Time
58 minutes
Difficulty
Beginner
CEU/CPE
1

Video Transcription

00:00
course eight. Ever Met Tree Our interview with Dr Bradley Schatz
00:05
and I am Bryant Extra on the CEO of Atlantic Data Forensics. I was co founder of Mandy. It I taught cyber crime at the FBI Academy at Quantico for a few years. I have a whole bunch of nifty certifications and things like that. Um, if you have any questions about this course or any of the other courses, you can reach out to me, it's cyber ery at
00:25
Atlantic D f dot com
00:27
and I will actually respond back to its crazy.
00:31
All right, Atlanta data forensics found in 2007. We're headquartered up in Elkridge, Maryland, right off the 95 there by the BW Airport. Ah, we do computer forensics for civil and criminal litigation with full capability of discovery for big law firm cases.
00:47
And we do 24 7 incident response. We just never quit doing that right now,
00:52
uh, forever. Um, internal corporate HR investigations. Of course. We do instant response training and exercises for folks, and we have offices out in Denver in Detroit, and we're working hard on Nashville at the moment,
01:07
right? Prerequisites for this one kind of limited this time. I want to get yourself a ah evaluation copy of ever Metreon, my demetri dot com, you or else there. And also, you should take a look at the advanced F f for public pdf of the elementary website. Everything you wanted to know about the protocol, how it works and all that. That's protocol
01:26
format.
01:27
All right. Course materials today always helps to have a computer, and you should pick up that evil copy and test it out.
01:37
Our target audience, as always, is computer forensics professionals, incident responders, and I t professionals that sometimes get forced into doing this, whether they wanted to or not,
01:49
are learning objectives pretty easy. We're gonna hear from one of the authors the f f O R. Forensic format. We're gonna find out how that actually came to be a thing.
01:57
And then we're gonna talk to Dr Sheds a little bit about where he plans to take elementary next. And with that,
02:05
don't it, uh, Dr Bradley Schatz
02:07
and question number one. I feel like you might have heard this before,
02:12
but to just wake up one morning and save yourself, I I think the world needs a brand new forensic file format. And I'm just the man to do this.
02:20
Um, you know, quite, um, confluence of events. I think I'd say, um
02:28
So,
02:29
um, back in the beginning of last decade, I was I had the fortune off doing a PhD in computer forensics, and
02:39
one of the focuses of that was in pulling together disparity sources of forensic information.
02:46
So one of the things I focused on were the limitations off the image format time which were really roll D d
02:57
ah, and the CEO one which at the time was fairly poorly understood.
03:04
Um So what I was looking at back then was more how to integrate disparity information. When you say back then, were you talking about her?
03:15
Oh, that would have been 2000 and 5 2006 All rights. That's That's a good long time ago. Yeah. Point. Yeah, I mean,
03:25
so I published a paper, then on it, and
03:30
there's a little bit of interest back then from a few researchers in pulling together on openly to find format, but that never really went anywhere.
03:38
Um, sort of fast forward Thio 2009. I'd finished my PhD, I I was practicing full time. I just started chats. Forensic. Um, then So that's it's been a decade now.
03:57
And,
03:59
um, I got together with Michael Cohen, who, um, is done a lot of work in an i r with Ger and with volatility. Hey approached me along with Simpson Garfinkel. They were both wanting to address some of the issues that were
04:18
performance issues that were happening with Simpson's approach to forensic image formats, which was a f f. So some of the issues that it was having all the primary issue was having his wasn't performing very well with interface images
04:33
and that really came down Thio. It's the size of the compressed chunks that it was using were by default too large.
04:43
Yeah, we, uh, we looked at f f.
04:45
She's going to say
04:47
7 4008 We came to the same conclusion that just
04:51
it wasn't wasn't gonna happen for us.
04:55
Yeah, yes, So it was. I think it was a really good, good, good step in terms. L've introducing the idea of having a reasonably arbitrary metadata being added to the format
05:08
as well as having showing how I and I've been format could be integrated in all sorts of tooling home, et cetera.
05:15
So, um
05:16
yeah, but the three of us got together. Really? Simpson brought his experience with with 1/5. Michael brought
05:24
the idea role in creating integrating virtual ization into the forensic format.
05:30
And I brought the ability to refer to evidence between evidence containers
05:39
and basically they those three paces that we've kind of put into a f F four of actually
05:46
proven over time Thio be very extensible on have supported everything. All of the innovation we've done with ever Met Tree.
05:54
Um, we've been able to adapt very easily recently. Toe what's one logical image ing
05:59
the foundation's over the Zaveri Merit malleable format?
06:03
Yeah,
06:04
I couldn't agree more.
06:06
All right, we're ready for question. Two
06:09
show counts. Big surprise.

Up Next

Evimetry: Interview with Dr. Bradley Schatz

In this free course we talk to the co-author of AFF4 and creator of Evimetry, Dr. Bradley Schatz. We’ll hear from Dr. Schatz on his involvement in working on both while learning what’s next for Evimetry and Dr. Schatz’s favorite Evimetry feature.

Instructed By

Instructor Profile Image
Brian Dykstra
CEO and President of Atlantic Data Forensics
Instructor