Cross Drive Analysis: A New Analytic Approach for Massive Data Sets
|
|
- Stephanie Johnston
- 5 years ago
- Views:
Transcription
1 Cross Drive Analysis: A New Analytic Approach for Massive Data Sets Simson L. Garfinkel, Ph.D. Consulting Scientist, Basis Technology Thursday, June 7, 2007 Basis Technology Government Users Conference Washington, DC
2 Computer Forensics Today: Tools for finding hidden data. Recover deleted files Detect child pornography Search archives Reconstruct timelines June 2007 S M T W T F S ! "! # $ % & % ' ( ) ' * & +, - % &. $ ' ' ' 2 ( " % 6 #. & " 5 ' 76",'89:';<<;' 3!5,',%=;' & " '. /, '!.. ( - ", $ ' 0 ( - 1 ) ( - 2, ' '!! "#$!%$&'()*$+)!,-..$(,!.(/*!'+!"#$%&'($)&!*(+$#!,&-.(,/&-!+$#$0&+&#)!"#1,$-),(/)(,&0!! "#$($!1,!213$,&($'3!&$(4$&)1/+5!$,&$41'667!'*/+8!*1+/(1)1$,5!)#')!9:!&('4)14$,!6'4;! )('+,&'($+470!!"#1,!($,-6),!1+!'))/(+$7,!&$(4$1<1+8!)#')!&('4)14$,!'($!-+.'1(0!!"#$!%$&'()*$+)!3/$,! +/)!$*&#',1=$!4'($$(!3$<$6/&*$+)5!'+3!)//6,!./(!&$(./(*'+4$!'&&('1,'6!'($!3$.141$+)0!!>,!'! ($,-6)5!'))/(+$7,!41)$!&//(!?&$/&6$!*'+'8$*$+)@!A7!,-&$(<1,/(,0!! 2&/)".#!3*"&1-!$,&!$#!&4),&+&56!/,")"/$5!&5&+&#)!/.!)#$!%$&'()*$+)B,!31<$(,1)7!461*')$0!!"#$7! #'<$!, '+)!'-)#/(1)7!1+!($4(-1)*$+)5!#1(1+85!&(/*/)1/+5!&$(./(*'+4$!'&&('1,'65!4',$! ',,18+*$+)5!'+3!4'($$(!3$<$6/&*$+)0!!"#$!C$4)1/+!D#1$.!2/(;./(4$!1,!+/)!31<$(,$!'+3!)-(+/<$(!1,! 6/20!!"#1,!&'))$(+5!4/*A1+$3!21)#!)#$!8$+$('667!6/2!'))$+)1/+!)#')!)#$,$!*'+'8$(,!&'7!)/!,)'..! 4'($$(!3$<$6/&*$+)5!6$'3,!*1+/(1)1$,!)/!&$(4$1<$!'!6'4;!/.!'3<'+4$*$+)!/&&/()-+1)1$,0!! "#$!%$&'()*$+)B,!'))/(+$7!2/(;./(4$!1,!+.,&!%"7&,-&!)*$#!)*&!8929!5&0$5!:.,;1.,/&E!!FGH!.$*'6$5!4/*&'($3!)/!FIH!1+!)#$!J0C0!6$8'6!6'A/(!&//65!'+3!KLH!*1+/(1)75!4/*&'($3!)/!KMH!1+! )#$!6'A/(!&//60!!"#$!%$&'()*$+)B,!'))/(+$7!2/(;./(4$!1,!'A/-)!$-!%"7&,-&!$-!)*&!1&%&,$5! 0.7&,#+&#)!5&0$5!:.,;1.,/&5!2#/,$!'))/(+$7,!'($!FGH!.$*'6$!'+3!KNH!*1+/(1)70!! <","#0!"-!-&,7"#0!).!+$;&!)*&!=&>$,)+&#)!&7&#!+.,&!%"7&,-&E!!#1($,!1+!MIIK!2$($!OIH!.$*'6$! '+3!MKH!*1+/(1)70!!P+!&'()14-6'(5!)*&!?)).,#&6!@&#&,$5A-!<.#.,-!B,.0,$+!"-!$#!"+>.,)$#)! )..5!./(!1+4($',1+8!31<$(,1)70!!9/+/(,!Q(/8('*!#1($,!1+!MIIK!2$($!NFH!.$*'6$5!4/*&'($3!)/!OLH! /.!)#$!6'2!,4#//6!8('3-')1+8!46',,5!'+3!FIH!*1+/(1)75!4/*&'($3!)/!MKH!/.!)#$!46',,!/.!MIIK0!! R1+/(1)1$,!'($!-"0#"1"/$#)56!(#%&,C,&>,&-&#)&%!"#!+$#$0&+&#)!,$#;-0!!"#$7!4/*&(1,$!/+67! SH!/.!T4'($$(U!CVC!'))/(+$7,!'+3!KKH!/.!,-&$(<1,/(7!>,,1,)'+)!J0C0!>))/(+$7,0!!W/*$+! 4/+,)1)-)$!FKH!/.!CVC,!'+3!FSH!/.!,-&$(<1,/(7!>JC>,0!!>*/+8!XCYKL!'))/(+$7,!1+!)#$! Z1)18')1+8!%1<1,1/+,5!*1+/(1)1$,!4/*&(1,$!KKH!/.!+/+Y,-&$(<1,/(,!'+3!NH!/.!,-&$(<1,/(,5!'+3! 2/*$+!4/*&(1,$!FSH!/.!+/+Y,-&$(<1,/(,!'+3!FFH!/.!,-&$(<1,/(,0!! D"#.,")"&-!$,&!-(E-)$#)"$556!+.,&!5";&56!).!5&$7&!)*&!=&>$,)+&#)!)*$#!:*")&-0!!P+!MIIK5!)#$! '))(1)1/+!(')$!2',!O[H!#18#$(!'*/+8!*1+/(1)1$,!)#'+!2#1)$,0!!"#$($!2',!+/!31..$($+4$!1+!($4$+)! '))(1)1/+!A$)2$$+!*$+!'+3!2/*$+0!! "#$($!'($!'6,/!,)')1,)14'667!-"0#"1"/$#)!,$/&!$#%F.,!0&#%&,!&11&/)-!/+!'!+-*A$(!/.!9:!/-)4/*$,5! !,)'()1+8!8('3$5!4-(($+)!8('3$5!&(/*/)1/+,5!'+3!4/*&$+,')1/+0!!\/(!$]'*&6$5!)#$!'<$('8$! *1+/(1)7!XC!'))/(+$7!1,!4-(($+)67!I0O!,)$&,!6/2$(!)#'+!)#$!'<$('8$!2#1)$5!'+3!)#$!'<$('8$!2/*'+! 1,!I0F!,)$&,!6/2$(!)#'+!)#$!'<$('8$!*'+5!4/+)(/661+8!./(!,$+1/(1)75!8('3$5!'+3!4/*&/+$+)0!! ^',$3!/+!)#$,$! ,5!2$!($4/**$+3!)#')!)#$!%$&'()*$+)!)';$!)#$!./66/21+8!'4)1/+,E!! G4&,/"-&!?@C!$#%!=?@C5&7&5!5&$%&,-*">!)/!,)($,,!)#$!1*&/()'+4$!/.!31<$(,1)7!'+3!)#$1(! 4/**1)*$+)!)/!1)0!!Q-A61467!4/**1)!)#$!%$&'()*$+)!)/!&'(1)7!A/)#!1+!31<$(,1)7!/-)4/*$,!T$0805! 4/*&'('A6$!($&($,$+)')1/+!')!'66!6$<$6,U!'+3!1+!'))1)-3$,!T$0805!_/A!,')1,.'4)1/+U!'*/+8!'66! 3$*/8('!8(/-&,0!!P3$+)1.7!6$<$(,!./(!4#'+8$5!./4-,1+8!/+!>>X,!T2#/!'($!31<$(,$U!'+3! C$4)1/+!D#1$.,0!!P*&6$*$+)!)('1+1+8!/.!6$'3$(,!)/!13$+)1.7!)#$1(!(/6$!1+!,#'&1+8!2/(;!461*')$! 1,,-$,!'+3!1+!$..$4)-')1+8!4#'+8$0!!!
3 Today s tools follow the Rule Of One
4 Today s tools follow the Rule Of One One Drive
5 Today s tools follow the Rule Of One One Drive One Investigator
6 Today s tools follow the Rule Of One One Drive One Investigator One Program
7 Today s tools follow the Rule Of One One Drive One Investigator One Program One Result
8 Drives have no use when the investigation is over.
9 Drives have no use when the investigation is over. Bad guy goes to prison
10 Drives have no use when the investigation is over. Bad guy goes to prison Hard drive goes to storage
11 Today s tools fail when confronted with hundreds of drives. Where do you start?
12 Today s tools fail when confronted with hundreds of drives. Where do you start? Which of these drives are connected?
13 Cross Drive Analysis is a new approach CDA automatically identifies patterns and relationship in data by correlating pseudounique information.
14 Cross Drive Analysis is a new approach CDA automatically identifies patterns and relationship in data by correlating pseudounique information.
15 Cross Drive Analysis is a new approach CDA automatically identifies patterns and relationship in data by correlating pseudounique information. Most Important Drives
16 Cross Drive Analysis is a new approach CDA automatically identifies patterns and relationship in data by correlating pseudounique information. Most Important Drives Previously Unknown Social Network
17 Cross Drive Analysis is a new approach CDA automatically identifies patterns and relationship in data by correlating pseudounique information. Most Important Drives Previously Unknown Social Network
18 Cross Drive Analysis is a new approach CDA automatically identifies patterns and relationship in data by correlating pseudounique information. Most Important Drives Previously Unknown Social Network Probable Network Member
19 Pseudounique Information: rare patterns that mean something Credit card numbers addresses Names Physical Addresses Document fingerprints Disk sector fingerprints Adobe Acrobat Files Blocks of encrypted data Encryption keys etc...
20 The Drives Project started in I purchased this computer for $10 from a local computer store.... it had been a law firm s file server.
21 The computer s hard drive had not been wiped. The hard drive had: Wills Contracts Bills Correspondence More...
22 I started buying lots of used hard drives Drives purchased on ebay & at used computer stores Each disk imaged.... and then I had 250 drives images stored on a RAID array.
23 Design Principles and Patterns for Computer Systems That Are Simultaneously Secure and Usable by Simson L. Garfinkel S.B., Massachusetts Institute of Technology (1987) S.B., Massachusetts Institute of Technology (1987) S.B., Massachusetts Institute of Technology (1987) M.S., Columbia University (1988) Submitted to the Department of Electrical Engineering and Computer Science in partial fulfillment of the requirements for the degree of Doctor of Philosophy in Computer Science and Engineering at the MASSACHUSETTS INSTITUTE OF TECHNOLOGY May 2005 c Simson L. Garfinkel, MMV. All rights reserved. The author hereby grants to MIT permission to reproduce and distribute publicly paper and electronic copies of this thesis document in whole or in part. Author Department of Electrical Engineering and Computer Science May 16, 2005 Certified by David D. Clark Senior Research Scientist Thesis Supervisor Certified by Robert C. Miller Assistant Professor Thesis Supervisor Accepted by A. C. Smith Professor Chair, Committee on Graduate Students Until 2005, we studied sanitization practices. Then we started working on cross drive analysis. Drives in Corpus at Year s End 1,500 1,
24 We discovered cross drive analysis because we were looking for credit card numbers... We were interested in showing that sensitive information had been left behind on hard drives. We wrote a Credit Card Number detector offset 554,553,664 CCN Detector offset 43,332,334, offset 6,334,877,809 Bulk Data...
