SlideShare une entreprise Scribd logo

Technical Challenges in Cyber Forensics

Télécharger en tant que PPTX, PDF
Ollie Whitehouse
Ollie Whitehouse

A presentation given at the Glasgow Caledonian University, Digital Forensics Student Conference in 2014 discussing some of the technical challenges we face in cyber forensics and possible research areas.

Technologie
1  sur  20
Technical Challenges in Cyber Forensics Glasgow Caledonian University, Digital Forensics Student Conference
Agenda The technical challenges The research areas
Before we begin… Who is NCC? • 100 million GBP revenue FTSE company • Cyber Security Assurance Practice • 180 UK technical assurance consultants • applied research (.gov.uk / .co.uk) • technical security assessments • cyber forensics incident response • 50 UK risk / audit consultants • 90 US technical assurance consultants • Escrow & Software Assurance = sister BUs
Before we begin… Hopefully not a lesson in sucking eggs
Things I won’t cover… because Keith did/will •Accreditation •Big data •Cyber security* •Cloud computing •Mobile*
Why forensics? •What happened •How it happened •Where it happened •Who did it / who didn’t do it •Why it happened*
Forensic chain of custody requirements •Intention: Court •high •Intention: Not court •low Focus for this talk: not court
What we see today •Offensive material •Basic data theft •remote internet •internal employee •Hacktivisim •Financial related •Complex nation state threat actors •high value IP theft
Tech challenge #1: non-tech usability •Triage •Acquisition •Aggregation •Processing •Analysis •Answers
Tech challenge #2: security •TPM •Crypto •software •hardware •Device protection •passphrase •fingerprint •anti-tamper
Tech challenge #3: IoT acquisition •CCTV, Watches, TVs, Fridges etc.. •Vehicles •Multi Functional Devices •BMS / EMS .. etc.. … storage removal … storage processing … ability to make sense
Tech challenge #4: rapid tech evolution •Devices •Operating systems •Apps •Methods of communication •Methods of storage •Internet services
Tech challenge #4: attribution & intent •Who •Why •Capabilities •Traits (MO)
Tech challenges: example #1
Tech challenges: example #2
Example research: NCC suggested projects • Storage Reduction for Network Captures • High Performance Captured Network Meta Data Analysis • Network Capture Visualization • Automated Net Flow Heuristic Signature Production • Forensic Memory Resident Password Recover • Application Location Services in Data Forensics Investigations
Future research •Usability of forensics tools •Agility / adaptability in forensics tools •Internet forensics / Open Source Intel •Stitching multiple distinct sources •Detecting use of anti-forensics •Detecting use of offensive-forensics •High-speed forensics
Future research •Reactive forensic supporting systems •Pro-active forensic supporting design pattterns •systems & apps •Crowd sourcing / gamification applications in forensics •Expert systems (AI) use in forensics •inference engines / knowledge base http://link.springer.com/chapter/10.1007%2F978-3-540-77368-9_31
Summary •We need to make it •easier to collect & get answers •scalable & efficient •reliable & adaptable •We need to be able to •consume intelligence •produce intelligence •share more
UK Offices Manchester - Head Office Cheltenham Edinburgh Leatherhead London Milton Keynes North American Offices San Francisco Atlanta New York Seattle Austin Australian Offices Sydney European Offices Amsterdam - Netherlands Munich – Germany Zurich - Switzerland Thanks? Questions? Ollie Whitehouse ollie.whitehouse@nccgroup.com

Recommandé

CS6004 Cyber Forensics
CS6004 Cyber ForensicsCS6004 Cyber Forensics
CS6004 Cyber ForensicsKathirvel Ayyaswamy
 
Digital forensics
Digital forensicsDigital forensics
Digital forensicsyash sawarkar
 
Cyber Forensics & Challenges
Cyber Forensics & ChallengesCyber Forensics & Challenges
Cyber Forensics & ChallengesDeepak Kumar (D3)
 
01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - Notes01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - NotesKranthi
 
05 Duplication and Preservation of Digital evidence - Notes
05 Duplication and Preservation of Digital evidence - Notes05 Duplication and Preservation of Digital evidence - Notes
05 Duplication and Preservation of Digital evidence - NotesKranthi
 
Cyber Forensics Overview
Cyber Forensics OverviewCyber Forensics Overview
Cyber Forensics OverviewYansi Keim
 
Mobile Forensics
Mobile ForensicsMobile Forensics
Mobile Forensicsprimeteacher32
 
Cyber forensics
Cyber forensicsCyber forensics
Cyber forensicspranjal dutta
 

Recommandé

CS6004 Cyber Forensics
CS6004 Cyber ForensicsCS6004 Cyber Forensics
CS6004 Cyber ForensicsKathirvel Ayyaswamy
 
Digital forensics
Digital forensicsDigital forensics
Digital forensicsyash sawarkar
 
Cyber Forensics & Challenges
Cyber Forensics & ChallengesCyber Forensics & Challenges
Cyber Forensics & ChallengesDeepak Kumar (D3)
 
01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - Notes01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - NotesKranthi
 
05 Duplication and Preservation of Digital evidence - Notes
05 Duplication and Preservation of Digital evidence - Notes05 Duplication and Preservation of Digital evidence - Notes
05 Duplication and Preservation of Digital evidence - NotesKranthi
 
Cyber Forensics Overview
Cyber Forensics OverviewCyber Forensics Overview
Cyber Forensics OverviewYansi Keim
 
Mobile Forensics
Mobile ForensicsMobile Forensics
Mobile Forensicsprimeteacher32
 
Cyber forensics
Cyber forensicsCyber forensics
Cyber forensicspranjal dutta
 
Digital investigation
Digital investigationDigital investigation
Digital investigationunnilala11
 
Digital forensic principles and procedure
Digital forensic principles and procedureDigital forensic principles and procedure
Digital forensic principles and procedurenewbie2019
 
Computer forensics ppt
Computer forensics pptComputer forensics ppt
Computer forensics pptNikhil Mashruwala
 
Digital forensic tools
Digital forensic toolsDigital forensic tools
Digital forensic toolsParsons Corporation
 
Network forensic
Network forensicNetwork forensic
Network forensicManjushree Mashal
 
Digital Forensic
Digital ForensicDigital Forensic
Digital ForensicCleverence Kombe
 
Analysis of digital evidence
Analysis of digital evidenceAnalysis of digital evidence
Analysis of digital evidencerakesh mishra
 
04 Evidence Collection and Data Seizure - Notes
04 Evidence Collection and Data Seizure - Notes04 Evidence Collection and Data Seizure - Notes
04 Evidence Collection and Data Seizure - NotesKranthi
 
Computer forensics
Computer forensicsComputer forensics
Computer forensicsSCREAM138
 
Computer Forensic
Computer ForensicComputer Forensic
Computer ForensicNovizul Evendi
 
National Cyber Security Policy 2013 (NCSP)
National Cyber Security Policy 2013 (NCSP)National Cyber Security Policy 2013 (NCSP)
National Cyber Security Policy 2013 (NCSP)Gopal Choudhary
 
02 Types of Computer Forensics Technology - Notes
02 Types of Computer Forensics Technology - Notes02 Types of Computer Forensics Technology - Notes
02 Types of Computer Forensics Technology - NotesKranthi
 
computer forensic tools-Hardware & Software tools
computer forensic tools-Hardware & Software toolscomputer forensic tools-Hardware & Software tools
computer forensic tools-Hardware & Software toolsN.Jagadish Kumar
 
Computer forensics
Computer forensicsComputer forensics
Computer forensicsdeaneal
 
Network Forensic
Network ForensicNetwork Forensic
Network ForensicSujeet Kumar
 
Computer Forensics ppt
Computer Forensics pptComputer Forensics ppt
Computer Forensics pptOECLIB Odisha Electronics Control Library
 
Cyber Forensics Module 2
Cyber Forensics Module 2Cyber Forensics Module 2
Cyber Forensics Module 2Manu Mathew Cherian
 
Digital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research ChallengeDigital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research ChallengeAung Thu Rha Hein
 
Digital Forensics best practices with the use of open source tools and admiss...
Digital Forensics best practices with the use of open source tools and admiss...Digital Forensics best practices with the use of open source tools and admiss...
Digital Forensics best practices with the use of open source tools and admiss...Sagar Rahurkar
 
Legal aspects of digital forensics
Legal aspects of digital forensics Legal aspects of digital forensics
Legal aspects of digital forensics KakshaPatel3
 
Preserving and recovering digital evidence
Preserving and recovering digital evidencePreserving and recovering digital evidence
Preserving and recovering digital evidenceOnline
 
Search and Seizure
Search and SeizureSearch and Seizure
Search and SeizureLina Nandy
 

Contenu connexe

Tendances

Digital investigation
Digital investigationDigital investigation
Digital investigationunnilala11
 
Digital forensic principles and procedure
Digital forensic principles and procedureDigital forensic principles and procedure
Digital forensic principles and procedurenewbie2019
 
Analysis of digital evidence
Analysis of digital evidenceAnalysis of digital evidence
Analysis of digital evidencerakesh mishra
 
04 Evidence Collection and Data Seizure - Notes
04 Evidence Collection and Data Seizure - Notes04 Evidence Collection and Data Seizure - Notes
04 Evidence Collection and Data Seizure - NotesKranthi
 
Computer forensics
Computer forensicsComputer forensics
Computer forensicsSCREAM138
 
National Cyber Security Policy 2013 (NCSP)
National Cyber Security Policy 2013 (NCSP)National Cyber Security Policy 2013 (NCSP)
National Cyber Security Policy 2013 (NCSP)Gopal Choudhary
 
02 Types of Computer Forensics Technology - Notes
02 Types of Computer Forensics Technology - Notes02 Types of Computer Forensics Technology - Notes
02 Types of Computer Forensics Technology - NotesKranthi
 
computer forensic tools-Hardware & Software tools
computer forensic tools-Hardware & Software toolscomputer forensic tools-Hardware & Software tools
computer forensic tools-Hardware & Software toolsN.Jagadish Kumar
 
Computer forensics
Computer forensicsComputer forensics
Computer forensicsdeaneal
 
Digital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research ChallengeDigital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research ChallengeAung Thu Rha Hein
 
Digital Forensics best practices with the use of open source tools and admiss...
Digital Forensics best practices with the use of open source tools and admiss...Digital Forensics best practices with the use of open source tools and admiss...
Digital Forensics best practices with the use of open source tools and admiss...Sagar Rahurkar
 
Legal aspects of digital forensics
Legal aspects of digital forensics Legal aspects of digital forensics
Legal aspects of digital forensics KakshaPatel3
 

Tendances (20)

Digital investigation
Digital investigationDigital investigation
Digital investigation
 
Digital forensic principles and procedure
Digital forensic principles and procedureDigital forensic principles and procedure
Digital forensic principles and procedure
 
Computer forensics ppt
Computer forensics pptComputer forensics ppt
Computer forensics ppt
 
Digital forensic tools
Digital forensic toolsDigital forensic tools
Digital forensic tools
 
Network forensic
Network forensicNetwork forensic
Network forensic
 
Digital Forensic
Digital ForensicDigital Forensic
Digital Forensic
 
Analysis of digital evidence
Analysis of digital evidenceAnalysis of digital evidence
Analysis of digital evidence
 
04 Evidence Collection and Data Seizure - Notes
04 Evidence Collection and Data Seizure - Notes04 Evidence Collection and Data Seizure - Notes
04 Evidence Collection and Data Seizure - Notes
 
Computer forensics
Computer forensicsComputer forensics
Computer forensics
 
Computer Forensic
Computer ForensicComputer Forensic
Computer Forensic
 
National Cyber Security Policy 2013 (NCSP)
National Cyber Security Policy 2013 (NCSP)National Cyber Security Policy 2013 (NCSP)
National Cyber Security Policy 2013 (NCSP)
 
02 Types of Computer Forensics Technology - Notes
02 Types of Computer Forensics Technology - Notes02 Types of Computer Forensics Technology - Notes
02 Types of Computer Forensics Technology - Notes
 
computer forensic tools-Hardware & Software tools
computer forensic tools-Hardware & Software toolscomputer forensic tools-Hardware & Software tools
computer forensic tools-Hardware & Software tools
 
Computer forensics
Computer forensicsComputer forensics
Computer forensics
 
Network Forensic
Network ForensicNetwork Forensic
Network Forensic
 
Computer Forensics ppt
Computer Forensics pptComputer Forensics ppt
Computer Forensics ppt
 
Cyber Forensics Module 2
Cyber Forensics Module 2Cyber Forensics Module 2
Cyber Forensics Module 2
 
Digital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research ChallengeDigital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research Challenge
 
Digital Forensics best practices with the use of open source tools and admiss...
Digital Forensics best practices with the use of open source tools and admiss...Digital Forensics best practices with the use of open source tools and admiss...
Digital Forensics best practices with the use of open source tools and admiss...
 
Legal aspects of digital forensics
Legal aspects of digital forensics Legal aspects of digital forensics
Legal aspects of digital forensics
 

En vedette

Preserving and recovering digital evidence
Preserving and recovering digital evidencePreserving and recovering digital evidence
Preserving and recovering digital evidenceOnline
 
Search and Seizure
Search and SeizureSearch and Seizure
Search and SeizureLina Nandy
 
Ict in the district courts
Ict in the district courtsIct in the district courts
Ict in the district courtsTalwant Singh
 
Secure App Aspirations: Why it is very difficult in the real world
Secure App Aspirations: Why it is very difficult in the real worldSecure App Aspirations: Why it is very difficult in the real world
Secure App Aspirations: Why it is very difficult in the real worldOllie Whitehouse
 
From Problem to Solution: Enumerating Windows Firewall-Hook Drivers
From Problem to Solution: Enumerating Windows Firewall-Hook DriversFrom Problem to Solution: Enumerating Windows Firewall-Hook Drivers
From Problem to Solution: Enumerating Windows Firewall-Hook DriversOllie Whitehouse
 
NCC Group C Suite Cyber Security Advisory Services
NCC Group C Suite Cyber Security Advisory ServicesNCC Group C Suite Cyber Security Advisory Services
NCC Group C Suite Cyber Security Advisory ServicesOllie Whitehouse
 
Why defensive research is sexy too.. … and a real sign of skill
Why defensive research is sexy too.. … and a real sign of skillWhy defensive research is sexy too.. … and a real sign of skill
Why defensive research is sexy too.. … and a real sign of skillOllie Whitehouse
 
Agile software security assurance
Agile software security assuranceAgile software security assurance
Agile software security assuranceOllie Whitehouse
 
Threat Intelligence - Routes to a Proactive Capability
Threat Intelligence - Routes to a Proactive CapabilityThreat Intelligence - Routes to a Proactive Capability
Threat Intelligence - Routes to a Proactive CapabilityOllie Whitehouse
 
Designing and building post compromise recoverable services
Designing and building post compromise recoverable servicesDesigning and building post compromise recoverable services
Designing and building post compromise recoverable servicesOllie Whitehouse
 
Smart grid in the Critical National Infrastructure
Smart grid in the Critical National InfrastructureSmart grid in the Critical National Infrastructure
Smart grid in the Critical National InfrastructureOllie Whitehouse
 
Finding The Weak Link in Windows Binaries
Finding The Weak Link in Windows BinariesFinding The Weak Link in Windows Binaries
Finding The Weak Link in Windows BinariesOllie Whitehouse
 
Securing your supply chain & vicarious liability (cyber security)
Securing your supply chain & vicarious liability (cyber security)Securing your supply chain & vicarious liability (cyber security)
Securing your supply chain & vicarious liability (cyber security)Ollie Whitehouse
 
