Triage and Analysing Large Numbers of Files Michael Jones.

Slides:



Advertisements
Similar presentations
Automatic Finger Print Identification System with Multi biometric Options A smart presentation On AFIS System.
Advertisements

MSc in Business Information Technology
We’ve got what it takes to take what you got! NETWORK FORENSICS.
Computer Science and Computer Engineering. parts of the computer.
Guide to Computer Forensics and Investigations, Second Edition
DoD Information Technology Security Certification and Accreditation Process (DITSCAP) Phase III – Validation Thomas Howard Chris Pierce.
Guide to Computer Forensics and Investigations Fourth Edition
GIS Overview. What is GIS? GIS is an information system that allows for capture, storage, retrieval, analysis and display of spatial data.
Network+ Guide to Networks, Fourth Edition Chapter 1 An Introduction to Networking.
Bar|Scan ® Asset Inventory System The leader in asset and inventory management.
Confidential and proprietary material for authorized Verizon Business personnel only. Use, disclosure or distribution of this material is not permitted.
COEN 252 Computer Forensics
CYBER FORENSICS PRESENTER: JACO VENTER. CYBER FORENSICS - AGENDA Dealing with electronic evidence – Non or Cyber Experts Forensic Imaging / Forensic Application.
Solution Overview for NIPDEC- CDAP July 15, 2005.
Unit 30 P1 – Hardware & Software Required For Use In Digital Graphics
1 Group-IB: Digital investigations and forensic Ilya Sachkov Group-IB
By Anthony W. Hill & Course Technology 1 User Support Management Beisse.
ISMS for Mobile Devices Page 1 ISO/IEC Information Security Management System (ISMS) for Mobile Devices Why apply ISMS to Mobile Devices? Overview.
Defining Digital Forensic Examination & Analysis Tools Brian Carrier.
Dr Richard Overill Department of Informatics King’s College London Cyber Sleuthing or the Art of the Digital Detective.
Objectives Overview Identify the qualities of valuable information Describe various information systems used in an enterprise Identify the components of.
Chapter 1: Accounting Information Systems and the Accountant
Digital Imaging Services Digital Imaging Services – We take information from any format (i.e. Paper, Microfilm, Microfiche, Digital, etc.) and move it.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
Models of Models: Digital Forensics and Domain-Specific Languages Daniel A. Ray and Phillip G. Bradford The University of Alabama Tuscaloosa, AL
Dematerialized Pharmaceutical Prescriptions Andrzej P.Urbański Institute of Computer Science Poznań University of Technology Poland in (Mobile) Internet.
Big Data Bijan Barikbin Denisa Teme Matthew Joseph.
UNSD Census Workshop Day 2 - Session 7 Data Capture: Intelligent Character Recognition Andy Tye – International Manager DRS are Worldwide specialists in.
{ Cloud computing. Exciting and relatively new technologies allow computing to be a part of our everyday lives. Cloud computing allows users to save their.
Company small business cloud solution Client UNIVERSITY OF BEDFORDSHIRE.
SMARTPHONE FORENSICS 101 General Overview of Smartphone Investigations.
CJ 317 – Computer Forensics
Module 13: Monitoring Resources and Performance. Overview Using Task Manager to Monitor System Performance Using Performance and Maintenance Tools to.
Installation and Maintenance of Health IT Systems Unit 8a Troubleshooting; Maintenance and Upgrades; and Interaction with Vendors, Developers, and Users.
Cybercrime Courses 1.Child Protection Software 2.Forensic Scan 3.Internet For Investigators 1.Intelligence Gathering On The Internet (Open Source) 1.Covert.
AccessData User Summit 2016 April 5 th – 7 th, 2016 Lake Mary, FL The Pros and Cons of JTAG and Chip Off Extractions.
Mobile Phone Forensics Michael Jones. Overview Mobile phones in crime The mobile phone system Components of a mobile phone The challenge of forensics.
Forensic Investigation Techniques Michael Jones. Overview Purpose People Processes Michael Jones2Digital Forensic Investigations.
PartII. Key M&E requirements:  Specification of information requirements  What exactly do the decision makers want to know about the project?  For.
Cell Phone Forensics Investigator - ICFECI
MULTI-MEDIA LO1 – THIS IS FOR INFORMATION ONLY NOT TO BE COPIED.
Computer Forensics. OVERVIEW OF SEMINAR Introduction Introduction Defining Cyber Crime Defining Cyber Crime Cyber Crime Cyber Crime Cyber Crime As Global.
Component 8/Unit 1bHealth IT Workforce Curriculum Version 1.0 Fall Installation and Maintenance of Health IT Systems Unit 1b Elements of a Typical.
Computer Security and the “H” word Glen Klinkhart, CEO Mike Messick, CTO.
MCSA Windows Server 2012 Pass Upgrading Your Skills to MCSA Windows Server 2012 Exam By The Help Of Exams4Sure Get Complete File From
Forensic Investigation Techniques Michael Jones. Overview Purpose People Processes Michael JonesDigital Forensic Investigations2.
Digital Forensics Anthony Lawrence. Overview Digital forensics is a branch of forensics focusing on investigating electronic devises. Important in for.
NOTE: To change the image on this slide, select the picture and delete it. Then click the Pictures icon in the placeholder to insert your own image. CLOUD.
Module 9 – Storing Information Training Materials on the International Protocol © Institute for International Criminal Investigations 2015 INTERNATIONAL.
Criticality of Monitoring in Digital World Ananth Kumar Mysore Subbarao 24 July 2016 presentation at 19 th Conference of ISACA Bangalore
Analysing Image Files Michael Jones. Overview Images and images Binary, octal, hexadecimal File headers and footers Example (image) files Looking for.
Models of Models: Digital Forensics and Domain-Specific Languages
Identify internal hardware devices (e. g
Unit 2 Technology Systems
8 Principles of Effective Documentation.
INFORMATION TECHNOLOGY NEW USER ORIENTATION
Operating Systems & System Software
UNSD Census Workshop Data Capture: Intelligent Character Recognition
Principles of Effective Documentation
Computer Security Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
Introduction to Cloud Computing
Module 1.1 Introduction to computers
Business Communication Dr. Aravind Banakar –
Business Communication
Business Communication
HP Printer Customer Support. In today’s technology era, we are surrounded with lots of devices/gadgets which we use in our day to day life. Now, we are.
©2011 Eoghan Casey. Published by Elsevier Inc. All rights reserved.
Forensics Week 6.
Exam Information CSI5107 Network Security.
Challenges and Successes in the Zambian ICT Security Sector
Presentation transcript:

