Authors: Eoghan Casey
DFRWS USA 2021
Abstract
Description
This workshop leverages recently released results of CASE/UCO community collaboration to provide a hands-on experience of the future in digital forensic analysis. Members of the community come together to apply CASE open source tooling to investigative scenarios and associated datasets involving one mobile device and one hard drive. The ultimate aim of these activities is to demonstrate how correlations can be found automatically between seemingly separate digital investigations. Participants will gain a deeper understanding of CASE/UCO and how it can be useful in practice. The objective of this workshop is to prepare participants to implement CASE/UCO 1.0 scheduled for release in August.
The main materials for the workshop are shared here:
https://drive.google.com/drive/folders/1d-ezfOHsU06aOrw-8vkVJOXPfL5NMS0G?usp=sharing
For your convenience, extracts of materials are provided. Therefore,
it is not necessary for you to execute tools or process larger datasets.
However, if you want to dig deeper, links to the full datasets and
utilities are provided in the context of the presentation materials:
https://drive.google.com/file/d/1NYRmis9n81mOmTKcqLt7jyh-wnOBfMGN/view?usp=sharing
Agenda
10:00 – 10:30: Introduction to the speakers and CASE
10:30 – 11:30: Detecting cross-investigation links
+ Introduction to the dataset and representation in CASE
+ Using an open-source tool with native CASE support (Autopsy)
+ Using a 3rd party translator to convert Cellebrite XML report of Android device
11:30 – 11:45: Break
11:45 – 12:00: CASE Inference proposal
12:00 – 12:30: Inferences from IoT traces
12:30 – 13:00: Lunch
13:00 – 14:00: Inferences across investigations
+ Correlating and querying the data to find links across investigations
+ Pulling it together: making evidence-based inferences across investigations