Adventures in Pro Bono Digital Forensics Work
2021-08-06, 14:15–15:15, Main Track

Most of DFIR work never makes it to a courtroom and even when it does it is often unchallenged. This talk will cover cases of doing pro bono digital forensics for public defenders and journalists and the shoddy work that often passes for science.


One of the major problems with our justice system is how the power dynamics work when one side of a legal dispute has resources and the other does not. This plays out in digital forensics too. Most of our work never ends up in court and is rarely challenged. While most of us are honest, there is far more work that needs to be done and not enough qualified people doing it. In short, not every analyst is qualified or experienced but their testimony is accepted unquestioned.

This talk will cover cases that were performed pro bono for clients who would not normally have access to an expert to challenge the government’s experts. Cautionary tales of bad analysis will be shown to emphasize the importance of sound forensic techniques and the risks of sloppy work.

The talk will end with a call to action for more professionals to contribute their time on similar pro bono efforts.

John Bambenek is President of Bambenek Labs, a threat intelligence firm, and a PhD student studying cyber security machine learning at the University of Illinois at Urbana-Champaign. He has 20 years experience investigating cyber crime and has participated in large investigations in ransomware, the 2016 election-related hacking, and extremist fundraising in cryptocurrency.