digital forensics
play

Digital Forensics Research is Investigator- Centric Robert J. - PowerPoint PPT Presentation

Dec 20, 2022 •187 likes •578 views

Effective Digital Forensics Research is Investigator- Centric Robert J. Walls Brian Neil Levine Marc Liberatore Clay Shields University of Massachusetts Amherst Georgetown University rjwalls@cs.umass.edu 1 forensics.umass.edu

  1. Effective Digital Forensics Research is Investigator- Centric Robert J. Walls Brian Neil Levine Marc Liberatore Clay Shields University of Massachusetts Amherst Georgetown University rjwalls@cs.umass.edu 1 forensics.umass.edu

  2. rjwalls@cs.umass.edu 2 forensics.umass.edu

  3. rjwalls@cs.umass.edu 2 forensics.umass.edu

  4. rjwalls@cs.umass.edu 3 forensics.umass.edu

  5. rjwalls@cs.umass.edu 3 forensics.umass.edu

  6. Digital forensics contends with the CSI-effect . rjwalls@cs.umass.edu 4 forensics.umass.edu

  7. and security ^ Digital forensics contends with the CSI-effect . rjwalls@cs.umass.edu 4 forensics.umass.edu

  8. Digital forensics lacks a solid scientific foundation . rjwalls@cs.umass.edu 5 forensics.umass.edu

  9. Digital forensics struggles with practical challenges . rjwalls@cs.umass.edu 6 forensics.umass.edu

  10. Digital forensics impacts people directly . rjwalls@cs.umass.edu 7 forensics.umass.edu

  11. rjwalls@cs.umass.edu 8 forensics.umass.edu

  12. Security, privacy, & forensics? rjwalls@cs.umass.edu 9 forensics.umass.edu

  13. rjwalls@cs.umass.edu 10 forensics.umass.edu

  14. 5 principles for researchers . rjwalls@cs.umass.edu 11 forensics.umass.edu

  15. rjwalls@cs.umass.edu 12 forensics.umass.edu

  16. rjwalls@cs.umass.edu 13 forensics.umass.edu

  17. Digital Forensics is Investigator-Centric 1 rjwalls@cs.umass.edu 14 forensics.umass.edu

  18. 1: Forensics is Investigator-Centric > Research is investigator driven. rjwalls@cs.umass.edu 15 forensics.umass.edu

  19. 1: Forensics is Investigator-Centric > Research is investigator driven. > Consider both goals and constraints. rjwalls@cs.umass.edu 15 forensics.umass.edu

  20. 1: Forensics is Investigator-Centric > Research is investigator driven. > Consider both goals and constraints. > Break the rules lose the case. rjwalls@cs.umass.edu 15 forensics.umass.edu

  21. 1: Forensics is Investigator-Centric > Research is investigator driven. > Consider both goals and constraints. > Break the rules lose the case. > The rules change. rjwalls@cs.umass.edu 15 forensics.umass.edu

  22. Forensics and law are inseparable 2 rjwalls@cs.umass.edu 16 forensics.umass.edu

  23. 2: Forensics and law are inseparable > Law is struggling to keep up. rjwalls@cs.umass.edu 17 forensics.umass.edu

  24. 2: Forensics and law are inseparable > Law is struggling to keep up. > How does seizure apply to data? rjwalls@cs.umass.edu 17 forensics.umass.edu

  25. 2: Forensics and law are inseparable > Law is struggling to keep up. > How does seizure apply to data? > Unproven techniques are risky. rjwalls@cs.umass.edu 17 forensics.umass.edu

  26. Investigations are about People 3 rjwalls@cs.umass.edu 18 forensics.umass.edu

  27. 3: Investigations are about people > Focus on the person, not the machine. rjwalls@cs.umass.edu 19 forensics.umass.edu

  28. 3: Investigations are about people > Focus on the person, not the machine. > Intent is outside of security domain. rjwalls@cs.umass.edu 19 forensics.umass.edu

  29. 3: Investigations are about people > Focus on the person, not the machine. > Intent is outside of security domain. > Crime may not violate security. rjwalls@cs.umass.edu 19 forensics.umass.edu

