A Public Sector Communications eMagazine

December 16, 2003  --  Volume 1, Number 8

spacer
E-Mail a Friend 



Best Practices At Work

Combating Computer-Related Crime

 

By

Robert Green

Senior Editor

 

In crime, a computer can be a victim, a witness, a record, and/or a weapon.  For this reason, the National Institute of Standards and Technology (NIST) is pursuing two projects to help combat computer-related crime.

 

Computer Forensic Tool Testing (CFTT) and the National Software Reference Library (NSRL) are projects that will beef up standards for tools and processes that aid in computer-related investigations.  The two NIST projects are aided and supported by the Justice, Defense, Treasury, and Homeland Security departments.

 

Computer Forensic Tool Testing

 

The mission of the CFTT project is to provide assurance that instruments used in computer-related criminal investigations produce valid results and unearth evidence that will be admissible in court, said Susan Ballou, NIST CFTT program manager.

 

CFTT helps identify forensic functions such as disk imaging, hard drive write-protect, and deleted file recovery – all tasks for which NIST is developing project specs.

 

CFTT faces many challenges, Ballou said.  In order to create a single framework for testing requirements, CFTT project leaders are currently working to develop standard classifications for cyber forensic tools.  A classification system would be the basis of future testing, and further help provide definitions for the evolving forensic vocabulary.

 

Currently, CFTT is working to test hard drive imaging tools.  In these tests, forensic investigators must be sure the source disk does not change, copied information is accurate, and data is not compromised when transferred to either smaller or larger destination systems.

 

CFTT has already helped enable users to make informed choices when sampling forensic products, Ballou said.  CFTT will reduce challenges to the admissibility of digital evidence, and create the incentives by which industry can deliver better tools.

 

Ballou made the comments at this fall’s “Securing the Homeland” conference, presented by NIST and the Federal Business Council.

 

National Software Reference Library

 

NIST’s National Software Reference Library (NSRL) is comprised of three hefty components:

 

1.      A physical library of 3,800+ software packages

 

2.      A database of known file signatures (“fingerprints”)

 

3.      A Reference Data Set (RDS) of 16.2 million items extracted from the database onto CD, used by law enforcement, investigators and researchers

 

Software housed in the NSRL’s collection includes consumer products, developer products, malicious software, and cracked software.  The NSRL both commercially purchases software and accepts donations.  A full list of its contents are available online at www.nsrl.nist.gov.

 

NIST’s Douglas White said the NSRL database contains information to uniquely identify every file on every piece of media in every application.  There are 4,200 bytes per application and 750 bytes per file.  The total database size is now 9 GB for 3,800 applications with 13.4 million files.

 

The most elaborate part of the NSRL is the RDS, or reference data set.  It is a selection of information from the NSRL database that can be used to positively identify the manufacturer, product, operating system, version, and file name from its file signature.  The data format for forensic tool users is published on a quarterly basis.

 

Reference Data Set (RDS)

 

The RDS can be used by cyber crime investigators to:

 

·         Eliminate as many known files as possible from the examination process 

·         Discover expected file name with unknown contents

·         Identify origins of files

·         Look for hacker tools

·         Provide rigorously verified data for forensic investigations

 

The elimination of known files is a key ingredient for RDS.  An investigator looking for malicious files would not have to sort through clean files with the use of RDS.  RDS is used in combination with the extraction of a disk drive and put into an analysis program.  The result produces known and unknown files, extremely useful for a cyber-forensic investigator.

 

On June 2, 2003, the NSRL issued RDS CD Version 1.2.  Thus far it has received 124 subscriptions, including vendors, corporations, universities, and agencies such as the FBI, Defense Dept., Secret Service, and Homeland Security, White said.

 

Douglas White spoke at this fall’s “Securing the Homeland” conference, presented by NIST and the Federal Business Council.

 

Senior editor Robert Green can be reached at RobertGreen@PubSector.net.


 www.PublicSectorInstitute.net

INSIDE DECEMBER 16

December 16 Front Page

2004 New Products

Vaccine Shortage Exposes Gap

Combating Computer Related Crime

Standards Optimize Efficiency

Fire Resistant Coating Saves Lives

HELP US HELP YOU!



Join Today!
Visit www.thehstc.us

 


 

Submit your press releases,white papers and case studies on innovation and best practices, click here

Reader Services

Unsubscribe
E-Mail a Friend
Change E-Mail Address
Submit Papers
Feedback
E-Magazine Subscribe
Join PSI


Home

About
Publishing & Marketing
Effective Government
On The FrontLines
Contact


Public Sector Communications   Privacy   Unsubscribe  Change E-Mail Address
eMagazine / Subscribe  Feedback/Contact Us  

Copyright © 2010 Public Sector Communications, L.L.C.

Public Sector Communications, L.L.C.
19009 Alpenglow Lane
Brookeville, MD 20833

 

  

Powered by Vertical Symmetry www.vsym.com Technologies