Logs & The Law: What is Admissible in Court?
Logs & The Law: What is Admissible in Court?Logs & The Law: What is Admissible in Court?
Logs & The Law: What is Admissible in Court?loglogic
 
Red Teaming and the Supply Chain
Red Teaming and the Supply ChainRed Teaming and the Supply Chain
Red Teaming and the Supply ChainOllie Whitehouse
 
NCC Group Pro-active Breach Discovery: Network Threat Assessment
NCC Group Pro-active Breach Discovery: Network Threat AssessmentNCC Group Pro-active Breach Discovery: Network Threat Assessment
NCC Group Pro-active Breach Discovery: Network Threat AssessmentOllie Whitehouse
 
Assuring the Security of the Supply Chain - Designing best practices for cybe...
Assuring the Security of the Supply Chain - Designing best practices for cybe...Assuring the Security of the Supply Chain - Designing best practices for cybe...
Assuring the Security of the Supply Chain - Designing best practices for cybe...Ollie Whitehouse
 
Countering the Cyber Threat
Countering the Cyber ThreatCountering the Cyber Threat
Countering the Cyber ThreatOllie Whitehouse
 
Judicial Appreciation of Digital Evidence 2016
Judicial Appreciation of Digital Evidence 2016Judicial Appreciation of Digital Evidence 2016
Judicial Appreciation of Digital Evidence 2016Talwant Singh
 
Appreciation of Electronic Evidence-PDF
Appreciation of Electronic Evidence-PDFAppreciation of Electronic Evidence-PDF
Appreciation of Electronic Evidence-PDFTalwant Singh
 

En vedette (20)

Preserving and recovering digital evidence
Preserving and recovering digital evidencePreserving and recovering digital evidence
Preserving and recovering digital evidence
 
Search and Seizure
Search and SeizureSearch and Seizure
Search and Seizure
 
Ict in the district courts
Ict in the district courtsIct in the district courts
Ict in the district courts
 
Secure App Aspirations: Why it is very difficult in the real world
Secure App Aspirations: Why it is very difficult in the real worldSecure App Aspirations: Why it is very difficult in the real world
Secure App Aspirations: Why it is very difficult in the real world
 
From Problem to Solution: Enumerating Windows Firewall-Hook Drivers
From Problem to Solution: Enumerating Windows Firewall-Hook DriversFrom Problem to Solution: Enumerating Windows Firewall-Hook Drivers
From Problem to Solution: Enumerating Windows Firewall-Hook Drivers
 
NCC Group C Suite Cyber Security Advisory Services
NCC Group C Suite Cyber Security Advisory ServicesNCC Group C Suite Cyber Security Advisory Services
NCC Group C Suite Cyber Security Advisory Services
 
Why defensive research is sexy too.. … and a real sign of skill
Why defensive research is sexy too.. … and a real sign of skillWhy defensive research is sexy too.. … and a real sign of skill
Why defensive research is sexy too.. … and a real sign of skill
 
Agile software security assurance
Agile software security assuranceAgile software security assurance
Agile software security assurance
 
Threat Intelligence - Routes to a Proactive Capability
Threat Intelligence - Routes to a Proactive CapabilityThreat Intelligence - Routes to a Proactive Capability
Threat Intelligence - Routes to a Proactive Capability
 
Designing and building post compromise recoverable services
Designing and building post compromise recoverable servicesDesigning and building post compromise recoverable services
Designing and building post compromise recoverable services
 
Smart grid in the Critical National Infrastructure
Smart grid in the Critical National InfrastructureSmart grid in the Critical National Infrastructure
Smart grid in the Critical National Infrastructure
 
Finding The Weak Link in Windows Binaries
Finding The Weak Link in Windows BinariesFinding The Weak Link in Windows Binaries
Finding The Weak Link in Windows Binaries
 
Securing your supply chain & vicarious liability (cyber security)
Securing your supply chain & vicarious liability (cyber security)Securing your supply chain & vicarious liability (cyber security)
Securing your supply chain & vicarious liability (cyber security)
 
Logs & The Law: What is Admissible in Court?
Logs & The Law: What is Admissible in Court?Logs & The Law: What is Admissible in Court?
Logs & The Law: What is Admissible in Court?
 
