A methodology for forensic investigations of botnets
Click image to see a larger version
The Zombie Computer Infographic via Bluehost
Wednesday, March 05, 2014
Forensic investigation of botnets
Currently forensic investigations of cybercrime attacks get more interest, it is expected that more cases are brought to court. However, they are often difficult to investigate due to their international nature and that they are getting more sophisticated
A methodology for forensic investigations of botnets
Click image to see a larger versionThe Zombie Computer Infographic via Bluehost
A methodology for forensic investigations of botnets
Click image to see a larger version
The Zombie Computer Infographic via Bluehost
Sunday, February 23, 2014
February 2014
February is always a nice month, with the conference of the American Academy of Forensic Sciences in Seattle as one of the main event. With over 3400 participants it was an excellent event. This time I had two presentations in the scientific session, one on camera identification on social networks and one on forensic hand comparison together with my colleagues. Two workshops that I moderated and also two presentations in the workshops on 3D-methods and biometric facial systems.
My colleagues presented on evaluation of errors in DNA analysis. It was interesting to see that human errors in DNA reporting and handling of the evidence contribute to most of the known errors. They also compared it to other labs, however of forensic labs not many publications on this are available yet. Also with many checks in the system, still reporting is one of the important sources of error, so it is always good to keep this in mind and improve the system.
As Trustee of the Forensic Science Foundation, I see that more attention is given to international participants, all of them are open to international participants and there is even the new Henry Lee scholarship especially designed for international participants.
Also forensic cloud computing had many papers this time, and this is certainly good since it requires another methodology for digital evidence.
On 10 February the European Commission a meeting at the European Commission on EC3, https://www.europol.europa.eu/ec3 the European cybercrime center. Also an event for networking for the ENFSI Forensic IT Working group. It was good to see much interest in the topic here.
My colleagues presented on evaluation of errors in DNA analysis. It was interesting to see that human errors in DNA reporting and handling of the evidence contribute to most of the known errors. They also compared it to other labs, however of forensic labs not many publications on this are available yet. Also with many checks in the system, still reporting is one of the important sources of error, so it is always good to keep this in mind and improve the system.
As Trustee of the Forensic Science Foundation, I see that more attention is given to international participants, all of them are open to international participants and there is even the new Henry Lee scholarship especially designed for international participants.
Also forensic cloud computing had many papers this time, and this is certainly good since it requires another methodology for digital evidence.
On 10 February the European Commission a meeting at the European Commission on EC3, https://www.europol.europa.eu/ec3 the European cybercrime center. Also an event for networking for the ENFSI Forensic IT Working group. It was good to see much interest in the topic here.
Tuesday, December 31, 2013
December 2013 / January 2014
As usual somewhat more quiet, finishing the last cases and some holidays. I had to testify in court this month
in 's-Hertogenbosch in the Netherlands for a case on the Bayesian conclusions and on interpretation of image comparison, in this case of a glove.
Also in December we had a very nice meeting of ENFSI with the board of ENFSI in Barcelona. Good discussions about publications and other issues. The number of working groups is expanding and now also the working group archaeology is being started.
Furthermore next month I start also as part time R&D program manager big data and intelligent data analysis on the forensic topics. Many calls for funding at the moment on this topic as well as cybercrime. As usual also some research proposals also with the University of Amsterdam and with the opening of the Co van Leddenbosch Center and the Data Science Research Center also more collaboration is expected.
Also as program chair of the DFWRS EU is having a excellent number of papers, so I am looking forward to the conference in Amsterdam.
in 's-Hertogenbosch in the Netherlands for a case on the Bayesian conclusions and on interpretation of image comparison, in this case of a glove.
Also in December we had a very nice meeting of ENFSI with the board of ENFSI in Barcelona. Good discussions about publications and other issues. The number of working groups is expanding and now also the working group archaeology is being started.
Furthermore next month I start also as part time R&D program manager big data and intelligent data analysis on the forensic topics. Many calls for funding at the moment on this topic as well as cybercrime. As usual also some research proposals also with the University of Amsterdam and with the opening of the Co van Leddenbosch Center and the Data Science Research Center also more collaboration is expected.
Also as program chair of the DFWRS EU is having a excellent number of papers, so I am looking forward to the conference in Amsterdam.
ENFSI meeting in Barcelona
Sunday, November 24, 2013
November 2013
As usual November is a busy month with meetings and other plan making activities and of course casework. Also busy with projects for students on vein comparison.
The Horizon 2013 Conference of the Forensic Science Society in Manchester was a very well organized and attended event. I presented a key note on digital identity, and it was good to meet the colleagues in this field. Also nice to see that the quality assurance around new fields is progressing fast with the Forensic Regulator in the UK.
