Deploying Open Source Tools in the Technical Exploitation Operation
Dr. Stephen Pearson
High Tech Crime Institute
Autopsy
Over the past three years HTCI has been developing a solution to eliminate the required annual commercial licensing for digital forensic tools at the NATO Special Operations School. This work has evolved into the creation of the Forensic Media Exploitation Toolkit (FMETK). The FMETK is now the only toolset taught in the Digital Media Exploitation Course, Cellular Exploitation Course, and Drone Investigations Course. Over the last three years, FMETK has surpassed expectations by replacing all of the previously required commercial tools with a single open source toolkit collection. The workflow and integration of the open source tools, which includes three tools written by HTCI enable a special unit operator to collect, examine, and report digital media during Technical Exploitation Operation’s (TEO). The FMETK provides a framework and workflow that supports an 80% solution for the collection of media, cellular devices, sim cards, and limited internet of things devices.
The FMETK uses the Autopsy forensic tool as its base forensic application to process all artifacts gathered from a scene. Additional open source tools provide a complete media forensics application set. Collected artifacts are turned into useful intelligence information through HTCI’s integration and workflow process. The talk that is suggested for the conference would revolve around the development of forensic workflows using open source tools, highlighting the use of the FMETK for triage forensics.
About Dr. Stephen PearsonDr. Stephen Pearson has been involved in Computer Crime and Investigations since 1993. Stephen developed and trained courses for Family Advocacy Law Investigation Training Program, Fraud Investigation Training Program, Army CID Special Agents Courses, Military Police Investigator Course, and Weapons of Mass Destruction Courses. Stephen has directly written and advised on policies and procedures that are current today’s world of computer crime investigation. Stephen retired from the Army as the Non-Commissioned Officer in Charge of the Advanced Technology Criminal Investigations Division in 2003 from Ft Leonard Wood. For the past ten years Stephen has worked closely with NATO and US Special Operations Command to develop cyber training programs for agents and operators in tactical operations. Currently Stephen is the lead research instructor for the development of NATO Cellular and Digital forensic training. Through this work and Stephen's doctoral work he has developed processes and procedures that address the time urgent evidence collection in digital triage forensics. Stephen is an Adjunct Professor at UTICA College and University of North Carolina (Chapel Hill).