:And it's all consistent. As opposed to yeah, here it is a one or a zero. Does that even make sense? Does that make sense? I'm presenting that yeah, definitely yeah, when you're dealing with things that are detecting, Sensors that detect events In real life, like the air pressure, how fast, how slow, if it's moving left or right, even with gps in your phones. What are the tolerances and what's the precision? Right was the. If you're in a city like Chicago, which I know Leslie is.
Speaker 1:It's an instagram listening a lot of respect for her Um, your gps is gonna go crazy because the buildings are so tall, right? So if I get a reading in Chicago from a gps, I gotta be really careful, right? Um, what's it in our locations actually getting accurate readings or not, right? So there's a lot of those stuff that we don't think about because we like to press the button and move forward, but we need to really consider, especially if it's an important piece of your case.
Speaker 2:Yeah, abraham and Shannon both make good points in the chat to junkyards could be a good source for your test equipment and um, the other one is the validation is more difficult. But for isp or burlesportive vehicles, rental cars are your friend and he's right. You can go get a rental car, drive it around, download that data. You better not chip it off. Well, I feel like the rental car will company will probably have a problem with that.
Speaker 1:But um, yeah, junkyards and and rental cars, sure hey look, if you take the dash out of that car, make sure you can put it back together how you received it.
Speaker 2:Be gentle on the rental car or you might end up with a big bill.
Speaker 1:Yeah, I busted like four or five of those screws and now the dashboard doesn't come on.
Speaker 2:Yeah, yeah, so it could end up being a problem, but definitely definitely an idea for source or for test data.
Speaker 1:Hey look, it's an idea we're not. We're not supporting it and we're not neither pooping it, right? I'm just telling you what the chat says. Okay, Don't don't come at us later that we're endorsing any of these ideas. All right?
Speaker 2:Yeah, um, when it comes to some of the encrypted vehicles, though, I actually have have seen an encrypted, an encrypted system that the user data was encrypted but the system data wasn't, so you could still pull some valid, useful data. Um, even though it wasn't in the user data, partition was found in the system data, so keep in mind of that too. If you can't get past encryption on some of the newer things, there still may be something useful there.
Speaker 1:Oh, absolutely, just again in it. Yeah, it reforms the same thing, right? Um, you know, if you be a few type of stuff, when the phone turns on it's encrypted, but a portion of it, before you put your pin code, has to be in sort of the cryptos state, because how would you get phone calls, you know? I mean the phone has to actually be able to access certain functionalities, to receive a phone call, to receive a message, even if you haven't Pin. Put your pin in first for the first time to kind of unlock the whole system. And and again, we have to know what our environment is and what, what can we get from those environments in what particular Moments, and and see where we go from there.
Speaker 2:Yeah, um, I have to share this comment though super glue induct tape for the rental car I have a feeling the bill.
Speaker 1:the bill will be still hitting your mailbox, so yeah, you know, I'll put some chew gum and make sure it dries.
Speaker 2:Yeah, yeah. Oh my goodness, yeah, don't, don't do that please last thing I want to mention, though, about vehicle forensics too. Don't forget about vleaf. I mean, the vleaf has support for some vehicles. There's not everything, um, but there are quite a few vehicles supported in vleaf, and if anybody wants to write artifacts, I can attest that you can do it Right and um contribute to the, the vehicle forensics of the leaps.
Speaker 1:Yeah, no, I would appreciate that. Now, first of my complaint was I don't have enough data. So some folks within my organization and others have have provided me some sample data that they got and and now I? Now I don't have time. It's, it's horrible. So now, now, now I'm the uh.
Speaker 2:I'm the funnel here.
Speaker 1:That's Stopping everybody. Um, I want to make quick comment. Um, you know, um, geraldine is on on instagram and I keep in mind on the chat on instagram as well, and she's saying that you know she had on Mercedes vehicle that she did a hot swap, and hot swap is You're able to take that drive and keep it alive and kind of move it away and put it, you know, somewhere else. And some of the stuff it's uh, um, got encrypted, it's encrypted or got encrypted in the process. So you know it's something that we need to look for best practices and and, to the best of our abilities, test if you're able to and and, if not, you know, do our best to go through it.
