[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[linux_var] [Fwd: [ml] Seminari Computer Forensics, 11/09/2008]

l'evento è a Milano

ciao

--
Per cancellare l'iscrizione: <talking-unsubscribe at ml.linuxvar.it>
Archivi web e configurazione: http://ml.linuxvar.it/ml/
--- Begin Message --- 
Salve,

vi informo che presso la Sala Conferenze del Dipartimento di Elettronica
e Informazione (http://www.dei.polimi.it) del Politecnico di Milano, nel
pomeriggio dell'11/09 p.v. si terranno due seminari relativi alla
computer forensics, grazie alla gentilezza di due ospiti internazionali.
Invitiamo tutti gli interessati ad intervenire.

ore 14.30: Forensic Acquisition of Memory

Prof. Ewa Huebner, University of Western Sidney (Australia)

Abstract:
In this talk we present the results of our research leading to better
understanding of issues in forensic memory acquisition and
interpretation. It is generally accepted that forensic investigation of
physical memory can reveal unique facts about current and past usage of
the computer system. For a forensic investigation the analysis of a
memory image can to a large extent replace live system analysis, and it
offers a number of advantages.
To measure forensic value of memory we conducted a series of experiments
on Linux and Windows systems to determine the age of user process data
in physical memory. Our goal was to compare the behaviour of both
systems and to determine what is the rate of decay for user pages, and
whether the rate of decay depends on the demand for physical memory. Our
findings show that under both Windows and Linux systems user pages
persist for significantly shorter time than system pages, and the age
distribution of these pages does not change significantly with the level
of demand.
Further we studied how operating system design and implementation
influences the methodology for computer forensics investigations, with
the focus on forensic acquisition of memory.  In theory the operating
system could support such investigations both in terms of tools for
analysis of data and by making the system data readily accessible for
analysis. We demonstrate how techniques developed for persistent
operating systems, where lifetime of data is independent of the method
of its creation and storage, could support computer forensics
investigations delivering higher efficiency and accuracy. We further
propose a new technique for forensically sound acquisition of memory
based on the persistence paradigm.

Biography:
Ewa Huebner is a senior lecturer and the leader of the Computer and
Network Forensics Research group at the School of Computing and
Mathematics, University of Western Sydney, Australia. She was awarded
the PhD degree in 1999 by the University of Sydney for her research into
persistent operating systems. Prior to her academic career she worked as
a systems programmer and administrator for the government and industry.
Her current research interests are operating systems and computer
forensics, specifically memory forensics and live system investigations.
In recognition of her contribution to the profession in 2008 she was
elected to the grade of Fellow by the Australian Computer Society.

ore 16:00: Teaching Computer Forensics at the University of Western Sydney

Dr. Derek Bem, University of Western Sidney  (Australia)

Abstract:

This presentation describes our experience in the design and
implementation of a computer forensics specialisation for the Bachelor
of Computer Science degree and its capstone subject Computer Forensics
Workshop. Our motivation for introducing this specialisation was to
respond to the growing demand for professional services in computer
forensics by the government and industry as well as to attract
undergraduate students back to computing.

Computer forensics is an emerging multidisciplinary field with
foundations in computer science and law, and academically it is best
positioned as a stream in general computer science degrees. The capstone
subject in the specialisation, Computer Forensics Workshop, is
practically oriented with a substantial laboratory component. The
subject is taught by a team of academics, each contributing their expert
knowledge in operating systems, file systems, network security and
cryptography. The aim is to prepare the students to enter the job market
as a professional computer forensics specialist, either in a law
enforcement agency or a business organisation relying on computer
information systems.

Biography:

Derek Bem is an academic in the School of Computing and Mathematics,
University of Western Sydney, Australia, and a member of the Computer
and Network Forensics Research group. Derek is Chartered Professional
Engineer and member of the Institution of Engineers Australia. He has
over 30 years of experience in ICT industry, academia, and as a court
examiner and expert witness in computer forensics. His research
interests focus on the role of virtual environments in computer
forensics and live forensic investigations. He published in major
computer journals and international conferences.

-- 
Cordiali saluti,
Stefano Zanero

Politecnico di Milano - Dip. Elettronica e Informazione
Via Ponzio, 34/5 I-20133 Milano - ITALY
Tel.    +39 02 2399-4017
Fax.    +39 02 2399-3411
E-mail: zanero@elet.polimi.it
Web:    http://home.dei.polimi.it/zanero/
________________________________________________________
http://www.sikurezza.org - Italian Security Mailing List

--- End Message ---