Salve, vi informo che presso la Sala Conferenze del Dipartimento di Elettronica e Informazione (http://www.dei.polimi.it) del Politecnico di Milano, nel pomeriggio dell'11/09 p.v. si terranno due seminari relativi alla computer forensics, grazie alla gentilezza di due ospiti internazionali. Invitiamo tutti gli interessati ad intervenire.
ore 14.30: Forensic Acquisition of Memory Prof. Ewa Huebner, University of Western Sidney (Australia) Abstract: In this talk we present the results of our research leading to better understanding of issues in forensic memory acquisition and interpretation. It is generally accepted that forensic investigation of physical memory can reveal unique facts about current and past usage of the computer system. For a forensic investigation the analysis of a memory image can to a large extent replace live system analysis, and it offers a number of advantages. To measure forensic value of memory we conducted a series of experiments on Linux and Windows systems to determine the age of user process data in physical memory. Our goal was to compare the behaviour of both systems and to determine what is the rate of decay for user pages, and whether the rate of decay depends on the demand for physical memory. Our findings show that under both Windows and Linux systems user pages persist for significantly shorter time than system pages, and the age distribution of these pages does not change significantly with the level of demand. Further we studied how operating system design and implementation influences the methodology for computer forensics investigations, with the focus on forensic acquisition of memory. In theory the operating system could support such investigations both in terms of tools for analysis of data and by making the system data readily accessible for analysis. We demonstrate how techniques developed for persistent operating systems, where lifetime of data is independent of the method of its creation and storage, could support computer forensics investigations delivering higher efficiency and accuracy. We further propose a new technique for forensically sound acquisition of memory based on the persistence paradigm. Biography: Ewa Huebner is a senior lecturer and the leader of the Computer and Network Forensics Research group at the School of Computing and Mathematics, University of Western Sydney, Australia. She was awarded the PhD degree in 1999 by the University of Sydney for her research into persistent operating systems. Prior to her academic career she worked as a systems programmer and administrator for the government and industry. Her current research interests are operating systems and computer forensics, specifically memory forensics and live system investigations. In recognition of her contribution to the profession in 2008 she was elected to the grade of Fellow by the Australian Computer Society. ore 16:00: Teaching Computer Forensics at the University of Western Sydney Dr. Derek Bem, University of Western Sidney (Australia) Abstract: This presentation describes our experience in the design and implementation of a computer forensics specialisation for the Bachelor of Computer Science degree and its capstone subject Computer Forensics Workshop. Our motivation for introducing this specialisation was to respond to the growing demand for professional services in computer forensics by the government and industry as well as to attract undergraduate students back to computing. Computer forensics is an emerging multidisciplinary field with foundations in computer science and law, and academically it is best positioned as a stream in general computer science degrees. The capstone subject in the specialisation, Computer Forensics Workshop, is practically oriented with a substantial laboratory component. The subject is taught by a team of academics, each contributing their expert knowledge in operating systems, file systems, network security and cryptography. The aim is to prepare the students to enter the job market as a professional computer forensics specialist, either in a law enforcement agency or a business organisation relying on computer information systems. Biography: Derek Bem is an academic in the School of Computing and Mathematics, University of Western Sydney, Australia, and a member of the Computer and Network Forensics Research group. Derek is Chartered Professional Engineer and member of the Institution of Engineers Australia. He has over 30 years of experience in ICT industry, academia, and as a court examiner and expert witness in computer forensics. His research interests focus on the role of virtual environments in computer forensics and live forensic investigations. He published in major computer journals and international conferences. -- Cordiali saluti, Stefano Zanero Politecnico di Milano - Dip. Elettronica e Informazione Via Ponzio, 34/5 I-20133 Milano - ITALY Tel. +39 02 2399-4017 Fax. +39 02 2399-3411 E-mail: [EMAIL PROTECTED] Web: http://home.dei.polimi.it/zanero/ ________________________________________________________ http://www.sikurezza.org - Italian Security Mailing List
