サイバーフォレンジックにおけるBB FlashBackの使用

 
すばらしいソフトウェアです - 御社の製品のパフォーマンスに賛辞を送ります。
Benjamin Wright, テクノロジー法律家
 
 
Computer forensics is a demanding field, requiring a high level of rigor to ensure the correct procedures have been followed.

Commonly, a cyber investigation examines how a digital resource like an app, a hyperlink or a Web search box works.

It is the job of an investigator to record what he sees and hears in such a way that it can be used in court to show what the resource did at the time of the investigation.

Without a recording, valuable evidence can disappear. A Web page or a Facebook wall, for instance, may display one thing now and something different five minutes later.

So how can an investigator preserve a competent recording of what he sees and hears?
 
ケーススタディ

Benjamin Wright, a technology lawyer in the US, set out to devise a new and better way to record the work of a cyber-investigator – which could be a police detective who is tracking activity on the Web.

Ben needed a tool that would capture a split-screen video record, showing both activity on a Web browser and simultaneous activity in a webcam. Furthermore, he needed the tool to create a final movie file that could easily be saved to a hard drive and transmitted as an email attachment.

BB FlashBack screen recorder presents a perfect way to make a permanent screencast record of a cyber investigation - showing what appears in a Web browser as the investigator clicks and types.

However, the software required for a cyber-investigation has to do more than just reliably capture a screencast. The software needs to capture a simultaneous webcam video of the user, which BB FlashBack does perfectly.

To authenticate the screen recording as the verifiable, legally-signed work and testimony of the investigator, Ben uses a split-screen to show a webcam image of himself (acting as investigator) observing and talking in real-time as the screencast was captured. The split-screen makes for compelling, easy-to-understand evidence and virtually constitutes a legal affidavit by the investigator.

The movie shows the investigator reading prepared remarks (i.e. his testimony as a witness) on camera, as he looks at written notes off-camera and confirms the time of the recording.

In making a forensics investigation report, he incorporates words such as ‘confidential’, ‘attorney-client communication’ and ‘attorney work-product’ directly into the spoken words of the movie. This makes the movie a verifiable, authenticated, legally-signed digital record without having to rely on “digital signature” technology.

Normally, when an investigator captures a record as a file, under conventional practice the investigator applies his or her "digital signature" to authenticate the file as secured evidence. But this can prove problematic because a digital signature relies on a complex infrastructure (commonly a ‘public key infrastructure’ or PKI), and involves the investigator holding, using and protecting a private key.

Verification of a digital signature after it is created depends on proof that the investigator possessed the private key, had relevant training for its use, and possessed the considerable resources needed to protect the private key. Often in practice, such proof can be difficult to acquire.

Using screen recorder software means the demonstration movie can employ a ‘webcam signature’ instead of a digital signature as an acceptable alternative.

A webcam signature captures real-time testimony by a signatory and links it to the evidence (i.e. activities in the Web browser, vocal observations by the investigator, facial expressions by the investigator and so on).

Ben’s movie of a cyber investigator using BB FlashBack can be seen on YouTube: http://www.youtube.com/watch?v=UgH6hzwAg5Y

表題についてのさらなる記事は下記のリンクからご覧いただけます:

Real-Time Evidence for Cloud Investigations

Benjamin Wright is a practicing member of the Texas Bar Association, He teaches the Legal 523 course (Law of Data Security and Investigations) at the SANS Institute.

 
フリーの試用版
BB FlashBack を今、ダウンロードして、30日間の無料試用をお試しください。

 

ニュースレター
ニュースレターにはニュース、録画、編集のヒントなどが載っています!
購読するには、あなたのe-mailアドレスを入力してください:
個人情報保護