Models of Models: Digital Forensics and Domain-Specific Languages Daniel A. Ray and Phillip G. Bradford The University of Alabama Tuscaloosa, AL

Slides:



Advertisements
Similar presentations
Network Systems Sales LLC
Advertisements

2  Industry trends and challenges  Windows Server 2012: Modern workstyle, enabled  Access from virtually anywhere, any device  Full Windows experience.
Windows Vista Serious Challenges for Digital Investigators Authors: Darren Hayes Shareq Qureshi Presented By: Prerna Gupta.
2 Language of Computer Crime Investigation
4.1.5 System Management Background What is in System Management Resource control and scheduling Booting, reconfiguration, defining limits for resource.
Chapter Extension 24 Computer Crime and Forensics © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.
Requirements Specification
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Tools and Services for the Long Term Preservation and Access of Digital Archives Joseph JaJa, Mike Smorul, and Sangchul Song Institute for Advanced Computer.
COS/PSA 413 Day 3. Agenda Questions? Blackboard access? Assignment 1 due September 3:35PM –Hands-On Project 1-2 and 2-2 on page 26 of the text Finish.
Network Access Management Trends in IT Applications for Management Prepared by: Ahmed Ibrahim S
Nadine Malone. Blogs A Blog is a website where entries are written in chronological order and commonly displayed in reverse chronological order. "Blog"
Recovering and Examining Computer Forensic Evidence Noblett, Pollit, & Presley Forensic Science Communications October 2000 (Cited by 13 according to Google.
Introduction to Computer Forensics Fall Computer Crime Computer crime is any criminal offense, activity or issue that involves computers (
By Drudeisha Madhub Data Protection Commissioner Date:
Students: Nadia Goshmir, Yulia Koretsky Supervisor: Shai Rozenrauch Industrial Project Advanced Tool for Automatic Testing Final Presentation.
COEN 152 Computer Forensics Introduction to Computer Forensics.
1 Group-IB: Digital investigations and forensic Ilya Sachkov Group-IB
A summary of the report written by W. Alink, R.A.F. Bhoedjang, P.A. Boncz, and A.P. de Vries.
MANAGEMENT INFORMATION SYSTEMS Data Raw facts and figures. Information Knowledge gained from processing data. Management information system (MIS) Organized.
Licitware a forensic software tool designed to investigate computer crimes.
What is FORENSICS? Why do we need Network Forensics?
Security in Practice Enterprise Security. Business Continuity Ability of an organization to maintain its operations and services in the face of a disruptive.
M2M Connecting Real-World Things with Cloud Computing T. Osawa 1IoT+Cloud.
IT Terminology Quiz VSB 1002: Business Dynamics II Spring 2009.
Wireless Network Security. What is a Wireless Network Wireless networks serve as the transport mechanism between devices and among devices and the traditional.
Asset & Security Management Chapter 9. IT Asset Management (ITAM) Is the process of tracking information about technology assets through the entire asset.
Chapter 7 Connecting to the Internet. Connecting to the Internet FAQs: – What is the Internet? – What are the options for Internet service? – What is.
Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin Business Plug-In B6 Information Security.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
Suntisak Thammavongsa Bachelor of IT (Honours) Supervised by Dr Raymond Choo University of South Australia Investigating a Private Ubuntu Enterprise.
Intrusion Detection Prepared by: Mohammed Hussein Supervised by: Dr. Lo’ai Tawalbeh NYIT- winter 2007.
Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #8 Computer Forensics Data Recovery and Evidence Collection September.
1 IT Investigative Tools Tools and Services for the Forensic Auditor.
Chapter 4 Copyright © 2011 by Nelson Education Ltd. 1 Prepared by Norm Althouse University of Calgary Prepared by Norm Althouse University of Calgary.
The Data Ring: Community Content Sharing Serge Abiteboul (INRIA) Alkis Polyzotis (UC Santa Cruz)
Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.
CLOUD COMPUTING Overview on cloud computing. Cloud vendors. Cloud computing is a type of internet based computing where we use a network of remote servers.
Toward Generic Systems Shifra Haar - Central Bureau of Statistics-Israel.
Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #4 Data Acquisition September 8, 2008.
Note1 (Admi1) Overview of administering security.
Chapter 7 Connecting to the Internet. 2Practical PC 5 th Edition Chapter 7 Getting Started In this Chapter, you will learn: − What is the Internet − Options.
Research Interest overview and future directions Mina Guirguis Computer Science Department Texas State University – San Marcos CS5300 9/16/2011.
Knowing What You Missed Forensic Techniques for Investigating Network Traffic.
Computers Computer & Internet Security How Computer Forensics Works What is the Year 2038 problem? Could hackers devastate the U.S. economy?
Business Data Communications, Fourth Edition Chapter 11: Network Management.
Ali Alhamdan, PhD National Information Center Ministry of Interior
Chapter 2 Understanding Computer Investigations Guide to Computer Forensics and Investigations Fourth Edition.
Company small business cloud solution Client UNIVERSITY OF BEDFORDSHIRE.
 Forensics  Application of scientific knowledge to a problem  Computer Forensics  Application of the scientific method in reconstructing a sequence.
Computer Forensics Presented By:  Anam Sattar  Anum Ijaz  Tayyaba Shaffqat  Daniyal Qadeer Butt  Usman Rashid.
E NGINEERING STUDIES IN T ELECOMMUNICATIONS S ECURITY School of Communication Engineering.
Module 12: Responding to Security Incidents. Overview Introduction to Auditing and Incident Response Designing an Audit Policy Designing an Incident Response.
Security and Ethics Safeguards and Codes of Conduct.
2005 Digital Forensic Research Workshop (DFRWS) New Orleans, LA Automatically Creating Realistic Targets for Digital Forensics Investigation  Frank Adelstein.
IS3220 Information Technology Infrastructure Security
By: Jeremy Henry. Road Map  What is a cybercrime?  Statistics.  Tools used by an investigator.  Techniques and procedures used.  Specific case.
Digital Forensics Market Analysis: By Forensic Tools; By Application (Network Forensics, Mobile Forensics, Database Forensics, Computer Forensics) - Forecast.
Copyright 2006 Intelligent Enterprise, Inc. 1 5 Easy Ways to Save $$$ With Technology -or- How to Immediately Improve Your Bottom Line.
Computer Forensics. OVERVIEW OF SEMINAR Introduction Introduction Defining Cyber Crime Defining Cyber Crime Cyber Crime Cyber Crime Cyber Crime As Global.
Introduction to Computer Forensics Fall Computer Crime Computer crime is any criminal offense, activity or issue that involves computers (
Models of Models: Digital Forensics and Domain-Specific Languages
PhD Oral Exam Presentation
Discovering Computers 2010: Living in a Digital World Chapter 14
Securing Information Systems
Introduction to Computer Forensics
CHFI & Digital Forensics [Part.1] - Basics & FTK Imager
FILE CARVING: Reassembling files from fragments of bytes/hex data on a digital device.
Digital Forensics Chris Rozic.
Overview of Computer system
Presentation transcript:

