digital forensics - challenges and opportunities marc kirby cranfield university
TRANSCRIPT
![Page 1: Digital Forensics - challenges and opportunities Marc Kirby Cranfield University](https://reader035.vdocuments.site/reader035/viewer/2022062422/56649ec55503460f94bcfc90/html5/thumbnails/1.jpg)
Digital Forensics -challenges and opportunities
Marc Kirby Cranfield University
![Page 2: Digital Forensics - challenges and opportunities Marc Kirby Cranfield University](https://reader035.vdocuments.site/reader035/viewer/2022062422/56649ec55503460f94bcfc90/html5/thumbnails/2.jpg)
![Page 3: Digital Forensics - challenges and opportunities Marc Kirby Cranfield University](https://reader035.vdocuments.site/reader035/viewer/2022062422/56649ec55503460f94bcfc90/html5/thumbnails/3.jpg)
Health Warning
• Based on my experiences as a manager and practitioner since 2000
• They are only my views, there are others
• Debatable…
• Which is the purpose of this session… “To get us thinking about the future and allow us to chart a course for the next few years”
• Fail to plan… plan to fail
• PPPPPP (Six Ps) or is it seven?
![Page 4: Digital Forensics - challenges and opportunities Marc Kirby Cranfield University](https://reader035.vdocuments.site/reader035/viewer/2022062422/56649ec55503460f94bcfc90/html5/thumbnails/4.jpg)
Digital Forensics - The challenges and opportunities
![Page 5: Digital Forensics - challenges and opportunities Marc Kirby Cranfield University](https://reader035.vdocuments.site/reader035/viewer/2022062422/56649ec55503460f94bcfc90/html5/thumbnails/5.jpg)
Practical Challenges (today!)
Challenges
Data quantity
Data Preservation
Connectivity
Interconnectivity
Data storage
Disclosure to Courts / 3rd
parties
Multiplicity of devices Encryption
Steganography
Field investigations (Internet Cafes)
Covert Capabilities
Blue sky / keeping up to date
Operating Systems
Vista
![Page 6: Digital Forensics - challenges and opportunities Marc Kirby Cranfield University](https://reader035.vdocuments.site/reader035/viewer/2022062422/56649ec55503460f94bcfc90/html5/thumbnails/6.jpg)
Management /Strategic
Challenge
Costs Budgets
Staff retention
Bringing big business on board
ISP Liaison
Disclosure to Courts / 3rd
parties
Laws relating to computer crimes
Terrorism / Organised Crime
Rules of evidenceCovert Capabilities
Funding appropriate
research
Staff Recruitment
Training pathways
Official standards
Vendor Liaison
Are staff experts in everything?
![Page 7: Digital Forensics - challenges and opportunities Marc Kirby Cranfield University](https://reader035.vdocuments.site/reader035/viewer/2022062422/56649ec55503460f94bcfc90/html5/thumbnails/7.jpg)
Opportunities
Loads
MaybeNot at all
![Page 8: Digital Forensics - challenges and opportunities Marc Kirby Cranfield University](https://reader035.vdocuments.site/reader035/viewer/2022062422/56649ec55503460f94bcfc90/html5/thumbnails/8.jpg)
Opportunities…….It’s not all bad!
Encryption
Interconnectivity
Vista
ConnectivityData
quantity
Covert Ops
The digital age is here and everyone is a part of it
Sat Nav and the like
![Page 9: Digital Forensics - challenges and opportunities Marc Kirby Cranfield University](https://reader035.vdocuments.site/reader035/viewer/2022062422/56649ec55503460f94bcfc90/html5/thumbnails/9.jpg)
A Case in point
Younis Tsouli described himself online as Terrorist 007
One of the most notorious cyber-jihadists in the world.
He built websites and ran web forums for al-Qaeda and soon he became the main distributor of video material from in Iraq.
