Divya Lakshmanan is the instructor of our EXT4 and NTFS courses (so far!). Developing course materials with her has been an absolute pleasure, so we wanted to introduce all of you to Divya and let you get to know her more closely; Dive in, if you have any questions for Divya don't hesitate to post them in the comment section below!
[eForensics Magazine]: Hello Divya, how have you been? We know you very well, but can you please introduce yourself to those of our readers that don’t yet?
[Divya Lakshmanan]: Hello! I am an independent researcher who enjoys teaching. When I am not working, anything out of the ordinary has my attention.
[eFM]: What got you interested in digital forensics?
[DL]: Most of my childhood was spent reading mystery and thriller novels. Finding secrets, uncovering hidden agenda and putting together pieces of a puzzle, it all got me addicted to the adrenaline rush. Soon began my love affair with computers. My holidays were spent tinkering with various software tools.
Imagine my delight when I figured out that I could solve adrenaline-inducing puzzles and unravel hidden agendas on computers! That’s when I knew my career would be in the area of digital forensics. My teacher from graduate school Mr. Nagoor Meeran taught me well, where to look and how to look. It was the icing on the cake!
[eFM]: You specialize in file systems - both of your courses and both of your articles here on eForensics are about them. What’s special about file systems? What makes you come back to this topic?
[DL]: You do need to learn the alphabet before you can write fancy articles! The foundational knowledge in the chosen area of expertise needs to be contrived. This is what drove me to explore File System Forensics.
When you hold a conversation with someone from the industry and enquire about ‘the next big thing in technology’, you would be presented with names like Artificial Intelligence, Machine Learning, Big Data, etc. - all of which deal with an abundance of data. Although these entities are carving their own niches, I believe that from a research perspective, it all boils down to the basics. In technology, the magnanimous amount of data that is used and processed needs to be stored meticulously. Since file systems take up this responsibility, I believe it is obligatory for every Digital Forensics explorer to be familiar with this arena.
Knowledge about a file system creates a ‘mental map’ about data arrangement on the storage device. During an investigation, this would give a competent examiner the thrust essential to unearth evidence proficiently.
People may argue that the most common file systems in use currently – NTFS, EXT4, FAT, etc. -- were developed and studied long ago. They may ask, ‘what is the need to study it now?’ Well, the file system developers keep updating and upgrading the internals of each file system, to keep in tune with the growth of technology. It is imperative for Digital Forensic Investigators to be informed of revisions to file systems. Sometimes one bit of data (part of a bitmap) directs the course of an entire investigation. Replete knowledge about file systems would help an investigator detect these kind of bits easily.
[eFM]: What’s the next big thing for file system forensics? Any wishes you have for the next couple of years in terms of tools or developments?
[DL]: Forensics labs are swamped with data for a single investigation – given the gross increase in size of data storage devices, which is in the order of terabytes. We need to be able to perform file system forensics on such large devices, well within the investigation window! Practitioners adept at performing file system forensics on a small scale, would be in a position to provide intricate details to programmers entrusted with developing tools capable of executing file system forensics on a large scale.
I see people starting out in digital forensics plunge into experimenting with automated tools. Although that experience is needed, most people neglect scrutinizing the basics. I wish more people would take an interest in probing the basics of file systems and develop their own scripts or tools, that would be a well-intended beneficiary to automated tools.
[eFM]: What other aspects of digital forensics do you research?
[DL]: Linux forensics has always been of interest to me. The differences in behaviour between debian and rpm based systems, effect of customized kernel and custom applications, makes me regard it as an abysmal research area.
I have also explored the forensic impacts of Near Field Communication.
[eFM]: What did you find the most challenging about your education in the field? What was the most useful thing you’ve learned, in retrospection?
[DL]: I made a decision to head towards research. This entails sifting through a lot of work and coming up with my own. Sometimes I had interesting findings and sometimes I did not. One time, hours of interesting exploration did not yield a very fruitful outcome. It ended up being an acknowledgement of the collected information.
In the professional arena, there is always a pressure to keep stepping up. Do more and you will get this promotion. Do more and get this incentive. It does seem lucrative!
My advice would be this – acknowledge that the pressure exists, but do not become a victim to it. When you work, do it for the immaculate joy and impulse of it, not with the motive of working your way up the corporate ladder. Do pure work and the growth will come in its own time.
[eFM]: What’s on your current to-learn list?
[DL]: I am currently exploring forensic impacts of the Linux kernel, on regular computers and IOT devices like Raspberry Pi.
[eFM]: What tools do you think are crucial to learn for someone starting out in digital forensics?
[DL]: The first tool I would suggest is patience! Digital Forensics is an area ventured only by the curious and unthreatened. The torrent of data requires a great deal of mental stamina to sift through and harvest meaningful information.
Set apart a computer or laptop separately for your digital forensics exploration. Next, get acquainted with a Linux distribution of your choice – one debian based and one rpm based. I would suggest Ubuntu, Kali and Fedora. Get acquainted with the various basic terminal commands – for file management, file metadata study, system administration, file search, etc. Although GUI tools are available, befriend the command line tools -- they come in handy in unlikely situations.
For the regular user, data stored as zeros and ones is displayed in human-readable form. In digital forensics, the clusters of zeros and ones are preferred to be studied as hexadecimal data. Get acquainted with a hexadecimal editor of your choice. Explore the options available and identify which interface suits you best. I would suggest wxHex Editor.
The most important tool in every forensic examiner’s pocket should be a notebook to document findings. You can resort to taking screenshots, saving logs or even typing out reports. Sometimes the good old notebook does the job best. Documenting your findings in your own handwriting is your work’s signature.
[eFM]: You graduated and work in India. What changes do you observe in the Indian market for digital forensics?
[DL]: The Indian market has been devoting focus to digital forensics for quite some time. However, there is still scope for expansion. Extensive trainings are being conducted for fresh graduates to help fill the skill-demand gap. Private entities are working to bring about the much needed awareness of digital forensics.
[eFM]: Do you feel formal education is still important for starting out in the field when it comes to the Indian market? Or are courses and professional certifications more respected?
[DL]: Formal education is definitely a stamp on your resume about your qualification, which immediately accelerates you to the favorable end of the job applicant filter. What matters is, ‘what was learnt during the formal education?’ Employers always ask, ‘What more can you do than the other applicant with the same qualification?’ It is the student’s responsibility to make the most of the formal education period and utilize library resources well. This holds good at the entry level.
Candidates with experience in the job market are expected to be on par with trends in technology. They are told to ‘keep learning’. Courses and professional certifications are endorsements of refreshed training.
‘Self-learning’ trumps formal education and certifications any day! Knowledge gathered out of free will stays for life.
[eFM]: In your opinion, what’s the next thing everyone should be watching very closely?
[DL]: Currently, there is a surge in use of automated homes and automated cars. People entrust these devices with their personal information, which is a goldmine for information thieves. The whole ‘police-chasing-the-thief’ saga continues. This initiates a perpetual demand for digital forensics professionals, who can perform comprehensive IOT forensics.
Also, keep a lookout for ordinary gadgets that are capable of performing extraordinary or unconventional tasks.
[eFM]: Do you have any thoughts or advice you would like to give to our readers? Besides enrolling in your new course immediately :)?
[DL]: Be curious. Pick an area of interest and scour the Internet for information. You never know the outcome of the various permutations and combinations of collected information. Happy exploring!
Check out Divya's work: