SlideShare a Scribd company logo

The Future of Digital Forensics

0
00heights

RSA Asia Pacific 2013 Conference(Singapore, Jun 5-6) presentation

TechnologyBusiness
1 of 36
Download to read offline
Session ID: Session Classification: SungKyong Un ETRI CLE‐W04 Intermediate THE FUTURE OF DIGITAL FORENISCS
Forensics Source: mlhradio@flickr
Digital Forensics
► DFRWS (2001) defines ► The use of scientifically derived and proven methods toward the preservation, collection, validation, identification, analysis, interpretation, documentation and presentation of digital evidence derived from digital sources for the purpose of facilitating or furthering the reconstruction of events found to be criminal, or helping to anticipate unauthorized actions shown to be disruptive to planned operations. Digital Forensics
Digital Forensics Procedure Start Identify Storage Duplicate? Duplicate Imaging? Imaging Analysis Report End No No Yes Yes Write Protect Write Protect Source : TTAS.KO-12.0058 “Computer Forensics Guideline”
Imaging Hardware Duplicator source: http://www.solstice-inc.com HDD Imaing source : joncrel@flickr
Recovery
Keyword Search source : Konrad Andrews@flickr
Index Search
Registry
Web History
Email
Messenger
Anti-Forensics - Eraser Magnatic Eraser source: http://www.garner-product.com Automatic Eraser source: http://www.wiebetech.com
Anti-Forensics - Encryption Apple FileVault Encrypted File System (AES) Mac OS X v10.3 MS BitLocker Drive Encryption (AES) Windows Vista, 7 MS Office Encryption Option Various Algorithm
Anti-Forensics - Countermeasure GPU based parallel password search Source : ETRI FPGA based password search Source : www.tableau.com
The Present
SmartPhone Forensics
SmartPhone Forensics Item Dummy Smart Target Models >1,000/Year >10/Year OS Symbian, Qualcomm iOS, Android, Windows  Mobile, BlackberryOS Interface Various USB Acquisition Logical, Physical Logical, Physical, Backup Data Phone book, Call history,  SMS, Photo, Schedule + Email, Web History, Map,  Location, SNS, Message,  App, ID/PW DB Format Various Sqlite 3rd Party App ‐ App Market
Analysis - Briefing
Analysis -Timeline
Analysis –Web Browsing
Analysis – Location & Routing
Analysis – App Category App Phone Call Skype, Viber, Google Voice, ... Message Cacao Talk, iMessage, Twitter DM, Facebook Message, ... SNS Twitter, Facebook, me2day, ... Storage Dropbox, uCloud, SugarSync, Box.net, iCloud, ... Key DataVault, 1Password, Strip, ...
Analysis – Communication Network source: http://www.i2group.com
Analysis – Social Network
The Future
Problem or Inconvience Large Storage Search Space++ 1TB 14H? (20MB/s) New Device/Service New Tools Buy/Educate? Forensics= Tool Expert? New Environment Internet (Blog,Cafe, SNS) Smart PhoneCloud Computing (Seizure & Search Warrant?) Binary Search Index Search What if keyword is not known?
NewViewpoint Investigating the case, not the device Need information, not data Multiple device/services per user Need multi(source) data integration Continuous device/service creation/change Need a framework to host Multiple remote sites Need mobility & connectivity Volatile evidences Need acquisition method & third party attestation
The Future of Digital Forensics Data Centric Analysis Conduct Centric Analysis Forensic Tools Forensic Services
► Multi-source Evidence Acquisition ► Relationship Analysis ► Intuitive Analysis ► Automatic Analysis Based on the Profile Conduct Centric Analysis
► Parallel/Distributed Platform for Large Data Handling ► Adapting Fast Changing Device/Tools ► User Mobility & Connectivity Forensic Services
Forensic Cloud: Forensics as a Service Attestation Forensic File  Filter Forensic VFS Multi‐vision GUI Mobile GUI Web GUI PW/Anti‐Forensic Front‐End Layer Presentation Layer Data Processing Layer Platform Layer Single Platform (Win/Linux) Distributed Platform  (Cloud/Grid) Data CategorizationForensic Index File/Memory Analysis Multi‐source  Acquisition Online Forensic  Data Acquisition Real‐time Digital Forensic Service Visualization e‐Discovery Service Forensic Cloud Technology Framework Centralized Repository Analysis Automation e‐Discovery Review/Reporting
Forensic Cloud: Forensics as a Service 디지털 증거 실시간 공증 기술 Forensic File  Filter Forensic VFS Windows GUI Smart Phone GUI Web GUI 패스워드 해독/ 안티포렌식 기술 Front‐End Layer Client Layer Data Processing Layer Platform Layer Single Platform (Win/Linux) Distributed Platform  (Cloud/Grid) 데이터 식별/분류/연관성 분석 기술 포렌식 인덱스/고속 검색 기술 시스템 파일/물리 메모리 분석 기술 멀티 소스 데이터 획득/변환 기술 온라인 포렌식 데이터 수집 기술 Real‐time Digital Forensic Service 시각화 기술 e‐Discovery Service Forensic Cloud Technology Framework Centralized Repository 분석 자동화 기술 e‐Discovery기술 Review/Reporting  기술 Parallel/Distributed Computing  Core Function Acceleration  Visualization  Intuitive Analysis Mobile Support  User Mobility/Connectivity
Forensic Cloud: Forensics as a Service Data Categorization Relationship Analysis Visualization Forensic VFS Forensic Filter Analysis Automation eDiscovery Online Forensic Data Acquisition Attestation Multi-source Data Acquization /Conversion Keyword Search File/Memory Analysis Review/ Reporting Anti Forensic Indexed Search PW Recovery Forensic Cloud
Forensic Cloud: Forensics as a Service source: http://en.wikipedia.org/wiki/File:Sun_Modular_Datacenter_SunEBC.JPG

