Login | Register

• Print this |
• Email this
• Digg
• De.licio.us
• Slashdot
• Technorati

In this report

Text-based forensics sexes you up

Try this simple test…

Not only can how you type reveal who you are, what you type can be revealing as well. Neal Krawetz, who heads the security consulting firm Hacker Factor Solutions, created an online test called Gender Guesser, which does exactly that.

You type in 300 words or more and the program guesses if you are male or female. Krawetz drew on earlier research that showed how someone’s gender could be determined by the kinds of words and parts of speech used. To take the test and find out how it works, go to GCN Quickfind 776.

More on this topic

Digital forensics doesn’t come cheap

Although the knowledge of telltale typing habits may help flush out criminals, that work is getting more expensive because of the increasing cost of digital forensics.

The discipline of digital forensics is quickly becoming more professional as standards are established, and courts are beginning to require that evidence be processed only in certified laboratories.

And that professionalism does not come cheap. “It’s tremendously expensive,” said Jim Christy of the Defense Department’s Cyber Crime Center, which runs the nation’s largest certified digital forensics lab.

As a result, DOD is appealing to industry to provide software that could help reduce costs.

Christy told security professionals in February at the Black Hat Federal Briefings in Arlington, Va., that keeping up certification for the lab, its personnel, and its hardware and software accounts for up to 40 percent of the facility’s overhead. Faced with these requirements and the challenge of processing a rapidly growing volume of data, the Cyber Crime Center needs industry’s help.

“One of the reasons I’m here is to appeal to the vendors to create the tools and processes to help us process the evidence in a timely manner,” Christy said. One of the greatest needs is for tools for testing and evaluating hardware and software used in the lab.

Digital forensics is the discipline of analyzing and preparing digital evidence in criminal investigations. Christy is a pioneer in computer crime investigation, with more than 30 years experience in the field. When he began, there were no standards or guidelines for how to gather and handle this data. Today, it is a structured and increasingly regulated field. In 2003, the American Society of Crime Lab Directors set standards for certifying digital forensics labs.

All tools used in the lab must be certified to those standards, and all personnel must be tested and evaluated annually. All work on evidence done by an analyst must be reviewed by other certified analysts. The failure of an analyst could jeopardize any convictions in recent trials where the analyst testified or prepared evidence.

The accreditation program is still in its infancy. There are 327 accredited general forensics labs nationwide, Christy said, but only 12 accredited digital forensics labs. And with more than 19,000 law enforcement agencies, most with fewer than 25 officers, demands on certified labs are growing. The Cyber Crime Center facility has 90 analysts, but the workload is growing faster than its workforce. The number of digital devices from which evidence can be gleaned is growing rapidly and now includes iPods and X-Box game consoles in addition to PCs, Global Positioning System devices and cellular phones. The volume of data gathered in a single investigation can rapidly amount to a terabyte.

The Cyber Crime Center lab handled about 12 terabytes of data in 2001, Christy said, and 156 terabytes in the 700 cases it handled last year. At the same time, the turnaround time for each case has decreased from 89 days in 2003 to 41 days in 2006.

“You need bigger and better tools” to handle that volume of data, Christy said. Christy recently retired as a special agent from the Cyber Crime Center and now heads the center’s newly formed Futures Exploration division, an outreach program that seeks support from industry and academia. As part of that outreach, the center announced the DC3 challenge at the August 2006 Black Hat Briefings in Las Vegas. The contest was a set of 11 challenges on data recovery and analysis. Twenty-one teams entered, and the winner — a team from Access Data — won a trip to the January Defense Cyber Crime Conference in St. Louis.

One of the challenges was to recover data from a broken CD, a problem for which the lab had no solution. Eleven of the teams solved that problem, Christy said. “And they all had different techniques.” So now when a damaged CD comes in as evidence, analysts have 11 techniques to use.

The challenge will be repeated this year. One of the tasks likely to be included will be recovery of data from the BitLocker encryption feature in Microsoft’s Vista operating system.

William Jackson