  30. Still useful to catch the Dumb Ones 4 rjwalls@cs.umass.edu 20 forensics.umass.edu

  31. 4: Still useful to catch the dumb ones > Doesn’t have to be foolproof to be useful. rjwalls@cs.umass.edu 21 forensics.umass.edu

  32. 4: Still useful to catch the dumb ones > Doesn’t have to be foolproof to be useful. > Tech savvy criminals aren’t more dangerous. rjwalls@cs.umass.edu 21 forensics.umass.edu

  33. 4: Still useful to catch the dumb ones > Doesn’t have to be foolproof to be useful. > Tech savvy criminals aren’t more dangerous. > 40% is still good. rjwalls@cs.umass.edu 21 forensics.umass.edu

  34. Keep it 5 Simple rjwalls@cs.umass.edu 22 forensics.umass.edu

  35. 5: Keep it simple > Make it simple for investigators to use it. rjwalls@cs.umass.edu 23 forensics.umass.edu

  36. 5: Keep it simple > Make it simple for investigators to use it. > Must be within Investigator capabilities. rjwalls@cs.umass.edu 23 forensics.umass.edu

  37. 5: Keep it simple > Make it simple for investigators to use it. > Must be within Investigator capabilities. > Often simpler non-computer solutions. rjwalls@cs.umass.edu 23 forensics.umass.edu

  38. Forensics research without these principles is not forensics. rjwalls@cs.umass.edu 24 forensics.umass.edu

  39. 1: Forensics is Investigator-Centric. 2: Forensics and law are inseparable. 3: Investigations are about people. 4: Still useful to catch the dumb ones. 5: Keep it simple. This work was supported in part by NSF awards CNS-1018615, CNS-0905349, and DUE-0830876, and in part by NIJ award 2008-CE-CX- K005. rjwalls@cs.umass.edu 25 forensics.umass.edu

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

About this presentation : Learning : What is Digital Forensics ? Political : Digital

About this presentation : Learning : What is Digital Forensics ? Political : Digital

An introduction to digital forensics About this presentation : Learning : What is Digital Forensics ? Political : Digital Forensics and Open Sources licensing Tool time : Digital Forensics Framework Presented by Solal Jacob core dev.

444 views • 30 slides
Digital forensics and malware Digital forensics According to Wikipedia, you could be looking

Digital forensics and malware Digital forensics According to Wikipedia, you could be looking

Digital forensics and malware Digital forensics According to Wikipedia, you could be looking for: attribution, alibis and statements, intent, evaluation of source, document authentication File carving ( e.g. , bifragment gap carving)

630 views • 13 slides
Digital Forensics for SSC Solvers Daniel Kouril EGI CSIRT Digital Forensics Methods to

Digital Forensics for SSC Solvers Daniel Kouril EGI CSIRT Digital Forensics Methods to

Digital Forensics for SSC Solvers Daniel Kouril EGI CSIRT Digital Forensics Methods to collect and analyze (digital) evidence Three basic phases Data collection, Analysis, Reporting Triage Various sources of information

307 views • 20 slides
CSN08101 Digital Forensics Lecture 1A: Introduction to Forensics Lecture 1A: Introduction to

CSN08101 Digital Forensics Lecture 1A: Introduction to Forensics Lecture 1A: Introduction to

CSN08101 Digital Forensics Lecture 1A: Introduction to Forensics Lecture 1A: Introduction to Forensics Module Leader: Dr Gordon Russell Lecturers: Robert Ludwiniak Digital Forensics You will learn in this module: The principals of

1.09k views • 34 slides
Preventive Digital Forensics: Creating Preventive Digital Forensics Systems to Proactively

Preventive Digital Forensics: Creating Preventive Digital Forensics Systems to Proactively

FloCon 2015 Conference January 15, 2015 Portland, Oregon Preventive Digital Forensics: Creating Preventive Digital Forensics Systems to Proactively Resolve Computer Security Incidents in Organizations JESUS RAMIREZ PICHARDO (PMP, GCFA,

333 views • 30 slides
Teaching digital forensics in a large class Teaching forensics at of students UL FRI

Teaching digital forensics in a large class Teaching forensics at of students UL FRI

Teaching digital forensics in a large class of students Teaching digital forensics in a large class Teaching forensics at of students UL FRI Generating customized disk images Gaper Fele-or University of Ljubljana, Faculty of