25 CCN Detector: written in flex and C++ Disk #105: Test # pass pattern 3857 Known prefixes 90 CCV1 43 patterns & histogram 38 Sample output: 'CHASE NA 'DISCOVER 'GE CARD BANK ONE 'NORWEST 'SNB CARD pos= pos= pos= pos= pos= pos=
26 Most drives had just a few, but some drives had a lot of credit card numbers. 40, , 000 Unique CCNs Total CCNs 20, ,
27 Six drives had more than 400 credit card numbers: 40, , , , 000 Unique CCNs Total CCNs Drive # CCNS 1356 unique Drive # CCNS 286 unique Drive # CCNS unique Drive # CCNS 827 unique Drive # CCNS 498 unique Drive # CCNS 223 unique Drive # CCNS 81 unique 200 0
28 Six drives had more than 400 credit card numbers: 40, , , , 000 Unique CCNs Total CCNs Drive # CCNS 1356 unique Drive # CCNS 286 unique Drive # CCNS unique Drive # CCNS 827 unique Drive # CCNS 498 unique Drive # CCNS 223 unique Drive # CCNS 81 unique Supermarket Software Vendor ATM Medical Center Auto Dealership State Secretary's Office
29 We traced 20 drives back to their former owners. While tracing back the drives, we discovered CDA Drive Attribution.
30 Drive Attribution is statistical technique for identifying the former owner of a disk drive. Applications for Drive Attribution: Re-identifying captured drives Return of stolen property Recovering from clerical errors Hard drives usually aren t labeled with their owner s name!
31 Drive Attribution is statistical technique for identifying the former owner of a disk drive. Applications for Drive Attribution: Re-identifying captured drives Return of stolen property Recovering from clerical errors Hard drives usually aren t labeled with their owner s name!
32 What would it mean if two drives had a lot of credit card numbers in common? 10,000 CCNs 500 CCNs 6,000 CCNs 400 CCNs 300 CCNs CCN1 CCN2 CCN3 CCN4 CCN5 CCN6... CCN1 CCN2 CCN3 CCN4 CCN5 CCN CCNs in common!
33 Perhaps the owner of one drive sent an with CCNs to the other drive. CCN1 CCN2 CCN3 CCN4 CCN5 CCN6... CCN1 CCN2 CCN3 CCN4 CCN5 CCN6...
34 Perhaps both owners received an message from a third party. CCN1 CCN2 CCN3 CCN4 CCN5 CCN6... CCN1 CCN2 CCN3 CCN4 CCN5 CCN6...
35 Cross Drive Analysis (CDA) computes the correlation matrix of the pseudounique information. first drive second drive
36 Cross Drive Analysis (CDA) computes the correlation matrix of the pseudounique information. first drive second drive High correlation indicates likely extrinsic relationship
37 Here is a correlation of CCNs on the first 250 drives:
38 Here is a correlation of CCNs on the first 250 drives: Same Community College Drives #74 x #77 25 CCNS in common Drives #171 & # CCNS in common Same Medical Center Same Car Dealership Drives #179 & # CCNS in common
39 Used hard drives are a laboratory model. With used drives from America I don t have to worry about the language issue...
40 Used hard drives are a laboratory model. With used drives from America I don t have to worry about the language issue...
41 Initial experience with Cross Drive Analysis. CDA requires pseudo-unique features: CCNs and other financial information Transliterated names addresses, Message-IDs Sector fingerprints Encrypted data Same Community College Drives #74 x #77 25 CCNS in common Same Car Dealership Drives #179 & #206 Drives #171 & # CCNS 13 CCNS in common in common Same Medical Center CDA Process: 1. Extract features 2. Correlate O(n 2 ) 3. Generate Report
42 Cross Drive Analysis: Initial Results Feature Extraction: I/O bound with raw disk images CPU bound with AFF-compressed images (50% better than EnCase) 1-6 GB/hour on a 1.5Ghz 64Bit AMD Athlon Can be run in parallel Took 3 weeks to extract 400 drives Can be done incrementally, as new drives are acquired
43 Cross Drive Analysis: Initial Results Cross Drive Correlation is a memory-bound problem. Tests with 750 drives, 5.8M features, on 1.5Ghz machine with 2GB of RAM: First Implementation: Python Python process grew to 2GB with 100% CPU utilization Python process continued to grow with 1% CPU utilization. Never finished Second Implementation: Highly optimized C++ Process grew to 700MB, then correlation started. Correlation finished in 30 minutes
44 Cross Drive Analysis: Next Generation We have designed a system that uses scalable storage and computation. Cost for analyzing 10,000 drives: $50,000 (guess?)
45 New research: Using Bloom Filters for Cross Drive Analysis A123 B544 B655 C332 Bloom Filter Loading the Bloom Filter Probing the Bloom Filter A123? Bloom YES K552? Filter NO
46 A practical CDA system could have a Bloom Filter for each organization of interest * New information could be automatically screened as it is acquired.
47 Cross Drive Analysis: Status Research Today. Integrate into other forensic applications: Odyssey Plug-in for other vendors Offer CDA as a stand-alone facility Sell CDA as a service. Target customers: Intelligence Law Enforcement Internal Investigations... anyone with more than 100 drives.
