Forensic Blogs

An aggregator for digital forensics blogs

by

Artificial Intelligence for Next Generation Law Enforcement

Introduction 

Prior to attending this conference, I was still a student concerned about facing the professional world. Despite the reputation digital forensics holds in the technology industry. There were a number of questions regarding the social responsibility and experience that comes along with my education. How could I incorporate the knowledge I obtain from college to a unique and marketable solution for potential employers? How do I rely on myself to stay updated and well-connected with the ever changing field of technology?

https://www.channelpartnersonline.com/files/2018/05/Enfuse1-800x534.jpg

Enfuse 2018 Keynote: Insights on Artificial Intelligence by CEO of OpenText
Source: https://www.channelpartnersonline.com/files/2018/05/Enfuse1-800×534.jpg

CEO Mark Barrenechea’s Keynote speech was quite an eyeopener in developing my understanding of the Digital Transformation. Mr. Barrenechea highlighted how the merger of information and algorithms can give actionable insights for predictive analysis. He expanded on this by stating the importance of artificial intelligence playing a key role. Artificial intelligence was described as a powerful tool, involving the use of machines to augment decision making. With that being said, it’s only at the rudimentary level to the concept of predictive analysis in a 3-layer hierarchy, including machine learning and deep learning. These all serve individual use cases to different kinds of solutions, such as in finance, retail and healthcare.

       

Source: Barrenechea, M. ‘Intelligent and Connected Enterprises’. Opentext, 2018

This keynote speech had reminded me of a time when a data analytics student, named Frederick Bussler. He had suggested that A.I. could be applicable to any field including digital forensics. Unfortunately to a young student of the field like me, adding A.I. to digital investigations was something students regarded as impractical with our current technology. I just couldn’t wrap my head around it. But listening to Mr. Barrenechea had sparked my interest. I wanted to hear more.

Enfuse 2018 Session: How Artificial Intelligence is Becoming a Crucial Tool for Next Generation Law Enforcement

As a result, I placed myself in a subsequent session that expanded upon this application. Digital forensics is traditionally interpreted as an ‘after the fact’ response measure that can assist the law enforcement in solving cases. On the contrary, my perception had slightly changed after being introduced to the practice of ‘proactive policing’. With the rising number cases over time, identifying particular pieces of evidence among multiple suspects has become more difficult. It was explained that artificial intelligence can assist investigations with not only having a faster method of narrowing down suspects and inculpatory evidence, but also be used to predict crimes before they actually happen – using open-source intelligence and other data like hot topic tweets and crime rates of geographic locations.

It was also suggested that this is being used today in automated operations, such as fraud detection. This was demonstrated using Opentext’s new AI analytics platform – Magellan. It is memorizing to see their live demonstration, inputting a lengthy line of text from a news article into the platform and reducing it to a calculated actionable insight that could be understood. Without having to read the article, Magellan had helped interpret the case.

Source: https://www.opentext.com/file_source/OpenText/en_US/PDF/opentext-magellan-solution-overview.pdf Conclusion

The EnFuse conference has been a great opportunity for me to network, learn and grow in my education. It has acted as a means to answer my individual questions, as well as reassure a bright future. I believe this conference is an invaluable experience to anybody interested in the field of technology. A single attendance can enlighten students, reinforcing their knowledge from college with holistic insights, inspired by a gathering of experts with vision.  I hope that more upcoming students look forward to attending this conference in the future.

To learn more about the LCDI, take a look at our Facebook and Twitter pages or send an email to lcdi@champlain.edu!

The post Artificial Intelligence for Next Generation Law Enforcement appeared first on The Leahy Center for Digital Investigation.

by

Threat Hunting & Triage in IR/SOC Operations

Introduction This past May, I had the opportunity to attend OpenText’s Enfuse Conference 2018. Where one of the sessions I attended was “Threat Hunting and Triage in IR/SOC Operations”. This is my third year attending the conference and I couldn’t be more grateful for the experiences! The Enfuse Conference never ceases to amaze me. Its bring together such a fantastic group of industry professionals. I am lucky to be able to network with and learn from as an undergraduate student.   The most relevant topics our industry is facing, was hearing former FBI Director James Comey deliver the conference’s keynote. His words of wisdom and insights into our industry were captivating. I will always remember having the chance to hear him speak. The best part of this year’s conference by far was taking the written exam part of the EnCase Certified Examiner (EnCE) Certification. I am fortunate enough to say, that I was able to pass the exam!

