T5. Advanced Digital Forensics

[This is a full day session.]

Digital Forensics is a branch of forensic science, encompassing scientific methods, procedures and tools to perform evidence acquisition, analysis and correlation, to support crime investigations. As science and technology advances, it brings about task enabling tools for legitimate users as well as criminals. Therefore, the need for advancement in Digital Forensics to handle in-depth forensics investigation and to counter antiforensics effort has become increasingly important.

Throughout this course, the participants will be introduced to digital forensics and advancement in forensics technologies. The participants will also learn how to put themselves in the shoes of sophisticated cyber criminals, who apply anti-forensics measures. Anti-forensics measures are attempts to eliminate evidence or reduce the quantity and quality of evidence, to cause ineffectiveness and inefficiency of forensic analysis and techniques. This knowledge is necessary to enable a better risk assessment and analysis when conducting forensics investigative work. Countermeasures to anti-forensics techniques are also introduced to provide knowledge on current state-of-the-art technologies to defeat and mitigate anti-forensics effort.

Prerequisites:

• Computer science or computer engineering background

Outline:

1. Digital Forensics (1 hour)

   1. What is digital forensics

   2. How is digital forensics carried out

   3. What are the challenges in digital forensics and their impact on forensics investigations

   4. Introduction to anti-forensics (causes and effects) and counter anti-forensics

2. Data Forensics (2 hours)

   1. How are files stored (e.g. fragmentations by file system, file storage formats) and what is its impact on forensics

   2. Evidence identification, extraction, and reconstruction techniques

   3. Evidence authenticity verification techniques (e.g. tampering detection)

3. Mobile Device Forensics (1.5 hours)

   1. What is mobile device forensics and what are its key challenges

   2. Android and iOS forensic techniques (e.g. acquisition, authentication bypass

4. Case Study (1.5 hours)

   1. A walkthrough of how advanced forensics techniques are applied to investigate a mock-up crime scenario involving anti-forensics measures applied by sophisticated criminals

About the Instructor:

Dr Vrizlynn Thing currently leads the Cyber Security & Intelligence (CSI) R&D Department at the Institute for Infocomm Research, A*STAR, Singapore. The department focuses on digital forensics, cybercrime detection & analysis, cyber security & intelligence and mobile security research and technology development. She is also an Adjunct Associate Professor at the National University of Singapore (School of Computing) and the Singapore Management University (School of Information Systems). She has over 13 years of security and forensics R&D experience with in-depth expertise in cyber crime & attack evolvement detection and mitigation, cyber security, digital forensics, and security intelligence & analytics. Her research draws on her multidisciplinary background in computer science (Ph.D. from Imperial College London, United Kingdom), and electrical, electronics, computer and communications engineering (B.Eng. and M.Eng by Research from Nanyang Technological University, Singapore). During her career, she has taken on various roles with the key focus to lead and conduct world-class industry-relevant R&D to bring that brings a positive impact to our economy and society. She also participates actively as the Principal Investigator and Lead Scientist of several collaborative projects with industry partners such as multi-national corporations and the government agencies. More information about her work can be found at http://www1.i2r.a-star.edu.sg/~vriz.