1 / 15

Information Terrorism from IT Forensics Perspective

Information Terrorism from IT Forensics Perspective. Zsolt Illési illesi.zsolt@mail.duf.hu. Topics. terrorism & information technology forensic investigation issues to-do-list. Terrorism & Information Technology. definition uncertainties: information| cyber| computer

lobo
Download Presentation

Information Terrorism from IT Forensics Perspective

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Information TerrorismfromIT Forensics Perspective Zsolt Illésiillesi.zsolt@mail.duf.hu

  2. Topics • terrorism & information technology • forensic investigation issues • to-do-list

  3. Terrorism &Information Technology • definition uncertainties: • information| cyber| computer • crime| terrorism| war[fare] • hacking, cracking, hacktivism

  4. Security Players defender attacker user pathfinder

  5. Locard’s Exchange Principle • ‚everywhere you go,you take something with you,and you leavesomething behind’ • provide link between • crime scene(s) • victim(s) • perpetrator(s)

  6. Computers, Crime, and Criminal Investigations all IT resources can be: • target • implementation/commitment tool/environment • symbol • witness of a (computer) crime

  7. Computer Investigation Target • DEO ≡ digital evidence object • files • data structures • data elements (metadata) • configuration elements (control data, settings etc.) DEO serves as evidence element.

  8. Evidence in general • data relates to relevant points of a case • all together suitable establishing the facts (supporting the claims), ex-post reconstructions

  9. Problems • ‚questions & answers’ • ‚needle in a haystack’ • constant development in IT

  10. Investigator Questions& Answers • who?  individual(s) involved • what? nature of events that occurred • where? crime scene • when? timeline of events • why? motivation of the offense • how? used tools or exploits

  11. Data Flux Issue • Windows 7 • size on a hdd: 16GB+ • number of files: 80,000+ • number of folders: 18,000+ And that’s only the operating on one computer…

  12. Analysis Care Issue • thoroughness → time consuming • time  money • inaccuracy → missing important data • cannot prove guilt • cannot prove innocence

  13. Recent Methodology Evolution dead systems • well defined analysis steps • copy of memory or storage • trusted (forensic) environment • trusted tools live systems • evolvinganalysissteps • original memory or storage content • unclean (live) environment • undecided tools

  14. Future Methodology Evolution • cloud • encryption • artificial ignorance • artificial intelligence • data mining

  15. To-Do List • IT forensics support & research initiation • ‚hash factory’ set up • methodologies • tools • organisational cooperation improvement • national • EU • international • funding forensic experts • complex toolset • full-time professional (forensics) engagement

More Related