CyberForensics Conference 2014 – Day 1

Today I attended and spoke at day one of two of the 4th Cybercrime, Security and Digital Forensics Conference 2014, held at Strathclyde University in Glasgow. My presentation was one an open source project I have been working away at for the last 3 or 4 months, and I’ll do a more detailed update on that later in the week. I met a lot of lovely forensics and information security people & many PhD students, nice to do some networking with like minded people every once in a while!

Some interesting things I learnt today – 

  • From Alex McLaren‘s talk on “Profile of a Fraudster”, Employees aged 60+ may only account for 2% of Insider fraud, but account for the biggest median losses, averaging $527,000. Those who are employed more than 10 years at a company account for the largest percentage of losses per employment length at 23%
  • The biggest problems Forensics and Incident Management services face today according to David Cannings (NCC) are:
    • Working with huge volumes of data e.g. imaging 1PB network drive
    • Cloud data – where is the data actually stored?
    • Imaging unusual devices e.g. embedded systems and systems on chips. This will become more prevalent with the “Internet of Things
    • Clients requiring short time-scales so no full investigation can be done. Require quick and dirty ways of doing things without compromising accuracy and methodology
    • Clients requiring devices to be kept on, no taking servers offline for imaging
  • And finally Kenneth Ovens talk on “Temporal Analysis Anomalies with iOS iMessage Communication Exchange” provided a very interesting look at timestamping – Apple’s iMessage system may report timestamps that can be out by 2 minutes either way of the actual time (!) This may have serious consequences of relying on exact timestamps for alibis and corroboration.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s