Simson Garfinkel, Associate Professor, Naval Postgraduate School
| Jan/18 | Fri | 10:00AM-11:30AM | E19-758 |
Enrollment: Unlimited: No advance sign-up
Speaker: Simson L. Garfinkel, Associate Professor, Naval Postgraduate School
Most digital forensics tools follow a simple model of “visibility, filter and report” – the tool extracts all of the information on a subject’s disk drive, this information is filtered according to search terms, and finally a detailed report is created by a trained examiner. The problem with this model is that it cannot keep up with the growing amount of storage on desktops and in the cloud, the increasing diversity of data formats, or the growing perniciousness of malware.
This talk present a new approach that allows rapid triage of digital storage devices using random sampling, bulk data analysis, and the presence of distinct, recognizable sectors that are commonly found in user-generated documents, multimedia, and encrypted files. It shows how a 30MB piece of video hidden on a 1TB hard drive can be found in less than 10 minutes, even if the video deleted and partially overwritten so that no file headers, footers, or metadata can be recovered. We show how we can deploy this technique on a laptop in the field with a custom-built database with a billion rows that can perform more than a thousand lookups per second.
Contact: Jeffrey Schiller, E17-110A, 617 253-0161, JIS@MIT.EDU