SlideShare a Scribd company logo

Gareth Digby: Systems-Based Approach to Cyber Investigations

EnergyTech2015
EnergyTech2015

EnergyTech2015.com ENERGIZING MBSE IN ORGANIZATIONS Track 3 Session 4 Moderator: Matthew Hause Implementing System Engineering disciplines and practices in an energy company and a panel discussion of how to promote the use of MBSE in the energy systems. Gareth Digby: A Systems-based Approach To Cyber Investigations The presentation discusses the role of a systems-based approach to cyber investigations and demonstrates how such an approach can help the investigator ensure that a holistic view is take to the identification and analysis of appropriate evidence. Systems engineers are familiar with the need to consider the system within its environment while being aware of the interaction of the system with both people and other systems. These aspects also need to be considered when we investigate what has happened to a system as well as when we create systems. One element of this systems-based approach is the Human-System-Environment matrix, which offers an appropriate framework to guide the collection of evidence. In particular the matrix emphasizes the temporal aspects associated with evidence gathering. In addition the cyber investigator is not dealing with a system in isolation. The systems-based approach discusses the need to identify the interfaces of the system with the greater system-of-systems. The value of this systems-based approach to the various stages of a cyber investigation is described, including during the incident investigation, the collection of evidence and the analysis of data. This systems-based approach for an investigation gives the investigator the freedom to go in appropriate directions as the investigation proceeds while ensuring the investigator covers the breadth needed

Technology
1 of 28
Download to read offline
DR GARETH DIGBY A Systems-based Approach To Cyber Investigations
Introduction • This presentation outlines some of the issues associated with cyber investigation evidence collection, analysis and presentation • Simple holistic, system thinking approaches are outlined to help overcome the issues
Background • The presentation builds on the Gareth Digby’s and Zane Scott’s, the authors, experience • Providing system thinking approaches to understand and tackle complex problems • Undertaking industrial investigations
Forensic Investigations System People Environment Incident
An Incident • “Failure is an unacceptable difference between expected and observed performance” • Leonards, American Society of Civil Engineers, 1982 • Three phases of process-related incidents • Change from normal to an abnormal operating state • Breakdown of control of abnormal operating phase • Loss of control (of energy accumulations) • Guidelines for Investigating Chemical Process Incidents, Center for Chemical Process Safety, American Institute of Chemical Engineers, 2003 • Causes may be a combination of interrelated deficiencies • Hence the complexity and confusion usually associated with an incident
Evidence • Evidence has to support opinion • Evidence must be compelling and show through a preponderance of evidence that the fact is proven • Evidence has to be reliable • The chain of custody must be maintained ProvenKnown
Investigation Phases Capture Preserve Analyze Present
Capture • Digital evidence is volatile • We want to capture appropriate evidence in a timely manner
Preserve
Analyze • We want to analyze the evidence and then develop a hypothesis that we can test • The Scientific Method: • Collect data • Establish potential causes and hypothesis • Test for validity
Analyze, contd. • However • Hypothesize • Collect data • Test • …. Constrains the exploration of an answer
Present • Digital systems are inherently complex • Evidence includes a temporal component • The evidence, analysis and hypothesis have to be explained to non-specialists SimplifyClarify
The Conundrum • Capture • Look in appropriate places for evidence • Analysis • Consider all aspects • Presentation • Effective visualization of complex data Use a systematic, holistic approach to collection, analysis and presentation of evidence
People-System-Environment Matrix Before During After EnvironmentSystemPeople • Encourages thinking about the environment and people as well as the system of interest • Reminds us to think about the temporal aspects
People-System-Environment Matrix • Alternatively known as the 9-Box Matrix • Developed by A. Chapanis and P. Fitts of the US Army Aero Medical Laboratory • Bibliography • “Utilizing The Human, Machine and Environment Matrix In Investigations”, D. Curry, et al, Packer Engineering, Naperville, IL
Examples of Use • Using the approach to document evidence from an incident at an oil storage depot • Using the approach to document evidence from an assignment created for teaching computer forensics
Oil Storage Depot Incident Scenario Based on a review of the Buncefield Major Incident Investigation Board reports http://www.hse.gov.uk/comah/investigation-reports.htm
Example People-System-Environment Matrix Before During After EnvironmentSystemPeople Cold Weather Vapor Contamination Explosion Containment damage Mist reported before incident Tank overfill causes vapor cloud Tank filling overnight Control room operators start transfer Cold weather conditions Firefighters respond Firefighting foam contaminates water Why overfill? Broken level alarm Why ignition? Possibly start of fire pumps when alarm raised Why?Why?
Fictional Scenario • In June 2009, King Claudius, following an incident in which a banned play was performed, exiled Hamlet. • However it came to light that Hamlet may have been unknowingly setup by others. • Apologies to Tom Stoppard, “Rosencrantz & Guildenstern Are Dead”
People • King Claudius • Queen Gertrude • Hamlet • Rosencrantz • Guildenstern • Ophelia
Environment • Maryland • New Jersey • Car
System(s) • Rosencrantz’s laptop • Guildenstern's laptop • Email • Instant messaging • USB memory stick • GPS
Example People-System-Environment Matrix Before During After EnvironmentSystemPeople
Use Case Showing Temporal Aspects
Activity Diagram Showing Hypothesis
Simulate To Test Hypothesis
Summary • Collection • Analysis • Presentation
Conclusion The presentation has shown how issues associated with the • Collection • Analysis • Presentation … of evidence in cyber investigations can be helped through • taking a holistic and systematic approach to the identification of evidence and • the use of existing systems methods to present the temporal, interrelated nature of the evidence

