Keystroke Dynamics ...
 
Notifications
Clear all

Keystroke Dynamics in DF?

9 Posts
4 Users
0 Likes
252 Views
 Mr-B
(@mr-b)
Posts: 3
New Member
Topic starter
 

Is there any reason "Keystroke Dynamics" could potentially be used in Digital Forensics?

Does anyone have any scope to why this could possibly be useful in Digital Forensics…

any contribution would be greately appreciated

 
Posted : 15/11/2014 5:02 pm
jaclaz
(@jaclaz)
Posts: 5133
Illustrious Member
 

… which i believe is recorded in a hash value,

You believe or you checked/verified this piece of info?
And on which specific device/OS is this info recorded?

jaclaz

 
Posted : 15/11/2014 5:11 pm
 Mr-B
(@mr-b)
Posts: 3
New Member
Topic starter
 

Ive made the question less specific as i assume users who reply will hopefully have an understanding, would be thankful if you could contribute D

 
Posted : 15/11/2014 5:58 pm
jaclaz
(@jaclaz)
Posts: 5133
Illustrious Member
 

Ive made the question less specific as i assume users who reply will hopefully have an understanding, would be thankful if you could contribute D

Sure ) , but you need to hopefully provide facts and some specific background as a base for your thesis (or hypothesis) or even only question.

Generalizing your question, it amounts to more or less
"Would any info about authentication and/or identification of users of electronic devices be relevant in digital forensics?"
and it would have obviously as answer a
"Yes, sure."

On the other hand, is there a "real case" where/when this particular info is actually recorded (and later retrievable)?
If no, the answer becomes
"Potentially, yes, but only WHEN it will be used THEN it may become relevant.".

The background/reasons why you asked the question are important, I mean, is it connected to a research paper, to an under development software, it is just curiosity, etc…..

jaclaz

 
Posted : 15/11/2014 10:12 pm
MDCR
 MDCR
(@mdcr)
Posts: 376
Reputable Member
 

If you are talking about profiling users from their keystroke patterns/profile, then it could possibly be used to exclude users from suspicion, but not be used as absolute proof for something.

 
Posted : 16/11/2014 3:08 am
(@mark_adp)
Posts: 63
Trusted Member
 

If you are talking about profiling users from their keystroke patterns/profile, then it could possibly be used to exclude users from suspicion, but not be used as absolute proof for something.

But where would the variables be recorded/extracted from in order to make that determination? Unless performing some detailed key logging events I don't understand how this could be used in reactive investigations. Proactive security it could be useful, monitoring the keystroke dynamics of a customer logging into your online banking system and building a profile for them to identify future anomalies.

 
Posted : 16/11/2014 12:23 pm
jaclaz
(@jaclaz)
Posts: 5133
Illustrious Member
 

If you are talking about profiling users from their keystroke patterns/profile, then it could possibly be used to exclude users from suspicion, but not be used as absolute proof for something.

In other words wink

If it doesn't swim like a duck, and doesn't quack like a duck, then it probably is NOT a duck.

http//en.wikipedia.org/wiki/Duck_test
D

jaclaz

 
Posted : 16/11/2014 4:06 pm
MDCR
 MDCR
(@mdcr)
Posts: 376
Reputable Member
 

If you are talking about profiling users from their keystroke patterns/profile, then it could possibly be used to exclude users from suspicion, but not be used as absolute proof for something.

But where would the variables be recorded/extracted from in order to make that determination? Unless performing some detailed key logging events I don't understand how this could be used in reactive investigations. Proactive security it could be useful, monitoring the keystroke dynamics of a customer logging into your online banking system and building a profile for them to identify future anomalies.

Has to be built. A keylogger that logs meta about user input (example how many miliseconds between keystrokes) instead of the actual keystrokes is a good start.

Amount of user input, choise of words, time of day (etc) can use used on internet services.

 
Posted : 19/11/2014 8:25 am
MDCR
 MDCR
(@mdcr)
Posts: 376
Reputable Member
 

If you are talking about profiling users from their keystroke patterns/profile, then it could possibly be used to exclude users from suspicion, but not be used as absolute proof for something.

In other words wink

If it doesn't swim like a duck, and doesn't quack like a duck, then it probably is NOT a duck.

http//en.wikipedia.org/wiki/Duck_test
D

jaclaz

Exactly. The word probably is key. This method is not very scientific, it cannot be used as absolute proof that joe schmoe sat at the computer time T and wrote a threatening letter to jim schmoe.

Just as the "lie detector" is not a lie detector at all, it is a device created to spot deception, not to point out that something is a lie. And it can be wildly inaccurate.

 
Posted : 19/11/2014 8:29 am
Share: