Lecture: Forensic Investigation of the Internet and Mobile Systems
December 4, 2009
11:00am
Location: | SOM 112 (wheelchair accessible) |
|---|---|
Contact: |
Professor Anna Nagurney, (413) 545-5635, nagurney@gbfin.umass.edu |
Professor Brian Levine of the UMass Department of Computer Science will deliver this lecture as part of the Fall 2009 Operations Research / Management Science Seminar series. All are invited to attend.
Topic: Forensic Investigation of the Internet and Mobile Systems
Abstract: The strong impact of computing has revolutionized certain types of crime. Dissemination of data to peers is efficient because of the Internet, and criminals have de facto anonymity from exploiting open wireless access points. Mobile devices are extending the reach and character of the Internet and its relevance to crime. Fortunately, the use or even possession of computers by those that commit many crimes will typically result in digital evidence, and investigations of murder, contraband trafficking, identity and intellectual property theft, fraud, and espionage have shown.
In this talk, I review our current research projects in digital forensics that seek to address investigation of these crimes or other violations. First, I will focus on the wired Internet and our work investigating peer-to-peer file sharing networks, which support trafficking in contraband and the exploitation of children. The problem faced in these investigations is not discovering those who commit such crimes. The tools we have developed for P2P investigations are in everyday use by MA and PA State Police and has resulted in evidence of tens of thousands of users sharing such data. The challenge for investigators is instead deciding which of these myriad leads to follow up on next. P2P networks should be viewed as a massive data set representing the dynamic exchange of resources between users. And the most productive next investigation is the user that is selected based on an analysis past network activity. For example, who is often source of new content on the network? Who is a trove of existing data? Ideally, these network characteristics can be linked to real criminological behaviors.
Second, I will focus on wireless and cellular devices. These systems break several assumptions of traditional digital forensics: network addresses are not fixed, geographic locations are not fixed, often the connection is encrypted, and the underlying OS and software is varied and constantly changing. I will review our approaches to addressing some of these problems, including profiling of encrypted network traffic received by a device and reverse engineering of the format and function of data found on a mobile device.
More information about this guest speaker.
This series is organized by the UMass Amherst INFORMS Student Chapter. Support for this series is provided by the Isenberg School of Management, the Department of Finance and Operations Management, and the John F. Smith Memorial Fund.
