Rebecca Passmore has a Master of Science in Digital Forensics and Cyber Investigations and currently works as a senior vice president specializing in cyber risk at Kroll.
With over 23 years of experience as a senior digital forensic examiner with the FBI, she has led numerous complex digital investigations, including technical analysis for national security, insider threats, internet fraud, child exploitation, terrorism, and public corruption.
Passmore has also provided expert testimony in cases involving computer forensics. In addition to her professional work, she teaches Digital Forensics and Introduction to Cybersecurity at the University of Arkansas at Little Rock. Furthermore, she holds several relevant professional certifications.
Summary of the episode
Rebecca Passmore is an expert in digital forensics and cybersecurity. She teaches these subjects at the University of Arkansas at Little Rock and also works in industry.
She has been involved in challenging investigations, including one where she used digital forensics to connect a suspect to a kidnapped child. Passmore also has experience giving expert testimony in court, where she emphasizes the importance of ethical conduct and staying up to date with the latest developments in the field.
At Kroll, she contributes to the broader field of cybersecurity through digital investigations and providing indicators of compromise. The University of Arkansas at Little Rock offers various cybersecurity programs and certificates, including an online program and practical exercises in a safe cloud environment.
Passmore emphasizes the importance of continuous learning to stay prepared for future trends and challenges in cybersecurity.
Listen to the episode
A complete transcript of the episode
Steve Bowcut:
Thank you for joining us today for the Cybersecurity Guide Podcast. My name is Steve Bowcut, I am a writer and an editor for Cybersecurity Guide and the podcast’s host. We appreciate your listening. Today, our guest is Rebecca Passmore. Rebecca is an assistant professor at the University of Arkansas, Little Rock. Our topic today, we’re going to be discussing cybersecurity educational opportunities that are available at UA Little Rock. Before I bring her on, I want to tell you a little bit about her. She’s got a fascinating background and career that we’re going to leverage for this conversation. Rebecca Passmore has a master of science in digital forensics and cyber investigations, and currently works as a cyber investigator in digital forensics and incident response at Kroll Inc. With over 17 years of experience as a senior digital forensic examiner with the federal government, she has led numerous complex digital investigations including technical analysis for national security, insider threats, internet fraud, child exploitation, terrorism, and public corruption.
Rebecca has also provided expert testimony in cases involving computer forensics. In addition to her professional work, she teaches digital forensics and introduction to cybersecurity at the University of Arkansas at Little Rock. Furthermore, she holds several relevant professional certifications. With that, welcome Rebecca. Thank you for joining me today.
Rebecca Passmore:
Yes, thank you for having me.
Steve Bowcut:
Okay. Do you prefer Rebecca or Becky or does it matter?
Rebecca Passmore:
I prefer Becky.
Steve Bowcut:
Okay. Well, Becky, it’s nice to have you on this show. I’m really excited about this particular episode. As you and I chatted a little bit before, we primarily have academics on this show and we talk about educational opportunities at various institutions across the country. But you can bring, I think, a little bit more to this episode because you’re actually working in industry as well as teaching. Some of the questions that I’m going to ask you are really more about what you do on the professional side of your career, but of course, we do want to get to the University of Arkansas Little Rock and what’s available there. Let’s start with some background on you. Tell us how you got started. How did digital forensics and cybersecurity become a big part of your life?
Rebecca Passmore:
Right, thank you. Yeah, a little background of me and you kind of spoke about it in the beginning, but I do, I hold a bachelor of science degree in information technology and then a master of science degree in digital forensics and cyber investigations. In just a few short weeks, I will start working on my PhD in Computer Science Information Science at the University of Arkansas at Little Rock. I am a 23 year veteran of the FBI, where I served as a certified senior digital forensic examiner. Currently, I work as a senior vice president at Kroll specializing in cyber risk. Additionally, I am an assistant professor at the University of Arkansas at Little Rock where I contribute to the cybersecurity program. I also teach digital investigation courses at American Intercontinental University. I am a certified forensic examiner with the International Association of Computer Investigative Specialists, IASIS.