Recommended

A brief Intro to Digital Forensics
A brief Intro to Digital ForensicsA brief Intro to Digital Forensics
A brief Intro to Digital ForensicsManik Bhola
 
Computer forensics toolkit
Computer forensics toolkitComputer forensics toolkit
Computer forensics toolkitMilap Oza
 
Digital Forensic ppt
Digital Forensic pptDigital Forensic ppt
Digital Forensic pptSuchita Rawat
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital ForensicsMithileysh Sathiyanarayanan
 
Digital forensics
Digital forensics Digital forensics
Digital forensics vishnuv43
 
Analysis of digital evidence
Analysis of digital evidenceAnalysis of digital evidence
Analysis of digital evidencerakesh mishra
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital ForensicsVikas Jain
 
Computer Forensic
Computer ForensicComputer Forensic
Computer ForensicNovizul Evendi
 

Recommended

A brief Intro to Digital Forensics
A brief Intro to Digital ForensicsA brief Intro to Digital Forensics
A brief Intro to Digital ForensicsManik Bhola
 
Computer forensics toolkit
Computer forensics toolkitComputer forensics toolkit
Computer forensics toolkitMilap Oza
 
Digital Forensic ppt
Digital Forensic pptDigital Forensic ppt
Digital Forensic pptSuchita Rawat
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital ForensicsMithileysh Sathiyanarayanan
 
Digital forensics
Digital forensics Digital forensics
Digital forensics vishnuv43
 
Analysis of digital evidence
Analysis of digital evidenceAnalysis of digital evidence
Analysis of digital evidencerakesh mishra
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital ForensicsVikas Jain
 
Computer Forensic
Computer ForensicComputer Forensic
Computer ForensicNovizul Evendi
 
Mobile Forensics
Mobile ForensicsMobile Forensics
Mobile Forensicsprimeteacher32
 
Digital forensics
Digital forensicsDigital forensics
Digital forensicsRoberto Ellis
 
Network forensic
Network forensicNetwork forensic
Network forensicManjushree Mashal
 
Mobile forensic
Mobile forensicMobile forensic
Mobile forensicDINESH KAMBLE
 
Digital Forensics by William C. Barker (NIST)
Digital Forensics by William C. Barker (NIST)Digital Forensics by William C. Barker (NIST)
Digital Forensics by William C. Barker (NIST)AltheimPrivacy
 
Digital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research ChallengeDigital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research ChallengeAung Thu Rha Hein
 
Digital forensics
Digital forensicsDigital forensics
Digital forensicsVidoushi B-Somrah
 
Digital forensic principles and procedure
Digital forensic principles and procedureDigital forensic principles and procedure
Digital forensic principles and procedurenewbie2019
 
cyber security and forensic tools
cyber security and forensic toolscyber security and forensic tools
cyber security and forensic toolsSonu Sunaliya
 