446 views • 23 slides
Introduction Why is the Study of Digital Forensics Relevant? What is Digital/Computer

Introduction Why is the Study of Digital Forensics Relevant? What is Digital/Computer

Introduction to Digital Forensics Introduction Why is the Study of Digital Forensics Relevant? What is Digital/Computer Forensics? What do you Need for a Careers in Computer Digital Forensics? Educational Background

509 views • 29 slides
Digital Forensics Unraveling Incidents one byte at a time Digital Forensics Characteristics of

Digital Forensics Unraveling Incidents one byte at a time Digital Forensics Characteristics of

Digital Forensics Unraveling Incidents one byte at a time Digital Forensics Characteristics of Digital Evidence: Admissible evidence must be related to the fact being proved Authentic evidence must be real and related to the

1.13k views • 68 slides
Digital Forensics: A Cybersecurity Approach Hector Rivera Basiru Mohammed Michael Marin Robert

Digital Forensics: A Cybersecurity Approach Hector Rivera Basiru Mohammed Michael Marin Robert

Digital Forensics: A Cybersecurity Approach Hector Rivera Basiru Mohammed Michael Marin Robert Malegiannakis Ricardo Justiniano Introduction - What is Digital Forensics? Digital forensics defined - The process of recovering and interpreting

478 views • 30 slides
Image Forensics of High Dynamic Range Imaging 10th International Workshop on Digital-Forensics

Image Forensics of High Dynamic Range Imaging 10th International Workshop on Digital-Forensics

Image Forensics of High Dynamic Range Imaging 10th International Workshop on Digital-Forensics & Watermarking P. J. Bateman, A. T. S. Ho, and J. A. Briffa This research is sponsored by an EPSRC/Charteris CASE Award Image Forensics

703 views • 38 slides
CSN11121/CSN11122 System Administration and Forensics Introduction to Digital Forensic

CSN11121/CSN11122 System Administration and Forensics Introduction to Digital Forensic

CSN11121/CSN11122 System Administration and Forensics Introduction to Digital Forensic 20/10/2011 r.ludwiniak@napier.ac.uk Lecture Objectives 1. History and definition of Digital Forensics 2. Context for an investigation 3. An overview of

1.04k views • 65 slides
Challenges in Digital Forensic Research R.I. Ferguson ian.ferguson@abertay.ac.uk 2 minute

Challenges in Digital Forensic Research R.I. Ferguson ian.ferguson@abertay.ac.uk 2 minute

Challenges in Digital Forensic Research R.I. Ferguson ian.ferguson@abertay.ac.uk 2 minute intro to Digital Forensics Some challenges scale cloud the encryption boundary anti-forensics Digital Forensics in 2 mins

415 views • 7 slides
Massive Threading: Using GPUs to Increase the Performance of Digital Forensics Tools Lodovico

Massive Threading: Using GPUs to Increase the Performance of Digital Forensics Tools Lodovico

Massive Threading: Using GPUs to Increase the Performance of Digital Forensics Tools Lodovico Marziale, Golden G. Richard III, Vassil Roussev Me: Professor of Computer Science Co-founder, Digital Forensics Solutions golden@cs.uno.edu

489 views • 28 slides
HACKING PARIS 2014 EXTREME FORENSICS RELOADES 2Q /2014 Alvaro Alexander Soto Digital Forensics

HACKING PARIS 2014 EXTREME FORENSICS RELOADES 2Q /2014 Alvaro Alexander Soto Digital Forensics

HACKING PARIS 2014 EXTREME FORENSICS RELOADES 2Q /2014 Alvaro Alexander Soto Digital Forensics Lab Director HTCIA/ICFP/ACM/IEEE/ACIS/ISSA asoto@asoto.com INTENDED AUDIENCE Forensic lab directors / analysts - Law enforcement - Researchers -

568 views • 36 slides
Andrew Case Who Am I? Security Analyst at Digital Forensics Solutions Also perform wide

Andrew Case Who Am I? Security Analyst at Digital Forensics Solutions Also perform wide

Linux Memory Analysis Workshop Session 1 Andrew Case Who Am I? Security Analyst at Digital Forensics Solutions Also perform wide ranging forensics investigations Volatility Developer Former Blackhat, SOURCE, and DFRWS speaker

