SlideShare a Scribd company logo

Iseek forensics

Download as PPTX, PDF
Dr. Richard Adams
Dr. Richard Adams

A short presentation of ISEEK being used for distributed processing in a digital forensics mode. Includes examples of complex search terms and comparisons with the results of alternative approaches.

Technology
1 of 15
Hybrid forensics and ISEEK For ediscovery, digital forensics, IT compliance and malware detection
Issues with traditional digital forensics Storage capacities have increased dramatically since the existing tools were developed ‘Live’ forensics is often employed but this tends to be selective copies of files into some form of container and is not very thorough Expensive and highly-skilled resources are always tied up with acquiring the data in a forensic manner Trying to use eDiscovery technology turns out to be expensive and not appropriate for a forensic investigation Relying on indexes to identify material of interest introduces severe limitations in both time and accuracy It is hard to scale up the processing due to the requirement for dongles and/or write-blockers Remote analysis and collection normally requires some form of reliable link to be established between two points Remote analysis and collection normally requires expert human resources at the remote location Remote analysis and collection is hard to scale up for more than one site, and impossible to scale up for 100 or more
Patented process
Benefits of leveraging hybrid technology • COST – Leveraging an eDiscovery approach but without the cost for deployment • RESOURCES – Obtain better leverage of your skilled staff by reducing the amount of time they are tied up in the collection process • IMPACT – Reduce the impact on organisations during large-scale investigations by: • 1. dramatically reducing the amount of data crossing their network • 2. not requiring ‘agents’ with their inherent risk to be installed on their systems • 3. not requiring an ‘indexing server’ be constantly attached to their network or an index to be built on the target system • SPEED – Using the target machines for processing reduces the total collection time to that of the slowest machine which further reduces the impact on the systems under investigation. Typically collections that would normally take days are reduced to a few hours through parallelism. • COMPLETENESS – By undertaking searches at the disk level rather than at the file system level all data is searched rather than a limited number of file types. Unknown file types and foreign languages are no impediment to the process. • CAPABILITY – The tools enable investigations to be undertaken that would have been impossible/impractical using other tools and methods, e.g. rapid processing of computer systems located overseas, isolated systems, triaging hundreds of systems instead of just a small sample.
Examples of use
CASE STUDY– US financial institution Fraud • The case arose from a Grand Jury subpoena for documents relating to finance transactions by 17 employees of a large California bank based in LA, but owned overseas. • The quotes from the ‘Big 4’ to find the records using the traditional approach (all of which consisted of emails from the custodians) gave an estimated time for producing the responsive documents to be around 3 months. • Two IT employees, both foreign nationals, ran the hybrid tool against 4 TBs of email (PST and OST files) in 48 hours and generated a total of 27,000 emails that were relevant to the subpoena. 12 Attorneys for the Bank hired as outside counsel then reviewed the emails over 12 days, generating a final email encrypted container that provided the Department of Justice with the subpoena return.
Foreign language searches in email attachments CLICK TO VIEW LARGER IMAGE
Foreign language search results from ISEEK CLICK TO VIEW LARGER IMAGE
No results from a popular search engine CLICK TO VIEW LARGER IMAGE
No results from a typical forensics tool CLICK TO VIEW LARGER IMAGE
ISEEK results for a complex search term CLICK TO VIEW LARGER IMAGE
No results from search engine and forensics tool CLICK TO VIEW LARGER IMAGE
Hybrid tool notification and results list also available via email
Other features of hybrid forensics • Process large numbers of mounted forensic images • Monitor remote activity via email notifications • Receive encrypted results lists via email • Receive captured files in an encrypted container via email (below a certain practical limit) • Consistent application of fully objective search criteria through deployment of copies of an encrypted configuration file • No reliance on a connection to remote target systems • Data remains secure and encrypted at all times • Dramatically reduce work inventory and review volume • Initiate remote processing via a browser session on the target system • Ability to run the tool covertly, i.e. completely hidden from the system user • Immediate review in fully encrypted environment
More information • Website : https://www.xtremeforensics.biz/ • Download demo : https://www.xtremeforensics.biz/iseek-demo- download • Conference paper : http://ro.ecu.edu.au/cgi/viewcontent.cgi?article =1171&context=adf

