Designing Robustness and Resilience in Digital Investigation Laboratories

Similar documents
Strategic and operational threat analysis at Europol's EC3

Regional Seminar on Cyber Preparedness

Global Cybercrime Certification

NEW INNOVATIONS NEED FOR NEW LAW ENFORCEMENT CAPABILITIES

ENISA & Cybersecurity. Dr. Udo Helmbrecht Executive Director, European Network & Information Security Agency (ENISA) 25 October 2010

Cyber Security Development. Ghana in Perspective

ENISA EU Threat Landscape

Cyber Intel within European Cybercrime Center Ops

2CENTRE A collaborative model for capacity building against cybercrime. Cormac Callanan 2CENTRE Industry Liaison

Cybercrime Capacity Building a cooperative process

UCD Centre for Cybersecurity & Cybercrime Investigation

Way to new challenges

10025/16 MP/mj 1 DG D 2B

Cyber Security Strategy

Workshop on Cyber Security & Cyber Crime Policies. Policies for African Diplomats

Octopus Programme From April 2011

UCD Centre for Cybersecurity & Cybercrime Investigation. University College Dublin School of Computer Science

Global Wildlife Cybercrime Action Plan1

Cyber Security in Europe

15412/16 RR/dk 1 DGD 1C

INTERPOL s Role and Efforts in Combating Cybercrime. Dr. Madan M. Oberoi Director Cyber Innovation and Outreach

10007/16 MP/mj 1 DG D 2B

ENISA s Position on the NIS Directive

Council of the European Union Brussels, 16 March 2015 (OR. en)

Global Alliance Against Child Sexual Abuse Online 2014 Reporting Form

FIRE REDUCTION STRATEGY. Fire & Emergency Services Authority GOVERNMENT OF SAMOA April 2017

Cybersecurity Strategy of the Republic of Cyprus

EUROPEAN COMMISSION JOINT RESEARCH CENTRE. Information Note. JRC activities in the field of. Cybersecurity

ESSA Q INTEGRITY REPORT

National Communications Authority

The commission communication "towards a general policy on the fight against cyber crime"

A Multi-Stakeholder Approach in the Fight Against Cybercrime

CYBERCRIME AS A NEW FORM OF CONTEMPORARY CRIME

Implementation Strategy for Cybersecurity Workshop ITU 2016

Netherlands Cyber Security Strategy. Michel van Leeuwen Head of Cyber Security Policy Ministry of Security and Justice

UNCLASSIFIED. National and Cyber Security Branch. Presentation for Gridseccon. Quebec City, October 18-21

Package of initiatives on Cybersecurity

ISACA National Cyber Security Conference 8 December 2017, National Bank of Romania

International Law Enforcement Cooperation on Cybercrime investigations: the role of INTERPOL. Mr Olusola Oguntunde

Global Alliance Against Child Sexual Abuse Online 2014 Reporting Form BOSNIA AND HERZEGOVINA. Policy Target No. 1

CYBER INCIDENT REPORTING GUIDANCE. Industry Reporting Arrangements for Incident Response

NATIONAL STRATEGY:- MALAYSIAN EXPERIENCE

Valérie Andrianavaly European Commission DG INFSO-A3

Cyber Security Technologies

EUROPOL Unclassified Basic Protection Level

Project CyberSouth Cooperation on cybercrime in the Southern Neighbourhood Region

Call for Interest for the INTERPOL Digital Crime Centre 2 nd round (area of advanced technology required for the Malware/BotNet analysis)

Level Access Information Security Policy

1 History of CyberSecurity in the Philippines 2 3

Electronic payments in the Netherlands

Digital Health Cyber Security Centre

PERSON SPECIFICATION. Cyber PROTECT Officer. Job Title: Status: Established

Cybersecurity governance in Europe. Sokratis K. Katsikas Systems Security Laboratory Dept. of Digital Systems University of Piraeus

COUNCIL OF THE EUROPEAN UNION. Brussels, 24 May /13. Interinstitutional File: 2013/0027 (COD)

Defining cybersecurity.

EU policy on Network and Information Security & Critical Information Infrastructures Protection

Issue I. Airport Communication Project

EISAS Enhanced Roadmap 2012

13268/16 EB/dk 1 DGD 1C

G8 Lyon-Roma Group High Tech Crime Subgroup

Directive on security of network and information systems (NIS): State of Play

INTERPOL s Role and Effort in Combating Cybercrime Kunwon YANG Assistant Director, DFL, IGCI

COMESA CYBER SECURITY PROGRAM KHARTOUM, SUDAN

Dr. Emadeldin Helmy Cyber Risk & Resilience Bus. Continuity Exec. Director, NTRA. The African Internet Governance Forum - AfIGF Dec 2017, Egypt

CALIFORNIA CYBERSECURITY TASK FORCE

The UNODC Global Programme on Cybercrime Alexandru Caciuloiu CYBERCRIME COORDINATOR SOUTHEAST ASIA AND THE PACIFIC

PROJECT RESULTS Summary

Rapid Forensic Imaging of Large Disks with Sifting Collectors

Defining Computer Security Incident Response Teams

INTERPOL For official use only. Fighting with friends

Greg Garcia President, Garcia Cyber Partners Former Assistant Secretary for Cyber Security and Communications, U.S. Department of Homeland Security

A Comparative Study of Teaching Forensics at a University Degree Level

ΚΕΝΤΡΟ ΜΕΛΕΤΩΝ ΑΣΦΑΛΕΙΑΣ CENTER FOR SECURITY STUDIES

On Criteria for Evaluating Similarity Digest Schemes

Promoting Global Cybersecurity

Systemic Analyser in Network Threats

Media Kit. California Cybersecurity Institute

OAS Cybersecurity Capacity Building Efforts

CYBER RESILIENCE & INCIDENT RESPONSE

The SPARKS Project Motivation, Objectives and Results

Rohana Palliyaguru Director -Operations Sri Lanka CERT CC APCERT AGM and Conference, 24 th October 2018 Shanghai, China MINISTRY OF TELECOMMUNICATION

Intelligence-Led Policing, Community Policing and the Prevention of Violent Extremism and Radicalization that lead to Terrorism

12711/17 GG/ec 1 DGD2B

BHConsulting. Your trusted cybersecurity partner

Itu regional workshop

European Union Agency for Network and Information Security

The cost of cybercrime the benefits of cooperation

Presentation to the ITU on the Q-CERT Incident Management Team. Ian M Dowdeswell Incident Manager, Q-CERT

National Cyber Security Strategy - Qatar. Michael Lewis, Deputy Director

Global cybersecurity and international standards

Project III Public/private cooperation

Current procedures, challenges and opportunities for collection and analysis of Criminal Justice statistics CERT-GH

Certified Cyber Security Specialist

Resolution adopted by the General Assembly on 21 December [on the report of the Second Committee (A/64/422/Add.3)]

Cybersecurity for ALL

Regional Cyber security Forum for Africa and Arab States, Tunis, Tunisia 4 th -5 th June 2009

Critical Infrastructure Protection and Suspicious Activity Reporting. Texas Department of Public Safety Intelligence & Counterterrorism Division

EU General Data Protection Regulation (GDPR) Achieving compliance

ENISA & Cybersecurity. Steve Purser Head of Technical Competence Department December 2012

A Strategy for a secure Information Society Dialogue, Partnership and empowerment

Transcription:

DIGITAL FORENSIC RESEARCH CONFERENCE Designing Robustness and Resilience in Digital Investigation Laboratories By Philipp Amann and Joshua James Presented At The Digital Forensic Research Conference DFRWS 2015 EU Dublin, Ireland (Mar 23 rd - 26 th ) DFRWS is dedicated to the sharing of knowledge and ideas about digital forensics research. Ever since it organized the first open workshop devoted to digital forensics in 2001, DFRWS continues to bring academics and practitioners together in an informal environment. As a non-profit, volunteer organization, DFRWS sponsors technical working groups, annual conferences and challenges to help drive the direction of research and development. http:/dfrws.org

Designing Robustness and Resilience in Digital Investigations Dr. Philipp Amann, MSc Dr. Joshua I. James DFRWS EU 2015 25 March 2015 Europol Unclassified - Basic Protection level / Europol Public Information

Overview What triggered the research? How did we do it? Key findings & recommendations Europol s EC3 Walking the walk Q & A

Challenges Complex and changing requirements, and rapid technological advancements Increasing volume, scope and sophistication of cybercrime & global scope CaaS Criminal abuse of legitimate services providing anonymity and privacy

Challenges Attribution Access to and admissibility of electronic evidence Cross-border cooperation Acquiring and retaining skills and expertise Staff turnover and knowledge drain

Taking a step back How can LE conduct digital investigations effectively and efficiently? In LE, what is the role of robustness and resilience when it comes to digital investigations? What are the key elements in the context of a digital investigation framework design that can withstand changes but also adapt in a controlled/planned manner?

