CypherCon 2024

The Curious Case of Alice and Bob: What You Can (And Cannot!) Do As Digital Investigators

Catherine Ullman


The game is afoot! How does the modern science of digital forensics — like Sherlock Holmes’ own deductive reasoning — unveil truths in a landscape where evidence is as elusive as bytes and bits? Join me in this intriguing inquiry where our understanding of the context is as vital as the tools we wield.

In the curious case of Alice and Bob, we will explore beyond the surface of technical know-how. Attendees will navigate the intricate labyrinth of digital investigation, learning not just ‘where’ to seek digital clues – perhaps hidden in the obscure corners of the registry – but crucially, ‘why’ these specific details matter and ‘how’ they fit into the larger puzzle of our investigation. This talk is not merely a walkthrough of tools and methods; it is a narrative adventure, illuminating their practical use in real-world scenarios. For both seasoned and aspiring digital sleuths, this session aims to sharpen your investigative acumen, much like Holmes honing his skills, setting or recalibrating your expectations of what digital forensics can realistically achieve in the art of uncovering the truth.

Importance: I created the talk as an engaging story focused on the investigative process to help highlight common pitfalls. Ideally, it will help existing investigators view digital forensics with new eyes by helping them learn how preconceived notions can get in the way and teach folks new to the industry how to avoid these bad habits from the beginning.

Catherine Ullman

Who doesn’t like a good mystery?

Dr. Catherine J. Ullman is a security researcher, speaker, author, and Principal Technology Architect, Security, at the University at Buffalo with over 20 years of highly technical experience. In her current role, Cathy is a digital forensics and incident response (DFIR) specialist, performing incident management, intrusion detection, investigative services, and personnel case resolution in a dynamic academic environment. She additionally builds security awareness among faculty and staff which educates and informs users about how to prevent and detect social engineering threats, and how to compute and digitally communicate safely. Cathy has presented at numerous information security conferences including DEF CON and Blue Team
Con. Cathy is a contributor to the O’Reilly title 97 Things Every Information Professional Should Know and the author of the Wiley title The Active Defender. In her (minimal) spare time, she enjoys visiting her adopted two-toed sloth Flash at the Buffalo Zoo, researching death and the dead, and learning more about hacking things to make the world a more secure place.