Digital Forensic: Brief Intro & Research Challenge
7 likes4,384 views
This document provides an overview of digital forensics. It discusses what digital forensics is, examples of cases, branches of digital forensics like disk, network, and mobile forensics. It also outlines the methodology, challenges, and tools used in digital forensics. Some challenges discussed include increasing device types and file formats, data volume, and limitations of current tools to keep up with evolving technology. The document concludes that digital forensics research faces many challenges and needs a clear research agenda to address issues like investigation time, cloud computing, and encryption.
![Methodology/2
●
●
●
3 standard methodologies & the detailed process varies
○ Basic Forensic Methodology
○ Cyber Tool Online Search For Evidence (CTOSE)
○ Data Recovery UK (DRUK)
the recommended methodology6 combines the practice from 3 standards
there are more than dozen DF frameworks
[6] Krishnun Sansurooah,Taxonomy of computer forensics methodologies and procedures for digital evidence seizure,
2006.](https://image.slidesharecdn.com/briefintroduction-140204011718-phpapp02/85/Digital-Forensic-Brief-Intro-Research-Challenge-9-320.jpg)
![References
[1] J. Sammons, Ed., “The Basics of Digital Forensics”. Boston: Syngress, 2012.
[2] S. L. Garfinkel, “Digital forensics research: The next 10 years,” Digital Investigation, vol. 7, Supplement, pp. S64–S73,
Aug. 2010.
[3] M. Al Fahdi, N. L. Clarke, and S. M. Furnell, “Challenges to digital forensics: A survey of researchers amp; practitioners
attitudes and opinions,” in Information Security for South Africa, 2013, 2013, pp. 1–8.
[4] E. S. Pilli, R. C. Joshi, and R. Niyogi, “Network forensic frameworks: Survey and research challenges,” Digital
Investigation, vol. 7, no. 1–2, pp. 14–27, Oct. 2010.
[5] Marcus K Rogers and Kate Seigfried, “The future of computer forensics: a needs analysis survey,” Computers &
Security, vol. 23, no. 1, pp. 12–16, Feb. 2004.
[6] Krishnun Sansurooah, “Taxonomy of computer forensics methodologies and procedures for digital evidence seizure”,
Australian Digital Forensics Conference,2006](https://image.slidesharecdn.com/briefintroduction-140204011718-phpapp02/85/Digital-Forensic-Brief-Intro-Research-Challenge-17-320.jpg)
Digital Forensic: Brief Intro & Research Challenge
- 1. Digital Forensic: Brief Intro & Research challenge Aung Thu Rha Hein (g5536871) 4th February 2014
- 2. Content ● ● ● ● ● ● ● ● ● What is Digital Forensic Examples Of DF Cases Digital Forensic Branches Use of Digital Forensic Methodology Tools Research Challenge Future Challenge Discussion & Conclusion
- 3. Digital Forensic ● preservation, identification, extraction,interpretation & documentation of computer evidence which can be used in the court of law. ● Goal: To explain the current state of digital artifact
- 4. Examples Of DF Cases August 6, 2009 DDoS attacks To Social Sites
- 5. Examples Of DF Cases/2 ● BTK Killer ○ serial killer arrested by investigating letters sent via floppy disk ● David Riley ○ Air Force Major sent images of child pornography over internet
- 6. Digital Forensic Branches ➔ ➔ ➔ ➔ ➔ Disk Forensic ◆ Flash, HDD, USB Device Network Forensic ◆ monitoring and analyzing network traffic Memory Forensic ◆ analysis of system dump Mobile Forensic ◆ acquire deleted or undeleted data Cloud Forensic ◆ forensic network analysis on Cloud computing architecture
- 7. Use of Digital Forensic ➔ Criminal Investigations ◆ Child Pornography,identify thief, e-Crimes ➔ Civil Litigation ◆ eDiscovery ➔ Intelligence ◆ Terrorist attacks
- 9. Methodology/2 ● ● ● 3 standard methodologies & the detailed process varies ○ Basic Forensic Methodology ○ Cyber Tool Online Search For Evidence (CTOSE) ○ Data Recovery UK (DRUK) the recommended methodology6 combines the practice from 3 standards there are more than dozen DF frameworks [6] Krishnun Sansurooah,Taxonomy of computer forensics methodologies and procedures for digital evidence seizure, 2006.