Some definitions Resilience long-term capacity to adapt to change and new risk environments, and develop within certain boundaries Approach to addressing unexpected events but also a practice that aims at actively monitoring relevant factors and managing any deviations Includes monitoring, situational awareness and forward-looking analysis as key practices

Some definitions Robustness the ability resist change Important to ensure that the basic principles of police work are maintained while adapting to a changing environment Not all that can be done should be done (?)

Objectives Surveying and analysing the current state of robustness and resilience practices Extracting key elements of robustness and resilience Describing how to include these elements when designing digital investigation capabilities

Approach Literature research Structured online survey 35 closed and open questions 72 recipients (LEAs), 21 responses ~ 29% response rate Stakeholder interviews

Key findings & Recommendations Does your agency have a digital forensics strategy?

Key findings & Recommendations Main standards or guidelines used in digital forensics? RITS Computer Forensics group 1 International Organization for Standardization (ISO) 3 Council of Europe (Budapest Convention, Electronic Evidence Guide) 4 National Institute of Standards and Technology (NIST) 4 International Association of Computer Investigative Specialists (IACIS) 5 Association of Chief Police Officers (ACPO) 7 Developed in-house 13

Key findings & Recommendations Training and Education Continuous digital forensics education/training plan in place? Use of e-learning to train digital forensics staff? Personal development portfolio for staff?

Key findings & Recommendations Training and Education (cont d) Mentoring system in place? Hand-over between outgoing and incoming digital forensics staff? Further education and training considered during performance evaluations?

Key findings & Recommendations Do you use a reporting standard (incidents, case description, final reports, etc.)?

Key findings & Recommendations Tool Support Do you use standardized digital forensics tools? Do you use open-source digital forensics tools?

Key findings & Recommendations Do you have a Quality Management System in place?

Key findings & Recommendations Do you have a Knowledge Management Program in place?

Key findings & Recommendations Are the digital forensics software tools that your agency uses court-approved?

Key findings & Recommendations Co-operation and PPPs Co-operation with academia? Co-operation with the private sector?

Key findings & Recommendations Do you have a digital forensics R&D unit?

Key findings & Recommendations Average staff turnover Digital forensic examiners Digital forensic investigators

Key findings & Recommendations How would you rate your agency s robustness and resilience? (1 Lowest 5 Highest)

Key findings & Recommendations Greatest challenges in conducting digital investigations?

Key findings & Recommendations Strategic Level Operational Level Digital Forensics Strategy Standardization Forensic Discipline Continuous Education and Training Research and Development Co-operation Standardization Continuous Education and Training Research and Development Co-operation Human Resources

Future Research Development of additional KPIs Digital forensics framework

EC3 Who We Are and What We Do 26 European Cybercrime Centre

EC3 Core Services European cybercrime info/intel focal point Support to Member States' cybercrime investigations Platform to pool skills and expertise & tool support for MS Collective voice of European cybercrime investigators OPERATIONAL Coordination of High Profile Operations On-the-Spot Operational Support Operational, Technical and Forensic Analysis Digital IT Forensics Support STRATEGIC Digital Forensics and R&D Outreach to Public/Private Partners Strategic and Forward Looking Assessments Training and capacity building 27

EC3 Intelligence/Knowledge Products CYBER-INTEL STRATEGY Cyber Bits Trends: Modus operandi, tool or technique used by cyber criminals. Emerging patterns and crime series. Knowledge: Offer guidance and raise awareness. Technology: Technical developments having impact law enforcement work. Tools: Presentation of tailored tools to support operational activities. OSINT Dashboard Strategic Assessments of Operations iocta Project 2020: Scenarios for the Future of Cybercrime Police Ransomware Threat Assessment, Review of Criminal Forums, etc. Strategic Assessments of Operations (e.g. Onymous) Quantitative Quarterly Report on Cybercrime, CC Dependencies Map ICANN Guide for Dummies, Assessment of Bitcoin, Top 10 External Cyber Threats, etc.

EC3 Projects, Products and Services Taxonomy and business case for the exchange of information/intelligence between LE and CERTs Anonymized cross-matching solution Design of standardized EU-wide training and capacity building measures (ECTEG, UCD, CEPOL, ) Training Competency Framework Prevention and awareness

EC3 Projects, Products and Services Active stakeholder management, cross-domain and cross-disciplinary (e.g. EC3AAN) EC3 Training Courses (Avila, Selm) Position papers on legislative issues Research and Development Malware analysis, Decryption,

Thank you philipp.amann@europol.europa.eu

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback