Coming from a background in network security and administration, Dr. Joshua I. James now focuses on the formalization and automation of digital forensic investigation methods, and the application of these methods in low-cost, open-source solutions for digital investigators. He is a lecturer at the at the Digital Forensic Investigation Research Group at the University College Dublin, and at the Graduate School of Forensic Science at Soon Chun Hyang University in South Korea; an adjunct researcher with the Korean National Police University; and a consultant for the United Nations Office on Drugs and Crime. Moreover, he is a member of several organisations including IIBC, ACM, and Soul Tech Society. Last but not least, he is the General Chair of ICDF2C 2015, the 7th International Conference on Digital Forensics and Cyber Crime, which, as our interview suggests, will be a must-go event for professionals within these fields.
The 7th International Conference on Digital Forensics and Cyber Crime will take place in Seoul, South Korea, on October 6 – 8th. Which special themes have you chosen to discuss, and why?
ICDF2C will showcase novel research in digital forensic science and cyber crime investigation, the scope of which can be seen in our on-going call for papers. This year, we have a special interest in research relating to Dark Web (aka Deep Web) and Cryptocurrencies. We chose Dark Web and Cryptocurrencies as special interest areas because, over the last few years, more cyber crimes have involved these technologies. We are focusing not only on the use of these technologies as tools of crime – which is happening – but also on how to approach investigations where the victim is using these technologies. For example, if you hold some assets in the form of Bitcoin, and that value is stolen, how can the legal system react to such a theft? Should the legal system react? Does legislation in every country even acknowledge cryptocurrencies as assets? What are the technical challenges to investigating such a theft? None of these questions are easy to answer, but I hope ICDF2C 2015 brings such topics up for discussion. Further, law enforcement and legal systems in many countries have limited knowledge about Deep Web and Cryptocurrency investigations. I hope that ICDF2C 2015 can bring more awareness about what types of crimes – both traditional and cyber – are facilitated by these technologies, and work towards preventing these crimes while still ensuring privacy and security.
The field of cybercrime must be changing and developing extremely fast. Is it possible for scientists in this field to be a step ahead of illegal activities or, at least, to react to them quickly?
Law enforcement in many countries is reactive. Once a new type of ‘bad activity’ becomes a trend, we have to determine if a law exists – or should exist – to criminalize the action. Creation or amendment of legislation is not usually a fast process, especially when many people may not understand what this new activity is. Once this process is complete, law enforcement then need to have the capacity and capability to be able to investigate such crimes, which also takes time and investment. This whole process can take years from the point when the ‘bad activity’ trend was identified. Scientists, on the other hand, are already using these technologies, and seeing how they can be exploited. Currently, however, there is a disconnect between law enforcement and scientists. Normally, a lack of communication. Because of this, new knowledge possessed by researchers does not quickly get disseminated to practitioners. Likewise, scientists usually lack the experience and knowledge of conducting an investigation for a court of law, which is very different than theory. The result is that we do have the knowledge to quickly react to, and even prevent, new types of cybercrime, but it is not being effectively communicated and implemented. There are many reasons for this that are unlikely to be fixed soon. However, this is why ICDF2C has been so aggressive in trying to bring researchers and practitioners from all over the world. The hope is that researchers will discuss new trends, techniques and identify problem areas, while practitioners can share real case studies, data, and how research is actually being implemented in practice.
What is the biggest challenge for researchers in digital forensics at the moment?
Digital Forensic Science is a very technical field. It is advancing largely by practitioner-researchers, meaning there are a lot of technical solutions to current digital forensic challenges. This technical approach has seen rapid development over a short period, but theoretical foundations have not matured at the same rate. Many people do not consider themselves a digital forensic scientist. In many cases, they see digital forensics as an art. I would say that a challenge for digital forensics that is greater than the technical challenges we see, is maturing into an accepted forensic science in every country.
Why should practitioners, not only researchers, take part in scientific conferences?
As discussed previously, there is currently a gap in communication of discoveries and needs from practitioners and scientists. The goal of ICDF2C 2015 is to showcase novel research in the digital forensics and cyber crime, but also to receive feedback and discussion about what this research means for the digital forensics community as a whole. When practitioners attend, researchers gain a better insight into the way practitioners think, and what their needs are. This can help focus research on topics that are more needed or relevant to practice. Likewise, such discussion can help to understand the gaps in theory that may make digital evidence weak in court. While discovering new trends and techniques will be useful for practitioners, ICDF2C is an excellent place to make contacts with researchers and fellow practitioners from around the world. We are co-hosting with the Korean Digital Forensic Society and the Korean National Police to invite police, prosecutors, private sector, and, hopefully, judges from around the world to participate. ICDF2C will be an excellent way to expand your network.