Trouble with transactions. Evan Jones
Trouble with transactions Evan Jones http://evanjones.ca A love story A short love story I Afell in short love story love with transactions with transactions Transactions = correct programs A four year
More informationBC31: A Case Study in the Battle of Storage Management. Scott Kindred, CBCP esentio Technologies
BC31: A Case Study in the Battle of Storage Management Scott Kindred, CBCP esentio Technologies Agenda Background The plan Phase 1: Needs analysis Phase 2: Design Phase 3: Procurement & implementation
More informationCSN08101 Digital Forensics. Module Leader: Dr Gordon Russell Lecturers: Robert Ludwiniak
CSN08101 Digital Forensics Lecture 6: Acquisition Module Leader: Dr Gordon Russell Lecturers: Robert Ludwiniak Objectives Storage Formats Acquisition Architecture Acquisition Methods Tools Data Acquisition
More informationOpenText Buys Guidance Software
OpenText Buys Guidance Software September 14, 2017 NASDAQ: OTEX TSX: OTEX Safe Harbor Statement Certain statements in this presentation, including statements regarding OpenText's plans, objectives, expectations
More informationViews, Reactions and Impact of Digitally-Signed Mail in e-commerce.
Views, Reactions and Impact of Digitally-Signed Mail in e-commerce Simson L. Garfinkel (MIT) Jeffrey I. Schiller (MIT) Erik Nordlander (MIT) David Margrave (Amazon.com) Robert C. Miller (MIT) http://www.simson.net/smime-survey.html/
More informationHealthcare Independent Health Jeremy Walczak
Healthcare Independent Health Jeremy Walczak Taking a cue from banks, a health system boosts its information security. That s great news for 400,000 members. 34 Independent Health Jeremy Walczak Healthcare
More informationThe State of Privacy in Washington State. August 16, 2016 Alex Alben Chief Privacy Officer Washington
The State of Privacy in Washington State August 16, 2016 Alex Alben Chief Privacy Officer Washington I. The Global Privacy Environment Snowden Revelations of NSA surveillance International relations EU
More informationCOS 318: Operating Systems. File Systems. Topics. Evolved Data Center Storage Hierarchy. Traditional Data Center Storage Hierarchy
Topics COS 318: Operating Systems File Systems hierarchy File system abstraction File system operations File system protection 2 Traditional Data Center Hierarchy Evolved Data Center Hierarchy Clients
More informationSpecimen. Date Morning/Afternoon Time allowed: 1 hour 30 minutes. GCSE (9 1) Computer Science J276/01 Computer Systems Sample Question Paper
GCSE (9 1) Computer Science J276/01 Computer Systems Sample Question Paper Date Morning/Afternoon Time allowed: 1 hour 30 minutes You may not use: a calculator First name Last name Centre number Candidate
More informationBy accessing your Congressional Federal Credit Union account(s) electronically with the use of Online Banking through a personal computer or any other
CONGRESSIONAL FEDERAL CREDIT UNION ELECTRONIC CORRESPONDENCE DISCLOSURE & AGREEMENT Please read this information carefully and print a copy and/or retain this information electronically for your records.
More informationROJECT ANAGEMENT PROGRAM AND COURSE GUIDE
ROJECT ANAGEMENT PROGRAM AND COURSE GUIDE PROJECT MANAGEMENT CERTIFICATE PROGRAM Further your career and gain an understanding of what it takes to lead a project to successful completion functional skills,
More informationPrivacy Policy. Effective date: 21 May 2018
Privacy Policy Effective date: 21 May 2018 We at Meetingbird know you care about how your personal information is used and shared, and we take your privacy seriously. Please read the following to learn
More informationStorage and File System
COS 318: Operating Systems Storage and File System Andy Bavier Computer Science Department Princeton University http://www.cs.princeton.edu/courses/archive/fall10/cos318/ Topics Storage hierarchy File
More informationTELSTRA CLOUD SERVICES CLOUD INFRASTRUCTURE PRICING GUIDE UNITED KINGDOM
TELSTRA CLOUD SERVICES CLOUD INFRASTRUCTURE PRICING GUIDE UNITED KINGDOM WELCOME TO TELSTRA CLOUD SERVICES Our cloud infrastructure solutions are made up of a combination of scalable cloud resources, including
More informationNumaStore Preclinical FAQ
NumaStore Preclinical FAQ 1. What is NumaStore Preclinical? 2. How does NumaStore Preclinical work with Inveon? 3. What data types does NumaStore Preclinical support? 4. How much storage space do I need
More information, such as xyz5000, that
Your Penn State Access Account user ID and password are the key to a host of Internet services: Help Desks, elion, the Web, Penn State e-mail, University Libraries, ITS-managed Student Computing Labs,
More informationAccessData. Triage. Quick Start Guide
AccessData Triage Quick Start Guide 3 AccessData Legal and Contact Information Document date: October 16, 2013 Legal Information 2013 AccessData Group, Inc All rights reserved. No part of this publication
More informationThe Cirrus Research Computing Cloud
The Cirrus Research Computing Cloud Faculty of Science What is Cloud Computing? Cloud computing is a physical cluster which runs virtual machines Unlike a typical cluster there is no one operating system
More informationProtecting your Privacy Winchester Cathedral Privacy Notice
Protecting your Privacy Cathedral Privacy Notice Introduction Cathedral is committed to protecting the privacy of any personal information it may hold regarding individuals. This Privacy Note explains
More informationDEDUPLICATION BASICS
DEDUPLICATION BASICS 4 DEDUPE BASICS 6 WHAT IS DEDUPLICATION 8 METHODS OF DEDUPLICATION 10 DEDUPLICATION EXAMPLE 12 HOW DO DISASTER RECOVERY & ARCHIVING FIT IN? 14 DEDUPLICATION FOR EVERY BUDGET QUANTUM
More informationIf you have any questions or concerns about this Privacy Policy, please Contact Us.
