SlideShare une entreprise Scribd logo

Technical Challenges in Cyber Forensics

Télécharger en tant que PPTX, PDF
Ollie Whitehouse
Ollie Whitehouse

A presentation given at the Glasgow Caledonian University, Digital Forensics Student Conference in 2014 discussing some of the technical challenges we face in cyber forensics and possible research areas.

Technologie
1  sur  20
Technical Challenges in Cyber Forensics Glasgow Caledonian University, Digital Forensics Student Conference
Agenda The technical challenges The research areas
Before we begin… Who is NCC? • 100 million GBP revenue FTSE company • Cyber Security Assurance Practice • 180 UK technical assurance consultants • applied research (.gov.uk / .co.uk) • technical security assessments • cyber forensics incident response • 50 UK risk / audit consultants • 90 US technical assurance consultants • Escrow & Software Assurance = sister BUs
Before we begin… Hopefully not a lesson in sucking eggs
Things I won’t cover… because Keith did/will •Accreditation •Big data •Cyber security* •Cloud computing •Mobile*
Why forensics? •What happened •How it happened •Where it happened •Who did it / who didn’t do it •Why it happened*
Forensic chain of custody requirements •Intention: Court •high •Intention: Not court •low Focus for this talk: not court
What we see today •Offensive material •Basic data theft •remote internet •internal employee •Hacktivisim •Financial related •Complex nation state threat actors •high value IP theft
Tech challenge #1: non-tech usability •Triage •Acquisition •Aggregation •Processing •Analysis •Answers
Tech challenge #2: security •TPM •Crypto •software •hardware •Device protection •passphrase •fingerprint •anti-tamper
Tech challenge #3: IoT acquisition •CCTV, Watches, TVs, Fridges etc.. •Vehicles •Multi Functional Devices •BMS / EMS .. etc.. … storage removal … storage processing … ability to make sense
Tech challenge #4: rapid tech evolution •Devices •Operating systems •Apps •Methods of communication •Methods of storage •Internet services
Tech challenge #4: attribution & intent •Who •Why •Capabilities •Traits (MO)
Tech challenges: example #1
Tech challenges: example #2
Example research: NCC suggested projects • Storage Reduction for Network Captures • High Performance Captured Network Meta Data Analysis • Network Capture Visualization • Automated Net Flow Heuristic Signature Production • Forensic Memory Resident Password Recover • Application Location Services in Data Forensics Investigations
Future research •Usability of forensics tools •Agility / adaptability in forensics tools •Internet forensics / Open Source Intel •Stitching multiple distinct sources •Detecting use of anti-forensics •Detecting use of offensive-forensics •High-speed forensics
Future research •Reactive forensic supporting systems •Pro-active forensic supporting design pattterns •systems & apps •Crowd sourcing / gamification applications in forensics •Expert systems (AI) use in forensics •inference engines / knowledge base http://link.springer.com/chapter/10.1007%2F978-3-540-77368-9_31
Summary •We need to make it •easier to collect & get answers •scalable & efficient •reliable & adaptable •We need to be able to •consume intelligence •produce intelligence •share more
UK Offices Manchester - Head Office Cheltenham Edinburgh Leatherhead London Milton Keynes North American Offices San Francisco Atlanta New York Seattle Austin Australian Offices Sydney European Offices Amsterdam - Netherlands Munich – Germany Zurich - Switzerland Thanks? Questions? Ollie Whitehouse ollie.whitehouse@nccgroup.com

Recommandé

Cyber Forensics & Challenges
Cyber Forensics & ChallengesCyber Forensics & Challenges
Cyber Forensics & Challenges
Deepak Kumar (D3)
 
Computer forensics powerpoint presentation
Computer forensics powerpoint presentationComputer forensics powerpoint presentation
Computer forensics powerpoint presentation
Somya Johri
 
Computer forensics toolkit
Computer forensics toolkitComputer forensics toolkit
Computer forensics toolkit
Milap Oza
 
Introduction to computer forensic
Introduction to computer forensicIntroduction to computer forensic
Introduction to computer forensic
Online
 
Current Forensic Tools
Current Forensic Tools Current Forensic Tools
Current Forensic Tools
Jyothishmathi Institute of Technology and Science Karimnagar
 
