© University of Kent - Contact | Feedback | Legal | FOI | Cookies
Abstract for Seminar
Computer Forensics is an arms race between criminals and law enforcement; this seminar will cover the background and motivation for computer forensics, and show how university research contributes to the subject. The seminar will first illustrate some of the misconceptions and mistakes that allow forensic examiners to recover evidence from computing devices, and then highlight the threats from organised crime and terrorism, using examples from cases in which Cranfield staff have acted as expert examiners and witnesses. Much of the technical investigation in computer forensics is carried under the pressure of a current case; however, university research allows a more measured and long-term approach, and can be particularly effective in furthering the state of art if it is directed toward generic problems and artefacts. One such problem is the criminal use of encryption to secure computer files or disks; the use of a strong encryption algorithm does not necessarily remove all the forensic options: practical key recovery and side channel attacks can be still used to obtain evidence, and to counter further anti-forensic strategies. The arms race over encryption is carried out in the political and social domains as well as the technical world, illustrating that technical problems and constraints in forensics arise from actions and events in the real world.