Nadir Hajiyani NADIR HAJIYANI CSC 253 OCFA. Agenda What Who Specification Architecture - How Snapshots Help Open Source Disadvantages Advantages References.

Slides:

Advertisements

Similar presentations

EasyDirector® Simplifying the way you manage your business... Full-Featured Contact & Customer Relationship Management Tool Prepared by AITechConsulting.

Advertisements

EIONET Training Beginners Zope Course Miruna Bădescu Finsiel Romania Copenhagen, 27 October 2003.

DIGIDOC A web based tool to Manage Documents. System Overview DigiDoc is a web-based customizable, integrated solution for Business Process Management.

Classification & Your Intranet: From Chaos to Control Susan Stearns Inmagic, Inc. E-Libraries E204 May, 2003.

Welcome to Middleware Joseph Amrithraj

Copyright Hub Software Engineering Ltd 2010All rights reserved Hub Document Manager Product Overview.

XProtect ® Professional Efficient solutions for mid-sized installations.

Pentaho Open Source BI Goldwin. Pentaho Overview Pentaho is the commercial open source software for Business Pentaho is the commercial open source software.

© Copyright 2012 STI INNSBRUCK Apache Lucene Ioan Toma based on slides from Aaron Bannert

Forschungszentrum Karlsruhe in der Helmholtz-Gemeinschaft Wofgang Thöne, Institute For Scientific Computing – EGEE-Meeting August 2004 Welcome to the User.

Albrecht, Albrecht, Albrecht, Zimbelman © 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except.

A Comprehensive Web Application Development and Deployment Platform.

IBM SPSS Solutions A SELECT INTERNATIONAL COMPANY.

ARCHIMÈDE Presented by Guy Teasdale Directeur, Services soutien et développement Bibliothèque de l’Université Laval CARL Workshop on Institutional Repositories.

Using R as enterprise-wide data analysis platform Zivan Karaman.

Red Hat Linux Network. Red Hat Network Red Hat Network is the environment for system- level support and management of Red Hat Linux networks. Red Hat.

Copyright © 2009 Pearson Education, Inc. Publishing as Prentice Hall Essentials of Systems Analysis and Design Fourth Edition Joseph S. Valacich Joey F.

Technical Tips and Tricks for User Support Mike Gardner

COS/PSA 413 Day 17. Agenda Lab 8 write-up grades –3 B’s, 1 C and 1 F –Answer the Questions!!! Capstone progress report 2 overdue Today we will be discussing.

Chapter 9: Moving to Design

Make your messaging reliable use it Messaging. A single and global solution Send, receive and process any type of message through the appropriate channel.

Welcome! Chicago Seminar Anton Hristov Sitefinity Product Strategy & Learn more at sitefinity.com Content Management System.

Maintain and Modify By: Sahar Aftab (1253 ) and Mehboob Nazim (1085) Central Library.

Mobile Agents for Integrating Cloud-Based Business Processes with On-Premises Systems and Devices Janis Grundspenkis Antons Mislēvičs Department of Systems.

Section 6.1 Explain the development of operating systems Differentiate between operating systems Section 6.2 Demonstrate knowledge of basic GUI components.

What is Business Intelligence? Business intelligence (BI) –Range of applications, practices, and technologies for the extraction, translation, integration,

OpenAlea An OpenSource platform for plant modeling C. Pradal, S. Dufour-Kowalski, F. Boudon, C. Fournier, C. Godin.

The solution for Marketing safe brand designing & flexible marketing Why MarketingOne? What is MarketingOne? A modular platform for coordination of several.

1 The Software Development Process  Systems analysis  Systems design  Implementation  Testing  Documentation  Evaluation  Maintenance.

BLU-ICE and the Distributed Control System Constraints for Software Development Strategies Timothy M. McPhillips Stanford Synchrotron Radiation Laboratory.