It was also the week for the Digital Investigation Days in the Netherlands, where I am chair of the organizing committee. This time 400 participants (mostly law enforcement) attended. Many new developments were presented on mobile phone investigations, chip of as well as big data and intelligent data analysis.
Currently we are also working together on IC4MF based in Brazil which is a world wide project on multimedia forensics. Since we are also working on camera identification, collaboration is always good for progress.
During the weekend I was just looking into big data with Hadoop and the integration of the sleuth kit on a commercial cloud system. It appears to work well for a simple setup, however I still prefer to have the computational power nearby, since it slows down the process somewhat and costs are somewhat unpredictable.
Also the call for papers for the DFWRS in Amsterdam is finishing soon, so submissions are requested.
The Horizon 2013 Conference of the Forensic Science Society in Manchester was a very well organized and attended event. I presented a key note on digital identity, and it was good to meet the colleagues in this field. Also nice to see that the quality assurance around new fields is progressing fast with the Forensic Regulator in the UK.
It was also the week for the Digital Investigation Days in the Netherlands, where I am chair of the organizing committee. This time 400 participants (mostly law enforcement) attended. Many new developments were presented on mobile phone investigations, chip of as well as big data and intelligent data analysis.
Currently we are also working together on IC4MF based in Brazil which is a world wide project on multimedia forensics. Since we are also working on camera identification, collaboration is always good for progress.
During the weekend I was just looking into big data with Hadoop and the integration of the sleuth kit on a commercial cloud system. It appears to work well for a simple setup, however I still prefer to have the computational power nearby, since it slows down the process somewhat and costs are somewhat unpredictable.
Also the call for papers for the DFWRS in Amsterdam is finishing soon, so submissions are requested.
In Manchester for the Forensic Science Society conference
Thursday, October 24, 2013
October 2013
During this month handled several cases, however also I presented the Imaging paper at the Interpol International Forensic Science meeting in Lyon. Due to the US government shutdown I also presented the paper on Video of USACIL. It was a very nice meeting and many contacts with directors, managers and scientist during this meeting.
For the DFRWS Europe in Amsterdam I am currently working on the technical committee as chair. There appears to be much interest in this conference, so I am looking forward to the submissions.
Also in November I am chairing the organizing committee of a conference for Digital Investigation for the Police with over 300 attendees. Many nice developments, even a custom made app.
During this month I also attended the S-Five meeting in London at the Metropolitan Police. This project will study various issues related to the Standardisation of Forensic Image and Video Enhancement (S-FIVE). The main focus of the project is oriented towards techniques that are used for improving the quality of surveillance video data and other types of images that portray persons and objects at the macroscopic level. Nice discussions on validation of software and limitations of methods and manufacturers of software that often use unrealistic examples
In November I am looking forward to give a key note talk on digital identity at the Horizons 2013 conference of the Forensic Science Society which will be held in Manchester from 6-8 November 2013.
Also nice exchanges on R&D on camera identification with a project in Brasil, and furthermore several students that work on different projects such as automated facial comparison, manipulation detection, hand comparison, veins in hands an and faces and social networks.
For the DFRWS Europe in Amsterdam I am currently working on the technical committee as chair. There appears to be much interest in this conference, so I am looking forward to the submissions.
Also in November I am chairing the organizing committee of a conference for Digital Investigation for the Police with over 300 attendees. Many nice developments, even a custom made app.
During this month I also attended the S-Five meeting in London at the Metropolitan Police. This project will study various issues related to the Standardisation of Forensic Image and Video Enhancement (S-FIVE). The main focus of the project is oriented towards techniques that are used for improving the quality of surveillance video data and other types of images that portray persons and objects at the macroscopic level. Nice discussions on validation of software and limitations of methods and manufacturers of software that often use unrealistic examples
In November I am looking forward to give a key note talk on digital identity at the Horizons 2013 conference of the Forensic Science Society which will be held in Manchester from 6-8 November 2013.
Also nice exchanges on R&D on camera identification with a project in Brasil, and furthermore several students that work on different projects such as automated facial comparison, manipulation detection, hand comparison, veins in hands an and faces and social networks.
Back from Lyon some delay due to strike of airtraffic control strike
Friday, September 06, 2013
September 2013
This month several students start on several research projects that I am coaching, ranging from camera identification, heart beat detection, veins in faces and automated biometric comparison of hand, feet and faces. As always I am looking forward to the results and challenges within these projects.
Also we are writing proposals for research funding, which is getting more important. The ENFSI Forensic IT Working group the conference of the Forensic IT Working group in Linkoping, Sweden was very nice with three proficiency tests finished on camera identification, imaging of NTFS and chip extraction with very nice results.
In 2014 also the DFWRS EU will be organized in Amsterdam, so that is nice to have it nearby.
For the journal Digital Investigation working on a special issue for Big data and data analysis, so several topics keep me busy, as well as some casework and a proficiency test. This summer in August I was working on several cases, and it appeared I could finish them in time.
