Digital Forensics Now
A podcast by digital forensics examiners for digital forensics examiners. Hear about the latest news in digital forensics and learn from researcher interviews with field memes sprinkled in.
Digital Forensics Now
From Cryptic Apps to Clickable Maps: Making Sense of Digital Evidence
We're back! After a short break we are back to discuss the growing crossover between real-world events and digital evidence in court cases, highlighting how device data can make or break timelines in high-stakes investigations.
This episode covers:
- Ian Whiffin’s latest forensic work, including iOS power log timestamps, Apple Health data reliability, iPhone battery temperature readings, and IR Doppler functionality – with examples of how these artifacts were used in a recent homicide trial to validate timelines and environmental conditions.
- Kevin Pagano’s App Store Package Search tool, which translates obscure bundle IDs into recognizable app information for easier analysis.
- Concerns over the growing reliance on AI in digital forensics, emphasizing the need for human expertise and proper validation in every step of the process.
- A demonstration of LUMYX, a mapping tool that converts extracted location data into customizable visual timelines for courtroom presentations.
- Updates on LAVA (LEAPPS Artifact Viewer App) and guidance on writing LAVA-compliant artifacts to improve reporting workflows.
Notes:
Ian's FOUR Newest Blogs
https://www.doubleblak.com/blogPost.php?k=powerlog
https://www.doubleblak.com/blogPost.php?k=healthaccuracy
https://www.doubleblak.com/blogPost.php?k=temperature
https://www.doubleblak.com/blogPost.php?k=doppler
Ian Whiffin Testimony
https://www.youtube.com/watch?v=kahgl-mIUFE
Kevin Pagano Stark4n6 app store package search
https://www.stark4n6.com/2025/07/introducing-asp-app-store-package-search.html
https://github.com/stark4n6
Elcomsoft Article- AI driven Password Recovery Myth or Reality?
https://blog.elcomsoft.com/2025/07/ai-driven-password-recovery-myth-or-reality/
Beyond the Badge AI's role in Modern Investigations
https://www.magnetforensics.com/blog/beyond-the-badge-ais-role-in-modern-investigations/
LUMYX
https://lumyx.com/
LEAPPs
leapps.org
How to make LAVA Compliant LEAPP Artifacts
https://www.linkedin.com/video/live/urn:li:ugcPost:7356497708628520962/
UFADE
https://cp-df.com/en/blog/ufade_touch.html
Welcome to the Digital Forensics Now podcast. Today is Thursday, july 31st 2025. And my name is Alexis Brignoni, aka Briggs, and I'm accompanied by my co-host, the educator-in-chief, the visionary of the North and one of the Cassandras, like myself, of the digital forensics world. I'll tell you what that means later the one and only Heather Charpentier. I'll tell you what that means later, the one and only Heather Charpentier. The music is Hired Up by Shane Ivers and can be found at silvermansoundcom. Alrighty and look, I had a nice intro and outro. I didn't cut it off like that.
Speaker 2:Yes, that was very good.
Speaker 1:What's up, Heather? What's going on?
Speaker 2:Nothing, nothing Long time no podcast. Yeah, we've've been busy, but everybody's busy, right I know, I think last time it was my fault, the time before it was your fault and we just yeah, finally, we have made time to have another episode, so however this episode comes out, it's gonna be both of our faults. So that's okay, that's okay, it's gonna be good yeah, so so, let me explain real quick.
Speaker 1:So so, cassandra yeah it's a mythological figure and she was really pretty, and apollo was thought that she was really pretty. So he, he gave her the gift of prophecy, but she didn't like him in return, right, so so his, her, her punishment. You know, the gods are so fickle and I guess anti-woman gave her a curse, and the curse is that she will be able to know the future, but nobody will believe her.
Speaker 2:Oh.
Speaker 1:So, yeah, we suffer from some of that syndrome sometimes, but it's okay, it's okay, we keep going on, we keep marching on, definitely, definitely. So it's been a while okay, we keep going on, we keep marching on.
Speaker 2:Definitely, definitely. So it's been a while. What have you been up to?
Speaker 1:So let me think so. I've been doing regular work stuff, which is fine. I got invited to speak on my local ISC2 chapter. Isc2 is an organization that hey look at that, that's me. They're in charge of multiple industry-wide certifications. The most well-known is the CISSP. So that's pretty neat. And I was talking there about log archives and it was interesting because we started with log archives and we ended up talking about a million different topics that had nothing to do with log archives. But eventually I brought it back in and then I gave everybody a quick show of Lava, which we'll talk about a little bit later. And don't worry, it's not lava from a volcano.
Speaker 2:We'll explain that later on in the show it looks like it, though it looks like it yeah, a little bit.
Speaker 1:It's hot, no, but it was good, it was a good. Uh, it was a good day. Um, as I said real quick that johan is in the chat and johan is like the man, so we love him. He's one of the main developers for the Leaps and Lava from the Leap site, so we love him. Gio is the chat as well, damien, so a lot of respect for Damien, glad to see him there, and I hope Christian Peter is there as well, so that's exciting and Matthew was in there before we even started saying hi.
Speaker 1:So yeah, so hi to everybody that's rolling in, so we appreciate having you here, and Matthew was in there before we even started saying hi, so yeah, so hi to everybody that's rolling in, so we appreciate you having you here, nice.
Speaker 2:So I actually I did a conference since the last podcast too. I was asked to speak at the HTCIA conference about the leaps, and I think originally they're like oh, do you and Alex want to do it? But you're a little far away from Massachusetts so I went solo Hopefully I did it justice but got to go give a presentation on the leaps, how they work, what types of artifacts they parse, how people can contribute to the project. And then I did a little demo at the end of Lava as well, to show what the new format is going to look like and kind of how it's going to work.
Speaker 1:Oh, that's fun. Yeah, that's fantastic. We're really looking forward to all that.
Speaker 2:Yeah, it was a. It was a good time.
Speaker 1:Yeah, and you look so fancy in that picture. Fancy, fancy, fancy pants, literally.
Speaker 2:I can dress up sometimes, yeah.
Speaker 1:Fancy smarty pants. You got them both.
Speaker 2:Well, thank you.
Speaker 1:Real quick before I forget. So you know, I saw Christian in the chat and Christian is kind of working on like a little. Everybody don't know Christian, great guy, genius guy he's doing. He made Ufate, which is a tooling to deal with iOS devices and you can pull all sorts of data extractions and lock archives and sysdiagnose all sorts of things right. So he's making a little like Ufate, quote, unquote, touch where you can, you know, run the system and use a touchscreen and do everything in an integrated thing. So I'm really looking forward to looking at the build. I think he has a blog post on it.
Speaker 2:He does. I was trying to find the picture because it's so cool, so I'm looking for it while you're talking here.
Speaker 1:Yeah hold on, I'm gonna, I'm gonna send the link because here it is.
Speaker 2:I got it. You found it okay, oh yeah my desktop is a mess right now let me do a little share here. Uh, share screen.
Speaker 1:Oh, you're sending it to me too yeah, just just just a blog link, but I'll put that in the show notes.
Speaker 2:But there's the little. He's got it all set up outdoors with the Ufade Touch. I think that's hilarious yeah.
Speaker 1:I don't know what I mean In quotes. We don't want to get well not we but we don't want him to get sued by any other companies. So, ufade, what do we call it?
Speaker 2:Ufade, you know, screen, touchscreen or something like that. I added some more to make a difference. Well, he has. He has on his post. I'm proud to introduce the Ufade Field Operator Connection and Acquisition Kit.
Speaker 1:FOCA. Is that it?
Speaker 2:Field.
Speaker 1:Operator Connection Acquisition Kit FOCA. I don't know, it's funny because FOCA in Spanish is seal, like a seal. Oh, Anyway, we're digressing way off topic here, but no, so it's pretty neat. So I like that and I'm actually looking forward to doing my own build and go for there. So I have here Cacique is saying, if possible, it would be nice Actually. I could put this on the screen right. It would be nice to see an example using a UFIT extraction to create an ILEAP report. So thankfully we have a tester-in-chief in this show.