Triage and Analysing Large Numbers of Files Michael Jones

The Challenges of Digital Forensics Main issues: – Limitations of current forensic software tools – Proliferation of hardware – The cloud – Proliferation of software – People Michael JonesTriage and Analysing Large Numbers of Files2

Limitations of Forensics Tools Current forensics tools: – Are ‘evidence oriented’ – Garfinkel 2010 Available at: – Designed for paedophile cases not for hacking incidents – Objective: completeness rather than speed – Cross-case analysis not possible due to risk of contamination Michael JonesTriage and Analysing Large Numbers of Files3

Advances in Hardware More devices – Phones, tablet, SD cards, printers, wearable computers? More storage – Including network devices More networking Hardware encryption – Or through software Michael JonesTriage and Analysing Large Numbers of Files4

Software Developments Apps – Large number and growing – Potential for proprietary file formats – Most common apps already handled: Facebook, Twitter, etc. Michael JonesTriage and Analysing Large Numbers of Files5

People Limited number of certified people Cost of certification, training Cost of investigations and prosecutions – Forensic personnel – Equipment – Others: CPS, police, judge, etc. Michael JonesTriage and Analysing Large Numbers of Files6

Additional Issue: feinting Feint – Noun A deceptive or pretended blow, thrust, or other movement, especially in boxing or fencing. – Verb Make a deceptive or distracting movement, typically during a fight. Example: – A paedophile might place some ‘low-level’ images in an easy to reach location Michael JonesTriage and Analysing Large Numbers of Files7

Responses Many of these issues are difficult to address Pre-emptive action: lowering the bar – More draconian usage agreements Constant monitoring – E.g., ‘listening to the network’ Triage Michael JonesTriage and Analysing Large Numbers of Files8

Triage Definitions: – Noun The action of sorting according to quality. – Verb Assign degrees of urgency to (wounded or ill patients). In digital forensics – Used to prioritise activities E.g., in a live capture or where large storage is included Michael Jones9Triage and Analysing Large Numbers of Files

Scenario There is a suspicion of fraud being conducted in a small office within a larger building. – Many computers may be involved – Other devices? What will be priorities be? – ‘pull the plug’ – What to look at first? Michael JonesTriage and Analysing Large Numbers of Files10

Triage Process E.g., Rogers et al. Available at: dServices/index.php?main_page=document_g eneral_info&cPath=11&products_id=228 dServices/index.php?main_page=document_g eneral_info&cPath=11&products_id=228 Question: how to identify the priorities? – Answers linked to: Time available, staff skills and software available, crime being investigated Michael JonesTriage and Analysing Large Numbers of Files11

General Triage Priorities If crime involves mobility (e.g., drug dealer): – Priorities: small devices, phones – ISP – for call information If crime linked to fixed locations (e.g., fraud) – Consider live forensics And look for confessions – Or: software to scan and process large numbers of files Michael JonesTriage and Analysing Large Numbers of Files12

Analysing a Large Number of Files Multiple processes need to be applied – Identify file type – Extract metadata – Custom processing Tools: – Scripting – Bespoke software Michael JonesTriage and Analysing Large Numbers of Files13

Example: iterating through a directory To apply the same process to each file in a directory #!/bin/bash for file in /etc/* do echo ${file} done Michael JonesTriage and Analysing Large Numbers of Files14

Example: Using PHP <?php //exif.php $fromDir = $argv[1]; $toDir = $argv[2]; $entries = glob("$fromDir/*"); foreach ($entries as $entry){ $parts = explode($fromDir, $entry); $toFile = implode($toDir, $parts); $toFile.= '.txt'; exec("exiftool '$entry' > '$toFile'"); } ?> Usage: php exif.php physical/jpg analysis/jpg Michael JonesTriage and Analysing Large Numbers of Files15

Verification When writing (or using) scripts (or software) it is important to verify them Axiomatic verification – Assume that the script/software is forensically sound Inductive verification – Set up one or more experiments (to which the answers are known) and run the script/software Compare answer with the expected answer Formal verification – Using (formal) mathematics Michael JonesTriage and Analysing Large Numbers of Files16

Summary Processing a large number of files generally involves scripts or bespoke software These must be inductively verified using some test data There are risks: – That the software does not (always) perform as required – That the software performs additional actions that contaminate the results Michael JonesTriage and Analysing Large Numbers of Files17

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.