I hold two SANS certifications, one as a certified forensic examiner and the other as a certified advanced smartphone forensics. I have earned two Comp TIA certifications in A+ and Net+. During my time with FBI, I was trained and certified as a member of both the Evidence Response Team, ERT and the Hazardous Evidence Response Team, Heat, which was specialized in digital forensics. I have completed thousands of training in digital forensics and evidence collection. I’ve had the privilege of traveling worldwide to train others in the field of digital forensics, including in Pakistan, Estonia and Tunisia. The interesting part of my background is that over 20 years ago, specializing in digital forensics and cybersecurity was not an option. A colleague who recruited me to work for the FBI advised me to focus on computers if I wanted to further my education because that’s where crime was headed and it would be useful in the future. I had no idea it would lead me to this, but I’m very grateful. The career is not only rewarding and fun, but it has also evolved into lucrative jobs across various roles in cybersecurity.
Steve Bowcut:
Excellent. So is it fair to say then that your passion was crime fighting before it was computer forensics or using that specific methodology of fighting crime, it sounds like?
Rebecca Passmore:
Absolutely.
Steve Bowcut:
Okay. Well, thank you for that. I appreciate that. So for any of our audience that is really interested in fighting crime, I think that’s a good thing to consider. More and more crime is found digitally. There’s still street crime and violent crime and that kind of thing, but so much of it now is like everything else that we do in the world, it’s done digitally. So let’s look at your experience a little bit. I’m fascinated with your work history. Can you tell us some about maybe some challenging investigations that you were involved in?
Rebecca Passmore:
Sure, ,absolutely. So as a digital forensic examiner, when thinking about evidence, preserving and collecting that data is critical to the investigation to any investigation. And as we know, we all live in the digital world and living in the digital world means that nearly, if not every case that you would ever come across, has some type of digital component to it. So one of the most challenging aspects of digital forensics is going to be involved with preparing and managing the data, especially when it’s dealing with any type of complex scenario. So for example, mobile devices come with multiple levels of encryption and connectivity, and being able to disconnect those devices from networks and collect as much data as possible is going to be key to that investigation. So not only is collecting and preparing the data important and crucial, but processing it and analyzing it efficiently is essential to keep the investigation moving forward. Conducting thorough analysis on that data such as matching USB connections, Wi-Fi networks, transactional communications between individuals and any other type of connection is going to be vital for that.
One particularly challenging investigation, excuse me, involved recovering an NTFS partition from 120 gig hard drive that had been reformatted to a 2 gig fat 16 partition. I know this process is highly technical, but let me explain it with some type of an analogy. Imagine you have a large room, an advanced warehouse designed for efficient storage and organization, but you’re only using a small section of that space with basic shelves leaving the rest of the warehouse disorganized and underutilized. In that scenario, you want to reorganize and restructure the entire warehouse to make it functional again. So in this investigation, I use forensic software and advanced techniques to recover the hidden NTFS partition from the hard drive, allowing me to retrieve all the critical data needed for the case. The suspect believed that by reformatting the hard drive, the data would be irretrievable and unrecognizable by standard methods.
However, it worked in my favor and to my advantage as a forensic examiner because I was able to completely recover the data and uncover the evidence necessary for the investigation. Another challenging digital investigation involved evidence from two different states. I needed to determine if the suspect in Arkansas had any connection to an individual in Tennessee as both had claimed they did not know each other. In this case, I had access to three different computers belonging to the suspect in Arkansas, all of which had had a specific USB device plugged into it at some point. Although, I did not have the USB device itself, I found concerning file names from link files and shortcuts on the computer. This discovery allowed investigators to work on additional search warrants to look for and find the physical USB device if at all possible in other locations.
The key to tying the suspect to the individual in Tennessee was through this USB device. Many people don’t realize that USB devices have unique serial numbers stored in registry files. By analyzing the registry, I found the unique serial number for the USB device that had been plugged into the suspect’s three computers. The same USB device was also plugged into the laptop of the individual in Tennessee. The crucial piece of evidence demonstrated the connection between the two individuals despite their claims of not knowing each other, and additionally, the physical USB device was never recovered.
