- Metalifestream - http://metalifestream.com/wordpress -

Interview: Digital Forensics and Metalife

Posted By Barry Chudakov On 06.29.11 @ 11:55 am In Interview | 1 Comment

Most of us give little consideration to the further life of our digital explorations—the messages we text, the files we send, the photos we store. That is, until something that we thought was ‘ours’ becomes evidence of something else.

Douglas Brush is Founder and Chief Forensic Examiner of The Digital Forensic Group [1] in New York City. The company’s mission is to use specialized computer forensic methodologies and tools for the identification, extraction, preservation, analysis and documentation of electronic evidence as it is used in civil and criminal matters. The Digital Forensic Group provides its services to law firms, corporations, government agencies, and individuals. In essence they devise a framework for investigating moments captured on digital devices in order to provide clarity and ultimately a report of what happened.

As we will see, Brush’s work is fundamentally about the unearthing and documenting of a Metalife. This life is a shadow digital existence with our name and footprints all over it.

Digital Forensics grew out of combining forensic science, computer science, and classic investigative methods. During the 1990s when we began to exchange and retain a much greater amount of electronic information, a need arose to recreate events and create a deeper understanding of what was happening when a digital device was used or when there was some kind of digital communication.

Brush explains the layers hidden underneath the keypads on our tools: “These devices tend to be used for something: either an action that can be possibly criminal or in civil circumstances the device can be used for something that is outside of a policy agreement or a contractual agreement. In addition, our devices can also be a witness to something. So while digital evidence can implicate us in these ways, it can also be an alibi to our actions in real life. You might view digital forensics from that aspect as well: a kind of a time marker of what happened.”

Douglas Brush’s work in digital forensics to “recover, preserve and analyze computer data” shows that our Metalife is becoming persistent, ubiquitous, resident on numerous devices as well as in the cloud—and of particular importance—it is no longer solely ours. Our Metalife is now shared: with investigators, authorities, courts, and effectively anyone who can hack into or compel access to it.



Douglas Brush, Founder and Chief Forensic Examiner of The Digital Forensic Group in New York City


METALIFE: How would you describe a digital forensic investigation and why would you do one?

BRUSH: Digital investigations are done for a variety of reasons. Many times it can be for investigating someone hacking something that they shouldn’t have access to. A digital investigation can also be used to examine if data was exfiltrated or removed from an organization. Many times we will be brought in by corporations to see if a former employee compromised their data.

METALIFE: What was the word you just used … exfiltrated?

BRUSH: Exfiltration [3] is when data is taken from somewhere. It really comes out of criminal and military jargon. But it means when things are taken out in a clandestine manner. When something is removed from an area of control, say you have a hard drive or a network, something like that, and the data is removed without your knowledge.

METALIFE: Got it. So that is when your services might be called for?

BRUSH: Our firm specializes particularly in intellectual property and data theft. Today we’re in the midst of a major paradigm shift: a majority of the information that is either produced, stored or transmitted is electronic, so in civil litigation when companies have a dispute, to resolve the dispute they have to bring forward their best evidence or require or request information or evidence from the other side. Digital forensics provides a method for people to be able to recover this information so it meets a certain legal standard, assuring that it’s acquired and preserved in a way that is defensible and any information that comes out of that retrieval of information can be defended as well.

There are several steps as an investigation goes along. But at each step there’s a way to validate, to get back to the original. In this way there’s always a method of control. We see the need for digital forensics more and more in civil litigation where two big companies, or even two small companies, or it can be a shareholder dispute—where people will say, you know what, I want to know what was said between these two parties or I want to know what documents exist. Digital forensics provides a method for people to be able to get that data in a defensible manner.



Computer Reality, Flickr, Tony (Xiao) Lan, all rights reserved.


METALIFE: So it’s not just the capture or re-capture of the data, it’s the preparation of the data for the court system or for various kinds of litigation?

BRUSH: That is correct. It is about maintaining control. Again many of these electronic pieces of evidence are effectively a witness to something, or recorded action or recorded language. People tend to have a different memory of how things happened and the idea is to be able to provide an authenticated record of what actually happened or what was said or what is stored; digital forensics provides that record. It also makes it defensible. And the core of it is that forensics is able to bring something to court and to bring something to light: a level of transparency and honesty that humans are not always able to have. We tend to want things to be a certain way versus the way that they actually are, and no matter how you want a document to exist on your computer, it is what it is, and when we find it, we provide a framework to authenticate it.

METALIFE: Previously [5] on this blog I described Metalife as … “a synthetic, virtual version of our so-called real life.” I say further that this matters because “your life and Metalife are complementary and soon they will be competitive: one will feed and at the same time challenge the other.” Do you agree with that or have any comment on it?

