SlideShare a Scribd company logo

Gareth Digby: Systems-Based Approach to Cyber Investigations

EnergyTech2015
EnergyTech2015

EnergyTech2015.com ENERGIZING MBSE IN ORGANIZATIONS Track 3 Session 4 Moderator: Matthew Hause Implementing System Engineering disciplines and practices in an energy company and a panel discussion of how to promote the use of MBSE in the energy systems. Gareth Digby: A Systems-based Approach To Cyber Investigations The presentation discusses the role of a systems-based approach to cyber investigations and demonstrates how such an approach can help the investigator ensure that a holistic view is take to the identification and analysis of appropriate evidence. Systems engineers are familiar with the need to consider the system within its environment while being aware of the interaction of the system with both people and other systems. These aspects also need to be considered when we investigate what has happened to a system as well as when we create systems. One element of this systems-based approach is the Human-System-Environment matrix, which offers an appropriate framework to guide the collection of evidence. In particular the matrix emphasizes the temporal aspects associated with evidence gathering. In addition the cyber investigator is not dealing with a system in isolation. The systems-based approach discusses the need to identify the interfaces of the system with the greater system-of-systems. The value of this systems-based approach to the various stages of a cyber investigation is described, including during the incident investigation, the collection of evidence and the analysis of data. This systems-based approach for an investigation gives the investigator the freedom to go in appropriate directions as the investigation proceeds while ensuring the investigator covers the breadth needed

Technology
1 of 28
Download to read offline
DR GARETH DIGBY A Systems-based Approach To Cyber Investigations
Introduction • This presentation outlines some of the issues associated with cyber investigation evidence collection, analysis and presentation • Simple holistic, system thinking approaches are outlined to help overcome the issues
Background • The presentation builds on the Gareth Digby’s and Zane Scott’s, the authors, experience • Providing system thinking approaches to understand and tackle complex problems • Undertaking industrial investigations
Forensic Investigations System People Environment Incident
An Incident • “Failure is an unacceptable difference between expected and observed performance” • Leonards, American Society of Civil Engineers, 1982 • Three phases of process-related incidents • Change from normal to an abnormal operating state • Breakdown of control of abnormal operating phase • Loss of control (of energy accumulations) • Guidelines for Investigating Chemical Process Incidents, Center for Chemical Process Safety, American Institute of Chemical Engineers, 2003 • Causes may be a combination of interrelated deficiencies • Hence the complexity and confusion usually associated with an incident
Evidence • Evidence has to support opinion • Evidence must be compelling and show through a preponderance of evidence that the fact is proven • Evidence has to be reliable • The chain of custody must be maintained ProvenKnown
Investigation Phases Capture Preserve Analyze Present
Capture • Digital evidence is volatile • We want to capture appropriate evidence in a timely manner
Preserve
Analyze • We want to analyze the evidence and then develop a hypothesis that we can test • The Scientific Method: • Collect data • Establish potential causes and hypothesis • Test for validity
Analyze, contd. • However • Hypothesize • Collect data • Test • …. Constrains the exploration of an answer
Present • Digital systems are inherently complex • Evidence includes a temporal component • The evidence, analysis and hypothesis have to be explained to non-specialists SimplifyClarify
The Conundrum • Capture • Look in appropriate places for evidence • Analysis • Consider all aspects • Presentation • Effective visualization of complex data Use a systematic, holistic approach to collection, analysis and presentation of evidence
People-System-Environment Matrix Before During After EnvironmentSystemPeople • Encourages thinking about the environment and people as well as the system of interest • Reminds us to think about the temporal aspects
People-System-Environment Matrix • Alternatively known as the 9-Box Matrix • Developed by A. Chapanis and P. Fitts of the US Army Aero Medical Laboratory • Bibliography • “Utilizing The Human, Machine and Environment Matrix In Investigations”, D. Curry, et al, Packer Engineering, Naperville, IL
Examples of Use • Using the approach to document evidence from an incident at an oil storage depot • Using the approach to document evidence from an assignment created for teaching computer forensics
Oil Storage Depot Incident Scenario Based on a review of the Buncefield Major Incident Investigation Board reports http://www.hse.gov.uk/comah/investigation-reports.htm
Example People-System-Environment Matrix Before During After EnvironmentSystemPeople Cold Weather Vapor Contamination Explosion Containment damage Mist reported before incident Tank overfill causes vapor cloud Tank filling overnight Control room operators start transfer Cold weather conditions Firefighters respond Firefighting foam contaminates water Why overfill? Broken level alarm Why ignition? Possibly start of fire pumps when alarm raised Why?Why?
Fictional Scenario • In June 2009, King Claudius, following an incident in which a banned play was performed, exiled Hamlet. • However it came to light that Hamlet may have been unknowingly setup by others. • Apologies to Tom Stoppard, “Rosencrantz & Guildenstern Are Dead”
People • King Claudius • Queen Gertrude • Hamlet • Rosencrantz • Guildenstern • Ophelia
Environment • Maryland • New Jersey • Car
System(s) • Rosencrantz’s laptop • Guildenstern's laptop • Email • Instant messaging • USB memory stick • GPS
Example People-System-Environment Matrix Before During After EnvironmentSystemPeople
Use Case Showing Temporal Aspects
Activity Diagram Showing Hypothesis
Simulate To Test Hypothesis
Summary • Collection • Analysis • Presentation
Conclusion The presentation has shown how issues associated with the • Collection • Analysis • Presentation … of evidence in cyber investigations can be helped through • taking a holistic and systematic approach to the identification of evidence and • the use of existing systems methods to present the temporal, interrelated nature of the evidence