Recommended

To Measure Not Model: Case Study -- Purdue University Center for High Perform...
To Measure Not Model: Case Study -- Purdue University Center for High Perform...To Measure Not Model: Case Study -- Purdue University Center for High Perform...
To Measure Not Model: Case Study -- Purdue University Center for High Perform...
AEI / Affiliated Engineers
 
Bullet proof data sets for environmental litigation
Bullet proof data sets for environmental litigationBullet proof data sets for environmental litigation
Bullet proof data sets for environmental litigation
Chemistry Matters Inc.
 
RVISL_poster_final
RVISL_poster_finalRVISL_poster_final
RVISL_poster_final
Evan Ezell
 
Anurandha Annaswamy: Computation Model of the Nexus Between Natural Gas and E...
Anurandha Annaswamy: Computation Model of the Nexus Between Natural Gas and E...Anurandha Annaswamy: Computation Model of the Nexus Between Natural Gas and E...
Anurandha Annaswamy: Computation Model of the Nexus Between Natural Gas and E...
EnergyTech2015
 
John Ostrich: Space Weather Policy
John Ostrich: Space Weather Policy John Ostrich: Space Weather Policy
John Ostrich: Space Weather Policy
EnergyTech2015
 
Branndon Kelley Keynote on Cybersecurity and the Smart Utility
Branndon Kelley Keynote on Cybersecurity and the Smart Utility Branndon Kelley Keynote on Cybersecurity and the Smart Utility
Branndon Kelley Keynote on Cybersecurity and the Smart Utility
EnergyTech2015
 
William Good: Extra Small Modular Reactors
William Good: Extra Small Modular ReactorsWilliam Good: Extra Small Modular Reactors
William Good: Extra Small Modular Reactors
EnergyTech2015
 
Benjamin Loop: Simulation Environment for Power Management and Distribution D...
Benjamin Loop: Simulation Environment for Power Management and Distribution D...Benjamin Loop: Simulation Environment for Power Management and Distribution D...
Benjamin Loop: Simulation Environment for Power Management and Distribution D...
EnergyTech2015
 

Recommended

To Measure Not Model: Case Study -- Purdue University Center for High Perform...
To Measure Not Model: Case Study -- Purdue University Center for High Perform...To Measure Not Model: Case Study -- Purdue University Center for High Perform...
To Measure Not Model: Case Study -- Purdue University Center for High Perform...
AEI / Affiliated Engineers
 
Bullet proof data sets for environmental litigation
Bullet proof data sets for environmental litigationBullet proof data sets for environmental litigation
Bullet proof data sets for environmental litigation
Chemistry Matters Inc.
 
RVISL_poster_final
RVISL_poster_finalRVISL_poster_final
RVISL_poster_final
Evan Ezell
 
Anurandha Annaswamy: Computation Model of the Nexus Between Natural Gas and E...
Anurandha Annaswamy: Computation Model of the Nexus Between Natural Gas and E...Anurandha Annaswamy: Computation Model of the Nexus Between Natural Gas and E...
Anurandha Annaswamy: Computation Model of the Nexus Between Natural Gas and E...
EnergyTech2015
 
John Ostrich: Space Weather Policy
John Ostrich: Space Weather Policy John Ostrich: Space Weather Policy
John Ostrich: Space Weather Policy
EnergyTech2015
 
Branndon Kelley Keynote on Cybersecurity and the Smart Utility
Branndon Kelley Keynote on Cybersecurity and the Smart Utility Branndon Kelley Keynote on Cybersecurity and the Smart Utility
Branndon Kelley Keynote on Cybersecurity and the Smart Utility
EnergyTech2015
 
William Good: Extra Small Modular Reactors
William Good: Extra Small Modular ReactorsWilliam Good: Extra Small Modular Reactors
William Good: Extra Small Modular Reactors
EnergyTech2015
 
