digital forensics
play

Digital Forensics Research is Investigator- Centric Robert J. - PowerPoint PPT Presentation

Dec 20, 2022 •187 likes •578 views

Effective Digital Forensics Research is Investigator- Centric Robert J. Walls Brian Neil Levine Marc Liberatore Clay Shields University of Massachusetts Amherst Georgetown University rjwalls@cs.umass.edu 1 forensics.umass.edu

  1. Effective Digital Forensics Research is Investigator- Centric Robert J. Walls Brian Neil Levine Marc Liberatore Clay Shields University of Massachusetts Amherst Georgetown University rjwalls@cs.umass.edu 1 forensics.umass.edu

  2. rjwalls@cs.umass.edu 2 forensics.umass.edu

  3. rjwalls@cs.umass.edu 2 forensics.umass.edu

  4. rjwalls@cs.umass.edu 3 forensics.umass.edu

  5. rjwalls@cs.umass.edu 3 forensics.umass.edu

  6. Digital forensics contends with the CSI-effect . rjwalls@cs.umass.edu 4 forensics.umass.edu

  7. and security ^ Digital forensics contends with the CSI-effect . rjwalls@cs.umass.edu 4 forensics.umass.edu

  8. Digital forensics lacks a solid scientific foundation . rjwalls@cs.umass.edu 5 forensics.umass.edu

  9. Digital forensics struggles with practical challenges . rjwalls@cs.umass.edu 6 forensics.umass.edu

  10. Digital forensics impacts people directly . rjwalls@cs.umass.edu 7 forensics.umass.edu

  11. rjwalls@cs.umass.edu 8 forensics.umass.edu

  12. Security, privacy, & forensics? rjwalls@cs.umass.edu 9 forensics.umass.edu

  13. rjwalls@cs.umass.edu 10 forensics.umass.edu

  14. 5 principles for researchers . rjwalls@cs.umass.edu 11 forensics.umass.edu

  15. rjwalls@cs.umass.edu 12 forensics.umass.edu

  16. rjwalls@cs.umass.edu 13 forensics.umass.edu

  17. Digital Forensics is Investigator-Centric 1 rjwalls@cs.umass.edu 14 forensics.umass.edu

  18. 1: Forensics is Investigator-Centric > Research is investigator driven. rjwalls@cs.umass.edu 15 forensics.umass.edu

  19. 1: Forensics is Investigator-Centric > Research is investigator driven. > Consider both goals and constraints. rjwalls@cs.umass.edu 15 forensics.umass.edu

  20. 1: Forensics is Investigator-Centric > Research is investigator driven. > Consider both goals and constraints. > Break the rules lose the case. rjwalls@cs.umass.edu 15 forensics.umass.edu

  21. 1: Forensics is Investigator-Centric > Research is investigator driven. > Consider both goals and constraints. > Break the rules lose the case. > The rules change. rjwalls@cs.umass.edu 15 forensics.umass.edu

  22. Forensics and law are inseparable 2 rjwalls@cs.umass.edu 16 forensics.umass.edu

  23. 2: Forensics and law are inseparable > Law is struggling to keep up. rjwalls@cs.umass.edu 17 forensics.umass.edu

  24. 2: Forensics and law are inseparable > Law is struggling to keep up. > How does seizure apply to data? rjwalls@cs.umass.edu 17 forensics.umass.edu

  25. 2: Forensics and law are inseparable > Law is struggling to keep up. > How does seizure apply to data? > Unproven techniques are risky. rjwalls@cs.umass.edu 17 forensics.umass.edu

  26. Investigations are about People 3 rjwalls@cs.umass.edu 18 forensics.umass.edu

  27. 3: Investigations are about people > Focus on the person, not the machine. rjwalls@cs.umass.edu 19 forensics.umass.edu

  28. 3: Investigations are about people > Focus on the person, not the machine. > Intent is outside of security domain. rjwalls@cs.umass.edu 19 forensics.umass.edu

  29. 3: Investigations are about people > Focus on the person, not the machine. > Intent is outside of security domain. > Crime may not violate security. rjwalls@cs.umass.edu 19 forensics.umass.edu

  30. Still useful to catch the Dumb Ones 4 rjwalls@cs.umass.edu 20 forensics.umass.edu

  31. 4: Still useful to catch the dumb ones > Doesn’t have to be foolproof to be useful. rjwalls@cs.umass.edu 21 forensics.umass.edu

