Preserving capacity, General Tom Lawson, Chief of the Defence Staff, Keys to Canadian SAR
Issue link: http://vanguardcanada.uberflip.com/i/985397
www.vanguardcanada.com APRIL/MAY 2018 35 CYBER Sin título-2 1 16/02/2017 14:19:46 type. Intermediate third-party forensics tools, such as Sysinternals ProcessExplorer using VirusTotal or PyFlag and Nirsoft's array of tools (RegScanner, Sniffer and WifiHistoryView), can refine and fetter out probable scenarios. More robust third-par- ty forensics suites and platforms for Win- dows and UNIX– like Digital Forensics Framework, EPRB, OSForensics, COFEE, Autopsy, SANS IF, EnCase and FTK– pro- vide aggressive analysis to the final report. Once probable scenarios are determined, the reconstruction, recreation and verifi- cation of the crime cycle can be demon- strated using WireShark or Metasploit along with exploit profiles and common vulnerability profiles. Going back to the first and second phases, the assurance of required data and its availability becomes clear here; retrieval of the data should be efficient and without deficiencies. If devic- es were not configured to report on and capture the data, it will not be available for post-breach analysis. Measure Twice, Cut Once The final phase is hinged on reporting on the integrity of the entire process. The findings are reported, complete with sce- narios, substantiations and supporting ev- idence, with clear demonstration proving the crime cycle on the balance of probabil- ities. Keeping in mind that the purpose of the report can range from internal use to civil or criminal proceedings that require compliance with judicial procedures and legislation, it's not enough to postulate what may have happened: it must be dem- onstrated with all evidence referenced, de- tailed and preserved. Considering the above complexities of cyber forensics– as we move toward all-ac- cess/open technologies, robust network computing, neural capabilities, machine learning and autonomous agents– it will be interesting to see how this transforms the practitioner and the forensics field. From what we have seen in its evolution so far and the impact of emerging tech- nologies, it may be that the newer breeds of technologies end up solving the prob- lems they inadvertently created. Valarie Findlay is a research fellow for the Police Foundation (USA) and has two de- cades of senior expertise in cybersecurity and policing initiatives. She holds a Mas- ters in Terrorism Studies from the Univer- sity of St. Andrews. If digital evidence stops at the device used to commit the crime with no evidence to identify a suspect or if information gaps, this renders continuity and correlation of evidence impossible, and the investigation is over.