Recommended

6414 preparation and planning of the development of a proficiency test in the...
6414 preparation and planning of the development of a proficiency test in the...6414 preparation and planning of the development of a proficiency test in the...
6414 preparation and planning of the development of a proficiency test in the...Damir Delija
 
EnCase Enterprise Basic File Collection
EnCase Enterprise Basic File Collection EnCase Enterprise Basic File Collection
EnCase Enterprise Basic File Collection Damir Delija
 
encase enterprise
encase enterprise encase enterprise
encase enterprise Damir Delija
 
online investigation
online investigationonline investigation
online investigationfortune777
 
Big Data Shouldn't Be Big
Big Data Shouldn't Be BigBig Data Shouldn't Be Big
Big Data Shouldn't Be BigNapier University
 
Datafoucs 2014 on line digital forensic investigations damir delija 2
Datafoucs 2014 on line digital forensic investigations damir delija 2Datafoucs 2014 on line digital forensic investigations damir delija 2
Datafoucs 2014 on line digital forensic investigations damir delija 2Damir Delija
 
Lodis Linked In Power Point Presentation 2012
Lodis Linked In Power Point Presentation 2012Lodis Linked In Power Point Presentation 2012
Lodis Linked In Power Point Presentation 2012jaywhitt
 
Angelbeat -Cut Your Troubleshooting_Time-In-Half
Angelbeat -Cut Your Troubleshooting_Time-In-HalfAngelbeat -Cut Your Troubleshooting_Time-In-Half
Angelbeat -Cut Your Troubleshooting_Time-In-HalfRick Kingsley
 

Recommended

6414 preparation and planning of the development of a proficiency test in the...
6414 preparation and planning of the development of a proficiency test in the...6414 preparation and planning of the development of a proficiency test in the...
6414 preparation and planning of the development of a proficiency test in the...Damir Delija
 
EnCase Enterprise Basic File Collection
EnCase Enterprise Basic File Collection EnCase Enterprise Basic File Collection
EnCase Enterprise Basic File Collection Damir Delija
 
encase enterprise
encase enterprise encase enterprise
encase enterprise Damir Delija
 
online investigation
online investigationonline investigation
online investigationfortune777
 
Big Data Shouldn't Be Big
Big Data Shouldn't Be BigBig Data Shouldn't Be Big
Big Data Shouldn't Be BigNapier University
 
Datafoucs 2014 on line digital forensic investigations damir delija 2
Datafoucs 2014 on line digital forensic investigations damir delija 2Datafoucs 2014 on line digital forensic investigations damir delija 2
Datafoucs 2014 on line digital forensic investigations damir delija 2Damir Delija
 
Lodis Linked In Power Point Presentation 2012
Lodis Linked In Power Point Presentation 2012Lodis Linked In Power Point Presentation 2012
Lodis Linked In Power Point Presentation 2012jaywhitt
 
Angelbeat -Cut Your Troubleshooting_Time-In-Half
Angelbeat -Cut Your Troubleshooting_Time-In-HalfAngelbeat -Cut Your Troubleshooting_Time-In-Half
Angelbeat -Cut Your Troubleshooting_Time-In-HalfRick Kingsley
 
Usage aspects techniques for enterprise forensics data analytics tools
Usage aspects techniques for enterprise forensics data analytics toolsUsage aspects techniques for enterprise forensics data analytics tools
Usage aspects techniques for enterprise forensics data analytics toolsDamir Delija
 
DTI Overview Presentation 2010
DTI Overview Presentation 2010DTI Overview Presentation 2010
DTI Overview Presentation 2010Darrin Campbell
 
Dataviz For Cyber Security
Dataviz For Cyber SecurityDataviz For Cyber Security
Dataviz For Cyber SecurityAwalin Sopan
 
CNIT 121: 17 Remediation Introduction (Part 1)
CNIT 121: 17 Remediation Introduction (Part 1)CNIT 121: 17 Remediation Introduction (Part 1)
CNIT 121: 17 Remediation Introduction (Part 1)Sam Bowne
 
CNIT 121: 4 Getting the Investigation Started on the Right Foot & 5 Initial D...
CNIT 121: 4 Getting the Investigation Started on the Right Foot & 5 Initial D...CNIT 121: 4 Getting the Investigation Started on the Right Foot & 5 Initial D...
CNIT 121: 4 Getting the Investigation Started on the Right Foot & 5 Initial D...Sam Bowne
 
CNIT 152: 6 Scoping & 7 Live Data Collection
CNIT 152: 6 Scoping & 7 Live Data CollectionCNIT 152: 6 Scoping & 7 Live Data Collection
CNIT 152: 6 Scoping & 7 Live Data CollectionSam Bowne
 
Clinical and Business Analytics - HIMSS 2015
Clinical and Business Analytics - HIMSS 2015Clinical and Business Analytics - HIMSS 2015
Clinical and Business Analytics - HIMSS 2015ExtraHop Networks
 
VMworld 2013: Using The Cloud Compass to Evaluate Technology Risk in Cloud De...
VMworld 2013: Using The Cloud Compass to Evaluate Technology Risk in Cloud De...VMworld 2013: Using The Cloud Compass to Evaluate Technology Risk in Cloud De...
VMworld 2013: Using The Cloud Compass to Evaluate Technology Risk in Cloud De...VMworld
 
History of data centric transformation preso
History of data centric transformation presoHistory of data centric transformation preso
History of data centric transformation presoDarren Pulsipher
 
TIC-TOC: Disrupt the Threat Management Conversation with Dominique Singer and...
TIC-TOC: Disrupt the Threat Management Conversation with Dominique Singer and...TIC-TOC: Disrupt the Threat Management Conversation with Dominique Singer and...
TIC-TOC: Disrupt the Threat Management Conversation with Dominique Singer and...SaraPia5
 
10 Differences Between eDiscovery & Information Governance
10 Differences Between eDiscovery & Information Governance10 Differences Between eDiscovery & Information Governance
10 Differences Between eDiscovery & Information GovernanceEliseT2015
 
Remote forensics fsec2016 delija draft
Remote forensics fsec2016 delija draftRemote forensics fsec2016 delija draft
Remote forensics fsec2016 delija draftDamir Delija
 
Epiq E Discovery Faq Hong Kong
Epiq E Discovery Faq Hong KongEpiq E Discovery Faq Hong Kong
Epiq E Discovery Faq Hong KongDmitriHubbard
 
Cut End-to-End eDiscovery Time in Half: Leveraging the Cloud
Cut End-to-End eDiscovery Time in Half: Leveraging the CloudCut End-to-End eDiscovery Time in Half: Leveraging the Cloud
Cut End-to-End eDiscovery Time in Half: Leveraging the CloudDruva
 
RenewData Corporate Brochure
RenewData Corporate BrochureRenewData Corporate Brochure
RenewData Corporate BrochureAlan Brooks
 
The Biggest Mistake you can make with your Data Center Licenses
The Biggest Mistake you can make with your Data Center LicensesThe Biggest Mistake you can make with your Data Center Licenses
The Biggest Mistake you can make with your Data Center LicensesIvanti
 
Introduction to computer forensic
Introduction to computer forensicIntroduction to computer forensic
Introduction to computer forensicOnline
 
DTI Overview Presentation 2010
DTI Overview Presentation 2010DTI Overview Presentation 2010
DTI Overview Presentation 2010dcampbellelite
 
CHIME LEAD New York 2014 "Case Studies from the Field: Putting Cyber Security...
CHIME LEAD New York 2014 "Case Studies from the Field: Putting Cyber Security...CHIME LEAD New York 2014 "Case Studies from the Field: Putting Cyber Security...
CHIME LEAD New York 2014 "Case Studies from the Field: Putting Cyber Security...Health IT Conference – iHT2
 
The Online Court - CTC 2017
The Online Court - CTC 2017The Online Court - CTC 2017
The Online Court - CTC 2017David Harvey
 
