Download - Technical Challenges in Cyber Forensics
Technical Challenges in Cyber ForensicsGlasgow Caledonian University, Digital Forensics Student Conference
Agenda
The technical challenges
The research areas
Before we begin… Who is NCC?
• 100 million GBP revenue FTSE company• Cyber Security Assurance Practice
• 180 UK technical assurance consultants• applied research (.gov.uk / .co.uk)
• technical security assessments
• cyber forensics incident response
• 50 UK risk / audit consultants
• 90 US technical assurance consultants
• Escrow & Software Assurance = sister BUs
Before we begin…
Hopefully not a lesson in sucking eggs
Things I won’t cover… because Keith did/will
•Accreditation•Big data•Cyber security*•Cloud computing•Mobile*
Why forensics?
•What happened•How it happened•Where it happened•Who did it / who didn’t do it•Why it happened*
Forensic chain of custody requirements
• Intention: Court•high
• Intention: Not court• low
Focus for this talk: not court
What we see today
•Offensive material•Basic data theft
• remote internet• internal employee
•Hacktivisim•Financial related•Complex nation state threat actors
•high value IP theft
Tech challenge #1: non-tech usability
•Triage•Acquisition•Aggregation•Processing•Analysis•Answers
Tech challenge #2: security
•TPM•Crypto
• software•hardware
•Device protection•passphrase• fingerprint•anti-tamper
Tech challenge #3: IoT acquisition
•CCTV, Watches, TVs, Fridges etc..•Vehicles•Multi Functional Devices•BMS / EMS ..
etc..
… storage removal
… storage processing
… ability to make sense
Tech challenge #4: rapid tech evolution
•Devices•Operating systems•Apps•Methods of communication•Methods of storage• Internet services
Tech challenge #4: attribution & intent
•Who•Why•Capabilities•Traits (MO)
Tech challenges: example #1
Tech challenges: example #2
Example research: NCC suggested projects
• Storage Reduction for Network Captures• High Performance Captured Network Meta Data Analysis
• Network Capture Visualization• Automated Net Flow Heuristic Signature Production
• Forensic Memory Resident Password Recover
• Application Location Services in Data Forensics Investigations
Future research
•Usability of forensics tools•Agility / adaptability in forensics tools• Internet forensics / Open Source Intel•Stitching multiple distinct sources•Detecting use of anti-forensics•Detecting use of offensive-forensics•High-speed forensics
Future research
•Reactive forensic supporting systems•Pro-active forensic supporting design pattterns
• systems & apps
•Crowd sourcing / gamification applications in forensics
•Expert systems (AI) use in forensics• inference engines / knowledge basehttp://link.springer.com/chapter/10.1007%2F978-3-540-77368-9_31
Summary
•We need to make it •easier to collect & get answers•scalable & efficient• reliable & adaptable
•We need to be able to• consume intelligence•produce intelligence•share more
UK Offices
Manchester - Head Office
Cheltenham
Edinburgh
Leatherhead
London
Milton Keynes
North American Offices
San Francisco
Atlanta
New York
Seattle
Austin
Australian Offices
Sydney
European Offices
Amsterdam - Netherlands
Munich – Germany
Zurich - Switzerland
Thanks? Questions?
Ollie [email protected]