Friday, November 2, 2007

The Drives Project: From Disk Forensics to Media Exploitation

Speaker: Simson Garfinkel

Abstract:
A hard drive is a window into the past and a door into the mind. Using forensic techniques the data on a hard drive can reveal who broke into a computer system, what was done, and the perpetrators. Hard drives have proved so useful that they are now routinely seized or imaged in DoD, intelligence, law enforcement, and even civil actions.

But analyzing the information a hard drive today takes the time of a skilled analyst; today's tools lack significant automation and intelligence, and frequently crash. As a result there is a large backlog of hard drives waiting to be analyzed; important information is easily missed or not analyzed for months after it is acquired.

This talk discusses the work to date of the Drives Project, a 9-year (and counting) effort that is creating a large-scale collection of real disk drive images, open source tools, and new techniques for automatically processing data recovered from disk drives and other kinds of storage devices. Today the Drives Project has assembled a corpus of more than 1000 forensically interesting images from hard drives and USB storage devices that were collected all over the world. We have created open source formats, tools and algorithms for automatically analyzing this data in bulk and rapidly producing answers to questions that are relevant to the Defense, Intelligence and Law Enforcement communities. The Project is now in the process of dramatically expanding the global reach of data being acquired and exploring new research opportunities for using this data.

Time: 2 November 2007 (Friday) at 1630 hrs
Location: Gates 4B (opposite 490)