Friday, 11 May 2012

Digital Forensics: Is it a reverse engineering?

A few days ago, I read a paper on Xbox 360 forensics [1]. Personally, I think it was a good paper, not just because it is being published in The Journal of Digital Investigation but most importantly for practitioner reference.

Well, part of my job is to read. Learn and unlearn something. It is worthy and interesting.

As a researcher, if I don’t like reading, then I have to find another job. For me, I could just go back and do some electronics stuff or SCADA design or programming or hacking (hahaha). The pay as an engineer is not bad either. They design things aka products.

For a scientist, discovery is their work. A systematic study…to solve a particular problem…hypothesis…testing/experiment…result and bang! SOLUTION.

So, how do you refer to a person with two specialized backgrounds (to digress a bit from the main topic)?

Digital Forensics Engineer or Computer Forensics Scientist and the funny thing is, some may want to be referred as Principal Specialist…CTO and bla…bla…bla…

It doesn’t really matter to me because money/pay/business is more important. Isn’t it (just joking)?

Whatever it is, the biggest question is on the above title.

Is digital forensics a reverse engineering?

Majority of the literatures, if you refer to, gives the impression digital forensics is a reverse engineering. If not, the paper will be something theoretical, mathematical and with limited dataset (just wondering if it will be useful to the practitioner). I.e. Mobile phone forensics.

What is the new knowledge? New methods? Framework? Practical? How to?

Some may say “clever skullduggery!” You must be kidding!

Nonetheless, most of the literatures are helpful for the practitioner (may be the authors were practitioners).

Some may even argue if digital forensics is a science?

Engineer vs scientist!

Practitioner vs researcher! or

Student vs supervisor!
This situation is even worse. The supervisor might not be an expert in digital forensics and unsure about its research. I’m not trying to offend anybody here but this is a reality.

The least that a supervisor could do is to assist on how to conduct a proper research. Learn together and not act like a “boss”. My Prof did that. Awesome!

I promise you…the student would eventually provide the supervisor with some knowledge. It will not be a waste. I’ve done it. I treat my students just like my buddies. If not, the students are in blunder! God bless them.

Another case is… Author vs reviewer!
Newbie being bullied by the so-called “seasoned researcher.” When I review a paper, I put myself as the author, if not up to standard, try to assist the author, give suggestions on how to improve it. Not empty rejections. Don’t insult their work. Be like a dad, advice the son.

I guess all these questions are debatable. Just like the politicians during an election. Condemning one and another. Who loose? The people!

In this matter, the clear winner is the cyber criminal! Wake up dudes!

P.S: I copied the pic from my student’s Facebook.

[1] K. Xynos, S. Harries, I. Sutherland, G. Davies and A. Blyth. “Xbox 360: A digital forensic investigation of the hard disk drive.” The Journal of Digital Investigation, pp. 104-111, 2010.