Dark Web Forensics
Dark Web Forensics Dark Web Forensics
Dark Web Forensics Deepak Kumar (D3)
 
Digital Evidence by Raghu Khimani
Digital Evidence by Raghu KhimaniDigital Evidence by Raghu Khimani
Digital Evidence by Raghu KhimaniDr Raghu Khimani
 
Digital Evidence in Computer Forensic Investigations
Digital Evidence in Computer Forensic InvestigationsDigital Evidence in Computer Forensic Investigations
Digital Evidence in Computer Forensic InvestigationsFilip Maertens
 
Social Media Forensics
Social Media ForensicsSocial Media Forensics
Social Media ForensicsJohn J. Carney, Esq.
 
Mobile Forensics
Mobile Forensics Mobile Forensics
Mobile Forensics abdullah roomi
 
01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - Notes01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - NotesKranthi
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital ForensicsOldsun
 
Computer forensics powerpoint presentation
Computer forensics powerpoint presentationComputer forensics powerpoint presentation
Computer forensics powerpoint presentationSomya Johri
 
Preserving and recovering digital evidence
Preserving and recovering digital evidencePreserving and recovering digital evidence
Preserving and recovering digital evidenceOnline
 
Social Media Forensics for Investigators
Social Media Forensics for InvestigatorsSocial Media Forensics for Investigators
Social Media Forensics for InvestigatorsCase IQ
 
Digital forensics Steps
Digital forensics StepsDigital forensics Steps
Digital forensics Stepsgamemaker762
 
Level1 Part8 End Of The Day
Level1 Part8 End Of The DayLevel1 Part8 End Of The Day
Level1 Part8 End Of The DayCTIN
 
Mounting virtual hard drives
Mounting virtual hard drivesMounting virtual hard drives
Mounting virtual hard drivesCTIN
 

More Related Content

What's hot

Digital Forensics by William C. Barker (NIST)
Digital Forensics by William C. Barker (NIST)Digital Forensics by William C. Barker (NIST)
Digital Forensics by William C. Barker (NIST)AltheimPrivacy
 
Digital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research ChallengeDigital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research ChallengeAung Thu Rha Hein
 
Digital forensic principles and procedure
Digital forensic principles and procedureDigital forensic principles and procedure
Digital forensic principles and procedurenewbie2019
 
cyber security and forensic tools
cyber security and forensic toolscyber security and forensic tools
cyber security and forensic toolsSonu Sunaliya
 
Digital Evidence by Raghu Khimani
Digital Evidence by Raghu KhimaniDigital Evidence by Raghu Khimani
Digital Evidence by Raghu KhimaniDr Raghu Khimani
 
Digital Evidence in Computer Forensic Investigations
Digital Evidence in Computer Forensic InvestigationsDigital Evidence in Computer Forensic Investigations
Digital Evidence in Computer Forensic InvestigationsFilip Maertens
 
01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - Notes01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - NotesKranthi
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital ForensicsOldsun
 
Computer forensics powerpoint presentation
Computer forensics powerpoint presentationComputer forensics powerpoint presentation
Computer forensics powerpoint presentationSomya Johri
 
Preserving and recovering digital evidence
Preserving and recovering digital evidencePreserving and recovering digital evidence
Preserving and recovering digital evidenceOnline
 
Social Media Forensics for Investigators
Social Media Forensics for InvestigatorsSocial Media Forensics for Investigators
Social Media Forensics for InvestigatorsCase IQ
 
Digital forensics Steps
Digital forensics StepsDigital forensics Steps
Digital forensics Stepsgamemaker762
 

What's hot (20)

Mobile Forensics
Mobile ForensicsMobile Forensics
Mobile Forensics
 
Digital forensics
Digital forensicsDigital forensics
Digital forensics
 
Network forensic
Network forensicNetwork forensic
Network forensic
 
Mobile forensic
Mobile forensicMobile forensic
Mobile forensic
 
Digital Forensics by William C. Barker (NIST)
Digital Forensics by William C. Barker (NIST)Digital Forensics by William C. Barker (NIST)
Digital Forensics by William C. Barker (NIST)
 
Digital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research ChallengeDigital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research Challenge
 