Since I have to keep up with lowering my blood sugar I decided to do a test with High Intensity Interval Training (HITT) and of course a low carb diet. It is a part of a scientific study where I will do this for 12 weeks 3 days a week, and they have a hypothesis that it lowers the blood sugar and a higher VO2 Max is resulted from this.
Furthermore, I am preparing a presentation at the Interpol Symposium in Lyon a review on forensic imaging in October.
Since we sold our apartment near the sea in Zandvoort, we live for a while in the Jordaan in Amsterdam, so lots to see and do there !
In 2014 also the DFWRS EU will be organized in Amsterdam, so that is nice to have it nearby.
For the journal Digital Investigation working on a special issue for Big data and data analysis, so several topics keep me busy, as well as some casework and a proficiency test. This summer in August I was working on several cases, and it appeared I could finish them in time.
Since I have to keep up with lowering my blood sugar I decided to do a test with High Intensity Interval Training (HITT) and of course a low carb diet. It is a part of a scientific study where I will do this for 12 weeks 3 days a week, and they have a hypothesis that it lowers the blood sugar and a higher VO2 Max is resulted from this.
Furthermore, I am preparing a presentation at the Interpol Symposium in Lyon a review on forensic imaging in October.
Since we sold our apartment near the sea in Zandvoort, we live for a while in the Jordaan in Amsterdam, so lots to see and do there !
Indonesian diplomatic reception to commemorate the 68th Anniversary of the Independence of Indonesia that I attended, where our prime Minister Rutte was guest of honor and gave an excellent speech
Sunday, July 21, 2013
July 2013
This month appears to be somewhat hectic, several issues had to be solved together. We bought a new house and sold our previous apartment within 3 weeks (and actually had to leave it within 2 weeks), so it was a somewhat hectic month. Before August 1st I also submit a workshop proposal on morphometrics and one or two papers on camera identification in big data and maybe some research on biometric comparison of hands.
I also reviewed several nice papers, and see that the field of digital investigation is attracting lots of attention and some good research of universities is being conducted. Also I did several proficiency tests and it appears that you always learn something of doing these. I think for any forensic scientist it is good to do a proficiency test at least once a year. Also casework and reports, and in the summer I will continue to be at the office.
This month I also received new medical equipment that I had to use. A glucose meter which can be connected to the internet, very easy for telemedicine. It seems many of those meters are sold, and they also might provide forensic information. One sees that the number of medical devices to be used at homes is growing rapidly, however what happens if the meter is hacked from distance. As we can see from http://www.youtube.com/watch?v=ZjwuA60jIDI the meter can be hacked and this might cause wrong readings. When driving a car a hypo might occur due to that and this might in theory cause a fatal accident. We can see more devices such as ICDs where these scenarios are discussed http://blog.ioactive.com/2013/02/broken-hearts-how-plausible-was.html . Also with CPAP-devices for sleeping disorders possibilities exist to reprogram them, which also might cause as least a change of mood. In the information of the manufacturer no information is given yet on possibilities of these attacks.
Perhaps these scenarios are somewhat remote, however from 31 July to 4 August in the Netherlands the hacking conference OHM2013 is organized. There will be a forensic track from the NFI at https://ohm2013.org/wiki/Village:Garrison and I am looking forward to be there, however will not bring any medical electronic devices there, since you never know.
I also reviewed several nice papers, and see that the field of digital investigation is attracting lots of attention and some good research of universities is being conducted. Also I did several proficiency tests and it appears that you always learn something of doing these. I think for any forensic scientist it is good to do a proficiency test at least once a year. Also casework and reports, and in the summer I will continue to be at the office.
This month I also received new medical equipment that I had to use. A glucose meter which can be connected to the internet, very easy for telemedicine. It seems many of those meters are sold, and they also might provide forensic information. One sees that the number of medical devices to be used at homes is growing rapidly, however what happens if the meter is hacked from distance. As we can see from http://www.youtube.com/watch?v=ZjwuA60jIDI the meter can be hacked and this might cause wrong readings. When driving a car a hypo might occur due to that and this might in theory cause a fatal accident. We can see more devices such as ICDs where these scenarios are discussed http://blog.ioactive.com/2013/02/broken-hearts-how-plausible-was.html . Also with CPAP-devices for sleeping disorders possibilities exist to reprogram them, which also might cause as least a change of mood. In the information of the manufacturer no information is given yet on possibilities of these attacks.
Perhaps these scenarios are somewhat remote, however from 31 July to 4 August in the Netherlands the hacking conference OHM2013 is organized. There will be a forensic track from the NFI at https://ohm2013.org/wiki/Village:Garrison and I am looking forward to be there, however will not bring any medical electronic devices there, since you never know.
Subscribe to:
Posts (Atom)