Recommended

To Measure Not Model: Case Study -- Purdue University Center for High Perform...
To Measure Not Model: Case Study -- Purdue University Center for High Perform...To Measure Not Model: Case Study -- Purdue University Center for High Perform...
To Measure Not Model: Case Study -- Purdue University Center for High Perform...AEI / Affiliated Engineers
 
Bullet proof data sets for environmental litigation
Bullet proof data sets for environmental litigationBullet proof data sets for environmental litigation
Bullet proof data sets for environmental litigationChemistry Matters Inc.
 
RVISL_poster_final
RVISL_poster_finalRVISL_poster_final
RVISL_poster_finalEvan Ezell
 
Anurandha Annaswamy: Computation Model of the Nexus Between Natural Gas and E...
Anurandha Annaswamy: Computation Model of the Nexus Between Natural Gas and E...Anurandha Annaswamy: Computation Model of the Nexus Between Natural Gas and E...
Anurandha Annaswamy: Computation Model of the Nexus Between Natural Gas and E...EnergyTech2015
 
John Ostrich: Space Weather Policy
John Ostrich: Space Weather Policy John Ostrich: Space Weather Policy
John Ostrich: Space Weather Policy EnergyTech2015
 
Branndon Kelley Keynote on Cybersecurity and the Smart Utility
Branndon Kelley Keynote on Cybersecurity and the Smart Utility Branndon Kelley Keynote on Cybersecurity and the Smart Utility
Branndon Kelley Keynote on Cybersecurity and the Smart Utility EnergyTech2015
 
William Good: Extra Small Modular Reactors
William Good: Extra Small Modular ReactorsWilliam Good: Extra Small Modular Reactors
William Good: Extra Small Modular ReactorsEnergyTech2015
 
Benjamin Loop: Simulation Environment for Power Management and Distribution D...
Benjamin Loop: Simulation Environment for Power Management and Distribution D...Benjamin Loop: Simulation Environment for Power Management and Distribution D...
Benjamin Loop: Simulation Environment for Power Management and Distribution D...EnergyTech2015
 

Recommended

To Measure Not Model: Case Study -- Purdue University Center for High Perform...
To Measure Not Model: Case Study -- Purdue University Center for High Perform...To Measure Not Model: Case Study -- Purdue University Center for High Perform...
To Measure Not Model: Case Study -- Purdue University Center for High Perform...AEI / Affiliated Engineers
 
Bullet proof data sets for environmental litigation
Bullet proof data sets for environmental litigationBullet proof data sets for environmental litigation
Bullet proof data sets for environmental litigationChemistry Matters Inc.
 
RVISL_poster_final
RVISL_poster_finalRVISL_poster_final
RVISL_poster_finalEvan Ezell
 
Anurandha Annaswamy: Computation Model of the Nexus Between Natural Gas and E...
Anurandha Annaswamy: Computation Model of the Nexus Between Natural Gas and E...Anurandha Annaswamy: Computation Model of the Nexus Between Natural Gas and E...
Anurandha Annaswamy: Computation Model of the Nexus Between Natural Gas and E...EnergyTech2015
 
John Ostrich: Space Weather Policy
John Ostrich: Space Weather Policy John Ostrich: Space Weather Policy
John Ostrich: Space Weather Policy EnergyTech2015
 
Branndon Kelley Keynote on Cybersecurity and the Smart Utility
Branndon Kelley Keynote on Cybersecurity and the Smart Utility Branndon Kelley Keynote on Cybersecurity and the Smart Utility
Branndon Kelley Keynote on Cybersecurity and the Smart Utility EnergyTech2015
 
William Good: Extra Small Modular Reactors
William Good: Extra Small Modular ReactorsWilliam Good: Extra Small Modular Reactors
William Good: Extra Small Modular ReactorsEnergyTech2015
 
Benjamin Loop: Simulation Environment for Power Management and Distribution D...
Benjamin Loop: Simulation Environment for Power Management and Distribution D...Benjamin Loop: Simulation Environment for Power Management and Distribution D...
Benjamin Loop: Simulation Environment for Power Management and Distribution D...EnergyTech2015
 
Andrew Ritch: Interruption in the Utility Industry
Andrew Ritch: Interruption in the Utility IndustryAndrew Ritch: Interruption in the Utility Industry
Andrew Ritch: Interruption in the Utility IndustryEnergyTech2015
 
Tues.1040 am states role in protecting electric grids from emp and gmd with a...
Tues.1040 am states role in protecting electric grids from emp and gmd with a...Tues.1040 am states role in protecting electric grids from emp and gmd with a...
Tues.1040 am states role in protecting electric grids from emp and gmd with a...EnergyTech2015
 
Bradley Glenn: Holomorphic Embedding Load Flow Method (helmtm) Algorithm Deve...
Bradley Glenn: Holomorphic Embedding Load Flow Method (helmtm) Algorithm Deve...Bradley Glenn: Holomorphic Embedding Load Flow Method (helmtm) Algorithm Deve...
Bradley Glenn: Holomorphic Embedding Load Flow Method (helmtm) Algorithm Deve...EnergyTech2015
 
Tues pm banquet featuring Jenita McGowan
Tues pm banquet featuring Jenita McGowanTues pm banquet featuring Jenita McGowan
Tues pm banquet featuring Jenita McGowanEnergyTech2015
 
Josh Long: Minimum Cyber Security Requirements for a 20 MW Photo Voltaic Field
Josh Long: Minimum Cyber Security Requirements for a 20 MW Photo Voltaic Field Josh Long: Minimum Cyber Security Requirements for a 20 MW Photo Voltaic Field
Josh Long: Minimum Cyber Security Requirements for a 20 MW Photo Voltaic Field EnergyTech2015
 
David Sadey, Operation and Control of a Three-Phase Megawatt Class Variable F...
David Sadey, Operation and Control of a Three-Phase Megawatt Class Variable F...David Sadey, Operation and Control of a Three-Phase Megawatt Class Variable F...
David Sadey, Operation and Control of a Three-Phase Megawatt Class Variable F...EnergyTech2015
 
George Baker: Nuclear EMP and Solar GMD Effects, National Protection Impasse,...
George Baker: Nuclear EMP and Solar GMD Effects, National Protection Impasse,...George Baker: Nuclear EMP and Solar GMD Effects, National Protection Impasse,...
George Baker: Nuclear EMP and Solar GMD Effects, National Protection Impasse,...EnergyTech2015
 
Irv Badr: Managing Risk Safety and Security Compliance
Irv Badr: Managing Risk Safety and Security Compliance Irv Badr: Managing Risk Safety and Security Compliance
Irv Badr: Managing Risk Safety and Security Compliance EnergyTech2015
 
Flora Flygt: Clean Power Plan Impact on Transmisssion Planning, Development a...
Flora Flygt: Clean Power Plan Impact on Transmisssion Planning, Development a...Flora Flygt: Clean Power Plan Impact on Transmisssion Planning, Development a...
Flora Flygt: Clean Power Plan Impact on Transmisssion Planning, Development a...EnergyTech2015
 