 

Session Review Threat Hunting & Triage in IR SOC Operations

One of my favorite sessions from this year’s conference was titled “Threat Hunting & Triage in IR/SOC Operations” and was presented by Michael Auger and Jessica Bair, two professionals from Cisco Systems Advanced Threats Solutions / AMP Threat Grid division. Michael and Jessica gave a compelling presentation on the offerings of Cisco’s Threat Grid for Law Enforcement Program. They offered the audience members free access to the program to understand its capabilities and test its features!

Michael discussed David Biano’s “Simple Hunting Maturity Model” and how important it is for IR/SOC Operations to be moving from a reactive triaging methodology to a proactive threat hunting model. Moreover, the presentation offered Michael’s solutions to reaching the more complex IR/SOC threat hunting models by automating certain tasks required in Incident Response / SOC Operations. Michael demoed his scripts. He explained how he wrote the scripts, what they were doing, and how they could easily be modified. Furthermore, Michael even shared his scripts with the group so that we could download and use them in our own IR/SOC Operations!

 

My biggest takeaway from this session was how useful automation can be in IR/SOC operations. Michael discussed different ways analysts can utilize automation. 

 

Conclusion

The Enfuse Conference provided me many opportunities to broaden my understanding of the Digital Forensic / Cybersecurity industry.  I made connections with others who are just as passionate about this work as I am. I was also able to explore and experience Las Vegas with my friends and colleagues! I’d like to thank OpenText and Champlain College for affording me the opportunity to attend Enfuse for the past three years. I can only hope to attend another conference next year!

To learn more about the LCDI  or our projects.  Follow us on our Facebook and Twitter pages or send an email to lcdi@champlain.edu!   

The post Threat Hunting & Triage in IR/SOC Operations appeared first on The Leahy Center for Digital Investigation.

by

Beyond Digital Forensics

Introduction

When I first found out I was going to attend OpenText Enfuse 2018, I wondered how my major and minor would fit into the conference. I’m a computer information technology major and have a minor in cybersecurity. I was going to a conference marketed towards digital forensics. I assumed I would have a hard time finding things relevant to my field of studies. Still, I was excited to be exposed to the digital forensics industry. I was counting down the days until the conference started. I didn’t realize the true value in attending Enfuse until I got there.

opentext

More Than Just Digital Forensics I attended a session called “CyberSecurity Challenges in Healthcare and Life Sciences.” I thought it would help me understand more about my minor and apply what I’ve been learning in my classes/coursework to real life situations. One presenter was Edward J. McAndrew, who runs an incident response team. The other was Brian A Coleman, who supports internal forensic investigations for the company Pfizer. The two brought in great perspectives on new threats that are happening in the industry. When asked who we should worry about, they replied, “anyone with heartbeat.” Threats constantly happen both inside and outside of the company. This presentation gave an update on the industry rather than demonstrating a new skill or tool like the other sessions. McAndrew and Coleman explained the latest security threats. Threats such as extortion, cyber fraud, phishing attacks and espionage, all of which affect companies on a daily basis. They also addressed the results of these threats, and the importance of protecting data like health information. If data is breached, it breaks dozens of policies and agreements, such as HIPAA. These breaches could get companies in a lot of trouble.   At the end of their presentation, McAndrew and Coleman talked about new laws and policies that are being introduced as a result of these attacks. This presentation was an in depth overview of the cyber security industry, which applies to my own course of study and will help me in my future career. It is important for everyone in the technology industry to understand the challenges we face every day of threats and attacks. Companies also need to be ready for them in order to prevent devastating loss. This presentation proved to me that now more than ever, we need to be aware of cyber threats in this world so we can take actions to prevent them. It was an amazing experience to hear professionals talk about things that are currently happening in the industry. I walked away from this session feeling more knowledgeable on an unfamiliar topic. Conclusion

Not only was I able to attend awesome cyber security sessions, I was also able to get my feet wet in the digital forensics industry and network with other professionals. I will be forever grateful to Champlain College and OpenText for allowing me to attend such an incredible conference. It gave me opportunities to build my professional network and catch up on the newest technologies in the fields I’m pursuing. It opened my eyes to what this technology has to offer, and I hope to attend this conference again one day!

To learn more about the LCDI  or our projects.  Follow us on our Facebook and Twitter pages or send an email to lcdi@champlain.edu!  

The post Beyond Digital Forensics appeared first on The Leahy Center for Digital Investigation.