Real Time Event RecordingSystem, the tool for Digital  Forensics Investigation                Madhav Limaye               ...
Practice today• Investigator finds device been used• Attempt to dig out all events in past,e.g.   –   an object (file/regi...
Success factors•   Success rate depends on multiple factors•   Need multiple tools•   Need expertise•   Total failure if, ...
Things available native…• Native tools/repository is present  – Cookies  – Windows     • Event Log     • Registry  – Cell ...
The proposed tool•   Record When It Happens/Occurs•   Should support all Devices•   Can be Agent Based/Less•   Records to ...
Challenges for implementation• Biggest – data storage• Switching off the agent• Taking the device off the n/w, in case  Ag...
Other Utilization• At nation level, for national security  – Monitor activities at public places, e.g. Net cafes• At Enter...
Approaches for implementation• Agent Based    –   To avoid device, being monitored, performance does not degrade    –   Ha...
Q &A
Thank you       Madhav Limaye        mlimaye@gmail.com
Upcoming SlideShare
Loading in...5
×

Real Time Event Recording System the Tool for Digital Forensics Investigation by Madhav Limaye

545

Published on

This is the Tool kind of Application that records the system events, e.g. File Delete, File Execute etc., on the central Server, which are the potential events used by Digital Forensic Investigators while investigating Offensive Event, e.g. Hosting an Attack.

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
545
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
7
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Real Time Event Recording System the Tool for Digital Forensics Investigation by Madhav Limaye

  1. 1. Real Time Event RecordingSystem, the tool for Digital Forensics Investigation Madhav Limaye mlimaye@gmail.com
  2. 2. Practice today• Investigator finds device been used• Attempt to dig out all events in past,e.g. – an object (file/registry) deleted from the Disk/Device – executing an EXE – Cookies – contents sent out, e.g. for printing – access the network resource – Calls made through IP phones – Etc.
  3. 3. Success factors• Success rate depends on multiple factors• Need multiple tools• Need expertise• Total failure if, – Device Reset – physically damaged• Etc.
  4. 4. Things available native…• Native tools/repository is present – Cookies – Windows • Event Log • Registry – Cell phone • call history• Those are local, can be cleaned or overflow
  5. 5. The proposed tool• Record When It Happens/Occurs• Should support all Devices• Can be Agent Based/Less• Records to central server• Can work On-line/Off-line
  6. 6. Challenges for implementation• Biggest – data storage• Switching off the agent• Taking the device off the n/w, in case Agentless
  7. 7. Other Utilization• At nation level, for national security – Monitor activities at public places, e.g. Net cafes• At Enterprise to enforce policies of device usage• At home, to monitor usage by minors
  8. 8. Approaches for implementation• Agent Based – To avoid device, being monitored, performance does not degrade – Have “off-line” monitor – Avoid n/w bandwidth conservation• Protecting the Agent – Heartbeat: poll for agent alive – Tie it to Device Kernel, somehow, so if someone tries to “kill” it, it will take the device down• Configurable Events/Devices – The Events/Devices, depth/detail etc. should be configurable – There should be “white-list” for Devices and Events/Applications – E.g. • the “Exchange” server is “trusted” • Not monitoring the Events for tools Source Code Control• Pushing the logs to server – On “configurable” interval – On “shut-down” of the device
  9. 9. Q &A
  10. 10. Thank you Madhav Limaye mlimaye@gmail.com
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×