Speaker 2:I'm on it, that's not me, so that would be awesome.
Speaker 1:So thanks for the idea.
Speaker 2:Yeah, definitely Love doing the live demos so I can screw up live on air. It's fun.
Speaker 1:Yeah, it is. It has been a really good time, but you have to watch all episodes for that.
Speaker 2:Yeah, definitely.
Speaker 1:So let's get back on track. So what are we doing first here?
Speaker 2:So some new blogs and actually they're a few weeks old now because we haven't been live but Ian Whiffen has some new blogs, four new blogs to be exact. He hadn't had a newer blog in quite some time, had a newer blog in a little quite some time, but um, anybody who's been following the trial of karen reed out of boston uh saw ian testify to some artifacts and these blogs correlate with his testimony in that case. So the first um was about the current power log and monotonic clock and the article focused on power log databases used in ios devices, uh, and that they use a monotonic clock. And the article focused on power log databases used in iOS devices and that they use a monotonic clock timestamp format different from the standard timestamp methods used across iOS. So the timestamps show elapsed time since boot, not wall clock time. And he goes on to explain how these timestamps work, how they impact your forensic analysis and what you should keep in mind when you're interpreting the power log data.
Speaker 1:Yeah, and I'm going to give my take on how I understood it from a layman's perspective and the way I see it is, you got your monotonic clock. It kind of goes. Imagine that you have your old school wristwatches that have little quartz in it and it goes right as it goes. Uh, with time, those, the time will drift right and your watch will get out of sync with real time. And we could discuss about what real time means. Right, how do we measure time and how precise it is and how we measure it in the past. Now we have atomic clocks and time itself is relative to the speed that you're moving. But we're not going to go into any of that. But the point we're trying to say is that, as your clock, for many factors we're not going to discuss today, loses that relation with what we consider to be the time to be at this moment, we have to make adjustments to it. Right, and that's something that happens in all sorts of endeavors human endeavors that uses watches. So the way the phone does is for those monotonic times. It takes, uh, takes a note of the network time that comes to your phone, right, and then it says okay, so this is the monotonic time, the time that's kind of constant, independent of the clock or the system clock, and then it's going to measure when them, it's going to keep where that time was taken and then the offset between the two times the quote unquote real time and the time that the phone is kind of going off of monotonic, and then that's kept in the database. So what Ian shows is how to do that calculation. He says okay, this is the monotonic time, go to this part of the database, look for the proper offsetting time and then do the calculation. Of course I'm simplifying this. You have to read his blog post and then you know what the time is, so you can't just grab that time and say, hey, it happened here, because it doesn't.
Speaker 1:He does the example of turning on the flashlight on his phone, which is not really the. It's kind of the flashlight, but it's more like the flash from the pictures. And if you take the time as is, it's going to be off by days and days, right, but after you do the calculations it has a difference of five seconds, consistent five seconds, which is how that artifact behaves. Why does it do that? Because that's how Apple made it, whereas other artifacts don't have that five second delation. But that's the point right, you have to test, make sure you understand what do timestamps mean? And he gives an example of the Magnet Forensics Axiom tool which has that monotonic time, the real time, and then the different calculated times. As you go making those analyses, the base times and all that. I read that article. I think it's important If you're going to use the power log for you know, to show activity, you need to understand how to calculate those times. Don't take the times as is, because you'll be wrong. You need to do some math to figure that out.
Speaker 2:And definitely I mean it's showcased in the trial that he was testifying about this and where, if you do just put it in a report and send the report to court, it potentially is going to be questioned by somebody who maybe doesn't understand it that much. So if you understand it, you can get out ahead of that for a trial or court hearing.
Speaker 1:Well, and it speaks to something that we said a whole bunch of times, right, heather, that if you say I say smoking gold, quote, unquote, but things you're going to present at court, you need to really understand why you pick them and what they mean, because there will be another, an expert, that might know more than you, and there's nothing wrong right to question you. There's nothing wrong to be questioned by somebody that knows more than you. It will be nothing wrong if you actually know what you're talking about, because in that case the person that knows more than you at the end you're going to end up what Agreeing, right? If you're correct and the person that knows more also knows, then that person knows. So we both agree, then right. So don't be afraid of somebody that might know more than you in different things, as long as you do understand the precise things you need to talk about.
Speaker 2:Because if you have control over that all the rest, who cares?
Speaker 1:At least you know, conceptually speaking.
Speaker 2:Exactly so. Another artifact that was showcased in that trial and there's a new blog on is the Apple Health Accuracy and Reliability. So this article, everybody take a look at it, because there's a ton of testing and comparisons in this article. But it a look at it because there's a ton of testing and comparisons in this article. But it evaluates how accurately Apple Health tracks steps, distance, floors climbed and, like I said, it has the real world testing that Ian performed and comparisons with academic studies to access that reliability. And then I want everybody to read it. But the conclusions at the end are that the number of steps recorded is reasonably reliable. Indicator of steps taken when walking the distance is not as reliable. So really take a look at those studies and do some testing yourselves to kind of gauge that reliability in your own cases. To kind of gauge that reliability in your own cases.
Speaker 1:Well, and it's kind of tough. Right, because I can see, you can see steps being measured based on the way the body moves. Right, because you can measure steps in a treadmill when you're not going anywhere. Right, right, there's no movement on a treadmill, you're standing in the same spot. But the steps are counted right, so those steps are not in relation to movement forward or backwards or to the side, so no spatial movement. So it calculates it based on certain determinations of the sensors on the device. Right. But think about then, like the article goes on explaining in different ways right, I am taller than you, a little bit more taller than you, right? So my, when I walk, I, my steps are gonna go farther than yours. So well, my step might be one and a half of your steps right, yeah, exactly and it's counted as one step for you and one step for me.
Speaker 1:So, but I'll get there faster than you, so what does that mean? So it's in and that's the thing in. In digital forensics we've been at least the old school folks like us. There was this vibe back in the day where it has to be binary, one or zero, true or false, either this or that, and there's a lot of gray areas. Right, are those steps accurate? Well, they are accurate. Is this accurate? Well, it depends. What's the gate, the person, right.
Speaker 2:Yeah, exactly.
Speaker 1:How tall they are, how long are their steps. So you know it's, it's uh. There's some, some elements that we can't control. We can only give uh reasonable approximations, and that's something that we need to start opening our minds as examiners, that not everything is a uh, true or false binary. There's a lot of uh, of gray areas, and we need to account for that in our analysis.
Speaker 2:It's funny you say the gate and the steps, because we actually had a case where we needed to do some testing and the analysts in our office, who who was going to perform the testing with Apple health, was going around desk to desk to find out who in the office was like five foot nine. And she picked the person who was closest to the suspects to the suspect's height to do her testing, and that was a really smart move.
Speaker 1:Yeah, no, I liked suspect's height to do her testing and that was a really smart move.
Speaker 2:Yeah, I like that. I didn't know that story. I like that story, oh yeah. So one last thing, though, in the Apple Health reliability. So there's a part in the article that talks about how it's possible to record both steps and flights climbed while you're driving in a vehicle and the device is being held. So that's another thing to keep in mind. Are you sure that the person was taking steps or going up a flight of stairs? Maybe, not necessarily.
Speaker 1:Maybe they were inside. You know they were in London inside a double-decker bus as they're going to the second floor of the bus, I don't know. Geraldine's in the chat and she says that she also did that. For a case, I'm assuming she had to get somebody with a particular body type to do some testing. So there you go. Genius minds. That's amazing.
Speaker 2:I'll have to have you compare your analysis with Giovanna in my office, because she's the one that did that for a case, so she would love to talk to you about it, oh you met, giovanna you met. Giovanna, yeah, she's the one that was going desk to desk. Are you five foot nine? Are you five foot nine?