Processing Crimes and Incident Scenes
Processing Crimes and Incident ScenesProcessing Crimes and Incident Scenes
Processing Crimes and Incident Scenes
primeteacher32
 
Mobile Forensics
Mobile ForensicsMobile Forensics
Mobile Forensics
primeteacher32
 
A brief Intro to Digital Forensics
A brief Intro to Digital ForensicsA brief Intro to Digital Forensics
A brief Intro to Digital Forensics
Manik Bhola
 

Recommandé

Cyber Forensics & Challenges
Cyber Forensics & ChallengesCyber Forensics & Challenges
Cyber Forensics & Challenges
Deepak Kumar (D3)
 
Computer forensics powerpoint presentation
Computer forensics powerpoint presentationComputer forensics powerpoint presentation
Computer forensics powerpoint presentation
Somya Johri
 
Computer forensics toolkit
Computer forensics toolkitComputer forensics toolkit
Computer forensics toolkit
Milap Oza
 
Introduction to computer forensic
Introduction to computer forensicIntroduction to computer forensic
Introduction to computer forensic
Online
 
Current Forensic Tools
Current Forensic Tools Current Forensic Tools
Current Forensic Tools
Jyothishmathi Institute of Technology and Science Karimnagar
 
Processing Crimes and Incident Scenes
Processing Crimes and Incident ScenesProcessing Crimes and Incident Scenes
Processing Crimes and Incident Scenes
primeteacher32
 
Mobile Forensics
Mobile ForensicsMobile Forensics
Mobile Forensics
primeteacher32
 
A brief Intro to Digital Forensics
A brief Intro to Digital ForensicsA brief Intro to Digital Forensics
A brief Intro to Digital Forensics
Manik Bhola
 
CS6004 Cyber Forensics
CS6004 Cyber ForensicsCS6004 Cyber Forensics
CS6004 Cyber Forensics
Kathirvel Ayyaswamy
 
CNIT 121: 8 Forensic Duplication
CNIT 121: 8 Forensic DuplicationCNIT 121: 8 Forensic Duplication
CNIT 121: 8 Forensic Duplication
Sam Bowne
 
Email investigation
Email investigationEmail investigation
Email investigation
Animesh Shaw
 
Computer +forensics
Computer +forensicsComputer +forensics
Computer +forensics
Rahul Baghla
 
Digital forensics
Digital forensicsDigital forensics
Digital forensics
Roberto Ellis
 
Role of a Forensic Investigator
Role of a Forensic InvestigatorRole of a Forensic Investigator
Role of a Forensic Investigator
Agape Inc
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital Forensics
Oldsun
 
05 Duplication and Preservation of Digital evidence - Notes
05 Duplication and Preservation of Digital evidence - Notes05 Duplication and Preservation of Digital evidence - Notes
05 Duplication and Preservation of Digital evidence - Notes
Kranthi
 
Computer Forensics
Computer ForensicsComputer Forensics
Computer Forensics
Daksh Verma
 
Computer forensics ppt
Computer forensics pptComputer forensics ppt
Computer forensics ppt
Nikhil Mashruwala
 
Computer Forensics ppt
Computer Forensics pptComputer Forensics ppt
Computer Forensics ppt
OECLIB Odisha Electronics Control Library
 
Anti forensic
Anti forensicAnti forensic
Anti forensic
Milap Oza
 
Investigative Tools and Equipments for Cyber Crime by Raghu Khimani
Investigative Tools and Equipments for Cyber Crime by Raghu KhimaniInvestigative Tools and Equipments for Cyber Crime by Raghu Khimani
Investigative Tools and Equipments for Cyber Crime by Raghu Khimani
Dr Raghu Khimani
 
L6 Digital Forensic Investigation Tools.pptx
L6 Digital Forensic Investigation Tools.pptxL6 Digital Forensic Investigation Tools.pptx
L6 Digital Forensic Investigation Tools.pptx
Bhupeshkumar Nanhe
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital Forensics
Nicholas Davis
 
Computer forensic ppt
Computer forensic pptComputer forensic ppt
Computer forensic ppt
Priya Manik
 
Computer forensics
Computer forensicsComputer forensics
Computer forensics
deaneal
 
E-mail Investigation
E-mail InvestigationE-mail Investigation
E-mail Investigation
edwardbel
 
Lecture 9 and 10 comp forensics 09 10-18 file system
Lecture 9 and 10 comp forensics 09 10-18 file systemLecture 9 and 10 comp forensics 09 10-18 file system
Lecture 9 and 10 comp forensics 09 10-18 file system
Alchemist095
 
Cyber forensics and auditing
Cyber forensics and auditingCyber forensics and auditing
Cyber forensics and auditing
Sweta Kumari Barnwal
 
Preserving and recovering digital evidence
Preserving and recovering digital evidencePreserving and recovering digital evidence
Preserving and recovering digital evidence
Online
 
Search and Seizure
Search and SeizureSearch and Seizure
Search and Seizure
Lina Nandy
 

Contenu connexe

Tendances

Computer +forensics
Computer +forensicsComputer +forensics
Computer +forensics
Rahul Baghla
 
05 Duplication and Preservation of Digital evidence - Notes
05 Duplication and Preservation of Digital evidence - Notes05 Duplication and Preservation of Digital evidence - Notes
05 Duplication and Preservation of Digital evidence - Notes
Kranthi
 
Anti forensic
Anti forensicAnti forensic
Anti forensic
Milap Oza
 
Lecture 9 and 10 comp forensics 09 10-18 file system
Lecture 9 and 10 comp forensics 09 10-18 file systemLecture 9 and 10 comp forensics 09 10-18 file system
Lecture 9 and 10 comp forensics 09 10-18 file system
Alchemist095
 

Tendances (20)

CS6004 Cyber Forensics
CS6004 Cyber ForensicsCS6004 Cyber Forensics
CS6004 Cyber Forensics
 
CNIT 121: 8 Forensic Duplication
CNIT 121: 8 Forensic DuplicationCNIT 121: 8 Forensic Duplication
CNIT 121: 8 Forensic Duplication
 
Email investigation
Email investigationEmail investigation
Email investigation
 
Computer +forensics
Computer +forensicsComputer +forensics
Computer +forensics
 
Digital forensics
Digital forensicsDigital forensics
Digital forensics
 
Role of a Forensic Investigator
Role of a Forensic InvestigatorRole of a Forensic Investigator
Role of a Forensic Investigator
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital Forensics
 
05 Duplication and Preservation of Digital evidence - Notes
05 Duplication and Preservation of Digital evidence - Notes05 Duplication and Preservation of Digital evidence - Notes
05 Duplication and Preservation of Digital evidence - Notes
 
Computer Forensics
Computer ForensicsComputer Forensics
Computer Forensics
 
Computer forensics ppt
Computer forensics pptComputer forensics ppt
Computer forensics ppt
 
Computer Forensics ppt
Computer Forensics pptComputer Forensics ppt
Computer Forensics ppt
 
Anti forensic
Anti forensicAnti forensic
Anti forensic
 
Investigative Tools and Equipments for Cyber Crime by Raghu Khimani
Investigative Tools and Equipments for Cyber Crime by Raghu KhimaniInvestigative Tools and Equipments for Cyber Crime by Raghu Khimani
Investigative Tools and Equipments for Cyber Crime by Raghu Khimani
 
L6 Digital Forensic Investigation Tools.pptx
L6 Digital Forensic Investigation Tools.pptxL6 Digital Forensic Investigation Tools.pptx
L6 Digital Forensic Investigation Tools.pptx
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital Forensics
 
Computer forensic ppt
Computer forensic pptComputer forensic ppt
Computer forensic ppt
 
Computer forensics
Computer forensicsComputer forensics
Computer forensics
 
E-mail Investigation
E-mail InvestigationE-mail Investigation
E-mail Investigation
 
Lecture 9 and 10 comp forensics 09 10-18 file system
Lecture 9 and 10 comp forensics 09 10-18 file systemLecture 9 and 10 comp forensics 09 10-18 file system
Lecture 9 and 10 comp forensics 09 10-18 file system
 
Cyber forensics and auditing
Cyber forensics and auditingCyber forensics and auditing
Cyber forensics and auditing
 

