ICDFI 2013 Keynote Speech 1: Quantifying Likelihood in Digital Forensic Investigations Dr Richard Overill Department of Informatics, King’s College London.

Slides:



Advertisements
Similar presentations
Scientific Method Method of scientific investigation Four MAJOR steps:
Advertisements

How strong is DNA evidence?
Tests of Hypotheses Based on a Single Sample
Our goal is to assess the evidence provided by the data in favor of some claim about the population. Section 6.2Tests of Significance.
Statistics Review – Part II Topics: – Hypothesis Testing – Paired Tests – Tests of variability 1.
CHAPTER 21 Inferential Statistical Analysis. Understanding probability The idea of probability is central to inferential statistics. It means the chance.
Evaluation and interpretation of crime forensic evidence Crime Trace recovery Potential sources of the traces scenarios producing the traces Evaluation.
Cyber Education Project Accreditation Committee November 2014.
MD5 Summary and Computer Examination Process Introduction to Computer Forensics.
Hypothesis Testing After 2 hours of frustration trying to fill out an IRS form, you are skeptical about the IRS claim that the form takes 15 minutes on.
Aaker, Kumar, Day Seventh Edition Instructor’s Presentation Slides
Building Logical Arguments. Critical Thinking Skills Understand and use principles of scientific investigation Apply rules of formal and informal logic.
Hypothesis Testing. Outline The Null Hypothesis The Null Hypothesis Type I and Type II Error Type I and Type II Error Using Statistics to test the Null.
Copyright (c) 2004 Brooks/Cole, a division of Thomson Learning, Inc. Chapter 8 Tests of Hypotheses Based on a Single Sample.
Department of Mathematics Computer and Information Science1 Basics of Cyber Security and Computer Forensics Christopher I. G. Lanclos.
Inferential Statistics
Aaker, Kumar, Day Ninth Edition Instructor’s Presentation Slides
Chapter 4 Hypothesis Testing, Power, and Control: A Review of the Basics.
1 Dr. Jerrell T. Stracener EMIS 7370 STAT 5340 Probability and Statistics for Scientists and Engineers Department of Engineering Management, Information.
Richard E Overill & Jantje A M Silomon Department of Informatics, King’s College London K P Chow & Y W Law Department of Computer Science, University of.
Dr Richard Overill Department of Informatics King’s College London Cyber Sleuthing or the Art of the Digital Detective.
LECTURE 19 THURSDAY, 14 April STA 291 Spring
Computer Forensics Principles and Practices
No criminal on the run The concept of test of significance FETP India.
Quantification of Digital Forensic Hypotheses Using Probability Theory Richard E Overill & Jantje A M Silomon King’s College London Kam-Pui Chow & Hayson.
Environmental Science Chapter 2 – Scientific Tools Test Review
Therapeutic Equivalence & Active Control Clinical Trials Richard Simon, D.Sc. Chief, Biometric Research Branch National Cancer Institute.
Week 71 Hypothesis Testing Suppose that we want to assess the evidence in the observed data, concerning the hypothesis. There are two approaches to assessing.
Bayesian Networks for Cyber Crimes. Bayes’ Theorem For an hypothesis H supported by evidence E: Pr(H|E) = Pr(E|H).Pr(H)/Pr(E) where – Pr(H|E) is the posterior.
Lecture 16 Section 8.1 Objectives: Testing Statistical Hypotheses − Stating hypotheses statements − Type I and II errors − Conducting a hypothesis test.
MD5 Summary and Computer Examination Process Introduction to Computer Forensics.
Economics 173 Business Statistics Lecture 4 Fall, 2001 Professor J. Petry
User Friendly Passwords Nicole Longworth Michael Shoppell RJ Brown.
Uncertainty in Expert Systems
Using Inference to MAKE DECISIONS The Type I and Type II Errors in Hypothesis Testing.
DESIGNING AN EXPERIMENT.  Scientific Inquiry – the process of gathering evidence about the natural world and giving explanations based on evidence. DESIGNING.
Scientific Methods and Terminology. Scientific methods are The most reliable means to ensure that experiments produce reliable information in response.
Chaos and Information Dr. Tom Longshaw SPSI Sector, DERA Malvern
Slide 1 UCL JDI Centre for the Forensic Sciences 21 March 2012 Norman Fenton Queen Mary University of London and Agena Ltd Bayes and.
Business Statistics for Managerial Decision Farideh Dehkordi-Vakil.
EBM --- Journal Reading Presenter :呂宥達 Date : 2005/10/27.
Hypothesis Testing. Outline of Today’s Discussion 1.Logic of Hypothesis Testing 2.Evaluating Hypotheses Please refrain from typing, surfing or printing.
Academic Strategies Unit 8 Professor Deidra Powell-Williams.
The Practice of Statistics, 5th Edition Starnes, Tabor, Yates, Moore Bedford Freeman Worth Publishers CHAPTER 9 Testing a Claim 9.2 Tests About a Population.
Understanding Statistics © Curriculum Press 2003     H0H0 H1H1.
Testing for the proportion of success
Hypothesis Testing. Statistical Inference – dealing with parameter and model uncertainty  Confidence Intervals (credible intervals)  Hypothesis Tests.
Computer Forensics. OVERVIEW OF SEMINAR Introduction Introduction Defining Cyber Crime Defining Cyber Crime Cyber Crime Cyber Crime Cyber Crime As Global.
Digital Forensics Ryan Lord. Road Map - What is Digital Forensics? - Types of computer crimes - Tools - Procedures - Cases - Problems.
Hypothesis Testing Chapter Hypothesis Testing  Developing Null and Alternative Hypotheses  Type I and Type II Errors  One-Tailed Tests About.
Lecture #8 Thursday, September 15, 2016 Textbook: Section 4.4
Significance of Findings and Discussion
Type I & Type II Errors And Power
Hypothesis Testing.
Dr. Amjad El-Shanti MD, PMH,Dr PH University of Palestine 2016
What Is a Test of Significance?
CHAPTER 9 Testing a Claim
CHAPTER 9 Testing a Claim
Stat 217 – Day 28 Review Stat 217.
CHAPTER 9 Testing a Claim
Chapter 9: Hypothesis Testing
Chapter 11: Introduction to Hypothesis Testing Lecture 5b
CHAPTER 9 Testing a Claim
Structure Starting with a needs assessment Research training Research workstream project selection Nine workstreams Automated forensic analysis Image.
Steve Lund and Hari Iyer
CHAPTER 9 Testing a Claim
Physical Evidence.
CHAPTER 9 Testing a Claim
Chapter 4 Summary.
CHAPTER 9 Testing a Claim
Presentation transcript:

