I'll chime in here - forensics has historically been applied in a legal sense, which is slow, geared toward "beyond a reasonable doubt". In the real world of business and intelligence - there are different standards, i.e., will it help us in a business sense or do we think the target needs to be serviced - room to be wrong, and while not indifferent to being wrong, that is why we have the term "collateral damage". Different paradigms. The time criticality mentioned below is very important, especially when reacting to Internet threats - your response time is measured in minutes now - search on warhol worm. Ralph Ralph S. Hoefelmeyer, CISSP Senior Engineer WorldCom GPE 719.535.4576 Office "Security is a process, not a product" Bruce Schneier -----Original Message----- From: Gary L. Palmer [mailto:palmergat_private] Sent: Friday, October 18, 2002 8:02 AM To: Morris, Rod Cc: forensicsat_private Subject: Re: Future trends in computer forensics Rod, I work at the Air Force Research lab in Rome, NY. From a conceptual, basic research perspective some items that are being worked on that will have significant impact in our field (Digital Evidence or Digital Forensic Science/Engineering - some would cringe at the phrase) present real challenges. Some are: - Understanding digital transformations - the detailed trial of processing that is employed from molecular storage of magnetic forces as voltages to the representation of that information on a monitor as human readable text. Not many understand the full spectrum of events. It may tell us volumes. This is true especially in light of Daubert/Kumho and FRE 702 - The application of Lockard's Exchange Principle in the digital realm. Does it apply? This famous basic rule of all traditional forensic analysis has yet to be verified or falsified when considering forensic computer/network investigations. - Authorship attribution: many forensic disciplines are employed mostly to ascertain two important probative items (there are other items of course), 1. The irrefutable identity of the victim, and 2. the incontestable identity of the perpetrator. To date that has been very difficult to do in the digital world. Applications of Forensic Linguistics and Stylometery are rising to meet the digital challenge. - The application of rigorous, relatively slow moving Law enforcement techniques (mostly ex post facto) in forensic analysis of near-real-time operational environments (business and military). This is a matter of time criticality and overall perspective. Prosecution verses Availability of service. Which one drives. - Digital Forensic Analysis in a wireless/cellular environment. RIM Blackberry, Bluetooth, 802.11x, CDMA, GSM, 3G, 4GSM, etc.. Very complex and challenging. $.02 Gary "Morris, Rod" wrote: > Hello everyone, > > I've been asked to say a few words for an interview concerning "the future > of computer forensics". Amongst other things I thought I'd mention the > challenges posed by (IMHO) an increasing use of encryption amongst users, > developments in forensic tools (such as EnCase Enterprise edition) and an > increasing awareness of the legal issues surrounding computer forensic > investigation. > > This specific interview aside, I'd be very interested to hear other opinions > on where we're going and what others working in this field think the major > technological challenges and developments are likely to be over the next few > years... > > Kind regards, > > Rod > > -- > Rod Morris > KPMG > Forensic Technology > tel +31 (0) 20 656 8884 > fax +31 (0) 20 656 7790 > e-mail Morris.Rodat_private > X.400 c=NL;a=CONCERT;p=KPMG;s=morris;g=rod > > ********************************************************************** > De informatie verzonden met dit e-mailbericht (en bijlagen) > is uitsluitend bestemd voor de geadresseerde(n) en zij die > van de geadresseerde(n) toestemming kregen dit bericht te > lezen. Gebruik door anderen dan geadresseerde(n) is > verboden. De informatie in dit e-mailbericht (en bijlagen) > kan vertrouwelijk van aard zijn en kan binnen het bereik > vallen van een geheimhoudingsplicht en een verschonings- > recht. > > Any information transmitted by means of this e-mail (and any > of its attachments) is intended exclusively for the addressee > or addressees and for those authorized by the addressee > or addressees to read this message. Any use by a party > other than the addressee or addressees is prohibited. > The information contained in this e-mail (or any of its > attachments) may be confidential in nature and fall under a > duty of non-disclosure and the attorney-client privilege. > ********************************************************************** > > ----------------------------------------------------------------- > This list is provided by the SecurityFocus ARIS analyzer service. > For more information on this free incident handling, management > and tracking system please see: http://aris.securityfocus.com ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Fri Oct 18 2002 - 10:43:16 PDT