En vedette

Search and Seizure
Search and SeizureSearch and Seizure
Search and Seizure
Lina Nandy
 
Ict in the district courts
Ict in the district courtsIct in the district courts
Ict in the district courts
Talwant Singh
 

En vedette (20)

Preserving and recovering digital evidence
Preserving and recovering digital evidencePreserving and recovering digital evidence
Preserving and recovering digital evidence
 
Search and Seizure
Search and SeizureSearch and Seizure
Search and Seizure
 
Ict in the district courts
Ict in the district courtsIct in the district courts
Ict in the district courts
 
Secure App Aspirations: Why it is very difficult in the real world
Secure App Aspirations: Why it is very difficult in the real worldSecure App Aspirations: Why it is very difficult in the real world
Secure App Aspirations: Why it is very difficult in the real world
 
From Problem to Solution: Enumerating Windows Firewall-Hook Drivers
From Problem to Solution: Enumerating Windows Firewall-Hook DriversFrom Problem to Solution: Enumerating Windows Firewall-Hook Drivers
From Problem to Solution: Enumerating Windows Firewall-Hook Drivers
 
NCC Group C Suite Cyber Security Advisory Services
NCC Group C Suite Cyber Security Advisory ServicesNCC Group C Suite Cyber Security Advisory Services
NCC Group C Suite Cyber Security Advisory Services
 
Why defensive research is sexy too.. … and a real sign of skill
Why defensive research is sexy too.. … and a real sign of skillWhy defensive research is sexy too.. … and a real sign of skill
Why defensive research is sexy too.. … and a real sign of skill
 
Agile software security assurance
Agile software security assuranceAgile software security assurance
Agile software security assurance
 
Threat Intelligence - Routes to a Proactive Capability
Threat Intelligence - Routes to a Proactive CapabilityThreat Intelligence - Routes to a Proactive Capability
Threat Intelligence - Routes to a Proactive Capability
 
Designing and building post compromise recoverable services
Designing and building post compromise recoverable servicesDesigning and building post compromise recoverable services
Designing and building post compromise recoverable services
 
Smart grid in the Critical National Infrastructure
Smart grid in the Critical National InfrastructureSmart grid in the Critical National Infrastructure
Smart grid in the Critical National Infrastructure
 
Finding The Weak Link in Windows Binaries
Finding The Weak Link in Windows BinariesFinding The Weak Link in Windows Binaries
Finding The Weak Link in Windows Binaries
 
Securing your supply chain & vicarious liability (cyber security)
Securing your supply chain & vicarious liability (cyber security)Securing your supply chain & vicarious liability (cyber security)
Securing your supply chain & vicarious liability (cyber security)
 
Logs & The Law: What is Admissible in Court?
Logs & The Law: What is Admissible in Court?Logs & The Law: What is Admissible in Court?
Logs & The Law: What is Admissible in Court?
 
Red Teaming and the Supply Chain
Red Teaming and the Supply ChainRed Teaming and the Supply Chain
Red Teaming and the Supply Chain
 
NCC Group Pro-active Breach Discovery: Network Threat Assessment
NCC Group Pro-active Breach Discovery: Network Threat AssessmentNCC Group Pro-active Breach Discovery: Network Threat Assessment
NCC Group Pro-active Breach Discovery: Network Threat Assessment
 
Assuring the Security of the Supply Chain - Designing best practices for cybe...
Assuring the Security of the Supply Chain - Designing best practices for cybe...Assuring the Security of the Supply Chain - Designing best practices for cybe...
Assuring the Security of the Supply Chain - Designing best practices for cybe...
 
Countering the Cyber Threat
Countering the Cyber ThreatCountering the Cyber Threat
Countering the Cyber Threat
 
Judicial Appreciation of Digital Evidence 2016
Judicial Appreciation of Digital Evidence 2016Judicial Appreciation of Digital Evidence 2016
Judicial Appreciation of Digital Evidence 2016
 
Appreciation of Electronic Evidence-PDF
Appreciation of Electronic Evidence-PDFAppreciation of Electronic Evidence-PDF
Appreciation of Electronic Evidence-PDF
 

Similaire à Technical Challenges in Cyber Forensics

Data encryption for Ruby web applications - Dmytro Shapovalov (RUS) | Ruby Me...
Data encryption for Ruby web applications - Dmytro Shapovalov (RUS) | Ruby Me...Data encryption for Ruby web applications - Dmytro Shapovalov (RUS) | Ruby Me...
Data encryption for Ruby web applications - Dmytro Shapovalov (RUS) | Ruby Me...
Ruby Meditation
 
Current & Emerging Cyber Security Threats
Current & Emerging Cyber Security ThreatsCurrent & Emerging Cyber Security Threats
Current & Emerging Cyber Security Threats
NCC Group
 
Understanding Zero Trust Security for IBM i
Understanding Zero Trust Security for IBM iUnderstanding Zero Trust Security for IBM i
Understanding Zero Trust Security for IBM i
Precisely
 
2019 GDRR: Blockchain Data Analytics - Real World Adventures at a Cryptocurre...
2019 GDRR: Blockchain Data Analytics - Real World Adventures at a Cryptocurre...2019 GDRR: Blockchain Data Analytics - Real World Adventures at a Cryptocurre...
2019 GDRR: Blockchain Data Analytics - Real World Adventures at a Cryptocurre...
The Statistical and Applied Mathematical Sciences Institute
 

Similaire à Technical Challenges in Cyber Forensics (20)

SplunkLive! London 2019: University of Exeter
SplunkLive! London 2019: University of Exeter SplunkLive! London 2019: University of Exeter
SplunkLive! London 2019: University of Exeter
 
Careers in Cyber Security
Careers in Cyber SecurityCareers in Cyber Security
Careers in Cyber Security
 
Soc analyst course content v3
Soc analyst course content v3Soc analyst course content v3
Soc analyst course content v3
 
Soc analyst course content
Soc analyst course contentSoc analyst course content
Soc analyst course content
 
Jcv course contents
Jcv course contentsJcv course contents
Jcv course contents
 
Penetration testing experience at the University of Worcester
Penetration testing experience at the University of WorcesterPenetration testing experience at the University of Worcester
Penetration testing experience at the University of Worcester
 
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
 
(130608) #fitalk ceic 2013 interview
(130608) #fitalk ceic 2013 interview(130608) #fitalk ceic 2013 interview
(130608) #fitalk ceic 2013 interview
 
Data encryption for Ruby web applications - Dmytro Shapovalov (RUS) | Ruby Me...
Data encryption for Ruby web applications - Dmytro Shapovalov (RUS) | Ruby Me...Data encryption for Ruby web applications - Dmytro Shapovalov (RUS) | Ruby Me...
Data encryption for Ruby web applications - Dmytro Shapovalov (RUS) | Ruby Me...
 
Digital Forensics Triage and Cyber Security
Digital Forensics Triage and Cyber SecurityDigital Forensics Triage and Cyber Security
Digital Forensics Triage and Cyber Security
 
Solving ICS Cybersecurity Challenges in the Electric Industry
Solving ICS Cybersecurity Challenges in the Electric IndustrySolving ICS Cybersecurity Challenges in the Electric Industry
Solving ICS Cybersecurity Challenges in the Electric Industry
 
Current & Emerging Cyber Security Threats
Current & Emerging Cyber Security ThreatsCurrent & Emerging Cyber Security Threats
Current & Emerging Cyber Security Threats
 
Understanding Zero Trust Security for IBM i
Understanding Zero Trust Security for IBM iUnderstanding Zero Trust Security for IBM i
Understanding Zero Trust Security for IBM i
 
2019-09-11 Workshop incident response n handling honeynet Universitas Indonesia
2019-09-11 Workshop incident response n handling honeynet Universitas Indonesia2019-09-11 Workshop incident response n handling honeynet Universitas Indonesia
2019-09-11 Workshop incident response n handling honeynet Universitas Indonesia
 
Cloud technologies
Cloud technologiesCloud technologies
Cloud technologies
 
Today's Cyber Challenges: Methodology to Secure Your Business
Today's Cyber Challenges: Methodology to Secure Your BusinessToday's Cyber Challenges: Methodology to Secure Your Business
Today's Cyber Challenges: Methodology to Secure Your Business
 
2019 GDRR: Blockchain Data Analytics - Real World Adventures at a Cryptocurre...
2019 GDRR: Blockchain Data Analytics - Real World Adventures at a Cryptocurre...2019 GDRR: Blockchain Data Analytics - Real World Adventures at a Cryptocurre...
2019 GDRR: Blockchain Data Analytics - Real World Adventures at a Cryptocurre...
 