Steve Bowcut:
Wow. So that is fascinating. I actually want to back up a little bit because I said something earlier that I think I want to take back now. No, I don’t want to take it back, I want to modify it. I had spoken earlier about much of crime fighting being digital, and in my mind, I guess the reason I said it that way, because in my mind I think of there’s digital crime. So there’s the people who are taking the money out of your bank account or doing all of those things in the world or in the cloud, and then there’s the street crime and those kinds of things. But what you’ve just illustrated is someone with your expertise and background actually works …there’s a blurred distinction there because you’re using your skills and expertise to find, like you said, every crime has some digital footprint.
There’s some digital tool that was used. There’s a cell phone that was used, or the suspect had a cell phone on them when they committed that maybe it was just purely a physical crime, but they had a cell phone on them, and so where was that cell phone at that time? Those kinds of things tie all that together. It’s not as distinct as maybe I had presented it before. Every crime has some kind of a digital footprint or need for that kind of investigation. That really stood out to me. And then the other thing that you just mentioned that really stood out to me is that I guess the challenge for someone in your position is trying to stay technologically one step ahead of the bad guys because the bad guys are learning all the time, and they’re not stupid people, many of them I guess some of them are, but many of them are not.
They know they need to wipe their computer, and they know crafty ways of doing that. But you need to stay one step ahead of them to understand, okay, well if they’ve done it this way, then I can still come back and figure some stuff out. Is that in very lay terms, what you talked about?
Rebecca Passmore:
Absolutely. Knowing those techniques, having an understanding of the technical aspect of digital forensics and somewhat of the mindset of the behavior of an individual and what they’re going to use their digital devices for, and making those connections and discovering those digital footprints within those connections. Absolutely.
Steve Bowcut:
Interesting. All right, so let’s shift our focus just a little bit. And maybe there’s a case study or a case that you were involved in that has some significant institutional security or public safety implications that you could share some details with.
Rebecca Passmore:
Sure. This one I share because I want to emphasize the importance of the work that people do in digital forensics, computer forensics, cell phone forensics, whatever it is, it’s such a rewarding career field. One of the most rewarding and heartwarming cases I’ve ever worked on involved recovering a kidnapped child.
Steve Bowcut:
Oh my.
Rebecca Passmore:
Not physically, I was not the one that physically recovered them, but myself and my team were instrumental in the recovery of this child. So this one will tug at my heart and it does every time I speak about it, but the collaboration and dedication of the team was truly invaluable in this matter. So it started one Monday morning around 7:00 AM, and I received a call from a case agent while I was driving to work. A young girl was missing and had been missing for approximately 24 hours, and the sheriff’s department had no leads. The case agent asked if we could unlock some devices as the girl had been communicating with someone on a specific application on one of the devices. The case agent collected the devices from the sheriff’s department. They ended up being an iPod, an Android phone, and a tablet. None of them could be unlocked with our current tools that we were using at that time.
So despite the setback, we, as a team, remained determined and getting this data from these devices. As the computer forensic examiner coordinator for our office at the time, I had recently purchased a device that could brute force the iPod pin codes, but there was going to be a risk, it could wipe the device after 10 attempts. So discussing the risks with management and the team, we decided to go ahead and try it. Unfortunately, 24 hours later, this attempt did not work. So now if you’re following that timeline, we’re about 48 hours into a missing child. The case agent collected the … I’m sorry, so then the next morning, excuse me, I remember there was another tool that we had recently purchased and it was also a way to bypass or break iOS passcodes. We connected that device to the iPod and within two hours it unlocked the device.
Steve Bowcut:
Awesome.
Rebecca Passmore:
So imagine the sense of relief as we were able to get the leads going. My colleague immediately disconnected the iPod, noted the device password and handed it to me. I disabled the lock code, extracted the evidence, and found the last conversation in that specific application. This led us to a username where another colleague simultaneously was conducting an online search as I was voicing out the information. The search immediately revealed multiple accounts, a name, a phone number, and an address in Texas. We immediately notified the case agent who contacted the sheriff’s office. They in turn informed the local authorities in Texas. The local authorities conducted a welfare check at the address and found the 13-year-old.
Steve Bowcut:
Oh my, wow.
Rebecca Passmore:
The joy and gratitude we all felt knowing we had played a part in bringing this child home safely was extremely overwhelming.
