SlideShare a Scribd company logo

Why i hate digital forensics - draft

Damir Delija
Damir Delija

This document discusses reasons for disliking digital forensics and identifies areas for improvement. It begins by introducing the author's background and motivation. The document then examines issues with naming conventions, tools/practices, standards/definitions, training/certification, and subfields. Key problems highlighted include a lack of standardization, compatibility issues between tools, outdated mindsets, and insufficient computing foundations in training. The author advocates treating digital forensics as an engineering science and applying best computing practices. Overall, the document critically analyzes challenges currently facing the field and questions how these issues may impact the future if not addressed.

Education
1 of 18
Download to read offline
Why I Hate Digital Forensics 2015
A few reasons for the title • Proposal for lecture arrived just after I finally get my long overdue vacation … • Since 2008 I have experience with digital forensics a lot of things that annoy me and makes me think about … • Just finished one EnCase v7 training and one Linux and Mobile training too, that puts me in the mood, since I’m an old grumpy unix sysadmin • I’d like to put up some thoughts and maybe it will start some process about fixing it … Sources • all around from Internet • NIST • SANS • Porcupine web site 2
Lets start - what to talk about It will be about digital forensics and: • naming - real name has power, remember Lord of the Rings • its tools and practices, • its community, • practitioners, • standards and definitions, • trainings, certificates, curriculums • people using its results, • subfields, • relations with other computing science fields • ideas of future would looks • my oppinion 3
Forensics definitions • Forensics is “The application of scientific knowledge to legal problems" (Merriam-Webster) • Includes forensic medicine, physics, chemistry, dentistry, fingerprints, DNA, firearm analysis, accounting, .... • Forensic sciences widely tied to Locard's Exchange Principle "Every contact leaves a trace" (Prof. Edmond Locard, c. 1910) • This is from my favorite source: • Is Mobile Device Forensics Really "Forensics"?, NIST Mobile Forensics Workshop, Gaithersburg, June 2014, Gary C. Kessler 4
Naming – techie side The term itself, name, what is correct? • We have evolution since beginning, comes from debugging … • Forensic Computing: • V.Venema, D.Farmer late 1990’s: „Gathering and analyzing data in a manner as free from distortion or bias as possible to reconstruct data or what has happened in the past on a system.” this is also SANS definiton • Digital forensics and Computer forensics (Wikipedia /technical): • Computer forensics, sometimes known as computer forensic science is a branch of digital forensic science pertaining to evidence found in computers and digital storage media. The goal of computer forensics is to examine digital media in a forensically sound manner with the aim of identifying, preserving, recovering, analyzing and presenting facts and opinions about the digital information. • Cyber forensics • new buzzword or extension into cybernetics in a sense as N. Weiner define cybernetics or into something more like S. Lem ideas ? • just read “Tragedy of washing machines” or “Invincible” and think about Internet of things 5
Naming – legal side • Comes from usage in legal process • combination of concept of digital evidence and forensic computing gives current legal definition • Digital evidence or electronic evidence is any probative information stored or transmitted in digital form that a party to a court case may use at trial. • Judd Robbins: Computer Forensics is simply the application of computer investigation and analysis techniques in the interest of determining potential legal (digital) evidence 6
Definitions - topics to think about • Digital forensics is an engineering science, which is again part of a computer science • The profession of digital forensics requires continued education, training, and practice • Two communities: • computing science • law enforcement / legal • Some discrepancies and rough interfaces because of different definitions, meanings, terms • Important concepts like case, evidence etc. comes from law enforcement but lacks in technical implementations 7
Standards and definitions • Standard exists? • In theoretical sense yes, but: • Are tools, data formats, procedures standardized? NO • Different legal system has wide implications • Compatibility is nonexistent - more in tools , just try to combine and compare results from commercial tools • What about digital forensic language which can describe tasks, procedures, results, data? • automatisation ? • results comparation as automated controls ? 8
Current standards and definitions are they correctly understood? • In theoretical sense yes, but: • what about meaning of write-blocking procedures (holly grail almost) in modern systems • is it forensically acceptable or perfect? • remeber what computer is now and what was than • same for mobile, live acquisition, data analyses, etc. • What about legal boundaries? • Locard's “Exchange Principle“ works for Internet perfectly but data is not available • In that sense Internet is a big flat room but each spot has it custodian and different rules 9
Relations with other computing science fields • Because of fast development always something new, undefined, unbaked • Prime example mobile forensics • Gary Kessler, Gary Kessler Associates, ”Is Mobile Device Forensics Actually "Forensics“”? • That is why I’m for “Forensic Computing” approach in general, but with size of data we have to deal with, its more like data mining • do we apply anything what was learned in data mining and data science to practical digital forensics? • since I mentioned “practice”, again more in tools 10
Tools and practices • Tools – plenty • Usual story about open / commercial and corporate policy • Commercial • mostly based on evolution of a tool someone from law enforcement developed ages ago • by law enforcement – for law enforcement • Free • development from good computing theory but lacking development pace • mostly not for “law enforcement forensics” but for incident response and analyses • for engineer type of mind-set 11
Commercial tools • Preferred in legal part / law enforcement (why?) • What about reliability – a lot of talk about in legal circles in EU • Stephen Mason: challenges of international investigations (search and seizure) and other trial considerations (methods of presentation, admissibility tests) • Mostly based on evolution of a tool someone from law enforcement developed ages ago for his usage • In commercial constant development but a lot of misfires • Last story about encase v7 is perfect horror example, many about others tools too .. • Not well funded theory (better to say not taken into account) • Not best computing practices also taken into account • Lack of standardization • Physical evidence files are standardizes but nothing after that • Lack of cross compatibility • Just try to combine mobile forensics tools • Just try to use logical evidence files • Very expensive and inflexible • All bad choices of MS philosophy of computing incorporated • No chance of automatization or piping tools • Scripting practically no existing • Practically no UNIX platform in mainstream forensics 12
Free / open source tools and practices • Again plenty of tools • Usual story for open source • Special commercial – free versions • Some wonderful tools like FTKimager • Free / test versions • Venema, Farmer, Carrier developed good tools, but for mass usage community knowledge and skills are missing • Developed in sense as forensic science is extension of ordinary science • You have to be very good in medicine to become forensic pathologist – this is the same attitude for these tools and missing from ordinary curriculums • Most recent python development very promising • But I'll say in current state of mind we need “forensic python” which works forensically sound on all supported OS platforms 13
Its community and practitioners • Trainings, certificates, curriculums • There is a lot but not well defined and profiled • Computing and other basics (often) missing • Some horrible side effects as “hexadecimal fetish” in training • My opinion is that knowledge and skillset is needed,one which ages ago described system programmer, with some modern add-ons • Often no careere path • Continuous learning is a problem too, because of organisationa issues, • Some interesting initiatives like OLAF but again quality of materials and tools are questionable 14
People using its results • Again lack of understanding and different mindsets • An classical communication problem among experts • Some definitions are outdated • What is forensically acceptable ? • What is forensically correct today? • When we are talking about computer as network of subsystems • Write-blocking on disk which is a computer itself or SD disk • Live forensics • Mobile devices • How to cooperate, how to trust, how to precisely define tasks and results? • Things get complicated because of mindset issues • Computer is a bit untrusted • Computer can’t do work alone • Labs and communication chains are not set by common computing sense 15
Subfields • Subfields – what are subfields? • Can we even list subfields of digital forensics/cyberforensics ? • Some subfields are not even clear what they are • “mobile forensics” is perfect example • starting with “what is mobile device ?” • How a subfield can be defined? • Skills and practices than …? • Who defines new rules (theory sets one thing)? • From engineers of law enforcement? • Remember - it’s application of science in legally acceptable way 16
Future? • Grim of glorious ? • Here in Balkans its a grim .... • World? • All around the world a lot of glorious opportunities? • But IT security which forensics is part of, is in very bad shape • Just read reports and do some analyses • In IT security we don't have technical problems but organizational and management problems • Something's sounds almost religious • … Oh lord give us a security Messiah who’ll expel evil from our corporate / governmental networks and IT systems ... • What about elementary hygiene and practices? • Its attitude that should be changed! 17
Conclusion and Questions? • Since IT penetration is unstoppable it should be safe and controlled • Lets think about all this • How we can help to fix this issues? • How this kindergarten type of problems will influence future? 18

Recommended

Draft current state of digital forensic and data science
Draft current state of digital forensic and data science Draft current state of digital forensic and data science
Draft current state of digital forensic and data science
Damir Delija
 
6528 opensource intelligence as the new introduction in the graduate cybersec...
6528 opensource intelligence as the new introduction in the graduate cybersec...6528 opensource intelligence as the new introduction in the graduate cybersec...
6528 opensource intelligence as the new introduction in the graduate cybersec...
Damir Delija
 
Forensic Lab Development
Forensic Lab DevelopmentForensic Lab Development
Forensic Lab Development
amiable_indian
 
Digital forensics research: The next 10 years
Digital forensics research: The next 10 yearsDigital forensics research: The next 10 years
Digital forensics research: The next 10 years
Mehedi Hasan
 
Cyber forensic standard operating procedures
Cyber forensic standard operating proceduresCyber forensic standard operating procedures
Cyber forensic standard operating proceduresSoumen Debgupta
 
DF Process Models
DF Process ModelsDF Process Models
DF Process ModelsCostas Katsavounidis
 
Digital Forensic Case Study
Digital Forensic Case StudyDigital Forensic Case Study
Digital Forensic Case Study
MyAssignmenthelp.com
 
Digital Forensic
Digital ForensicDigital Forensic
Digital Forensic
Cleverence Kombe
 

Recommended

Draft current state of digital forensic and data science
Draft current state of digital forensic and data science Draft current state of digital forensic and data science
Draft current state of digital forensic and data science
Damir Delija
 
6528 opensource intelligence as the new introduction in the graduate cybersec...
6528 opensource intelligence as the new introduction in the graduate cybersec...6528 opensource intelligence as the new introduction in the graduate cybersec...
6528 opensource intelligence as the new introduction in the graduate cybersec...
Damir Delija
 
Forensic Lab Development
Forensic Lab DevelopmentForensic Lab Development
Forensic Lab Development
amiable_indian
 
Digital forensics research: The next 10 years
Digital forensics research: The next 10 yearsDigital forensics research: The next 10 years
Digital forensics research: The next 10 years
Mehedi Hasan
 
Cyber forensic standard operating procedures
Cyber forensic standard operating proceduresCyber forensic standard operating procedures
Cyber forensic standard operating proceduresSoumen Debgupta
 
DF Process Models
DF Process ModelsDF Process Models
DF Process ModelsCostas Katsavounidis
 
Digital Forensic Case Study
Digital Forensic Case StudyDigital Forensic Case Study
Digital Forensic Case Study
MyAssignmenthelp.com
 
Digital Forensic
Digital ForensicDigital Forensic
Digital Forensic
Cleverence Kombe
 
Digital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research ChallengeDigital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research Challenge
Aung Thu Rha Hein
 
Computer Forensic
Computer ForensicComputer Forensic
Computer ForensicTawhidur Rahman
 
Digital forensic tools
Digital forensic toolsDigital forensic tools
Digital forensic tools
Parsons Corporation
 
The Future of Digital Forensics
The Future of Digital ForensicsThe Future of Digital Forensics
The Future of Digital Forensics
00heights
 
Digital Forensics by William C. Barker (NIST)
Digital Forensics by William C. Barker (NIST)Digital Forensics by William C. Barker (NIST)
Digital Forensics by William C. Barker (NIST)AltheimPrivacy
 
Computer forensic 101 - OWASP Khartoum
Computer forensic 101 - OWASP KhartoumComputer forensic 101 - OWASP Khartoum
Computer forensic 101 - OWASP Khartoum
OWASP Khartoum
 
Digital forensics ahmed emam
Digital forensics ahmed emamDigital forensics ahmed emam
Digital forensics ahmed emam
ahmad abdelhafeez
 
Survey & Review of Digital Forensic
Survey & Review of Digital ForensicSurvey & Review of Digital Forensic
Survey & Review of Digital Forensic
Aung Thu Rha Hein
 
Digital forensic principles and procedure
Digital forensic principles and procedureDigital forensic principles and procedure
Digital forensic principles and procedure
newbie2019
 
Fundamental digital forensik
Fundamental digital forensikFundamental digital forensik
Fundamental digital forensik
newbie2019
 
Brief introduction to digital forensics
Brief introduction to digital forensicsBrief introduction to digital forensics
Brief introduction to digital forensics
Marco Alamanni
 
Introduction to computer forensic
Introduction to computer forensicIntroduction to computer forensic
Introduction to computer forensic
Online
 
Computer Forensic Softwares
Computer Forensic SoftwaresComputer Forensic Softwares
Computer Forensic Softwares
Dhruv Seth
 
Role of a Forensic Investigator
Role of a Forensic InvestigatorRole of a Forensic Investigator
Role of a Forensic Investigator
Agape Inc
 
Computer forensics
Computer forensicsComputer forensics
Computer forensics
Lalit Garg
 
Sued or Suing: Introduction to Digital Forensics
Sued or Suing: Introduction to Digital ForensicsSued or Suing: Introduction to Digital Forensics
Sued or Suing: Introduction to Digital Forensics
Anyck Turgeon, CFE/GRCP/CEFI/CCIP/C|CISO/CBA
 
Digital forensics
Digital forensicsDigital forensics
Digital forensicsVidoushi B-Somrah
 
[❤PDF❤] The Basics of Digital Forensics The Primer for Getting Started in Dig...
[❤PDF❤] The Basics of Digital Forensics The Primer for Getting Started in Dig...[❤PDF❤] The Basics of Digital Forensics The Primer for Getting Started in Dig...
[❤PDF❤] The Basics of Digital Forensics The Primer for Getting Started in Dig...
AngelinaJacobs2
 
Computer +forensics
Computer +forensicsComputer +forensics
Computer +forensicsRahul Baghla
 
Digital forensics
Digital forensicsDigital forensics
Digital forensics
Vidoushi B-Somrah
 
Towards Research-driven curricula for Law and Computer Science - Wyner and Pa...
Towards Research-driven curricula for Law and Computer Science - Wyner and Pa...Towards Research-driven curricula for Law and Computer Science - Wyner and Pa...
Towards Research-driven curricula for Law and Computer Science - Wyner and Pa...
Adam Wyner
 
POWRR Tools: Lessons learned from an IMLS National Leadership Grant
POWRR Tools: Lessons learned from an IMLS National Leadership GrantPOWRR Tools: Lessons learned from an IMLS National Leadership Grant
POWRR Tools: Lessons learned from an IMLS National Leadership Grant
Lynne Thomas
 

More Related Content

What's hot

Digital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research ChallengeDigital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research Challenge
Aung Thu Rha Hein
 
Digital forensic tools
Digital forensic toolsDigital forensic tools
Digital forensic tools
Parsons Corporation
 
The Future of Digital Forensics
The Future of Digital ForensicsThe Future of Digital Forensics
The Future of Digital Forensics
00heights
 
Digital Forensics by William C. Barker (NIST)
Digital Forensics by William C. Barker (NIST)Digital Forensics by William C. Barker (NIST)
Digital Forensics by William C. Barker (NIST)AltheimPrivacy
 
Computer forensic 101 - OWASP Khartoum
Computer forensic 101 - OWASP KhartoumComputer forensic 101 - OWASP Khartoum
Computer forensic 101 - OWASP Khartoum
OWASP Khartoum
 
Digital forensics ahmed emam
Digital forensics ahmed emamDigital forensics ahmed emam
Digital forensics ahmed emam
ahmad abdelhafeez
 
Survey & Review of Digital Forensic
Survey & Review of Digital ForensicSurvey & Review of Digital Forensic
Survey & Review of Digital Forensic
Aung Thu Rha Hein
 
Digital forensic principles and procedure
Digital forensic principles and procedureDigital forensic principles and procedure
Digital forensic principles and procedure
newbie2019
 
Fundamental digital forensik
Fundamental digital forensikFundamental digital forensik
Fundamental digital forensik
newbie2019
 
Brief introduction to digital forensics
Brief introduction to digital forensicsBrief introduction to digital forensics
Brief introduction to digital forensics
Marco Alamanni
 
Introduction to computer forensic
Introduction to computer forensicIntroduction to computer forensic
Introduction to computer forensic
Online
 
Computer Forensic Softwares
Computer Forensic SoftwaresComputer Forensic Softwares
Computer Forensic Softwares
Dhruv Seth
 
Role of a Forensic Investigator
Role of a Forensic InvestigatorRole of a Forensic Investigator
Role of a Forensic Investigator
Agape Inc
 
Computer forensics
Computer forensicsComputer forensics
Computer forensics
Lalit Garg
 
Sued or Suing: Introduction to Digital Forensics
Sued or Suing: Introduction to Digital ForensicsSued or Suing: Introduction to Digital Forensics
Sued or Suing: Introduction to Digital Forensics
Anyck Turgeon, CFE/GRCP/CEFI/CCIP/C|CISO/CBA
 
[❤PDF❤] The Basics of Digital Forensics The Primer for Getting Started in Dig...
[❤PDF❤] The Basics of Digital Forensics The Primer for Getting Started in Dig...[❤PDF❤] The Basics of Digital Forensics The Primer for Getting Started in Dig...
[❤PDF❤] The Basics of Digital Forensics The Primer for Getting Started in Dig...
AngelinaJacobs2
 
Computer +forensics
Computer +forensicsComputer +forensics
Computer +forensicsRahul Baghla
 
Digital forensics
Digital forensicsDigital forensics
Digital forensics
Vidoushi B-Somrah
 

What's hot (20)

Digital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research ChallengeDigital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research Challenge
 
Computer Forensic
Computer ForensicComputer Forensic
Computer Forensic
 
Digital forensic tools
Digital forensic toolsDigital forensic tools
Digital forensic tools
 
The Future of Digital Forensics
The Future of Digital ForensicsThe Future of Digital Forensics
The Future of Digital Forensics
 
Digital Forensics by William C. Barker (NIST)
Digital Forensics by William C. Barker (NIST)Digital Forensics by William C. Barker (NIST)
Digital Forensics by William C. Barker (NIST)
 
Computer forensic 101 - OWASP Khartoum
Computer forensic 101 - OWASP KhartoumComputer forensic 101 - OWASP Khartoum
Computer forensic 101 - OWASP Khartoum
 
Digital forensics ahmed emam
Digital forensics ahmed emamDigital forensics ahmed emam
Digital forensics ahmed emam
 
Survey & Review of Digital Forensic
Survey & Review of Digital ForensicSurvey & Review of Digital Forensic
Survey & Review of Digital Forensic
 
Digital forensic principles and procedure
Digital forensic principles and procedureDigital forensic principles and procedure
Digital forensic principles and procedure
 
Fundamental digital forensik
Fundamental digital forensikFundamental digital forensik
Fundamental digital forensik
 
Brief introduction to digital forensics
Brief introduction to digital forensicsBrief introduction to digital forensics
Brief introduction to digital forensics
 
Introduction to computer forensic
Introduction to computer forensicIntroduction to computer forensic
Introduction to computer forensic
 
Computer Forensic Softwares
Computer Forensic SoftwaresComputer Forensic Softwares
Computer Forensic Softwares
 
Role of a Forensic Investigator
Role of a Forensic InvestigatorRole of a Forensic Investigator
Role of a Forensic Investigator
 
Computer forensics
Computer forensicsComputer forensics
Computer forensics
 
Sued or Suing: Introduction to Digital Forensics
Sued or Suing: Introduction to Digital ForensicsSued or Suing: Introduction to Digital Forensics
Sued or Suing: Introduction to Digital Forensics
 
Digital forensics
Digital forensicsDigital forensics
Digital forensics
 
[❤PDF❤] The Basics of Digital Forensics The Primer for Getting Started in Dig...
[❤PDF❤] The Basics of Digital Forensics The Primer for Getting Started in Dig...[❤PDF❤] The Basics of Digital Forensics The Primer for Getting Started in Dig...
[❤PDF❤] The Basics of Digital Forensics The Primer for Getting Started in Dig...
 
Computer +forensics
Computer +forensicsComputer +forensics
Computer +forensics
 
Digital forensics
Digital forensicsDigital forensics
Digital forensics
 

Similar to Why i hate digital forensics - draft

Towards Research-driven curricula for Law and Computer Science - Wyner and Pa...
Towards Research-driven curricula for Law and Computer Science - Wyner and Pa...Towards Research-driven curricula for Law and Computer Science - Wyner and Pa...
Towards Research-driven curricula for Law and Computer Science - Wyner and Pa...
Adam Wyner
 
POWRR Tools: Lessons learned from an IMLS National Leadership Grant
POWRR Tools: Lessons learned from an IMLS National Leadership GrantPOWRR Tools: Lessons learned from an IMLS National Leadership Grant
POWRR Tools: Lessons learned from an IMLS National Leadership Grant
Lynne Thomas
 
So, you wanna be a pen tester ctsc2017
So, you wanna be a pen tester ctsc2017So, you wanna be a pen tester ctsc2017
So, you wanna be a pen tester ctsc2017
Adrien de Beaupre
 
Remote forensics fsec2016 delija draft
Remote forensics fsec2016 delija draftRemote forensics fsec2016 delija draft
Remote forensics fsec2016 delija draft
Damir Delija
 
20120911 delija kukina - education of digital forensics experts
20120911 delija kukina - education of digital forensics experts20120911 delija kukina - education of digital forensics experts
20120911 delija kukina - education of digital forensics expertsDamir Delija
 
DIGITAL FORENSICS_PRESENTATION
DIGITAL FORENSICS_PRESENTATIONDIGITAL FORENSICS_PRESENTATION
DIGITAL FORENSICS_PRESENTATIONAmina Baha
 
SHAREmodule1
SHAREmodule1SHAREmodule1
SHAREmodule1
Lynne Thomas
 
Systemising advice
Systemising adviceSystemising advice
Systemising advice
David Harvey
 
Bit by Bit: Effective Use of People, Processes and Computer Technology in the...
Bit by Bit: Effective Use of People, Processes and Computer Technology in the...Bit by Bit: Effective Use of People, Processes and Computer Technology in the...
Bit by Bit: Effective Use of People, Processes and Computer Technology in the...
Jack Pringle
 
2017 aals clinical_final
2017 aals clinical_final2017 aals clinical_final
2017 aals clinical_final
John Mayer
 
10 commandments in rdm funder compliancy
10 commandments in rdm funder compliancy10 commandments in rdm funder compliancy
10 commandments in rdm funder compliancy
Hannelore Vanhaverbeke
 
Helping Developers with Privacy
Helping Developers with PrivacyHelping Developers with Privacy
Helping Developers with Privacy
Jason Hong
 
Legal education of the future is information and technology
Legal education of the future is information and technologyLegal education of the future is information and technology
Legal education of the future is information and technology
Omar Ha-Redeye
 
DataScience_introduction.pdf
DataScience_introduction.pdfDataScience_introduction.pdf
DataScience_introduction.pdf
SouravBiswas747273
 
Human computer interaction -Design and software process
Human computer interaction -Design and software processHuman computer interaction -Design and software process
Human computer interaction -Design and software process
N.Jagadish Kumar
 
Starting From Scratch - the ELN Reality
Starting From Scratch - the ELN RealityStarting From Scratch - the ELN Reality
Starting From Scratch - the ELN Reality
John Trigg
 
Privacy, Encryption, and Anonymity in the Civil Legal Aid Context
Privacy, Encryption, and Anonymity in the Civil Legal Aid ContextPrivacy, Encryption, and Anonymity in the Civil Legal Aid Context
Privacy, Encryption, and Anonymity in the Civil Legal Aid Context
Legal Services National Technology Assistance Project (LSNTAP)
 
How obedient digital twins and intelligent beings contribute to ethics and ex...
How obedient digital twins and intelligent beings contribute to ethics and ex...How obedient digital twins and intelligent beings contribute to ethics and ex...
How obedient digital twins and intelligent beings contribute to ethics and ex...
Patrick Van Renterghem
 

Similar to Why i hate digital forensics - draft (20)

Towards Research-driven curricula for Law and Computer Science - Wyner and Pa...
Towards Research-driven curricula for Law and Computer Science - Wyner and Pa...Towards Research-driven curricula for Law and Computer Science - Wyner and Pa...
Towards Research-driven curricula for Law and Computer Science - Wyner and Pa...
 
POWRR Tools: Lessons learned from an IMLS National Leadership Grant
POWRR Tools: Lessons learned from an IMLS National Leadership GrantPOWRR Tools: Lessons learned from an IMLS National Leadership Grant
POWRR Tools: Lessons learned from an IMLS National Leadership Grant
 
So, you wanna be a pen tester ctsc2017
So, you wanna be a pen tester ctsc2017So, you wanna be a pen tester ctsc2017
So, you wanna be a pen tester ctsc2017
 
Remote forensics fsec2016 delija draft
Remote forensics fsec2016 delija draftRemote forensics fsec2016 delija draft
Remote forensics fsec2016 delija draft
 
20120911 delija kukina - education of digital forensics experts
20120911 delija kukina - education of digital forensics experts20120911 delija kukina - education of digital forensics experts
20120911 delija kukina - education of digital forensics experts
 
DIGITAL FORENSICS_PRESENTATION
DIGITAL FORENSICS_PRESENTATIONDIGITAL FORENSICS_PRESENTATION
DIGITAL FORENSICS_PRESENTATION
 
SHAREmodule1
SHAREmodule1SHAREmodule1
SHAREmodule1
 
Systemising advice
Systemising adviceSystemising advice
Systemising advice
 
Bit by Bit: Effective Use of People, Processes and Computer Technology in the...
Bit by Bit: Effective Use of People, Processes and Computer Technology in the...Bit by Bit: Effective Use of People, Processes and Computer Technology in the...
Bit by Bit: Effective Use of People, Processes and Computer Technology in the...
 