Building secure digital services
Building secure digital servicesBuilding secure digital services
Building secure digital services
 
influence of AI in IS
influence of AI in ISinfluence of AI in IS
influence of AI in IS
 
AFAC session 2 - September 8, 2014
AFAC session 2 - September 8, 2014AFAC session 2 - September 8, 2014
AFAC session 2 - September 8, 2014
 

Dernier

A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
Malak Abu Hammad
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Earley Information Science
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
 

Dernier (20)

A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 

Technical Challenges in Cyber Forensics

  • 1. Technical Challenges in Cyber Forensics Glasgow Caledonian University, Digital Forensics Student Conference
  • 3. Before we begin… Who is NCC? • 100 million GBP revenue FTSE company • Cyber Security Assurance Practice • 180 UK technical assurance consultants • applied research (.gov.uk / .co.uk) • technical security assessments • cyber forensics incident response • 50 UK risk / audit consultants • 90 US technical assurance consultants • Escrow & Software Assurance = sister BUs
  • 4. Before we begin… Hopefully not a lesson in sucking eggs
  • 5. Things I won’t cover… because Keith did/will •Accreditation •Big data •Cyber security* •Cloud computing •Mobile*
  • 6. Why forensics? •What happened •How it happened •Where it happened •Who did it / who didn’t do it •Why it happened*
  • 7. Forensic chain of custody requirements •Intention: Court •high •Intention: Not court •low Focus for this talk: not court
  • 8. What we see today •Offensive material •Basic data theft •remote internet •internal employee •Hacktivisim •Financial related •Complex nation state threat actors •high value IP theft
  • 9. Tech challenge #1: non-tech usability •Triage •Acquisition •Aggregation •Processing •Analysis •Answers
  • 10. Tech challenge #2: security •TPM •Crypto •software •hardware •Device protection •passphrase •fingerprint •anti-tamper
  • 11. Tech challenge #3: IoT acquisition •CCTV, Watches, TVs, Fridges etc.. •Vehicles •Multi Functional Devices •BMS / EMS .. etc.. … storage removal … storage processing … ability to make sense
  • 12. Tech challenge #4: rapid tech evolution •Devices •Operating systems •Apps •Methods of communication •Methods of storage •Internet services
  • 13. Tech challenge #4: attribution & intent •Who •Why •Capabilities •Traits (MO)
  • 16. Example research: NCC suggested projects • Storage Reduction for Network Captures • High Performance Captured Network Meta Data Analysis • Network Capture Visualization • Automated Net Flow Heuristic Signature Production • Forensic Memory Resident Password Recover • Application Location Services in Data Forensics Investigations
  • 17. Future research •Usability of forensics tools •Agility / adaptability in forensics tools •Internet forensics / Open Source Intel •Stitching multiple distinct sources •Detecting use of anti-forensics •Detecting use of offensive-forensics •High-speed forensics
  • 18. Future research •Reactive forensic supporting systems •Pro-active forensic supporting design pattterns •systems & apps •Crowd sourcing / gamification applications in forensics •Expert systems (AI) use in forensics •inference engines / knowledge base http://link.springer.com/chapter/10.1007%2F978-3-540-77368-9_31
  • 19. Summary •We need to make it •easier to collect & get answers •scalable & efficient •reliable & adaptable •We need to be able to •consume intelligence •produce intelligence •share more
  • 20. UK Offices Manchester - Head Office Cheltenham Edinburgh Leatherhead London Milton Keynes North American Offices San Francisco Atlanta New York Seattle Austin Australian Offices Sydney European Offices Amsterdam - Netherlands Munich – Germany Zurich - Switzerland Thanks? Questions? Ollie Whitehouse ollie.whitehouse@nccgroup.com