About - Felix Anda

Hi I’m Felix, a digital forensic and security researcher. I worked as a postgraduate teaching assistant at University College Dublin in the School of Computer Science but now have moved to the industry. I love coding, building my own tools and finding out how things work. I’m passionate about technology and how it can be used to assist the most vulnerable.

My research interest are within the intersection of cybersecurity, digital forensics and cybercrime investigations, deep learning, generative adversarial networks (GANs), forensic age estimation, ethical dataset curation and addressing data bias. My research interests include and are not limited to the use of GANs as data augmentation techniques to create synthetic data for facial age images to assist training and testing due to the lack of images in datasets for certain age/gender/ethnicity groups.

My work and research

A long time ago I implemented a silent network panic button that worked pressing the escape button 3 times. It was sold to a company in Quito. The program would send a windows alert message through the network to the configured parties. It was developed with Autohotkey scripts. Later I realised that I could use the same script software to create a stealthy keylogger which would target the discontinued microsoft windows messenger. I valued much open access data and web scrapping robots were used to collect information over certain websites before captcha was introduced. Anonimity was achieved with tor and privoxy to hide the collectors ip address. Today with captcha omnipresent, I was still able to bypass some weak implementations using deep learning.

I have created Windows interfases that automated and processed swift messages of all types (MT XXX) using VB6.0, C# and Microsoft SQL Server. I developed a multi-layer Web Application and Web Service that connected to the watch list manager and is capable of screening customers, vessels, organizations, countries, etc. To decrease regulatory risk while complying with regulations. The technology used in the front-end was a mix of AJAX, Javascript, JQuery and Telerik UI. The back-end consisted in C# application procedures with mainly ADO.NET Datasets. The database used was SQL Server and was managed by LINQ. I was maintaining software applications and fixing bugs. I was evaluating and implementing the migration of Microsoft SQL to Oracle in a commercial product. We were once assigned to test a chat platform that was developed by a contractor. As I had a slightly different mindset as my peers, I was injecting code on the chat and found out that it was vulnerable to XSS. Later I offered them the correct solution to mitigate the problem. The main issue was that I was recently hired and seen as the new guy for which they felt uncomfortable and dismissed my advise. Another project which I was assigned was the migration of the traditional authentication system to a web service based authentication system. I found a sql injection vulnerability that compromised the whole business infrastructure and would have caused significant losses to the company. I reported the vulnerablity but it received little attention. Later the issue escalated and I was the one assigned to fix the security breach which I did with ease by sanitizing the inputs. Finally, I was involved in ASP, C# and SQL Projects for several banks. An interesting fix was the implementation of Asymmetric Key Algorithms and Secure FTP in Microsoft SQL 2000 with stored procedures to mitigate some security issues. I’m familiar with control version systems and several software methodologies ranging from traditional linear development, waterfall and Agile.

My research interests include the application of deep learning on facial images to assist cybercrime investigations. We are living in a era where most transactions are contact-less, social media platforms are commonplace and a part of our daily life is recorded either in a permissive or surreptitious manner. Whether we are present in an online meeting, daily social media feed, a peer-connected calendar, a live gaming or video stream, hundreds of bytes of our information are sent through a network to a server. The exponential growth of storage is also enabling thousands of multimedia content to be stored locally on digital devices but at the same time challenging digital investigations that are hampered by the accumulation of such devices that were stored in a forensic laboratory awaiting to be processed by an expert in a timely manner. The size and amount of information that requires analysis is increasing, leading to an ungovernable digital forensic backlog. Digital forensic practitioners have become overwhelmed by the amount of data that they encounter and are requiring the implementation of artificial intelligence as tools and techniques to aid investigations, to discover, gather and analyse records swiftly.

My background and history

I received my Ph.D in Computer Science in 2021 thanks to a Scholarship granted by the UCD School of Computer Science. I obtained my Msc. in Computing and Security from the Faculty of Natural and Mathematical Sciences at King’s College London also through a Scholarship. My BSE. was obtained in Quito at the Pontifical Catholic University of Ecuador. Prior to receiving my Masters I was working for over 5 years designing implementing and maintaining software for several financial and private entities. I have vast experience programming in Python, C#, Java, and C++, experience with relational and non-relational databases and passionate about information security topics, digital forensics, computer intrusion techniques such as SQL injection, poisoning, key loggers, trojans, backdoors, etc.