You are on page 1of 25

Applications

to Intelligence Analysis

COMPUTER FORENSIC REFORMS

Starting Point:

Digital Forensics

Scientic analysis of computers and communication systems so the results can be used in legal proceedings.

Two principle concentrations 1. E-Discovery and MEDEX 2. Analysis of systems to identify particular activity, e.g., criminal activity such as hacking.

Considerable similarity between Intelligence Analysis and Digital Forensics

Intelligence Analysis
Finished Product

Computer Forensics
Forensic Report

Intelligence Analyst

Decision/ Policy Maker

Forensic Examiner

Attorney/ Client

Collection

Acquisition

We have our problems.

For example: 1. Declining budgets Do more with less. 2. Faster turnaround times required. 3. Appreciable gap between senior examiners and entry level personnel. 4. Customers dont understand what we do to them it sometimes appears like magic. Sound familiar?

Three signicant, specic problems and their solutions.

Problem: Increase in the volume of material

The move from gigabytes to petabytes.

Solution: New analytic/search tool.

Problem: Attribution to suspected actors.

Tracking an attack back to its source.

Router

Router

Attacked Computer

Router Router

Infected Computer

Attackers Computer

Solution: Formation of information exchange and engage in cyber proling.

This actually became a complicated solution. Major components: 1.Dialogue identify data important to us 2.Train the partners sta 3.Exchange data in a timely fashion

Notice the clustering of power individuals.

The software that produced this, Sentinel Analyzer, sells for $4,000.

We didnt stop of Sentinel Analyzer. Other tools were incorporated, such as Splunk.

Problem: Dealing with new examiners.

Within the last three years a number of American universities have introduced graduate level programs in computer forensics. The result is far from consistent.

Solution: Mentoring with specic scenarios/exercises.

A few notes: 1. Regular mentoring did not work. 2. Scenarios were detailed with quantiable results. 3. New employees were evaluated on analysis as well as writing skills.

Bank

Current technique in theft of funds.

Bot/infected computer

Bad Guy

Victim

Michael Robinson | mrobinson4614@stevenson.edu

COMPUTER FORENSIC REFORMS