Digital Forensics Case Studies
Outline
• Introduc8on• DigitalForensics–Standardprocedures• Casestudies• Forensicsoundnesswhenmanualprocessingisrequired• Cloudforensics• Virtualmachines(VM)forensics• Acquisi8onofevidencefromalivesource• Smartenvironmentsforensics
• Conclusionsandperspec8ves
ProjectConSoLiDatE DigitalForensics-CaseStudies 2
Overview
ProjectConSoLiDatE DigitalForensics-CaseStudies 3
Practice
Technology Law
Case Studies
Criminology
Psychology Best practices
Expert witness Advocacy
Investigations
Collec0on and Preserva0on
ProjectConSoLiDatE DigitalForensics-CaseStudies 4
Digital Forensic Analysis
• Generallythirdpartyspecialisedinterven8on• Evidencecollec8on,examina8on,analysisandpresenta8on
ProjectConSoLiDatE DigitalForensics-CaseStudies 5
Digital Forensic Case Studies
ProjectConSoLiDatE DigitalForensics-CaseStudies 6
1. Forensic Soundness
ProjectConSoLiDatE DigitalForensics-CaseStudies 7
WhenHDcan’tberemoved…Deviceneedstobepoweredon…
1. Forensic Soundness
ProjectConSoLiDatE DigitalForensics-CaseStudies 8
WhenHDcan’tberemoved…Deviceneedstobepoweredon…
VideoofimagingandprocessingIntegrityofthevideo–MD5/SHA1
2. Logical Images
ProjectConSoLiDatE DigitalForensics-CaseStudies 9
WhenPhysicalimageofaHD(.E01)cannotbetaken…
2. Logical Images
ProjectConSoLiDatE DigitalForensics-CaseStudies 10
WhenPhysicalimageofaHD(.E01)cannotbetaken…
MakeLogicalimage(.L01)RecoveryfromUnallocatedclusters,deletedfiles,…–ProductSupport!
3. Cloud Forensics
ProjectConSoLiDatE DigitalForensics-CaseStudies 11
http://ww
w.sueblim
ely.com/im
ages/posts/2008/shout.jpg
Whendispute-relateddataenSrelyresidesinafracSonofmachines
3. Cloud Forensics
ProjectConSoLiDatE DigitalForensics-CaseStudies 12
4. Virtual Machine Forensics
ProjectConSoLiDatE DigitalForensics-CaseStudies 13
.lnkfiles
.dllfiles
5. Live Forensics
ProjectConSoLiDatE DigitalForensics-CaseStudies 14
5. Live Forensics – Challenges
• Technical• Constantlyupda8ngrecordswherefulldiskimagingprocessentersintoindefiniteloops
• Legal• Insomecountriesliveforensicsmayfallunderthelegisla8on(s)protec8ng“livecommunica8ons”andthereforeavoidingthecrimeofeavesdropping
ProjectConSoLiDatE DigitalForensics-CaseStudies 15
5. Live Forensics – Way Forward
• Taking‘s8llpicture’oftheserveratagiven8meinstant• Thebesttrade-offforacquiringdigitalevidencefromalivesource
• Downsideofthistechnique:SnapshotimageistakenbySystemAdministrator• Whereastheimageofaharddriveistakenbyadigitalforensicanalyst• SystemAdministratorisinvolvedintheinves8ga8ons!
ProjectConSoLiDatE DigitalForensics-CaseStudies 16
6. Smart Environments • Descrip8on
• EmergingenvironmentssuchasICS(IndustrialControlSystems),SmartHomes,etc.
ProjectConSoLiDatE DigitalForensics-CaseStudies 17
6. Smart Environments
• Smartenvironmentsforensics• Analysisoftheprocessesandresul8ngsequenceofac8onstakenbythedevicesintelligently.• DifferentthanIoTForensicswherethefocusistheanalysisofsensorsdata.
• Forensicchallenges• Dataformatoftheseenvironments
• Dataisstoredindifferent(oeenproprietary)formats• ScopeoftheNDA(Non-disclosureAgreement)holdsvis-à-visna8onallegisla8ons
ProjectConSoLiDatE DigitalForensics-CaseStudies 18
Conclusions
ProjectConSoLiDatE DigitalForensics-CaseStudies 19
Summary
• Repositoryofreallifecasestudies• Flexiblelearningenvironment• Beierstudentexperience• Higheremployabilityprospects
• Futuredirec8ons• AvailabletothestudentsofotherHEI• Moresophis8catedscenarios
ProjectConSoLiDatE DigitalForensics-CaseStudies 20
Perspec0ves
• WeneedtoworkontheharmonisaSonofdigitalforensicanalysismethodologiesandthegoverningpolicies• Scenarios-basedtes8ng• Iden8fica8onofgreyareas• Mutualvalida8ons
ProjectConSoLiDatE DigitalForensics-CaseStudies 21
LegislaSons
Technology InvesSgaSons
Sandbox