Steve Bowcut:
I can’t even imagine how rewarding that work must be. I guess for any of our audience who really wants to work in a field that is going to make a difference in people’s lives, that’s a good story to remember because you can’t make a bigger difference in someone’s lives than to rescue them from a situation like that. Thank you. I appreciate you sharing that.
Rebecca Passmore:
Yes. You’re welcome. Sorry. Absolutely. I would say here the key is understanding how devices work. They change on a regular basis. There’s updates that occur on a regular basis, so just having an understanding of how they work, being able to do quick research, being able to, obviously never give up it just makes a difference. Again, this experience reinforces the importance of compassion, teamwork, and perseverance. Having the colleagues that I worked with on a regular basis, we knew that between all of us, we could definitely make a difference if we put our heads down and worked hard to find how we could get into the device and how we could find the information.
Steve Bowcut:
Yeah, excellent. I suppose it’s worth mentioning that there’s another aspect of this that is probably much more non-technical. You also need to understand how predators work, how they go about grooming and how they go about getting people to follow their instructions and therefore put them in a dangerous situation and looking for those kinds of clues. Anyway, it’s fascinating. Thank you, I appreciate that.
Rebecca Passmore:
Yeah, no, thank you.
Steve Bowcut:
The other thing that I was fascinated with is your work or your experiences giving expert testimony. I know a lot of us have often wondered what would that be like to give expert testimony? Can you just share some of what that’s like and how much of your technical expertise you have to bring forward in a testimony to prove your point?
Rebecca Passmore:
There are going to be skills and knowledge areas to help deliver expert testimony in cases, one being your technical expertise. Having an understanding of, one, the collection of digital evidence, two, the preservation and three, the analysis. But the other part is how you’re going to document that because when you document that, that is what you’re testifying to. You’re documenting to those reports that you’re testifying to. There’s multiple tools, forensic tools and software out there such as Magnet Forensics, Cellebrite, NCASE, FTK, X-Ways, Autopsy, all of them have a different platform but can be utilized to find the evidence needed and then be able to articulate that evidence. Having a knowledge of the different file systems, operating systems, along with all the experience with the mobile devices, network devices, and cloud forensics. On top of the technical expertise, you want to think about the legal knowledge, being able to understand legal standards, procedures, rules of evidence.
Having a familiarity with the chain of custody protocols and the ability to present the complex technical information clearly in a legal context and understanding that your jurors are not going to have the same background and how to be able to articulate it to where they can understand it. Analytical skills, being able to identify patterns and anomalies, reconstruct events, especially when you have so much data in front of you. So many times we look for what doesn’t belong versus what belongs. So walking into a house and the people that live in that house’s fingerprints are all throughout the house, but where’s the one fingerprint that doesn’t belong is what is similar to what you’re looking for in those analytical skills. Having good communication skills, being able to explain those complex technical concepts to judges, jurors and attorneys. To be as effective as possible, but not just in speaking, but also in writing attention to detail because the dates, the times, the accuracy is critical in these types of situations where you’re conducting meticulous examination and documenting that digital evidence, ensuring its precision and integrity is intact.
You have your ethical conduct that you have to think about, following good ethical standards and impartiality in analyzing that evidence in providing the testimony. And very much like what we’ve already discussed, just being able to have the capability to continuously learn, staying up to date with latest developments in computer forensics and cybersecurity with ongoing training. Having some experience with cross-examination, moreover, just being able to be prepared to handle cross-examination and challenges, to credibility with experience in using mock trials or previous testimonies is very helpful in handling that type of work. And then understanding the knowledge of case law and being able to collaborate with others. So there’s a lot of skills and knowledge areas to think about when having to testify in court as an expert.
Steve Bowcut:
Interesting. That seems so fascinating to me. I can imagine that it would be nerve-rattling to be in that situation. You’ve got an aggressive defense attorney who’s trying to throw you off your game, and at the same time you have to explain some very technical things that you understand well, but you have to explain them to people who don’t understand them at all without putting them to sleep or making them think, ah, this is all hocus pocus. I don’t know what she’s talking about. Very good.
Rebecca Passmore:
That’s exactly correct.
Steve Bowcut:
That is fascinating. Thank you for sharing that.
