A presentation given at the Glasgow Caledonian University, Digital Forensics Student Conference in 2014 discussing some of the technical challenges we face in cyber forensics and possible research areas.
7. Forensic chain of custody requirements
•Intention: Court
•high
•Intention: Not court
•low
Focus for this talk: not court
8. What we see today
•Offensive material
•Basic data theft
•remote internet
•internal employee
•Hacktivisim
•Financial related
•Complex nation state threat actors
•high value IP theft
16. Example research: NCC suggested projects
• Storage Reduction for Network Captures
• High Performance Captured Network Meta
Data Analysis
• Network Capture Visualization
• Automated Net Flow Heuristic Signature
Production
• Forensic Memory Resident Password
Recover
• Application Location Services in Data
Forensics Investigations
17. Future research
•Usability of forensics tools
•Agility / adaptability in forensics tools
•Internet forensics / Open Source Intel
•Stitching multiple distinct sources
•Detecting use of anti-forensics
•Detecting use of offensive-forensics
•High-speed forensics
18. Future research
•Reactive forensic supporting systems
•Pro-active forensic supporting design
pattterns
•systems & apps
•Crowd sourcing / gamification applications
in forensics
•Expert systems (AI) use in forensics
•inference engines / knowledge base
http://link.springer.com/chapter/10.1007%2F978-3-540-77368-9_31
19. Summary
•We need to make it
•easier to collect & get answers
•scalable & efficient
•reliable & adaptable
•We need to be able to
•consume intelligence
•produce intelligence
•share more
20. UK Offices
Manchester - Head Office
Cheltenham
Edinburgh
Leatherhead
London
Milton Keynes
North American Offices
San Francisco
Atlanta
New York
Seattle
Austin
Australian Offices
Sydney
European Offices
Amsterdam - Netherlands
Munich – Germany
Zurich - Switzerland
Thanks? Questions?
Ollie Whitehouse
ollie.whitehouse@nccgroup.com