Visualization and Management of digital Forensic data

1
Visualization in Forensic

• Visualization and Management of digital Forensic
  data
• Forensic data visualization system
• Real time and forensic network data analysis
  using animated and coordinated visualization
  

???
2
Contents
Introduction Computer Forensics
Visualization Data Mining Visualization Log
Management Network Data Visualization Conclusion

3
Introduction

• Our Reliance on computer
• Exposure to computer system
  Vulnerability
• Computers are being attacked and compromised
• Steal personal identities (ex. Auction hacking)
• Bring down entire network segment (ex. Slammer
  worm)
• Disable the online presence of businesses
• Completely obliterate sensitive information
• New Challenge Control the retention, privacy
• recovery of sensitive data

4
Introduction
Computer Forensic is a Information - produced,
stored, transmitted by computer or network Raw
numerical data is hardly to perceptible Visualiza
tion can transform Raw data Readable and
Meaningful data Data analysis can be enhanced
through Visualization
5
Project Description

• What is the most effective way to collect
  forensic data?
• Once identified and collected how will the
  forensic data be preserved and safeguarded?
• How can one analyze forensic data and produce a
  report?
• How can one identify the suitable chart type for
  visualizing
• the forensic data?
• How can one analyze the visual representation of
  the data?
• What report formats are suitable?

6
Computer Forensic
Collect and Analyze Data Elements of
Law Primary use Recover and Analyze latent
evidence Two Type of data Volatile ,
Persistent
7
Visualization

• The ability to display data in a graphical
  manner.
• Human have the ability to visually interpret and
  comprehend picture, video, and charts much faster
  than reading a textual description of the same
• -Erbacher,
  R. and teerlink, S.
• Linux search command VS Visualization technique
• 53 find more 35 more fast
• Visualization is one of the big agenda in many
  area

8
Data Mining Visualization
Extraction of pattern or models from observed
data (KDD Knowledge Discovery in
Database) Visual Representation translate
Textual Data Visual form Make it easily
and quickly for user perceive Data visualization
play an important role in DM/KDD
Visual data exploration
Visual data Mining
9
Log Management
Log file Continuously created transpired all
activities during system uptime Exgt
in window Application, system, security,
directory service, file replication The benefit
of routine log analysis - Performing auditing
and forensic analysis - Supporting internal
investigation - Establishing baselines -
identifying operational trends, security
incidents, policy violations, fraudulent activity
10
Log Management
Limitations of Log files - a non-existent log
filtering mechanism - critical events are not
properly monitored - the lack of a central log
monitoring and reporting system - the lack of a
real-time monitoring and alerting system - the
unavailability of a robust audit system - a weak
strategy of storage and preservation of log
data - a non-existent log integrity preservation
mechanism - the lack of an automated log analysis
system Thousand of logs -gt Impossible to scan
all logs Record log data in multiple log file -gt
Merge together Storage limitation -gt Overwritten
and lost
So, New Automated System Required!!
11
Log Management
- Log parser
Automated System - Periodically collects -
Securely stores the relevant data - Preserving
information - Visualized output
12
Log Management
- Mineset
Fly through
Data Mining
Unsupervised Model
Supervised Model
Classfication
Regression
Association
Clustering
13
Network visualization
Internet is nations critical infrastructures.
Large amount of data transmitted Exgt Packet
capture logs from 2-3day small scale hundreds of
megabyte University honeynet collect 1-10
megabytes of traffic per day Difficult to spot
act by malicious adversaries - Finding the
needle in the haystack
14
Network visualization
Right amount of information In Right form of
presentation At the Right time
Efficiently and Effectively analyze traffic
pattern Easily monitor their network Rapidly
identify attack Response quickly
15
Network visualization
To design a visualization system that make it
possible for the analyst to see at a glance what
kind of activity ha occurred on the network
16
Network visualization
- G.T Backbone Traffic
Georgia Tech Inbound Backbone Traffic
Georgia Tech Outbound Backbone Traffic
Can find the network pattern
17
Network visualization
- Honeynet Traffic
Using this Visualization system 1. Identify
abnormal traffic in real time 2. Reduce the time
to conduct forensic analysis
18
Network visualization
- Botnet Traffic
19
Conclusion
Log files play a crucial role in Forensic
data Visual Representations enhance the process
of discovering Network Visualization provides a
more efficient way to browse and analysis data
20
Conclusion
Future Work - Advanced visualization (zoom
in/out, intuition, meaningful) - Filtering the
data - Apply to other domain now only
window (ex. linux)