Microsoft SharePoint Server 2010 for the Microsoft ASP.NET Developer Yaroslav Pentsarskyy

Unit – I CLIENT / SERVER ARCHITECTURE. Unit Structure  Evolution of Client/Server Architecture  Client/Server Model  Characteristics of Client/Server.

Guide to Linux Installation and Administration, 2e1 Chapter 7 The Role of the System Administrator.

Computer Emergency Notification System (CENS)

NICM National Conference Feb,2009 Open Source Resource for Library and Information Centre for their Service by Goutam Biswas and Dr. Dibyendu Paul.

Technology in Computer Forensics  Alicia Castro  Thesis Defense  Master of Software Engineering  Department of Computer Science  University of Colorado,

Document Clustering for Forensic Analysis: An Approach for Improving Computer Inspection.

9 Systems Analysis and Design in a Changing World, Fourth Edition.

NA-MIC National Alliance for Medical Image Computing UCSD: Engineering Core 2 Portal and Grid Infrastructure.

9 Systems Analysis and Design in a Changing World, Fourth Edition.

By N.Gopinath AP/CSE. There are 5 categories of Decision support tools, They are; 1. Reporting 2. Managed Query 3. Executive Information Systems 4. OLAP.

In the Labs… X-Bot 2003 by Overtech Technologies.

Nikola Tesla Museum Clipping Library Saša Malkov Nenad Mitić Žarko Mijajlović 3 rd SEEDI Int.Conf. Cetinje, Montenegro 14. September 2007.

Social Network Forensic By Xing Liu CSC153 Spring 2009.

ClearQuest XML Server with ClearCase Integration Northwest Rational User’s Group February 22, 2007 Frank Scholz Casey Stewart

Foundations of Information Systems in Business. System ® System  A system is an interrelated set of business procedures used within one business unit.

Linux Operations and Administration

1 The Software Development Process ► Systems analysis ► Systems design ► Implementation ► Testing ► Documentation ► Evaluation ► Maintenance.

Collaborative Development Services Learning From the Open Source Agile Development Process Richard Kilmer, InfoEther LLC.

Axis AI Solves Challenges of Complex Data Extraction and Document Classification through Advanced Natural Language Processing and Machine Learning MICROSOFT.

Digital Archives You Can Do It! The Collective - March 2016 Paul Kelly - Digital Archivist - The Catholic University of America.

Built on the Powerful Microsoft Azure Platform, Forensic Advantage Helps Public Safety and National Security Agencies Collect, Analyze, Report, and Distribute.

ABCD VS KOHA ; THE ARCHITECTURE AND FUNCTIONALITIES OF SELECTED MODULES. by Joel Nakitare.

DreamFactory for Microsoft Azure Is an Open Source REST API Platform That Enables Mobilization of Data in Minutes across Frameworks and Storage Methods.

7/8/2016 OAF Jean-Jacques Gras Stephen Jackson Blazej Kolad 1.

Leverage Big Data With Hadoop Analytics Presentation by Ravi Namboori Visit

Information Systems and Technologies in Organizations.

IBM Workload Scheduler 2015 Take the Complexity Out of Workload Automation, while Keeping the Technology Up-to-Date IEM fixlets and Centralized Agent Update.

Turn Content into Insight

THE ARCHITECTURE AND FUNCTIONALITIES OF SELECTED MODULES.

The Improvement of PaaS Platform ZENG Shu-Qing, Xu Jie-Bin 2010 First International Conference on Networking and Distributed Computing SQUARE.

Knut Kröger & Reiner Creutzburg

Database Testing in Azure Cloud

Systems Engineering Tool for Intelligent Transportation

Module 01 ETICS Overview ETICS Online Tutorials

Dynamics 365 Platform Advantages for IT Hubdrive.com.

Computer Forensics Lab 1 INFORMATION TECHNOLOGY DEPARTMENT LEBANESE FRENCH UNIVERSITY (LFU) COURSE CODE: IT402CF 1.

