introduction
DESCRIPTION
INTRODUCTION. Patrick Norman. World Trends. Smart World Smart Grids (Power, etc.) Mobile Integration between physical and digital world. IT Threats. DDoS attacks Fraud Phishing Attacks Spoofing Talk more about other attacks and threats. Forensics Investigators. - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: INTRODUCTION](https://reader035.vdocuments.net/reader035/viewer/2022062521/56816928550346895de06416/html5/thumbnails/1.jpg)
INTRODUCTION
Patrick Norman
![Page 2: INTRODUCTION](https://reader035.vdocuments.net/reader035/viewer/2022062521/56816928550346895de06416/html5/thumbnails/2.jpg)
World Trends
• Smart World – Smart Grids (Power, etc.)– Mobile – Integration between
physical and digital world
![Page 3: INTRODUCTION](https://reader035.vdocuments.net/reader035/viewer/2022062521/56816928550346895de06416/html5/thumbnails/3.jpg)
IT Threats
• DDoS attacks• Fraud• Phishing Attacks• Spoofing• Talk more about other
attacks and threats
![Page 4: INTRODUCTION](https://reader035.vdocuments.net/reader035/viewer/2022062521/56816928550346895de06416/html5/thumbnails/4.jpg)
Forensics Investigators
Main responsibilities (Job activities)
• Attempting to uncover the trace of an attacker to identify him
• Uncovering IT System security threats
• Testifying in court against convicts
• Add slideshow of Department of Justice documents
![Page 5: INTRODUCTION](https://reader035.vdocuments.net/reader035/viewer/2022062521/56816928550346895de06416/html5/thumbnails/5.jpg)
Importance of Computer Forensics Systems
How can Computer Forensics Systems improve security
• Better identification of system threats to improve protective measures
• Catching cyber criminals will have a better effect than regular criminals because they have bots automatically generating threats (FIX THIS)
![Page 6: INTRODUCTION](https://reader035.vdocuments.net/reader035/viewer/2022062521/56816928550346895de06416/html5/thumbnails/6.jpg)
Simulation
![Page 7: INTRODUCTION](https://reader035.vdocuments.net/reader035/viewer/2022062521/56816928550346895de06416/html5/thumbnails/7.jpg)
Background of Simulation
• Statistical Modelling– Idea
• Software– Arena – Custom code
![Page 8: INTRODUCTION](https://reader035.vdocuments.net/reader035/viewer/2022062521/56816928550346895de06416/html5/thumbnails/8.jpg)
Simulation
• Why do we simulate?– An Improved tool
• When do we simulate?– Before and after an event
• Can we rely on it?– 70-90%
![Page 9: INTRODUCTION](https://reader035.vdocuments.net/reader035/viewer/2022062521/56816928550346895de06416/html5/thumbnails/9.jpg)
Simulation
• Inputs– Random Number generators
• Outputs• How to interpret results
![Page 10: INTRODUCTION](https://reader035.vdocuments.net/reader035/viewer/2022062521/56816928550346895de06416/html5/thumbnails/10.jpg)
SDLC and Simulation
![Page 11: INTRODUCTION](https://reader035.vdocuments.net/reader035/viewer/2022062521/56816928550346895de06416/html5/thumbnails/11.jpg)
Statistical Modelling
• When should this be used?• Key success components
![Page 12: INTRODUCTION](https://reader035.vdocuments.net/reader035/viewer/2022062521/56816928550346895de06416/html5/thumbnails/12.jpg)
Software
• Monte Carlo– Off-the-shelf– Advantages
• Network Modelling– Off-the-shelf– Advantages
• Custom Code
![Page 13: INTRODUCTION](https://reader035.vdocuments.net/reader035/viewer/2022062521/56816928550346895de06416/html5/thumbnails/13.jpg)
Computer Forensics
![Page 14: INTRODUCTION](https://reader035.vdocuments.net/reader035/viewer/2022062521/56816928550346895de06416/html5/thumbnails/14.jpg)
Mobile Forensics
• Outsell PCs
• Harder to investigate• Newly acquired need to investigate• Data paths• Numerous Manufacturers
• NIST
![Page 15: INTRODUCTION](https://reader035.vdocuments.net/reader035/viewer/2022062521/56816928550346895de06416/html5/thumbnails/15.jpg)
Tools & Techniques
• SIMbrush
• MOBILedit!