Speaker 1:I am not surprised that it was her.
Speaker 2:You can picture it. Yeah, I totally can. So Ian's next blog so we have four here so is the iPhone internal battery temperature. So in this blog, apple iPhones include an internal thermometer that monitors the battery temperature to manage safety and device performance. His post on this explores how closely the internal readings reflect external conditions and he does controlled experiments that test this, not reliability. Does controlled experiments that test this, not reliability, but test this functionality of the iOS.
Speaker 1:Well, I would say it's a new applicability, right? Because obviously the phone and for folks that don't know, why would the phone want to keep track of its own temperature, Like for what purposes? Actually, it's kind of funny because the phone needs to know if it has a fever yeah.
Speaker 2:if it's overheated, yeah, if the phone has a fever it's too high, yeah, the phone will, as you know, heather will do what?
Speaker 1:yeah, it'll die or blow up or catch on fire? Yeah, if you leave it, but the phone doesn't want to do that. So the phone automatically does what?
Speaker 1:because it sells off right and I have phones that where I have like in a dash and I'm talking to the dash and it gives you an alert this one is too hot, I'm gonna shut myself down, and it goes. Yeah, it shuts itself down. If it doesn't, like heather said, it's gonna burn or whatever, right, right so. But notice how how smart uh this applicability issue, right. So ian thought, okay, it's, it's, if it's measuring temperature, its own temperature, it. It rests to reason that if I take that phone and put it on the dash, it's going to get too hot, right. If I put it in a freezer, it's going to get really cold, right? So external temperatures have to affect in some way those measurements beyond whatever the baseline temperature of the electronics of the device are, and that's genius. I was like, oh my God of the device are. And that's genius. I was like, oh my God.
Speaker 1:So you look at a phone functionality and you can be creative and do your testing, like he did, and see what that tells you about the real world around it. What's happening in the 3D or 4D, with time world that it was. And again, the example that we would be using, based on this post, is the current retrial, where the phone was outside I say outside, like in the snow, for a certain amount of time. So would the logs pick up that coldness, right? So that's amazing. You can tell a lot of where the phone was based on the temperature, right? If it was hot in the snow, then most likely it wasn't in the snow, or vice versa, was it cold inside a warm place, then it wasn't inside a warm place. I thought it was an amazing analysis and a really creative use of finding new applicability to an artifact that most of us may have overlooked as not important.
Speaker 2:Yeah, I don't think I would have thought of it because I mean, this trial was a homicide trial. Why? Why do I care what temperature the battery is? Um, but it, if you get a chance of anybody listening, gets a chance to just go watch that part of the testimony. If you don't want to watch the whole trial, you can find it on the court TV YouTube. But the the internal battery temperature testimony was one of my favorite parts of his testimony in this trial.
Speaker 1:Oh, absolutely, and we're going to put. Folks are asking. I tried to put the links on the chat and it came out really bad, so I'll have it in the show notes at the end too, yeah. Yeah, they'll be there, but I'll be helpful. I'm putting there for the folks that are live right now and it just it came out really bad. So, like Heather said, there'll be at the end of the show. You can grab it from there All the links.
Speaker 2:Yeah, definitely. Um, and so the last one, the last new His post is exploring the front IR Doppler function of an iPhone. It's a motion detection process that triggers when iOS suspects the user is attempting to unlock their device.
Speaker 1:I completely had a misunderstanding of what the pocket state meant previously, but it's literally looking to see if they're attempting to unlock their device in different manners and like and what, what, what, what manners? Can you give us a quick?
Speaker 2:I can, so I'm just going to take this right from Ian's blog, but definitely go read it, cause it's awesome. So it can. It's triggered by the device screen being touched, the side button being pressed, raising to wake or receiving a call, among a few other things that he has listed here, but the one that I kind of hone in on is the side button being pressed, because that is the artifact that was presented in that same case that we're talking about, the Karen Reed case, and this artifact was used to show that the side button had been pressed Right.
Speaker 1:That's insane. I really picked up on the fact that when you take the phone and you look at it, you're attempting to open it and it has Face ID, it will open. But I always find it interesting because you know, if you see infrared cameras, when the infrared functionality is enabled and you're recording a space, somebody works with the phone and that phone is constantly, like you know, flashing infrared to your face and you can see it. Phone is constantly, like you know, flashing infrared to your face and you can see it and it's. It's so some a little bit unnerving in a sense, because you're there in somebody sitting in the dark looking at their phone and that thing is just flashing your face with infrared all the time. Yeah, um, so how, how, how does that that interaction between that light I say light, but wave emitting source, right, and how does that reflect in regards to the intent of the user or when they hit the button? It's interesting stuff.
Speaker 1:You need to read this, folks, and kind of have an awareness. You might not need it today but you will definitely need it tomorrow. The convergence between digital data and events in the real world. They're coupled, they're coupling even more and more and more in court cases, and we say that because, again, as they should we have experts both on prosecution and the defense side, and the level of expertise is rising. The tools right now are giving you more to think and analyze, so you need to up that knowledge and you have to really be aware of stuff like that. That's on the cutting edge.
Speaker 2:Yeah, and I didn't say this for the iPhone Pocket State, but that is actually out of the unified logs. So we previously spoke about the unified logs and the importance of analyzing the unified logs and the fact that it's not so easy to analyze those logs, but we gave some indications on how to make that process a little bit easier. So if anybody's looking to um looking to read more about that too, Alexis has a blog on how to process those and and put them into an easier format to view using the leaps, so go right out to his blog for that. I'll put that in the show notes too.
Speaker 1:Yeah, and a quick note there double black, um, that's Ian's blog. Um, even Geraldine, another great expert here from Central Florida, she says that Ian is on fire even helping validate some stuff in her case, and he's such a great guy, great resource to the community, so I appreciate all the work that he does yeah, I agree, geraldine.
Speaker 2:I've had his help like three or four times in the last two weeks and I don't know how he finds the time to answer all of these questions. Sometimes I almost I'm like, almost feel bad. Am I harassing him? Because I know like 40 000 other people are harassing him right now too well, it's, it's, so it's harassment all the way down, because you have a same, and then people harass you and another person harasses the person that harasses you.
Speaker 1:We're all. We're all. I mean harassing not in a in a in a bad way, right yeah, in a good way absolutely if there is. We're just asking questions to each other. Let's not use the word harassment.
Speaker 2:It has it has another meaning in the world I feel like I'm harassing is why I use that word.
Speaker 1:So no, let's just say you're bothering him, it's much better okay all right, yeah, um, but so, yeah.
Speaker 2:So the the blogs are excellent. You have to go check them out, um, and I'll put the links all in the show notes, because these are some really great artifacts that hopefully, um, as long as people know about them, they can be used in other criminal cases or whatever type of case you're working on no, and their reference materials.
Speaker 1:Um, I I go to his blog all the time because I know he did some work on some hc stuff or whatever it was that I need and it's a great reference. Uh, yeah, source, so go check it out yeah, definitely.
Speaker 2:Um, let's see what we have here. Kevin pagano, stark forensics, has a new tool called app store package search. So the app store package search. I I'm going to actually show this one. Let me find it here. Yeah, go ahead.
Speaker 1:Just a quick question, kevin again. Kevin is a friend of the show, obviously, and he also worked with us in the leaps, so you have heard about him throughout all our episodes, so he always keeps coming up with new stuff.
Speaker 2:Yeah. So it's a Python-based GUI tool built by Kevin and it allows users to query the Apple App Store bundle ID or Atom ID, supporting both single entries and batch lists, and then it outputs into a few different types that we have. It'll output directly to the console, to a text file, to a SQLite database or to both a text file and a SQLite database. So I grabbed a couple of bundle IDs just to kind of show you how it works. I'm just going to copy one here, if I can get it to go in. There we go dot com dot. Toyota group peekaboo.