Document Management System
Document Management SystemDocument Management System
Document Management SystemVaughan Olufemi ACIB, AICEN, ANIM
 
ShadowCounsel LLC - Services and Pricing
ShadowCounsel LLC - Services and PricingShadowCounsel LLC - Services and Pricing
ShadowCounsel LLC - Services and PricingDavid Black
 

More Related Content

What's hot

Usage aspects techniques for enterprise forensics data analytics tools
Usage aspects techniques for enterprise forensics data analytics toolsUsage aspects techniques for enterprise forensics data analytics tools
Usage aspects techniques for enterprise forensics data analytics toolsDamir Delija
 
DTI Overview Presentation 2010
DTI Overview Presentation 2010DTI Overview Presentation 2010
DTI Overview Presentation 2010Darrin Campbell
 
Dataviz For Cyber Security
Dataviz For Cyber SecurityDataviz For Cyber Security
Dataviz For Cyber SecurityAwalin Sopan
 
CNIT 121: 17 Remediation Introduction (Part 1)
CNIT 121: 17 Remediation Introduction (Part 1)CNIT 121: 17 Remediation Introduction (Part 1)
CNIT 121: 17 Remediation Introduction (Part 1)Sam Bowne
 
CNIT 121: 4 Getting the Investigation Started on the Right Foot & 5 Initial D...
CNIT 121: 4 Getting the Investigation Started on the Right Foot & 5 Initial D...CNIT 121: 4 Getting the Investigation Started on the Right Foot & 5 Initial D...
CNIT 121: 4 Getting the Investigation Started on the Right Foot & 5 Initial D...Sam Bowne
 
CNIT 152: 6 Scoping & 7 Live Data Collection
CNIT 152: 6 Scoping & 7 Live Data CollectionCNIT 152: 6 Scoping & 7 Live Data Collection
CNIT 152: 6 Scoping & 7 Live Data CollectionSam Bowne
 
Clinical and Business Analytics - HIMSS 2015
Clinical and Business Analytics - HIMSS 2015Clinical and Business Analytics - HIMSS 2015
Clinical and Business Analytics - HIMSS 2015ExtraHop Networks
 
VMworld 2013: Using The Cloud Compass to Evaluate Technology Risk in Cloud De...
VMworld 2013: Using The Cloud Compass to Evaluate Technology Risk in Cloud De...VMworld 2013: Using The Cloud Compass to Evaluate Technology Risk in Cloud De...
VMworld 2013: Using The Cloud Compass to Evaluate Technology Risk in Cloud De...VMworld
 
History of data centric transformation preso
History of data centric transformation presoHistory of data centric transformation preso
History of data centric transformation presoDarren Pulsipher
 
TIC-TOC: Disrupt the Threat Management Conversation with Dominique Singer and...
TIC-TOC: Disrupt the Threat Management Conversation with Dominique Singer and...TIC-TOC: Disrupt the Threat Management Conversation with Dominique Singer and...
TIC-TOC: Disrupt the Threat Management Conversation with Dominique Singer and...SaraPia5
 

What's hot (10)

Usage aspects techniques for enterprise forensics data analytics tools
Usage aspects techniques for enterprise forensics data analytics toolsUsage aspects techniques for enterprise forensics data analytics tools
Usage aspects techniques for enterprise forensics data analytics tools
 
DTI Overview Presentation 2010
DTI Overview Presentation 2010DTI Overview Presentation 2010
DTI Overview Presentation 2010
 
Dataviz For Cyber Security
Dataviz For Cyber SecurityDataviz For Cyber Security
Dataviz For Cyber Security
 
CNIT 121: 17 Remediation Introduction (Part 1)
CNIT 121: 17 Remediation Introduction (Part 1)CNIT 121: 17 Remediation Introduction (Part 1)
CNIT 121: 17 Remediation Introduction (Part 1)
 
CNIT 121: 4 Getting the Investigation Started on the Right Foot & 5 Initial D...
CNIT 121: 4 Getting the Investigation Started on the Right Foot & 5 Initial D...CNIT 121: 4 Getting the Investigation Started on the Right Foot & 5 Initial D...
CNIT 121: 4 Getting the Investigation Started on the Right Foot & 5 Initial D...
 
CNIT 152: 6 Scoping & 7 Live Data Collection
CNIT 152: 6 Scoping & 7 Live Data CollectionCNIT 152: 6 Scoping & 7 Live Data Collection
CNIT 152: 6 Scoping & 7 Live Data Collection
 
Clinical and Business Analytics - HIMSS 2015
Clinical and Business Analytics - HIMSS 2015Clinical and Business Analytics - HIMSS 2015
Clinical and Business Analytics - HIMSS 2015
 
VMworld 2013: Using The Cloud Compass to Evaluate Technology Risk in Cloud De...
VMworld 2013: Using The Cloud Compass to Evaluate Technology Risk in Cloud De...VMworld 2013: Using The Cloud Compass to Evaluate Technology Risk in Cloud De...
VMworld 2013: Using The Cloud Compass to Evaluate Technology Risk in Cloud De...
 
History of data centric transformation preso
History of data centric transformation presoHistory of data centric transformation preso
History of data centric transformation preso
 
TIC-TOC: Disrupt the Threat Management Conversation with Dominique Singer and...
TIC-TOC: Disrupt the Threat Management Conversation with Dominique Singer and...TIC-TOC: Disrupt the Threat Management Conversation with Dominique Singer and...
TIC-TOC: Disrupt the Threat Management Conversation with Dominique Singer and...
 

Similar to Iseek forensics

10 Differences Between eDiscovery & Information Governance
10 Differences Between eDiscovery & Information Governance10 Differences Between eDiscovery & Information Governance
10 Differences Between eDiscovery & Information GovernanceEliseT2015
 
Remote forensics fsec2016 delija draft
Remote forensics fsec2016 delija draftRemote forensics fsec2016 delija draft
Remote forensics fsec2016 delija draftDamir Delija
 
Epiq E Discovery Faq Hong Kong
Epiq E Discovery Faq Hong KongEpiq E Discovery Faq Hong Kong
Epiq E Discovery Faq Hong KongDmitriHubbard
 
Cut End-to-End eDiscovery Time in Half: Leveraging the Cloud
Cut End-to-End eDiscovery Time in Half: Leveraging the CloudCut End-to-End eDiscovery Time in Half: Leveraging the Cloud
Cut End-to-End eDiscovery Time in Half: Leveraging the CloudDruva
 
RenewData Corporate Brochure
RenewData Corporate BrochureRenewData Corporate Brochure
RenewData Corporate BrochureAlan Brooks
 
The Biggest Mistake you can make with your Data Center Licenses
The Biggest Mistake you can make with your Data Center LicensesThe Biggest Mistake you can make with your Data Center Licenses
The Biggest Mistake you can make with your Data Center LicensesIvanti
 
Introduction to computer forensic
Introduction to computer forensicIntroduction to computer forensic
Introduction to computer forensicOnline
 
DTI Overview Presentation 2010
DTI Overview Presentation 2010DTI Overview Presentation 2010
DTI Overview Presentation 2010dcampbellelite
 
CHIME LEAD New York 2014 "Case Studies from the Field: Putting Cyber Security...
CHIME LEAD New York 2014 "Case Studies from the Field: Putting Cyber Security...CHIME LEAD New York 2014 "Case Studies from the Field: Putting Cyber Security...
CHIME LEAD New York 2014 "Case Studies from the Field: Putting Cyber Security...Health IT Conference – iHT2
 
The Online Court - CTC 2017
The Online Court - CTC 2017The Online Court - CTC 2017
The Online Court - CTC 2017David Harvey
 
ShadowCounsel LLC - Services and Pricing
ShadowCounsel LLC - Services and PricingShadowCounsel LLC - Services and Pricing
ShadowCounsel LLC - Services and PricingDavid Black
 
Cloud - Security - Big Data
Cloud - Security - Big DataCloud - Security - Big Data
Cloud - Security - Big DataRaffael Marty
 
Collecting and preserving digital evidence
Collecting and preserving digital evidenceCollecting and preserving digital evidence
Collecting and preserving digital evidenceOnline
 
Accelerated Migrations with Nuix
Accelerated Migrations with NuixAccelerated Migrations with Nuix
Accelerated Migrations with NuixCarey Bandler
 
Surviving Technology 2009 & The Paralegal
Surviving Technology 2009 & The ParalegalSurviving Technology 2009 & The Paralegal
Surviving Technology 2009 & The ParalegalAubrey Owens
 

Similar to Iseek forensics (20)

10 Differences Between eDiscovery & Information Governance
10 Differences Between eDiscovery & Information Governance10 Differences Between eDiscovery & Information Governance
10 Differences Between eDiscovery & Information Governance
 
Remote forensics fsec2016 delija draft
Remote forensics fsec2016 delija draftRemote forensics fsec2016 delija draft
Remote forensics fsec2016 delija draft
 
Epiq E Discovery Faq Hong Kong
Epiq E Discovery Faq Hong KongEpiq E Discovery Faq Hong Kong
Epiq E Discovery Faq Hong Kong
 
Cut End-to-End eDiscovery Time in Half: Leveraging the Cloud
Cut End-to-End eDiscovery Time in Half: Leveraging the CloudCut End-to-End eDiscovery Time in Half: Leveraging the Cloud
Cut End-to-End eDiscovery Time in Half: Leveraging the Cloud
 
RenewData Corporate Brochure
RenewData Corporate BrochureRenewData Corporate Brochure
RenewData Corporate Brochure
 
The Biggest Mistake you can make with your Data Center Licenses
The Biggest Mistake you can make with your Data Center LicensesThe Biggest Mistake you can make with your Data Center Licenses
The Biggest Mistake you can make with your Data Center Licenses
 
Introduction to computer forensic
Introduction to computer forensicIntroduction to computer forensic
Introduction to computer forensic
 
DTI Overview Presentation 2010
DTI Overview Presentation 2010DTI Overview Presentation 2010
DTI Overview Presentation 2010
 
CHIME LEAD New York 2014 "Case Studies from the Field: Putting Cyber Security...
CHIME LEAD New York 2014 "Case Studies from the Field: Putting Cyber Security...CHIME LEAD New York 2014 "Case Studies from the Field: Putting Cyber Security...
CHIME LEAD New York 2014 "Case Studies from the Field: Putting Cyber Security...
 
The Online Court - CTC 2017
The Online Court - CTC 2017The Online Court - CTC 2017
The Online Court - CTC 2017
 
Document Management System
Document Management SystemDocument Management System
Document Management System
 
ShadowCounsel LLC - Services and Pricing
ShadowCounsel LLC - Services and PricingShadowCounsel LLC - Services and Pricing
ShadowCounsel LLC - Services and Pricing
 
Webinar Win In Court V3
Webinar Win In Court V3Webinar Win In Court V3
Webinar Win In Court V3
 
EDRM - OLP
EDRM - OLPEDRM - OLP
EDRM - OLP
 
5 things municipal lawyers need to know about eDiscovery
5 things municipal lawyers need to know about eDiscovery5 things municipal lawyers need to know about eDiscovery
5 things municipal lawyers need to know about eDiscovery
 
Cloud - Security - Big Data
Cloud - Security - Big DataCloud - Security - Big Data
Cloud - Security - Big Data
 
Collecting and preserving digital evidence
Collecting and preserving digital evidenceCollecting and preserving digital evidence
Collecting and preserving digital evidence
 
Cyber Forensics Module 1
Cyber Forensics Module 1Cyber Forensics Module 1
Cyber Forensics Module 1
 
Accelerated Migrations with Nuix
Accelerated Migrations with NuixAccelerated Migrations with Nuix
Accelerated Migrations with Nuix
 
Surviving Technology 2009 & The Paralegal
Surviving Technology 2009 & The ParalegalSurviving Technology 2009 & The Paralegal
Surviving Technology 2009 & The Paralegal
 

Recently uploaded

My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfjimielynbastida
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 

Recently uploaded (20)

My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdf
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 