BRUSH: I do agree. I think I can even see it going one step further to the Ray Kurzweil concept of the singularity [6]. As humans, we tend to grow slowly and evolve slowly over time, whereas technology has an exponential growth. I think there might even be a time in what you call our Metalife when we can say: the online or digital persona that we have will eclipse our actual person or become one and the same. There might even come a point when the two are so blurred that they could be treated as one. And I think it is going to go more in that direction. I mean right now we are probably in the digital personality creation phase, where we try to create something about ourselves online and put our best face on it. But a digital creation can certainly be in conflict with who we are as a person, and there is going to be a time when there is not going to be a difference.



The Tunnel to the Singularity, Flickr, Stuck in Customs, creative commons license.


METALIFE: How do you see digital forensics in light of online identity creation then? These Metalife phenomena that I document are seemingly expanding everywhere we turn. What do you see as likely to happen in digital forensics as we start to create more and more of these Metalife identities, these virtual identities—as our Metalife merges with our so-called physical life. Will digital forensics be something that is built into this new reality do you think?

BRUSH: It’s something that we’re seeing now. Digital forensics is going to play a greater role not just in legal proceedings but also in the ways that we accurately define the moments of our lives in a digital world. Again because of the way that digital forensics methodology and approaches are applied, it will enable a particular kind of clarity because even what we might remember ourselves doing online can be altered or foggy. Our devices create a record and digital forensics provides the way of recovering and authenticating that record.

We use online personalities now as pretext [8] personalities on Facebook, or we’ll use other online identities as investigators to gather intelligence and information about a subject. So creating what you call a Metalife is something that we’re doing right now. We’re able to create Facebook profiles that will allow us to interact with people to get further information that they might not divulge to somebody if he or she were meeting in person. So they have their guard down a bit. Online you can sometimes get real-world information from their online personalities: information they wouldn’t give you in the real world.

METALIFE: What you’re saying is fascinating. You’re looking for information, you see someone or you encounter someone on Facebook and you think … if I were on Facebook as Person X, they might tell me something that they wouldn’t tell me otherwise. Is that correct?

BRUSH: That’s correct.

METALIFE: Talk about the uses of a Metalife! So you invent a persona in order to get that information?

BRUSH: Yes. We’d have either a female or male persona that you might use to enhance gender relations. Let’s say that you’re trying to get information from a male subject within the 18-34 year old range: you might use a female online persona to gain that information.



Identity, Flickr, jecate, all rights reserved.


METALIFE: This is what I call the deliberate creation of a Metalife (as opposed to a Metalife emerging by other means). Do you anticipate that there will come a time, if we’re not already there, when there will be some confusion over these digital identities, over these Metalives that we create? So it may be harder to keep track of them than it is at the present time?

BRUSH: I think so. It’s because of the resident nature of digital computer storage, particularly now online: things are put out there and don’t need a lot of maintenance. We’re seeing this more frequently in what is called Web 2.0 [10] or the cloud [11]. The idea is, you put data centers out there that almost live on their own with very little maintenance. So once you put information in the cloud, you lose some control, you can also forget, and it could become something later where you don’t want to remember what you did.

METALIFE: So we may not remember who we decided to be! Digital forensics as a transparent record is roughly related to the growing practice of Lifecasting [12]. Our recording technologies have loosed an idea virus [13] upon the world. Namely that our lives can and should be recorded in great detail. So now there are lifecasters who record all their waking moments: in their homes, in their offices, with cameras on hats or even a camera implanted in their skull. Do you see this as a growing reality? I hear you saying that we’re headed in the direction of integrating our identities with our tools, is that correct?

BRUSH: Yeah, in a sense. There’s some technology that supports it. You can see that happening in the social media space with things like Twitter and Facebook. People have a very convenient, fast way now to insert moments of their lives into their online data streams whether it be on Facebook or Twitter, all the time, all day. A lot of people are getting into that and there’s certainly this feeling of being compelled to do so, but there’s also a voyeuristic aspect where people want to know what somebody else is doing. I think part of the human condition is being busybodies.



Once again the brilliant John Seven. Identity Chess/Cubic Time, Flickr, brancusi7, all rights reserved.


METALIFE: Yes, we’re not evil because we like to spy on others, we’re just social animals.

BRUSH: Right, not in a negative sense, rather the more information we have, the more powerful it can really be. So the more intel you can gather on somebody it’s an empowering feeling to be able to have that information. And what I find amazing is that so many people are willing to proffer personal information without any kind of filter or understanding that what you are giving to somebody could be used against you.

METALIFE: And what you’re also saying is that this record is accumulating—on our devices, in the cloud—and for somebody like you, a digital forensics examiner, this is a goldmine.

BRUSH: Yes. People really want to have the ability to erase the past. People have regrets. Or they might want to position themselves to gain something without other people having prior knowledge. With forensics we are able to bring a lot of this information to light. One example I can think of is where investigations can be done on people who are claiming that they are hurt and unable to perform a job function. Yet when you go on their Facebook page and they’re skiing or on a trampoline, they’re showing some kind of physical ability to do something that is contrary to what they might be claiming in a legal proceeding. And you know by these actions that they’re trying to get a financial gain when they possibly aren’t entitled to it. So there are these conflicting points of what’s really happening.

