From 86e876c6f4a7caa591278f1755fbe122a3b58a47 Mon Sep 17 00:00:00 2001 From: Jet Hughes Date: Mon, 10 Oct 2022 12:42:48 +1300 Subject: [PATCH] vault backup: 2022-10-10 12:42:48 --- content/notes/23-digital-forensics.md | 51 +++++++++++++++++++++++++++ content/notes/comp210-test.md | 2 +- 2 files changed, 52 insertions(+), 1 deletion(-) create mode 100644 content/notes/23-digital-forensics.md diff --git a/content/notes/23-digital-forensics.md b/content/notes/23-digital-forensics.md new file mode 100644 index 000000000..fd93a4a95 --- /dev/null +++ b/content/notes/23-digital-forensics.md @@ -0,0 +1,51 @@ +--- +title: "23-digital-forensics" +aliases: +tags: +- comp210 +- lecture +--- + +assit in legal/criminal proceedings + +ICT in application to the law + +requires broad range of technical knowledge + +computers everywhere +- IoT, PCs, severs/cloud, smart devices, network routers and storage devices, other embedded systems +- can all hold forensically significant data +- + + +# types of evidence +- direct evidence + - evidence which a witness can provide a direct account of in their testimony +- circumstansial evidence + - relates less directly to the facts of the case, requireing some analysis or inference + - suggests or indicates by seldom proves +- corroborating evidence + - supports or is consistent with other circumstantial evidence +- forensic evidence + - a kind of circumstantial evidence, usually submitte by an expert witness + +# digital forensic principles +- needs to be valildated +- physical forensics such as fingerprinting and DNA are the same +- chain of custody, is vital and must be unbroken +- necessitates proper procedures and handling +- "everything leaves a trace" some provisos i the digital domain +- maintain neutrality and objectivity +- good understanding of stats and probability can be vital + +## ethos +- search for truth +- appreciate limits of certainty +- no bias or prejudice +- can work for either side but only one at a time +- document everything +- defend demonstrate and duplicate methods + +## computers as a witness +- good at storing info, with great reliability. +- have no common sense, no initative. \ No newline at end of file diff --git a/content/notes/comp210-test.md b/content/notes/comp210-test.md index 09defd360..5b1ddec48 100644 --- a/content/notes/comp210-test.md +++ b/content/notes/comp210-test.md @@ -30,7 +30,7 @@ It is important to have good security policies. These are high-level rules about - and provide evidence of quality control, internals audits, etc - they also help to answer questions about how the company should manage their data. -It is important that these policies are widely adopted and used the the members of the company. The company should create practices and procedures that make it as east as possible for members of the company to put into practice these policies. +It is important that these policies are widely adopted and used the the members of the company. The company should create practices and procedures that make it as easy as possible for members of the company to put the policies into practice. The policies, practices, and procedures should be introduced to new staff members, and be widely available for all employees. They should not be overly complicated or strict as this will make it difficult for employees to use them. You should also regularly (e.g., once a month) check that they are being used, and if they are not, implmented changes to address the issues found # 7 In machine learning a supervised approach uses labelled data for either classificaion or regression. You might use a regression to rank each packet according to how likely it is to be a threat. You could also simply use a classification algorithm such as a k-means classifiers to classify a packet as either a threat, a non-threat, or some other class such as outlier, or possible threat. An unsupervised approach uses unlabelled data, and attempts to find patterns, and group the data. The goal is to develop a better understanding of the data, rather than making predicions about future data. We could use k-means and DBCAN clustering to find groups of similar packets. We could also use t-SNE to visualise high dimension data.