Improving data confidentiality in personal computer environment using on line...Damir Delija
The document describes a crypto-disk online encryption system that aims to improve data secrecy for PC users. The system uses a device driver to encrypt and decrypt data in the background as it is written to and read from virtual encrypted disks, redirecting the encrypted data to a file on a host disk. The encryption is transparent to applications and uses the symmetric-key IDEA algorithm. The system is designed to provide encryption with reasonable performance overhead and easy use for improving data privacy on personal computers.
This document discusses adding artificial intelligence capabilities to workload managers like IBM's AIX Work Load Manager (WLM) to help address system performance problems. It proposes using monitoring data and fuzzy logic rules to detect issues, identify problematic processes, and dynamically reschedule processes to prioritize important services. Existing system instrumentation and soft computing tools could be integrated with Perl to implement this. However, these ideas are theoretical and soft computing approaches are not widely known or accepted. The goal is to give workload managers more "brains" to autonomously address performance problems based on gathered data and expert knowledge encoded as fuzzy rules.
This document provides an example of how to configure workload management (WLM) classes on an AIX system based on business priorities for a banking workload. It describes setting up WLM classes mapped to different business processes and database instances, with rules for static and dynamic classification of processes into the classes. Processes are classified into classes like "biz_critical", "biz_important", and "biz_regular" based on their importance to the business, and resources are prioritized accordingly.
The document discusses EnCase Direct Network Preview, which allows an examiner to access and examine data on a powered-on computer remotely. It involves generating encryption key pairs, creating a direct servlet file using the public key, deploying the servlet on the target computer, and then connecting from the examiner's EnCase interface by providing the IP address and port. This enables viewing and analyzing the contents of drives, removable media, and memory on the live remote system without needing authentication files or passphrases if disks are encrypted.
Draft current state of digital forensic and data science Damir Delija
In this presentation we will introduce current state of digital forensics, its positioning in general IT security and relations with data science and data analyses. Many strong links exist among this technical and scientific fields, usually this links are not taken into consideration. For data owners, forensic researchers and investigators this connections and data views presents additional hidden values.
Improving data confidentiality in personal computer environment using on line...Damir Delija
The document describes a crypto-disk online encryption system that aims to improve data secrecy for PC users. The system uses a device driver to encrypt and decrypt data in the background as it is written to and read from virtual encrypted disks, redirecting the encrypted data to a file on a host disk. The encryption is transparent to applications and uses the symmetric-key IDEA algorithm. The system is designed to provide encryption with reasonable performance overhead and easy use for improving data privacy on personal computers.
This document discusses adding artificial intelligence capabilities to workload managers like IBM's AIX Work Load Manager (WLM) to help address system performance problems. It proposes using monitoring data and fuzzy logic rules to detect issues, identify problematic processes, and dynamically reschedule processes to prioritize important services. Existing system instrumentation and soft computing tools could be integrated with Perl to implement this. However, these ideas are theoretical and soft computing approaches are not widely known or accepted. The goal is to give workload managers more "brains" to autonomously address performance problems based on gathered data and expert knowledge encoded as fuzzy rules.
This document provides an example of how to configure workload management (WLM) classes on an AIX system based on business priorities for a banking workload. It describes setting up WLM classes mapped to different business processes and database instances, with rules for static and dynamic classification of processes into the classes. Processes are classified into classes like "biz_critical", "biz_important", and "biz_regular" based on their importance to the business, and resources are prioritized accordingly.
The document discusses EnCase Direct Network Preview, which allows an examiner to access and examine data on a powered-on computer remotely. It involves generating encryption key pairs, creating a direct servlet file using the public key, deploying the servlet on the target computer, and then connecting from the examiner's EnCase interface by providing the IP address and port. This enables viewing and analyzing the contents of drives, removable media, and memory on the live remote system without needing authentication files or passphrases if disks are encrypted.
Draft current state of digital forensic and data science Damir Delija
In this presentation we will introduce current state of digital forensics, its positioning in general IT security and relations with data science and data analyses. Many strong links exist among this technical and scientific fields, usually this links are not taken into consideration. For data owners, forensic researchers and investigators this connections and data views presents additional hidden values.
Uvođenje novih sadržaja u nastavu digitalne forenzike i kibernetičke sigurnos...Damir Delija
Sažetak - U ovom radu razmatramo načine kontinuiranog uvođenje novih sadržaja u predmete s područja kibernetičke sigurnosti. Kao primjer navodimo „Osnove računalne forenzike“ u koji se novi sadržaji uvode korištenjem studentskih praktičnih i teoretskih radova, ideje za radove predlažu studenti i predavači. Predloženi postupak se sastoji iz testiranja kroz studentski rad, te ugradnje rezultata u nastavne materijale. Da bi se studentski rad uspješno koristio mora zadovoljiti niz zahtjeva: prilagođenost stupnju znanja studenta i raspoloživoj opremi, raspoloživost alata i sustava, jednostavna implementacija i prenosivost, upotreba alata otvorenog koda i slobodnih alata, te minimalna cijena.
