Computer Forensics ...
 
Notifications
Clear all

Computer Forensics in 5 years time

StudentofLife
(@studentoflife)
New Member

Hello

I'm a recent BSc Computer Forensics graduate. Whilst I'm in persuit of my first CF job I'm keeping up with technology and forensics.
My question is where do you see CF in 5 years time?

I've read an article on evidence from a pacemaker being used as evidence Here

And Amazon Echo data being requested to be used as evidence Here

And I'm interested to know where people in the field see CF in 5 years time. Challenges? Problem solved? Other? Bring it all to the discussion.

My guess is that there'll be an increase in smart device's data being used as evidence, resulting in lab storage space becoming an issue.

Feel free to bring a new angle to the question.

I'm genuinely interested in learning. Let's talk

Quote
Topic starter Posted : 01/10/2017 4:26 pm
mscotgrove
(@mscotgrove)
Senior Member

I think questions on the use of personal data may be a bigger issue that the collection of the original data.

Encryption and passwords is also a major issue, re iPhone case about 1 year ago.

My final concern is the size of data, a 1TB disk drive is now 'small'

ReplyQuote
Posted : 01/10/2017 6:12 pm
StudentofLife
(@studentoflife)
New Member

I think questions on the use of personal data may be a bigger issue that the collection of the original data.

Do you think people are beginning to distrust organisation's with their personal data due to so many cyber attacks/breaches? Re Deloitte. Or do you think that organisations aren't being ethical with their data handling/storage techniques? Or other

ReplyQuote
Topic starter Posted : 01/10/2017 8:06 pm
RolfGutmann
(@rolfgutmann)
Community Legend

The dawn of smart home devices and Voice Assistants with AI will have small effects on DF. As evidence is the focus the data hinting towards evidence is confused. Intensions do not proof a fact, they just hint towards. Pieces of evidence are location at a certain time e.g.. This information is residing in a Mobile Equipment without VAs. More and more apps ask for location permission, so location you get out of many apps logging/clouding location (Cellebrite Cloud Analyzer).

In 5 years I expect DF gets more easy as more devices to collect data for evidence but new areas underdevelopped like extrem complex financial fraud investigations like Virtual Currencies. To learn to handle more cryptographic issues is obviously as a 'nice try' to protect digital processes. As 80% of crypto is implementation and by default weak, there is an easy way to overcome crypto. Do not be blinded by the 20% algo part of crypto. With cloudbased spot instances on AWS you can break crypto by lease of resources.

A new phenomena will rise. Multi-tenant data residence questions where to fastest find the most accurate evidence? Which device first if time critical? A longtime research of which data layers in correlation with Apps brings the most accurate evidence we have running as a project.

Digital Hidding and Digital Camouflage will be on-large in 5 years.

Ping-Pong What do you say now?

ReplyQuote
Posted : 01/10/2017 8:06 pm
Bunnysniper
(@bunnysniper)
Active Member

My question is where do you see CF in 5 years time?

My opinion Digital Forensics will go darker. Encryption on iOS is only the beginning, new versions of the Android OS will have a very similar encryption as the iOS has today.

Much more forensics will be done on the Cloud Service Provider`s side they will establish (by law!) a "forensic API" for all customers, which is accessible with a digital search warrant. DFIR Experts from Law Enforcement only get a raw image file by clicking the "Evidence Button" on a website.

Much more IoT devices will lead to a very heterogenous scene, and strong encryption will find its way on these devices, too.

Encryption will be the standard for every connection and storage. Cloud based storage, apps and computing will be the standard architecture. Digital Forensics as we are practicing today will only be done on a few remaining PC and Servers. There will be more breaches on IoT and Home user`s devices, but we will not see compromised business networks and companies and longer. Cloud Service Providers are doing a much better job on security and breach prevention than most companies.

Just my 2 cent….

best regards,
Robin

ReplyQuote
Posted : 01/10/2017 8:40 pm
athulin
(@athulin)
Community Legend

My question is where do you see CF in 5 years time?

Somewhere where it rests on more solid research.

I've read an article on evidence from a pacemaker being used as evidence

That's a fairly good example. As it is presented, there's no solid evidence of anything, just seems to be a lot of assumptions. (But then, the links to 'court records' don't seem to lean anywhere near court records, so there boring details I want to read may be found elsewhere.)