Models of Models: Digital Forensics and Domain-Specific Languages Daniel A. Ray and Phillip G. Bradford The University of Alabama Tuscaloosa, AL

Outline  Summary  Motivation –Proactive Forensics –Sequential Statistics  Models for Digital Forensics –Different from Classical Forensics –Some Digital Forensics Models –Leverage Computer Science  Domain Specific Languages  Conclusions

Summary  Modeling the investigative process –Different investigation processes for different incidents  Classical forensics: different tools and procedures for different incidents  Digital forensics: different tools and procedures for different incidents  Final objective: make the criminal case obvious to a lay-person –Depends on the method and procedure of the model  A failure on evidence gathering may damage or destroy the case

Motivation: Classical & Digital Forensics  Computer Security is often preventative –Focus on preventative measures  IDS--anomaly detection may be proactive  Classical Forensics is reactive –Post-mortem  Digital forensics is reactive –A lot of focus on file recovery from disks –Generally reactive –Digital Forensics has opportunity to be proactive  Proactive Forensics! –Online Monitoring stakeholders…

Motivation: Proactive Computer-System Forensics  System structuring and augmentation for –Automated data discovery –Lead formation –Efficient data preservation  Make these issues proactive –How?  Challenges –System resources –Exposure  Double edged sword…

Proactive Computer-System Forensics  What data should we capture? –Different crimes may require different investigative procedures  Static: when and where illicit data was placed on a disk  Dynamic: what system states do we document when there is an intrusion? –What is being written to logs or disks? Which programs are being run? Where is the smoking-gun? –Depending on the nature of our online investigation, we may need to secure evidence in several different models

Crime Types  Computer Assisted Crimes –Computers provide basic help in criminal activity  Computer Enabled crimes –Computers are a Primary focus on criminal activity  Focus: –Dynamic: computer enabled crimes  Range from viruses to spam to sophisticated attacks –Static: Computer Assisted Crimes  Stolen data, spreadsheets to compute illicit gains, etc.

Variations on Digital Equipment and Software  Mobility & wireless –Cell phones, PDAs, Laptops, etc.  Enterprise Level Systems –Database systems, dynamic Internet sites, large proprietary systems,  Distributed systems –Virtual private networks, network file systems, user mobility, distributed computation, etc.

Gathering Statistics for Proactive Forensics  Running sequential statistical procedures –What data to save?  The data we need may change as things progress –Proactive not reactive –How much data do we save? –How costly?

The DFRWS Model

Ciardhuain Model by S. O. Ciardhuain  Extends DRFWS Model by working on  Extends DRFWS Model by working on information flows   Class-based model – –Authorization activity – –Planning activity – –Notification activity – –Hypothesis activity – –etc.   An augmented “waterfall model” – –supports iterative backtracking between consecutive activities – –models information flows – –Feedback critique

Mobile Forensics Platform (MFP) by F. Adelstein   To remotely perform early investigations into mobile incidents   Analyze a live running (mobile) machine   Maintains original evidence which is verifiable by a cryptographic hash   Connect to same LAN as the suspect machine

DSLs   DSLs are, “... languages tailored to a specific application domain” Mernik, Heering, and Sloane  Most Digital Forensics Models – Have a good deal in common  Evidence verification and storage  Flow of investigation  Pulling together data storage, data modeling and authentication-verification –Combining other DSLs: XML, UML, DB Blobs, etc.

DSLs  May be fairly complex to build a single DSL –However, worth investigating  Must be a very trusted language –Numerous cases may depend on the trust-level of the language  Move from “best practices” to more formal “programming patterns for digital forensics”

Conclusions  Digital forensics is complex –Digital Forensics Models are complex  Static and Dynamic  There may be a need to automatically choose from a diversity of digital forensics models –A programming language

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.