..ili kako to rade obrazovne institucije u svijetu te sto bi od njih trebali kopirati.
Predavnanje je odrzano na
Carnet User Conference CUC 10.11.2016.
6414 preparation and planning of the development of a proficiency test in the...Damir Delija
This document discusses the preparation and planning for developing a proficiency test in digital forensics using a Greyp electric bicycle. It outlines the planned project phases including creating scenarios, making forensic copies, collecting and evaluating results, and creating and distributing the test. Preliminary analyses of the bicycle have been conducted using various forensic tools to identify and validate digital artifacts that could be used for the test. While work has faced delays due to COVID-19, initial results suggest there are sufficient artifacts across the bicycle and associated devices and cloud storage to form the basis of a useful proficiency test.
Remote forensics involves acquiring digital evidence from remote devices or locations without physical access. It includes applications like electronic discovery, incident response, network forensics, and cloud forensics. While often understood as live forensics, remote forensics also includes techniques like booting devices into forensic modes remotely or using forensic tools on remote systems to access local evidence. Enterprise-level remote forensic tools allow preventative forensics and faster incident response but are not widely used due to budget, knowledge, and legal barriers. As technology spreads and more data is stored remotely, remote forensics will become more important and perhaps even fully automated for Internet of Things devices in the future.
This document discusses reasons for disliking digital forensics and identifies areas for improvement. It begins by introducing the author's background and motivation. The document then examines issues with naming conventions, tools/practices, standards/definitions, training/certification, and subfields. Key problems highlighted include a lack of standardization, compatibility issues between tools, outdated mindsets, and insufficient computing foundations in training. The author advocates treating digital forensics as an engineering science and applying best computing practices. Overall, the document critically analyzes challenges currently facing the field and questions how these issues may impact the future if not addressed.
Concepts and Methodology in Mobile Devices Digital Forensics Education and Tr...Damir Delija
One of draft versios of "Concepts and Methodology in Mobile Devices Digital Forensics Education and Training",
Abstract - This paper presents various issues in digital forensics of mobile devices and how to address these issues in the related education and training process. Mobile devices forensics is a new, very fast developing field which lacks standardization, compatibility, tools, methods and skills. All this drawbacks have impact on the results of forensic process and also have deep influence in training and education process. In this paper real life experience in training is presented, with tools, devices, procedures and organization with purpose to improve process of mobile devices forensics and mobile forensic training and education
The document provides an overview of the deep web and digital investigations. It defines the deep web as data that is inaccessible to regular search engines but exists on the internet. This includes dynamically generated web pages, private websites requiring login, and files accessible only through direct filesystem access. The document estimates the deep web is 400-550 times larger than the surface web that is indexed by search engines. Standard digital forensic procedures can be applied to investigate the deep web, but tools may need to be adapted to handle specialized browsers and access methods used to retrieve deep web resources.
Datafoucs 2014 on line digital forensic investigations damir delija 2Damir Delija
This document discusses how to conduct on-line digital forensic investigations using EnCase Enterprise v7. It describes the key EnCase Enterprise components that enable forensically sound and secure network investigations, including the SAFE for authentication, the Examiner for examinations, and Servlets installed on remote machines. It provides steps for creating a new case, adding target nodes, conducting live previews and analyses of remote disks and RAM, and performing automated sweeps to collect files and system information from multiple machines using snapshot, file processing, and system info modules. The document emphasizes the importance of planning, monitoring sweeps, and documenting results.
The document provides an overview of the basic steps for conducting an ediscovery collection using Guidance Software's EnCase Enterprise v7. It describes installing the required EnCase Enterprise components like the SAFE, Examiner and Servlets. It then outlines how to open a new case, define the target nodes, create a collection sweep to retrieve files and metadata based on conditions, and handle the sweep results. The summary provides the essential workflow and technical components involved in performing a foundational EnCase Enterprise collection.
The document discusses how to process scanned documents in EnCase forensic software. It outlines that paper evidence needs to be converted to a digital format that forensic software can analyze. This involves scanning paper documents to create image files, then using optical character recognition (OCR) to convert those images into text files that can be indexed and searched in forensic software like EnCase. It stresses the importance of keeping the entire process forensically sound by not altering the original evidence, documenting all tools and files used, and considering metadata changes.
The document discusses using forensic preview, triage, and collection techniques with the TD3 device. It explores using these processes to complement full drive collection. Preview allows determining if a volume contains evidence, triage prioritizes investigation by reviewing data quickly, and collection fully images storage if enough evidence is found. The document outlines using the TD3 over iSCSI to remotely access storage in a forensically sound way for these processes. This enables fast review and triage to reduce data volume and close cases more efficiently. Hands-on with these techniques will be demonstrated using EnCase tools connected remotely to the TD3 during the training.
This document discusses the digital forensic tool EnCase Forensic. It provides an overview of EnCase and its features, including that it is a leading forensic tool accepted in courts. The document then outlines a scenario where EnCase will be used to conduct a forensic investigation based on a search warrant. The remainder of the document walks through the key functions and screens of EnCase like adding disk images, searching for evidence, tagging evidence, and reporting while conducting the outlined forensic investigation scenario.
Usage aspects techniques for enterprise forensics data analytics toolsDamir Delija
This document discusses techniques for accessing and analyzing data from enterprise forensic tools using external data analytics tools. It provides an example using the forensic tools EnCase v7 and FTK to collect disk images, memory images, and system snapshots from endpoints. While these tools store useful data, it can be difficult to extract and analyze. The document demonstrates connecting an EnCase database to an external analytics tool to allow easier viewing and analysis of process and network data across multiple snapshots. This approach could integrate forensic data with security tools like SIEM for more automated incident response.
Uvođenje novih sadržaja u nastavu digitalne forenzike i kibernetičke sigurnos...Damir Delija
Sažetak - U ovom radu razmatramo načine kontinuiranog uvođenje novih sadržaja u predmete s područja kibernetičke sigurnosti. Kao primjer navodimo „Osnove računalne forenzike“ u koji se novi sadržaji uvode korištenjem studentskih praktičnih i teoretskih radova, ideje za radove predlažu studenti i predavači. Predloženi postupak se sastoji iz testiranja kroz studentski rad, te ugradnje rezultata u nastavne materijale. Da bi se studentski rad uspješno koristio mora zadovoljiti niz zahtjeva: prilagođenost stupnju znanja studenta i raspoloživoj opremi, raspoloživost alata i sustava, jednostavna implementacija i prenosivost, upotreba alata otvorenog koda i slobodnih alata, te minimalna cijena.
..ili kako to rade obrazovne institucije u svijetu te sto bi od njih trebali kopirati.
Predavnanje je odrzano na
Carnet User Conference CUC 10.11.2016.
6414 preparation and planning of the development of a proficiency test in the...Damir Delija
This document discusses the preparation and planning for developing a proficiency test in digital forensics using a Greyp electric bicycle. It outlines the planned project phases including creating scenarios, making forensic copies, collecting and evaluating results, and creating and distributing the test. Preliminary analyses of the bicycle have been conducted using various forensic tools to identify and validate digital artifacts that could be used for the test. While work has faced delays due to COVID-19, initial results suggest there are sufficient artifacts across the bicycle and associated devices and cloud storage to form the basis of a useful proficiency test.
Remote forensics involves acquiring digital evidence from remote devices or locations without physical access. It includes applications like electronic discovery, incident response, network forensics, and cloud forensics. While often understood as live forensics, remote forensics also includes techniques like booting devices into forensic modes remotely or using forensic tools on remote systems to access local evidence. Enterprise-level remote forensic tools allow preventative forensics and faster incident response but are not widely used due to budget, knowledge, and legal barriers. As technology spreads and more data is stored remotely, remote forensics will become more important and perhaps even fully automated for Internet of Things devices in the future.
This document discusses reasons for disliking digital forensics and identifies areas for improvement. It begins by introducing the author's background and motivation. The document then examines issues with naming conventions, tools/practices, standards/definitions, training/certification, and subfields. Key problems highlighted include a lack of standardization, compatibility issues between tools, outdated mindsets, and insufficient computing foundations in training. The author advocates treating digital forensics as an engineering science and applying best computing practices. Overall, the document critically analyzes challenges currently facing the field and questions how these issues may impact the future if not addressed.
Concepts and Methodology in Mobile Devices Digital Forensics Education and Tr...Damir Delija
One of draft versios of "Concepts and Methodology in Mobile Devices Digital Forensics Education and Training",
Abstract - This paper presents various issues in digital forensics of mobile devices and how to address these issues in the related education and training process. Mobile devices forensics is a new, very fast developing field which lacks standardization, compatibility, tools, methods and skills. All this drawbacks have impact on the results of forensic process and also have deep influence in training and education process. In this paper real life experience in training is presented, with tools, devices, procedures and organization with purpose to improve process of mobile devices forensics and mobile forensic training and education
The document provides an overview of the deep web and digital investigations. It defines the deep web as data that is inaccessible to regular search engines but exists on the internet. This includes dynamically generated web pages, private websites requiring login, and files accessible only through direct filesystem access. The document estimates the deep web is 400-550 times larger than the surface web that is indexed by search engines. Standard digital forensic procedures can be applied to investigate the deep web, but tools may need to be adapted to handle specialized browsers and access methods used to retrieve deep web resources.