Was the data acquiry forensically sound? How was that established?

What error sources are present in this kind of data? And what kind of behaviour do they show? Could there, for example, be a problem in data logging?

Is it repeatable? Ask the person to repeat his actions, and then compare that performance with what his pacemaker showed from the claimed event, you might have something. (Though it might be considered borderline unethical to do so …)

It's far to easy to overinterpret data.

And I'm interested to know where people in the field see CF in 5 years time. Challenges?

Let's hope it is not in the situation where some other forensic practices are shaken baby syndrome, bite mark or hair identification, etc.

Recommended reading 'Blind injustice' by Mark Godsey from University of California Press. Just published.

ReplyQuote
Posted : 01/10/2017 8:52 pm
StudentofLife
(@studentoflife)
New Member

Digital Hidding and Digital Camouflage will be on-large in 5 years.

Ping-Pong What do you say now?

First of all, some very interesting points made. I never imagined somebody saying that DF would become easier.
Are cryptocurrencies something that you're encountering regularly?

Also do you think there's going to have to be more rigorous training and standards for DF analysts to find the hidden data?

ReplyQuote
Topic starter Posted : 01/10/2017 9:02 pm
StudentofLife
(@studentoflife)
New Member

My opinion Digital Forensics will go darker. Encryption on iOS is only the beginning, new versions of the Android OS will have a very similar encryption as the iOS has today.

Thank you! Very interesting points made

ReplyQuote
Topic starter Posted : 01/10/2017 9:24 pm
StudentofLife
(@studentoflife)
New Member

It's far to easy to overinterpret data.

This is something I'll remind myself of

Recommended reading 'Blind injustice' by Mark Godsey from University of California Press. Just published.

I've been meaning to read more so thank you for the recommendation

ReplyQuote
Topic starter Posted : 01/10/2017 9:28 pm
Deltron
(@deltron)
Active Member

I can see more in house forensics/prevention for bigger companies.

Also seeing alot of startups of IR in house Software such as Red Canary and thin air
https://www.redcanary.com/managed-detection-and-response/
https://www.thinair.com/

Any opinions on these and the future?

ReplyQuote
Posted : 02/10/2017 4:12 am
MDCR
 MDCR
(@mdcr)
Active Member

More IOT forensics, more reliance on automated sources, i.e. social media/marketing as that grows and records peoples daily lives as we get a more digital society.

Hopefully organisations that have something worth protecting will grow the f–k up and start proper combined CTI, Insider, Forensics programs and not keep those separate. Visibility and defence has to change soon - what we got today is a joke.

The minimum-level security compliance monkeys need to start being quiet and take a backseat to real defensive and investigation/response/proactive security if the companies want to survive, IP has been stolen from the beginning of time and i've seen documentaries of IP theft using digital devices as early as the 1990s.

It is seriously time to get some proper prioritization on this subject.

ReplyQuote
Posted : 02/10/2017 12:36 pm
MSAB_Paul
(@msab_paul)
New Member

Are cryptocurrencies something that you're encountering regularly?

Definitely being seen out in the wild today, and if cryptocurrency takes off even half as much as it's speculated too to then DF skills in this area will be in demand. Blockchain knowledge, and expertise in connecting the chain, transactions, and possible end-points (wallets, fiat accounts, people, locations, etc.) will be key skills.

ReplyQuote
Posted : 02/10/2017 5:38 pm
MDCR
 MDCR
(@mdcr)
Active Member

I can see more in house forensics/prevention for bigger companies.

Also seeing alot of startups of IR in house Software such as Red Canary and thin air
https://www.redcanary.com/managed-detection-and-response/
https://www.thinair.com/

Any opinions on these and the future?

Well, i can tell you that "find your insider threat in 90 seconds" isn't going to fly IRL. Those kinds of investigations take time and even steps outside of the IT world and includes HR and human observations.

You could write something like Bloodhound that hunt for too liberal user privileges instead of ACL's, but it is far from a complete solution. Most of it is marketing fluff from people who apparently haven't done that kind of investigation.

Note The products are probably not totally useless, its just the marketing that need an attitude adjustment, like with so many other things.

ReplyQuote
Posted : 02/10/2017 11:20 pm
Share: