Presentation is loading. Please wait.

Presentation is loading. Please wait.

Using automation to enhance the process of Digital Forensic analysis Daniel Walton School of Computer and Information Science

Published byGrace McDonald Modified over 8 years ago

Similar presentations

Presentation on theme: "Using automation to enhance the process of Digital Forensic analysis Daniel Walton School of Computer and Information Science"— Presentation transcript:

1 Using automation to enhance the process of Digital Forensic analysis Daniel Walton School of Computer and Information Science waldj007@mymail.unisa.edu.au Supervisor: Dr Elena Sitnikova Research Fields: Computer Forensics & Network Security

2 Outline  Introduction  Motivation  Research Question  Methodology  Research Activities  References

3 Introduction to Digital Forensics  Digital Forensics: Is a branch of forensic science dealing with the acquisition and analysis of data found in digital devices and is often combined with the presentation of the results of the analysis in court.  Digital forensics has three major phases: (Carrier, 2002) – Acquisition – Analysis – Presentation

4 Motivation Digital forensics has three major phases: (Carrier, 2002) – Acquisition (Manual process) – Analysis(Time consuming with room for improvement) – Presentation (Manual process)  Storage sizes – Storage constantly increasing in size – More places to store evidence (Cloud, mobile devices … etc) – Overall more evidence for analysis  Complexity increasing – New operating systems, mobile devices as well as more types of metadata to extract and analyse (e.g. jumplists ) – Additional complexity increases analysis and reporting time  Time –Digital forensic analysis time consuming

5 Research Question How can automation be used to improve the Digital Forensic analysis of computer evidence ? Analysis process includes: Metadata collection/extraction - Currently many different tools & output formats, Analysis (linking the dots) Comparing extracted information Statistics Blacklists/Whitelists (hash de-Nist & filenames)

6 Research sub-questions Q: How can automation be used to improve the Digital Forensic analysis of computer evidence ? Sub-questions: 1. What are the existing tools for extracting relevant information from evidence as well as the quality of the extracted information from these tools ? 2. What solutions are there for parsing the many undocumented file and metadata formats which are yet to be discovered and documented but could contain information of interest?.

7 Research sub-questions Q: How can automation be used to improve the Digital Forensic analysis of computer evidence ? Sub-questions: 3. How to ensure a low false-positive and false-negative detection rate while keeping a high detection rate of relevant information? 4.How would a tool be implemented to validate the proposed automatic analysis method?.

8 Methodology ● Metadata extraction – Research into current tools & formats ● Undocumented potential sources of information – Examine industries current solutions ● Mining for Gold (keeping relevant remove irrelevant) – Methods for culling irrelevant information as well as amplifying relevant information ● Automated analysis – Research papers discussing proposals and current solutions – Research into potential SIEM like multi source correlation of events – Examine any currently existing tools

9 Research Activities  Plaso – Compare to Log2Timeline (Guðjónsson 2010) – test python object integration – Feasibility study regarding expansion for automated analysis  Rule analysis system – Simple but flexible rule system ( compare Snort & prelude IDS)  Statistics – Research and test potentially useful types (e.g. Spam/bayes, markov chains, Principal component analysis (PCA)) – Evaluate for potential for too much information. Issues storage & processing optimise  Performance – Potential for bottlenecks in analysis. Optimal usage of resources  Reporting – What information needed for generation of a computer and user profile report.

10 References Carrier, B. (2002). Open source digital forensics tools: The legal argument. Stake Research Report. Guðjónsson, K (2010), ‘Mastering the super timeline with log2timeline’, SANS Institute

Download ppt "Using automation to enhance the process of Digital Forensic analysis Daniel Walton School of Computer and Information Science"

Similar presentations

Provenance-Aware Storage Systems Margo Seltzer April 29, 2005.

Provenance-Aware Storage Systems Margo Seltzer April 29, 2005.
Hydrological information systems Svein Taksdal Head of section, Section for Hydroinformatics Hydrology department Norwegian Water Resources and Energy.

