Peter Stephenson - International Institute for Digital Forensic Studies
Students: Fall 2024, unless noted otherwise, sessions will be virtual on Zoom.
An End-To-End Approach to Digital Investigation
Oct 29, 2003
Abstract
The description of digital forensics is undergoing significant change. Anoutgrowth of computer forensics, digital forensic science comprises
computers, networks, software and non-computer devices such as routers, PDAs
and cell phones. Defined primarily as the application of computer science
and mathematics to matters of law, digital forensic science has application
well beyond the courtroom. Important in the evolution of digital forensics
are the notions of digital investigation versus digital forensics, and
investigation of the entire end-to-end event rather than just some of the
involved computers.
In this talk we address the conducting of a digital incident post event
analysis (post mortem) using a new approach to digital investigation called
the End-to-End Digital Investigation Process (EEDI). The case study used to
illustrate the process will be a post mortem of a mid-sized (27,000 user)
enterprise infected by the SQLSlammer worm. We will discuss the structured
investigative process, the use of the Digital Investigation Process Language
(DIPL), the conclusions drawn from the investigation, and the
countermeasures recommended. A copy of a paper describing the event will be
available for those interested in somewhat more depth on the topic.
About the Speaker
Peter Stephenson is a writer, consultant, researcher and lecturer in information protection and forensics on large-scale computer networks. He has spoken extensively on digital forensics and security, and has written or contributed to 14 books and several hundred articles in major national and international trade publications. He has lectured and delivered consulting engagements for the past 17 years in eleven countries plus the United States.
Mr. Stephenson began his information security career as a U. S. Navy cryptography technician in 1965, and has worked with computer and network communications and security since the early 1970s. He was the director of technology for the global security practice of Netigy Corporation and was the Managing Partner for the Intrusion Management & Forensics Group, LLC, a specialized security technology consulting firm, for 15 years, prior to joining QinetiQ Trusted Information Management as U.S. director of technology. While at QinetiQ, he was promoted to director of research and, ultimately, to chief technology officer for U.S. operations.
He is the developer of an operational taxonomy for information protection, as well as structured methods for vulnerability assessment, and standards-based security architecture requirements engineering. He developed the end-to-end approach to digital incident investigation and the Digital Investigation Process Language (DIPL). Mr. Stephenson holds a BSEE and currently is a PhD candidate (degree expected Fall 2003) at Oxford-Brookes University in Oxford, UK where his research involves structured investigation of information security incidents in complex computing environments. Mr. Stephenson is an adjunct professor in the Master of Science in Information Assurance program at Norwich University.
He is a member of the ISSA, an associate member of the Association of Certified Fraud Examiners, and holds the professional designations Certified Professional Engineer (CPE), Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Forensics Investigator (CIFI), and is a Fellow of the Institute for Communications, Arbitration and Forensics in the UK (FICAF).
Mr. Stephenson began his information security career as a U. S. Navy cryptography technician in 1965, and has worked with computer and network communications and security since the early 1970s. He was the director of technology for the global security practice of Netigy Corporation and was the Managing Partner for the Intrusion Management & Forensics Group, LLC, a specialized security technology consulting firm, for 15 years, prior to joining QinetiQ Trusted Information Management as U.S. director of technology. While at QinetiQ, he was promoted to director of research and, ultimately, to chief technology officer for U.S. operations.
He is the developer of an operational taxonomy for information protection, as well as structured methods for vulnerability assessment, and standards-based security architecture requirements engineering. He developed the end-to-end approach to digital incident investigation and the Digital Investigation Process Language (DIPL). Mr. Stephenson holds a BSEE and currently is a PhD candidate (degree expected Fall 2003) at Oxford-Brookes University in Oxford, UK where his research involves structured investigation of information security incidents in complex computing environments. Mr. Stephenson is an adjunct professor in the Master of Science in Information Assurance program at Norwich University.
He is a member of the ISSA, an associate member of the Association of Certified Fraud Examiners, and holds the professional designations Certified Professional Engineer (CPE), Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Forensics Investigator (CIFI), and is a Fellow of the Institute for Communications, Arbitration and Forensics in the UK (FICAF).