Speaker 2:If you don't know what that is, it is Snapchat, which there's not really an indicator in that bundle ID what it is. But this tool, if I do the run lookup, will show you information that one didn't work for some reason. Oh, I'm not on bundle ID. Make sure you choose bundle ID and then hit run lookup and it'll show you information about the application. So current version, release date when it was initially released, the track name is Snapchat, so we now know that that's the Snapchat application, along with the URL and then like just a general idea of what the app is used for right there on the screen in this tool Super quick, super easy. You can take that information right out of your extraction, throw it in this tool and have all of those details at your fingertips.
Speaker 1:Yeah, and for folks that are not familiar with bundle IDs, that's the internal name of the apps, like Heather was saying, the Peekaboo ICU bundle ID. It's actually Snapchat, right.
Speaker 2:Mm-hmm.
Speaker 1:And same thing with Discord. Discord is musically something Snapchat, right, Mm-hmm. And same thing with Discord.
Speaker 1:Discord is musically something, something right, yeah, musically, yep, yeah, so. And again, you'll see this bundles ID that show up in different databases and you might question yourself what is this app? I have no idea. And they start like a URL in reverse, like comwhateverwhatever, as opposed to a URL that ends in com. This is the opposite. It starts with com, so COM, so yeah, you can put it there. It will answer those questions and, like Heather said, a whole bunch of more information that you can use in order to understand the use of the app on the device.
Speaker 2:Yeah, and you know, helpful, definitely in the investigations. But I always use the example example, like the application usage artifacts. Usually the application usage artifacts show that um bundle id and that is what was being used. Is your prosecutor, or whoever your report is going out to, going to know what comtoyopa group peekaboo is? They're not. So we can use this to then give a little bit of context for our reports for people who may not have that knowledge on what what these mean.
Speaker 1:Absolutely, and there's a whole bunch of. I think I know this one, but I'm not sure. Put it in yeah, get the, get the right name and carry on Definitely.
Speaker 2:All right, Let me, I'm going to just pop up real quick there. Pop up real quick. There's a blog on it too. So on starkforensicscom there's introducing ASP App Store Package Search. So if you want to learn more about it other than what I just said, go read the blog, and then the application itself is available on Kevin's Stark Forensics GitHub page.
Speaker 1:Yeah, kristen is saying that there's also a. Sorry hub page. Yeah, kristen is saying that there's also a sorry, that's so good, I'll pull it up. It's also the uh recommendation. V9 parser has only atom ids, which is fine. It's a good thing. My both checking out, but I think uh, kevin's also. You can also search by atom id if you can.
Speaker 2:You can, yep, you absolutely can so so you got, you got.
Speaker 1:You got those both ways of doing that.
Speaker 2:Right, All right. So let's see here AI would it be a Digital Forensics Now podcast if we didn't talk about AI?
Speaker 1:Would it be Thursday or any of the other week? Would it be? There's no AI involved, of course not.
Speaker 2:So we were talking before the show and we have a couple of topics right now on AI, and I said I'm going to promise anybody who's listening or viewing tonight that the next podcast will be completely AI free. I'm not going to utter the word one time and Alexis says that he can't abide by that same rule, so I'll make the promise for myself that the next podcast is going to be AI free.
Speaker 1:Look, look. I am that voice in the desert preaching constraint, preaching slowness in regards to these technologies. I'm the one that says just because they exist doesn't mean that we have to, you know, buy into all the hype. We've got to really assess it and take our time doing things.
Speaker 2:But but it seems like it's.
Speaker 1:It's the only thing people talk about anymore yeah, no, I mean, there's a lot of marketing, right, I saw kind of off topic, but there's this, this lady and she's recording yes, somebody's driving, she's in the passenger seat. She's recording all the billboards on the street and she's like all the billboards on the street and she's like all the billboards are about AI. Gemini and ChatGPT, and even your hospitals are now using AI, for whatever reasons, and there's a big marketing push for these technologies, because I think me opining. When you go into something, you're going to try to make an ROI, a return on investment, on it. So this AI thing that we did, we jumped in more. We've got to get something out of it, right, so let's advertise it, but there's neither here nor there. Yes, there'll be some AI here and I don't think we'll be able to avoid it, but maybe we can.
Speaker 2:For next episode, we're going to try, we're going to really try, I'm going to write out the topics and not let you contribute to the topics next week, so what if it's a good rant? If you send me an AI topic.
Speaker 1:I'm going to veto it, All right.
Speaker 2:But we'll see if it's really good. Maybe I'll change my mind. So first, ai topic. Alcumsoft had an article recently. Ai-driven password recovery myth or reality was the title, and the post explored whether AI can meaningfully enhance password recovery within digital forensics. Talks about the LLMs can they suggest password formats or rules which might help guide wordless generation? But then it also takes into account that they don't actually crack passwords. They lack the real world user context and the guesses are often too generic. So what are your thoughts on that?
Speaker 1:AI in general has no context. I don't know if you, maybe you have, I'm going to tell you, to tell me if you're not. I'm talking to the chat GPT thing or the whatever generative AI Because, again, make the point, we're talking about generative.
Speaker 2:AI.
Speaker 1:AI is really encompassing and not everything uses LLMs Like. Llm and AI are not synonymous. So, anyways, I digress and I'm talking to it, asking some questions and say and change this, change this, change that From whatever you said. Change. And at a certain point the LLM loses track of what the topic is and it comes up with some crazy thing. I don't know where I'm like. I have to constantly remind the thing, give it context Based on the exercise where we did this, this and that. Therefore this, this and that, right, to kind of keep it on track.
Speaker 1:Yes, my assumption is that there's so many tokens that the system can hold in order to operate with the request that you're giving it. And if you go beyond that threshold, as time goes by, whatever's way back in quote unquote, memory is lost, yes, so even when you're talking to it, it loses context, right. So again, that speaks to this whole. I'm going to go into a little mini rant, this whole concept of I'm going to just ask questions and the thing will know what I'm talking about and will give me the results I want, and if the results are not there, that means that they don't exist. That's a fallacy. You got to be really careful, because as you're interacting with the systems, the system itself will lose track of context, because context is not a thing the AI doesn't understand, doesn't think there's no formal reasoning. You might be able to open its working space to more tokens and that's fine, but that doesn't mean there's an understanding of context.
Speaker 1:Right, look if there's anything contextual within the LLM training data. It might not be what you expect, right? That's why we see LLMs. When women ask for information, for example, how much should I ask in salary-wise for a position, right and versus a man? How much should I ask, sorry, wise, for a position both being the same position, the lm, low balls, the female and and high balls that's a word I don't know but tells the male to ask for more but tells the female to ask for less.
Speaker 1:Okay, it's like where's that context came from? Right, from society. The lm is within it, right, right, so so there's context in between what the tap is happening now and the context of how the thing has been trained and it's just from my perspective, autocomplete on steroids. It will autocomplete that request based on that context. That has been quote, unquote training. So I guess, long story short, I'm not surprised by Elkhornsoft accurately noticed and noting that the system lacks context to give you meaningful iterations of passwords, something that a human can do. And Geraldine, she's on the show. She is amazing at that. I don't know, I think she does magic or something she's like. I know this about my suspect the password might be this one, Boom. And it happens to be like how do you do it, girl?
Speaker 2:Oh, I love that we have one of those in our office too. That I I just can't believe it. They'll, they'll guess the damn password. I didn't know. Geraldine did that, so that's awesome.
Speaker 1:A couple of cases, that's awesome that's, that's no, that's no, no, llm, that's a human, human power going there. So, right and again, again. I don't want to people think, yeah, I'm always, you know, urinating on on conflicts, the AI conflicts, yeah, I do. But I do recognize. I think I can say this for both you correct me if I'm wrong but there is a place for generative AI. There's some things that can help right, definitely. But if you believe the hype, you're going to depend on the generative AI way more than you should and you're going to start then the generative AI way more than you should and you're going to start then making wrong assumptions and committing mistakes. Mistakes will be easily avoidable and then you'll be, in the best case scenario, embarrassed. In worst case scenario, you'll be in really big trouble. Yeah.
