 Welcome back, everyone. Today, we're going to be talking about doing research in digital investigations. And this is really about keeping your knowledge up to date, how to maintain the edge or how to understand new technologies that are always coming out and how to investigate those technologies, or at least where you can find resources if you're not sure how to investigate those. So one thing that I always recommend for everyone is to find an academic journal that you like or that you can stand, let's say, and go read that as much as possible. So one of the journals that I really like, I have two here that I read very, very often. The first one is digital investigation. And this is a journal about specifically about different types of digital forensics. They really focus on practitioner level research, dealing with digital investigations. There is some about, for example, network forensics, some stuff about theory, some stuff about just the state of digital forensics in general. Most articles in here are going to be very, very relevant to practitioners. Even the theoretical ones are, those ideas tend to be somehow integrated into tools or other aspects of digital forensics later down the line. So it's very important for everyone to understand, I guess, what's going on, especially in journals like this. So the first one is digital investigation journal. And if you've never seen an academic journal before, I just wanted to talk a little bit about what most academic journals look like. First, there's the publisher, which is Elsevier. And Elsevier, it publishes a lot of different journals. So digital investigation is just one journal out of many that Elsevier publish. There's kind of some contention right now or some issues with Elsevier and other publishers, because they don't always let the articles be published and freely accessible, let's say. So whenever they publish an article, the author is actually giving the article to Elsevier, and Elsevier charges money to read that article. So that sometimes is a problem. In this case, if you're at a university, most university libraries pay for a subscription to Elsevier journals, and digital investigation is probably included in that. And I'll talk a little bit more about that in a second. And I'll also show you another way if you don't have a library, potentially some ways that you can get access to some relevant articles. So first off, if you go to a journal page, and this is pretty standard for a journal web page, they'll have, for example, recent articles, most cited articles, a lot of different calls for special issues, a lot of different information on here. And we can see that the recent articles, the title of one of the recent articles is Detection of Upscale, Crop and Splicing for Digital Video Authentication. This paper is going to be probably very, very technical. It's going to be talking about video, essentially, here it says video authentication, but basically different digital forensic topics related to video analysis. So this one's going to be very, very technical. Memory Forendics, a path forward by Andrew Case. Andrew Case and Golden G. Richard are both quite well known for memory forensics and file carvers and things like that. The path forward, this is going to be a strategy paper. So this is potentially going to be interesting for any investigator that makes your own tools or does a lot of memory analysis, does a lot of memory forensics, that type of paper will be very relevant to that group of people. So I don't recommend you read everything. For example, if you don't really do video analysis or video forensics, maybe you want to focus on memory forensics more. If you do focus on video authentication, then maybe you don't need to do read to the memory forensics paper as much. So I'm not recommending that you read everything, because if you read everything, it will be very difficult to learn everything. If you read it generally, just to get the idea of what's going on, that will be very helpful for you. But I don't recommend that you read everything in depth, because there's just too much going on. Digital investigation has a huge area that it covers, and maybe you only need to focus, especially if you're starting out, you really need to focus on things like computer forensics, disk analysis, acquisition, possibly memory forensics, things like that. So look at the titles first of different papers that are published and see if you think that they're relevant to what you're trying to do. Special issues, basically every journal usually publishes some type of special issue, and they cover a particular topic. So for example, special issue on volatile memory analysis, special issue on cloud forensics and state-of-the-art future direction, special issue on big data. So these are, special issues are themes, so a particular issue of, for example, digital investigation will cover all sorts of different topics. Special issues tend to have some theme that they try to go for. Basically the only other thing you need to know about looking at a journal or trying to assess whether a journal is good. A lot of journals now have their journal metrics on the front page. So for example, the site score, this is kind of the ranking, let's see, impact factor, that's what I'm looking for. So the impact factor is kind of a ranking about how much impact does this journal have in this case compared to all Elsevier journals. And digital investigation, if you start looking at impact factors, digital forensics journals, I should say, are always extremely low impact. And the reason for that, I think there's two reasons for that. First, the digital forensics and really information security community in the world is relatively small. And the more people you have doing research on different topics and citing each other, the more impact that journal will