Digital forensics
Digital forensicsDigital forensics
Digital forensics
 
Digital forensic principles and procedure
Digital forensic principles and procedureDigital forensic principles and procedure
Digital forensic principles and procedure
 
cyber security and forensic tools
cyber security and forensic toolscyber security and forensic tools
cyber security and forensic tools
 
Dark Web Forensics
Dark Web Forensics Dark Web Forensics
Dark Web Forensics
 
Digital Evidence by Raghu Khimani
Digital Evidence by Raghu KhimaniDigital Evidence by Raghu Khimani
Digital Evidence by Raghu Khimani
 
Digital Evidence in Computer Forensic Investigations
Digital Evidence in Computer Forensic InvestigationsDigital Evidence in Computer Forensic Investigations
Digital Evidence in Computer Forensic Investigations
 
Social Media Forensics
Social Media ForensicsSocial Media Forensics
Social Media Forensics
 
Mobile Forensics
Mobile Forensics Mobile Forensics
Mobile Forensics
 
01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - Notes01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - Notes
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital Forensics
 
Computer forensics powerpoint presentation
Computer forensics powerpoint presentationComputer forensics powerpoint presentation
Computer forensics powerpoint presentation
 
Preserving and recovering digital evidence
Preserving and recovering digital evidencePreserving and recovering digital evidence
Preserving and recovering digital evidence
 
Social Media Forensics for Investigators
Social Media Forensics for InvestigatorsSocial Media Forensics for Investigators
Social Media Forensics for Investigators
 
Digital forensics Steps
Digital forensics StepsDigital forensics Steps
Digital forensics Steps
 

Viewers also liked

Level1 Part8 End Of The Day
Level1 Part8 End Of The DayLevel1 Part8 End Of The Day
Level1 Part8 End Of The DayCTIN
 
Mounting virtual hard drives
Mounting virtual hard drivesMounting virtual hard drives
Mounting virtual hard drivesCTIN
 
2010 2013 sandro suffert memory forensics introdutory work shop - public
2010 2013 sandro suffert memory forensics introdutory work shop - public2010 2013 sandro suffert memory forensics introdutory work shop - public
2010 2013 sandro suffert memory forensics introdutory work shop - publicSandro Suffert
 
Vista Forensics
Vista ForensicsVista Forensics
Vista ForensicsCTIN
 
Windows logging cheat sheet
Windows logging cheat sheetWindows logging cheat sheet
Windows logging cheat sheetMichael Gough
 
Computer forensic 101 - OWASP Khartoum
Computer forensic 101 - OWASP KhartoumComputer forensic 101 - OWASP Khartoum
Computer forensic 101 - OWASP KhartoumOWASP Khartoum
 
www.indonezia.net Hacking Windows Registry
www.indonezia.net Hacking Windows Registrywww.indonezia.net Hacking Windows Registry
www.indonezia.net Hacking Windows RegistryChandra Pr. Singh
 
NTFS file system
NTFS file systemNTFS file system
NTFS file systemRavi Yasas
 
File Management Presentation
File Management PresentationFile Management Presentation
File Management PresentationSgtMasterGunz
 
Web and Social Media Image Forensics for News Professionals
Web and Social Media Image Forensics for News ProfessionalsWeb and Social Media Image Forensics for News Professionals
Web and Social Media Image Forensics for News ProfessionalsSymeon Papadopoulos
 
Windows 8 Forensics & Anti Forensics
Windows 8 Forensics & Anti ForensicsWindows 8 Forensics & Anti Forensics
Windows 8 Forensics & Anti ForensicsMike Spaulding
 
Live Forensics
Live ForensicsLive Forensics
Live ForensicsCTIN
 
OSDF 2013 - Autopsy 3: Extensible Desktop Forensics by Brian Carrier
OSDF 2013 - Autopsy 3: Extensible Desktop Forensics by Brian CarrierOSDF 2013 - Autopsy 3: Extensible Desktop Forensics by Brian Carrier
OSDF 2013 - Autopsy 3: Extensible Desktop Forensics by Brian CarrierBasis Technology
 
Msra 2011 windows7 forensics-troyla
Msra 2011 windows7 forensics-troylaMsra 2011 windows7 forensics-troyla
Msra 2011 windows7 forensics-troylaCTIN
 
Accessioning-Based Metadata Extraction and Iterative Processing: Notes From t...
Accessioning-Based Metadata Extraction and Iterative Processing: Notes From t...Accessioning-Based Metadata Extraction and Iterative Processing: Notes From t...
Accessioning-Based Metadata Extraction and Iterative Processing: Notes From t...Mark Matienzo
 
