Large Data Analysis. Vincent Urias November 20, 2006 CS 489- Digital Forensics
|
|
- Laurence Hopkins
- 6 years ago
- Views:
Transcription
1 Large Data Analysis Vincent Urias November 20, 2006 CS 489- Digital Forensics
2 Topic: Large Data Analysis Executive Summary: As digital media becomes readably accessible and cheaper, the average system size is steadily increases. Because of the increased capabilities of both digital investigators and of cyber criminals, we see two major trends that have been emerging when looking at the cyber crimes like child pornography, identity theft, and computer fraud. First, the types of crimes have become more and more complex. Secondly, the crimes are becoming more expensive to analyze. Because of the plethora and differentiation of cyber cases, the shear volume of cases can range anywhere from gigabytes to terabytes of data. This data is no longer limited to a single computer, rather now we see entire networks that are vulnerable to attack. Because these issues are so important, I am going to discuss several key issues involving large-scale data analysis facing today s world. This document will discuss: The importance of large system analysis to the digital forensics field The current practices to analyze these data sets The technological gaps that exist in the analysis The current research that is being done to address these issues The ways that the current practices can be remedied today The future of this technology Introduction: As computer forensics practitioners, we are seeing a new trend in corporate, personal and private storage devices. Using minimal hardware a run-of-the-mill user could now build a terabyte raid at home with minimal costs. Ten years ago, large data sets were described in the order of hundreds of megabytes and now we see a clear escalation toward the terabyte range. It is our job as forensics examiners to evaluate the repercussions of these data sets on the gathering, analysis, and storage of evidence. No longer will it be possible to get a full bit-stream image of a device this big in under an hour. New techniques, tools, and standards need to be developed in order to cope with these growing trends. We are now at a crossroads in deciding whether we should take full disk images, or like a skilled surgeon, selectively carve out the necessary information; thus raising many legal questions including how to judge whether the information we are gathering is complete, accurate, reliable data. Also there exist other legal issues involving the scope of a warrant and how much data can be extracted and analyzed. In this situation, it now falls to the investigator to identify and collect the evidence rather than a tool or utility. Now we see an imperative shift from science to an art form where the skills and experiences that the investigator dictates how an investigation will unfold. No longer does a boilerplate answer exist, but rather a case-to-case sliding ruler has been developed. 2
3 DF Purpose: As digital investigators, we are now forced to ask ourselves many questions that we didn t have to ask ourselves 3 to 5 years ago regarding the imaging of a home or network computer. Now we are seeing home computers in the terabyte range and corporate networks that can be up to and even greater than 20 terabytes. When thinking about imaging devices of this size, we have to evaluate a couple of things: What will the effects of bring down the system have on the individuals? What are the financial implications of bringing down the system? Can the network support a bit-stream copy of the device? The answers to these questions are now being evaluated in order to decide how an investigation will unfold. In the past, it was possible to image a complete device and run the analysis in under an hour; however, this is no longer the case. We are now in an era where we have to decide whether or not to image over the network or locally. In most traditional forensics settings, it would be common practice to image the complete drive and then take that image back to the lab and use a tool to run a traditional analysis on the image. This would include signature analysis, and searching slack and unallocated space for information. Now when approaching an N-Terabyte system, the investigators will have to deviate from this normal operating procedure. We now have to ask ourselves if we can feasibly image an entire device with 10 terabytes of information. The truth being that we cannot image this device, nor can we run a complete analysis on the device that searches through all slack and unallocated space because the shear amount of time it takes to do so is enormous. We have to calculate the best way of addressing the issue in a timely fashion while balancing all other issues such as accuracy, money and the amount of intrusion we have on a cooperation which is trying to conduct business. State of Practice: It is necessary to preface this section by stating what kind of devices we would be looking to analyze VLDS. There are really no commercial products on the market that have a single disk that could support an n-terabyte system, so there are three storage devices that can support the sizes with relative ease. The most common is a RAID (redundant array of inexpensive disks) based devices. With a single control chip it is possible to create either a hardware or software RAID that has multiple disks linked together in a particular striping configuration. Secondly, there is a SAN (Storage Area Networks). Finally, there is a NAS (Network Attached Storage Devices). Each of these devices has certain characteristics such as proprietary emulation, and hardware specific interfaces that may add a level of complexity that would need to be addressed in a separate paper. [1] The current state of system analysis can best be centralized around the small desktop/workstation environment where the average size would be less than 40 GB. [1] These are comparatively small targets when comparing them to the terabyte sized data sets that we have to analyze now, thereby making large sets seem quite slow in 3