Speaker 1:Like kicked right out of court. Yes, yeah, and even worse.
Speaker 2:Potentially, permanently. Yeah, yeah.
Speaker 1:No, I mean, and I was saying in his articles, yeah, that the consequence, the personal consequences, are immense, right, but the consequences to society of a person that's innocent being convicted or a convicted person going free, right, right, right, beyond, and you're correct, but also beyond the effects of the person committing not committing but doing the analysis with an NLM tool, right. So a lot of stake here, and that's why we need to think and not just outsource. We've got to go through a really thoughtful process on how we integrate this technology into our workflows and if we do that and which I'll have more crap to talk about in the next segment- yeah, just a minute, right Just a minute.
Speaker 2:You know I use it. I use it for things, but I definitely try and minimize it. I don't want to use it in casework. I just I don't want to do I utilize it and look and see what the results are. Yeah, right now I'm actually doing a comparison on how, like, media categorization works in the tools we use and it's taking me some time, but it's. It's also like I'm not. It's not there in my opinion, but we'll see. I'm not done testing, so I don't want to like crap all over it. You know what I mean.
Speaker 2:But, but I'm just. It's just not something that I want to use. I feel like I have a better handle on the way I want to categorize my media myself, versus letting something else do it for me.
Speaker 1:Yeah, and again that's a whole conversation about a false positives, false negatives and error rates, which we can do a show on that later. But you have to be really careful, I like. So I did a blog post and I got, I did my blog post, I did it on my own, I organized it how I think, but they have to do a slide deck on it and I'm like. So what I did was I have Prezi has a little AI on it. I fed it my blog and then it made me a nice you know kind of placeholders with the topics.
Speaker 1:And again I have to go through it and do things, but it was easy in the sense that, oh yeah, this actually flow, flows with my blog posts, but it's my blog posts, right, right. So I find value on that. So that way I can do my slides way faster than me trying to do the organization. How many slides do I need? Because the AI takes my own content and then kind of categorizes it in a way that's fit for a presentation. So I do think there's value there don't get me wrong and that's why I did my presentation for isc2 and I think I came out pretty good.
Speaker 1:Um, but what I, what I want to do, I don't want to do, is have the ai tell me my presentation, um, for example, uh, yeah, for you don't want it to write the content?
Speaker 1:yeah yeah, I mean and and again it's the temptation of doing that is strong At some point. I'm going to run a little off topic here. Have you heard about the dead internet theory? You know what that means. So imagine an internet where all this content is created by machines, right? Yep, the blog posts and, as you know, a lot of machines go into the comments and comment on those blog posts, right? So at some point the internet is going to be machines putting content and other machines responding to that content. Oh, geez, right, and actually that's kind of happening, right, yeah, I see a lot of bots answering on different things and with generative AI, I see, at some point people will get tired of all the fakeness because like uh x has uh, now, like uh, you know generative ai thing it's called grok or something and you can make like, like, like a fake girlfriend or some sort of female companionship.
Speaker 2:You seen that in the news I think I've seen a couple headlines on it, but I immediately passed those articles over.
Speaker 1:We both grew up when there was no internet, so maybe we're inoculated because of that.
Speaker 1:We had to live most of our lives without internet. But the point I'm making with that is, at some point, all this AI interaction among AI people will leave the internet and that will put a premium. From how I see, the conclusion of this argument which I think there's some truth to it is that there will be a premium on human interactions because we'll be surrounded in a sea awash in fake AI posts and comments and articles and blog posts and presentations that people will not know what to trust and they want they guarantee that a human, a person made this or talk to this artisanal content made by humans right, which to me means look, if you're in this field, really work on your people skills, work on doing the best content that you do that shows your experience and your humanity, because there will be a premium for that. No artificial quote-unquote intelligence is a substitute for that human interaction and the human experience. No matter how much the ai tries to replicate it, it will not be able to.
Speaker 1:Um, because that's another philosophical point I'm gonna leave it there so, so, yeah, so I mean I even I kind of halfway remember why I brought this up, but um, again, that that speaks to in this career, make sure that your humanity, your humanity shines through when you, when you do your presentations and your case studies, or you present a court to your prosecutors and on the like. Bring your humanity with you, your perspective. Don't don't think that packaging air content is gonna take you somewhere, because at some point everybody will be doing the same. And and what are you bringing to the table?
Speaker 2:you know nothing, exactly more dead internet. Ai, no, thank you. Everybody will be doing the same. And what are you bringing?
Speaker 1:to the table. Nothing Exactly More dead internet AI, no thank you To keep going with the AI topic.
Speaker 2:So recently, Magnet actually did a blog Trey Amick and I don't remember who else it was but they did a blog on, beyond the badge, AI's role in modern investigation. So they kind of hit on how ai is now a core aid in policing. It's handling massive uh complex data sets, um. It's looking for patterns and links faster than a manual review, uh. And then it talks about automating transcripts, keyword scans, cross evidence, association, triaging and prioritizing items so investigators focus on the higher value tasks. Talks about media integrity and magnets actually they're tools that integrate the media, how to detect manipulated images and videos and identify likely generators. Um talks about text analysis. They hit on the bias um in AI and they hit on um crime analysis. So combining crime, uh, crime stats, social data and other factors Um, that's a lot.
Speaker 2:That's a lot in one article. But I'm just going to hop back real quick to the um, to the very first thing I said, where it's becoming a core aid in policing, handling massive complex digital evidence and surfacing patterns and links faster than manual review. I'm not sold on that sentence. I'm not sold on the fact that it's faster than manual review. It's faster than manual review. And the reason I say that is just some of the testing I've done on some of the different functionalities and I'm not speaking of magnet specifically either it just happens that they did the blog on this but across the board some of the functionality, I'm finding that my manual review is actually faster, not always, um. It definitely is a good tool to use as an aid, um, but sometimes it's, I guess, going back. You're gonna have to go back and do that manual review anyway in some circumstances, and what time is it really saving me?
Speaker 1:so that's my take on that no, and I agree, and I like how you put it because you said I like what you said. So I have to go back, right, and what we're doing is we're taking the tasks we used to do upfront, right, with the analysis, the checking, make sure it's correct, to get to conclusions. Now we're asking the system to give me the conclusions and we're putting all that to the end. Right, are we saving time? No, I mean, we're just just putting, moving in here from here to there.
Speaker 1:Now, that being said, that's the assumption that the person running this thing would will care to now put it on the end and doing it at least in the old way of doing things quote unquote old way of doing this, doing this. To get to the conclusions, you need to do some upfront work, but when you get to the conclusion because the magic box told me so and you go to the verification and I use verification purposely, not validation, verification purposely you go to the verification stage At the end, what I foresee and tell me if you agree or not, is a lot of people are just going to skip it altogether. What I foresee and tell me, if you agree or not, is a lot of people are just going to skip it all together. They will feel happy and dandy with the answer and never care to check if the answer is actually supported fully based on what's there.
Speaker 2:Looks good to me.
Speaker 1:It makes sense. Next, Go make the arrest right. What Next?
Speaker 2:Yeah, no, I absolutely agree.
Speaker 1:Yeah, you will save time if you decide to ignore the later part of the process. Right, and that tells me, in regards to higher value tasks, what's a higher value task? So let me see, I'm going to ask you I don't know how that works in your organization, but, for example, making the analysis. So let's say there's some chats and see how they're really correlated to the crime. Is that something the examiner does or the investigator?
Speaker 2:does so it depends. There are times where it'll be like a collaboration, so they may have the reader and they may be looking at something while I'm looking at something, but I would say most of the time it's the examiner. We're doing, we're reading the chats.
Speaker 1:Well, with AI, I think I believe it's going to change right? The examiner won't be, so think about this. Right, in order for the generative AI LLM to give you answers, you have to ask it questions. Who's the person that knows most about the case? Is it you or the case agent? Right? A case agent in my situation? The case agent, right? Yeah, absolutely, this person will do the questions right and they will upfront that with that interaction. It's not going to be with you, the examiner, it's going to be with the artificial intelligence, and they will get the results. They will get excited and they will dump it, hopefully, if they do that, because they might go with it on you to make sure that things are happening how they should.
Speaker 1:And that's a big shift I see in how we are solving these cases. First, because if the person getting the answers from the AI is the investigator, is a case agent. That person has no idea how LLMs work, how to go about asking it, how about maintaining context which you mentioned a second ago with the LLM, so it could get a proper response if there is one to be done. This person doesn't know how to verify if there's some responses that have not been considered not considered, but included in the LLM's data set. In a sense, there is a whole bunch of things and when we're going to present this at court.
Speaker 1:How was this obtained? Well, the investigator asked the LLM some questions. Well, can the investigator explain to us how the LLM works? Well, I, the investigator, explain to us how the alignment works. Well, I just put questions. That gives me magical answers. There will be a realignment on how our work processes are done if generative AI becomes that abstraction, because it's an abstraction that we're adding to it, because it plays a central role in our workflow. We're moving verification from the start to the end. We're moving verification from the start to the end. We're moving the interactions away from the examiner and dumping them, making prompts to the investigator and then the examiner comes on the back end trying to make sure that that thing is accurate. And that's the saving time there. The more I hear about how these processes are imagined, how they could change, I don't see a lot of time savings there.
Speaker 2:I just see opportunities for folks to cut a lot of corners and hoping that things go well. I 100% agree with that. 100% the cutting the corners comment 100%.
Speaker 1:And look again. People might tell me well, this is here to stay. And that might be the case. No matter what we say, it's like. Well, you know what, since the folks at DFN the DFN now said that this is not a good idea, then we're going to shut it down.
Speaker 2:Yeah, that's not going to happen, that's not happening right.
Speaker 1:So, yeah, it might be here to stay, that's fine, but then we need to be really conscious in how do we train people, what are the protocols, the best practices? That we adhere to it, because if we don't, the courts are going to impose it upon us and it might not be the most scientific way of doing things if we don't get our act together.
Speaker 2:Agreed, are we done with our AI piece?
Speaker 1:I got more ranting in me, but I think that's been enough.
Speaker 2:I think we've hit it. We've hit it yeah.
Speaker 1:I have enough for next episode, Ah no.
Speaker 2:So, all right, let's totally shift gears away from AI. I don't know who out there has heard of Lumix. Who hasn't heard of Lumix? But if you haven't, you're going to want to check it out. I first heard of it and I think you did too right, ed. I did oh you've got a little present from them.
Speaker 1:Yeah, they were handing out to the attendees. It's a little like 3D printed. It's like dragons with a snake, you know kind of a dragon. It's just basically the wings. But it said here at the bottom made by Lumix.
Speaker 2:Oh, I didn't even realize that was on the bottom.
Speaker 1:Yeah, yeah, attention to details, girl. What am I telling?
Speaker 2:you, I didn't get one. I'll have to go back.
Speaker 1:Yeah, tell them to make you know for the next conference. Go grab one.
Speaker 2:There we go, there we go, there we go, so Lumix. So Alec Hurst and Phil Thrasher, both previously worked at Grayshift and Magnet and now they've co-founded together the company Lumix. I'm going to give a walkthrough of what that is right now. Let me get my screen up here, all right? So this is the website for for Lumix and just a brief background. They describe, they describe. I talked to Alec today. They describe themselves as nerdy builders. Their goal is to build a truly valuable tool to accommodate everyone. They believe there are still so many things to be built in this industry and they're working with law enforcement to understand what it is law enforcement needs, which I absolutely love. They're working with law enforcement to understand what it is law enforcement needs, which I absolutely love. So, lumix, I'm going to pull it up. You go to the Lumix website and create a login. Let me just log myself in here real quick.
Speaker 1:No, I'm not going to share my password, as opposed to all the times that you have.
Speaker 2:Yeah, I know. So once you create an account on Lumix, you can sign in, and this actually brought me up to their sample. So what Lumix is is you can feed this site data to map. All you do is go to the top and click create case. So we'll just create a test case Test case, I think I'm on like test case six or five or something We'll do. Five or six worked.
Speaker 1:New folder 10.
Speaker 2:Yeah, new folder 10, exactly. And then you do save and open. When you do the save and open over here on the right-hand side, it tells you what types of files you can upload. So what they currently support are UFDR files. So, the Celebrate Reader, you can drag the entire UFDR right onto the click to upload part, or drag and drop part and it will process your UFDR. It'll also support KMLs, so it'll support KMLs exported from your tools like Celebrate Magnet Burla files. It'll support all of those KMLs and then any other KML that you might have that you want to drop into this software.
Speaker 1:It just needs to include the latitude, longitude and timestamp for this tool to process and a quick point here for folks that are listening and not watching the podcast, but listening to it. The tool I like. It is like a mapping application. It's kind of dark mode-ish which I love, the dark mode-ish thing right and you see a map of the United States and an option to upload the different data formats that Heather has just been explaining.
Speaker 1:So really really, really slick, Nice. I can see that you know being used in many, having many use cases, Definitely.
Speaker 2:So earlier today I dragged a UFDR, a reader file, from my test phone into the tool. I did it ahead of time because I thought it was going to take too long to demo on the podcast. However, it processed my UFDR in about two minutes. It was an entire UFDR file too. So one of the things I asked Alec about today is will there be an offline version? And he said eventually, but not for now. And he made it a point to tell me that dragging the UFDR into the engine works in the browser and it's only taking the location, that dragging the UFDR into the engine works in the browser and it's only taking the location data from that UFDR. It's not touching any of the other data that may be present in your UFDR. Does that mean it's okay to take your files and upload them to the site? I can't answer that for anybody listening. You have to go by your department's policies and your SOPs. Yeah, go ahead. No, no, you go ahead. I interrupted you. I'll just say I use my test data for the purposes of this presentation.
Speaker 1:I mean, I can see, I mean it shouldn't be too much of a hassle for them to come, you know, for a law enforcement version that it's in-prem or some sort of cloud that's controlled by the agency and not by them. So I'm pretty sure that I mean I'm talking out of turn here, but I'm pretty sure that should be no problem down the road.
Speaker 2:Right and it sounded like that was already on their radar, so that should happen. I do want to say, before I start showing you the mapping tool, that the price is right right now. It is free currently, so they're allowing all of the functionality to be free for individual accounts. It's completely unrestricted, and the idea that they have behind that is to make a great product that people can't live without is what Alex said today. They're looking for feedback, they're looking for input. They're very receptive to feedback. I've already sent an email, and so have other people in my office. There's a feedback tab right on the screen. You can see it up toward the top. That goes right to Alec, and they get back to you immediately and want to talk about not just issues you're having with the tool, but maybe things you want to see in the tool or things that you like or dislike about the tool. They're very open to that criticism constructive criticism.
Speaker 2:So this is from my UFDR. If anybody tuned into the last podcast, I talked about my Easter trip to my parents. I'm using the same data, the same data set. Talked about my Easter trip to my parents. I'm using the same data, the same data set. So just a few of the different things you can do with the tool. If you come down on the bottom, there's a filter, timeframe and sources. So let me just get this to come up here. Ah, there we go.
Speaker 2:Good, the sources appeared. So you can change the name of your project here. You can set a timeframe. I have it set for April 19th because I knew I had a good location set there. You could set it for the date and time of your incident.
Speaker 2:But another really cool feature, if you bring the UFDR in, is it will list out the data sources for locations. So we've got Apple Photos, we've got the AirTag locations, find my Journal, life360, the native locations. So you can take that and weed out the locations that you know are maybe not so reliable and just use the locations that you're interested in showing here on the map. So I chose native locations because that's coming from those cache SQLite in the iOS, which we know have a very good reliability. Once I chose my timeframe and the locations, I can, on the bottom here, move around to the different times. So if you can see my cursor moving around as I do, that, the date and time is changing. That's where you would go down and maybe hop to a specific event time that you're looking for right down here in the bottom.
Speaker 1:Yeah, and it's like a little bit of a histogram of activity. I say activity in the sense of data points, right, the more data points, you see that little curvature kind of go higher or lower, depending on how many data points you have during that time frame.
Speaker 2:Yeah, so this whole middle section is when I stayed at my parents' house for the day, and then the higher sections you'll see are when my travel to my parents' house in the morning and my travel home from my parents' house at the end of the day.
Speaker 1:Something that I love about those type of graphs is that, based on the highs and the lows, you can make broad interpretation of the is that, based on the highs and the lows, you can make broad interpretation of the data without looking at the detail. And I always found that to be so intellectually stimulating because you can quickly see and say okay, I want to focus on this peak here because there was a lot of movement, a lot of X or whatever Y and C right, so I found that to be pretty nice. I like those.
Speaker 2:Yeah, very cool. So you can see numbers down here on the bottom. So prior to prior to the show tonight, I set this up to show some events because this is one of my favorite features in this tool so you can click on any date and time and add in events. So if you look at this number one over here on the right hand side, I added an event that I had a picture out of the, out of the extraction, that highlighted that you could upload the actual picture of the event you're showing.
Speaker 1:So so you're putting like information attached to whatever event, correct?
Speaker 2:Yeah, yep. So I mean this was, this was my Starbucks stop. So I literally clicked on that minute that I got to Starbucks and I titled it Starbucks. It has the date and time of the event that I was highlighting. You can put a description. If you have a description I didn't have one, I mean I just went to Starbucks and then the location data, so the latitude and longitude is next. It tells you which source it's coming from, so the native locations and then the media that I chose to include is there on the event.
Speaker 1:Very nice.
Speaker 2:Yeah, so they have this follow mode on the bottom. So the follow mode actually the cursor follows the map, and I'm going to actually turn that on for this purpose. You can set the speed here. So the speed that you want this to play, I'm gonna slow it down a little bit but still kind of keep it fast enough that we're not sitting here watching the map all night. Um, and then down here you can set it to loop or you can set it to pause on those events.
Speaker 2:So if you're presenting this in a courtroom and those events are important, to stop at that point in time on the video and speak to the jury about the events, this function here will actually cause the playback to stop anywhere you've placed an event in your timeline. So once that is on, I'm going to just hit play and let's see. Let me get rid of my Starbucks event quick. Just hit a play, we'll see if I've got it going too fast or not. I might. It's going throughout my morning and then it stops because it hit my number one event, which has me at home. I just pick back up and hit the play again. Now it's got me at home. I'm at home for a little while here it's going to come up on my starbucks trip and hit the number two event here in a second. Nothing's moving because I haven't left my house yet okay, I was gonna say maybe you.
Speaker 1:I thought you were too far away in this area, but nope.
Speaker 2:So I just started to move. I am gonna scroll in a little bit, though, because it is too far away. So I left my house, went to the Starbucks event and the map stopped on the Starbucks event. So I'm now going to hit play so I can go get my energy drink here, so I just go right next door to unstoppable nutrition, and that's the logo I put in in the picture. So it stopped on my third event and now I'm going to hit play because it's a little bit of a trip to get to my fourth event. I'm going to cruise up to my parents' house here, so it's in follow mode. So the map is following my route and I'm headed up.
Speaker 2:I'm almost to my parents' house here and I put the fourth event just before I arrive at my parents' house and I titled it Approaching Parents and I put like a little bird's eye view of my, my dad's house as the media. There I can hit play, um, and then I I'm going to let it run. I stay there. I talked about this in the last podcast, but I stay there for the day and actually those few points that I talked about in the last podcast, that were just inaccurate data points. You can see them over here. It looks like I went into the woods, buried the body and I'm just going to. I'm going to speed this up through this section because I stay at my parents for quite a few hours and then I'm going to start my trip home again here.
Speaker 2:So I leave my parents' house and I'm headed back down and then I'm going to set those events once I'm headed home that I talked about in the last podcast, where it was raining so hard that I had to get off of the main highway. So here's number five and I have the media event for Dunkin' Donuts. If we scroll in, you can see that I pulled off the exit and I'm actually going to just switch it real quick to the satellite view. You can also switch it to the satellite view. I know you liked the dark mode, but I'm going to switch it to the satellite view for the rest of this trip, just to kind of show that. Let me zoom back out real quick. So I'm what's up. So I'm what's up. You can't hear me.
Speaker 1:Mine.
Speaker 2:Oh, yours Okay. So then I got off the exit again to Stewart's, which is a gas station up here, and then you can watch the rest of the trip where I am headed home.
Speaker 1:I'm actually gonna back out all right, can you hear me now?
Speaker 2:I can hear you now yeah, I'm not using my main microphone because it dies, so I'm using oh no but I'm here, I'm here okay so then I take the trip and I'm home now and the rest of the trip uh, my location stay at home. So I I love this. I love that you can add the events. There's some suggestions. I'm going to give them for my personal preference on the tool, but I think this has great potential to be like perfect for courtroom presentation.
Speaker 1:Oh yeah, I like how the, how the line of it moves, the, the, the leading part of the line is white and as it goes it turns like orangey At least a trail across the map that you can follow. It's really visually appealing, like you said. So definitely for exhibits or just to show, you know, whatever data you want to show. Um, it's, it's, it's, it's super nice, it's a great, definitely station tool. I, I think we're really, and we just we discussed this before in the podcast and in other places uh, some of the due to forensics tooling is really short.
Speaker 1:On the presentation aspects right, the report htm are not really good looking. The mapping applications they're, they're grabbing. I'm gonna make not mix it up, but let's say, let's say bang or whatever, I don't know some, some other mapping application, third party, that's not really suited for purposes. So, you know, I can see these guys kind of like, like doing this. Of course, and I mean to say this obviously, this is a free tool that we're trial, that we're trying to share with you. We receive no, uh, financial anything from any of this, right, yeah, we don't speak for our workplaces or anybody else, we just speak for ourselves as members of the community and we appreciate the guys from Lubix just saying hey, you know, maybe you want to try this out and see if you like it and show folks and that's our decision. But again, there's no quid pro quo anywhere. We do things because we think they're cool and we'll continue to do so.
Speaker 2:Yeah, so obviously. So, based on certain cases that I might be working, there are things I would change. There are a little bit of the playback. It's a little like hippie to me, but I'm going to try putting multiple cases in here, testing it out and then provide the feedback. Leave the feedback on things that need to be fixed or things that you want as features. So when I first went and tried this, I imported my KML in and it didn't work. It was a KML that I had created and it's something just didn't work right. I put the note in for the feedback that it wasn't working with my KML and it was fixed by the next day. So now, the way I created my KML, it should work for everybody and literally I was just adding the timestamps, latitude and longitude. So if something's not working, report it. If you want to see new features, get it on their list. If you just don't like something, they're very, very, very open.
Speaker 1:Yeah, I wonder if this supports, or they should support, like cell tower analysis. You know from call detail records logs, right, oh yeah yeah, so I think that's something they should also look into. Right, let's say, hey look, we have this information from the providers of the cell towers. These are the records from the calls and even, you know, correlate those to the map. So I think that if they don't do that, I think they should yeah, well, you to put that right in that feedback absolutely yeah, definitely, so definitely a cool new tool, completely free right now.
Speaker 2:Go try it out. Whether it be your test data or, if your agency permits, you could put um, actual case data up there's also out. Whether it be your test data or, if your agency permits, you could put actual case data up there's. Also, if you don't have any test data or you don't have a case that you can put in, they have samples in here. So when you do the create new case, there's try a sample case down here on the bottom. If you click on that, all of their sample cases will pop up over on the left side. They have LPR hit. They have surveillance video. They have incident location. They have victim location there's a burla one in here somewhere. So check out their sample case data. If you don't have any data of yourself to try, of your own to try.