  32. 4: Still useful to catch the dumb ones > Doesn’t have to be foolproof to be useful. > Tech savvy criminals aren’t more dangerous. rjwalls@cs.umass.edu 21 forensics.umass.edu

  33. 4: Still useful to catch the dumb ones > Doesn’t have to be foolproof to be useful. > Tech savvy criminals aren’t more dangerous. > 40% is still good. rjwalls@cs.umass.edu 21 forensics.umass.edu

  34. Keep it 5 Simple rjwalls@cs.umass.edu 22 forensics.umass.edu

  35. 5: Keep it simple > Make it simple for investigators to use it. rjwalls@cs.umass.edu 23 forensics.umass.edu

  36. 5: Keep it simple > Make it simple for investigators to use it. > Must be within Investigator capabilities. rjwalls@cs.umass.edu 23 forensics.umass.edu

  37. 5: Keep it simple > Make it simple for investigators to use it. > Must be within Investigator capabilities. > Often simpler non-computer solutions. rjwalls@cs.umass.edu 23 forensics.umass.edu

  38. Forensics research without these principles is not forensics. rjwalls@cs.umass.edu 24 forensics.umass.edu

  39. 1: Forensics is Investigator-Centric. 2: Forensics and law are inseparable. 3: Investigations are about people. 4: Still useful to catch the dumb ones. 5: Keep it simple. This work was supported in part by NSF awards CNS-1018615, CNS-0905349, and DUE-0830876, and in part by NIJ award 2008-CE-CX- K005. rjwalls@cs.umass.edu 25 forensics.umass.edu

Recommend

About this presentation : Learning : What is Digital Forensics ? Political : Digital

About this presentation : Learning : What is Digital Forensics ? Political : Digital

An introduction to digital forensics About this presentation : Learning : What is Digital Forensics ? Political : Digital Forensics and Open Sources licensing Tool time : Digital Forensics Framework Presented by Solal Jacob core dev.

444 views • 30 slides
Digital forensics and malware Digital forensics According to Wikipedia, you could be looking

Digital forensics and malware Digital forensics According to Wikipedia, you could be looking

Digital forensics and malware Digital forensics According to Wikipedia, you could be looking for: attribution, alibis and statements, intent, evaluation of source, document authentication File carving ( e.g. , bifragment gap carving)

630 views • 13 slides
Digital Forensics for SSC Solvers Daniel Kouril EGI CSIRT Digital Forensics Methods to

Digital Forensics for SSC Solvers Daniel Kouril EGI CSIRT Digital Forensics Methods to

Digital Forensics for SSC Solvers Daniel Kouril EGI CSIRT Digital Forensics Methods to collect and analyze (digital) evidence Three basic phases Data collection, Analysis, Reporting Triage Various sources of information

307 views • 20 slides
CSN08101 Digital Forensics Lecture 1A: Introduction to Forensics Lecture 1A: Introduction to

CSN08101 Digital Forensics Lecture 1A: Introduction to Forensics Lecture 1A: Introduction to

CSN08101 Digital Forensics Lecture 1A: Introduction to Forensics Lecture 1A: Introduction to Forensics Module Leader: Dr Gordon Russell Lecturers: Robert Ludwiniak Digital Forensics You will learn in this module: The principals of

1.09k views • 34 slides
Preventive Digital Forensics: Creating Preventive Digital Forensics Systems to Proactively

Preventive Digital Forensics: Creating Preventive Digital Forensics Systems to Proactively

FloCon 2015 Conference January 15, 2015 Portland, Oregon Preventive Digital Forensics: Creating Preventive Digital Forensics Systems to Proactively Resolve Computer Security Incidents in Organizations JESUS RAMIREZ PICHARDO (PMP, GCFA,

333 views • 30 slides
Teaching digital forensics in a large class Teaching forensics at of students UL FRI

Teaching digital forensics in a large class Teaching forensics at of students UL FRI

Teaching digital forensics in a large class of students Teaching digital forensics in a large class Teaching forensics at of students UL FRI Generating customized disk images Gaper Fele-or University of Ljubljana, Faculty of

446 views • 23 slides
Introduction Why is the Study of Digital Forensics Relevant? What is Digital/Computer

