HOME / CALENDAR /

Simson Garfinkel: "Automated Digital Forensics"

Date: 

Monday, October 18, 2010, 11:30am to 1:00pm

Location: 

Maxwell Dworkin 119

CRCS Lunch Seminar

Date: Monday, October 18, 2010
Time: 11:30am – 1:00pm
Place: Maxwell Dworkin 119

Speaker: Simson Garfinkel, Naval Postgraduate School

Title: Automated Digital Forensics

Abstract:
Despite what you may have seen in the movies, today the primary use of digital forensics is to demonstrate the presence of child pornography on the computer systems of suspected criminal perpetrators. Although digital forensics has a great potential for providing criminal leads and assisting in criminal investigations, today’s tools are incredibly difficult to use and there is a nationwide shortage of trained forensic investigators. As a result, computer forensics is most often a tool used for security convictions, not for performing investigations.

This talk presents research aimed at realizing the goal of Automated Digital Forensics—research that brings the tools of data mining and artificial intelligence to the problems of digital forensics. The ultimate goal of this research is to create automated tools that will be able to ingest a hard drive or flash storage device and produce a high-level reports that be productively used by relatively untrained individuals.

This talk will present:* A brief introduction to digital forensics and related privacy issues.

* Histogram Analysis – Using Frequency and Context to understand disks without understanding files.
• Instant Drive Analysis, our work which allows the contents of a 1TB hard drive to be inventoried in less than 45 seconds using statistical sampling.
• Our efforts to build Standardized Forensic Corpora of files and disk images, so that work different practitioners can be scientifically compared.Many of the tools and much of the data that we will discuss can be downloaded from the author’s websites at http://afflib.org/ and http://digitalcorpora.org/

Bio: Simson L. Garfinkel is an Associate Professor at the Naval Postgraduate School in Monterey, California. His research interests include computer forensics, the emerging field of usability and security, personal information management, privacy, information policy and terrorism. He holds six US patents for his computer-related research and has published dozens of journal and conference papers in security and computer forensics.

Garfinkel is the author or co-author of fourteen books on computing. He is perhaps best known for his book Database Nation: The Death of Privacy in the 21st Century. Garfinkel’s most successful book, Practical UNIX and Internet Security (co-authored with Gene Spafford), has sold more than 250,000 copies and been translated into more than a dozen languages since the first edition was published in 1991.

Garfinkel is also a journalist and has written more than a thousand articles about science, technology, and technology policy in the popular press since 1983. He started writing about identity theft in 1988. He has won numerous national journalism awards, including the Jesse H. Neal National Business Journalism Award two years in a row for his “Machine shop” series in CSO magazine. Today he mostly writes for Technology Review Magazine and the technologyreview.com website.

As an entrepreneur, Garfinkel founded five companies between 1989 and 2000. Two of the most successful were Vineyard.NET, which provided Internet service on Martha’s Vineyard to more than a thousand customers from 1995 through 2005, and Sandstorm Enterprises, an early developer of commercial computer forensic tools.

Garfinkel received three Bachelor of Science degrees from MIT in 1987, a Master’s of Science in Journalism from Columbia University in 1988, and a Ph.D. in Computer Science from MIT in 2005.

See also: CRCS Lunch Seminar
Export
iCal