Benjamin Loop: Simulation Environment for Power Management and Distribution D...
Benjamin Loop: Simulation Environment for Power Management and Distribution D...Benjamin Loop: Simulation Environment for Power Management and Distribution D...
Benjamin Loop: Simulation Environment for Power Management and Distribution D...
EnergyTech2015
 
Andrew Ritch: Interruption in the Utility Industry
Andrew Ritch: Interruption in the Utility IndustryAndrew Ritch: Interruption in the Utility Industry
Andrew Ritch: Interruption in the Utility Industry
EnergyTech2015
 
Tues.1040 am states role in protecting electric grids from emp and gmd with a...
Tues.1040 am states role in protecting electric grids from emp and gmd with a...Tues.1040 am states role in protecting electric grids from emp and gmd with a...
Tues.1040 am states role in protecting electric grids from emp and gmd with a...
EnergyTech2015
 
Bradley Glenn: Holomorphic Embedding Load Flow Method (helmtm) Algorithm Deve...
Bradley Glenn: Holomorphic Embedding Load Flow Method (helmtm) Algorithm Deve...Bradley Glenn: Holomorphic Embedding Load Flow Method (helmtm) Algorithm Deve...
Bradley Glenn: Holomorphic Embedding Load Flow Method (helmtm) Algorithm Deve...
EnergyTech2015
 
Tues pm banquet featuring Jenita McGowan
Tues pm banquet featuring Jenita McGowanTues pm banquet featuring Jenita McGowan
Tues pm banquet featuring Jenita McGowan
EnergyTech2015
 
Josh Long: Minimum Cyber Security Requirements for a 20 MW Photo Voltaic Field
Josh Long: Minimum Cyber Security Requirements for a 20 MW Photo Voltaic Field Josh Long: Minimum Cyber Security Requirements for a 20 MW Photo Voltaic Field
Josh Long: Minimum Cyber Security Requirements for a 20 MW Photo Voltaic Field
EnergyTech2015
 
David Sadey, Operation and Control of a Three-Phase Megawatt Class Variable F...
David Sadey, Operation and Control of a Three-Phase Megawatt Class Variable F...David Sadey, Operation and Control of a Three-Phase Megawatt Class Variable F...
David Sadey, Operation and Control of a Three-Phase Megawatt Class Variable F...
EnergyTech2015
 
George Baker: Nuclear EMP and Solar GMD Effects, National Protection Impasse,...
George Baker: Nuclear EMP and Solar GMD Effects, National Protection Impasse,...George Baker: Nuclear EMP and Solar GMD Effects, National Protection Impasse,...
George Baker: Nuclear EMP and Solar GMD Effects, National Protection Impasse,...
EnergyTech2015
 
Irv Badr: Managing Risk Safety and Security Compliance
Irv Badr: Managing Risk Safety and Security Compliance Irv Badr: Managing Risk Safety and Security Compliance
Irv Badr: Managing Risk Safety and Security Compliance
EnergyTech2015
 
Flora Flygt: Clean Power Plan Impact on Transmisssion Planning, Development a...
Flora Flygt: Clean Power Plan Impact on Transmisssion Planning, Development a...Flora Flygt: Clean Power Plan Impact on Transmisssion Planning, Development a...
Flora Flygt: Clean Power Plan Impact on Transmisssion Planning, Development a...
EnergyTech2015
 
Loyd Baker: MBSE - connecting the dots process with loyd baker
Loyd Baker: MBSE - connecting the dots process with loyd bakerLoyd Baker: MBSE - connecting the dots process with loyd baker
Loyd Baker: MBSE - connecting the dots process with loyd baker
EnergyTech2015
 
Halderman ch035 lecture
Halderman ch035 lectureHalderman ch035 lecture
Halderman ch035 lecture
mcfalltj
 
Anne McNelis: Intelligent Power Controller Development for Human Deep Space ...
Anne McNelis: Intelligent Power Controller Development for Human Deep Space ... Anne McNelis: Intelligent Power Controller Development for Human Deep Space ...
Anne McNelis: Intelligent Power Controller Development for Human Deep Space ...
EnergyTech2015
 
Mark Walker: Model Based Systems Engineering Initial Stages for Power & E...
Mark Walker: Model Based Systems Engineering Initial Stages for Power & E...Mark Walker: Model Based Systems Engineering Initial Stages for Power & E...
Mark Walker: Model Based Systems Engineering Initial Stages for Power & E...
EnergyTech2015
 
Brian Patterson: Reinventing Building Power
Brian Patterson: Reinventing Building PowerBrian Patterson: Reinventing Building Power
Brian Patterson: Reinventing Building Power
EnergyTech2015
 