Speaker 1:Awesome.
Speaker 2:Yeah, all right, I'm going to take that down. Awesome, yeah, all right, I'm gonna take that down and I'll put the site up. Well, it's lumixcom but I'll put the site up on on the show notes. Sweet yeah, so we're at the, we're at the. What's new with the leaps? What do you got?
Speaker 1:so I got a parser and'm not going to show it here because of time constraints we're already past the hour. But I made a parser for ChatGPT from test data that was provided by a community member and, pretty neat, it's one of the first artifacts, full artifacts that I made Lava compliant and that's something that I want to discuss because Lava will be out soon. And if you wonder and I'm looking to the side here because I'm looking for my thing there we go. So Lava stands for Leaps Artifact Viewer App and what that allows you to do is you can go and take a report from the Leaps, use Lava to view it and Lava will not choke on the 2 gig HTML file that right now the Leaps provides. Right, I did this what five, six, seven years ago, and main reporting for the Leaps was just pure HTML and some other things.
Speaker 1:Well, now we're using Lava to look at the data and not depending on those HTMLs which, with our viewer, it can ingest and let you look and export a whole bunch of stuff. So the first thing I want everybody to do is to go to leapsorg and sign there for our newsletter or mail, not newsletter for our mailing list. I don't have a newsletter. I have a mailing list and the idea is that the moment Lava is released which will be sooner rather than later you will have I think you were putting that up you will have a notice that you can go and download it. I'm going to give you a super short sneak peek because a really good communicator instructor in the community will provide soon a video of all the features that you know who this person is heather who's doing that?
Speaker 1:I don't know, some person, I, I really like her except when I don't.
Speaker 1:So I'm not gonna steal her thunder for her video. But you see kind of the format artifacts on the left. You can see some of the entries here on the right. I like the fact that I can open those media and kind of blow some up real nicely. Um, it has a video, it plays the video, they're automatic. It leaves in lava, you know, leaping love, okay, so, uh, so I think it's pretty good. It's a work, great work done by james on the lava side and by Johan, I think, if he's not asleep yet.
Speaker 2:He could be sleeping by now.
Speaker 1:He did a lot of work on the leaf side and James on the lava side, and then Kevin, myself and others just trying to work on updating the older artifacts and then also adding new ones, like the one that I did for ChatGPT. This one is just a fake one that I used for my presentation the other day. I used to show folks how that works. I think Kevin is in the chat. He was eating lobster. Yes, If that's the case, you're excused. You don't have to be here on time if you're eating lobster. That's a good reason to be here late.
Speaker 2:You could have invited us, though I'm a little hurt.
Speaker 1:Yeah, I'm hungry as well apparently yeah exactly, but yeah, so please do sign up for the mailing list so you can notice when lava comes out. There's a lot of ideas we have that we'll keep adding to it as the time passes, so it'll be awesome. Look, if you're still hungry, you can look at the pictures.
Speaker 2:Thanks, thanks, I appreciate it.
Speaker 1:Open a can of sardines and imagine it's just the seafood taste, or smell at least.
Speaker 2:No, no, no, no Good stuff. But speaking of lava, alexis just did a video and it's posted to his linkedin right now uh, there's a link to it on how to make lava compliant leap artifacts. So if you are a contributor or you are looking to become a contributor to the artifacts and writing your own artifacts to put into the leaps, watch that video. It's very clear on how to create the artifacts that will work with the new lava viewer and I think Alexis has been trying to tell me for how long how to create artifacts and this video I actually wrote to him last night and I'm like my God, I finally understand what files found means in the script, or there were like 10 things that I finally learned for the very first time last night. So it it helped clear up a lot of things that I was wondering about how to write the lava compliance scripts. So I think it's a great video for um anybody to watch, whether you're already writing the um artifacts or whether you want to get into writing the artifacts.
Speaker 1:And again, all credit to James and Johan the way they work together to make those implementation changes. Doing artifacts now is way easier than how it used to be. It's less lines of code from the leap end and it produces all the good stuff that Lava will show to you and that's behind the scenes. You don't have to worry about it. The code, the platform, takes care of that. So again, lots of kudos, and I appreciate their partnership for being members of the community and doing this for the love of the community. So we're really excited about the project and continue to develop it.
Speaker 2:Definitely All right. We are to the end the meme of the week. Let me get my screen and share here. I think this is one of my favorites, so uh it is. Once I became a digital forensic examiner, I finally understood the scene where yoda gets so tired of answering Luke's questions he just dies.
Speaker 1:And obviously that comes from Star Wars, right when yeah. What's the, what's the plan, the Dagobah, the Goldblatter I was saying in English and you know, I know you don't know it because you don't watch the movies.
Speaker 2:but I don't.
Speaker 1:Yoda's been training right Luke Skywalker and becoming a Jedi.
Speaker 2:And he has all these questions and's like I'm just gonna lay down here, man, and just I just died. I feel like it's been that kind of week, right. So there's so many questions that it's like, oh my god, maybe if I just play dead the questions will stop coming in yeah, because go ahead, go ahead no, I was just gonna say, all kidding aside, though, I love answering the questions. I'm not trying to sound like I don't, but yeah, this meme just hits this week with the number of questions rolling in.
Speaker 1:I have no issue helping people out Me either If I'm telling you or answering that question for the 10th time.
Speaker 2:Exactly.
Speaker 1:Yeah, I'm going to go lay down here and I'll leave my body and come back in a few hours.
Speaker 2:Yeah, exactly.
Speaker 1:Because closing the door to my office is not going to cut it. It doesn't. No, they will knock. They will just throw it down. They will come in, they will bring the door down with a battering ram. It'll be like boom and they're going to come in In our workplaces they're pretty proficient with battering rams In our workplaces. They're pretty proficient with bathrooms and they will come into the office to ask the question.
Speaker 2:It's not only at the door. It's at the door, it's in the email, it's creeping into the LinkedIn questions. It's the text messages.
Speaker 1:It's from one side of the bathroom to the next.
Speaker 2:Oh, yeah, oh, I haven't had that happen yet, oh yeah, I'm coming to the bathroom. Hey, hi, hi, hey bathroom, hey, hi, hi, hey. And we're there, hey.
Speaker 1:Hey, you know I've been looking at the internet about this electronic thing. What do you know about? Like dude, can I? Can I use the bathroom at peace?
Speaker 2:well, I'll have a first with that eventually, I'm sure, but not yet so well it hasn't been straight.
Speaker 1:You talk for us the questions but, as you know, if you're the df person, you are tech support?
Speaker 2:oh yeah, in their mind.
Speaker 1:You're your tech support. You know about Windows, you know about anything. You know computers right.
Speaker 2:Oh yes.
Speaker 1:You must know this obscure thing that I saw on Instagram. I'm like dude. I had no idea what you're talking about. I do not.
Speaker 2:I can find the artifacts and figure out what the artifacts mean, no problem. But ask me to set up some kind of workstation, forget it workstation forget it. Everybody thinks I can do it.
Speaker 1:I don't, I don't, I don't know what printer is better. I haven't in years that I could figure myself in years I haven't sorry oh, man, yeah.
Speaker 2:So it's been one of those kinds of weeks so everybody gets to see the lovely yoda dying scene I hope everybody enjoyed this one of my favorite memes yeah, so that's the end. That's all we got like the Looney Tunes.
Speaker 1:That's all folks we appreciate, obviously. And Kermit, if I'm wrong, do you have anything good or to say for the good of the order here?
Speaker 2:I'm good. Thank you so much for everybody who joined tonight and everybody who listens tomorrow absolutely so.
Speaker 1:We're going to call it a night, we're going to play the music and we'll see you all, hopefully in a couple of weeks, if not whenever we say we're going to have one of these again.
Speaker 2:Right, exactly.
Speaker 1:Take care. Have a good night.
Speaker 2:Bye, bye, thank you you.