• TULP 2G
![Page 16: INTRODUCTION](https://reader035.vdocuments.net/reader035/viewer/2022062521/56816928550346895de06416/html5/thumbnails/16.jpg)
Weaknesses
![Page 17: INTRODUCTION](https://reader035.vdocuments.net/reader035/viewer/2022062521/56816928550346895de06416/html5/thumbnails/17.jpg)
Network Forensics
• “Network forensics is the science that deals with capture, recording, and analysis of network traffic for detecting intrusions and investigating them.”
![Page 18: INTRODUCTION](https://reader035.vdocuments.net/reader035/viewer/2022062521/56816928550346895de06416/html5/thumbnails/18.jpg)
Tools & Techniques
![Page 19: INTRODUCTION](https://reader035.vdocuments.net/reader035/viewer/2022062521/56816928550346895de06416/html5/thumbnails/19.jpg)
Weaknesses
![Page 20: INTRODUCTION](https://reader035.vdocuments.net/reader035/viewer/2022062521/56816928550346895de06416/html5/thumbnails/20.jpg)
Database Forensics
![Page 21: INTRODUCTION](https://reader035.vdocuments.net/reader035/viewer/2022062521/56816928550346895de06416/html5/thumbnails/21.jpg)
Tools & Techniques
• SQL Server Management Studio Express• SQL CMD• Windows Forensic Tool Chest• NetCat• WinHex
![Page 22: INTRODUCTION](https://reader035.vdocuments.net/reader035/viewer/2022062521/56816928550346895de06416/html5/thumbnails/22.jpg)
Challenges
• Encryption
• Use as Evidence
• Evolving Technology
![Page 23: INTRODUCTION](https://reader035.vdocuments.net/reader035/viewer/2022062521/56816928550346895de06416/html5/thumbnails/23.jpg)
Application
![Page 24: INTRODUCTION](https://reader035.vdocuments.net/reader035/viewer/2022062521/56816928550346895de06416/html5/thumbnails/24.jpg)
Step 1: Observation
![Page 25: INTRODUCTION](https://reader035.vdocuments.net/reader035/viewer/2022062521/56816928550346895de06416/html5/thumbnails/25.jpg)
Observation
• Actual Observation– On the shop floor
• Historic– Statistics– Distribution
• Diagrams– System Architecture
![Page 26: INTRODUCTION](https://reader035.vdocuments.net/reader035/viewer/2022062521/56816928550346895de06416/html5/thumbnails/26.jpg)
Observation
Develop the Equation
BASIS FOR ENTIRE MODEL
![Page 27: INTRODUCTION](https://reader035.vdocuments.net/reader035/viewer/2022062521/56816928550346895de06416/html5/thumbnails/27.jpg)
Step Two
Develop the Model
![Page 28: INTRODUCTION](https://reader035.vdocuments.net/reader035/viewer/2022062521/56816928550346895de06416/html5/thumbnails/28.jpg)
Models
• Network Models– Processes– Data flow– Queues
![Page 29: INTRODUCTION](https://reader035.vdocuments.net/reader035/viewer/2022062521/56816928550346895de06416/html5/thumbnails/29.jpg)
Models
• Monte Carlo– Deterministic– Largely Random
![Page 30: INTRODUCTION](https://reader035.vdocuments.net/reader035/viewer/2022062521/56816928550346895de06416/html5/thumbnails/30.jpg)
Model
• Objective– Gain Knowledge– Matching real and simulated– Now Let’s break it
![Page 31: INTRODUCTION](https://reader035.vdocuments.net/reader035/viewer/2022062521/56816928550346895de06416/html5/thumbnails/31.jpg)
Step 3
Analyze and Fix
![Page 32: INTRODUCTION](https://reader035.vdocuments.net/reader035/viewer/2022062521/56816928550346895de06416/html5/thumbnails/32.jpg)
Analysis
• Multiple Iterations• Compare Expected and Actual Results• Compare Actual and Historic Results
![Page 33: INTRODUCTION](https://reader035.vdocuments.net/reader035/viewer/2022062521/56816928550346895de06416/html5/thumbnails/33.jpg)
Benefits to UNIWO
• Security of IT systems– Pre and post simulation will allow us to identify
threats earlier• Stability– Probability of having an unexpected system
shutdown is decreased significantly• Simulation added to computer forensics will
improve chances for catching cybercriminals by identifying their patterns