Loyd Baker: MBSE - connecting the dots process with loyd baker
Loyd Baker: MBSE - connecting the dots process with loyd bakerLoyd Baker: MBSE - connecting the dots process with loyd baker
Loyd Baker: MBSE - connecting the dots process with loyd bakerEnergyTech2015
 
Halderman ch035 lecture
Halderman ch035 lectureHalderman ch035 lecture
Halderman ch035 lecturemcfalltj
 
Anne McNelis: Intelligent Power Controller Development for Human Deep Space ...
Anne McNelis: Intelligent Power Controller Development for Human Deep Space ... Anne McNelis: Intelligent Power Controller Development for Human Deep Space ...
Anne McNelis: Intelligent Power Controller Development for Human Deep Space ...EnergyTech2015
 
Mark Walker: Model Based Systems Engineering Initial Stages for Power & E...
Mark Walker: Model Based Systems Engineering Initial Stages for Power & E...Mark Walker: Model Based Systems Engineering Initial Stages for Power & E...
Mark Walker: Model Based Systems Engineering Initial Stages for Power & E...EnergyTech2015
 
Brian Patterson: Reinventing Building Power
Brian Patterson: Reinventing Building PowerBrian Patterson: Reinventing Building Power
Brian Patterson: Reinventing Building PowerEnergyTech2015
 
Neil Kirby: VSC HVDC Transmission and Emerging Technologies in DC Grids
Neil Kirby: VSC HVDC Transmission and Emerging Technologies in DC GridsNeil Kirby: VSC HVDC Transmission and Emerging Technologies in DC Grids
Neil Kirby: VSC HVDC Transmission and Emerging Technologies in DC GridsEnergyTech2015
 
Developing an Incident Response Process Model for Chemical Facilities
Developing an Incident Response Process Model for Chemical FacilitiesDeveloping an Incident Response Process Model for Chemical Facilities
Developing an Incident Response Process Model for Chemical FacilitiesMirjam-Mona
 
Comp8 unit9a lecture_slides
Comp8 unit9a lecture_slidesComp8 unit9a lecture_slides
Comp8 unit9a lecture_slidesCMDLMS
 
eSource: Data Capture Simplified - Uncover Time and Cost Saving Possibilities
eSource: Data Capture Simplified - Uncover Time and Cost Saving PossibilitieseSource: Data Capture Simplified - Uncover Time and Cost Saving Possibilities
eSource: Data Capture Simplified - Uncover Time and Cost Saving Possibilitieswww.datatrak.com
 
The UK National Chemical Database Service – an integration of commercial and ...
The UK National Chemical Database Service – an integration of commercial and ...The UK National Chemical Database Service – an integration of commercial and ...
The UK National Chemical Database Service – an integration of commercial and ...US Environmental Protection Agency (EPA), Center for Computational Toxicology and Exposure
 
Approaches to Preservation Storage Technologies
Approaches to Preservation Storage Technologies Approaches to Preservation Storage Technologies
Approaches to Preservation Storage Technologies Micah Altman
 
June brownbagpressurvey
June brownbagpressurveyJune brownbagpressurvey
June brownbagpressurveyMicah Altman
 
ChemSpider as an integration hub for interlinked chemistry data
ChemSpider as an integration hub for interlinked chemistry dataChemSpider as an integration hub for interlinked chemistry data
ChemSpider as an integration hub for interlinked chemistry dataUS Environmental Protection Agency (EPA), Center for Computational Toxicology and Exposure
 

More Related Content

Viewers also liked

Andrew Ritch: Interruption in the Utility Industry
Andrew Ritch: Interruption in the Utility IndustryAndrew Ritch: Interruption in the Utility Industry
Andrew Ritch: Interruption in the Utility IndustryEnergyTech2015
 
Tues.1040 am states role in protecting electric grids from emp and gmd with a...
Tues.1040 am states role in protecting electric grids from emp and gmd with a...Tues.1040 am states role in protecting electric grids from emp and gmd with a...
Tues.1040 am states role in protecting electric grids from emp and gmd with a...EnergyTech2015
 
Bradley Glenn: Holomorphic Embedding Load Flow Method (helmtm) Algorithm Deve...
Bradley Glenn: Holomorphic Embedding Load Flow Method (helmtm) Algorithm Deve...Bradley Glenn: Holomorphic Embedding Load Flow Method (helmtm) Algorithm Deve...
Bradley Glenn: Holomorphic Embedding Load Flow Method (helmtm) Algorithm Deve...EnergyTech2015
 
Tues pm banquet featuring Jenita McGowan
Tues pm banquet featuring Jenita McGowanTues pm banquet featuring Jenita McGowan
Tues pm banquet featuring Jenita McGowanEnergyTech2015
 
Josh Long: Minimum Cyber Security Requirements for a 20 MW Photo Voltaic Field
Josh Long: Minimum Cyber Security Requirements for a 20 MW Photo Voltaic Field Josh Long: Minimum Cyber Security Requirements for a 20 MW Photo Voltaic Field
Josh Long: Minimum Cyber Security Requirements for a 20 MW Photo Voltaic Field EnergyTech2015
 
David Sadey, Operation and Control of a Three-Phase Megawatt Class Variable F...
David Sadey, Operation and Control of a Three-Phase Megawatt Class Variable F...David Sadey, Operation and Control of a Three-Phase Megawatt Class Variable F...
David Sadey, Operation and Control of a Three-Phase Megawatt Class Variable F...EnergyTech2015
 
George Baker: Nuclear EMP and Solar GMD Effects, National Protection Impasse,...
George Baker: Nuclear EMP and Solar GMD Effects, National Protection Impasse,...George Baker: Nuclear EMP and Solar GMD Effects, National Protection Impasse,...
George Baker: Nuclear EMP and Solar GMD Effects, National Protection Impasse,...EnergyTech2015
 
Irv Badr: Managing Risk Safety and Security Compliance
Irv Badr: Managing Risk Safety and Security Compliance Irv Badr: Managing Risk Safety and Security Compliance
Irv Badr: Managing Risk Safety and Security Compliance EnergyTech2015
 
Flora Flygt: Clean Power Plan Impact on Transmisssion Planning, Development a...
Flora Flygt: Clean Power Plan Impact on Transmisssion Planning, Development a...Flora Flygt: Clean Power Plan Impact on Transmisssion Planning, Development a...
Flora Flygt: Clean Power Plan Impact on Transmisssion Planning, Development a...EnergyTech2015
 
Loyd Baker: MBSE - connecting the dots process with loyd baker
Loyd Baker: MBSE - connecting the dots process with loyd bakerLoyd Baker: MBSE - connecting the dots process with loyd baker
Loyd Baker: MBSE - connecting the dots process with loyd bakerEnergyTech2015
 
Halderman ch035 lecture
Halderman ch035 lectureHalderman ch035 lecture
Halderman ch035 lecturemcfalltj
 
Anne McNelis: Intelligent Power Controller Development for Human Deep Space ...
Anne McNelis: Intelligent Power Controller Development for Human Deep Space ... Anne McNelis: Intelligent Power Controller Development for Human Deep Space ...
Anne McNelis: Intelligent Power Controller Development for Human Deep Space ...EnergyTech2015
 
Mark Walker: Model Based Systems Engineering Initial Stages for Power & E...
Mark Walker: Model Based Systems Engineering Initial Stages for Power & E...Mark Walker: Model Based Systems Engineering Initial Stages for Power & E...
Mark Walker: Model Based Systems Engineering Initial Stages for Power & E...EnergyTech2015
 
Brian Patterson: Reinventing Building Power
Brian Patterson: Reinventing Building PowerBrian Patterson: Reinventing Building Power
Brian Patterson: Reinventing Building PowerEnergyTech2015
 
Neil Kirby: VSC HVDC Transmission and Emerging Technologies in DC Grids
Neil Kirby: VSC HVDC Transmission and Emerging Technologies in DC GridsNeil Kirby: VSC HVDC Transmission and Emerging Technologies in DC Grids
Neil Kirby: VSC HVDC Transmission and Emerging Technologies in DC GridsEnergyTech2015
 

Viewers also liked (15)

Andrew Ritch: Interruption in the Utility Industry
Andrew Ritch: Interruption in the Utility IndustryAndrew Ritch: Interruption in the Utility Industry
Andrew Ritch: Interruption in the Utility Industry
 
Tues.1040 am states role in protecting electric grids from emp and gmd with a...
Tues.1040 am states role in protecting electric grids from emp and gmd with a...Tues.1040 am states role in protecting electric grids from emp and gmd with a...
Tues.1040 am states role in protecting electric grids from emp and gmd with a...
 