2017 aals clinical_final
2017 aals clinical_final2017 aals clinical_final
2017 aals clinical_final
 
10 commandments in rdm funder compliancy
10 commandments in rdm funder compliancy10 commandments in rdm funder compliancy
10 commandments in rdm funder compliancy
 
Exo cortex
Exo cortexExo cortex
Exo cortex
 
Helping Developers with Privacy
Helping Developers with PrivacyHelping Developers with Privacy
Helping Developers with Privacy
 
Legal education of the future is information and technology
Legal education of the future is information and technologyLegal education of the future is information and technology
Legal education of the future is information and technology
 
DataScience_introduction.pdf
DataScience_introduction.pdfDataScience_introduction.pdf
DataScience_introduction.pdf
 
Human computer interaction -Design and software process
Human computer interaction -Design and software processHuman computer interaction -Design and software process
Human computer interaction -Design and software process
 
Starting From Scratch - the ELN Reality
Starting From Scratch - the ELN RealityStarting From Scratch - the ELN Reality
Starting From Scratch - the ELN Reality
 
Privacy, Encryption, and Anonymity in the Civil Legal Aid Context
Privacy, Encryption, and Anonymity in the Civil Legal Aid ContextPrivacy, Encryption, and Anonymity in the Civil Legal Aid Context
Privacy, Encryption, and Anonymity in the Civil Legal Aid Context
 
How obedient digital twins and intelligent beings contribute to ethics and ex...
How obedient digital twins and intelligent beings contribute to ethics and ex...How obedient digital twins and intelligent beings contribute to ethics and ex...
How obedient digital twins and intelligent beings contribute to ethics and ex...
 
Codebits 2010
Codebits 2010Codebits 2010
Codebits 2010
 

More from Damir Delija

6414 preparation and planning of the development of a proficiency test in the...
6414 preparation and planning of the development of a proficiency test in the...6414 preparation and planning of the development of a proficiency test in the...
6414 preparation and planning of the development of a proficiency test in the...
Damir Delija
 
Uvođenje novih sadržaja u nastavu digitalne forenzike i kibernetičke sigurnos...
Uvođenje novih sadržaja u nastavu digitalne forenzike i kibernetičke sigurnos...Uvođenje novih sadržaja u nastavu digitalne forenzike i kibernetičke sigurnos...
Uvođenje novih sadržaja u nastavu digitalne forenzike i kibernetičke sigurnos...
Damir Delija
 
Ecase direct servlet acess v1
Ecase direct servlet acess v1Ecase direct servlet acess v1
Ecase direct servlet acess v1
Damir Delija
 
Cis 2016 moč forenzičikih alata 1.1
Cis 2016 moč forenzičikih alata 1.1Cis 2016 moč forenzičikih alata 1.1
Cis 2016 moč forenzičikih alata 1.1
Damir Delija
 
Concepts and Methodology in Mobile Devices Digital Forensics Education and Tr...
Concepts and Methodology in Mobile Devices Digital Forensics Education and Tr...Concepts and Methodology in Mobile Devices Digital Forensics Education and Tr...
Concepts and Methodology in Mobile Devices Digital Forensics Education and Tr...
Damir Delija
 
Deep Web and Digital Investigations
Deep Web and Digital Investigations Deep Web and Digital Investigations
Deep Web and Digital Investigations
Damir Delija
 
Datafoucs 2014 on line digital forensic investigations damir delija 2
Datafoucs 2014 on line digital forensic investigations damir delija 2Datafoucs 2014 on line digital forensic investigations damir delija 2
Datafoucs 2014 on line digital forensic investigations damir delija 2
Damir Delija
 
EnCase Enterprise Basic File Collection
EnCase Enterprise Basic File Collection EnCase Enterprise Basic File Collection
EnCase Enterprise Basic File Collection
Damir Delija
 
Olaf extension td3 inisg2 2
Olaf extension td3 inisg2 2Olaf extension td3 inisg2 2
Olaf extension td3 inisg2 2Damir Delija
 
LTEC 2013 - EnCase v7.08.01 presentation
LTEC 2013 - EnCase v7.08.01 presentation LTEC 2013 - EnCase v7.08.01 presentation
LTEC 2013 - EnCase v7.08.01 presentation
Damir Delija
 
Moguće tehnike pristupa forenzckim podacima 09.2013
Moguće tehnike pristupa forenzckim podacima 09.2013 Moguće tehnike pristupa forenzckim podacima 09.2013
Moguće tehnike pristupa forenzckim podacima 09.2013 Damir Delija
 
Usage aspects techniques for enterprise forensics data analytics tools
Usage aspects techniques for enterprise forensics data analytics toolsUsage aspects techniques for enterprise forensics data analytics tools
Usage aspects techniques for enterprise forensics data analytics tools
Damir Delija
 
Cis 2013 digitalna forenzika osvrt
Cis 2013 digitalna forenzika osvrt Cis 2013 digitalna forenzika osvrt
Cis 2013 digitalna forenzika osvrt Damir Delija
 
Ibm aix wlm idea
Ibm aix wlm ideaIbm aix wlm idea
Ibm aix wlm idea
Damir Delija
 
Aix workload manager
Aix workload managerAix workload manager
Aix workload manager
Damir Delija
 
2013 obrada digitalnih dokaza
2013 obrada digitalnih dokaza 2013 obrada digitalnih dokaza
2013 obrada digitalnih dokaza
Damir Delija
 
Tip zlocina digitalni dokazi
Tip zlocina digitalni dokaziTip zlocina digitalni dokazi
Tip zlocina digitalni dokaziDamir Delija
 
Sigurnost i upravljanje distribuiranim sustavima
Sigurnost i upravljanje distribuiranim sustavimaSigurnost i upravljanje distribuiranim sustavima
Sigurnost i upravljanje distribuiranim sustavimaDamir Delija
 
Improving data confidentiality in personal computer environment using on line...
Improving data confidentiality in personal computer environment using on line...Improving data confidentiality in personal computer environment using on line...
Improving data confidentiality in personal computer environment using on line...Damir Delija
 

More from Damir Delija (20)

6414 preparation and planning of the development of a proficiency test in the...
6414 preparation and planning of the development of a proficiency test in the...6414 preparation and planning of the development of a proficiency test in the...
6414 preparation and planning of the development of a proficiency test in the...
 
