Your SlideShare is downloading. ×
0
The Future of Digital Forensics
The Future of Digital Forensics
The Future of Digital Forensics
The Future of Digital Forensics
The Future of Digital Forensics
The Future of Digital Forensics
The Future of Digital Forensics
The Future of Digital Forensics
The Future of Digital Forensics
The Future of Digital Forensics
The Future of Digital Forensics
The Future of Digital Forensics
The Future of Digital Forensics
The Future of Digital Forensics
The Future of Digital Forensics
The Future of Digital Forensics
The Future of Digital Forensics
The Future of Digital Forensics
The Future of Digital Forensics
The Future of Digital Forensics
The Future of Digital Forensics
The Future of Digital Forensics
The Future of Digital Forensics
The Future of Digital Forensics
The Future of Digital Forensics
The Future of Digital Forensics
The Future of Digital Forensics
The Future of Digital Forensics
The Future of Digital Forensics
The Future of Digital Forensics
The Future of Digital Forensics
The Future of Digital Forensics
The Future of Digital Forensics
The Future of Digital Forensics
The Future of Digital Forensics
The Future of Digital Forensics
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

The Future of Digital Forensics

1,547

Published on

RSA Asia Pacific 2013 Conference(Singapore, Jun 5-6) presentation

RSA Asia Pacific 2013 Conference(Singapore, Jun 5-6) presentation

Published in: Technology, Business
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,547
On Slideshare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
68
Comments
0
Likes
2
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Session ID: Session Classification: SungKyong Un ETRI CLE‐W04 Intermediate THE FUTURE OF DIGITAL FORENISCS
  • 2. Forensics Source: mlhradio@flickr
  • 3. Digital Forensics
  • 4. ► DFRWS (2001) defines ► The use of scientifically derived and proven methods toward the preservation, collection, validation, identification, analysis, interpretation, documentation and presentation of digital evidence derived from digital sources for the purpose of facilitating or furthering the reconstruction of events found to be criminal, or helping to anticipate unauthorized actions shown to be disruptive to planned operations. Digital Forensics
  • 5. Digital Forensics Procedure Start Identify Storage Duplicate? Duplicate Imaging? Imaging Analysis Report End No No Yes Yes Write Protect Write Protect Source : TTAS.KO-12.0058 “Computer Forensics Guideline”
  • 6. Imaging Hardware Duplicator source: http://www.solstice-inc.com HDD Imaing source : joncrel@flickr
  • 7. Recovery
  • 8. Keyword Search source : Konrad Andrews@flickr
  • 9. Index Search
  • 10. Registry
  • 11. Web History
  • 12. Email
  • 13. Messenger
  • 14. Anti-Forensics - Eraser Magnatic Eraser source: http://www.garner-product.com Automatic Eraser source: http://www.wiebetech.com
  • 15. Anti-Forensics - Encryption Apple FileVault Encrypted File System (AES) Mac OS X v10.3 MS BitLocker Drive Encryption (AES) Windows Vista, 7 MS Office Encryption Option Various Algorithm
  • 16. Anti-Forensics - Countermeasure GPU based parallel password search Source : ETRI FPGA based password search Source : www.tableau.com
  • 17. The Present
  • 18. SmartPhone Forensics
  • 19. SmartPhone Forensics Item Dummy Smart Target Models >1,000/Year >10/Year OS Symbian, Qualcomm iOS, Android, Windows  Mobile, BlackberryOS Interface Various USB Acquisition Logical, Physical Logical, Physical, Backup Data Phone book, Call history,  SMS, Photo, Schedule + Email, Web History, Map,  Location, SNS, Message,  App, ID/PW DB Format Various Sqlite 3rd Party App ‐ App Market
  • 20. Analysis - Briefing
  • 21. Analysis -Timeline
  • 22. Analysis –Web Browsing
  • 23. Analysis – Location & Routing
  • 24. Analysis – App Category App Phone Call Skype, Viber, Google Voice, ... Message Cacao Talk, iMessage, Twitter DM, Facebook Message, ... SNS Twitter, Facebook, me2day, ... Storage Dropbox, uCloud, SugarSync, Box.net, iCloud, ... Key DataVault, 1Password, Strip, ...
  • 25. Analysis – Communication Network source: http://www.i2group.com
  • 26. Analysis – Social Network
  • 27. The Future
  • 28. Problem or Inconvience Large Storage Search Space++ 1TB 14H? (20MB/s) New Device/Service New Tools Buy/Educate? Forensics= Tool Expert? New Environment Internet (Blog,Cafe, SNS) Smart PhoneCloud Computing (Seizure & Search Warrant?) Binary Search Index Search What if keyword is not known?
  • 29. NewViewpoint Investigating the case, not the device Need information, not data Multiple device/services per user Need multi(source) data integration Continuous device/service creation/change Need a framework to host Multiple remote sites Need mobility & connectivity Volatile evidences Need acquisition method & third party attestation
  • 30. The Future of Digital Forensics Data Centric Analysis Conduct Centric Analysis Forensic Tools Forensic Services
  • 31. ► Multi-source Evidence Acquisition ► Relationship Analysis ► Intuitive Analysis ► Automatic Analysis Based on the Profile Conduct Centric Analysis
  • 32. ► Parallel/Distributed Platform for Large Data Handling ► Adapting Fast Changing Device/Tools ► User Mobility & Connectivity Forensic Services
  • 33. Forensic Cloud: Forensics as a Service Attestation Forensic File  Filter Forensic VFS Multi‐vision GUI Mobile GUI Web GUI PW/Anti‐Forensic Front‐End Layer Presentation Layer Data Processing Layer Platform Layer Single Platform (Win/Linux) Distributed Platform  (Cloud/Grid) Data CategorizationForensic Index File/Memory Analysis Multi‐source  Acquisition Online Forensic  Data Acquisition Real‐time Digital Forensic Service Visualization e‐Discovery Service Forensic Cloud Technology Framework Centralized Repository Analysis Automation e‐Discovery Review/Reporting
  • 34. Forensic Cloud: Forensics as a Service 디지털 증거 실시간 공증 기술 Forensic File  Filter Forensic VFS Windows GUI Smart Phone GUI Web GUI 패스워드 해독/ 안티포렌식 기술 Front‐End Layer Client Layer Data Processing Layer Platform Layer Single Platform (Win/Linux) Distributed Platform  (Cloud/Grid) 데이터 식별/분류/연관성 분석 기술 포렌식 인덱스/고속 검색 기술 시스템 파일/물리 메모리 분석 기술 멀티 소스 데이터 획득/변환 기술 온라인 포렌식 데이터 수집 기술 Real‐time Digital Forensic Service 시각화 기술 e‐Discovery Service Forensic Cloud Technology Framework Centralized Repository 분석 자동화 기술 e‐Discovery기술 Review/Reporting  기술 Parallel/Distributed Computing  Core Function Acceleration  Visualization  Intuitive Analysis Mobile Support  User Mobility/Connectivity
  • 35. Forensic Cloud: Forensics as a Service Data Categorization Relationship Analysis Visualization Forensic VFS Forensic Filter Analysis Automation eDiscovery Online Forensic Data Acquisition Attestation Multi-source Data Acquization /Conversion Keyword Search File/Memory Analysis Review/ Reporting Anti Forensic Indexed Search PW Recovery Forensic Cloud
  • 36. Forensic Cloud: Forensics as a Service source: http://en.wikipedia.org/wiki/File:Sun_Modular_Datacenter_SunEBC.JPG

×