Models of Models: Digital Forensics and Domain-Specific Languages

Slides:



Advertisements
Similar presentations
Identifying and Responding to Security Incidents in the Law Firm
Advertisements

Network Systems Sales LLC
Lecture slides for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 9 “Firewalls and Intrusion Prevention.
4.1.5 System Management Background What is in System Management Resource control and scheduling Booting, reconfiguration, defining limits for resource.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
COS/PSA 413 Day 3. Agenda Questions? Blackboard access? Assignment 1 due September 3:35PM –Hands-On Project 1-2 and 2-2 on page 26 of the text Finish.
Network Access Management Trends in IT Applications for Management Prepared by: Ahmed Ibrahim S
Recovering and Examining Computer Forensic Evidence Noblett, Pollit, & Presley Forensic Science Communications October 2000 (Cited by 13 according to Google.
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.
Introduction to Computer Forensics Fall Computer Crime Computer crime is any criminal offense, activity or issue that involves computers (
Cloud Computing How secure is it? Author: Marziyeh Arabnejad Revised/Edited: James Childress April 2014 Tandy School of Computer Science.
COEN 152 Computer Forensics Introduction to Computer Forensics.
Securing Information Systems
1 Group-IB: Digital investigations and forensic Ilya Sachkov Group-IB
MANAGEMENT INFORMATION SYSTEMS Data Raw facts and figures. Information Knowledge gained from processing data. Management information system (MIS) Organized.
PROCESS OF CONDUCTING A DOS/IDS INCIDENT ANALYSIS
What is FORENSICS? Why do we need Network Forensics?
Security in Practice Enterprise Security. Business Continuity Ability of an organization to maintain its operations and services in the face of a disruptive.
M2M Connecting Real-World Things with Cloud Computing T. Osawa 1IoT+Cloud.
IT Terminology Quiz VSB 1002: Business Dynamics II Spring 2009.
Wireless Network Security. What is a Wireless Network Wireless networks serve as the transport mechanism between devices and among devices and the traditional.
Asset & Security Management Chapter 9. IT Asset Management (ITAM) Is the process of tracking information about technology assets through the entire asset.
Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin Business Plug-In B6 Information Security.
Suntisak Thammavongsa Bachelor of IT (Honours) Supervised by Dr Raymond Choo University of South Australia Investigating a Private Ubuntu Enterprise.
Models of Models: Digital Forensics and Domain-Specific Languages Daniel A. Ray and Phillip G. Bradford The University of Alabama Tuscaloosa, AL
Intrusion Detection Prepared by: Mohammed Hussein Supervised by: Dr. Lo’ai Tawalbeh NYIT- winter 2007.
Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #8 Computer Forensics Data Recovery and Evidence Collection September.
1 IT Investigative Tools Tools and Services for the Forensic Auditor.
The Data Ring: Community Content Sharing Serge Abiteboul (INRIA) Alkis Polyzotis (UC Santa Cruz)
CLOUD COMPUTING Overview on cloud computing. Cloud vendors. Cloud computing is a type of internet based computing where we use a network of remote servers.
Toward Generic Systems Shifra Haar - Central Bureau of Statistics-Israel.
1 Implementing Monitoring and Reporting. 2 Why Should Implement Monitoring? One of the biggest complaints we hear about firewall products from almost.
Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #4 Data Acquisition September 8, 2008.
Note1 (Admi1) Overview of administering security.
Research Interest overview and future directions Mina Guirguis Computer Science Department Texas State University – San Marcos CS5300 9/16/2011.
Knowing What You Missed Forensic Techniques for Investigating Network Traffic.
Ali Alhamdan, PhD National Information Center Ministry of Interior
Chapter 2 Understanding Computer Investigations Guide to Computer Forensics and Investigations Fourth Edition.
Chapter 2 Securing Network Server and User Workstations.
Company small business cloud solution Client UNIVERSITY OF BEDFORDSHIRE.
 Forensics  Application of scientific knowledge to a problem  Computer Forensics  Application of the scientific method in reconstructing a sequence.
Computer Forensics Presented By:  Anam Sattar  Anum Ijaz  Tayyaba Shaffqat  Daniyal Qadeer Butt  Usman Rashid.
Module 12: Responding to Security Incidents. Overview Introduction to Auditing and Incident Response Designing an Audit Policy Designing an Incident Response.
IS3220 Information Technology Infrastructure Security
Digital Forensics Market Analysis: By Forensic Tools; By Application (Network Forensics, Mobile Forensics, Database Forensics, Computer Forensics) - Forecast.
Computer Forensics. OVERVIEW OF SEMINAR Introduction Introduction Defining Cyber Crime Defining Cyber Crime Cyber Crime Cyber Crime Cyber Crime As Global.
Introduction to Computer Forensics Fall Computer Crime Computer crime is any criminal offense, activity or issue that involves computers (
CHAP 6 – COMPUTER FORENSIC ANALYSIS. 2 Objectives Of Analysis Process During Investigation: The purpose of this process is to discover and recover evidences.
INF526: Secure Systems Administration Student Presentations And Review for Final Prof. Clifford Neuman Lecture July 2016 OHE100C.
Clouding with Microsoft Azure
MANAGEMENT of INFORMATION SECURITY, Fifth Edition
Securing Information Systems
Information Technology Acceptable Use An Overview
PhD Oral Exam Presentation
(A CORPORATE NETWORK APPROACH)
Joseph JaJa, Mike Smorul, and Sangchul Song
Securing Information Systems
Chapter 7 Connecting to the Internet
Introduction to Computer Forensics
11/17/2018 9:32 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
CHFI & Digital Forensics [Part.1] - Basics & FTK Imager
FILE CARVING: Reassembling files from fragments of bytes/hex data on a digital device.
FILE CARVING: Reassembling files from fragments of bytes/hex data on a digital device.
INFORMATION SYSTEMS SECURITY and CONTROL
Digital Forensics Chris Rozic.
BACHELOR’S THESIS DEFENSE
BACHELOR’S THESIS DEFENSE
BACHELOR’S THESIS DEFENSE
Overview of Computer system
Presentation transcript:

Models of Models: Digital Forensics and Domain-Specific Languages Daniel A. Ray and Phillip G. Bradford The University of Alabama Tuscaloosa, AL DanielRay@cs.ua.edu, pgb@cs.ua.edu

Outline Summary Motivation Models for Digital Forensics Proactive Forensics Sequential Statistics Models for Digital Forensics Different from Classical Forensics Some Digital Forensics Models Leverage Computer Science Domain Specific Languages Conclusions

Summary Modeling the investigative process Different investigation processes for different incidents Classical forensics: different tools and procedures for different incidents Digital forensics: different tools and procedures for different incidents Final objective: make the criminal case obvious to a lay-person Depends on the method and procedure of the model A failure on evidence gathering may damage or destroy the case

Motivation: Classical & Digital Forensics Computer Security is often preventative Focus on preventative measures IDS--anomaly detection may be proactive Classical Forensics is reactive Post-mortem Digital forensics is reactive A lot of focus on file recovery from disks Generally reactive Digital Forensics has opportunity to be proactive Proactive Forensics! Online Monitoring stakeholders…

Motivation: Proactive Computer-System Forensics System structuring and augmentation for Automated data discovery Lead formation Efficient data preservation Make these issues proactive How? Challenges System resources Exposure Double edged sword…

Proactive Computer-System Forensics What data should we capture? Different crimes may require different investigative procedures Static: when and where illicit data was placed on a disk Dynamic: what system states do we document when there is an intrusion? What is being written to logs or disks? Which programs are being run? Where is the smoking-gun? Depending on the nature of our online investigation, we may need to secure evidence in several different models

Crime Types Computer Assisted Crimes Computer Enabled crimes Focus: Computers provide basic help in criminal activity Computer Enabled crimes Computers are a Primary focus on criminal activity Focus: Dynamic: computer enabled crimes Range from viruses to spam to sophisticated attacks Static: Computer Assisted Crimes Stolen data, spreadsheets to compute illicit gains, etc.

Variations on Digital Equipment and Software Mobility & wireless Cell phones, PDAs, Laptops, etc. Enterprise Level Systems Database systems, dynamic Internet sites, large proprietary systems, Distributed systems Virtual private networks, network file systems, user mobility, distributed computation, etc.

Gathering Statistics for Proactive Forensics Running sequential statistical procedures What data to save? The data we need may change as things progress Proactive not reactive How much data do we save? How costly?

The DFRWS Model http://www.dfrws.org/2001/dfrws-rm-final.pdf

Ciardhuain Model by S. O. Ciardhuain Extends DRFWS Model by working on information flows Class-based model Authorization activity Planning activity Notification activity Hypothesis activity etc. An augmented “waterfall model” supports iterative backtracking between consecutive activities models information flows Feedback critique

Mobile Forensics Platform (MFP) by F. Adelstein To remotely perform early investigations into mobile incidents Analyze a live running (mobile) machine Maintains original evidence which is verifiable by a cryptographic hash Connect to same LAN as the suspect machine

DSLs DSLs are, “. . . languages tailored to a specific application domain” Mernik, Heering, and Sloane Most Digital Forensics Models Have a good deal in common Evidence verification and storage Flow of investigation Pulling together data storage, data modeling and authentication-verification Combining other DSLs: XML, UML, DB Blobs, etc.

DSLs May be fairly complex to build a single DSL However, worth investigating Must be a very trusted language Numerous cases may depend on the trust-level of the language Move from “best practices” to more formal “programming patterns for digital forensics”

Conclusions Digital forensics is complex Digital Forensics Models are complex Static and Dynamic There may be a need to automatically choose from a diversity of digital forensics models A programming language

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.