Neil Kirby: VSC HVDC Transmission and Emerging Technologies in DC Grids
Neil Kirby: VSC HVDC Transmission and Emerging Technologies in DC GridsNeil Kirby: VSC HVDC Transmission and Emerging Technologies in DC Grids
Neil Kirby: VSC HVDC Transmission and Emerging Technologies in DC Grids
EnergyTech2015
 
Developing an Incident Response Process Model for Chemical Facilities
Developing an Incident Response Process Model for Chemical FacilitiesDeveloping an Incident Response Process Model for Chemical Facilities
Developing an Incident Response Process Model for Chemical Facilities
Mirjam-Mona
 
Comp8 unit9a lecture_slides
Comp8 unit9a lecture_slidesComp8 unit9a lecture_slides
Comp8 unit9a lecture_slides
CMDLMS
 
eSource: Data Capture Simplified - Uncover Time and Cost Saving Possibilities
eSource: Data Capture Simplified - Uncover Time and Cost Saving PossibilitieseSource: Data Capture Simplified - Uncover Time and Cost Saving Possibilities
eSource: Data Capture Simplified - Uncover Time and Cost Saving Possibilities
www.datatrak.com
 
The UK National Chemical Database Service – an integration of commercial and ...
The UK National Chemical Database Service – an integration of commercial and ...The UK National Chemical Database Service – an integration of commercial and ...
The UK National Chemical Database Service – an integration of commercial and ...
US Environmental Protection Agency (EPA), Center for Computational Toxicology and Exposure
 
Approaches to Preservation Storage Technologies
Approaches to Preservation Storage Technologies Approaches to Preservation Storage Technologies
Approaches to Preservation Storage Technologies
Micah Altman
 
June brownbagpressurvey
June brownbagpressurveyJune brownbagpressurvey
June brownbagpressurvey
Micah Altman
 
ChemSpider as an integration hub for interlinked chemistry data
ChemSpider as an integration hub for interlinked chemistry dataChemSpider as an integration hub for interlinked chemistry data
ChemSpider as an integration hub for interlinked chemistry data
US Environmental Protection Agency (EPA), Center for Computational Toxicology and Exposure
 

More Related Content

Viewers also liked

Andrew Ritch: Interruption in the Utility Industry
Andrew Ritch: Interruption in the Utility IndustryAndrew Ritch: Interruption in the Utility Industry
Andrew Ritch: Interruption in the Utility Industry
EnergyTech2015
 
Tues.1040 am states role in protecting electric grids from emp and gmd with a...
Tues.1040 am states role in protecting electric grids from emp and gmd with a...Tues.1040 am states role in protecting electric grids from emp and gmd with a...
Tues.1040 am states role in protecting electric grids from emp and gmd with a...
EnergyTech2015
 
David Sadey, Operation and Control of a Three-Phase Megawatt Class Variable F...
David Sadey, Operation and Control of a Three-Phase Megawatt Class Variable F...David Sadey, Operation and Control of a Three-Phase Megawatt Class Variable F...
David Sadey, Operation and Control of a Three-Phase Megawatt Class Variable F...
EnergyTech2015
 
Flora Flygt: Clean Power Plan Impact on Transmisssion Planning, Development a...
Flora Flygt: Clean Power Plan Impact on Transmisssion Planning, Development a...Flora Flygt: Clean Power Plan Impact on Transmisssion Planning, Development a...
Flora Flygt: Clean Power Plan Impact on Transmisssion Planning, Development a...
EnergyTech2015
 
Loyd Baker: MBSE - connecting the dots process with loyd baker
Loyd Baker: MBSE - connecting the dots process with loyd bakerLoyd Baker: MBSE - connecting the dots process with loyd baker
Loyd Baker: MBSE - connecting the dots process with loyd baker
EnergyTech2015
 
Halderman ch035 lecture
Halderman ch035 lectureHalderman ch035 lecture
Halderman ch035 lecture
mcfalltj
 
Mark Walker: Model Based Systems Engineering Initial Stages for Power & E...
Mark Walker: Model Based Systems Engineering Initial Stages for Power & E...Mark Walker: Model Based Systems Engineering Initial Stages for Power & E...
Mark Walker: Model Based Systems Engineering Initial Stages for Power & E...
EnergyTech2015
 

Viewers also liked (15)

Andrew Ritch: Interruption in the Utility Industry
Andrew Ritch: Interruption in the Utility IndustryAndrew Ritch: Interruption in the Utility Industry
Andrew Ritch: Interruption in the Utility Industry
 
Tues.1040 am states role in protecting electric grids from emp and gmd with a...
Tues.1040 am states role in protecting electric grids from emp and gmd with a...Tues.1040 am states role in protecting electric grids from emp and gmd with a...
Tues.1040 am states role in protecting electric grids from emp and gmd with a...
 