Translating Geek To Attorneys It Security
Translating Geek To Attorneys It SecurityTranslating Geek To Attorneys It Security
Translating Geek To Attorneys It SecurityCTIN
 
Forensic Anaysis on Twitter
Forensic Anaysis on TwitterForensic Anaysis on Twitter
Forensic Anaysis on TwitterYansi Keim
 

Viewers also liked (20)

Level1 Part8 End Of The Day
Level1 Part8 End Of The DayLevel1 Part8 End Of The Day
Level1 Part8 End Of The Day
 
Mounting virtual hard drives
Mounting virtual hard drivesMounting virtual hard drives
Mounting virtual hard drives
 
2010 2013 sandro suffert memory forensics introdutory work shop - public
2010 2013 sandro suffert memory forensics introdutory work shop - public2010 2013 sandro suffert memory forensics introdutory work shop - public
2010 2013 sandro suffert memory forensics introdutory work shop - public
 
Vista Forensics
Vista ForensicsVista Forensics
Vista Forensics
 
Windows logging cheat sheet
Windows logging cheat sheetWindows logging cheat sheet
Windows logging cheat sheet
 
Computer forensic 101 - OWASP Khartoum
Computer forensic 101 - OWASP KhartoumComputer forensic 101 - OWASP Khartoum
Computer forensic 101 - OWASP Khartoum
 
www.indonezia.net Hacking Windows Registry
www.indonezia.net Hacking Windows Registrywww.indonezia.net Hacking Windows Registry
www.indonezia.net Hacking Windows Registry
 
NTFS file system
NTFS file systemNTFS file system
NTFS file system
 
File Management Presentation
File Management PresentationFile Management Presentation
File Management Presentation
 
Web and Social Media Image Forensics for News Professionals
Web and Social Media Image Forensics for News ProfessionalsWeb and Social Media Image Forensics for News Professionals
Web and Social Media Image Forensics for News Professionals
 
Unit B Windows 7
Unit B Windows 7Unit B Windows 7
Unit B Windows 7
 
Windows Forensics
Windows ForensicsWindows Forensics
Windows Forensics
 
Netcat cheat sheet
Netcat cheat sheetNetcat cheat sheet
Netcat cheat sheet
 
Windows 8 Forensics & Anti Forensics
Windows 8 Forensics & Anti ForensicsWindows 8 Forensics & Anti Forensics
Windows 8 Forensics & Anti Forensics
 
Live Forensics
Live ForensicsLive Forensics
Live Forensics
 
OSDF 2013 - Autopsy 3: Extensible Desktop Forensics by Brian Carrier
OSDF 2013 - Autopsy 3: Extensible Desktop Forensics by Brian CarrierOSDF 2013 - Autopsy 3: Extensible Desktop Forensics by Brian Carrier
OSDF 2013 - Autopsy 3: Extensible Desktop Forensics by Brian Carrier
 
Msra 2011 windows7 forensics-troyla
Msra 2011 windows7 forensics-troylaMsra 2011 windows7 forensics-troyla
Msra 2011 windows7 forensics-troyla
 
Accessioning-Based Metadata Extraction and Iterative Processing: Notes From t...
Accessioning-Based Metadata Extraction and Iterative Processing: Notes From t...Accessioning-Based Metadata Extraction and Iterative Processing: Notes From t...
Accessioning-Based Metadata Extraction and Iterative Processing: Notes From t...
 
Translating Geek To Attorneys It Security
Translating Geek To Attorneys It SecurityTranslating Geek To Attorneys It Security
Translating Geek To Attorneys It Security
 
Forensic Anaysis on Twitter
Forensic Anaysis on TwitterForensic Anaysis on Twitter
Forensic Anaysis on Twitter
 

Similar to The Future of Digital Forensics

Comparative Analysis of Digital Forensic Extraction Tools
Comparative Analysis of Digital Forensic Extraction ToolsComparative Analysis of Digital Forensic Extraction Tools
Comparative Analysis of Digital Forensic Extraction Toolsijtsrd
 
To get round to the heart of fortress
To get round to the heart of fortressTo get round to the heart of fortress
To get round to the heart of fortressSTO STRATEGY
 
