My 2009 presentation on computer forensics and ubiquitous computing.

1. Computer Forensics

2. What is Computer Forensics?
It is the act to determine legal evidence
found in computers and digital storage
mediums through the use of specialized
computer investigation and analysis
techniques.

3. How is it useful?
Collect evidence against suspects
of crime.
find terrorists
Analyze after intrusions
learn to defend against them
next time
Recover data
Understand how some computer
systems works

4. Example of CF?
Dennis Lynn Rader, an American
serial killer who murdered 10
people between 1974 and 1991.
Convicted through evidence
found in a floppy disk.

5. Types of CF?
Static Live
Permanent data Volatile data
e.g. e.g.
Hard drive RAM
Flash memory Live network
CD

6. How CF works?

7. CF Methodologies?
No standard methodology for
conducting CF.
Mark Reith, Clint Carr & Gregg
Gunsch 2002 model:
"Never touch, change, or alter anything
until it has been documented, identified,
measured, and photographed . . . when a
body or article has been moved, it can
never be restored to its original
position."

8. CF Tools?
Software Hardware
Utilities, editors, Forensic Workstations,
password recovery, Devices readers, cables,
imagery, etc. etc.
Alphabetical List of High Tech Crime
Computer Forensics Institute, Inc
Products Alphabetical list of links
to manufacturers,
suppliers, and products

9. What is Ubiquitous Computing?
Ubiquitous
being present everywhere at once; omnipresent;
universal
Computing
use of computers

10. Problems of CF with UC?
Increased variety of platforms (dimensions)
File systems, physical connections, encryption, time,
place, etc
Increased quantity of data (depth of dimensions)
More tedious to find the specific data
Increased number of data dimensions and the depth of
the dimension itself led to more ways to hide data and
more difficult to detect the data.
(++|dn|)++|D| = n Exp(++|universe|)
The curse of dimensionality?

11. How will CF evolve?
"As the ways to store and transit data increases, the ways
of CF also increases."
Technological Social
More variety and Awareness towards
sophistication of tools computer security
More methodologies Confidentiality of
More laws observed information
Faster computer Laws for CF to obtain
devices information

12. Concerns for future of CF?
More negative publicity
Attracting other cyber-attackers
Inviting the ridicule of enemies of CF
Undermining the confidence of their customers, suppliers, and
investors
Growing sophistication and stealth of cyber criminal activities
Much harder to detect than crimes in the physical world
Often insiders and international involvement
Indirectly through various hiding techniques
Botnets
Information hiding: steganography, covert channel, etc
Anonymity proxies

13. Current open problems in CF?
Unavailability of Legal Framework
Lack of unified guidelines for the evidence collection
and presentation
Evidence acceptable in one country may not be in
another
Gives way to international crimes
Lack of technical knowledge
Judge may not have relevant computer knowledge
hence may not understand the evidences

14. Possible solutions?
Seek help from international organisations with high
authorit, to establish unified legal framework
E.g. ISO, UN
Increase public awareness of computer security
Find ways to get those information to the masses

15. References
Mark Reith, C. C., Gregg Gunsch (2002). "An Examination
of Digital Forensic Models." International Journal of
Digital Evidence 1(3).
Dennis Rader. (2009, December 9). In Wikipedia, The
Free Encyclopedia. Retrieved 03:28, December 11, 2009,
from http://en.wikipedia.org/w/index.php?
title=Dennis_Rader&oldid=330665164
Vacca, John R. Computer Forensics : Computer Crime
Scene Investigation (2nd Edition).Boston, MA, USA:
Course Technolgy, 2005. p xxv.

16. Questions or suggestions?