Bradley Glenn: Holomorphic Embedding Load Flow Method (helmtm) Algorithm Deve...
Bradley Glenn: Holomorphic Embedding Load Flow Method (helmtm) Algorithm Deve...Bradley Glenn: Holomorphic Embedding Load Flow Method (helmtm) Algorithm Deve...
Bradley Glenn: Holomorphic Embedding Load Flow Method (helmtm) Algorithm Deve...
 
Tues pm banquet featuring Jenita McGowan
Tues pm banquet featuring Jenita McGowanTues pm banquet featuring Jenita McGowan
Tues pm banquet featuring Jenita McGowan
 
Josh Long: Minimum Cyber Security Requirements for a 20 MW Photo Voltaic Field
Josh Long: Minimum Cyber Security Requirements for a 20 MW Photo Voltaic Field Josh Long: Minimum Cyber Security Requirements for a 20 MW Photo Voltaic Field
Josh Long: Minimum Cyber Security Requirements for a 20 MW Photo Voltaic Field
 
David Sadey, Operation and Control of a Three-Phase Megawatt Class Variable F...
David Sadey, Operation and Control of a Three-Phase Megawatt Class Variable F...David Sadey, Operation and Control of a Three-Phase Megawatt Class Variable F...
David Sadey, Operation and Control of a Three-Phase Megawatt Class Variable F...
 
George Baker: Nuclear EMP and Solar GMD Effects, National Protection Impasse,...
George Baker: Nuclear EMP and Solar GMD Effects, National Protection Impasse,...George Baker: Nuclear EMP and Solar GMD Effects, National Protection Impasse,...
George Baker: Nuclear EMP and Solar GMD Effects, National Protection Impasse,...
 
Irv Badr: Managing Risk Safety and Security Compliance
Irv Badr: Managing Risk Safety and Security Compliance Irv Badr: Managing Risk Safety and Security Compliance
Irv Badr: Managing Risk Safety and Security Compliance
 
Flora Flygt: Clean Power Plan Impact on Transmisssion Planning, Development a...
Flora Flygt: Clean Power Plan Impact on Transmisssion Planning, Development a...Flora Flygt: Clean Power Plan Impact on Transmisssion Planning, Development a...
Flora Flygt: Clean Power Plan Impact on Transmisssion Planning, Development a...
 
Loyd Baker: MBSE - connecting the dots process with loyd baker
Loyd Baker: MBSE - connecting the dots process with loyd bakerLoyd Baker: MBSE - connecting the dots process with loyd baker
Loyd Baker: MBSE - connecting the dots process with loyd baker
 
Halderman ch035 lecture
Halderman ch035 lectureHalderman ch035 lecture
Halderman ch035 lecture
 
Anne McNelis: Intelligent Power Controller Development for Human Deep Space ...
Anne McNelis: Intelligent Power Controller Development for Human Deep Space ... Anne McNelis: Intelligent Power Controller Development for Human Deep Space ...
Anne McNelis: Intelligent Power Controller Development for Human Deep Space ...
 
Mark Walker: Model Based Systems Engineering Initial Stages for Power & E...
Mark Walker: Model Based Systems Engineering Initial Stages for Power & E...Mark Walker: Model Based Systems Engineering Initial Stages for Power & E...
Mark Walker: Model Based Systems Engineering Initial Stages for Power & E...
 
Brian Patterson: Reinventing Building Power
Brian Patterson: Reinventing Building PowerBrian Patterson: Reinventing Building Power
Brian Patterson: Reinventing Building Power
 
Neil Kirby: VSC HVDC Transmission and Emerging Technologies in DC Grids
Neil Kirby: VSC HVDC Transmission and Emerging Technologies in DC GridsNeil Kirby: VSC HVDC Transmission and Emerging Technologies in DC Grids
Neil Kirby: VSC HVDC Transmission and Emerging Technologies in DC Grids
 

Similar to Gareth Digby: Systems-Based Approach to Cyber Investigations

The UK National Chemical Database Service – an integration of commercial and ...
The UK National Chemical Database Service – an integration of commercial and ...The UK National Chemical Database Service – an integration of commercial and ...
The UK National Chemical Database Service – an integration of commercial and ...
US Environmental Protection Agency (EPA), Center for Computational Toxicology and Exposure
 
June brownbagpressurvey
June brownbagpressurveyJune brownbagpressurvey
June brownbagpressurvey
Micah Altman
 
ChemSpider as an integration hub for interlinked chemistry data
ChemSpider as an integration hub for interlinked chemistry dataChemSpider as an integration hub for interlinked chemistry data
ChemSpider as an integration hub for interlinked chemistry data
US Environmental Protection Agency (EPA), Center for Computational Toxicology and Exposure
 
