technical challenges in cyber forensics
Post on 22-Oct-2014
1.559 views
DESCRIPTION
A presentation given at the Glasgow Caledonian University, Digital Forensics Student Conference in 2014 discussing some of the technical challenges we face in cyber forensics and possible research areas.TRANSCRIPT
Technical Challenges in Cyber ForensicsGlasgow Caledonian University, Digital Forensics Student Conference
Agenda
The technical challenges
The research areas
Before we begin… Who is NCC?
• 100 million GBP revenue FTSE company• Cyber Security Assurance Practice
• 180 UK technical assurance consultants• applied research (.gov.uk / .co.uk)
• technical security assessments
• cyber forensics incident response
• 50 UK risk / audit consultants
• 90 US technical assurance consultants
• Escrow & Software Assurance = sister BUs
Before we begin…
Hopefully not a lesson in sucking eggs
Things I won’t cover… because Keith did/will
•Accreditation•Big data•Cyber security*•Cloud computing•Mobile*
Why forensics?
•What happened•How it happened•Where it happened•Who did it / who didn’t do it•Why it happened*
Forensic chain of custody requirements
• Intention: Court•high
• Intention: Not court• low
Focus for this talk: not court
What we see today
•Offensive material•Basic data theft
• remote internet• internal employee
•Hacktivisim•Financial related•Complex nation state threat actors
•high value IP theft
Tech challenge #1: non-tech usability
•Triage•Acquisition•Aggregation•Processing•Analysis•Answers
Tech challenge #2: security
•TPM•Crypto
• software•hardware
•Device protection•passphrase• fingerprint•anti-tamper
Tech challenge #3: IoT acquisition
•CCTV, Watches, TVs, Fridges etc..•Vehicles•Multi Functional Devices•BMS / EMS ..
etc..
… storage removal
… storage processing
… ability to make sense
Tech challenge #4: rapid tech evolution
•Devices•Operating systems•Apps•Methods of communication•Methods of storage• Internet services
Tech challenge #4: attribution & intent
•Who•Why•Capabilities•Traits (MO)
Tech challenges: example #1
Tech challenges: example #2
Example research: NCC suggested projects
• Storage Reduction for Network Captures• High Performance Captured Network Meta Data Analysis
• Network Capture Visualization• Automated Net Flow Heuristic Signature Production
• Forensic Memory Resident Password Recover
• Application Location Services in Data Forensics Investigations
Future research
•Usability of forensics tools•Agility / adaptability in forensics tools• Internet forensics / Open Source Intel•Stitching multiple distinct sources•Detecting use of anti-forensics•Detecting use of offensive-forensics•High-speed forensics
Future research
•Reactive forensic supporting systems•Pro-active forensic supporting design pattterns
• systems & apps
•Crowd sourcing / gamification applications in forensics
•Expert systems (AI) use in forensics• inference engines / knowledge basehttp://link.springer.com/chapter/10.1007%2F978-3-540-77368-9_31
Summary
•We need to make it •easier to collect & get answers•scalable & efficient• reliable & adaptable
•We need to be able to• consume intelligence•produce intelligence•share more
UK Offices
Manchester - Head Office
Cheltenham
Edinburgh
Leatherhead
London
Milton Keynes
North American Offices
San Francisco
Atlanta
New York
Seattle
Austin
Australian Offices
Sydney
European Offices
Amsterdam - Netherlands
Munich – Germany
Zurich - Switzerland
Thanks? Questions?
Ollie [email protected]