[Busec] Digital Forensics Talk - 10am January 18th at MIT

Sharon Goldberg goldbe at cs.bu.edu
Wed Jan 2 21:19:57 EST 2013

Hi All,

I've heard that this work is fascinating and kind of terrifying.  FYI,
and happy new year,


From: "Garfinkel, Simson (CIV)" <slgarfin at nps.edu>
Subject: Digital Forensics Talk - 10am January 18th - E17 conference
room (7th Floor)
Date: January 2, 2013 3:02:03 PM EST
To: "seminars at csail.mit.edu" <seminars at csail.mit.edu>

[Please circulate]

Digital Forensics Innovation: Searching a Terabyte of Data in 10 Minutes

Time: 10am

Date: January 18th

Where: 7th Floor Conference Room
400 Main Street
Cambridge, MA 02139

Speaker: Simson L. Garfinkel, Naval Postgraduate School


Most digital forensics tools follow a simple model of “visibility,
filter and report” – the tool extracts all of the information on a
subject’s disk drive, this information is filtered according to search
terms, and finally a detailed report is created by a trained examiner.
The problem with this model is that it cannot keep up with the growing
amount of storage on desktops and in the cloud, the increasing
diversity of data formats, or the growing perniciousness of malware.

This talk present a new approach that allows rapid triage of digital
storage devices using random sampling, bulk data analysis, and the
presence of distinct, recognizable sectors that are commonly found in
user-generated documents, multimedia, and encrypted files. It shows
how a 30MB piece of video hidden on a 1TB hard drive can be found in
less than 10 minutes, even if the video deleted and partially
overwritten so that no file headers, footers, or metadata can be
recovered. We show how we can deploy this technique on a laptop in the
field with a custom-built database with a billion rows that can
perform more than a thousand lookups per second.

Bio: Simson L. Garfinkel is an Associate Professor at the Naval
Postgraduate School. Based in Arlington VA, Garfinkel’s research
interests include computer forensics, the emerging field of usability
and security, personal information management, privacy, information
policy and terrorism. He holds six US patents for his computer-related
research and has published dozens of journal and conference papers in
security and computer forensics.
Seminars mailing list
Seminars at lists.csail.mit.edu

More information about the Busec mailing list