Operational _Forensic_ Analysis

Document Sample
Operational _Forensic_ Analysis Powered By Docstoc
					Operational (Forensic) Analysis
  Differences between Prosecutorial
    vs. Operational Investigations
• Timeliness of the investigation
   – There is no criminal investigation until after a crime is suspected
   – Military/CIP/Industrial operations demand trans attack and pre-
     attack planning to mitigate effects of an attack. Post attack
     analysis is useful for containment and reconstitution.
• Development and execution of Procedures
   – Guided by policy considerations vs. statutorial considerations
• Scrutinization of results
   – Higher burden of proof currently required for criminal
     investigations vice civil suits vice determination of an operational
     defense posture.
  Differences between Prosecutorial
    vs. Operational Investigations
• Proof/validation of tool operation
   – Tool operation needs to be explored in order to
     introduce its results in court.
• Impact of investigation on mission/ operation
   – Operations require minimal disruption, prosecution
     requires maximum integrity/fidelity
       Technical Issues & Needs
• Capturing data in real-time, while it is being operated upon
  by users, without compromising integrity
• Capturing transient data from the network/Internet in near
  real-time (seconds, minutes) when suspicion is first
• Proving afterward that the transient data existed
• Tools to capture local expertise for network defense and
  forensic analysis
• Database of operational role of all information systems to
  understand what critical data may be contained on a
                    Other Issues
• Establishment of “normal” or “accepted” business
  processes in reacting to cyber attacks to assist the First
• The legal system has handed us unenforceable laws that
  require LE to perform technical magic to navigate for
  investigations. Need to resolve within legal system first.
• Politics adversely affect interoperability, tech transfer, and
  cooperation in both military and LE

Shared By: