The Things know What You Did Last Session
Will Baggett
DEF CON 33 · Day 1 · Main Stage
Will Baggett's DEF CON talk, "The Things know What You Did Last Session," delves into the critical intersection of digital forensics and the Internet of Things (IoT). Baggett, a seasoned expert with a background spanning NATO, the CIA, and Fortune 25 firms, highlights how seemingly innocuous or overlooked IoT devices are becoming pivotal sources of evidence in complex investigations. The presentation meticulously dissects three distinct, high-impact case studies—a suspicious Chinese voting machine, a sophisticated workplace timecard fraud scheme, and the pervasive issue of North Korean IT worker infiltration—to illustrate the evolving landscape of digital forensics.
AI review
Baggett brings legitimate field cred and three well-chosen case studies that give the talk real texture — the North Korean IT worker detection angle using Pi KVM fingerprinting and 2FA geolocation data is the most operationally useful material here. It's a competent applied-forensics talk, but the technical ceiling is low: nothing requires novel tooling, the chip-off discussion is surface-level, and experienced forensic practitioners will have seen most of these techniques before.