Uvođenje novih sadržaja u nastavu digitalne forenzike i kibernetičke sigurnos...
Uvođenje novih sadržaja u nastavu digitalne forenzike i kibernetičke sigurnos...Uvođenje novih sadržaja u nastavu digitalne forenzike i kibernetičke sigurnos...
Uvođenje novih sadržaja u nastavu digitalne forenzike i kibernetičke sigurnos...
 
Ecase direct servlet acess v1
Ecase direct servlet acess v1Ecase direct servlet acess v1
Ecase direct servlet acess v1
 
Cis 2016 moč forenzičikih alata 1.1
Cis 2016 moč forenzičikih alata 1.1Cis 2016 moč forenzičikih alata 1.1
Cis 2016 moč forenzičikih alata 1.1
 
Concepts and Methodology in Mobile Devices Digital Forensics Education and Tr...
Concepts and Methodology in Mobile Devices Digital Forensics Education and Tr...Concepts and Methodology in Mobile Devices Digital Forensics Education and Tr...
Concepts and Methodology in Mobile Devices Digital Forensics Education and Tr...
 
Deep Web and Digital Investigations
Deep Web and Digital Investigations Deep Web and Digital Investigations
Deep Web and Digital Investigations
 
Datafoucs 2014 on line digital forensic investigations damir delija 2
Datafoucs 2014 on line digital forensic investigations damir delija 2Datafoucs 2014 on line digital forensic investigations damir delija 2
Datafoucs 2014 on line digital forensic investigations damir delija 2
 
EnCase Enterprise Basic File Collection
EnCase Enterprise Basic File Collection EnCase Enterprise Basic File Collection
EnCase Enterprise Basic File Collection
 
Ocr and EnCase
Ocr and EnCaseOcr and EnCase
Ocr and EnCase
 
Olaf extension td3 inisg2 2
Olaf extension td3 inisg2 2Olaf extension td3 inisg2 2
Olaf extension td3 inisg2 2
 
LTEC 2013 - EnCase v7.08.01 presentation
LTEC 2013 - EnCase v7.08.01 presentation LTEC 2013 - EnCase v7.08.01 presentation
LTEC 2013 - EnCase v7.08.01 presentation
 
Moguće tehnike pristupa forenzckim podacima 09.2013
Moguće tehnike pristupa forenzckim podacima 09.2013 Moguće tehnike pristupa forenzckim podacima 09.2013
Moguće tehnike pristupa forenzckim podacima 09.2013
 
Usage aspects techniques for enterprise forensics data analytics tools
Usage aspects techniques for enterprise forensics data analytics toolsUsage aspects techniques for enterprise forensics data analytics tools
Usage aspects techniques for enterprise forensics data analytics tools
 
Cis 2013 digitalna forenzika osvrt
Cis 2013 digitalna forenzika osvrt Cis 2013 digitalna forenzika osvrt
Cis 2013 digitalna forenzika osvrt
 
Ibm aix wlm idea
Ibm aix wlm ideaIbm aix wlm idea
Ibm aix wlm idea
 
Aix workload manager
Aix workload managerAix workload manager
Aix workload manager
 
2013 obrada digitalnih dokaza
2013 obrada digitalnih dokaza 2013 obrada digitalnih dokaza
2013 obrada digitalnih dokaza
 
Tip zlocina digitalni dokazi
Tip zlocina digitalni dokaziTip zlocina digitalni dokazi
Tip zlocina digitalni dokazi
 
Sigurnost i upravljanje distribuiranim sustavima
Sigurnost i upravljanje distribuiranim sustavimaSigurnost i upravljanje distribuiranim sustavima
Sigurnost i upravljanje distribuiranim sustavima
 
Improving data confidentiality in personal computer environment using on line...
Improving data confidentiality in personal computer environment using on line...Improving data confidentiality in personal computer environment using on line...
Improving data confidentiality in personal computer environment using on line...
 

Recently uploaded

Language Across the Curriculm LAC B.Ed.
Language Across the Curriculm LAC B.Ed.Language Across the Curriculm LAC B.Ed.
Language Across the Curriculm LAC B.Ed.
Atul Kumar Singh
 
special B.ed 2nd year old paper_20240531.pdf
special B.ed 2nd year old paper_20240531.pdfspecial B.ed 2nd year old paper_20240531.pdf
special B.ed 2nd year old paper_20240531.pdf
Special education needs
 
Home assignment II on Spectroscopy 2024 Answers.pdf
Home assignment II on Spectroscopy 2024 Answers.pdfHome assignment II on Spectroscopy 2024 Answers.pdf
Home assignment II on Spectroscopy 2024 Answers.pdf
Tamralipta Mahavidyalaya
 
A Strategic Approach: GenAI in Education
A Strategic Approach: GenAI in EducationA Strategic Approach: GenAI in Education
A Strategic Approach: GenAI in Education
Peter Windle
 
Chapter 3 - Islamic Banking Products and Services.pptx
Chapter 3 - Islamic Banking Products and Services.pptxChapter 3 - Islamic Banking Products and Services.pptx
Chapter 3 - Islamic Banking Products and Services.pptx
Mohd Adib Abd Muin, Senior Lecturer at Universiti Utara Malaysia
 
Honest Reviews of Tim Han LMA Course Program.pptx
Honest Reviews of Tim Han LMA Course Program.pptxHonest Reviews of Tim Han LMA Course Program.pptx
Honest Reviews of Tim Han LMA Course Program.pptx
timhan337
 
Biological Screening of Herbal Drugs in detailed.
Biological Screening of Herbal Drugs in detailed.Biological Screening of Herbal Drugs in detailed.
Biological Screening of Herbal Drugs in detailed.
Ashokrao Mane college of Pharmacy Peth-Vadgaon
 
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
MysoreMuleSoftMeetup
 
BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...
BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...
BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...
Nguyen Thanh Tu Collection
 
Guidance_and_Counselling.pdf B.Ed. 4th Semester
Guidance_and_Counselling.pdf B.Ed. 4th SemesterGuidance_and_Counselling.pdf B.Ed. 4th Semester
Guidance_and_Counselling.pdf B.Ed. 4th Semester
Atul Kumar Singh
 
Phrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXX
Phrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXXPhrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXX
Phrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXX
MIRIAMSALINAS13
 
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
siemaillard
 
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
Levi Shapiro
 
The French Revolution Class 9 Study Material pdf free download
The French Revolution Class 9 Study Material pdf free downloadThe French Revolution Class 9 Study Material pdf free download
The French Revolution Class 9 Study Material pdf free download
Vivekanand Anglo Vedic Academy
 
1.4 modern child centered education - mahatma gandhi-2.pptx
1.4 modern child centered education - mahatma gandhi-2.pptx1.4 modern child centered education - mahatma gandhi-2.pptx
1.4 modern child centered education - mahatma gandhi-2.pptx
JosvitaDsouza2
 
Polish students' mobility in the Czech Republic
Polish students' mobility in the Czech RepublicPolish students' mobility in the Czech Republic
Polish students' mobility in the Czech Republic
Anna Sz.
 