How to protect your corporate from advanced attacks
How to protect your corporate from advanced attacksHow to protect your corporate from advanced attacks
How to protect your corporate from advanced attacksMicrosoft
 
An introduction to cyber forensics and open source tools in cyber forensics
An introduction to cyber forensics and open source tools in cyber forensicsAn introduction to cyber forensics and open source tools in cyber forensics
An introduction to cyber forensics and open source tools in cyber forensicsZyxware Technologies
 
Threat Hunting with Splunk
Threat Hunting with SplunkThreat Hunting with Splunk
Threat Hunting with SplunkSplunk
 
Digital forensic science and its scope manesh t
Digital forensic science and its scope manesh tDigital forensic science and its scope manesh t
Digital forensic science and its scope manesh tManesh T
 
Computer forensics Slides
Computer forensics SlidesComputer forensics Slides
Computer forensics SlidesVarun Sehgal
 
Business Intelligence (BI) Tools For Computer Forensic
Business Intelligence (BI) Tools For Computer ForensicBusiness Intelligence (BI) Tools For Computer Forensic
Business Intelligence (BI) Tools For Computer ForensicDhiren Gala
 
Virtual Machine Forensic Analysis and Recovery Method for Recovery and Analys...
Virtual Machine Forensic Analysis and Recovery Method for Recovery and Analys...Virtual Machine Forensic Analysis and Recovery Method for Recovery and Analys...
Virtual Machine Forensic Analysis and Recovery Method for Recovery and Analys...IJCSIS Research Publications
 
What is Digital Forensics.docx
What is Digital Forensics.docxWhat is Digital Forensics.docx
What is Digital Forensics.docxAliAshraf68199
 
Threat Hunting with Splunk
Threat Hunting with SplunkThreat Hunting with Splunk
Threat Hunting with SplunkSplunk
 
Cyber warfare introduction
Cyber warfare introductionCyber warfare introduction
Cyber warfare introductionjagadeesh katla
 
Digital Crime & Forensics - Presentation
Digital Crime & Forensics - PresentationDigital Crime & Forensics - Presentation
Digital Crime & Forensics - Presentationprashant3535
 
Combating cyber security through forensic investigation tools
Combating cyber security through forensic investigation toolsCombating cyber security through forensic investigation tools
Combating cyber security through forensic investigation toolsVenkata Sreeram
 

Similar to The Future of Digital Forensics (20)

Comparative Analysis of Digital Forensic Extraction Tools
Comparative Analysis of Digital Forensic Extraction ToolsComparative Analysis of Digital Forensic Extraction Tools
Comparative Analysis of Digital Forensic Extraction Tools
 
To get round to the heart of fortress
To get round to the heart of fortressTo get round to the heart of fortress
To get round to the heart of fortress
 
How to protect your corporate from advanced attacks
How to protect your corporate from advanced attacksHow to protect your corporate from advanced attacks
How to protect your corporate from advanced attacks
 
Digital forensics
Digital forensics Digital forensics
Digital forensics
 
An introduction to cyber forensics and open source tools in cyber forensics
An introduction to cyber forensics and open source tools in cyber forensicsAn introduction to cyber forensics and open source tools in cyber forensics
An introduction to cyber forensics and open source tools in cyber forensics
 
Threat Hunting with Splunk
Threat Hunting with SplunkThreat Hunting with Splunk
Threat Hunting with Splunk
 
Digital forensic science and its scope manesh t
Digital forensic science and its scope manesh tDigital forensic science and its scope manesh t
Digital forensic science and its scope manesh t
 
Computer forensics Slides
Computer forensics SlidesComputer forensics Slides
Computer forensics Slides
 
Cyber forensics and auditing
Cyber forensics and auditingCyber forensics and auditing
Cyber forensics and auditing
 
Business Intelligence (BI) Tools For Computer Forensic
Business Intelligence (BI) Tools For Computer ForensicBusiness Intelligence (BI) Tools For Computer Forensic
Business Intelligence (BI) Tools For Computer Forensic
 
Virtual Machine Forensic Analysis and Recovery Method for Recovery and Analys...
Virtual Machine Forensic Analysis and Recovery Method for Recovery and Analys...Virtual Machine Forensic Analysis and Recovery Method for Recovery and Analys...
Virtual Machine Forensic Analysis and Recovery Method for Recovery and Analys...
 
