Kevin Pagano is a seasoned cybersecurity professional specializing in Digital Forensics and Incident Response.
With a strong technical background and a passion for unravelling complex cyber incidents, Kevin has become a trusted expert in investigating and mitigating cyber threats.
When i first started getting into DFIR and was searching for all blogs and tools to help me, one of the sites i found myself revisiting again and again was https://start.me/p/q6mw4Q/forensics
Not only is this an amazing resource for tools that is kept neat and tidy so easy to find what you are looking for:
But the site has a brilliant blog feed too with the whole site being kept fresh and up to date.
On top of this he has amazing DFIR related shirts for sale 🙂
Hope you like the interview as much as i did liked giving it.
Can you tell us about your background and how you got started in DFIR?
I actually went to college for Digital Forensics. I originally wanted to be a video game programmer so I chose Computer Science as a major. I quickly learned that I was horrible at Java programming so my second semester I switched over to Computer Forensics major and from there it was full steam ahead.
Out of college I was able to get a contract position doing eDiscovery and HR investigations for The Hershey Company (yes there is chocolate everywhere). From there I pivoted to my current position with Siemens Healthineers, starting by doing eDiscovery and some forensics but pivoting to full time forensics a few years later.
I also work some part time positions doing R&D
What motivated you to start your blog, stark4n6.com?
Sharing is caring. At the time there were a bunch of blogs out there that I followed but I wanted more, so once I started doing my own research, I wanted to contribute back to the community. And the blog was created. It’s been a nice place to dump thoughts, publish my work and house updates on scripts and tools I’ve worked on.
What advice would you give to someone just starting out in digital forensics?
Put yourself out there. Create a blog, make posts on your research, or even do CTF writeups or your experiences of working with artifacts or tools that are available.
Networking is also key. Try to get to conferences and chat with peers or do it virtually through LinkedIn, Twitter/X or other social media platforms. You never know what opportunities may come from your interactions.
Are there any common mistakes that beginners in DFIR should be aware of and avoid?
Don’t be afraid to fail/learn from your mistakes. They will inevitably happen.
Don’t be afraid to ask questions, there are so many people in the community that will lend a hand if you need help.
You can only learn one of either Python or PowerShell, what are you choosing?
I don’t know much about PowerShell (but I do want to learn). I would choose Python at this stage. I’m learning constantly while working on coding projects so I still have a lot to learn but it has helped greatly in automation and parsing for my research.
What skills do you believe are essential for professional growth in DFIR?
Continuous learning, don’t ever think that you know everything. DFIR is fast paced and you can get outclassed very quickly if you don’t stay on top of trends and updates in the industry.
What do you think the future holds for digital forensics and incident response?
Work will always be there, especially with the rise of nefarious actors. It might seem cliché but AI will for better/worse continue to ramp up, so how do we detect its usage and how can we leverage it for good.
I also think we’ll see a continued cat and mouse game from the mobile side of how can we squeeze out more evidence from devices that continuously get further and further secure (as well as cloud platforms like iCloud or Google’s offerings)
Top 5 go to DFIR tools you couldn’t live without?
It’s hard to narrow down to just 5 but I’ll try.
- Number 1, I’ll start with the LEAPPs (iLEAPP/ALEAPP) as one. I like to consider them a unit as they do the same thing basically just across different platforms. They are free and it’s super easy to add to (please join us in contributing!). Maybe I’m biased because I help with development.
- Number 2, EZ Tools/KAPE. More free tools for the win. Eric has done amazing work in creating these for the community and practitioners alike. They help quickly triage data like no other. I guess I could lump TimelineExplorer in here as I use that more than Excel these days.
- Number 3, Magnet AXIOM is my go-to from the commercial side. I’d say most of my day to day work flows through it at some point
- Number 4, Not specifically DFIR but DB Browser for SQLite, I wouldn’t be able to do so much mobile forensics research as easily without it
- Number 5, USB Detective, we get a lot of cases of potential exfiltration so being able to triage quickly devices plugged in and files/folders opened and interacted with is convenient
How do you envision the role of automation and AI evolving in DFIR?
We are already seeing AI being implemented into many commercial tools so it’s not surprising that we’ll see it more and more. I think automation has a good place from the processing side of the house to help quickly get data into the analysis side. While I think AI will help with certain aspects of the analysis I do still think the analysts will still need to assess what is happening and to not just solely rely on the tools to “find evidence”.
What do you have planned for the rest of the year?
I’m gearing up for parental leave so that’s going to be the biggest thing planned for the rest of the year (and the rest of my life haha).
In terms of DFIR, I’m hoping to get more projects and research out to the community, more blog posts, more collaboration, more building out of my StartMe page (https://startme.stark4n6.com).
Hopefully more designs on my shops too! (shameless plug) https://www.teepublic.com/user/stark4n6