Showing posts with label DFRWS 2014. Show all posts
Showing posts with label DFRWS 2014. Show all posts

Tuesday, 25 November 2014

DFRWS EU 2014 - Introduction of Investigation and Intelligence Framework

From the previous post, we provided a workshop about Real Network Security Kungfu in DFRWS EU 2014, in the workshop, we also introduced the concept of Investigation and Intelligence Framework.


The Investigation and Intelligence Framework aims at facilitating the following functions:

  • Import evidence data to our engine, for example Memory Dump, Registry and URLs
  • Our system grabs the data but not limited to IP Addresses, Domains, Emails Addresses.
  • The data grabbed is fed to our  intelligence Engine and give birth of the following information, working out threat forecasting:
    • Timelining
    • Relevance/Confidence Level
    • Activities Correlation


  • The demo is the prototype of Investigation  Intelligence Framework
  • Memory dump is imported, it further digs  out the detected URLs from the IP Address
  • The VirusTotal API finds the one of the IP  Addresses which is suspicious
The Investigation and Intelligence Framework is a on-going research in our team.
Posted by at No comments:
Labels: , ,

DFRWS EU 2014 Workshop - Real Network Forensics KungFu

The annual DFRWS conference allows leading digital forensics researchers from government, industry, and academia to present their work and results to fellow researchers and practitioners. DFRWS EU 2014 was in Amsterdam from 7-9 May 2014.

Our research fellows Kelvin Wong, Anthony Lai and myself held a workshop on Real Network Security Kungfu:

Abstract:
Most of the ‘Network Forensics’ only focus on the packet (pcap) and net-flow analysis but it is just a part of the investigation. Investigator is not a ’Prophet‘, it is impossible to capture the traffic before the incident occurred, to trace the intruder/attacker. Network Forensics should cover not only the captured traffic but also all of the network-related evidences (located at memory, registry, web-applications and, of course network traffic) acquired from the compromised machine. The workshop will concentrate on the practical skills and recommend a best solution to the forensics professionals by a case study. Also we will demonstrate a new project (proposed by Ran2) which could identify the attacker at the early stage for the ease of the further investigation.

(ref: http://www.dfrws.org/2014eu/tutorials.shtml#kungfu)






Posted by at No comments:
Labels: , , ,
Subscribe to: Posts (Atom)