1.64k views • 162 slides
Malware Forensics Sukwha Kyung The Center for Cybersecurity and Digital Forensics A RIZONA S TATE

Malware Forensics Sukwha Kyung The Center for Cybersecurity and Digital Forensics A RIZONA S TATE

A RIZONA S TATE U NIVERSITY Malware Forensics Sukwha Kyung The Center for Cybersecurity and Digital Forensics A RIZONA S TATE U NIVERSITY Common Types of Attacks Phishing Malware SQLi XSS MITM DoS Brute-force &

858 views • 55 slides
The Developments of Brazils Operation Car Wash and Business Opportunities in connection

The Developments of Brazils Operation Car Wash and Business Opportunities in connection

The Developments of Brazils Operation Car Wash and Business Opportunities in connection with Petrobras New Investment Plan William Michael Jr. Salim Jorge Saud Neto Partner Partner +1 312 701 7653 +55 21 2127 4210

767 views • 38 slides
A Default Logic Patch for Default Logic { ECSQARU09 Verona, Italy July 1-3, 2009 }

A Default Logic Patch for Default Logic { ECSQARU09 Verona, Italy July 1-3, 2009 }

A Default Logic Patch for Default Logic { ECSQARU09 Verona, Italy July 1-3, 2009 } Ph. Besnard 1 egoire 2 E. Gr S. Ramon 2 1 IRIT CNRS UMR 5505 Toulouse, France 2 Universit e dArtois CRIL CNRS UMR 8188 Lens, France A

670 views • 47 slides
Promotion Test 2020 When is Promotion Test? Promotion Test would be held on the 20th of October

Promotion Test 2020 When is Promotion Test? Promotion Test would be held on the 20th of October

Promotion Test 2020 When is Promotion Test? Promotion Test would be held on the 20th of October 2020 for ALL batches. 2 16th Batch Promotions Test Ranks to be Taken All cadets in 16th Batch would be taking the test to promote to the rank of

160 views • 14 slides
New Findings in SPI Chip Coldren & Vivian Elliott (facilitators) Lt. Det. Darrin Greeley

New Findings in SPI Chip Coldren & Vivian Elliott (facilitators) Lt. Det. Darrin Greeley

New Findings in SPI Chip Coldren & Vivian Elliott (facilitators) Lt. Det. Darrin Greeley & Desiree Dusseault (Boston SPI) Commissioner Robert Haas (ret.) & Dr. Julie Schnobrich- Davis (Cambridge SPI) Deputy Chief Dennis Kato &

928 views • 44 slides
If you would like to ask a question please use the chat feature . Please remember to select Host,

If you would like to ask a question please use the chat feature . Please remember to select Host,

This webinar is being audio cast via the speakers on your computer. If you would like to join using the phone, the call-in number can be found: - At the end of your registration email - In the Event Info tab on the top left hand side of

699 views • 54 slides
Forensic Inves,ga,ons in Cyberspace: what about big data? Katrin

Forensic Inves,ga,ons in Cyberspace: what about big data? Katrin

Computa*onal Forensics Forensic Inves,ga,ons in Cyberspace: what about big data? Katrin Franke Norwegian Information Security Laboratory (NISlab), Department of Computer Science and Media Technology,

587 views • 35 slides
L Legislative & Ethical Questions i l ti & Ethi l Q ti Regarding DNA and other

L Legislative & Ethical Questions i l ti & Ethi l Q ti Regarding DNA and other

L Legislative & Ethical Questions i l ti & Ethi l Q ti Regarding DNA and other Forensic g g Biometric Databases: Dr. Elazar (Azi) Zadok Police Brig. General (Ret.) P li B i G l (R t ) Director, Forensic Science

572 views • 28 slides
Executive Forum Where/When Session 1 Introductions 2 Who Are We? Background and Credentials

Executive Forum Where/When Session 1 Introductions 2 Who Are We? Background and Credentials

Executive Forum Where/When Session 1 Introductions 2 Who Are We? Background and Credentials 3 Housekeeping Seeing? Hearing? Beepers & cell phones off or mute Restrooms Emergency exits Workbooks

729 views • 71 slides

More recommend