- 11. Digital Forensic Tools Tools Use Forensic Toolkit AccessData Group, LLC Multipurpose tool (acquisition,verification, searching, reporting, wiping, etc.) SMART & SMART for Linux ASR Data, Data Acquisition and Analysis, LLC Multipurpose tool (acquisition,verification, searching, reporting, wiping, etc.) Softblock, Macquisition, Blacklight BlackBag Multiple Macintosh forensic Technologies, Inc. tools Raptor Forward Discovery, Inc. Linux-based acquisition and preview tool
- 12. Research Challenges ● ● DF research is trending from 1997-2007 After 2007, Digital forensic meets with many challenges Characteristics comparison Era OS File Format Computing Architecture Storage Architecture Tools 1997-2007 Windows Dominance few file formats PC, Centralized standard cable interfaces commercial tools are working 2007- recent increasing OSs Various file formats Client/Server,Cloud Flash, Cloud Storage can’t catch up with req Other introduced issues: Storage Size, pervasive encryption, legal challenges
- 13. Research Challenges/2 ● ● ● ● ● Evidence-oriented design influences today’s DF research ○ find evidence instead of assisting investigation ○ not think of cyber-crime, i.e tools are not for hacking cases ○ not possible to perform short-time analysis ○ not capable of generating data from residual file Visibility,Filter,Report Model ○ data recover before making analysis ○ not possible to do parallel processing no standard for reverse engineering ‘application instead of tools’ concept by vendors lost academic research 2010,Digital forensics research: The next 10 years
- 14. Research Challenges/3 ● ● ● ● ● 2013 survey takes part in 4 categories: ○ Demographics, Forensic Capabilities, Future Challenge, Legislative Concerns more than 50%of participants: 3 years of DF experience Current DF tools & Capabilities: ○ Importance: more than 98% ranks as 4 out of 5 ○ Key Limitations: Data Volume, TIme, Tool Capability ○ Tool Capability: not clear result Technology that least concerns: malware, steganography 2013, Challenges to Digital Forensic
- 15. Future Challenge ● Challenge: Investigation & Analysis Time ● Mobile and Network Forensic will be trending ● anticipated future challenge: Cloud Computing, Anti-forensic, Encryption, Social Networking ● Should adopt standards for case data, data abstractions and composable models ● more data abstractions should create ● should standardise development diversity ● alternative analysis model: parallel processing, stochastic analysis ... ● doesn’t work in small-scale dataset ● standardized test data
- 16. Discussion & Conclusion ● ● ● ● The importance of DF DF has been in “Golden Age” and it is over encounters many research challenges needs a clear research plan/agenda Thank you... Questions?
- 17. References [1] J. Sammons, Ed., “The Basics of Digital Forensics”. Boston: Syngress, 2012. [2] S. L. Garfinkel, “Digital forensics research: The next 10 years,” Digital Investigation, vol. 7, Supplement, pp. S64–S73, Aug. 2010. [3] M. Al Fahdi, N. L. Clarke, and S. M. Furnell, “Challenges to digital forensics: A survey of researchers amp; practitioners attitudes and opinions,” in Information Security for South Africa, 2013, 2013, pp. 1–8. [4] E. S. Pilli, R. C. Joshi, and R. Niyogi, “Network forensic frameworks: Survey and research challenges,” Digital Investigation, vol. 7, no. 1–2, pp. 14–27, Oct. 2010. [5] Marcus K Rogers and Kate Seigfried, “The future of computer forensics: a needs analysis survey,” Computers & Security, vol. 23, no. 1, pp. 12–16, Feb. 2004. [6] Krishnun Sansurooah, “Taxonomy of computer forensics methodologies and procedures for digital evidence seizure”, Australian Digital Forensics Conference,2006