4 comparison. However, right now there is no standard way of approaching a system of this size. Tools There are no tools specifically geared toward the analysis of these systems or toward the preservation of these datasets. There are tools that may be able to support these higher sized drives, but with huge performance drawbacks. Tools such as EnCase Enterprise Edition and ProDiscover have the capability of reconstructing a Windows RAID natively; [1] however, there doesn t seem to be any benchmarks stating how long an acquisition of this size would take. Nevertheless, when non-windows based RAID arrays are present it necessitates another course of action. Specifically, this would involve imaging each disk in the device independently using basic forensic tools such as dd or Netcat, if an investigator were imaging over the network. Here an investigator may choose to write scripts to automate this process, but depending on the size this could still be quite lengthy. Another common way of dealing with VLDS is to extract only the data we want to use. The other possibility is to use tools such as dtsearch and Thunderstone that use advanced indexing algorithms to identify keywords within a VLDS and extract those specific files that meet the necessary criteria. Technical There really are three predominate physical modeling techniques that are available to the user [1]. We are forced to choose between using handled device images (running on a single device at average speeds of 1 GB/Min), field forensic workstations (running on average at 650 MB/Minute), or Ethernet connections (running at full 100-MG duplex speeds can reach the most computers simulations at speeds of 300MB/Minute). Gaps in Technology: There are many gaps in the technology when looking at the analysis of VLDS. First and foremost, there is the lack of standardization in policy, procedure and guidelines. There is no way of walking into a crime scene and determining the correct course of action. Right now, much of the analysis is done by instinct and experience - which is detrimental to new and inexperienced investigators that could potentially follow the wrong approaches and could contaminate the scene, taking far too long to create an analysis thus causing huge financial consequences, and possibly missing pertinent information are only a few problems that can arise from such practices. Second, there are no efficient tools that are specifically geared toward this magnitude of data. There is no efficient way of searching through all the data to return the results that you need. In many real world situations, this could mean the difference between life and death for someone. If one cannot access and retrieve the information in a timely matter, there can be huge impacts on the case, in terms of time, money and even the concentration of effort on a given case. In such cases, all of these efforts could be better utilized in other cases. Third, there is currently no way to preserve the evidence gathered. The likelihood for a smaller police department to have 20 terabytes of storage at their disposal for one case is quite unlikely. Additionally, if all 4
5 the data did somehow get analyzed there is no mechanism for storing the data in an evidence locker other than using DVDs, which would take approximately 30 days to create all 4229 DVD. 1 It would be totally unacceptable to constantly tie up a resource for every day for a month, for a single case. There is no way to support this kind of volume on a daily basis. State of Research: Currently there is limited research being done in this area of digital forensics. The majority of the work is concentrated around increasing the analysis by implementing a distributed systems approach. There are two separate efforts that I can find regarding the implementation of this new system. First, there is the work being done at New Mexico Tech. This approach proposes to create a distributed/cluster framework to analyze VLDS including traditional forensic analysis of the data, file carving, and network analysis all wrapped into an interactive visualized front end. The second implementation is being done at the University of New Orleans. The research being done there suggests that their preliminary solution supports imaging searching, RE searches, stenography detection and other operations via a user interface. Their preliminary results show that there is speedup well in excess of concurrency factors for IO and nearly linear speedup for CPU operations such as steganographic detection. [2] Beyond these two schools there is very little scholarly research that actually implements any advanced analysis techniques. Your ideas on what should be done now: The problem would be best addressed by creating a software suite that is able to analyze the information of data independent of each individual disk, allowing for distributed analysis. Developing this tool would be a huge step in the right direction for providing a framework to analyze these huge data sets. This tool would automate many of the processes that are currently being done by self-created scripts and intuition. Secondly, policy or procedure should be developed to create a solid framework of how to approach these types of problems. Finally, there needs to be some research and validation of partial extraction of digital forensics evidence. Currently there is neither case precedent nor forensic methodology to allow for the selective extraction of files and their introduction into the courts as evidence. If some methodology was adopted and accepted, it could allow for the potential data carving necessary to move through the copious amounts of data present in VLDS and thereby eliminate the need for whole disk imaging. This would save both time and resources. Future of practice/research: It is inevitable to develop a standard way of dealing with VLDS, as they get larger and larger and more visible in day-to-day activities. Once this standard is developed it will 1 The way that this in this case would be roughly 20,000/4.73 (20TB/Size_of_DVD)= 4229 DVD which at an average of 10 minutes to burn a DVD would take (4229*10)/60 = 705 hours or 30 days. 5
6 inevitably show the need for a tool development, which will finally cause our capitalist nature to kick in, and the spawning of a tool. Once the standard is adopted many of the questions that were raised in the paper will have to be analyzed and evaluated before incorporating them in some sort of NIST standard. Some potential research areas that may be explored and or developed include the distributed systems forensic analysis environment in order to adequately cope with the increasing sizes. One of the greatest benefits is the scalability. By using a distributed system, there would be a potential to follow the disk-size growth trends by just increasing the number of nodes or by moving toward a more sophisticated distributed system approach. There is the suggestion of creating a more sophisticated methodology of detecting evidence. [3] Carrier suggests that sifting through much of the images, data files, etc is a manual and time-consuming process. An automated way of detecting and categorizing the types of contraband is quite necessary when thinking about the amount of image and data files that could be in a 20 TB system. If there were some type of advanced algorithm that figured out what kinds of things stood out and fit the set criteria for contraband, it would at least allow for a quick analysis to find if the perpetrator had illicit data in their possession. The manual process for this could take months. Finally, there is a need for the development of a forensically sound approach to gathering live analysis of machines, specifically in the area of gathering cryptographic keys in main memory. [2] Overall, there are a lot of potential ways to improve the current system that need to be evaluated, implemented, and tested in the upcoming years. References [1] Brown, C.L.T., Computer Evidence: Collection and Preservation, Charles River Media, Hingham, MA, [2] Roussev, V. and Richard III, G.G. Next-Generation Digital Forensics. Communications of the ACM, V49,I2,2006 [3] Carrier, B and Spafford, E. Automated digital evidence target definition using outlier analysis and exiting evidence. In Proceedings of the 2005 Digital Forensic Research Workshop 6
Rapid Forensic Imaging of Large Disks with Sifting Collectors
DIGITAL FORENSIC RESEARCH CONFERENCE Rapid Forensic Imaging of Large Disks with Sifting Collectors By Jonathan Grier and Golden Richard Presented At The Digital Forensic Research Conference DFRWS 2015
More informationC HFI C HFI. EC-Council. EC-Council. Computer Hacking Forensic Investigator. Computer. Computer. Hacking Forensic INVESTIGATOR
Page: 1 TM C HFI Computer C HFI Computer Hacking Forensic INVESTIGATOR Hacking Forensic INVESTIGATOR TM v8 v8 Page: 2 Be the leader. Deserve a place in the CHFI certified elite class. Earn cutting edge
More informationCOMPUTER FORENSICS (CFRS)
Computer Forensics (CFRS) 1 COMPUTER FORENSICS (CFRS) 500 Level Courses CFRS 500: Introduction to Forensic Technology and Analysis. 3 credits. Presents an overview of technologies of interest to forensics
More informationCourse 832 EC-Council Computer Hacking Forensic Investigator (CHFI)
Course 832 EC-Council Computer Hacking Forensic Investigator (CHFI) Duration: 5 days You Will Learn How To Understand how perimeter defenses work Scan and attack you own networks, without actually harming
More informationTrends in Mobile Forensics from Cellebrite
Trends in Mobile Forensics from Cellebrite EBOOK 1 Cellebrite Survey Cellebrite is a well-known name in the field of computer forensics, and they recently conducted a survey as well as interviews with
More informationWhite Paper Digital Evidence Preservation and Distribution: Updating the Analog System for the Digital World July 2011
White Paper Digital Evidence Preservation and Distribution: Updating the Analog System for the Digital World July 2011 I. Introduction A majority of crimes committed today have a digital component, and
More informationSPECIAL ISSUE, PAPER ID: IJDCST-09 ISSN
Digital Forensics CH. RAMESH BABU, Asst.Proffessor, Dept. Of MCA, K.B.N.College, Vijayawada Abstract: The need for computer intrusion forensics arises from the alarming increase in the number of computer
More informationCyberSecurity Training and Capacity Building: A Starting Point for Collaboration and Partnerships. from the most trusted name in information security
CyberSecurity Training and Capacity Building: A Starting Point for Collaboration and Partnerships About SANS The SANS (SysAdmin, Audit, Network, Security) Institute Established in 1989 Cooperative research
More informationBalancing the pressures of a healthcare SQL Server DBA
Balancing the pressures of a healthcare SQL Server DBA More than security, compliance and auditing? Working with SQL Server in the healthcare industry presents many unique challenges. The majority of these
More informationNew Model for Cyber Crime Investigation Procedure
New Model for Cyber Crime Investigation Procedure * *Dept. of IT & Cyber Police, Youngdong University, Rep. of Korea ydshin@youngdong.ac.kr doi:10.4156/jnit.vol2.issue2.1 Abstract In this paper, we presented
More informationDigital Forensics Lecture 01- Disk Forensics
Digital Forensics Lecture 01- Disk Forensics An Introduction to Akbar S. Namin Texas Tech University Spring 2017 Digital Investigations and Evidence Investigation of some type of digital device that has
More informationForensic Toolkit System Specifications Guide
Forensic Toolkit System Specifications Guide February 2012 When it comes to performing effective and timely investigations, we recommend examiners take into consideration the demands the software, and
More informationWhen Recognition Matters WHITEPAPER CLFE CERTIFIED LEAD FORENSIC EXAMINER.
