-
7/31/2019 Computer Forensic Reforms (Robinson)
1/25
COMPUTERFORENSICREFORMS
ApplicationstoIntelligenceAnalysis
-
7/31/2019 Computer Forensic Reforms (Robinson)
2/25
StartingPoint:
Scientificanalysisofcomputers
andcommunicationsystemssotheresultscanbeusedinlegal
proceedings.
Digital
Forensics
-
7/31/2019 Computer Forensic Reforms (Robinson)
3/25
Twoprincipleconcentrations
1. E-DiscoveryandMEDEX
2. Analysisofsystemstoidentifyparticularactivity,e.g.,criminalactivitysuchashacking.
-
7/31/2019 Computer Forensic Reforms (Robinson)
4/25
ConsiderablesimilaritybetweenIntelligenceAnalysisandDigitalForensics
-
7/31/2019 Computer Forensic Reforms (Robinson)
5/25
FinishedProduct Forensic
Report
Decision/PolicyMaker
Collection
IntelligenceAnalyst
Attorney/Client
Acquisition
ForensicExaminer
IntelligenceAnalysis ComputerForensics
-
7/31/2019 Computer Forensic Reforms (Robinson)
6/25
Wehaveourproblems.
-
7/31/2019 Computer Forensic Reforms (Robinson)
7/25
Forexample:1. DecliningbudgetsDomorewithless.2. Fasterturnaroundtimesrequired.3. Appreciablegapbetweenseniorexaminers
andentrylevelpersonnel.4. Customersdontunderstandwhatwedo
tothemitsometimesappearslikemagic.Soundfamiliar?
-
7/31/2019 Computer Forensic Reforms (Robinson)
8/25
Threesignificant,specificproblemsandtheirsolutions.
-
7/31/2019 Computer Forensic Reforms (Robinson)
9/25
Problem:Increaseinthevolumeofmaterial
-
7/31/2019 Computer Forensic Reforms (Robinson)
10/25
Themovefromgigabytestopetabytes.
-
7/31/2019 Computer Forensic Reforms (Robinson)
11/25
-
7/31/2019 Computer Forensic Reforms (Robinson)
12/25
Solution:Newanalytic/searchtool.
-
7/31/2019 Computer Forensic Reforms (Robinson)
13/25
-
7/31/2019 Computer Forensic Reforms (Robinson)
14/25
Problem:Attributiontosuspectedactors.
-
7/31/2019 Computer Forensic Reforms (Robinson)
15/25
AttackedComputer
InfectedComputer
AttackersComputer
Router
Router Router
Router
Trackinganattackbacktoitssource.
-
7/31/2019 Computer Forensic Reforms (Robinson)
16/25
Solution: Formationofinformationexchangeandengageincyberprofiling.
-
7/31/2019 Computer Forensic Reforms (Robinson)
17/25
Thisactuallybecameacomplicatedsolution.
Majorcomponents:1.Dialogueidentifydataimportanttous2.Trainthepartnersstaff3.Exchangedatainatimelyfashion
-
7/31/2019 Computer Forensic Reforms (Robinson)
18/25
Noticetheclusteringofpowerindividuals.
Thesoftwarethatproducedthis,SentinelAnalyzer,sellsfor$4,000.
-
7/31/2019 Computer Forensic Reforms (Robinson)
19/25
WedidntstopofSentinelAnalyzer.Othertoolswereincorporated,suchasSplunk.
-
7/31/2019 Computer Forensic Reforms (Robinson)
20/25
Problem:Dealingwithnewexaminers.
-
7/31/2019 Computer Forensic Reforms (Robinson)
21/25
WithinthelastthreeyearsanumberofAmericanuniversitieshaveintroduced
graduatelevelprogramsincomputerforensics.Theresultisfarfromconsistent.
-
7/31/2019 Computer Forensic Reforms (Robinson)
22/25
Solution: Mentoringwithspecificscenarios/exercises.
-
7/31/2019 Computer Forensic Reforms (Robinson)
23/25
Afewnotes:1. Regularmentoringdidnotwork.2. Scenariosweredetailedwithquantifiable
results.3. Newemployeeswereevaluatedonanalysis
aswellaswritingskills.
-
7/31/2019 Computer Forensic Reforms (Robinson)
24/25
Bank
Currenttechniqueintheftoffunds.
Bot/infectedcomputer
BadGuy
Victim
-
7/31/2019 Computer Forensic Reforms (Robinson)
25/25
COMPUTERFORENSICREFORMS
MichaelRobinson |[email protected]