ICDFI 2013 Keynote Speech 1: Quantifying Likelihood in Digital Forensic Investigations Dr Richard Overill Department of Informatics, King’s College London

Synopsis Introduction & Background Quantitative Tools for Digital Forensics – Probability Theory – Bayesian Networks – Complexity Theory – Information Theory How can these tools benefit us? Summary & Conclusions

Introduction & Background Conventional (‘wet’) forensic scientists commonly quantify the outcomes of their investigations, for example: – There is a one in a million chance that two identical fingerprints were not produced by the same individual – There is a one in a billion chance that two identical DNA samples do not originate from the same individual Digital forensic investigators generally don’t do this. Why?

Quantitative Tools for Digital Investigations - I Probability Theory – conventional forensic scientists commonly use it Example: – Potential cosmic ray damage to CMOS and Flash RAM. In mid-1990s IBM found that a high-energy secondary cosmic ray strike could flip about one bit of CMOS RAM per month. But modern Flash memory is much more susceptible and much more densely packed, so the bit-flip rate is now per minute. This has clear implications for DFI.

Quantitative Tools for Digital Investigations - II Bayesian Networks (BNs) to reason about digital evidence and hypotheses Pioneered by K-P Chow to reason about IP piracy over peer-to-peer networks Need to choose conditional probabilities (CPs) for each node giving the probability of finding the each expected evidential trace if its associated hypothesis is (true, false) We have shown the BN’s output is rather insensitive to the choice of CPs, so BNs are valid

Example BN – DDoS Attack

Complexity Theory - I Ockham’s Razor and the Principle of Least Contrivance / Contingency Hoyle: “A tornado sweeping through a junk-yard might assemble a Boeing 747 from the materials therein”, but what are the chances of that? The least complex explanation of all the evidence is the most probable explanation Measuring the complexity of alternative explanations (computational work, user role, software effort, etc.) can yield an odds ratio

Complexity Theory - II Example: the odds ratios against a Trojan Horse explanation for six common digital crimes have been calculated: – BitTorrent IP theft – Online auction fraud – Cyber locker extortion – Online game weapon theft – DDoS attack – Possession of child pornographic images

Information Theory Conventional (Shannon-Weaver) information theory (‘entropy’) measures the degree of unpredictability in the recovered evidence Algorithmic information theory (Solomonov- Kolmogorov) measures the length of the shortest program that can reproduce all the recovered evidence So there is a link between Complexity and Information Theory that can be exploited

Benefits of Quantitative Tools Enable the forensic investigator / examiner to prioritise cases that that have a high chance of success and to abandon cases which have a low chance of going to trial Enables prosecution authorities to assess the relative strength of their case versus the defence’s case when deciding whether or not to proceed to trial Enables courts to hear digital evidence presented in a similar manner to non-digital

Summary & Conclusion I hope I have persuaded you that: – quantitative tools exist to produce likelihood ratios and odds ratios for cases in which undisputed digital evidence can be fully accounted for by more than one explanation (hypothesis) – the benefits of adopting such tools are improving : the conduct of the digital forensic investigation the decision making of the prosecution authority the conduct of the trial proceedings

Thank you! Comments? Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.