If we do not have it we should build it (Forensic Readiness in Application Security)

The design of life saving software plays a vital role in the Medical Manufacturing industry. The way in which medical devices are being revolutionised is staggering and breathtaking, but it hasn’t necessarily resulted in a corresponding revolution in how these devices are built. With the advancement and evolution of research into chronic illness; newer, more advanced, methods are found to more effectively treat these chronic illnesses. Medical technologies can be defined as products, services, or solutions which are used to improve and prolong life. Statistics done in 2019 showed that there are more than 500,000 medical technologies such as implantable devices, patient monitors, and robotic surgery aids are available to hospitals and patients. The medical device industry is poised for a steady increase in growth, with a global forecasted annual sales growth of over 5% a year and estimated to reach 800 Billion US dollars by 2023. The question is how prepared are we to deal with medical device forensics and additionally how mature is the data on these devices. This talk focuses on the frustrations that Veronica has faced as a patient, hacker, and forensicator in realizing that forensic readiness should be build into these devices as they contain little to no forensic value currently. When nothing goes right, go left. By influencing the way the devices are built and the developers that build them has shown an increase in the forensic readiness of devices. We need to create a team of Forensic Developers to enable future forensicators to have success in dealing with breaches on these devices.