Datafoucs 2014 on line digital forensic investigations damir delija 2Damir Delija
This document discusses how to conduct on-line digital forensic investigations using EnCase Enterprise v7. It describes the key EnCase Enterprise components that enable forensically sound and secure network investigations, including the SAFE for authentication, the Examiner for examinations, and Servlets installed on remote machines. It provides steps for creating a new case, adding target nodes, conducting live previews and analyses of remote disks and RAM, and performing automated sweeps to collect files and system information from multiple machines using snapshot, file processing, and system info modules. The document emphasizes the importance of planning, monitoring sweeps, and documenting results.
The document provides an overview of the basic steps for conducting an ediscovery collection using Guidance Software's EnCase Enterprise v7. It describes installing the required EnCase Enterprise components like the SAFE, Examiner and Servlets. It then outlines how to open a new case, define the target nodes, create a collection sweep to retrieve files and metadata based on conditions, and handle the sweep results. The summary provides the essential workflow and technical components involved in performing a foundational EnCase Enterprise collection.
The document discusses how to process scanned documents in EnCase forensic software. It outlines that paper evidence needs to be converted to a digital format that forensic software can analyze. This involves scanning paper documents to create image files, then using optical character recognition (OCR) to convert those images into text files that can be indexed and searched in forensic software like EnCase. It stresses the importance of keeping the entire process forensically sound by not altering the original evidence, documenting all tools and files used, and considering metadata changes.
The document discusses using forensic preview, triage, and collection techniques with the TD3 device. It explores using these processes to complement full drive collection. Preview allows determining if a volume contains evidence, triage prioritizes investigation by reviewing data quickly, and collection fully images storage if enough evidence is found. The document outlines using the TD3 over iSCSI to remotely access storage in a forensically sound way for these processes. This enables fast review and triage to reduce data volume and close cases more efficiently. Hands-on with these techniques will be demonstrated using EnCase tools connected remotely to the TD3 during the training.
This document discusses the digital forensic tool EnCase Forensic. It provides an overview of EnCase and its features, including that it is a leading forensic tool accepted in courts. The document then outlines a scenario where EnCase will be used to conduct a forensic investigation based on a search warrant. The remainder of the document walks through the key functions and screens of EnCase like adding disk images, searching for evidence, tagging evidence, and reporting while conducting the outlined forensic investigation scenario.
Usage aspects techniques for enterprise forensics data analytics toolsDamir Delija
This document discusses techniques for accessing and analyzing data from enterprise forensic tools using external data analytics tools. It provides an example using the forensic tools EnCase v7 and FTK to collect disk images, memory images, and system snapshots from endpoints. While these tools store useful data, it can be difficult to extract and analyze. The document demonstrates connecting an EnCase database to an external analytics tool to allow easier viewing and analysis of process and network data across multiple snapshots. This approach could integrate forensic data with security tools like SIEM for more automated incident response.
Communication network simulation on the unix system trough use of the remote ...Damir Delija
This document describes a simulation of a communication network on UNIX using Remote Procedure Calls (RPCs). The simulation allows testing of network modules and consists of three processes that communicate via RPCs: a network simulator process, a host process, and a remote procedure monitor (RPM) process. The network simulator process pseudocode shows how it simulates message passing between the host and RPM processes and controls message loss based on configurable probability and duration parameters.
2. Cilj
sigurnost
– Omogučiti edukaciju računalne forenzike prema
potrebama korisnika u regiji
– Edukacija usmjerena prema korisniku, prema
alatu i zadatku koji korisnik mora obaviti
integrirana
• Na lokalnom jeziku, sa relevatnim primjerima
• Na licu mjesta, kod korisnika ili u našem trening centru
ili na nekoj trećoj lokaciji
3. Važnost edukacije
sigurnost
i certificiranja
• Kontinuirano praćenje i usavršavanje
– Razvoj alata
– Razvoj zločina
– Razvoj okruženja
integrirana
– Povratna informacija o tome što i kako treba
usavršavati
• Garancija osobljenosti
5. Certifikat EnCE®
sigurnost
• EnCase® Certified Examiner
– Dokazuje osposbljenost za rad
• Dva djela ispita
– Pismeni
integrirana
– praktični zadatak
• Sve na
http://www.guidancesoftware.com/computer-
forensics-training-ence-certification.htm
6. Lokalizirani materjali
sigurnost
EnCase® Računalna forenzika I
EnCase® Računalna forenzika II
EnCase® v6 Napredna računalna forenzika
integrirana
EnCase® v6 EnCE® Pripremni tečaj
EnCase® Neutrino® Forenzika mobilnih telefona