METALIFE: At the Digital Forensic Group, you do hard drive analysis. One of the strangest things about a Metalife is that it is yours—it has your name and even your picture associated with it—but in a very real sense it isn’t yours. And for many of us, a hard drive, whether it’s on our phone or on our computers, is the locus, the epicenter you might say, of that quandary. How much of what is on our hard drives is actually ours?

BRUSH: In a sense, it is under our custody. We physically own it but when you have communication that we have with these devices and how we communicate through them, it’s two-way. For example, there are things that are put onto our hard drives that can be used for tracking and marketing purposes. In an odd sense, it is yours but somebody has put their little flag on what you’re doing on the hard drive. So while you own it, when you open it up to communications you do allow some loss of control. It’s a double-edge sword: you want to be able to use this great technology, go out there and reach out to other people, but you have to go forward knowing that you’re opening the door for people to look back at your activities.



Hard disk platter reflection, Wikimedia Commons, Creative Commons license.


More Information

Canadian Inquiry Finds Privacy Issues in Sale of Used Products at Staples [16]

DARPA Builds Cyberwarfare Proving Ground [17]

Digital sleuths probe deleted data for cops, corporations [18]

Intel’s ‘Museum of Me’ is Cool, Creepy Facebook Fun [19]

New Patriot Act Controversy: Is Washington Collecting Your Cell-Phone Data? [20]

NSA allies with Internet carriers to thwart cyber attacks against defense firms [21]

Prepare to Have Your Email Read by the NSA [22]

The Digital Forensic Group [23]

The FBI Is Losing the War on Cybercrime [24]

Watch this space: Eye-control to give technology a new look [25]

Article printed from Metalifestream: http://metalifestream.com/wordpress

URL to article: http://metalifestream.com/wordpress/?p=5037

URLs in this post:

[1] The Digital Forensic Group: http://www.thedigitalforensicgroup.com

[2] Image: http://metalifestream.com/wordpress/?attachment_id=5064

[3] Exfiltration: http://en.wikipedia.org/wiki/Exfiltration

[4] Image: http://metalifestream.com/wordpress/?attachment_id=5076

[5] Previously: http://metalifestream.com/wordpress/?p=4662

[6] singularity: http://en.wikipedia.org/wiki/The_Singularity_Is_Near

[7] Image: http://metalifestream.com/wordpress/?attachment_id=5082

[8] pretext: http://en.wikipedia.org/wiki/Pretext

[9] Image: http://metalifestream.com/wordpress/?attachment_id=5087

[10] Web 2.0: http://en.wikipedia.org/wiki/Web_2.0

[11] cloud: http://www.infoworld.com/d/cloud-computing/what-cloud-computing-really-means-031

[12] Lifecasting: http://en.wikipedia.org/wiki/Lifecasting_(video_stream)

[13] idea virus: http://www.sethgodin.com/ideavirus/

[14] Image: http://metalifestream.com/wordpress/?attachment_id=5092

[15] Image: http://metalifestream.com/wordpress/?attachment_id=5186

[16] Canadian Inquiry Finds Privacy Issues in Sale of Used Products at Staples: http://bits.blogs.nytimes.com/2011/06/22/canadian-inquiry-finds-privacy-issues-in-sale-of-used-products-at-staples/?ref=technology

[17] DARPA Builds Cyberwarfare Proving Ground: http://www.technewsworld.com/story/DARPA-Builds-Cyberwarfare-Proving-Ground-72687.html?wlc=1308413290

[18] Digital sleuths probe deleted data for cops, corporations: http://www.orlandosentinel.com/news/local/os-computer-forensics-gain-prominence20110617,0,4731359.story?page=1

[19] Intel’s ‘Museum of Me’ is Cool, Creepy Facebook Fun: http://www.pcworld.com/article/229138/intels_museum_of_me_is_cool_creepy_facebook_fun.html

[20] New Patriot Act Controversy: Is Washington Collecting Your Cell-Phone Data?: http://www.time.com/time/nation/article/0,8599,2079666-1,00.html

[21] NSA allies with Internet carriers to thwart cyber attacks against defense firms: http://www.washingtonpost.com/national/major-internet-service-providers-cooperating-with-nsa-on-monitoring-traffic/2011/06/07/AG2dukXH_story.html

[22] Prepare to Have Your Email Read by the NSA: http://www.theatlanticwire.com/technology/2011/06/prepare-have-your-email-read-nsa/38931/

[23] The Digital Forensic Group: http://thedigitalforensicgroup.com/

[24] The FBI Is Losing the War on Cybercrime: http://www.theatlanticwire.com/technology/2011/06/fbi-losing-war-cyber-crime/38550/

[25] Watch this space: Eye-control to give technology a new look: http://www.cnn.com/2011/TECH/innovation/06/20/eye.tracking.tech/index.html

Copyright © 2009 Metalifestream. All rights reserved.