Illuminate Education Your Privacy Rights Are Important To Us The privacy of students and their parents and guardians is important to Illuminate Education, Inc. ( Illuminate ) and the teachers, administrators,
More informationBackup and Recovery. Benefits. Introduction. Best-in-class offering. Easy-to-use Backup and Recovery solution
DeltaV Distributed Control System Product Data Sheet Backup and Recovery Best-in-class offering Easy-to-use Backup and Recovery solution Data protection and disaster recovery in a single solution Scalable
More informationInnovation IT Services Price List
Innovation IT Services Price List 2016-2017 Tel: 0330 330 8956 email: itsales@innoit.co.uk How to complete the Keep My Number porting form - v1.1 st Effective Date: 31 June 2014 Contents: 3/4: Microsoft
More informationSubmitting your Dissertation/ Thesis Electronically: A Guide for Graduate Students
Submitting your Dissertation/ Thesis Electronically: A Guide for Graduate Students Your comprehensive, screen by screen guide to submitting your thesis or dissertation document electronically for review
More informationNotes & Lessons Learned from a Field Engineer. Robert M. Smith, Microsoft
Notes & Lessons Learned from a Field Engineer Robert M. Smith, Microsoft SNIA Legal Notice The material contained in this tutorial is copyrighted by the SNIA. Member companies and individual members may
More informationand the Forensic Science CC Spring 2007 Prof. Nehru
and the Introduction The Internet, (Information superhighway), has opened a medium for people to communicate and to access millions of pieces of information from computers located anywhere on the globe.
More informationForensic Toolkit System Specifications Guide
Forensic Toolkit System Specifications Guide February 2012 When it comes to performing effective and timely investigations, we recommend examiners take into consideration the demands the software, and
More informationATM Cash-out Attacks. Susan Langford, Ph.D. Atalla Sr. Cryptographer
ATM Cash-out Attacks Susan Langford, Ph.D. Atalla Sr. Cryptographer About HP Atalla Security Products Founded 1972, HP 2002, HP Enterprise Security Products 2012 Trusted security partner in the Financial
More informationSymmetric Key Services Markup Language Use Cases
Symmetric Key Services Markup Language Use Cases Document Version 1.1 - February 28, 2007 The OASIS Symmetric Key Services Markup Language (SKSML) is the proposed language/protocol that defines how a client
More informationSecurity Breaches: How to Prepare and Respond
Security Breaches: How to Prepare and Respond BIOS SARAH A. SARGENT Sarah is a CIPP/US- and CIPP/E-certified attorney at Godfrey & Kahn S.C. in Milwaukee, Wisconsin. She specializes in cybersecurity and
More information2014 ISACA Academic Scholarship Competition DUE DATE EXTENDED TO MAY 1, 2014
2014 ISACA Academic Scholarship Competition DUE DATE EXTENDED TO MAY 1, 2014 ISACA is a pace-setting global organization for IT professionals focusing on information governance, security and audit. IT
More informationSource: https://articles.forensicfocus.com/2018/03/02/evidence-acquisition-using-accessdata-ftk-imager/
by Chirath De Alwis Source: https://articles.forensicfocus.com/2018/03/02/evidence-acquisition-using-accessdata-ftk-imager/ Forensic Toolkit or FTK is a computer forensics software product made by AccessData.
More information7. copy or distribute the Software, or any part thereof, or any accompanying documentation or part thereof, other than in accordance with 3.
1 Before You Begin AUSTRALIAN ACCESS SOFTWARE LICENCE AGREEMENT IMPORTANT - READ CAREFULLY 30 DAYS EVALUATION AND FULL LICENSED VERSIONS: A. By agreeing to this licence agreement and/or by installing,
More informationPhD Candidacy Exam Overview
EDIC - Doctoral Program in Computer & Communication Sciences PhD Candidacy Exam Overview https://phd.epfl.ch/edic/candidacyexams Candidacy exam background The philosophy After your 1 st year of PhD you
More informationHelping to Counter the Terrorist Threat using Face Recognition: Forensic Media Analysis Integrated with Live Surveillance Matching
Helping to Counter the Terrorist Threat using Face Recognition: Forensic Media Analysis Integrated with Live Surveillance Matching Against the backdrop of budget constraints, threats from terrorism, organised
More informationAdd Your Product to Clickbank
MODULE 3 LESSON 8 Add Your Product to Clickbank 2013 Mark Bishop NicheSynergy.com 1 Niche Synergy Table of Contents Disclaimer... 2 Why use Clickbank instead of another platform?... 3 The most important
More informationTrends in Electronic Evidence.