Introduction Why is the Study of Digital Forensics Relevant? What is Digital/Computer

Introduction to Digital Forensics Introduction Why is the Study of Digital Forensics Relevant? What is Digital/Computer Forensics? What do you Need for a Careers in Computer Digital Forensics? Educational Background

509 views • 29 slides
Digital Forensics Unraveling Incidents one byte at a time Digital Forensics Characteristics of

Digital Forensics Unraveling Incidents one byte at a time Digital Forensics Characteristics of

Digital Forensics Unraveling Incidents one byte at a time Digital Forensics Characteristics of Digital Evidence: Admissible evidence must be related to the fact being proved Authentic evidence must be real and related to the

1.13k views • 68 slides
Digital Forensics: A Cybersecurity Approach Hector Rivera Basiru Mohammed Michael Marin Robert

Digital Forensics: A Cybersecurity Approach Hector Rivera Basiru Mohammed Michael Marin Robert

Digital Forensics: A Cybersecurity Approach Hector Rivera Basiru Mohammed Michael Marin Robert Malegiannakis Ricardo Justiniano Introduction - What is Digital Forensics? Digital forensics defined - The process of recovering and interpreting

478 views • 30 slides
Image Forensics of High Dynamic Range Imaging 10th International Workshop on Digital-Forensics

Image Forensics of High Dynamic Range Imaging 10th International Workshop on Digital-Forensics

Image Forensics of High Dynamic Range Imaging 10th International Workshop on Digital-Forensics & Watermarking P. J. Bateman, A. T. S. Ho, and J. A. Briffa This research is sponsored by an EPSRC/Charteris CASE Award Image Forensics

703 views • 38 slides
CSN11121/CSN11122 System Administration and Forensics Introduction to Digital Forensic

CSN11121/CSN11122 System Administration and Forensics Introduction to Digital Forensic

CSN11121/CSN11122 System Administration and Forensics Introduction to Digital Forensic 20/10/2011 r.ludwiniak@napier.ac.uk Lecture Objectives 1. History and definition of Digital Forensics 2. Context for an investigation 3. An overview of

1.04k views • 65 slides
Challenges in Digital Forensic Research R.I. Ferguson ian.ferguson@abertay.ac.uk 2 minute

Challenges in Digital Forensic Research R.I. Ferguson ian.ferguson@abertay.ac.uk 2 minute

Challenges in Digital Forensic Research R.I. Ferguson ian.ferguson@abertay.ac.uk 2 minute intro to Digital Forensics Some challenges scale cloud the encryption boundary anti-forensics Digital Forensics in 2 mins

415 views • 7 slides
Massive Threading: Using GPUs to Increase the Performance of Digital Forensics Tools Lodovico

Massive Threading: Using GPUs to Increase the Performance of Digital Forensics Tools Lodovico

Massive Threading: Using GPUs to Increase the Performance of Digital Forensics Tools Lodovico Marziale, Golden G. Richard III, Vassil Roussev Me: Professor of Computer Science Co-founder, Digital Forensics Solutions golden@cs.uno.edu

489 views • 28 slides
HACKING PARIS 2014 EXTREME FORENSICS RELOADES 2Q /2014 Alvaro Alexander Soto Digital Forensics

HACKING PARIS 2014 EXTREME FORENSICS RELOADES 2Q /2014 Alvaro Alexander Soto Digital Forensics

HACKING PARIS 2014 EXTREME FORENSICS RELOADES 2Q /2014 Alvaro Alexander Soto Digital Forensics Lab Director HTCIA/ICFP/ACM/IEEE/ACIS/ISSA asoto@asoto.com INTENDED AUDIENCE Forensic lab directors / analysts - Law enforcement - Researchers -

568 views • 36 slides
Andrew Case Who Am I? Security Analyst at Digital Forensics Solutions Also perform wide

Andrew Case Who Am I? Security Analyst at Digital Forensics Solutions Also perform wide

Linux Memory Analysis Workshop Session 1 Andrew Case Who Am I? Security Analyst at Digital Forensics Solutions Also perform wide ranging forensics investigations Volatility Developer Former Blackhat, SOURCE, and DFRWS speaker

1.64k views • 162 slides
Malware Forensics Sukwha Kyung The Center for Cybersecurity and Digital Forensics A RIZONA S TATE