The Importance of Open Data and Models for Energy Systems Analysis
The Importance of Open Data and Models for Energy Systems AnalysisThe Importance of Open Data and Models for Energy Systems Analysis
The Importance of Open Data and Models for Energy Systems Analysis
The Open Data Institute of North Carolina
 
eSource, DIA EuroMeeting, Lisbon, March 2005
eSource, DIA EuroMeeting, Lisbon, March 2005eSource, DIA EuroMeeting, Lisbon, March 2005
eSource, DIA EuroMeeting, Lisbon, March 2005
AsseroLtd
 

Similar to Gareth Digby: Systems-Based Approach to Cyber Investigations (20)

Developing an Incident Response Process Model for Chemical Facilities
Developing an Incident Response Process Model for Chemical FacilitiesDeveloping an Incident Response Process Model for Chemical Facilities
Developing an Incident Response Process Model for Chemical Facilities
 
Comp8 unit9a lecture_slides
Comp8 unit9a lecture_slidesComp8 unit9a lecture_slides
Comp8 unit9a lecture_slides
 
eSource: Data Capture Simplified - Uncover Time and Cost Saving Possibilities
eSource: Data Capture Simplified - Uncover Time and Cost Saving PossibilitieseSource: Data Capture Simplified - Uncover Time and Cost Saving Possibilities
eSource: Data Capture Simplified - Uncover Time and Cost Saving Possibilities
 
The UK National Chemical Database Service – an integration of commercial and ...
The UK National Chemical Database Service – an integration of commercial and ...The UK National Chemical Database Service – an integration of commercial and ...
The UK National Chemical Database Service – an integration of commercial and ...
 
Approaches to Preservation Storage Technologies
Approaches to Preservation Storage Technologies Approaches to Preservation Storage Technologies
Approaches to Preservation Storage Technologies
 
June brownbagpressurvey
June brownbagpressurveyJune brownbagpressurvey
June brownbagpressurvey
 
ChemSpider as an integration hub for interlinked chemistry data
ChemSpider as an integration hub for interlinked chemistry dataChemSpider as an integration hub for interlinked chemistry data
ChemSpider as an integration hub for interlinked chemistry data
 
Online Psychological Testing by Australian Psychological Society (2018)
Online Psychological Testing by Australian Psychological Society (2018)Online Psychological Testing by Australian Psychological Society (2018)
Online Psychological Testing by Australian Psychological Society (2018)
 
Systems Engineering and Requirements Management in Medical Device Product Dev...
Systems Engineering and Requirements Management in Medical Device Product Dev...Systems Engineering and Requirements Management in Medical Device Product Dev...
Systems Engineering and Requirements Management in Medical Device Product Dev...
 
Challenges in medical imaging and the VISCERAL model
Challenges in medical imaging and the VISCERAL modelChallenges in medical imaging and the VISCERAL model
Challenges in medical imaging and the VISCERAL model
 
understanding the validity and increased scrutiny of data used for compliance...
understanding the validity and increased scrutiny of data used for compliance...understanding the validity and increased scrutiny of data used for compliance...
understanding the validity and increased scrutiny of data used for compliance...
 
Hazid & hazops
Hazid & hazopsHazid & hazops
Hazid & hazops
 
ACEDS Dallas - Back to School Lessons on the EDRM
ACEDS Dallas - Back to School Lessons on the EDRMACEDS Dallas - Back to School Lessons on the EDRM
ACEDS Dallas - Back to School Lessons on the EDRM
 
The Importance of Open Data and Models for Energy Systems Analysis
The Importance of Open Data and Models for Energy Systems AnalysisThe Importance of Open Data and Models for Energy Systems Analysis
The Importance of Open Data and Models for Energy Systems Analysis
 
Incident response
Incident responseIncident response
Incident response
 
Geoscientific Data Management Principles
Geoscientific Data Management PrinciplesGeoscientific Data Management Principles
Geoscientific Data Management Principles
 
Assurance Cases: Medical Device Summit West, San Francisco, CA. June 13, 2013
Assurance Cases: Medical Device Summit West, San Francisco, CA. June 13, 2013Assurance Cases: Medical Device Summit West, San Francisco, CA. June 13, 2013
Assurance Cases: Medical Device Summit West, San Francisco, CA. June 13, 2013
 
Lecture 4 Root Cause Analysis in Company
Lecture 4 Root Cause Analysis in CompanyLecture 4 Root Cause Analysis in Company
Lecture 4 Root Cause Analysis in Company
 
Ensuring data quality
Ensuring data qualityEnsuring data quality
Ensuring data quality
 
eSource, DIA EuroMeeting, Lisbon, March 2005
eSource, DIA EuroMeeting, Lisbon, March 2005eSource, DIA EuroMeeting, Lisbon, March 2005
eSource, DIA EuroMeeting, Lisbon, March 2005
 