When Recognition Matters WHITEPAPER CLFE www.pecb.com CONTENT 3 4 5 6 6 7 7 8 8 Introduction So, what is Computer Forensics? Key domains of a CLFE How does a CLFE approach the investigation? What are the
More informationGlobal Alliance Against Child Sexual Abuse Online 2014 Reporting Form
Global Alliance Against Child Sexual Abuse Online 2014 Reporting Form MONTENEGRO Policy Target No. 1 Enhancing efforts to identify victims and ensuring that they receive the necessary assistance, support
More informationINTELLIGENCE DRIVEN GRC FOR SECURITY
INTELLIGENCE DRIVEN GRC FOR SECURITY OVERVIEW Organizations today strive to keep their business and technology infrastructure organized, controllable, and understandable, not only to have the ability to
More informationComputer Information Systems (CIS) CIS 105 Current Operating Systems/Security CIS 101 Introduction to Computers
Computer Information Systems (CIS) CIS 101 Introduction to Computers This course provides an overview of the computing field and its typical applications. Key terminology and components of computer hardware,
More informationOVERVIEW OF SUBJECT REQUIREMENTS
Course Bachelor of Information Technology (Network Security) Course Number HE20524 Location Meadowbank OVERVIEW OF SUBJECT REQUIREMENTS Note: This document is intended as a guide only. Enrolling students
More informationCOMPUTER FORENSICS THIS IS NOT CSI COLORADO SPRINGS. Frank Gearhart, ISSA Colorado Springs
COMPUTER FORENSICS THIS IS NOT CSI COLORADO SPRINGS Frank Gearhart, ISSA Colorado Springs TECHNOLOGY + INVESTIGATION + STORYTELLING Know the case Find the evidence Follow the facts Create the timeline
More informationDigital Cameras. An evaluation of the collection, preservation and evaluation of data collected from digital
Ronald Prine CSC 589 - Digital Forensics New Mexico Institute of Mining and Technology October 17, 2006 Digital Cameras Executive Summary An evaluation of the collection, preservation and evaluation of
More informationCOMPUTER HACKING Forensic Investigator
COMPUTER HACKING Forensic Investigator H.H. Sheik Sultan Tower (0) Floor Corniche Street Abu Dhabi U.A.E www.ictd.ae ictd@ictd.ae Course Introduction: CHFIv8 presents a detailed methodological approach
More informationBachelor of Information Technology (Network Security)
Course information for Bachelor of Information Technology (Network Security) Course Number HE20524 Location Meadowbank Course Design The Bachelor of Information Technology (Network Security) is a three-year
More informationComputer forensics Aiman Al-Refaei
Computer forensics Aiman Al-Refaei 29.08.2006 Computer forensics 1 Computer forensics Definitions: Forensics - The use of science and technology to investigate and establish facts in criminal or civil
More informationDigital Forensic Science: Ideas, Gaps and the Future. Dr. Joshua I. James
Digital Forensic Science: Ideas, Gaps and the Future Dr. Joshua I. James Joshua@cybercrimetech.com 2015-08-09 Overview Digital Forensic Science where are we now? Past Present Where are we going? Future
More informationFinancial CISM. Certified Information Security Manager (CISM) Download Full Version :
Financial CISM Certified Information Security Manager (CISM) Download Full Version : http://killexams.com/pass4sure/exam-detail/cism required based on preliminary forensic investigation, but doing so as
More informationCOMPUTER HACKING FORENSIC INVESTIGATOR (CHFI) V9
COMPUTER HACKING FORENSIC INVESTIGATOR (CHFI) V9 Course Code: 3401 Prepare for the CHFI certification while learning advanced forensics investigation techniques. EC-Council released the most advanced computer
More informationChapter 7 Forensic Duplication
Chapter 7 Forensic Duplication Ed Crowley Spring 11 Topics Response Strategies Forensic Duplicates and Evidence Federal Rules of Evidence What is a Forensic Duplicate? Hard Drive Development Forensic Tool
More informationDELL EMC DATA DOMAIN SISL SCALING ARCHITECTURE
WHITEPAPER DELL EMC DATA DOMAIN SISL SCALING ARCHITECTURE A Detailed Review ABSTRACT While tape has been the dominant storage medium for data protection for decades because of its low cost, it is steadily
More informationCYBERCRIME AS A NEW FORM OF CONTEMPORARY CRIME
FACULTY OF LAW DEPARTEMENT: CIVIL LAW MASTER STUDY THEME: CYBERCRIME AS A NEW FORM OF CONTEMPORARY CRIME Mentor: Prof. Ass. Dr. Xhemajl Ademaj Candidate: Abdurrahim Gashi Pristinë, 2015 Key words List
More informationCertified Information Systems Auditor (CISA)
Certified Information Systems Auditor (CISA) 1. Domain 1 The Process of Auditing Information Systems Provide audit services in accordance with IT audit standards to assist the organization in protecting