Rebecca Passmore:
Thank you.
Steve Bowcut:
Listen, if you could take just a few minutes and talk to us about what you do at Kroll, your responsibilities. I’m trying to paint a picture here for our audience that if they pursue cybersecurity as their academic path, that these are the kinds of jobs that they could end up in. So tell us a little bit about what you currently do.
Rebecca Passmore:
Sure, absolutely. So my primary responsibility at Kroll include investigating complex cases which involve ransomware, insider threats, network intrusions, business email compromise, a lot of that, cloud enterprise attacks, and zero day attacks. So fortunately, I work with a team of experts that simultaneously determine what happened in each case. Each one of us works in an area that we’re looking for that piece that helps tell the story while building a timeline. Our goal is to identify the unauthorized access and assess the data at risk. So threat actors can gain unauthorized access without touching any sensitive data, or they can steal the most sensitive information from an environment. And it is our responsibility to explain, to the best of our capability, how that breach occurred.
That’s for the purpose of trying to help the client in the environment to harden and seal off those breaches and/or incidents that allowed the threat actor to gain unauthorized access. So my work contributes to the broader field of cybersecurity through all of these types of different types of digital investigations. Our investigations, findings, help with providing the indicators of compromise, or IOCs. We work really closely with our threat intelligence team and they can share these, I’m sorry, they can share these IOCs with others through their collaborative efforts. And then the more information we’re able to uncover after a threat actor delivers an attack, the better the clients can establish effective cybersecurity approaches within their specific ecosystems.
Steve Bowcut:
Excellent. Thank you, I appreciate that. All right, so Becky, up to this point, I think what we’ve done is we’ve painted a pretty good picture for the audience of the kinds of things that they could be involved in should they choose cybersecurity for digital forensics as a career path, as an educational path. Let’s focus now a little bit more on what that path might look like. There’s two things I want to get you to comment on. The first one is certifications and credentials, as you have plenty of them. And then of course we’ll move on to formal cybersecurity degrees and that kind of thing that’s available at University of Arkansas Little Rock. So let’s start with the certifications, the importance of them, when should students be thinking about getting them, if in fact they are important, before their formal university education or after or during. Just give us your take on how that works.
Rebecca Passmore:
Sure. I believe certifications are important, but they aren’t as important as the education and knowledge gained from learning cybersecurity. So while certifications can demonstrate specific skills and competencies, a foundational understanding and continuous learning in the field of cybersecurity are crucial for students and professionals. So it’s utilizing a sense of both, and whichever path chosen, whether certifications first, a bachelor’s degree in cybersecurity or some field, second, or a bachelor’s degree in the cybersecurity field and then certifications, they work with each other as you continue to spend your time learning the field of cybersecurity. I say all that to say that there are different programs and UA Little Rock has a great one of a bachelor of science in cybersecurity with stackable certificates and cybersecurity graduate certificates. They have a Cybersecurity Fundamentals Certificate of Proficiency, which provides students with opportunities for an entry level career in cybersecurity, which then augments their education with a better understanding of that cybersecurity discipline. That certificate can actually be earned independent from the degree program.
Also, we have an advanced Cybersecurity Technical Certificate, which is the program provides the fundamental courses necessary to begin as a cybersecurity professional. So students may consider taking that as an alternative to the traditional bachelor’s degree or as credit towards their bachelor’s degree. The certificate also may be earned independent of the degree program. So we have a couple of options there. On top of that, there’s the graduate certificate in cybersecurity and that certificate serves working professionals seeking career advancement with graduate assistants being able to conduct cybersecurity research and high school teachers also teaching those concurrent credit courses in cybersecurity. So there’s a couple of options there when it comes to what UA Little Rock offers and the cybersecurity certificates.
Steve Bowcut:
Interesting. I really love that what you’ve just described to us, allows for the fact that everybody’s path is different, everybody’s life is different. Some people are just not financially in a position where they can just not work and just go to school and get that bachelor’s degree and then start focusing on some professional certifications in what they’ve decided is the most interesting or where they want to work. That’s not realistic for many people, they need to work while they’re going to school. They want to get into cybersecurity right away and if they can get an entry-level job with a professional certification as part of an overall program to end up with a bachelor’s degree or a master’s degree, I think that is excellent. That’s much more realistic for many students who find themselves in these diverse situations. So thank you, I appreciate that. For people who don’t live in the Little Rock area, is there opportunity for them to be involved in some of these things?
Rebecca Passmore:
Absolutely. All of our courses in our cybersecurity program can be taken simultaneously through the online program. When I’m teaching at the university, I’m also teaching to online students who don’t live in the Little Rock area.
Steve Bowcut:
Oh, okay. Very good. Excellent. I always like to ask this question, we’re about out of time, but there’s a couple more questions. I always like to ask this one. I think I know the answer to this question given the background that you’ve already shared with us, but how do you keep what you teach relevant and current? There are some fundamentals we all need to learn when we’re getting a cybersecurity education, but it’s also very helpful to learn what’s going on today, the latest breaking news in cybersecurity and how that relates to what I’m learning if I’m a student. So how do you keep that curriculum practical and relevant?
Rebecca Passmore:
Absolutely. At UA Little Rock, one of the best ways for us to do this is through our cyber arena. We have a platform that provides a very safe and highly accessible cloud environment where students can engage in practical workouts to build their skills in that cybersecurity application. The best part about that is that you have industry professionals building these workouts from real life experiences, in real world scenarios and constantly evolving on top of what is current. And because we have that capability, we’re able to meet with industry professionals in the field who are doing this as well. They help us to create the internship opportunities as well as any other types of scenarios that we should be introducing to the students. We are constantly building based on current trends and evolving capabilities.
Steve Bowcut:
Excellent. So input from the industry, the people that are doing this every day, inserting ideas and curriculum development into the classroom. I love that. All right, so our last question here is kind of a fun question, but I think it’s important. It’s our future looking, what trends and challenges do you see? It’ll be interesting from your perspective what you see, and I think it helps students prepare for where their education needs to go if they have some idea of what the future might look like. From your perspective, what are some trends, challenges, does it include AI or quantum computing, or what do we need to at least be aware of as we’re beginning our cybersecurity education?
Rebecca Passmore:
Right, absolutely. And being in the fact that I work every day in this field, I completely understand where these challenges come from. So the emerging trends and challenges in digital forensics and cybersecurity include the increasing complexity of those cyber threats, the rise of artificial intelligence, and machine learning in both attacks and defenses, as well as the growth of cloud computing and the proliferation of IoT or Internet of Things. There is a thing that we always say about continuous learning, it’s always changing, it’s always evolving. There’s always later developments through these education and training opportunities. But continuous learning, having that technical proficiency, being able to have an understanding of AI and machine learning, have an understanding of cloud security, which is one of the classes that is offered at UA Little Rock, have some understanding of IoT security.
Being able to apply all of this with your legal and ethical awareness, just because it’s there does not mean that it’s eyes for everyone. So having that in your mindset with that legal and ethical awareness, and then building a collaboration and communication group, being able to network with people, learn from others, share your information. By having a strong collaboration and communication skills, it helps you to work effectively and with diverse and different fields such as your legal professionals, law enforcement, and other cybersecurity experts.
Steve Bowcut:
Excellent. I really like that answer because instead of worrying about what the future might bring, just adopt a mindset of continuous learning and then you really don’t have to worry about it, you’re going to be prepared. If you’re continuously learning, no matter where the future, which direction it goes, if you’re continuously learning, you’re going to be on the forefront of the field and you’re going to be prepared for what you have to do. That is a great way to look at it. Don’t stress about the future, just keep learning and you’ll be ready for it. I love that.
Rebecca Passmore:
Thanks.
Steve Bowcut:
Thank you Becky, so much. This has been so much fun for me. I really appreciate it. The information that you’ve given us and our audience is just invaluable. So thank you for spending part of your day with us today.
Rebecca Passmore:
Great. Thank you so much for having me. I appreciate the time I’ve had to discuss this with you.
Steve Bowcut:
Yeah, it’s been fun. A big thanks to our listeners for being with us. Please remember to subscribe and review if you find this podcast interesting. And join us next time for another episode of the Cybersecurity Guide Podcast.