Operation Blue Star - Saka Neela Tara
Operation Blue Star - Saka Neela TaraOperation Blue Star - Saka Neela Tara
Operation Blue Star - Saka Neela Tara
Balvir Singh
 
Thesis Statement for students diagnonsed withADHD.ppt
Thesis Statement for students diagnonsed withADHD.pptThesis Statement for students diagnonsed withADHD.ppt
Thesis Statement for students diagnonsed withADHD.ppt
EverAndrsGuerraGuerr
 
Palestine last event orientationfvgnh .pptx
Palestine last event orientationfvgnh .pptxPalestine last event orientationfvgnh .pptx
Palestine last event orientationfvgnh .pptx
RaedMohamed3
 
Embracing GenAI - A Strategic Imperative
Embracing GenAI - A Strategic ImperativeEmbracing GenAI - A Strategic Imperative
Embracing GenAI - A Strategic Imperative
Peter Windle
 

Recently uploaded (20)

Language Across the Curriculm LAC B.Ed.
Language Across the Curriculm LAC B.Ed.Language Across the Curriculm LAC B.Ed.
Language Across the Curriculm LAC B.Ed.
 
special B.ed 2nd year old paper_20240531.pdf
special B.ed 2nd year old paper_20240531.pdfspecial B.ed 2nd year old paper_20240531.pdf
special B.ed 2nd year old paper_20240531.pdf
 
Home assignment II on Spectroscopy 2024 Answers.pdf
Home assignment II on Spectroscopy 2024 Answers.pdfHome assignment II on Spectroscopy 2024 Answers.pdf
Home assignment II on Spectroscopy 2024 Answers.pdf
 
A Strategic Approach: GenAI in Education
A Strategic Approach: GenAI in EducationA Strategic Approach: GenAI in Education
A Strategic Approach: GenAI in Education
 
Chapter 3 - Islamic Banking Products and Services.pptx
Chapter 3 - Islamic Banking Products and Services.pptxChapter 3 - Islamic Banking Products and Services.pptx
Chapter 3 - Islamic Banking Products and Services.pptx
 
Honest Reviews of Tim Han LMA Course Program.pptx
Honest Reviews of Tim Han LMA Course Program.pptxHonest Reviews of Tim Han LMA Course Program.pptx
Honest Reviews of Tim Han LMA Course Program.pptx
 
Biological Screening of Herbal Drugs in detailed.
Biological Screening of Herbal Drugs in detailed.Biological Screening of Herbal Drugs in detailed.
Biological Screening of Herbal Drugs in detailed.
 
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
 
BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...
BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...
BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...
 
Guidance_and_Counselling.pdf B.Ed. 4th Semester
Guidance_and_Counselling.pdf B.Ed. 4th SemesterGuidance_and_Counselling.pdf B.Ed. 4th Semester
Guidance_and_Counselling.pdf B.Ed. 4th Semester
 
Phrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXX
Phrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXXPhrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXX
Phrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXX
 
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
 
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
 
The French Revolution Class 9 Study Material pdf free download
The French Revolution Class 9 Study Material pdf free downloadThe French Revolution Class 9 Study Material pdf free download
The French Revolution Class 9 Study Material pdf free download
 
1.4 modern child centered education - mahatma gandhi-2.pptx
1.4 modern child centered education - mahatma gandhi-2.pptx1.4 modern child centered education - mahatma gandhi-2.pptx
1.4 modern child centered education - mahatma gandhi-2.pptx
 
Polish students' mobility in the Czech Republic
Polish students' mobility in the Czech RepublicPolish students' mobility in the Czech Republic
Polish students' mobility in the Czech Republic
 
Operation Blue Star - Saka Neela Tara
Operation Blue Star - Saka Neela TaraOperation Blue Star - Saka Neela Tara
Operation Blue Star - Saka Neela Tara
 
Thesis Statement for students diagnonsed withADHD.ppt
Thesis Statement for students diagnonsed withADHD.pptThesis Statement for students diagnonsed withADHD.ppt
Thesis Statement for students diagnonsed withADHD.ppt
 
Palestine last event orientationfvgnh .pptx
Palestine last event orientationfvgnh .pptxPalestine last event orientationfvgnh .pptx
Palestine last event orientationfvgnh .pptx
 
Embracing GenAI - A Strategic Imperative
Embracing GenAI - A Strategic ImperativeEmbracing GenAI - A Strategic Imperative
Embracing GenAI - A Strategic Imperative
 

