Slide 1

INTRODUCTION Patrick Norman

Slide 2

World Trends Smart World Smart Grids (Power, etc.) Mobile Integration between physical and digital world

Slide 3

World Trends Smart World Smart Grids (Power, etc.) Mobile Integration between physical and digital world

Slide 4

By 2015, a G20 nations critical infrastructure will be disrupted and damaged by online sabotage. (Gartner.com)

Slide 5

IT Threats DDoS attacks Fraud (Add more after meeting with professor RUHI)

Slide 6

Cyber Gangs Russian Business Network Rock Phish Gang NSA Grey Pigeon Authors Stormworm Gang Awola Crew DRG Group South American Groups Oga

Slide 7

BlackHat vs. WhiteHat Hackers BlackHats Work to exploit computer systems (I intend to only give maybe 1 or two examples of each hacker and tell a brief summary of what they did) Examples Jonathan James Adrian Lamo Kevin Mitnick Kevin Poulsen Robert Tappan Morris WhiteHats "Ethical Hackers," hired by companies to test the integrity of their systems Examples Stephen Wozniak Tim Berners-Lee Linus Torvalds Richard Stallman Tsutomu Shimomura

Slide 8

Forensics Investigators Main responsibilities (Job activities) Attempting to uncover the trace of an attacker to identify him Uncovering IT System security threats Testifying in court against convicts

Slide 9

Importance of Computer Forensics Systems How can Computer Forensics Systems improve security Better identification of system threats to improve protective measures Catching cyber criminals will have a better effect than regular criminals because they have bots automatically generating threats (FIX THIS)

Slide 10

Simulation

Slide 11

Background of Simulation 2 Important Components: Statistical Modelling Create models to predict random events Software Arena Custom code

Slide 12

Statistical Modelling When should this be used? To predict random events When there are one or many unknowns Key success components Large data sets Well-defined problem Structured problem

Slide 13

Simulation Why do we simulate? An improved tool Avoid taking risks When do we simulate? Before and after an event Certain types of problems work best Can we rely on it? 70-90%

Slide 14

Simulation Inputs Use random number generators Set of rules and functions that are problem dependent Outputs How do we interpret results? There is no perfect answer The problem could change Further developing the model will only make it more accurate

Slide 15

Simulation and SDLC The 2 Most Important Steps: Design Phase Look for vulnerabilities Exhaustive test sets Identify design flaws Operations Phase Collect data Identify flaws in existing systems Improve future projects

Slide 16

= 0% = 60% = 0% = 40% SDLC

Slide 17

Software Monte Carlo Off-the-shelf Advantages Network Modelling Off-the-shelf Advantages Custom Code Advantages

Slide 18

Computer Forensics

Slide 19

Mobile Forensics Outsell PCs Harder to investigate Newly acquired need to investigate Data paths Numerous Manufacturers NIST

Slide 20

Tools & Techniques SIMbrush MOBILedit! TULP 2G

Slide 21

Network Forensics Network forensics is the science that deals with capture, recording, and analysis of network traffic for detecting intrusions and investigating them.

Slide 22

Tools & Techniques

Slide 23

Key Techniques IDS Intrusion Detection System Packet Capture Capturing data packets crossing a network Proprietary Unique techniques developed by individual vendors Pattern Matching Ex: Hashing

Slide 24

Database Forensics Internet Boom Legal Duty Database forensics as a tool

Slide 25

Tools & Techniques SQL Server Management Studio Express SQL CMD Windows Forensic Tool Chest NetCat WinHex

Slide 26

Challenges Encryption Use as Evidence Evolving Technology

Slide 27

Application

Slide 28

Step 1: Observation

Slide 29

Observation Actual Observation On the shop floor Historic Statistics Distribution Diagrams System Architecture

Slide 30

Observation Develop the Equation BASIS FOR ENTIRE MODEL

Slide 31

Step Two Develop the Model

Slide 32

Models Network Models Processes Data flow Queues

Slide 33

Models Monte Carlo Deterministic Largely Random

Slide 34

Model Objective Gain Knowledge Matching real and simulated Now Lets break it

Slide 35

Step 3 Analyze and Fix

Slide 36

Analysis Multiple Iterations Compare Expected and Actual Results Compare Actual and Historic Results

Slide 37

Benefits to UNIWO Security of IT systems Pre and post simulation will allow us to identify threats earlier Stability Probability of having an unexpected system shutdown is decreased significantly Simulation added to computer forensics will improve chances for catching cybercriminals by identifying their patterns