Trends in Electronic Evidence. Collecting and Processing Large Data Sets in Digital Forensic Investigations With Dr Allan Watt CFCE, CFE Webinar outline Authentication of electronic documents: contracts,
More informationIf you knew then...what you know now. The Why, What and Who of scale-out storage
If you knew then......what you know now The Why, What and Who of scale-out storage The Why? Calculating your storage needs has never been easy and now it is becoming more complicated. With Big Data (pssst
More informationOcé PRISMA archive software. Archiving made easy. Powerful, high-volume. archiving software
Océ PRISMA archive software Archiving made easy Powerful, high-volume archiving software Automate and accelerate archiving Flexible by design Secure access to archived documents Choose the solution that
More informationIntroduction to carving File fragmentation Object validation Carving methods Conclusion
Simson L. Garfinkel Presented by Jevin Sweval Introduction to carving File fragmentation Object validation Carving methods Conclusion 1 Carving is the recovery of files from a raw dump of a storage device
More informationHow to make Secure Easier to use
How to make Secure Email Easier to use Simson L. Garfinkel (MIT) Jeffrey I. Schiller (MIT) Erik Nordlander (MIT) David Margrave (Amazon) Robert C. Miller (MIT) http://www.simson.net/smime-survey.html/
More informationCA Nimsoft Monitor for Flow Analysis
CA Nimsoft Monitor for Flow Analysis Release Notes Release 1.0 Document Revision History Document Version Date Changes 1.0 9/29/2012 Initial version CA Nimsoft Monitor for Flow Analysis Release Notes Contact
More informationPolicy. Sensitive Information. Credit Card, Social Security, Employee, and Customer Data Version 3.4
Policy Sensitive Information Version 3.4 Table of Contents Sensitive Information Policy -... 2 Overview... 2 Policy... 2 PCI... 3 HIPAA... 3 Gramm-Leach-Bliley (Financial Services Modernization Act of
More informationStorage Hierarchy Management for Scientific Computing
Storage Hierarchy Management for Scientific Computing by Ethan Leo Miller Sc. B. (Brown University) 1987 M.S. (University of California at Berkeley) 1990 A dissertation submitted in partial satisfaction
More informationTeradata and Protegrity High-Value Protection for High-Value Data
Teradata and Protegrity High-Value Protection for High-Value Data 12.16 EB7178 DATA SECURITY Table of Contents 2 Data Centric Security: Providing High-Value Protection for High-Value Data 3 Visibility:
More informationSYSTEM SPECIFICATIONS GUIDE
SYSTEM SPECIFICATIONS GUIDE AD Enterprise NETWORK INVESTIGATION AND POST-BREACH ANALYSIS v6.5 Revision (May 8, 2018) www.accessdata.com Contents AccessData Enterprise Overview and System Specifications
More informationP6 Compression Server White Paper Release 8.2 December 2011 Copyright Oracle Primavera P6 Compression Server White Paper Copyright 2005, 2011, Oracle and/or its affiliates. All rights reserved. Oracle
More informationHP Dynamic Deduplication achieving a 50:1 ratio
HP Dynamic Deduplication achieving a 50:1 ratio Table of contents Introduction... 2 Data deduplication the hottest topic in data protection... 2 The benefits of data deduplication... 2 How does data deduplication
More informationRAPID RECOGNITION OF BLACKLISTED FILES AND FRAGMENTS MICHAEL MCCARRIN BRUCE ALLEN
RAPID RECOGNITION OF BLACKLISTED FILES AND FRAGMENTS MICHAEL MCCARRIN BRUCE ALLEN MANY THANKS TO: OSDFCon and Basis Bruce Allen Scott Young Joel Young Simson Garfinkel All of whom have helped with this
More informationOrder a Paper Transcript
Order a Paper Transcript Transcript requests will not be processed for those with holds for financial or other obligations to the University. All University holds must be cleared before requesting a transcript.
More information1. INFORMATION WE COLLECT AND THE REASON FOR THE COLLECTION 2. HOW WE USE COOKIES AND OTHER TRACKING TECHNOLOGY TO COLLECT INFORMATION 3
Privacy Policy Last updated on February 18, 2017. Friends at Your Metro Animal Shelter ( FAYMAS, we, our, or us ) understands that privacy is important to our online visitors to our website and online
More informationTOMRAS: A Task Oriented Mobile Remote Access System for Desktop Applications
DOCTORAL DISSERTATION TOMRAS: A Task Oriented Mobile Remote Access System for Desktop Applications Khaled Khankan kkhankan@it. uts. edu. au Supervised by: Prof. Robert Steele robert.steele@usyd.edu.au
More informationKENYA SCHOOL OF GOVERNMENT EMPLOYMENT OPORTUNITY (EXTERNAL ADVERTISEMENT)
KENYA SCHOOL OF GOVERNMENT EMPLOYMENT OPORTUNITY (EXTERNAL ADVERTISEMENT) 1. DIRECTOR, LEARNING & DEVELOPMENT - LOWER KABETE Reporting to the Director General, Campus Directors will be responsible for
More informationCommonwealth Edison Company Renewable Energy Resource RFP Registration with PJM-EIS GATS
Commonwealth Edison Company Renewable Energy Resource RFP Registration with PJM-EIS GATS The Commonwealth Edison Company ( ComEd ) procurement plan provides for the procurement of Renewable Energy Credits
More informationcustinger - Supporting Dynamic Graph Algorithms for GPUs Oded Green & David Bader
custinger - Supporting Dynamic Graph Algorithms for GPUs Oded Green & David Bader What we will see today The first dynamic graph data structure for the GPU. Scalable in size Supports the same functionality
More informationAccess Control Policy
Access Control Policy Version Control Version Date Draft 0.1 25/09/2017 1.0 01/11/2017 Related Polices Information Services Acceptable Use Policy Associate Accounts Policy IT Security for 3 rd Parties,
More informationCity College Computing
City College Computing European Computer Driving Licence Module 1 Sample Test 1 1. Which of these is an input device? A. CD-ROM B. Mouse C. Printer D. Zip drive 2. What does RSI mean? A. Repeated Syndrome
More informationCyber Attack Investigative Tools and Technologies
HTCIA Silicon Valley 7 May 2003 Cyber Attack Investigative Tools and Technologies Kevin O Shea Technical Analysis Group Institute for Security Technology Studies at Dartmouth College Hanover, NH For more
More informationUpdating the HPC Bill Punch, Director HPCC Nov 17, 2017
Updating the HPC 2018 Bill Punch, Director HPCC Nov 17, 2017 Unique Opportunity The plan for HPC and the new data center is to stand up a new system in the DC, while maintaining the old system for awhile
More informationSage Compatibility guide. Last revised: August 20, 2018
Sage 300 2019 Compatibility guide Last revised: August 20, 2018 2018 The Sage Group plc or its licensors. All rights reserved. Sage, Sage logos, and Sage product and service names mentioned herein are
More informationChapter Two File Systems. CIS 4000 Intro. to Forensic Computing David McDonald, Ph.D.
Chapter Two File Systems CIS 4000 Intro. to Forensic Computing David McDonald, Ph.D. 1 Learning Objectives At the end of this section, you will be able to: Explain the purpose and structure of file systems
More informationEvaluating Archiving Solutions
Evaluating Email Archiving Solutions THE CLIPPER GROUP ExplorerTM Published Since 1996 Report #TCG2006036 May 9, 2006 Evaluating Email Archiving Solutions Analyst: Dianne McAdam Navigating Information
More informationCA Nimsoft Monitor for Flow Analysis
CA Nimsoft Monitor for Flow Analysis Release Notes Release 1.1 Document Revision History Document Version Date Changes 1.1 11/30/2012 Updated for Flow Analysis 1.1 release 1.0 9/29/2012 Initial version
More informationNTP Software VFM Task Service for NetApp
NTP Software VFM Task Service for NetApp Installation Guide Version 6.1 This guide provides quick instructions for the installation of NTP Software VFM Task Service, from an administrator s perspective.
More informationVW INTERFACE. The AutoSoft DMS and Finance Assistant Integration with VW OEM and VCI. The ASI and VW OEM Interface Solution
AUTOSOFT INTEGRATION WITH VW OEM & VCI VW INTERFACE The AutoSoft DMS and Finance Assistant Integration with VW OEM and VCI These pages list all the Volkswagen OEM and VCI Interfaces available for your
More informationThe Insider Threat Center: Thwarting the Evil Insider
The Insider Threat Center: Thwarting the Evil Insider The CERT Top 10 List for Winning the Battle Against Insider Threats Randy Trzeciak 14 June 2012 2007-2012 Carnegie Mellon University Notices 2011 Carnegie
More informationChapter 7 Forensic Duplication
Chapter 7 Forensic Duplication Ed Crowley Spring 11 Topics Response Strategies Forensic Duplicates and Evidence Federal Rules of Evidence What is a Forensic Duplicate? Hard Drive Development Forensic Tool
More informationOnCommand Unified Manager 7.2: Best Practices Guide
Technical Report OnCommand Unified : Best Practices Guide Dhiman Chakraborty August 2017 TR-4621 Version 1.0 Abstract NetApp OnCommand Unified is the most comprehensive product for managing and monitoring
More informationThanks for attending this session on April 6 th, 2016 If you have any question, please contact Jim at
Thanks! Thanks for attending this session on April 6 th, 2016 If you have any question, please contact Jim at jim@stickleyonsecurity.com Don t forget to checkout Stickley on Security and learn about our
More informationSkills Academy. Forensic Studies Courses
Skills Academy Forensic Studies Courses www.skillsacademy.co.za Forensic Science Programmes Forensic Science Studies is for the person who wants to work in a laboratory or as a crime scene technician and
More informationMEDICARE PART B HAWAII PRE ENROLLMENT INSTRUCTIONS MR057
MEDICARE PART B HAWAII PRE ENROLLMENT INSTRUCTIONS MR057 TO COMPLETE THIS FORM YOU WILL NEED: Medicare Hawaii Provider Number (PTAN) Billing NPI on file with Palmetto for the Hawaii PTAN Name and Address
More informationStellar Phoenix Windows Data Recovery - Pro
Stellar Phoenix Windows Data Recovery - Pro Version 4.2 Installation Manual 1 Overview Stellar Phoenix Windows Data Recovery is a complete solution to recover data from hard disk. However, Microsoft Windows
More informationUser Guide. License Director. Release 4.0
User Guide License Director Release 4.0 Printed on 11 March, 2009 2009 Avaya Inc. All Rights Reserved. Notice While reasonable efforts were made to ensure that the information in this document was complete
More informationRobert Jamieson. Robs Techie PP Everything in this presentation is at your own risk!
Robert Jamieson Robs Techie PP Everything in this presentation is at your own risk! PC s Today Basic Setup Hardware pointers PCI Express How will it effect you Basic Machine Setup Set the swap space Min
More informationIntroduction. Read on and learn some facts about backup and recovery that could protect your small business.
Introduction No business can afford to lose vital company information. Small-business owners in particular must take steps to ensure that client and vendor files, company financial data and employee records
More informationMaria Hishikawa MSIX Technical Lead Sarah Storms MSIX Contractor Security
Migrant Student Information Exchange (MSIX) Security, Privacy and Account Management Webinar Deloitte Consulting LLP. February 22, 2018 Maria Hishikawa MSIX Technical Lead Sarah Storms MSIX Contractor
More informationEd Ferrara, MSIA, CISSP
MIS 5208 - Lecture 12 Investigation Methods Data Acquisition Ed Ferrara, MSIA, CISSP eferrara@temple.edu Objectives List digital evidence storage formats Explain ways to determine the best acquisition
More informationA Comedy of Errors: Assessing and Managing the Human Element of Cyber Risk
SESSION ID: GRC-T10 A Comedy of Errors: Assessing and Managing the Human Element of Cyber Risk R Jason Straight Sr. VP, Chief Privacy Officer UnitedLex Corp. Has anyone seen this man? 2 3 4 We re getting
More informationCOMP Data Structures
COMP 2140 - Data Structures Shahin Kamali Topic 1 - Introductions University of Manitoba Based on notes by S. Durocher. COMP 2140 - Data Structures 1 / 35 Introduction COMP 2140 - Data Structures 1 / 35
More informationPrivacy Policy. LAST UPDATED: 23 June March 2017
Privacy Policy LAST UPDATED: 23 June 20156 March 2017 VERSION 3.0 2.0 Comment [A1]: The Privacy Policy has been updated because we now use Google Analytics, to help improve our services and our communications
More informationArcserve Cloud Frequently Asked Questions
ARCSERVE CLOUD FAQS Arcserve Cloud Frequently Asked Questions The Arcserve Cloud empowers SMBs and mid-sized organizations to complete their data protection strategy with a seamless means to achieve disaster
More informationNTP Software VFM Task Service for Windows
NTP Software VFM Task Service for Windows Installation Guide Version 6.2 This guide provides quick instructions for the installation of NTP Software VFM Task Service, from an administrator s perspective.
More informationSQL Server Case Study. Woman s Hospital WOMAN S HOSPITAL SAVES TIME AND MONEY WITH IDERA
SQL Server Case Study Woman s Hospital WOMAN S HOSPITAL SAVES TIME AND MONEY WITH IDERA Overview Woman s Hospital is one of the first women s specialty hospitals in the nation, and is currently one of
More informationProperly Sizing Processing and Memory for your AWMS Server
Overview This document provides guidelines for purchasing new hardware which will host the AirWave Wireless Management System. Your hardware should incorporate margin for WLAN expansion as well as future
More informationGovernment-issued identification numbers (e.g., tax identification numbers)
Privacy Policy This Privacy Policy explains how the ACMI collects, uses, shares and safeguards Personal Data and Non- Personal Data on www.acmiart.org, mobile websites, microsites, mobile applications,
More informationVendor Fraud. Goals of Presentation. Detection and Investigation
Vendor Fraud Detection and Investigation by CPAs Dan Dreibelbis dlrg1@verizon.net Maryland Association of CPAs Goals of Presentation Alert CPAs to their ability to detect fraud Fraud detection is a responsibility
More informationTraining for E C D L. Syllabus 5. A Practical Course in Windows XP and Office Blackrock Education Centre
Training for E C D L Syllabus 5 A Practical Course in Windows XP and Office 2007 Blackrock Education Centre 2010 Blackrock Education Centre 2010 ISBN 978-0-9564074-5-0 Published by Blackrock Education
More informationB. We may offer you the opportunity to submit other information about yourself (such as gender, age, occupation, hobbies, interests, zip code, etc.
DELANCEYPLACE.COM LLC PRIVACY POLICY DELANCEYPLACE.COM, LLC and its affiliates ( DelanceyPlace, we or us ) operate a website and related social network along with all related applications, software, daily
More informationMastering QuickBooks: Increasing Performance with Large Files and Multiple Users
Mastering QuickBooks: Increasing Performance with Large Files and Multiple Users By Joe Woodard, Advanced Certified QuickBooks ProAdvisor and Certified QuickBooks Trainer Editor s Note: Joe Woodard is
More informationManagement Update: Storage Management TCO Considerations
IGG-09172003-01 C. Stanley Article 17 September 2003 Management Update: Storage Management TCO Considerations CIOs, asset managers, data center managers and business managers should be aware of the total
More informationIMPORTANT INFORMATION - Agreement on In-company Period
IMPORTANT INFORMATION - Agreement on In-company Period The agreement must be completed electronically as the project title will be transferred to the diploma. The agreement must be completed in consultation
More informationCompleting Travel Reimbursement Forms Using Electronic Signature
Completing Travel Reimbursement Forms Using Electronic Signature University of Central Florida (UCF) travelers and their supervisors are encouraged to sign travel reimbursement forms using digital signatures.
More informationCOMP Data Structures
Shahin Kamali Topic 1 - Introductions University of Manitoba Based on notes by S. Durocher. 1 / 35 Introduction Introduction 1 / 35 Introduction In a Glance... Data structures are building blocks for designing
More informationTechnical Brief: Specifying a PC for Mascot
Technical Brief: Specifying a PC for Mascot Matrix Science 8 Wyndham Place London W1H 1PP United Kingdom Tel: +44 (0)20 7723 2142 Fax: +44 (0)20 7725 9360 info@matrixscience.com http://www.matrixscience.com
More informationChrome Nuts and Bolts: Chrome OS / Chromebook forensics. Jad Saliba and Jessica Hyde
Chrome Nuts and Bolts: Chrome OS / Chromebook forensics Jad Saliba and Jessica Hyde Jad s Introduction Hello, my name is Jad Saliba Hi Jad! Founder and CTO - Magnet Forensics Former Digital Investigator
More informationMobile Banking FAQs. Frequently Asked Questions. Contact Us. Security. Signing In
Effective May 24, 2016 Contact Us Who do I call for help? For help with Online or Mobile Banking, please call 888-217-1265 (Consumer) or 877-650-0095 (Business). If you are having technical issues with
More informationOracle Retail WebTrack Release Notes Release September 2007
Oracle Retail WebTrack Release Notes Release 12.0.2 September 2007 Oracle Retail WebTrack Release Notes, Release 12.0.2 Copyright 2007, Oracle. All rights reserved. Primary Author: Rich Olson The Programs
More informationCybersecurity and Hospitals: A Board Perspective
Cybersecurity and Hospitals: A Board Perspective Cybersecurity is an important issue for both the public and private sector. At a time when so many of our activities depend on information systems and technology,
More informationIntro to Software as a Service (SaaS) and Cloud Computing
UC Berkeley Intro to Software as a Service (SaaS) and Cloud Computing Armando Fox, UC Berkeley Reliable Adaptive Distributed Systems Lab 2009-2012 Image: John Curley http://www.flickr.com/photos/jay_que/1834540/
More informationGovernance, Risk, and Compliance Controls Suite. Hardware and Sizing Recommendations. Software Version 7.2
Governance, Risk, and Compliance Controls Suite Hardware and Sizing Recommendations Software Version 7.2 GRC Controls Suite Hardware and Sizing Recommendations Part No. AG014-720B Copyright 2007, 2008,
More information