Red Teaming and the Supply Chain
Red Teaming and the Supply ChainRed Teaming and the Supply Chain
Red Teaming and the Supply Chain
 
NCC Group Pro-active Breach Discovery: Network Threat Assessment
NCC Group Pro-active Breach Discovery: Network Threat AssessmentNCC Group Pro-active Breach Discovery: Network Threat Assessment
NCC Group Pro-active Breach Discovery: Network Threat Assessment
 
Assuring the Security of the Supply Chain - Designing best practices for cybe...
Assuring the Security of the Supply Chain - Designing best practices for cybe...Assuring the Security of the Supply Chain - Designing best practices for cybe...
Assuring the Security of the Supply Chain - Designing best practices for cybe...
 
Countering the Cyber Threat
Countering the Cyber ThreatCountering the Cyber Threat
Countering the Cyber Threat
 
Judicial Appreciation of Digital Evidence 2016
Judicial Appreciation of Digital Evidence 2016Judicial Appreciation of Digital Evidence 2016
Judicial Appreciation of Digital Evidence 2016
 
Appreciation of Electronic Evidence-PDF
Appreciation of Electronic Evidence-PDFAppreciation of Electronic Evidence-PDF
Appreciation of Electronic Evidence-PDF
 

Similaire à Technical Challenges in Cyber Forensics

SplunkLive! London 2019: University of Exeter
SplunkLive! London 2019: University of Exeter SplunkLive! London 2019: University of Exeter
SplunkLive! London 2019: University of Exeter Splunk
 
Soc analyst course content v3
Soc analyst course content v3Soc analyst course content v3
Soc analyst course content v3ShivamSharma909
 
Soc analyst course content
Soc analyst course contentSoc analyst course content
Soc analyst course contentShivamSharma909
 
Penetration testing experience at the University of Worcester
Penetration testing experience at the University of WorcesterPenetration testing experience at the University of Worcester
Penetration testing experience at the University of WorcesterJisc
 
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...APNIC
 
(130608) #fitalk ceic 2013 interview
(130608) #fitalk ceic 2013 interview(130608) #fitalk ceic 2013 interview
(130608) #fitalk ceic 2013 interviewINSIGHT FORENSIC
 
Data encryption for Ruby web applications - Dmytro Shapovalov (RUS) | Ruby Me...
Data encryption for Ruby web applications - Dmytro Shapovalov (RUS) | Ruby Me...Data encryption for Ruby web applications - Dmytro Shapovalov (RUS) | Ruby Me...
Data encryption for Ruby web applications - Dmytro Shapovalov (RUS) | Ruby Me...Ruby Meditation
 
Digital Forensics Triage and Cyber Security
Digital Forensics Triage and Cyber SecurityDigital Forensics Triage and Cyber Security
Digital Forensics Triage and Cyber SecurityAmrit Chhetri
 
Solving ICS Cybersecurity Challenges in the Electric Industry
Solving ICS Cybersecurity Challenges in the Electric IndustrySolving ICS Cybersecurity Challenges in the Electric Industry
Solving ICS Cybersecurity Challenges in the Electric IndustryDragos, Inc.
 