Malware Forensics Sukwha Kyung The Center for Cybersecurity and Digital Forensics A RIZONA S TATE

A RIZONA S TATE U NIVERSITY Malware Forensics Sukwha Kyung The Center for Cybersecurity and Digital Forensics A RIZONA S TATE U NIVERSITY Common Types of Attacks Phishing Malware SQLi XSS MITM DoS Brute-force &

858 views • 55 slides
Electronic Discovery Electronic Discovery & Digital Forensics & Digital Forensics

Electronic Discovery Electronic Discovery & Digital Forensics & Digital Forensics

San Francisco Chapter San Francisco Chapter Electronic Discovery Electronic Discovery & Digital Forensics & Digital Forensics Robert Schperberg New New Federal Rule of Civil Procedures Federal Rule of Civil Procedures Also

654 views • 63 slides
Trends in Mobile Device Forensics Jonathan Rajewski, MS, CCE, CFE, CISSP, ENCE, TJFC Director -

Trends in Mobile Device Forensics Jonathan Rajewski, MS, CCE, CFE, CISSP, ENCE, TJFC Director -

8/29/2016 Trends in Mobile Device Forensics Jonathan Rajewski, MS, CCE, CFE, CISSP, ENCE, TJFC Director - Senator Leahy Center for Digital Investigation @jtrajewski Associate Professor - Digital Forensics | Cyber Security

344 views • 18 slides
Cloud Forensics ASEAN CSA Summit 2015 Bangkok, Thailand 11 12 June 2015 Dr Kim-Kwang Raymond

Cloud Forensics ASEAN CSA Summit 2015 Bangkok, Thailand 11 12 June 2015 Dr Kim-Kwang Raymond

Cloud Forensics ASEAN CSA Summit 2015 Bangkok, Thailand 11 12 June 2015 Dr Kim-Kwang Raymond Choo The role of digital forensics in incident handling Sources of digital evidence: Any computing devices capable of storing electronic

527 views • 16 slides
CERTs and Digital Forensics: The Need for Security Collaborations Among Regions Dr. Soranun

CERTs and Digital Forensics: The Need for Security Collaborations Among Regions Dr. Soranun

CERTs and Digital Forensics: The Need for Security Collaborations Among Regions Dr. Soranun Jiwasurat Division Director, Office of Security, ETDA 1 ThaiCERT: A Quick Glance A government funded unit, established in 2000 The first and

654 views • 22 slides
Computational Forensics: Machine Learning and Predictive Analytics Carl Stuart Leichter PhD

Computational Forensics: Machine Learning and Predictive Analytics Carl Stuart Leichter PhD

Fundamentals of Computational Forensics: Machine Learning and Predictive Analytics Carl Stuart Leichter PhD carl.leichter@ntnu.no NTNU Testimon Digital Forensics Group NTNU Testimon Digital Forensics Group Cyber Threat Intelligence and

1.5k views • 131 slides
CSN08101 Digital Forensics Lecture 5: Data management and Autopsy Lecture 5: Data management and

CSN08101 Digital Forensics Lecture 5: Data management and Autopsy Lecture 5: Data management and

CSN08101 Digital Forensics Lecture 5: Data management and Autopsy Lecture 5: Data management and Autopsy Module Leader: Dr Gordon Russell Lecturers: Robert Ludwiniak Data Management for Forensics You will learn in this lecture: Command

663 views • 24 slides
TBD Challenges for Digital Forensics and Incident Response on Virtualization and Cloud Computing

TBD Challenges for Digital Forensics and Incident Response on Virtualization and Cloud Computing

TBD Challenges for Digital Forensics and Incident Response on Virtualization and Cloud Computing Platforms Introduction Christopher Day, Chief Security Architect, Terremark Responsible for Terremarks global information security services

332 views • 30 slides
Nuclear Forensics Attribution as a Digital Library Search Problem ARI Grant Oral Presentation,

Nuclear Forensics Attribution as a Digital Library Search Problem ARI Grant Oral Presentation,

Nuclear Forensics Attribution as a Digital Library Search Problem ARI Grant Oral Presentation, Washington DC, July 23, 2012 Fredric Gey (PI), Ray R Larson (co-PI), Electra Sutton (scientist) (students) Chloe Reynolds, David Weisz, Matthew

441 views • 20 slides

More recommend