The Death of Computer Forensics, Digital Forensics After the Singularity by Cory Altheide
Essay by pratibhamittal • December 22, 2017 • Essay • 991 Words (4 Pages) • 1,308 Views
Essay Preview: The Death of Computer Forensics, Digital Forensics After the Singularity by Cory Altheide
The death of computer forensics, digital forensics after the singularity by Cory Altheide, Security Engineer, Forensics and Incident Response, Google INC
Every new advancement in the field of computing technology fetches cries from forensics practitioners. Every step forward for calculating will unavoidably bring the end of discipline and computer criminals would operate with freedom. This attitude mirrors to what is known as “technological singularity”. It is a point of technological progress so fast that the “future” turn out to be nearly impossible to forecast.
There are certain Technical challenges which Cloud Forensics face. Computer forensics needs to practice fundamental change as there has been a large expansion of systems of cloud computing. Cloud computing is basically a prototype which enables on demand access to network to a mutual pool of configurable resources which can be released with minimum efforts and minimum interaction of service providers. The different types of deployment models have a problem as specialized cloud forensic technique must be used, which are very different from one another. In digital forensics, for the techniques and key processes to work, software testing must be done, and it has to be verified that the operations performed on the evidence is repeatable and documented. The biggest challenge is the prevention of loss of data control. Also, data from the cloud is useful only when it is interpreted using suitable cloud communication protocols. Lastly, recovered deleted data is very significant source od evidence in traditional computer forensics, and same is the case in the cloud as well. The right to change or delete the original message is only with the user who created the volume in cloud.
Legal Challenges of Cloud Forensics are as follows. The problem of jurisdiction of digital evidence is created by the loss of location in the cloud. Different approaches have been put on table to reach to the solution of the problem. Also, practically, a rule which is based on authority of disposal approach can be used for the enforcement of law to get access of the data of the suspect within the cloud itself. Law enforcement in this case would get the combination of username and password legally after proving that they have met the other requirements. This approach gets across with any legal issue, but then a right balance would be needed with the rights of suspect and the fair need for privacy. Recent reports have confirmed that cybercriminals are depending upon the model od cloud computing more and more to carry out the cyberattacks either by attacking the cloud itself or by operating the connection to cloud. Lastly, there are difficulties in legal proceedings, where a clear authentication of digital evidence is not available.
Hence, both challenges and technical issues need to be solved in the coming years. A strong relationship is needed with the cloud providers. There are problems with jurisdiction such as problems of data retention. A reconsideration of data forensics has become very important now and computer scientists and lawyers need to carry out the same, working in collaboration.
DEFCON 20: Anti- Forensics and Anti-Anti-Forensics Attacks by Micheal Perklin
Michael Perklin is a corporate investigator, digital forensic examiner and computer programmer eDiscovery consultant. So, basically, he is both a computer geek and a legal support hybrid.
Workflow involves Creating a Working Copy first, which includes Imaging the HDD and Copying the files remotely for analysis. Technique 1 of AF is Data saturation. Start simple, have a lot of media, and go through everything. For mitigating data saturation, the acquisition process needs to be parallelized. This can be done through multiple acquisition machines. Technique 2 of AF of Non- standard RAID. Common raids have same stripe patterns, and other parameters. Use settings and hardware RAID which are not common. Also use firmware what has poor Linux support. Mitigating them involves using boot disks and imaging the volume and not the HDDS for De-raiding volumes on their own disks.
...
...