Current & Emerging Cyber Security Threats
Current & Emerging Cyber Security ThreatsCurrent & Emerging Cyber Security Threats
Current & Emerging Cyber Security ThreatsNCC Group
 
Understanding Zero Trust Security for IBM i
Understanding Zero Trust Security for IBM iUnderstanding Zero Trust Security for IBM i
Understanding Zero Trust Security for IBM iPrecisely
 
2019-09-11 Workshop incident response n handling honeynet Universitas Indonesia
2019-09-11 Workshop incident response n handling honeynet Universitas Indonesia2019-09-11 Workshop incident response n handling honeynet Universitas Indonesia
2019-09-11 Workshop incident response n handling honeynet Universitas IndonesiaIGN MANTRA
 
Cloud technologies
Cloud technologiesCloud technologies
Cloud technologiesUma Rangaraj
 
Today's Cyber Challenges: Methodology to Secure Your Business
Today's Cyber Challenges: Methodology to Secure Your BusinessToday's Cyber Challenges: Methodology to Secure Your Business
Today's Cyber Challenges: Methodology to Secure Your BusinessJoAnna Cheshire
 
Building secure digital services
Building secure digital servicesBuilding secure digital services
Building secure digital servicesNetDef
 
influence of AI in IS
influence of AI in ISinfluence of AI in IS
influence of AI in ISISACA Riyadh
 
AFAC session 2 - September 8, 2014
AFAC session 2 - September 8, 2014AFAC session 2 - September 8, 2014
AFAC session 2 - September 8, 2014KBIZEAU
 

Similaire à Technical Challenges in Cyber Forensics (20)

SplunkLive! London 2019: University of Exeter
SplunkLive! London 2019: University of Exeter SplunkLive! London 2019: University of Exeter
SplunkLive! London 2019: University of Exeter
 
Careers in Cyber Security
Careers in Cyber SecurityCareers in Cyber Security
Careers in Cyber Security
 
Soc analyst course content v3
Soc analyst course content v3Soc analyst course content v3
Soc analyst course content v3
 
Soc analyst course content
Soc analyst course contentSoc analyst course content
Soc analyst course content
 
Jcv course contents
Jcv course contentsJcv course contents
Jcv course contents
 
Penetration testing experience at the University of Worcester
Penetration testing experience at the University of WorcesterPenetration testing experience at the University of Worcester
Penetration testing experience at the University of Worcester
 
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
 
(130608) #fitalk ceic 2013 interview
(130608) #fitalk ceic 2013 interview(130608) #fitalk ceic 2013 interview
(130608) #fitalk ceic 2013 interview
 
Data encryption for Ruby web applications - Dmytro Shapovalov (RUS) | Ruby Me...
Data encryption for Ruby web applications - Dmytro Shapovalov (RUS) | Ruby Me...Data encryption for Ruby web applications - Dmytro Shapovalov (RUS) | Ruby Me...
Data encryption for Ruby web applications - Dmytro Shapovalov (RUS) | Ruby Me...
 
Digital Forensics Triage and Cyber Security
Digital Forensics Triage and Cyber SecurityDigital Forensics Triage and Cyber Security
Digital Forensics Triage and Cyber Security
 
Solving ICS Cybersecurity Challenges in the Electric Industry
Solving ICS Cybersecurity Challenges in the Electric IndustrySolving ICS Cybersecurity Challenges in the Electric Industry
Solving ICS Cybersecurity Challenges in the Electric Industry
 
Current & Emerging Cyber Security Threats
Current & Emerging Cyber Security ThreatsCurrent & Emerging Cyber Security Threats
Current & Emerging Cyber Security Threats
 
Understanding Zero Trust Security for IBM i
Understanding Zero Trust Security for IBM iUnderstanding Zero Trust Security for IBM i
Understanding Zero Trust Security for IBM i
 
2019-09-11 Workshop incident response n handling honeynet Universitas Indonesia
2019-09-11 Workshop incident response n handling honeynet Universitas Indonesia2019-09-11 Workshop incident response n handling honeynet Universitas Indonesia
2019-09-11 Workshop incident response n handling honeynet Universitas Indonesia
 
Cloud technologies
Cloud technologiesCloud technologies
Cloud technologies
 
Today's Cyber Challenges: Methodology to Secure Your Business
Today's Cyber Challenges: Methodology to Secure Your BusinessToday's Cyber Challenges: Methodology to Secure Your Business
Today's Cyber Challenges: Methodology to Secure Your Business
 
2019 GDRR: Blockchain Data Analytics - Real World Adventures at a Cryptocurre...
2019 GDRR: Blockchain Data Analytics - Real World Adventures at a Cryptocurre...2019 GDRR: Blockchain Data Analytics - Real World Adventures at a Cryptocurre...
2019 GDRR: Blockchain Data Analytics - Real World Adventures at a Cryptocurre...
 
Building secure digital services
Building secure digital servicesBuilding secure digital services
Building secure digital services
 
influence of AI in IS
influence of AI in ISinfluence of AI in IS
influence of AI in IS
 
AFAC session 2 - September 8, 2014
AFAC session 2 - September 8, 2014AFAC session 2 - September 8, 2014
AFAC session 2 - September 8, 2014
 

Dernier

Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfSeasiaInfotech2
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 

Dernier (20)

Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdf
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 

Technical Challenges in Cyber Forensics

  • 1. Technical Challenges in Cyber Forensics Glasgow Caledonian University, Digital Forensics Student Conference
  • 3. Before we begin… Who is NCC? • 100 million GBP revenue FTSE company • Cyber Security Assurance Practice • 180 UK technical assurance consultants • applied research (.gov.uk / .co.uk) • technical security assessments • cyber forensics incident response • 50 UK risk / audit consultants • 90 US technical assurance consultants • Escrow & Software Assurance = sister BUs
  • 4. Before we begin… Hopefully not a lesson in sucking eggs
  • 5. Things I won’t cover… because Keith did/will •Accreditation •Big data •Cyber security* •Cloud computing •Mobile*
  • 6. Why forensics? •What happened •How it happened •Where it happened •Who did it / who didn’t do it •Why it happened*
  • 7. Forensic chain of custody requirements •Intention: Court •high •Intention: Not court •low Focus for this talk: not court
  • 8. What we see today •Offensive material •Basic data theft •remote internet •internal employee •Hacktivisim •Financial related •Complex nation state threat actors •high value IP theft
  • 9. Tech challenge #1: non-tech usability •Triage •Acquisition •Aggregation •Processing •Analysis •Answers
  • 10. Tech challenge #2: security •TPM •Crypto •software •hardware •Device protection •passphrase •fingerprint •anti-tamper
  • 11. Tech challenge #3: IoT acquisition •CCTV, Watches, TVs, Fridges etc.. •Vehicles •Multi Functional Devices •BMS / EMS .. etc.. … storage removal … storage processing … ability to make sense
  • 12. Tech challenge #4: rapid tech evolution •Devices •Operating systems •Apps •Methods of communication •Methods of storage •Internet services
  • 13. Tech challenge #4: attribution & intent •Who •Why •Capabilities •Traits (MO)
  • 16. Example research: NCC suggested projects • Storage Reduction for Network Captures • High Performance Captured Network Meta Data Analysis • Network Capture Visualization • Automated Net Flow Heuristic Signature Production • Forensic Memory Resident Password Recover • Application Location Services in Data Forensics Investigations
  • 17. Future research •Usability of forensics tools •Agility / adaptability in forensics tools •Internet forensics / Open Source Intel •Stitching multiple distinct sources •Detecting use of anti-forensics •Detecting use of offensive-forensics •High-speed forensics
  • 18. Future research •Reactive forensic supporting systems •Pro-active forensic supporting design pattterns •systems & apps •Crowd sourcing / gamification applications in forensics •Expert systems (AI) use in forensics •inference engines / knowledge base http://link.springer.com/chapter/10.1007%2F978-3-540-77368-9_31
  • 19. Summary •We need to make it •easier to collect & get answers •scalable & efficient •reliable & adaptable •We need to be able to •consume intelligence •produce intelligence •share more
  • 20. UK Offices Manchester - Head Office Cheltenham Edinburgh Leatherhead London Milton Keynes North American Offices San Francisco Atlanta New York Seattle Austin Australian Offices Sydney European Offices Amsterdam - Netherlands Munich – Germany Zurich - Switzerland Thanks? Questions? Ollie Whitehouse ollie.whitehouse@nccgroup.com