Why i hate digital forensics - draft

  • 1. Why I Hate Digital Forensics 2015
  • 2. A few reasons for the title • Proposal for lecture arrived just after I finally get my long overdue vacation … • Since 2008 I have experience with digital forensics a lot of things that annoy me and makes me think about … • Just finished one EnCase v7 training and one Linux and Mobile training too, that puts me in the mood, since I’m an old grumpy unix sysadmin • I’d like to put up some thoughts and maybe it will start some process about fixing it … Sources • all around from Internet • NIST • SANS • Porcupine web site 2
  • 3. Lets start - what to talk about It will be about digital forensics and: • naming - real name has power, remember Lord of the Rings • its tools and practices, • its community, • practitioners, • standards and definitions, • trainings, certificates, curriculums • people using its results, • subfields, • relations with other computing science fields • ideas of future would looks • my oppinion 3
  • 4. Forensics definitions • Forensics is “The application of scientific knowledge to legal problems" (Merriam-Webster) • Includes forensic medicine, physics, chemistry, dentistry, fingerprints, DNA, firearm analysis, accounting, .... • Forensic sciences widely tied to Locard's Exchange Principle "Every contact leaves a trace" (Prof. Edmond Locard, c. 1910) • This is from my favorite source: • Is Mobile Device Forensics Really "Forensics"?, NIST Mobile Forensics Workshop, Gaithersburg, June 2014, Gary C. Kessler 4
  • 5. Naming – techie side The term itself, name, what is correct? • We have evolution since beginning, comes from debugging … • Forensic Computing: • V.Venema, D.Farmer late 1990’s: „Gathering and analyzing data in a manner as free from distortion or bias as possible to reconstruct data or what has happened in the past on a system.” this is also SANS definiton • Digital forensics and Computer forensics (Wikipedia /technical): • Computer forensics, sometimes known as computer forensic science is a branch of digital forensic science pertaining to evidence found in computers and digital storage media. The goal of computer forensics is to examine digital media in a forensically sound manner with the aim of identifying, preserving, recovering, analyzing and presenting facts and opinions about the digital information. • Cyber forensics • new buzzword or extension into cybernetics in a sense as N. Weiner define cybernetics or into something more like S. Lem ideas ? • just read “Tragedy of washing machines” or “Invincible” and think about Internet of things 5
  • 6. Naming – legal side • Comes from usage in legal process • combination of concept of digital evidence and forensic computing gives current legal definition • Digital evidence or electronic evidence is any probative information stored or transmitted in digital form that a party to a court case may use at trial. • Judd Robbins: Computer Forensics is simply the application of computer investigation and analysis techniques in the interest of determining potential legal (digital) evidence 6
  • 7. Definitions - topics to think about • Digital forensics is an engineering science, which is again part of a computer science • The profession of digital forensics requires continued education, training, and practice • Two communities: • computing science • law enforcement / legal • Some discrepancies and rough interfaces because of different definitions, meanings, terms • Important concepts like case, evidence etc. comes from law enforcement but lacks in technical implementations 7
  • 8. Standards and definitions • Standard exists? • In theoretical sense yes, but: • Are tools, data formats, procedures standardized? NO • Different legal system has wide implications • Compatibility is nonexistent - more in tools , just try to combine and compare results from commercial tools • What about digital forensic language which can describe tasks, procedures, results, data? • automatisation ? • results comparation as automated controls ? 8
  • 9. Current standards and definitions are they correctly understood? • In theoretical sense yes, but: • what about meaning of write-blocking procedures (holly grail almost) in modern systems • is it forensically acceptable or perfect? • remeber what computer is now and what was than • same for mobile, live acquisition, data analyses, etc. • What about legal boundaries? • Locard's “Exchange Principle“ works for Internet perfectly but data is not available • In that sense Internet is a big flat room but each spot has it custodian and different rules 9
  • 10. Relations with other computing science fields • Because of fast development always something new, undefined, unbaked • Prime example mobile forensics • Gary Kessler, Gary Kessler Associates, ”Is Mobile Device Forensics Actually "Forensics“”? • That is why I’m for “Forensic Computing” approach in general, but with size of data we have to deal with, its more like data mining • do we apply anything what was learned in data mining and data science to practical digital forensics? • since I mentioned “practice”, again more in tools 10
  • 11. Tools and practices • Tools – plenty • Usual story about open / commercial and corporate policy • Commercial • mostly based on evolution of a tool someone from law enforcement developed ages ago • by law enforcement – for law enforcement • Free • development from good computing theory but lacking development pace • mostly not for “law enforcement forensics” but for incident response and analyses • for engineer type of mind-set 11
  • 12. Commercial tools • Preferred in legal part / law enforcement (why?) • What about reliability – a lot of talk about in legal circles in EU • Stephen Mason: challenges of international investigations (search and seizure) and other trial considerations (methods of presentation, admissibility tests) • Mostly based on evolution of a tool someone from law enforcement developed ages ago for his usage • In commercial constant development but a lot of misfires • Last story about encase v7 is perfect horror example, many about others tools too .. • Not well funded theory (better to say not taken into account) • Not best computing practices also taken into account • Lack of standardization • Physical evidence files are standardizes but nothing after that • Lack of cross compatibility • Just try to combine mobile forensics tools • Just try to use logical evidence files • Very expensive and inflexible • All bad choices of MS philosophy of computing incorporated • No chance of automatization or piping tools • Scripting practically no existing • Practically no UNIX platform in mainstream forensics 12
  • 13. Free / open source tools and practices • Again plenty of tools • Usual story for open source • Special commercial – free versions • Some wonderful tools like FTKimager • Free / test versions • Venema, Farmer, Carrier developed good tools, but for mass usage community knowledge and skills are missing • Developed in sense as forensic science is extension of ordinary science • You have to be very good in medicine to become forensic pathologist – this is the same attitude for these tools and missing from ordinary curriculums • Most recent python development very promising • But I'll say in current state of mind we need “forensic python” which works forensically sound on all supported OS platforms 13
  • 14. Its community and practitioners • Trainings, certificates, curriculums • There is a lot but not well defined and profiled • Computing and other basics (often) missing • Some horrible side effects as “hexadecimal fetish” in training • My opinion is that knowledge and skillset is needed,one which ages ago described system programmer, with some modern add-ons • Often no careere path • Continuous learning is a problem too, because of organisationa issues, • Some interesting initiatives like OLAF but again quality of materials and tools are questionable 14
  • 15. People using its results • Again lack of understanding and different mindsets • An classical communication problem among experts • Some definitions are outdated • What is forensically acceptable ? • What is forensically correct today? • When we are talking about computer as network of subsystems • Write-blocking on disk which is a computer itself or SD disk • Live forensics • Mobile devices • How to cooperate, how to trust, how to precisely define tasks and results? • Things get complicated because of mindset issues • Computer is a bit untrusted • Computer can’t do work alone • Labs and communication chains are not set by common computing sense 15
  • 16. Subfields • Subfields – what are subfields? • Can we even list subfields of digital forensics/cyberforensics ? • Some subfields are not even clear what they are • “mobile forensics” is perfect example • starting with “what is mobile device ?” • How a subfield can be defined? • Skills and practices than …? • Who defines new rules (theory sets one thing)? • From engineers of law enforcement? • Remember - it’s application of science in legally acceptable way 16
  • 17. Future? • Grim of glorious ? • Here in Balkans its a grim .... • World? • All around the world a lot of glorious opportunities? • But IT security which forensics is part of, is in very bad shape • Just read reports and do some analyses • In IT security we don't have technical problems but organizational and management problems • Something's sounds almost religious • … Oh lord give us a security Messiah who’ll expel evil from our corporate / governmental networks and IT systems ... • What about elementary hygiene and practices? • Its attitude that should be changed! 17
  • 18. Conclusion and Questions? • Since IT penetration is unstoppable it should be safe and controlled • Lets think about all this • How we can help to fix this issues? • How this kindergarten type of problems will influence future? 18