More informationAfter the Attack. Business Continuity. Planning and Testing Steps. Disaster Recovery. Business Impact Analysis (BIA) Succession Planning
After the Attack Business Continuity Week 6 Part 2 Staying in Business Disaster Recovery Planning and Testing Steps Business continuity is a organization s ability to maintain operations after a disruptive
More informationCHALLENGES IN MOBILE FORENSICS TECHNOLOGY, METHODOLOGY, TRAINING, AND EXPENSE
UDC 343.3/.7:340.6 Pregledni rad CHALLENGES IN MOBILE FORENSICS TECHNOLOGY, METHODOLOGY, TRAINING, AND EXPENSE American University in Bosnia & Herzegovina, BOSNIA & HERZEGOVINA, e-mail: edita.bajramovic@gmail.com
More informationQuantifying FTK 3.0 Performance with Respect to Hardware Selection
Quantifying FTK 3.0 Performance with Respect to Hardware Selection Background A wide variety of hardware platforms and associated individual component choices exist that can be utilized by the Forensic
More informationON THE SELECTION OF WRITE BLOCKERS FOR DISK ACQUISITION: A COMPARATIVE PRACTICAL STUDY
ON THE SELECTION OF WRITE BLOCKERS FOR DISK ACQUISITION: A COMPARATIVE PRACTICAL STUDY Mousa Al Falayleh College of Computer Info. Tech. American University in the Emirates Dubai, United Arab Emirates
More informationTHINGS YOU NEED TO KNOW BEFORE DELVING INTO THE WORLD OF DIGITAL EVIDENCE. Roland Bastin Partner Risk Advisory Deloitte
Inside magazine issue 16 Part 03 - From a risk and cyber perspective perspective Roland Bastin Partner Risk Advisory Deloitte Gunnar Mortier Senior Manager Risk Advisory Deloitte THINGS YOU NEED TO KNOW
More informationDATA RECOVERY FROM PROPRIETARY- FORMATTED CCTV HARD DISKS
Chapter 15 DATA RECOVERY FROM PROPRIETARY- FORMATTED CCTV HARD DISKS Aswami Ariffin, Jill Slay and Kim-Kwang Choo Abstract Digital video recorders (DVRs) for closed-circuit television (CCTV) commonly have
More information"Charting the Course... Certified Information Systems Auditor (CISA) Course Summary
Course Summary Description In this course, you will perform evaluations of organizational policies, procedures, and processes to ensure that an organization's information systems align with overall business
More informationPhishing Activity Trends Report October, 2004
Phishing Activity Trends Report October, 2004 Phishing is a form of online identity theft that uses spoofed emails designed to lure recipients to fraudulent websites which attempt to trick them into divulging
More informationOHLONE COLLEGE Ohlone Community College District OFFICIAL COURSE OUTLINE
OHLONE COLLEGE Ohlone Community College District OFFICIAL COURSE OUTLINE I. Description of Course: 1. Department/Course: CNET - 174 2. Title: Computer Forensics 3. Cross Reference: 4. Units: 3 Lec Hrs:
More informationThe commission communication "towards a general policy on the fight against cyber crime"
MEMO/07/199 Brussels, 22 May 2007 The commission communication "towards a general policy on the fight against cyber crime" The use of the term cyber crime in this communication There is no agreed definition
More informationHelping to Counter the Terrorist Threat using Face Recognition: Forensic Media Analysis Integrated with Live Surveillance Matching
Helping to Counter the Terrorist Threat using Face Recognition: Forensic Media Analysis Integrated with Live Surveillance Matching Against the backdrop of budget constraints, threats from terrorism, organised
More informationGujarat Forensic Sciences University
Gujarat Forensic Sciences University Knowledge Wisdom Fulfilment Cyber Security Consulting Services Secure Software Engineering Infrastructure Security Digital Forensics SDLC Assurance Review & Threat
More informationMAKING A COMEBACK: Everything You Need to Know About Backup and Disaster Recovery
MAKING A COMEBACK: Everything You Need to Know About Backup and Disaster Recovery Twin Cities Northern MN 1330 E. Superior St. Duluth, MN 55805 Phone: (218) 724-0600 It is a fact of life that, at some
More informationTopic Data carving, as defined by Digital Forensic Research Workshop is the process of
Chad Cravens 8/25/2006 DF Research Project 1 Data Carving Topic Data carving, as defined by Digital Forensic Research Workshop is the process of extracting a collection of data from a larger data set.
More informationAn Introduction to the Waratek Application Security Platform
Product Analysis January 2017 An Introduction to the Waratek Application Security Platform The Transformational Application Security Technology that Improves Protection and Operations Highly accurate.
More informationTop Ten Tips for Managing e-discovery Vendors
Top Ten Tips for Managing e-discovery Vendors Apr 03, 2013 Top Ten By Daniel B. Garrie This resource is sponsored by: By Daniel B. Garrie, Senior Managing Partner, Law & Forensics LLC, Thomson Reuters
More informationWHITE PAPER. Operationalizing Threat Intelligence Data: The Problems of Relevance and Scale
WHITE PAPER Operationalizing Threat Intelligence Data: The Problems of Relevance and Scale Operationalizing Threat Intelligence Data: The Problems of Relevance and Scale One key number that is generally
More informationMilestone Systems CERTIFICATION TEST REPORT Version /08/17
Milestone Systems CERTIFICATION TEST REPORT Version 2.0 02/08/17 Seagate Technologies 1 Table of Contents Summary... 3 Seagate Solution Architecture... 3 Data Protection Methodology... 3 Camera Configuration...
More informationGuide. A small business guide to data storage and backup
Guide A small business guide to data storage and backup 0345 600 3936 www.sfbcornwall.co.uk Contents Introduction... 3 Why is data storage and backup important?... 4 Benefits of cloud storage technology...
More informationComputer Information Systems (CIS) CIS 105 Current Operating Systems/Security CIS 101 Introduction to Computers
Computer Information Systems (CIS) CIS 101 Introduction to Computers This course provides an overview of the computing field and its typical applications. Key terminology and components of computer hardware,
More informationGlobal Alliance Against Child Sexual Abuse Online 2014 Reporting Form
Global Alliance Against Child Sexual Abuse Online 2014 Reporting Form CROATIA Policy Target No. 1 Enhancing efforts to identify victims and ensuring that they receive the necessary assistance, support
More informationTelecom Italia response. to the BEREC public consultation on
Telecom Italia response to the BEREC public consultation on Guidelines on Net Neutrality and Transparency: Best practise and recommended approaches - BOR (11) 44 (2 November 2011) Telecom Italia response
More informationThe Forensic Chain-of-Evidence Model: Improving the Process of Evidence Collection in Incident Handling Procedures
The Forensic Chain-of-Evidence Model: Improving the Process of Evidence Collection in Incident Handling Procedures Atif Ahmad Department of Information Systems, University of Melbourne, Parkville, VIC
More informationToward an Automated Future
2017 State of the Network Engineer: Toward an Automated Future netbraintech.com Executive Summary Today s enterprises have reached a tipping point when it comes to network management. Networks are growing
More informationIntroduction to Computer Forensics
Introduction to Computer Forensics Subrahmani Babu Scientist- C, Computer Forensic Laboratory Indian Computer Emergency Response Team (CERT-In) Department of Information Technology, Govt of India. babu_sivakami@cert-in.org.in
More informationThe Microsoft Large Mailbox Vision
WHITE PAPER The Microsoft Large Mailbox Vision Giving users large mailboxes without breaking your budget Introduction Giving your users the ability to store more email has many advantages. Large mailboxes
More informationInformation Security Incident Response Plan
Information Security Incident Response Plan Purpose It is the objective of the university to maintain secure systems and data. In order to comply with federal, state, and local law and contractual obligations,
More informationChapter 7 Forensic Duplication
Chapter 7 Forensic Duplication Ed Crowley Spring 10 Topics Response Strategies Forensic Duplicates and Evidence Federal Rules of Evidence What is a Forensic Duplicate? Hard Drive Development Forensic Tool
More informationTo scope this project, we selected three top-tier biomedical journals that publish systematic reviews, hoping that they had a higher standard of
1 Here we aim to answer the question: Does searching more databases add value to the systematic review. Especially when considering the time it takes for the ENTIRE process, the resources available like
More informationNATIONAL INSTITUTE OF FORENSIC SCIENCE
NATIONAL INSTITUTE OF FORENSIC SCIENCE LEGISLATIVE OUTLINE National Institute of Forensic Sciences (NIFS) The NIFS will be responsible for the coordination, administration, and oversight of all of the
More informationWhen, Where & Why to Use NoSQL?