Computer forencis
Computer forencisComputer forencis
Computer forencis
 
What is Digital Forensics.docx
What is Digital Forensics.docxWhat is Digital Forensics.docx
What is Digital Forensics.docx
 
Threat Hunting with Splunk
Threat Hunting with SplunkThreat Hunting with Splunk
Threat Hunting with Splunk
 
Cyber forensics ppt
Cyber forensics pptCyber forensics ppt
Cyber forensics ppt
 
Access data
Access dataAccess data
Access data
 
Cyber warfare introduction
Cyber warfare introductionCyber warfare introduction
Cyber warfare introduction
 
Latest presentation
Latest presentationLatest presentation
Latest presentation
 
Digital Crime & Forensics - Presentation
Digital Crime & Forensics - PresentationDigital Crime & Forensics - Presentation
Digital Crime & Forensics - Presentation
 
Combating cyber security through forensic investigation tools
Combating cyber security through forensic investigation toolsCombating cyber security through forensic investigation tools
Combating cyber security through forensic investigation tools
 

More from 00heights

Bitcoin 기술분석 - 조남수
Bitcoin 기술분석 - 조남수Bitcoin 기술분석 - 조남수
Bitcoin 기술분석 - 조남수00heights
 
화폐의 이해 - 조복현
화폐의 이해 - 조복현화폐의 이해 - 조복현
화폐의 이해 - 조복현00heights
 
비트코인과 디지털통화 - 이주영
비트코인과 디지털통화 - 이주영비트코인과 디지털통화 - 이주영
비트코인과 디지털통화 - 이주영00heights
 
Smartphone forensic
Smartphone forensicSmartphone forensic
Smartphone forensic00heights
 
클라우드 컴퓨팅 보안 이슈 극복을 위한 제언
클라우드 컴퓨팅 보안 이슈 극복을 위한 제언클라우드 컴퓨팅 보안 이슈 극복을 위한 제언
클라우드 컴퓨팅 보안 이슈 극복을 위한 제언00heights
 
IT Trend Information Source
IT Trend Information SourceIT Trend Information Source
IT Trend Information Source00heights
 

More from 00heights (6)

Bitcoin 기술분석 - 조남수
Bitcoin 기술분석 - 조남수Bitcoin 기술분석 - 조남수
Bitcoin 기술분석 - 조남수
 
화폐의 이해 - 조복현
화폐의 이해 - 조복현화폐의 이해 - 조복현
화폐의 이해 - 조복현
 
비트코인과 디지털통화 - 이주영
비트코인과 디지털통화 - 이주영비트코인과 디지털통화 - 이주영
비트코인과 디지털통화 - 이주영
 
Smartphone forensic
Smartphone forensicSmartphone forensic
Smartphone forensic
 
클라우드 컴퓨팅 보안 이슈 극복을 위한 제언
클라우드 컴퓨팅 보안 이슈 극복을 위한 제언클라우드 컴퓨팅 보안 이슈 극복을 위한 제언
클라우드 컴퓨팅 보안 이슈 극복을 위한 제언
 
IT Trend Information Source
IT Trend Information SourceIT Trend Information Source
IT Trend Information Source
 

Recently uploaded

TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 

Recently uploaded (20)

TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 

The Future of Digital Forensics

  • 1. Session ID: Session Classification: SungKyong Un ETRI CLE‐W04 Intermediate THE FUTURE OF DIGITAL FORENISCS
  • 4. ► DFRWS (2001) defines ► The use of scientifically derived and proven methods toward the preservation, collection, validation, identification, analysis, interpretation, documentation and presentation of digital evidence derived from digital sources for the purpose of facilitating or furthering the reconstruction of events found to be criminal, or helping to anticipate unauthorized actions shown to be disruptive to planned operations. Digital Forensics
  • 5. Digital Forensics Procedure Start Identify Storage Duplicate? Duplicate Imaging? Imaging Analysis Report End No No Yes Yes Write Protect Write Protect Source : TTAS.KO-12.0058 “Computer Forensics Guideline”
  • 8. Keyword Search source : Konrad Andrews@flickr
  • 12. Email
  • 14. Anti-Forensics - Eraser Magnatic Eraser source: http://www.garner-product.com Automatic Eraser source: http://www.wiebetech.com
  • 15. Anti-Forensics - Encryption Apple FileVault Encrypted File System (AES) Mac OS X v10.3 MS BitLocker Drive Encryption (AES) Windows Vista, 7 MS Office Encryption Option Various Algorithm
  • 16. Anti-Forensics - Countermeasure GPU based parallel password search Source : ETRI FPGA based password search Source : www.tableau.com
  • 19. SmartPhone Forensics Item Dummy Smart Target Models >1,000/Year >10/Year OS Symbian, Qualcomm iOS, Android, Windows  Mobile, BlackberryOS Interface Various USB Acquisition Logical, Physical Logical, Physical, Backup Data Phone book, Call history,  SMS, Photo, Schedule + Email, Web History, Map,  Location, SNS, Message,  App, ID/PW DB Format Various Sqlite 3rd Party App ‐ App Market
  • 24. Analysis – App Category App Phone Call Skype, Viber, Google Voice, ... Message Cacao Talk, iMessage, Twitter DM, Facebook Message, ... SNS Twitter, Facebook, me2day, ... Storage Dropbox, uCloud, SugarSync, Box.net, iCloud, ... Key DataVault, 1Password, Strip, ...
  • 25. Analysis – Communication Network source: http://www.i2group.com
  • 28. Problem or Inconvience Large Storage Search Space++ 1TB 14H? (20MB/s) New Device/Service New Tools Buy/Educate? Forensics= Tool Expert? New Environment Internet (Blog,Cafe, SNS) Smart PhoneCloud Computing (Seizure & Search Warrant?) Binary Search Index Search What if keyword is not known?
  • 29. NewViewpoint Investigating the case, not the device Need information, not data Multiple device/services per user Need multi(source) data integration Continuous device/service creation/change Need a framework to host Multiple remote sites Need mobility & connectivity Volatile evidences Need acquisition method & third party attestation
  • 30. The Future of Digital Forensics Data Centric Analysis Conduct Centric Analysis Forensic Tools Forensic Services
  • 31. ► Multi-source Evidence Acquisition ► Relationship Analysis ► Intuitive Analysis ► Automatic Analysis Based on the Profile Conduct Centric Analysis
  • 32. ► Parallel/Distributed Platform for Large Data Handling ► Adapting Fast Changing Device/Tools ► User Mobility & Connectivity Forensic Services
  • 33. Forensic Cloud: Forensics as a Service Attestation Forensic File  Filter Forensic VFS Multi‐vision GUI Mobile GUI Web GUI PW/Anti‐Forensic Front‐End Layer Presentation Layer Data Processing Layer Platform Layer Single Platform (Win/Linux) Distributed Platform  (Cloud/Grid) Data CategorizationForensic Index File/Memory Analysis Multi‐source  Acquisition Online Forensic  Data Acquisition Real‐time Digital Forensic Service Visualization e‐Discovery Service Forensic Cloud Technology Framework Centralized Repository Analysis Automation e‐Discovery Review/Reporting
  • 34. Forensic Cloud: Forensics as a Service 디지털 증거 실시간 공증 기술 Forensic File  Filter Forensic VFS Windows GUI Smart Phone GUI Web GUI 패스워드 해독/ 안티포렌식 기술 Front‐End Layer Client Layer Data Processing Layer Platform Layer Single Platform (Win/Linux) Distributed Platform  (Cloud/Grid) 데이터 식별/분류/연관성 분석 기술 포렌식 인덱스/고속 검색 기술 시스템 파일/물리 메모리 분석 기술 멀티 소스 데이터 획득/변환 기술 온라인 포렌식 데이터 수집 기술 Real‐time Digital Forensic Service 시각화 기술 e‐Discovery Service Forensic Cloud Technology Framework Centralized Repository 분석 자동화 기술 e‐Discovery기술 Review/Reporting  기술 Parallel/Distributed Computing  Core Function Acceleration  Visualization  Intuitive Analysis Mobile Support  User Mobility/Connectivity
  • 35. Forensic Cloud: Forensics as a Service Data Categorization Relationship Analysis Visualization Forensic VFS Forensic Filter Analysis Automation eDiscovery Online Forensic Data Acquisition Attestation Multi-source Data Acquization /Conversion Keyword Search File/Memory Analysis Review/ Reporting Anti Forensic Indexed Search PW Recovery Forensic Cloud
  • 36. Forensic Cloud: Forensics as a Service source: http://en.wikipedia.org/wiki/File:Sun_Modular_Datacenter_SunEBC.JPG