More from EnergyTech2015

Mark Minnucci: Deployment of MBSE and the Emergence of a Systems-Thinking Cul...
Mark Minnucci: Deployment of MBSE and the Emergence of a Systems-Thinking Cul...Mark Minnucci: Deployment of MBSE and the Emergence of a Systems-Thinking Cul...
Mark Minnucci: Deployment of MBSE and the Emergence of a Systems-Thinking Cul...
EnergyTech2015
 
Matthew Hause: The Smart Grid and MBSE Driven IoT
Matthew Hause: The Smart Grid and MBSE Driven IoT Matthew Hause: The Smart Grid and MBSE Driven IoT
Matthew Hause: The Smart Grid and MBSE Driven IoT
EnergyTech2015
 
Bob Garrett: Network of Networks Analysis
Bob Garrett: Network of Networks AnalysisBob Garrett: Network of Networks Analysis
Bob Garrett: Network of Networks Analysis
EnergyTech2015
 
David Long Keynote on Beyond MBSE Looking Towards the Next Evolution in Syste...
David Long Keynote on Beyond MBSE Looking Towards the Next Evolution in Syste...David Long Keynote on Beyond MBSE Looking Towards the Next Evolution in Syste...
David Long Keynote on Beyond MBSE Looking Towards the Next Evolution in Syste...
EnergyTech2015
 
Neil Garrigan: Electric Drive Technology Considerations for Aircraft Propulsion
Neil Garrigan: Electric Drive Technology Considerations for Aircraft Propulsion Neil Garrigan: Electric Drive Technology Considerations for Aircraft Propulsion
Neil Garrigan: Electric Drive Technology Considerations for Aircraft Propulsion
EnergyTech2015
 

More from EnergyTech2015 (8)

Tues PM banquet keynote featuring Virginia A Greiman
Tues PM banquet keynote featuring Virginia A GreimanTues PM banquet keynote featuring Virginia A Greiman
Tues PM banquet keynote featuring Virginia A Greiman
 
Mark Minnucci: Deployment of MBSE and the Emergence of a Systems-Thinking Cul...
Mark Minnucci: Deployment of MBSE and the Emergence of a Systems-Thinking Cul...Mark Minnucci: Deployment of MBSE and the Emergence of a Systems-Thinking Cul...
Mark Minnucci: Deployment of MBSE and the Emergence of a Systems-Thinking Cul...
 
Matthew Hause: The Smart Grid and MBSE Driven IoT
Matthew Hause: The Smart Grid and MBSE Driven IoT Matthew Hause: The Smart Grid and MBSE Driven IoT
Matthew Hause: The Smart Grid and MBSE Driven IoT
 
Bob Garrett: Network of Networks Analysis
Bob Garrett: Network of Networks AnalysisBob Garrett: Network of Networks Analysis
Bob Garrett: Network of Networks Analysis
 
David Long Keynote on Beyond MBSE Looking Towards the Next Evolution in Syste...
David Long Keynote on Beyond MBSE Looking Towards the Next Evolution in Syste...David Long Keynote on Beyond MBSE Looking Towards the Next Evolution in Syste...
David Long Keynote on Beyond MBSE Looking Towards the Next Evolution in Syste...
 
John Nairus: Hybrid-Electric Propulsion
John Nairus: Hybrid-Electric Propulsion John Nairus: Hybrid-Electric Propulsion
John Nairus: Hybrid-Electric Propulsion
 
Neil Garrigan: Electric Drive Technology Considerations for Aircraft Propulsion
Neil Garrigan: Electric Drive Technology Considerations for Aircraft Propulsion Neil Garrigan: Electric Drive Technology Considerations for Aircraft Propulsion
Neil Garrigan: Electric Drive Technology Considerations for Aircraft Propulsion
 
EnergyTech2015 Program Guide
EnergyTech2015 Program GuideEnergyTech2015 Program Guide
EnergyTech2015 Program Guide
 

Recently uploaded

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 

Recently uploaded (20)

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Navigating Identity and Access Management in the Modern Enterprise
Navigating Identity and Access Management in the Modern EnterpriseNavigating Identity and Access Management in the Modern Enterprise
Navigating Identity and Access Management in the Modern Enterprise
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....
TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....
TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
Stronger Together: Developing an Organizational Strategy for Accessible Desig...
Stronger Together: Developing an Organizational Strategy for Accessible Desig...Stronger Together: Developing an Organizational Strategy for Accessible Desig...
Stronger Together: Developing an Organizational Strategy for Accessible Desig...
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Choreo: Empowering the Future of Enterprise Software Engineering
Choreo: Empowering the Future of Enterprise Software EngineeringChoreo: Empowering the Future of Enterprise Software Engineering
Choreo: Empowering the Future of Enterprise Software Engineering
 
