In the field of digital forensics we go by a “rulebook” – a set of beliefs that we commonly hold as true. When I recently delved into the world of data recovery though, I found that we were mistaken about some really basic things, like that an SD card that reads all zeros in forensic tools is empty when in fact it can still contain hundreds of pictures, or that we’re getting a “full” forensic image of a hard drive with forensic tools when in fact we aren’t. This presentation covers the myths of digital forensics I always believed until data recovery techniques proved me wrong.

Cynthia Murphy (@cindymurph), President, Gillware Digital Forensic
Cindy Murphy served in law enforcement for more than thirty years, including twenty-five years at the Madison, Wisconsin Police Department, where she worked as a detective and a certified digital forensics examiner. While at MPD, she had the opportunity to serve as a detective and as a certified digital forensics examiner for over seventeen years. During her time as an investigator, she saw firsthand the emergence of mobile devices as the primary source of evidence in investigations. This pushed her to grow into the mobile forensics expert she is today and enabled her to co-author the SANS FOR585 Advanced Smartphone Forensics course. Just recently, Cindy took a leave of absence from the Madison Police Department to launch Gillware Digital Forensics, where she is co-owner and serves as president and lead examiner. As a life-long police officer, Cindy knows the transition from the public to the private sector to private will present new challenges, but she's looking forward to broadening her professional experience even further, which will benefit both Cindy and her students.

Throughout her career, Cindy has always looked for opportunities to help in meaningful ways. In one recent case, experts spent a year trying to unlock the phone of a 16-year-old girl who was killed in a tragic traffic accident. As the family prepared to spread the girl's ashes in a ceremony a year after her death, Cindy was given the victim's locked phone. She was able to unlock it, enabling the family to see their daughter's last photos. The family sent Cindy a thank you note that said: "We so appreciate this opportunity you've given us to hold onto a piece of our daughter's life we were sure was lost to us."