have. But since our research area is relatively small, there's not a lot of people in this area yet, even if there's thousands, that's still not very much, then the impact factor will be small because there's not a lot of people to cite other people's work. And the second reason is that a lot of these articles are really relevant to practitioners, like police officers. And police officers, well, they do publish articles, but they don't really publish a lot of articles. Usually, most of the police officers I've met in their master's program, they might publish one paper, or if they find a new issue that's a really big challenge for them and they solve it, they might publish a paper on that, but they don't publish very often. And that means that practitioners, the main people who are reading these journals, don't really produce a lot of articles as well. Not to say they don't produce articles ever. A lot of practitioners produce really, really interesting work. But we have a huge community that's reading, but not a huge community that's publishing. That's basically it. So impact factors you'll notice for digital investigation are relatively low. This one's 1.2. And really digital investigation, along with some IEEE journals and JDFSL and a couple others, are the journals for digital investigation. They are the main journals with our main community around it. So even though the impact factor is relatively low, just take that with a grain of sand, the community itself is relatively small, and that's why. So yeah, if you're trying to assess the quality of a journal impact factor, I mean, relative to other digital forensic journals in the area, this is a relatively high impact factor. But if you compare it to something like medicine, it won't be. So picking quality journals is also very important. And once you get used to reading academic articles, you'll be able to figure out if a journal is is relatively high quality or not. I highly recommend digital investigation. They are, in my opinion, very, very high quality. Okay, so this is actually the journal page, and they have some information. But if you want to read the articles or get access to the articles, you could buy a subscription to the journal. They also have if you if you click on open access articles, open access articles are articles where the authors have paid extra money, that way, people can get the article for free. Okay, so these open access articles are free for readers, right? There won't be completely open access issues of the journal. Some some articles that you're very interested in might not be open access, just because the authors, you know, couldn't afford it or whatever, whatever the reason is. But yeah, so open access articles are free articles. So if you want to actually get started, click on open access articles, and then click on view all articles. And that should take you to yeah, okay, another page here with which is the list of open access articles. So robust bootstrapping memory analysis against anti forensics. This is actually a group from Korea. So open access articles freely downloadable freely readable. Yeah, some some very useful, but that's not the entire the entire issue. One thing that I do recommend is science direct. Let me go back science direct. Yeah. Okay, so science direct. So science direct is Elsevier's how do I say they're kind of repository of all of the journal documents. Okay. So all of the all of the articles that are published in digital investigation can also be found on Elsevier, including all of the different volumes through the year. So I think going back there, yeah, 2004 was the the first issue. So you can go all the way back through digital investigation and read articles from a very long time ago. Depending on the subscription of your institution here, I'm logged in, because I'm on campus, I'm already logged in automatically, or it automatically detects me as Hallam University. Okay, so I have access to all of the articles, even if they're not open access. So on science direct science direct by itself is very interesting, or very useful, because first you can click on an article, and then you can read it online. So I get full access to all of the text online, which is very handy. But you can also download a PDF of the article. Okay, so I tend to download PDFs and put them on my phone and read them whenever I'm on the bus or something like that. So if you can, or if you're looking specifically for Elsevier journals, and you want to get access to the content, try to use science direct with the journal name. Okay, once you find the journal on science direct, and you know the link, so in this case, the link for digital investigation is this number. If you don't have access to science direct, and you can't buy a subscription, I would recommend trying to go to your local library or local university. Sometimes, depending on how the university's network is set up, you might be able to get on the university's guest network, and still get access to science direct through their subscription. Yeah, again, you'll have to check, you'll have to check if this is actually legal. I'm guessing anyone who's on campus kind of is covered by their license, but whether you should actually be there or not is the question. But my point is, if you go on campus, then the IP address automatically detects that you're on, usually automatically detects that you're on a campus, and it will give you access to any of the subscriptions that that university has. Now, I don't know how different networks are set up. In Hellam University's case, the guest network is not set up as a registered IP address for science direct, so you would have to be on a different network, kind of the staff network, basically. Yeah, so just something to think about science direct is very easy to use, it lists all the articles, you can see all