title goes here · cyber forensics. jorge carrillo, phd. 20.02.2014. chalmers university. 1. agenda...
TRANSCRIPT
-
Cyber Forensics
Jorge Carrillo, PhD
20.02.2014Chalmers University
1
-
Agenda
Quick intro A typical Forensic ProcessForensic and Incident ManagementForensic in the EUCyber-Forensic: Looking ahead. Wrapping upQ&A
20/Feb/2014 2
-
If you could invest your time, energy for....
A) Building a device that will travel faster than light.
B) Selling a car that can travel only to the future
C) Mastering digital forensic methods and tools
What would you chose?.20/Feb/2014 3
-
Basic Principle
“Any action of an individual, and obviously the violent action constituting a crime, cannot occur without leaving a trace.”
20/Feb/2014 4
-
Key elements in forensic evidence
Competent MaterialFollow the
rules of Evidence
Truth of Falsity of a
fact
• Direct Evidence• Real• Documentary• Demonstrative (second
hand evidence)
Type of Evidence
Protect the chain of custody
20/Feb/2014 5
-
IT Race35 years 25 years
Key Changes:
Focus on business, information and risk. (rather than technology only) Blending personal life with work life. IT does not own/control all the infrastructure. Not clear difference between external and internal infrastructure. Millions of malware being created, attacks expands in minutes. All the time on-line and everything connected.
1945 1987 2012 2014
20/Feb/2014 6
-
Example: Challenge in data Analysis
…. I don't know what is happening, but whatever the position of my government is, I support it fully.
Whatever the position of my government, I believe in it, yes sir. I am a member of that government,…
20/Feb/2014 7
-
Example: How would you react to this situation?
…. No way!!!!…
I am getting hacked…
20/Feb/2014 8
-
The right process…
• Isolate, Collect• Record, Secure• Search, store
Collect
• Data Mining• Analysis tools • Extract relevant
data
Examination• File analysis• Derive useful
information
Analyse
• Validate results
Reporting
C h a i n o f c u s t o d y
20/Feb/2014 9
-
Other applications…
Operations (Root cause
analysis)
Monitoring
Data Recovery and Data
acquisition
Legal domain
Construct a legalargument!
20/Feb/2014 10
-
What’s the difference?
20/Feb/2014 11
-
EU Model
1220/Feb/2014
-
Cyber-Forensic: Is it possible?
20/Feb/2014 13
-
Key points to remember..
Digital evidence is (real, direct, documentary, etc...) evidenceChain of custody is….The success of cyber-forensic depends
on ….CERT is responsible for…. A forensic process includes the phases…
20/Feb/2014 14
Cyber Forensics��AgendaIf you could invest your time, energy for.... Basic PrincipleKey elements in forensic evidenceSlide Number 6Example: Challenge in data Analysis Example: How would you react to this situation?The right process…Other applications…What’s the difference?EU Model Cyber-Forensic: Is it possible?Key points to remember..