When, Where & Why to Use NoSQL? 1 Big data is becoming a big challenge for enterprises. Many organizations have built environments for transactional data with Relational Database Management Systems (RDBMS),
More informationINCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Unauthorized Access
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More informationAdvanced IT Risk, Security management and Cybercrime Prevention
Advanced IT Risk, Security management and Cybercrime Prevention Course Goal and Objectives Information technology has created a new category of criminality, as cybercrime offers hackers and other tech-savvy
More informationEmerging Trends in Records Management Technology. Jessie Weston, CRA 2018 MISA Conference October 11-12, 2018
Emerging Trends in Records Management Technology Jessie Weston, CRA 2018 MISA Conference October 11-12, 2018 The Paperless World Source: Le Trefle ad (2013) Emerging Trends in Records Management Technology
More informationEMC ACADEMIC ALLIANCE
EMC ACADEMIC ALLIANCE Preparing the next generation of IT professionals for careers in virtualized and cloud environments. Equip your students with the broad and deep knowledge required in today s complex
More informationSecurity is one of the biggest concerns today. Ever since the advent of the 21 st century, the world has been facing several challenges regarding the
Security is one of the biggest concerns today. Ever since the advent of the 21 st century, the world has been facing several challenges regarding the security of people, economy, and infrastructure. One
More informationINCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Data Theft
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More informationNext Generation Privilege Identity Management
White Paper Next Generation Privilege Identity Management Nowadays enterprise IT teams are focused on adopting and supporting newer devices, applications and platforms to address business needs and keep
More informationEndpoint Security and Virtualization. Darren Niller Product Management Director May 2012
Endpoint Security and Virtualization Darren Niller Product Management Director May 2012 Table of contents Introduction... 3 Traditional Security Approach: Counteracts Virtual Performance Gains... 3 Agent-less
More informationComprehensive Study on Cybercrime
Federal Ministry of Justice and 17 August 2016 Consumer Protection German Comments on the Comprehensive Study on Cybercrime (Draft February 2013) The United Nations Office on Drugs and Crime (UNODC) invited
More informationStrong Consistency versus Weak Consistency
Enterprise Strategy Group Getting to the bigger truth. White Paper Strong Consistency versus Weak Consistency Why You Should Start from a Position of Strength By Terri McClure, ESG Senior Analyst August
More informationSOFTWARE-DEFINED NETWORKING WHAT IT IS, AND WHY IT MATTERS
SOFTWARE-DEFINED NETWORKING WHAT IT IS, AND WHY IT MATTERS When discussing business networking and communications solutions, the conversation seems invariably to revolve around cloud services, and more
More informationPANASAS TIERED PARITY ARCHITECTURE
PANASAS TIERED PARITY ARCHITECTURE Larry Jones, Matt Reid, Marc Unangst, Garth Gibson, and Brent Welch White Paper May 2010 Abstract Disk drives are approximately 250 times denser today than a decade ago.
More informationRSA Enterprise Compromise Assessment Tool (ECAT) Date: January 2014 Authors: Jon Oltsik, Senior Principal Analyst and Tony Palmer, Senior Lab Analyst
ESG Lab Review RSA Enterprise Compromise Assessment Tool (ECAT) Date: January 2014 Authors: Jon Oltsik, Senior Principal Analyst and Tony Palmer, Senior Lab Analyst Abstract: This ESG Lab review documents
More informationA Practical Guide to Cost-Effective Disaster Recovery Planning
White Paper PlateSpin A Practical Guide to Cost-Effective Disaster Recovery Planning Organizations across the globe are finding disaster recovery increasingly important for a number of reasons. With the
More informationCertification. Forensic Certification Management Board. Robert J. Garrett, Director
Certification Forensic Certification Management Board Robert J. Garrett, Director Crime Lab Accreditation and Certification Essentials National Clearinghouse for Science, Technology, and the Law What is
More informationGlobal Cybercrime Certification
Global Cybercrime Certification Yves Vandermeer ECTEG chair yves.vandermeer@ Way to a new IT crime ecosystem Standard Operation Procedures and Education docs ACPO - Good Practice Guide For Digital Evidence
More informationSAULT COLLEGE OF APPLIED ARTS AND TECHNOLOGY SAULT STE. MARIE, ONTARIO COURSE OUTLINE
SAULT COLLEGE OF APPLIED ARTS AND TECHNOLOGY SAULT STE. MARIE, ONTARIO COURSE OUTLINE COURSE TITLE: CODE NO. : SEMESTER: Fall 2011 PROGRAM: AUTHOR: Computer Engineering Technologist - Networking Dan Kachur
More informationNotes & Lessons Learned from a Field Engineer. Robert M. Smith, Microsoft
Notes & Lessons Learned from a Field Engineer Robert M. Smith, Microsoft SNIA Legal Notice The material contained in this tutorial is copyrighted by the SNIA. Member companies and individual members may
More informationIntroduction to TCP/IP Offload Engine (TOE)
Introduction to TCP/IP Offload Engine (TOE) Version 1.0, April 2002 Authored By: Eric Yeh, Hewlett Packard Herman Chao, QLogic Corp. Venu Mannem, Adaptec, Inc. Joe Gervais, Alacritech Bradley Booth, Intel
More informationCertified Cyber Security Analyst VS-1160
VS-1160 Certified Cyber Security Analyst Certification Code VS-1160 Vskills certification for Cyber Security Analyst assesses the candidate as per the company s need for cyber security and forensics. The
