Difference between revisions of "2009-08-20 Talk"
m (Created page with '==Abstract== Digital Forensics seeks to find, preserve, and present information found inside computer systems and provide causative explanations for the reason that the informa…') |
m |
||
(7 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
<big>Automated Digital Forensics and Media Exploitation</big> | |||
[http://simson.net/ref/2009/2009-08-20%20MIT.pdf (slides)] | |||
==Abstract== | ==Abstract== | ||
Despite what you may have seen in the movies, today the primary use of digital forensics is to demonstrate the presence of child pornography on the computer systems of suspected criminal perpetrators. Although digital forensics has a great potential for providing criminal leads and assisting in criminal investigations, there is a nationwide shortage of forensic investigators and today's tools are incredibly difficult to use. | |||
This talk presents | This talk presents research aimed at realizing the dream of Automated Digital Forensics---research that brings the tools of data mining and artificial intelligence to the problems of digital forensics. The ultimate goal of this research is to create automated tools that will be able to ingest a hard drive or flash storage device and produce a high-level reports that be productively used by relatively untrained individuals. | ||
Starting with a quick introduction to the field of digital forensics, this talk will then present three | Starting with a quick introduction to the field of digital forensics, this talk will then present three research initiatives: | ||
# ''' | # '''Multi-User Carved Data Ascription,''' a new technique that allows data ''carved'' from the hard drive of a multi-user computer system to be attributed with a high degree of accuracy to one of the computer's former users. | ||
# '''Instant Drive Analysis,''' our work which allows the contents of a 1TB hard drive to be | # '''Instant Drive Analysis,''' our work which allows the contents of a 1TB hard drive to be inventoried in less than 45 seconds using statistical sampling. | ||
# Our efforts to build | # Our efforts to build '''Standardized Forensic Corpora''' of files and disk images, so that work different practitioners can be scientifically compared. | ||
Many of the tools and much of the data that we will discuss can be downloaded from the author's websites at http://afflib.org/ and http://digitalcorpora.org/. | |||
==Bio== | ==Bio== | ||
Simson L. Garfinkel is an Associate Professor at the Naval Postgraduate School in Monterey, California | Simson L. Garfinkel is an Associate Professor at the Naval Postgraduate School in Monterey, California. His current research interests include computer forensics, the emerging field of usability and security, the impact of federal human subject laws and regulations on computer science research, information policy and terrorism. | ||
Garfinkel is the author or co-author of fourteen books on computing. He is perhaps best known for his | Garfinkel is the author or co-author of fourteen books on computing. He is perhaps best known for his book Database Nation: The Death of Privacy in the 21st Century. Garfinkel's most successful book, Practical UNIX and Internet Security (co-authored with Gene Spafford), has sold more than 250,000 copies and been translated into more than a dozen languages since the first edition was published in 1991. | ||
Simson Garfinkel received three Bachelor of Science degrees from MIT in 1987, a Master's of Science in Journalism from Columbia University in 1988, and a Ph.D. in Computer Science from MIT in 2005. | Simson Garfinkel received three Bachelor of Science degrees from MIT in 1987, a Master's of Science in Journalism from Columbia University in 1988, and a Ph.D. in Computer Science from MIT in 2005. | ||
==Talk Details== | |||
* '''August 20''' 3:00pm, [http://csail.mit.edu MIT CSAIL], in [http://whereis.mit.edu/map-jpg?mapterms=32-G449&mapsearch=go 32-G449 (CSAIL Kiva)] | |||
==See Also== | |||
* [[ADOMEX|Automated Document and Media Exploitation]] | |||
** [[Sub-Linear Drive Analysis]] | |||
** [[Real Data Corpus|The Real Data Corpus]]: Building an open research corpora of disk images from around the world. | |||
__NOTOC__ |
Latest revision as of 06:23, 25 August 2009
Automated Digital Forensics and Media Exploitation (slides)
Abstract
Despite what you may have seen in the movies, today the primary use of digital forensics is to demonstrate the presence of child pornography on the computer systems of suspected criminal perpetrators. Although digital forensics has a great potential for providing criminal leads and assisting in criminal investigations, there is a nationwide shortage of forensic investigators and today's tools are incredibly difficult to use.
This talk presents research aimed at realizing the dream of Automated Digital Forensics---research that brings the tools of data mining and artificial intelligence to the problems of digital forensics. The ultimate goal of this research is to create automated tools that will be able to ingest a hard drive or flash storage device and produce a high-level reports that be productively used by relatively untrained individuals.
Starting with a quick introduction to the field of digital forensics, this talk will then present three research initiatives:
- Multi-User Carved Data Ascription, a new technique that allows data carved from the hard drive of a multi-user computer system to be attributed with a high degree of accuracy to one of the computer's former users.
- Instant Drive Analysis, our work which allows the contents of a 1TB hard drive to be inventoried in less than 45 seconds using statistical sampling.
- Our efforts to build Standardized Forensic Corpora of files and disk images, so that work different practitioners can be scientifically compared.
Many of the tools and much of the data that we will discuss can be downloaded from the author's websites at http://afflib.org/ and http://digitalcorpora.org/.
Bio
Simson L. Garfinkel is an Associate Professor at the Naval Postgraduate School in Monterey, California. His current research interests include computer forensics, the emerging field of usability and security, the impact of federal human subject laws and regulations on computer science research, information policy and terrorism.
Garfinkel is the author or co-author of fourteen books on computing. He is perhaps best known for his book Database Nation: The Death of Privacy in the 21st Century. Garfinkel's most successful book, Practical UNIX and Internet Security (co-authored with Gene Spafford), has sold more than 250,000 copies and been translated into more than a dozen languages since the first edition was published in 1991.
Simson Garfinkel received three Bachelor of Science degrees from MIT in 1987, a Master's of Science in Journalism from Columbia University in 1988, and a Ph.D. in Computer Science from MIT in 2005.
Talk Details
- August 20 3:00pm, MIT CSAIL, in 32-G449 (CSAIL Kiva)
See Also
- Automated Document and Media Exploitation
- Sub-Linear Drive Analysis
- The Real Data Corpus: Building an open research corpora of disk images from around the world.