of the issues, this is where I get all of my information if I'm looking at an Elsevier journal, you can download PDFs, you can read everything online, and usually it's automatically detected if you're on some sort of campus and possibly even a local library, if you can get access to your local library, they might let you request different journals that you want to get access to. Okay, right, so that's Elsevier, which is usually paid, paid articles, but digital investigation, even if it is paid, it has very high quality articles, science direct, very useful for getting the full text of the articles, and downloading PDFs onto, you know, other devices, so you can read them offline. Next, I'll talk about this in a second, but this is actually an article that I just downloaded, this is a PDF, and I would put it on my phone or my tablet or something and read it while I'm on the go. I'll talk in the next video about how to actually go through and read articles, academic articles, especially in digital investigation, or at least how I do it, what I would recommend for people who are just starting, okay? Okay, next is the Journal of Digital Forensic Security and Law, this is a, I think three years ago, it became a completely a fully open access journal. It also has quite interesting papers, and they're all free, which is excellent, right? So a lot of the stuff that you might have to pay for with other journals you can find on here as well. You can't, not the same papers, but a lot of the authors are talking about very, very similar topics or similar methods for doing investigation. So I recommend both of them, basically. I use both of them all the time, okay? So Journal of Digital Forensic Security and Law, if you just go to JDFSL.org, JDFSL.org, and I've put, I'll put a link with this video, JDFSL.org, then you can see on the front page, it's usually the current issue, which they should be coming out with a new issue very soon. And then these are all of the articles that are in the issue. You can read it. So this is actually an article from a couple people from Korea University and Frank Breitinger. You can see all the references and some other information. And you can also download the PDF, okay? So most of these articles are still in just PDF view. For some reason we don't publish EPUBs or something like that. They all come in PDF, but that's just kind of the way it is right now. If you want to find back issues, just click on all issues, and you can see all of the different issues that have been open sourced from quite a few years ago. Right. So this is just another journal that I highly recommend. There's some quite good articles that are published in here as well. Okay. So those are our academic journals that I recommend looking at. And really, you should just kind of go around and look for more journals. If you type in, for example, IEEE security and privacy, or IEEE, you know, a couple different, there's a couple different journals, conferences, things like that. So IEEE security and privacy also has extremely, usually very, very technical articles. So if you're more on the technical side of things, then you probably want to be reading IEEE security and privacy as well, or there's a couple forensic journals with IEEE as well. Okay. So there's lots of different journals out there. These are kind of the, well, now I'd say three that I recommend. Right. So the important thing is pick a couple journals that you're interested in, and then just try to download an article and see if you can make sense of one of the articles that you think you're interested in. Don't try to read everything, especially if you don't, like, if you're, you don't think that you'll enjoy the article. Don't try to read it. Pick something that you think that you'll enjoy, because you want to get in the habit of actually reading these articles and going to find more, more of these articles later. So for example, Stuxnet dissecting a cyber warfare weapon, that could be a very interesting article. Right. So if you're interested in cyber warfare, even though it's not probably, well, I'm not sure if it's related to digital forensics or not, but if it's not related to digital forensics, read it anyway, just because, you know, it'll get you in the habit of starting to read things. And the more you read, the easier reading everything becomes. I don't know. I hope that makes sense, basically. You need to practice reading academic articles to really start to enjoy reading academic articles. Okay. So whenever somebody asks me like how to keep up to date on in the area of digital forensics, I recommend articles. Articles don't usually talk about the newest tools. They might talk about kind of experimental tools that that academics are producing, but they don't usually have like a hands on guide about how to do different how to use different tools. But they might talk about, you know, new new artifacts found in new versions of windows or, you know, how to analyze a new feature in a kernel or something like that. Right. So this is basically just to give you a base, a base knowledge that way whenever you're given a tool, you can use the tool and actually understand what the tool is doing and where the information that that tool is using is actually coming from. Okay. So I strongly recommend whenever you're starting out, try to get in the habit of at least slightly reading these academic articles to kind of get your mind in the right place for actually doing digital forensics later. Okay. Right. So those three journals were Digital Investigation, Journal of Digital Forensics, Digital Forensic Security and Law, and basically any of the IEEE journals, IEEE Security and Privacy, and I don't remember the forensics one right now. Okay. So after journals, journals are, can we say very heavy, right? A lot of people don't like reading academic journals because the way that academics write, the types of topics people don't think that they're, you know, directly applied or they're not really useful or anything like that. I don't agree. A lot of articles are very, very, let's say directly applied. They're just not written in a very easy to use or easy to understand way. So they will give you kind of a base knowledge that's very, very useful, but they're very heavy. They're not very easy to read. So I would recommend, you know, trying to read one or two journal articles per week, more if you can do it. But if you're just starting out one article per week, basically, the things that I recommend a little bit more are blogs, blogs and podcasts. So for example, go on YouTube and search for digital forensics, you know, information security, anything like that. You'll find a lot of people producing a lot of content about information security every week. One of the more popular ones is security weekly. And they have kind of a new section and they also talk a lot about pen testing. And this is more on the information security side. But as far as I understand that these guys are these guys are pen testers. They are hackers. And they are kind of on the front edge of hacking. So they're looking at all these different vulnerabilities and, you know, trying to figure out how things break, which is very important for digital forensics as well. You need to understand how things break. That way we can understand how to actually investigate it and figure out what happened whenever we don't have somebody telling us what's going on. So these kind of security weekly podcasts, this security weekly is a good one. They also have podcast on iTunes. I usually watch them on YouTube. So just even if you don't look for, you know, security weekly, just find someone who's talking about digital forensics, current topics and digital forensics, current topics in information security, and follow them, follow them and then try to listen to a couple podcasts or a couple ideas, you know, weekly or bi-weekly, something like that, just to stay a little bit up to date. You know, the more you go out and look, the more you'll learn. And the more you learn, the better you'll be at this thing. So follow podcasts, at least a couple of them, and try to listen to them, you know, during the week. That's okay. Next are forums. And there's a couple, well, depending on what you, what you like to do or depending what your focus area is, there'll probably be a forum or some sort of chat room or something set up for that. And one forum that I highly recommend is called Forensic Focus. And it's an English language forum. It's very, very UK centered, but it's been around a very long time. And people from all over the world are on this forum. They are, a lot of them are practitioners. A lot of them are from law enforcement directly. Some of them are from, for example, ISPs, big companies, small companies, academics, there's people, you know, all over the place. So what I recommend is going to just finding a forum that's actually related to what you want to learn. I recommend ForensicFocus.com, because it has a lot of, you know, very knowledgeable people who are very, very active. It's a very active community. They keep up to date on news, on forum topics, just everything. Right. So this new article about Google's new AI system unscramble's pixelated faces is pretty interesting. I think I saw this on some other channels, but then they post it here as well, because that is something that's actually really interesting for digital forensics. If we get this image, and we want to do an analysis, but if we try to zoom in too much, then we'll just get this pixelated face. Well, now, apparently, Google's AI system can kind of reconstruct that a little bit more. Well, that's something that's very, very interesting for digital investigations. So even though they might not talk about it too much, and Google hasn't released much information on it, we can at least be aware that it's possible, and we might see it in new tools later, or we can ask vendors to implement it, or whatever. So definitely go through forums, follow RSS feeds, just to keep up on what news is going on, but also these forum posts. So for example, Android lock screen bypass, this is a topic that's talked about quite a bit. So Android screen lock screen bypass, these are investigators that are probably an investigator looking to get around Android lock screen. Okay, now it could be, we don't know who it is actually, so it could just be a hacker trying to get in. But people are saying, you know, oxygen forensics, this is a tool kit for mobile forensics analysis. Yeah, so oxygen forensics is a tool kit. Just looking for anything interesting here. Yeah, so basically people saying, use different comments, and telling them how to use the forum. Okay, latest articles. So you can post questions on here, and people will be very, very quick to answer, but you should go through and actually search if the question has ever been posted before. Yeah, just really, really, really useful resource, because it's a lot of people who are actually doing the job that will try to answer your question, and they're usually very helpful. They also have job postings here. And most of the jobs are in the UK, but some people post jobs from all over the place. Okay, the last thing I think I'll talk about not the last thing actually, sorry. Another thing that I'll talk about is Research Gate. So kind of coming back to journals, whenever we come back or whenever we're trying to get access to journals, sometimes we'll find an article that looks really, really interesting, but we can't get access to it because it's behind some sort of paywall. Research Gate is a community of researchers. It's kind of like Facebook for researchers, but you don't have to be a