SOFTWARE DEVELOPMENT LIFE CYCLE

Presentation transcript:

Nadir Hajiyani NADIR HAJIYANI CSC 253 OCFA

Agenda What Who Specification Architecture - How Snapshots Help Open Source Disadvantages Advantages References

What is OCFA? Open Computer Forensics Architecture Modular Framework Goal:-Automate the digital forensic process Direct access to seized data Forensics on highly large and complex systems Allows researchers to conduct searches TO find key evidence and testimony

Who ? The Man Dutch National police of the Netherlands KLPD- Korps Landelijke Politiediensten(KLPD) OCFA-Open source tool for professional criminal investigators. The Man:- Jochen Van Der Wal (KLPD) Existing forensic tools and libraries First Step Specialist extract evidence Second Step:-Investigators use simple web interface.

Technical Specifications Installable OCFA package exist for Debian, UBUNTU, SUSE. Folder include RPMS or DEB’s Number of additional packages and installation guides. Lots to install in Linux environment. You better know some commands. “Oh jump off the Windows”

Technical Specifications(contd) Others:-Libpq5 libpg-perl postgresql, perl

The Digital Washing Machine The entire analysis process is viewed as Digital Data Wash(Digiwash) Roots from 'digitale wasstraat’ Bulk Evidence Automatic Analysis and Characterization of Files Digiwash-identify file types Index files Extract rawtext(antiword), covert pdf files(pdftotext) Extract mails(mailwash) Capturing info in PGP, mapping key ids in mail Group photos and thumbnails Integrate hash databases of known windows files Recursively analyses all the data

Architecture(Ahhhhh) Router- Central- Recursive File Processing Calls external software before return Relay handles communication and co-ordinates messaging Investigators run multiple instances-Distributed system Can use additional software packages if necessary Automates communication between investigator and experts

Snap Shots(Time To Peek)

Got some more help-SPSS Jochen van der Wal, technical engineer, said, "After implementing SPSS Text Mining software and deploying it to a crime case, we found an essential connection within just five minutes – which we couldn't have found in the past three months of investigations. The combination of the OCFA framework and SPSS text analysis functionality to analyze huge amounts of evidence allows us to gain rapid insights in unstructured data." SPSS –predictive analytics software and solutions Since 1968, 250,000 customers, 1200 employees in 60 countries Dutch police(KLPD ) uses the SPSS Text mining software To uncover hidden patterns and relations in text. Pulls key concepts from unstructured data and groups.

Open Development OcfaLib API:- C++ API Gain read access Use its own dir Derive Evidence Access meta data Example on the website Step by step procedure How to develop an Ocfa module to be used in Ocfa framework.

Disadvantages Takes forever to install and setup Complex and Time consuming Linux versions available in open source market Does not has a set community to help and support A lot of help and material is available in Dutch so keeps the average user away Being discussed and looked from a research point of view Has not delivered efficiently Very less to no support.

Advantages Good to interface with other software’s and library. User could develop their own modules using the API Does not have to wait for a patch and can mould as per situation Supports Encase and FTK multi part encase files Has a simple interface Supports large and complex forensic analysis projects. Stable Scalable Fault isolation Recoverable Portable Robust

Welcome to the Future(Star trek moment) Windows version:-Dutch Police have it for their internal use. Called Washbrush, analyses Outlook and its mailboxes. More OCFA modules to come Better interface The software will not be GPL’d but via NDA(Non _disclosure aagreement) Java API Perl API Other Projects- CarvPath project -Carving

My opinion Initial shock to find not much help Sourceforge demotivates Very less documentation Good specifications for Ubuntu Language problems Each module installation prompted for some dependency Seriously need a community How would it be proved in court Very powerful

References 1. OCFA: - ocfa.sourceforge.net 2. Dutch Police: - English/ 3. The Sleuth Kit: Other projects: - e

Thank You