He looked for home movies from US soldiers that would show the inside of US bases in Iraq, so they (al-Qaeda) could do a better job at launching attacks into those bases
![Page 10: Digital Forensics - challenges and opportunities Marc Kirby Cranfield University](https://reader035.vdocuments.site/reader035/viewer/2022062422/56649ec55503460f94bcfc90/html5/thumbnails/10.jpg)
Part of a PowerPoint presentation on how to make a car bomb found on Tsouli's laptop
Example
![Page 11: Digital Forensics - challenges and opportunities Marc Kirby Cranfield University](https://reader035.vdocuments.site/reader035/viewer/2022062422/56649ec55503460f94bcfc90/html5/thumbnails/11.jpg)
"What it did show us was the extent to which they could conduct operational planning on the internet. It was the first virtual conspiracy to murder that we had seen," …… Peter Clarke of Scotland Yard.
Lesson
Organised Crime
On the hard drives of two associates were 37,000 credit card details, including security codes.
Used to fund web hosting and other disbursements
![Page 12: Digital Forensics - challenges and opportunities Marc Kirby Cranfield University](https://reader035.vdocuments.site/reader035/viewer/2022062422/56649ec55503460f94bcfc90/html5/thumbnails/12.jpg)
Proved through
Digital forensic investigation of …….
Hard Drives
USB memory
CD/DVD
Internet Café
Mob Phones
Documents
Metadata
Pictures
Video
IP records
etc. etc.etc.
![Page 13: Digital Forensics - challenges and opportunities Marc Kirby Cranfield University](https://reader035.vdocuments.site/reader035/viewer/2022062422/56649ec55503460f94bcfc90/html5/thumbnails/13.jpg)
Challenge = Opportunity
What some fear as our greatest challenges have turned into our greatest opportunities.
Digital traces were left everywhere.
Operating systems such as Vista are actually our best friends. It is really hard to destroy or hide data.
Digital devices all connect much more easily than even seven years ago. USB / WiFi / Internet / Bluetooth.
![Page 14: Digital Forensics - challenges and opportunities Marc Kirby Cranfield University](https://reader035.vdocuments.site/reader035/viewer/2022062422/56649ec55503460f94bcfc90/html5/thumbnails/14.jpg)
Electronic Devices
![Page 15: Digital Forensics - challenges and opportunities Marc Kirby Cranfield University](https://reader035.vdocuments.site/reader035/viewer/2022062422/56649ec55503460f94bcfc90/html5/thumbnails/15.jpg)
Electronic Device
![Page 16: Digital Forensics - challenges and opportunities Marc Kirby Cranfield University](https://reader035.vdocuments.site/reader035/viewer/2022062422/56649ec55503460f94bcfc90/html5/thumbnails/16.jpg)
Case Study
![Page 17: Digital Forensics - challenges and opportunities Marc Kirby Cranfield University](https://reader035.vdocuments.site/reader035/viewer/2022062422/56649ec55503460f94bcfc90/html5/thumbnails/17.jpg)
Case Study Op EuphroeCase Study Op EuphroeBackgroundBackground
Financial sector of UK notices abnormal levels of PHISHING
Mules recruited via web sites to work as agents for a “new Russian company”. Believed legitimate employment
Credit Card &other data obtained from unsuspecting public
Used to clone cards / create false identities
Cash or goods
![Page 18: Digital Forensics - challenges and opportunities Marc Kirby Cranfield University](https://reader035.vdocuments.site/reader035/viewer/2022062422/56649ec55503460f94bcfc90/html5/thumbnails/18.jpg)
Documents & EquipmentDocuments & Equipment
Create multiple identities such as US and UK Driving Licences.
MSR 2000 Card readers/encoders.
Fargo Printer to print Credit Cards and encode magnetic data.
Money Counting machine.
![Page 19: Digital Forensics - challenges and opportunities Marc Kirby Cranfield University](https://reader035.vdocuments.site/reader035/viewer/2022062422/56649ec55503460f94bcfc90/html5/thumbnails/19.jpg)
Thanks
• For your time and patience
Marc Kirby Senior Lecturer in Forensic Computing