2009-08-20 Talk
Automated Digital Forensics and Media Exploitation
Abstract
Digital Forensics seeks to find, preserve, and present information found inside computer systems and provide causative explanations for the reason that the information is there. Today digital forensics is largely done by highly trained practitioners using data recovery tools that can search for deleted files, examine swap space, and decrypt encrypted file systems.
This talk presents new research in Automated Digital Forensics---our effort to apply the tools of data mining, statistics and artificial intelligence to the problems of digital forensics. The ultimate goal of this research is to develop batch processing tools that will be able to ingest a hard drive or flash storage device and produce a high-level reports that automatically make discoveries about the media that are useful for investigations.
Starting with a quick introduction to the field of digital forensics, this talk will then present three major research efforts:
- Cross-Drive Analysis, our work on tools and algorithms that can automatically detect which hard drives in a collection were previously used by members of terrorist networks, and which drives belong to the "background."
- Instant Drive Analysis, our work which allows the contents of a 1TB hard drive to be analyzed in less than 45 seconds using statistical sampling.
- Our efforts to build Standardized Forensic Corpora of files and disk images, so that work in this area done by different practitioners can be scientifically compared.
Bio
Simson L. Garfinkel is an Associate Professor at the Naval Postgraduate School in Monterey, California, and an associate of the School of Engineering and Applied Sciences at Harvard University. His research interests include computer forensics, the emerging field of usability and security, personal information management, privacy, information policy and terrorism.
Garfinkel is the author or co-author of fourteen books on computing. He is perhaps best known for his bookDatabase Nation: The Death of Privacy in the 21st Century. Garfinkel's most successful book, Practical UNIX and Internet Security (co-authored with Gene Spafford), has sold more than 250,000 copies and been translated into more than a dozen languages since the first edition was published in 1991.
Simson Garfinkel received three Bachelor of Science degrees from MIT in 1987, a Master's of Science in Journalism from Columbia University in 1988, and a Ph.D. in Computer Science from MIT in 2005.
Talk Details
- August 20 3:00pm, MIT CSAIL, in 32-G449 (CSAIL Kiva)
See Also
- Automated Document and Media Exploitation
- Sub-Linear Drive Analysis
- The Real Data Corpus: Building an unclassified research corpora of disk images from around the world.