ADFSL Conference 2010

  • 357 views
Uploaded on

Keynote Address at the ADFSL Conference July 2010 in Minneapolis.

Keynote Address at the ADFSL Conference July 2010 in Minneapolis.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
357
On Slideshare
0
From Embeds
0
Number of Embeds
1

Actions

Shares
Downloads
1
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Digital Evidence Analytics: What does the evidence really mean? The 2010 ADFSL Conference on Digital Forensics, Security and Law May 19-21, 2010 St. Paul, Minnesota, USA Tuesday, May 25, 2010 1
  • 2. Dr. Marcus K. Rogers University Faculty Scholar Fellow of CERIAS Director - Cyber Forensics Program College of Technology Purdue University CERIAS 2 Tuesday, May 25, 2010 2
  • 3. DE evolution Acquisition Focused All about the data! Examination and Analysis Information is King! Interpretation Knowledge?? 3 Tuesday, May 25, 2010 3
  • 4. context • How do we get there from here? • Content is not the be all, live all, end all! • What meaning can we ascribe to what we are seeing? 4 Tuesday, May 25, 2010 4
  • 5. context v. content • allows for attributions to be attached to the data. • relational and/or structure and meaning to the data. • determines the value or weight of the raw data. 5 Tuesday, May 25, 2010 5
  • 6. context v. content • totality of the physical and electronic/virtual environment. • what is missing or absent can be as important as what is there (e.g., missing log files, wiped data areas). • personal narrative is the key to connecting the data points and more importantly, predicting future behavior (of either the system or the user). 6 Tuesday, May 25, 2010 6
  • 7. what can the data tell us? • Context • Meaning • Personal Narrative • Linkages 7 Tuesday, May 25, 2010 7
  • 8. what can the data tell us? • Intentions of individual or group (past & future) • Social networks • Technical capacity • Resources • Organizational structure • Organizational activities • Environment • Pattern of life 8 Tuesday, May 25, 2010 8
  • 9. connecting the dots • Pattern analysis • Chronologies (e.g., timelines) • Frequency analyses • Hierarchical connections or nodes • small world networks - (degrees of separation in social networks), dense connection nodes 9 Tuesday, May 25, 2010 9
  • 10. visualization • Graphical representations allow for better initial analysis by humans (non machine learning systems) • Heatmaps • color coded to indicate relationships and importance • Dashboard or console UI's. • Allow quick summary with the ability to drill down to various levels of granularity 10 Tuesday, May 25, 2010 10
  • 11. visualization • Timelines • using drill down charts that can be superimposed over other interfaces • Mind maps • dynamic fluid relationships and interconnections at different levels of granularity 11 Tuesday, May 25, 2010 11
  • 12. points of view • investigators v. analysts • technical v. analytical • our frame of reference is vital • communication is vital • asking better questions of the data! 12 Tuesday, May 25, 2010 12
  • 13. analysis Scientific Investigative Analytics Method Theory who Data driven development what (data mining) when Decision making Hypothesis testing where Statistical why analysis Probabilities how Pattern Error rates identification Accuracy 13 Tuesday, May 25, 2010 13
  • 14. Summary • It is not all about the data...its not all about the information. • Information consists of facts and data organized to describe a particular situation or condition. • It is really about the knowledge! • Knowledge is applied to interpret information about the situation and to decide how to handle it. 14 Tuesday, May 25, 2010 14
  • 15. “There is nothing more deceptive than an obvious fact” Sir Arthur Conan Doyle Sherlock Holmes The Boscombe Valley Mystery 15 Tuesday, May 25, 2010 15
  • 16. contact information Dr. Marcus Rogers 765-494-2561 cyberforensics@mac.com http://cyberforensics.purdue.edu 16 Tuesday, May 25, 2010 16