Hydrological information systems Svein Taksdal Head of section, Section for Hydroinformatics Hydrology department Norwegian Water Resources and Energy.
SysLogix Inc. eProducerPortal.com by. Introduction 'Onboarding” - the process of contracting and appointing new agents. It is used to refer to the administrative.

SysLogix Inc. eProducerPortal.com by. Introduction "'Onboarding” - the process of contracting and appointing new agents. It is used to refer to the administrative.
Evidence Collection & Admissibility Computer Forensics BACS 371.

Evidence Collection & Admissibility Computer Forensics BACS 371.
We’ve got what it takes to take what you got! NETWORK FORENSICS.

We’ve got what it takes to take what you got! NETWORK FORENSICS.
Access Control Chapter 3 Part 5 Pages 248 to 252.

Access Control Chapter 3 Part 5 Pages 248 to 252.
BACS 371 Computer Forensics

BACS 371 Computer Forensics
TAC Vista Security. Target  TAC Vista & Security Integration  Key customer groups –Existing TAC Vista users Provide features and hardware for security.

TAC Vista Security. Target  TAC Vista & Security Integration  Key customer groups –Existing TAC Vista users Provide features and hardware for security.
ECE 667 - Synthesis & Verification1 ECE 667 Spring 2011 Synthesis and Verification of Digital Systems Verification Introduction.

ECE Synthesis & Verification1 ECE 667 Spring 2011 Synthesis and Verification of Digital Systems Verification Introduction.
Open Statistics: Envisioning a Statistical Knowledge Network Ben Shneiderman Founding Director (1983-2000), Human-Computer Interaction.

Open Statistics: Envisioning a Statistical Knowledge Network Ben Shneiderman Founding Director ( ), Human-Computer Interaction.
Ragib Hasan Johns Hopkins University en.600.412 Spring 2011 Lecture 10 04/18/2011 Security and Privacy in Cloud Computing.

Ragib Hasan Johns Hopkins University en Spring 2011 Lecture 10 04/18/2011 Security and Privacy in Cloud Computing.
Technology for Computer Forensics by Alicia Castro.

Technology for Computer Forensics by Alicia Castro.
Tools and Services for the Long Term Preservation and Access of Digital Archives Joseph JaJa, Mike Smorul, and Sangchul Song Institute for Advanced Computer.

Tools and Services for the Long Term Preservation and Access of Digital Archives Joseph JaJa, Mike Smorul, and Sangchul Song Institute for Advanced Computer.
8/28/97Information Organization and Retrieval Files and Databases University of California, Berkeley School of Information Management and Systems SIMS.

8/28/97Information Organization and Retrieval Files and Databases University of California, Berkeley School of Information Management and Systems SIMS.
Business process management (BPM) Petra Popovičová.

Business process management (BPM) Petra Popovičová.
Advance evidence collection and analysis of web browser activity by Junhoon Oh David Rivera 11/7/2013 Digital Forensics.

Advance evidence collection and analysis of web browser activity by Junhoon Oh David Rivera 11/7/2013 Digital Forensics.
An Automated Timeline Reconstruction Approach for Digital Forensic Investigations Written by Christopher Hargreaves and Jonathan Patterson Presented by.

An Automated Timeline Reconstruction Approach for Digital Forensic Investigations Written by Christopher Hargreaves and Jonathan Patterson Presented by.
Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #12 Intelligent Digital Forensics September 30, 2009.

Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #12 Intelligent Digital Forensics September 30, 2009.
Databases & Data Warehouses Chapter 3 Database Processing.

Databases & Data Warehouses Chapter 3 Database Processing.
LÊ QU Ố C HUY ID: QLU13069 1. OUTLINE  What is data mining ?  Major issues in data mining 2.

LÊ QU Ố C HUY ID: QLU OUTLINE  What is data mining ?  Major issues in data mining 2.

Similar presentations

Ads by Google