Information overload is one of the biggest problems facing professionals working in the fields of Digital Forensics and Cybersecurity. The sheer volume of cases requiring digital forensic analysis in law enforcement agencies throughout the world is outstripping the capacities of digital forensic laboratories. This has resulted in huge digital evidence backlogs becoming commonplace and cases being ruled upon in court without the inclusion of potentially pertinent information, which is sitting idle in some evidence store. As is commonly relayed in the media, the frequency of cyberattacks being faced by governments, law enforcement agencies, and industry is increasing, alongside the sophistication of the techniques used. Current rules-based network intrusion detection systems are predominantly based on historic, known threat vectors and result in a very high amount of false positive alerts being generated. Intelligent, real-time, automated data processing and event categorisation is one solution that shows great promise to combat this information overload.
꧁❤ Greater Noida Call Girls Delhi ❤꧂ 9711199171 ☎️ Hard And Sexy Vip Call
Predict Conference: Data Analytics for Digital Forensics and Cybersecurity
1.
2. Challenges Facing Digital Forensics
Challenges Facing Cybersecurity
Where Data Analytics Can Help
[Sample Current Research Projects]
Agenda 2
4. Digital Forensic Challenges
The consistency and correlation problem
Results from the fact that existing tools are designed to find fragments
of evidence, but not to otherwise assist in investigations.
The unified time lining problem
Multiple sources present different time zone references, timestamp
interpretations, clock skew/drift issues, and the syntax aspects involved
in generating a unified timeline.
The diversity problem
Results from ever-increasing volumes of data
Lack of standard techniques to examine and analyse the increasing
numbers and types of sources, which bring a plurality of operating
systems, file formats, etc.
4
5. The number of cases whereby digital evidence is
deemed pertinent is ever increasing.
An increase in the number of devices that are seized
for analysis per case.
The volume of potentially evidence-rich data stored on
each item seized is also increasing.
Digital Forensics:
The Volume Challenge
5
6. Digital Forensic Backlog
Backlogs have become commonplace in recent years
Commonly exceeds 18 months
Often exceeds 2 years
According to a report by An Garda Síochána, delays of up
to four years
``Seriously impacted on the timeliness of criminal investigations'' in
recent years.
In some cases, these delays have resulted in prosecutions being
dismissed in courts.
6
7. One Solution: Deduplication
Digital Forensics as a Service (DFaaS) model
Centralisation of digital forensic processing
Elimination of duplicated effort from the typical forensic
process:
Eliminate duplicated acquisition
Eliminate duplicated storage
Eliminate duplicated analysis and processing
7
8. 8Intelligent Automated Evidence
Processing
Research towards automated evidence processing
Leverages centralised record of evidence analysis
Learns what makes evidence pertinent/non-pertinent
Photographic and Video Human/Object Identification
Biometric estimation; ageing, height, weight, etc.
Location determination
10. Information Overload 10
Information overload facing cybersecurity professionals
False positive alert rate is too high
Attack Sophistication
Difficult to identify anomalies
Data Analytics can enable behavioural anomaly detection
Similar premise to what antivirus systems followed to combat
polymorphic and metamorphic malware
11. Network Behavioural Analysis
Build a baseline of each node’s activity on the network
Categorise nodes based on their normal behaviour
Alert when a deviation from this norm is identified
Intrusion Detection
Botnet Investigation
11
12. Effectively the same idea! Includes:
Network Traffic
Device Utilisation
Correlation between devices
Can identify specific users in multiuser environments
User Behavioural Analysis 12
13. Data Analytics to Break Encryption
Software defined radio to capture leaking CPU
electromagnetic radiation
Becomes a Big Data/Data Analytics problem
13