More informationArchitecting Storage for Semiconductor Design: Manufacturing Preparation
White Paper Architecting Storage for Semiconductor Design: Manufacturing Preparation March 2012 WP-7157 EXECUTIVE SUMMARY The manufacturing preparation phase of semiconductor design especially mask data
More informationDIS10.3:CYBER FORENSICS AND INVESTIGATION
DIS10.3:CYBER FORENSICS AND INVESTIGATION ABOUT DIS Why choose Us. Data and internet security council is the worlds top most information security certification body. Our uniquely designed course for information
More informationField Update Expanded Deduplication Sizing Guidelines. Oct 2015
Field Update Expanded Deduplication Sizing Guidelines Oct 2015 As part of our regular service pack updates in version 10, we have been making incremental improvements to our media and storage management
More informationHelix3 Enterprise Whitepaper
2009 Helix3 Enterprise Whitepaper Drew Fahey e-fense, Inc February 16, 2009 9200 E. Panorama Cir Suite 120 Centennial, CO 80112 800.793.8205 720.554.0890 Contents Introduction... 3 Defense-In-Depth - False
More informationANALYSIS AND VALIDATION
UNIT V ANALYSIS AND VALIDATION Validating Forensics Objectives Determine what data to analyze in a computer forensics investigation Explain tools used to validate data Explain common data-hiding techniques
More informationChapter 1. Storage Concepts. CommVault Concepts & Design Strategies: https://www.createspace.com/
Chapter 1 Storage Concepts 4 - Storage Concepts In order to understand CommVault concepts regarding storage management we need to understand how and why we protect data, traditional backup methods, and
More informationभ रत य ररज़र व ब क. Setting up and Operationalising Cyber Security Operation Centre (C-SOC)
Annex-2 Setting up and Operationalising Cyber Security Operation Centre (C-SOC) Introduction 1 - Banking Industry in India has evolved technologically over the years and currently delivering innovative
More informationSpecifying Storage Servers for IP security applications
Specifying Storage Servers for IP security applications The migration of security systems from analogue to digital IP based solutions has created a large demand for storage servers high performance PCs
More informationSOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT
RSA ARCHER IT & SECURITY RISK MANAGEMENT INTRODUCTION Organizations battle growing security challenges by building layer upon layer of defenses: firewalls, antivirus, intrusion prevention systems, intrusion
More informationSM L04 Veritas Operations Manager Advanced 4.0 RU1: Optimize Your Heterogeneous Storage Environment Hands-On Lab Description
SM L04 Veritas Operations Manager Advanced 4.0 RU1: Optimize Your Heterogeneous Storage Environment Hands-On Lab Description Veritas Operations Manager Advanced (VOM Advanced) is a comprehensive discovery
More informationCOMPUTER SYSTEMS. Section 1
COMPUTER SYSTEMS Section 1 BITS AND BYTES In order for information to flow through a computer system and be in a form suitable for processing, all symbols, pictures, or words must be reduced to a string
More informationContinuous Processing versus Oracle RAC: An Analyst s Review
Continuous Processing versus Oracle RAC: An Analyst s Review EXECUTIVE SUMMARY By Dan Kusnetzky, Distinguished Analyst Most organizations have become so totally reliant on information technology solutions
More information5.11 Parallelism and Memory Hierarchy: Redundant Arrays of Inexpensive Disks 485.e1
5.11 Parallelism and Memory Hierarchy: Redundant Arrays of Inexpensive Disks 485.e1 5.11 Parallelism and Memory Hierarchy: Redundant Arrays of Inexpensive Disks Amdahl s law in Chapter 1 reminds us that
More informationInformation Security Incident Response Plan
Information Security Incident Response Plan Purpose It is the objective of the university to maintain secure systems and data. In order to comply with federal, state, and local law and contractual obligations,
More informationPERSON SPECIFICATION. Cyber PROTECT Officer. Job Title: Status: Established
PERSON SPECIFICATION Area: Crime and Intelligence Directorate Job Title: Cyber PROTECT Officer Weekly Hours: Section: CAID Scale: Grade 6 Version: 1.2 Post No: GI080 Status: Established Version Date: 37
More informationCompTIA Advanced Security Practitioner (CASP) (Exam CAS-001)
CompTIA Advanced Security Practitioner (CASP) (Exam CAS-001) Course Outline Course Introduction Course Introduction Lesson 01 - The Enterprise Security Architecture Topic A: The Basics of Enterprise Security
More information12 Minute Guide to Archival Search
X1 Technologies, Inc. 130 W. Union Street Pasadena, CA 91103 phone: 626.585.6900 fax: 626.535.2701 www.x1.com June 2008 Foreword Too many whitepapers spend too much time building up to the meat of the
More informationQLIKVIEW SCALABILITY BENCHMARK WHITE PAPER
QLIKVIEW SCALABILITY BENCHMARK WHITE PAPER Measuring Business Intelligence Throughput on a Single Server QlikView Scalability Center Technical White Paper December 2012 qlikview.com QLIKVIEW THROUGHPUT
More informationMFP: The Mobile Forensic Platform
MFP: The Mobile Forensic Platform Abstract Digital forensics experts perform investigations of machines for triage to see if there is a problem, as well as to gather evidence and run analyses. When the
More informationIncident Response Services to Help You Prepare for and Quickly Respond to Security Incidents
Services to Help You Prepare for and Quickly Respond to Security Incidents The Challenge The threat landscape is always evolving and adversaries are getting harder to detect; and with that, cyber risk
More information