researcher to join it. You can just just make an account, and you can search for, for example, digital forensics. Yeah. Yeah, so digital forensics and browsed by publications. Okay. So yeah, these are basically all of the publications that Research Gate has found, and then the authors probably posted, might have posted, if they've joined the network, they might have posted their original article. Not necessarily the published version, but maybe their pre-pubbed version. So Research Gate is a really good way to find if the article is available on any other way than behind the paywall. Okay. So if you can't get access to a university, if you can't pay for a subscription, I'd recommend going to Research Gate, creating an account and looking to see if you can find the article there. The other thing is, if you follow different researchers, then you can see whenever they publish new material. So maybe there's a researcher that's doing something very related to what you're working on. You can see whenever they're publishing new articles. Okay. Right. So the last thing I'll talk about is scholar.google.com, scholar.google.com, if it loads up here. So scholar.google.com is a really interesting or a very, very useful resource, I should say, for finding academic journals. It basically goes through and it indexes all of the articles that are actually anything that's actually an article. So it doesn't really, it doesn't include news websites. It doesn't include blogs. It doesn't include anything like that, just academic articles, including patents here. So including patents, including case law. Case law is interesting if you're in cyber criminology or anything like that. I don't usually look for patents. So here we have, we're looking for articles. And if we type in digital forensics, or something more specific, if you type in digital forensics, it will be way too general. So for example, digital forensics research the next 10 years, this is a relatively old article from Garfinkel, very, very popular. Yeah, but we'll get relatively, relatively general results because we're not looking for something specific. So let's do digital forensics event reconstruction. Right. And then now it's like different articles using event, talking about event reconstruction. I was talking about it because this was my research professor, and he published a lot on event reconstruction. So we can find very, very specific articles. And we can also find where they might be available. So for example, this article, finite state machine approach to digital event reconstruction, you can find it on sciencedirect.com, which we've already talked about. If I wasn't on campus, it would probably be behind a paywall. Well, formalizing event reconstruction, digital forensics is at formalforensics.org. And it turns out that this is, I hope it's still up. Yeah, this is his actual website. And this was hit one of his PhDs. You wouldn't find this if you go to like Elsevier's website, this is not published by Elsevier. So you would have to find it at formalforensics.org. So one of the first things I tend to do, well, I do a couple of things. So first, I usually go to a couple different journals, like essentially these three journals I usually go to and I see what new articles have been published. And I go through and I read the articles that I think are going to be interesting to me. If I want to look for something else more specific, I'll use scholar.google.com to be able to find articles that are specific to what I'm looking for from, you know, not just this year, but basically any time in the past. And not just with a single publisher, but with every publisher just published anywhere, basically. Okay. Yeah, and then I'll try to read a couple articles related to different topics that I don't know much about, maybe cloud forensics or something like that. I also try to listen to at least one or two podcasts per week. And then I also look at the forensic focus forums, you know, once or twice a week, probably. And if you do those, like, basically, here I'm kind of reading, let's say, overall, I'm essentially reading, or, let's say, for, for, for a beginner, I would recommend reading at least one article a week from somewhere, just pick a journal that you like, pick an article you think sounds interesting, and try to read it. I'll talk about how to read it in the next video. Pick a podcast or a blog or something that you think is interesting and listen to it once a week or read it once a week. Okay. And then also pick a forum where there's other people in the community, and just, you know, spend, you know, half an hour or less going through the forums and looking at new forum posts that have been posted. And, you know, what things are interesting to you, is there anything that you haven't seen before? Maybe you want to learn more about forensic hardware or see the current issues that people are having in forensic hardware? Yeah, and just look through it for, you know, half an hour, once a week. So really, overall, you're not doing a lot more, but that kind of thing after you do it for several weeks, it will keep you really up to date on, you know, issues practitioners are having, what academics are working on, the current state for, for police officers, the current state for people working in corporations. Yeah, that'll keep you very up to date. And then if you look at the security blogs, it'll also keep you up to date on what digital investigators will see in the next couple years because penetration testers are basically the guys that are hacking things now. And that's what investigators will be investigating, you know, one, one to two years from now. Okay, so that's just some tips to stay up to date on, on research in digital forensics. Next, we'll talk about how to actually read an academic article about digital forensics. Thank you very much.