Speaker 2:Yeah, all right. So Are you're gonna tell us now, right, what's new with the leaps?
Speaker 1:Yes, so, um, first of all, um, again, a reminder for folks that are maybe here for the first time Um, the locks, events and properties parsers framework, the leaps, is something that I developed a few years ago and thankfully the community has embraced it and now we have a good core of our six developers that kind of contribute their free time to it, plus Heather now we're gonna make her number seven, lucky seven To start making Slowly rolling in.
Speaker 1:And, and we got a whole bunch of people Participating you know one of us here and there. So, um, the tooling does parse, uh, android, android extractions, ios extractions I can I had her mentioned vehicle extractions and returns from isp, so internet service providers. So you got a google cloud or iCloud that comes down. You can run it by a tool and get some artifacts out of it. Right, we don't, I don't we? Just a triaging tool. So you use it to kind of get a quick glance of what might be there of importance. Also, we use it as a way of Having a presentation for unsupported artifacts from third party tools. So if the big tool makers don't support your you know, new chat app, you can put some Support within the wall of leaps and you have a nice report from for it. Until, you know, bigger tools catch up to us. So we're, we move pretty fast. So what do we have that's new? So for I leap for iOS, kevin Pagano I don't know he's in the chat or he might be more than one chat.
Speaker 1:I think he might be in Instagram and in YouTube.
Speaker 2:Wow.
Speaker 1:He's a man of the internet. Okay, again, he's my. I joke with him because he's my, my right-hand man right now dealing with the projects. Um, he did a six-dag nose shut down. Logs of parser is based on Research done by capersky. So, um, I did. I did not put the links in the for the banners, but we'll put them in the show so you can read that research.
Speaker 1:Yeah um, and in Ourselves at UME. We but I did the coding on this one we did a good chat that we added recently. And then yango fiola. He made uh, ways Is for iOS, ways parser for kind of just your location posts and mapping, right, I love. Kevin Pagano put a smiley face there. Yeah, chat, yeah, kevin rocks and um, in a leap that's for android. Yeah, kevin's still, you know, hitting 100. He did a Multiple profile support update for somebody. Artifacts what does that mean? It means that some artifacts and also the same thing with I'm gonna add him to this Patrick Della for gmail. So you have the gmail application, but you can have multiple gmail accounts in an application and some of those I was missing them. I was just showing one when they were five, so they updated that code to start supporting that. Now, with what I've been here is that with android 14. 14 is the one, right, we're in 13 now, right, yeah?
Speaker 1:or did you, yeah, 14? So the new andrew is coming out. What they're trying to do is Take advantage of multi-user supporting android devices. What that means is you know that I can log in with my account, I can give you my phone log out and kind of you can log in right and have multiple accounts in those phones. Use it for you to be able to have, for example, two, two whatsapp accounts running at the same time, because one whatsapp account is going to be tied to this, to your other quote-unquote account and then to your real accounts. You have two Um accounts from the same application running at the same time. This will, internally it will look as a different account, but it's not a different account. It's still the same user that controls both accounts. Does that make sense, heather? My explanation.
Speaker 2:Yeah, yes, it does.
Speaker 1:All right. So that's going to change our perception of of how we parse these things as as forensic haters, right? Um, because we have to look at this data and take into account that these two accounts accounts might be related and we cannot mix the messages from one account on the whatsapp with the other one. We're going to make sure we keep it separate, but keeping that some sort of connection user base because of who's the user is Okay. Um, samsung does that in a in a way, right now, the knocks and some of the secure Enclave's within the phone where you put your I don't know your picture. You don't want somebody to see.
Speaker 1:Yeah, the secure folder the secure folder is actually another account in the phone, another quote-unquote user account that's used for that purpose. So samsung has done that for years now. Um, it's, I think, is android. Google is catching up on making that so again, taking into account as these things come out, um, don't be surprised. You got to keep your pulse On. Keep your hand on the pulse of these developments, something like like with the previous android 13 when it came out.
