introduction
DESCRIPTION
INTRODUCTION. Patrick Norman. World Trends. Smart World Smart Grids (Power, etc.) Mobile Integration between physical and digital world. IT Threats. DDoS attacks Fraud Phishing Attacks Spoofing Talk more about other attacks and threats. Forensics Investigators. - PowerPoint PPT PresentationTRANSCRIPT
INTRODUCTION
Patrick Norman
World Trends
• Smart World – Smart Grids (Power, etc.)– Mobile – Integration between
physical and digital world
IT Threats
• DDoS attacks• Fraud• Phishing Attacks• Spoofing• Talk more about other
attacks and threats
Forensics Investigators
Main responsibilities (Job activities)
• Attempting to uncover the trace of an attacker to identify him
• Uncovering IT System security threats
• Testifying in court against convicts
• Add slideshow of Department of Justice documents
Importance of Computer Forensics Systems
How can Computer Forensics Systems improve security
• Better identification of system threats to improve protective measures
• Catching cyber criminals will have a better effect than regular criminals because they have bots automatically generating threats (FIX THIS)
Simulation
Background of Simulation
• Statistical Modelling– Idea
• Software– Arena – Custom code
Simulation
• Why do we simulate?– An Improved tool
• When do we simulate?– Before and after an event
• Can we rely on it?– 70-90%
Simulation
• Inputs– Random Number generators
• Outputs• How to interpret results
SDLC and Simulation
Statistical Modelling
• When should this be used?• Key success components
Software
• Monte Carlo– Off-the-shelf– Advantages
• Network Modelling– Off-the-shelf– Advantages
• Custom Code
Computer Forensics
Mobile Forensics
• Outsell PCs
• Harder to investigate• Newly acquired need to investigate• Data paths• Numerous Manufacturers
• NIST
Tools & Techniques
• SIMbrush
• MOBILedit!
• TULP 2G
Weaknesses
Network Forensics
• “Network forensics is the science that deals with capture, recording, and analysis of network traffic for detecting intrusions and investigating them.”
Tools & Techniques
Weaknesses
Database Forensics
Tools & Techniques
• SQL Server Management Studio Express• SQL CMD• Windows Forensic Tool Chest• NetCat• WinHex
Challenges
• Encryption
• Use as Evidence
• Evolving Technology
Application
Step 1: Observation
Observation
• Actual Observation– On the shop floor
• Historic– Statistics– Distribution
• Diagrams– System Architecture
Observation
Develop the Equation
BASIS FOR ENTIRE MODEL
Step Two
Develop the Model
Models
• Network Models– Processes– Data flow– Queues
Models
• Monte Carlo– Deterministic– Largely Random
Model
• Objective– Gain Knowledge– Matching real and simulated– Now Let’s break it
Step 3
Analyze and Fix
Analysis
• Multiple Iterations• Compare Expected and Actual Results• Compare Actual and Historic Results
Benefits to UNIWO
• Security of IT systems– Pre and post simulation will allow us to identify
threats earlier• Stability– Probability of having an unexpected system
shutdown is decreased significantly• Simulation added to computer forensics will
improve chances for catching cybercriminals by identifying their patterns