Technical Challenges in Cyber Forensics

1,214 views
1,054 views

Published on

A presentation given at the Glasgow Caledonian University, Digital Forensics Student Conference in 2014 discussing some of the technical challenges we face in cyber forensics and possible research areas.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,214
On SlideShare
0
From Embeds
0
Number of Embeds
40
Actions
Shares
0
Downloads
31
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Technical Challenges in Cyber Forensics

  1. 1. Technical Challenges in Cyber Forensics Glasgow Caledonian University, Digital Forensics Student Conference
  2. 2. Agenda The technical challenges The research areas
  3. 3. Before we begin… Who is NCC? • 100 million GBP revenue FTSE company • Cyber Security Assurance Practice • 180 UK technical assurance consultants • applied research (.gov.uk / .co.uk) • technical security assessments • cyber forensics incident response • 50 UK risk / audit consultants • 90 US technical assurance consultants • Escrow & Software Assurance = sister BUs
  4. 4. Before we begin… Hopefully not a lesson in sucking eggs
  5. 5. Things I won’t cover… because Keith did/will •Accreditation •Big data •Cyber security* •Cloud computing •Mobile*
  6. 6. Why forensics? •What happened •How it happened •Where it happened •Who did it / who didn’t do it •Why it happened*
  7. 7. Forensic chain of custody requirements •Intention: Court •high •Intention: Not court •low Focus for this talk: not court
  8. 8. What we see today •Offensive material •Basic data theft •remote internet •internal employee •Hacktivisim •Financial related •Complex nation state threat actors •high value IP theft
  9. 9. Tech challenge #1: non-tech usability •Triage •Acquisition •Aggregation •Processing •Analysis •Answers
  10. 10. Tech challenge #2: security •TPM •Crypto •software •hardware •Device protection •passphrase •fingerprint •anti-tamper
  11. 11. Tech challenge #3: IoT acquisition •CCTV, Watches, TVs, Fridges etc.. •Vehicles •Multi Functional Devices •BMS / EMS .. etc.. … storage removal … storage processing … ability to make sense
  12. 12. Tech challenge #4: rapid tech evolution •Devices •Operating systems •Apps •Methods of communication •Methods of storage •Internet services
  13. 13. Tech challenge #4: attribution & intent •Who •Why •Capabilities •Traits (MO)
  14. 14. Tech challenges: example #1
  15. 15. Tech challenges: example #2
  16. 16. Example research: NCC suggested projects • Storage Reduction for Network Captures • High Performance Captured Network Meta Data Analysis • Network Capture Visualization • Automated Net Flow Heuristic Signature Production • Forensic Memory Resident Password Recover • Application Location Services in Data Forensics Investigations
  17. 17. Future research •Usability of forensics tools •Agility / adaptability in forensics tools •Internet forensics / Open Source Intel •Stitching multiple distinct sources •Detecting use of anti-forensics •Detecting use of offensive-forensics •High-speed forensics
  18. 18. Future research •Reactive forensic supporting systems •Pro-active forensic supporting design pattterns •systems & apps •Crowd sourcing / gamification applications in forensics •Expert systems (AI) use in forensics •inference engines / knowledge base http://link.springer.com/chapter/10.1007%2F978-3-540-77368-9_31
  19. 19. Summary •We need to make it •easier to collect & get answers •scalable & efficient •reliable & adaptable •We need to be able to •consume intelligence •produce intelligence •share more
  20. 20. UK Offices Manchester - Head Office Cheltenham Edinburgh Leatherhead London Milton Keynes North American Offices San Francisco Atlanta New York Seattle Austin Australian Offices Sydney European Offices Amsterdam - Netherlands Munich – Germany Zurich - Switzerland Thanks? Questions? Ollie Whitehouse ollie.whitehouse@nccgroup.com

×