Speaker 1:Um, they change xml into abx format and our tools broke Until, yeah, until you know, alice kateness came in and and make a uh, uh, at least for the open source world, made some scripts for it, and now xml is binary in a lot of places in android devices. Right, we have to evolve with that, and if you know this thing is coming, when it comes, then you'll be able to you know quickly, tree arch what it is until the tooling catches up. Um, what else? Oh, yeah, and then patrick del, uh, uh, dela. He did also, uh the google last strip, an artifact that that, uh, if I remember correctly, I made based on research by um, joshigman.
Speaker 1:Yeah, I was missing a couple of fields there, um in, uh, because my data set didn't have them. So he put some logic in the Code to take account of these fields, since, since they could appear in your data set, again, we don't have. You know, well, we have to close the show. But, um, just check those out. You can download them. They're python base, they're totally free and if you don't like them, I'll give you your money back, 100 percent guaranteed.
Speaker 2:So that actually brings us to the meme of the week, everybody's favorite part, right, let me share. Let's see here there we go.
Speaker 1:The meme of the week is the best part.
Speaker 2:Yes, so the meme of the week this week is Just everything knocked off the shelves in a supermarket or store, and it reads also I need you to finish this case that another examiner started.
Speaker 1:Any, any semblance of a real life event is pure, uh, coincidence, like the movies at the end. Any of the events. That you know the pig real life in any sort of way is pure coincidence. Wing wing not, not right.
Speaker 2:Yeah, so I'm sure anybody who has worked on a case Um has had to pick up something that another examiner started for some reason or another, and picking up where they left off Can look a lot like this meme.
Speaker 1:Things everywhere. If you ask him no, this is really organized. If it wasn't like this, I couldn't find my stuff and I'm like what are you nuts? Whatever you call organization is not. It's not, at least from my perspective.
Speaker 1:Yeah, no it and we have to do it right. I mean and I think I speak, so the meme speaks to us considering how we do our work, because we, instead of saying that we get hit by a bus, let's say you might win the lotto and you might not want to work there anymore, right? So the folks that will get promoted, so the folks that come after you, we leave this stuff in a way that's understandable, that's workable for them.
Speaker 1:Um you know, and are we doing our part? Or are we just doing the minimum necessary Because we know we got some tdy, we're going somewhere else and then drop it on somebody else, right? Well, let's try. Let's try to avoid that, right? Let's make it work, make it organized, make think of who's gonna come after you and use that data and then be a nice. Be a nice co-worker man, come on.
Speaker 2:Yeah, clean up your mess.
Speaker 1:Oh, heather, again thank you, and I want to, I want to give you in public your extra Thanks. I've been really stressed out without some Work stuff and some project, or the the leap, some of the libraries need to change and all that. So Heather's been really kind to carry a lot of load for the show this week because she's awesome. So thank you. All right, everybody, I think I think we're that's it right, or you had anything else? For the good of the order, it's all I've got.
Speaker 1:All right, folks then. Uh, we're hoping to line up Hoping, our first interview of the show. This is not an interview show. I think we're both being adamant to not try not to make it that because we have enough interview shows in the space. But sometimes it might be necessary. So we're hoping to line one up. So we're not gonna tell you spill the beans yet.
Speaker 2:But right, if it happens, you gotta make sure they're coming first.
Speaker 1:Yeah, if it happens, we'll be great. It'll be a, you know, a friendly environment here. We crack jokes, but we want to. We're here to inform, right. We're not here to hate on anybody, or or or chill on anybody, right? So we'll. We'll have news on that soon. So, again, everybody, thank you. Thank you for the folks at at the are in In instagram, like being keeping an eye on the, on on the chat, and a lot of folks joining in. Thank you for listening and thanks for everybody that's still around and thanks for you listening at home. If you're listening or watching later. So we'll be back in. Uh, not next, not this next week, the next one.
Speaker 2:Exactly see you in two weeks. Thank you so much.
Speaker 1:Take care, everybody, and let's put the music and say bye.
Speaker 2:All right.
Speaker 1:Bye you.