Iseek forensics

  • 1. Hybrid forensics and ISEEK For ediscovery, digital forensics, IT compliance and malware detection
  • 2. Issues with traditional digital forensics Storage capacities have increased dramatically since the existing tools were developed ‘Live’ forensics is often employed but this tends to be selective copies of files into some form of container and is not very thorough Expensive and highly-skilled resources are always tied up with acquiring the data in a forensic manner Trying to use eDiscovery technology turns out to be expensive and not appropriate for a forensic investigation Relying on indexes to identify material of interest introduces severe limitations in both time and accuracy It is hard to scale up the processing due to the requirement for dongles and/or write-blockers Remote analysis and collection normally requires some form of reliable link to be established between two points Remote analysis and collection normally requires expert human resources at the remote location Remote analysis and collection is hard to scale up for more than one site, and impossible to scale up for 100 or more
  • 4. Benefits of leveraging hybrid technology • COST – Leveraging an eDiscovery approach but without the cost for deployment • RESOURCES – Obtain better leverage of your skilled staff by reducing the amount of time they are tied up in the collection process • IMPACT – Reduce the impact on organisations during large-scale investigations by: • 1. dramatically reducing the amount of data crossing their network • 2. not requiring ‘agents’ with their inherent risk to be installed on their systems • 3. not requiring an ‘indexing server’ be constantly attached to their network or an index to be built on the target system • SPEED – Using the target machines for processing reduces the total collection time to that of the slowest machine which further reduces the impact on the systems under investigation. Typically collections that would normally take days are reduced to a few hours through parallelism. • COMPLETENESS – By undertaking searches at the disk level rather than at the file system level all data is searched rather than a limited number of file types. Unknown file types and foreign languages are no impediment to the process. • CAPABILITY – The tools enable investigations to be undertaken that would have been impossible/impractical using other tools and methods, e.g. rapid processing of computer systems located overseas, isolated systems, triaging hundreds of systems instead of just a small sample.
  • 6. CASE STUDY– US financial institution Fraud • The case arose from a Grand Jury subpoena for documents relating to finance transactions by 17 employees of a large California bank based in LA, but owned overseas. • The quotes from the ‘Big 4’ to find the records using the traditional approach (all of which consisted of emails from the custodians) gave an estimated time for producing the responsive documents to be around 3 months. • Two IT employees, both foreign nationals, ran the hybrid tool against 4 TBs of email (PST and OST files) in 48 hours and generated a total of 27,000 emails that were relevant to the subpoena. 12 Attorneys for the Bank hired as outside counsel then reviewed the emails over 12 days, generating a final email encrypted container that provided the Department of Justice with the subpoena return.
  • 7. Foreign language searches in email attachments CLICK TO VIEW LARGER IMAGE
  • 8. Foreign language search results from ISEEK CLICK TO VIEW LARGER IMAGE
  • 9. No results from a popular search engine CLICK TO VIEW LARGER IMAGE
  • 10. No results from a typical forensics tool CLICK TO VIEW LARGER IMAGE
  • 11. ISEEK results for a complex search term CLICK TO VIEW LARGER IMAGE
  • 12. No results from search engine and forensics tool CLICK TO VIEW LARGER IMAGE
  • 13. Hybrid tool notification and results list also available via email
  • 14. Other features of hybrid forensics • Process large numbers of mounted forensic images • Monitor remote activity via email notifications • Receive encrypted results lists via email • Receive captured files in an encrypted container via email (below a certain practical limit) • Consistent application of fully objective search criteria through deployment of copies of an encrypted configuration file • No reliance on a connection to remote target systems • Data remains secure and encrypted at all times • Dramatically reduce work inventory and review volume • Initiate remote processing via a browser session on the target system • Ability to run the tool covertly, i.e. completely hidden from the system user • Immediate review in fully encrypted environment
  • 15. More information • Website : https://www.xtremeforensics.biz/ • Download demo : https://www.xtremeforensics.biz/iseek-demo- download • Conference paper : http://ro.ecu.edu.au/cgi/viewcontent.cgi?article =1171&context=adf