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
 
Quantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation ComputingQuantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation Computing
 
Decarbonising Commercial Real Estate: The Role of Operational Performance
Decarbonising Commercial Real Estate: The Role of Operational PerformanceDecarbonising Commercial Real Estate: The Role of Operational Performance
Decarbonising Commercial Real Estate: The Role of Operational Performance
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 

Gareth Digby: Systems-Based Approach to Cyber Investigations

  • 1. DR GARETH DIGBY A Systems-based Approach To Cyber Investigations
  • 2. Introduction • This presentation outlines some of the issues associated with cyber investigation evidence collection, analysis and presentation • Simple holistic, system thinking approaches are outlined to help overcome the issues
  • 3. Background • The presentation builds on the Gareth Digby’s and Zane Scott’s, the authors, experience • Providing system thinking approaches to understand and tackle complex problems • Undertaking industrial investigations
  • 5. An Incident • “Failure is an unacceptable difference between expected and observed performance” • Leonards, American Society of Civil Engineers, 1982 • Three phases of process-related incidents • Change from normal to an abnormal operating state • Breakdown of control of abnormal operating phase • Loss of control (of energy accumulations) • Guidelines for Investigating Chemical Process Incidents, Center for Chemical Process Safety, American Institute of Chemical Engineers, 2003 • Causes may be a combination of interrelated deficiencies • Hence the complexity and confusion usually associated with an incident
  • 6. Evidence • Evidence has to support opinion • Evidence must be compelling and show through a preponderance of evidence that the fact is proven • Evidence has to be reliable • The chain of custody must be maintained ProvenKnown
  • 8. Capture • Digital evidence is volatile • We want to capture appropriate evidence in a timely manner
  • 10. Analyze • We want to analyze the evidence and then develop a hypothesis that we can test • The Scientific Method: • Collect data • Establish potential causes and hypothesis • Test for validity
  • 11. Analyze, contd. • However • Hypothesize • Collect data • Test • …. Constrains the exploration of an answer
  • 12. Present • Digital systems are inherently complex • Evidence includes a temporal component • The evidence, analysis and hypothesis have to be explained to non-specialists SimplifyClarify
  • 13. The Conundrum • Capture • Look in appropriate places for evidence • Analysis • Consider all aspects • Presentation • Effective visualization of complex data Use a systematic, holistic approach to collection, analysis and presentation of evidence
  • 14. People-System-Environment Matrix Before During After EnvironmentSystemPeople • Encourages thinking about the environment and people as well as the system of interest • Reminds us to think about the temporal aspects
  • 15. People-System-Environment Matrix • Alternatively known as the 9-Box Matrix • Developed by A. Chapanis and P. Fitts of the US Army Aero Medical Laboratory • Bibliography • “Utilizing The Human, Machine and Environment Matrix In Investigations”, D. Curry, et al, Packer Engineering, Naperville, IL
  • 16. Examples of Use • Using the approach to document evidence from an incident at an oil storage depot • Using the approach to document evidence from an assignment created for teaching computer forensics
  • 17. Oil Storage Depot Incident Scenario Based on a review of the Buncefield Major Incident Investigation Board reports http://www.hse.gov.uk/comah/investigation-reports.htm
  • 18. Example People-System-Environment Matrix Before During After EnvironmentSystemPeople Cold Weather Vapor Contamination Explosion Containment damage Mist reported before incident Tank overfill causes vapor cloud Tank filling overnight Control room operators start transfer Cold weather conditions Firefighters respond Firefighting foam contaminates water Why overfill? Broken level alarm Why ignition? Possibly start of fire pumps when alarm raised Why?Why?
  • 19. Fictional Scenario • In June 2009, King Claudius, following an incident in which a banned play was performed, exiled Hamlet. • However it came to light that Hamlet may have been unknowingly setup by others. • Apologies to Tom Stoppard, “Rosencrantz & Guildenstern Are Dead”
  • 20. People • King Claudius • Queen Gertrude • Hamlet • Rosencrantz • Guildenstern • Ophelia
  • 22. System(s) • Rosencrantz’s laptop • Guildenstern's laptop • Email • Instant messaging • USB memory stick • GPS
  • 24. Use Case Showing Temporal Aspects
  • 26. Simulate To Test Hypothesis
  • 28. Conclusion The presentation has shown how issues associated with the • Collection • Analysis • Presentation … of evidence in cyber investigations can be helped through • taking a holistic and systematic approach to the identification of evidence and • the use of existing systems methods to present the temporal, interrelated nature of the evidence