Bradley Glenn: Holomorphic Embedding Load Flow Method (helmtm) Algorithm Deve...
Bradley Glenn: Holomorphic Embedding Load Flow Method (helmtm) Algorithm Deve...Bradley Glenn: Holomorphic Embedding Load Flow Method (helmtm) Algorithm Deve...
Bradley Glenn: Holomorphic Embedding Load Flow Method (helmtm) Algorithm Deve...
 
Tues pm banquet featuring Jenita McGowan
Tues pm banquet featuring Jenita McGowanTues pm banquet featuring Jenita McGowan
Tues pm banquet featuring Jenita McGowan
 
Josh Long: Minimum Cyber Security Requirements for a 20 MW Photo Voltaic Field
Josh Long: Minimum Cyber Security Requirements for a 20 MW Photo Voltaic Field Josh Long: Minimum Cyber Security Requirements for a 20 MW Photo Voltaic Field
Josh Long: Minimum Cyber Security Requirements for a 20 MW Photo Voltaic Field
 
David Sadey, Operation and Control of a Three-Phase Megawatt Class Variable F...
David Sadey, Operation and Control of a Three-Phase Megawatt Class Variable F...David Sadey, Operation and Control of a Three-Phase Megawatt Class Variable F...
David Sadey, Operation and Control of a Three-Phase Megawatt Class Variable F...
 
George Baker: Nuclear EMP and Solar GMD Effects, National Protection Impasse,...
George Baker: Nuclear EMP and Solar GMD Effects, National Protection Impasse,...George Baker: Nuclear EMP and Solar GMD Effects, National Protection Impasse,...
George Baker: Nuclear EMP and Solar GMD Effects, National Protection Impasse,...
 
Irv Badr: Managing Risk Safety and Security Compliance
Irv Badr: Managing Risk Safety and Security Compliance Irv Badr: Managing Risk Safety and Security Compliance
Irv Badr: Managing Risk Safety and Security Compliance
 
Flora Flygt: Clean Power Plan Impact on Transmisssion Planning, Development a...
Flora Flygt: Clean Power Plan Impact on Transmisssion Planning, Development a...Flora Flygt: Clean Power Plan Impact on Transmisssion Planning, Development a...
Flora Flygt: Clean Power Plan Impact on Transmisssion Planning, Development a...
 
Loyd Baker: MBSE - connecting the dots process with loyd baker
Loyd Baker: MBSE - connecting the dots process with loyd bakerLoyd Baker: MBSE - connecting the dots process with loyd baker
Loyd Baker: MBSE - connecting the dots process with loyd baker
 
Halderman ch035 lecture
Halderman ch035 lectureHalderman ch035 lecture
Halderman ch035 lecture
 
Anne McNelis: Intelligent Power Controller Development for Human Deep Space ...
Anne McNelis: Intelligent Power Controller Development for Human Deep Space ... Anne McNelis: Intelligent Power Controller Development for Human Deep Space ...
Anne McNelis: Intelligent Power Controller Development for Human Deep Space ...
 
Mark Walker: Model Based Systems Engineering Initial Stages for Power & E...
Mark Walker: Model Based Systems Engineering Initial Stages for Power & E...Mark Walker: Model Based Systems Engineering Initial Stages for Power & E...
Mark Walker: Model Based Systems Engineering Initial Stages for Power & E...
 
Brian Patterson: Reinventing Building Power
Brian Patterson: Reinventing Building PowerBrian Patterson: Reinventing Building Power
Brian Patterson: Reinventing Building Power
 
Neil Kirby: VSC HVDC Transmission and Emerging Technologies in DC Grids
Neil Kirby: VSC HVDC Transmission and Emerging Technologies in DC GridsNeil Kirby: VSC HVDC Transmission and Emerging Technologies in DC Grids
Neil Kirby: VSC HVDC Transmission and Emerging Technologies in DC Grids
 

Similar to Gareth Digby: Systems-Based Approach to Cyber Investigations

Developing an Incident Response Process Model for Chemical Facilities
Developing an Incident Response Process Model for Chemical FacilitiesDeveloping an Incident Response Process Model for Chemical Facilities
Developing an Incident Response Process Model for Chemical FacilitiesMirjam-Mona
 
Comp8 unit9a lecture_slides
Comp8 unit9a lecture_slidesComp8 unit9a lecture_slides
Comp8 unit9a lecture_slidesCMDLMS
 
eSource: Data Capture Simplified - Uncover Time and Cost Saving Possibilities
eSource: Data Capture Simplified - Uncover Time and Cost Saving PossibilitieseSource: Data Capture Simplified - Uncover Time and Cost Saving Possibilities
eSource: Data Capture Simplified - Uncover Time and Cost Saving Possibilitieswww.datatrak.com
 
Approaches to Preservation Storage Technologies
Approaches to Preservation Storage Technologies Approaches to Preservation Storage Technologies
Approaches to Preservation Storage Technologies Micah Altman
 
June brownbagpressurvey
June brownbagpressurveyJune brownbagpressurvey
June brownbagpressurveyMicah Altman
 
Online Psychological Testing by Australian Psychological Society (2018)
Online Psychological Testing by Australian Psychological Society (2018)Online Psychological Testing by Australian Psychological Society (2018)
Online Psychological Testing by Australian Psychological Society (2018)Fian Rizky
 
Systems Engineering and Requirements Management in Medical Device Product Dev...
Systems Engineering and Requirements Management in Medical Device Product Dev...Systems Engineering and Requirements Management in Medical Device Product Dev...
Systems Engineering and Requirements Management in Medical Device Product Dev...UBMCanon
 
understanding the validity and increased scrutiny of data used for compliance...
understanding the validity and increased scrutiny of data used for compliance...understanding the validity and increased scrutiny of data used for compliance...
understanding the validity and increased scrutiny of data used for compliance...All4 Inc.
 
ACEDS Dallas - Back to School Lessons on the EDRM
ACEDS Dallas - Back to School Lessons on the EDRMACEDS Dallas - Back to School Lessons on the EDRM
ACEDS Dallas - Back to School Lessons on the EDRMPatrickBilgere
 
Geoscientific Data Management Principles
Geoscientific Data Management PrinciplesGeoscientific Data Management Principles
Geoscientific Data Management PrinciplesNigelLaubsch
 
Assurance Cases: Medical Device Summit West, San Francisco, CA. June 13, 2013
Assurance Cases: Medical Device Summit West, San Francisco, CA. June 13, 2013Assurance Cases: Medical Device Summit West, San Francisco, CA. June 13, 2013
Assurance Cases: Medical Device Summit West, San Francisco, CA. June 13, 2013Sterling Medical Devices
 
Lecture 4 Root Cause Analysis in Company
Lecture 4 Root Cause Analysis in CompanyLecture 4 Root Cause Analysis in Company
Lecture 4 Root Cause Analysis in CompanyRyan Olaybal
 
Ensuring data quality
Ensuring data qualityEnsuring data quality
Ensuring data qualityIUPUI
 
eSource, DIA EuroMeeting, Lisbon, March 2005
eSource, DIA EuroMeeting, Lisbon, March 2005eSource, DIA EuroMeeting, Lisbon, March 2005
eSource, DIA EuroMeeting, Lisbon, March 2005AsseroLtd
 

Similar to Gareth Digby: Systems-Based Approach to Cyber Investigations (20)

Developing an Incident Response Process Model for Chemical Facilities
Developing an Incident Response Process Model for Chemical FacilitiesDeveloping an Incident Response Process Model for Chemical Facilities
Developing an Incident Response Process Model for Chemical Facilities
 
Comp8 unit9a lecture_slides
Comp8 unit9a lecture_slidesComp8 unit9a lecture_slides
Comp8 unit9a lecture_slides
 
eSource: Data Capture Simplified - Uncover Time and Cost Saving Possibilities
eSource: Data Capture Simplified - Uncover Time and Cost Saving PossibilitieseSource: Data Capture Simplified - Uncover Time and Cost Saving Possibilities
eSource: Data Capture Simplified - Uncover Time and Cost Saving Possibilities
 
The UK National Chemical Database Service – an integration of commercial and ...
The UK National Chemical Database Service – an integration of commercial and ...The UK National Chemical Database Service – an integration of commercial and ...
The UK National Chemical Database Service – an integration of commercial and ...
 
Approaches to Preservation Storage Technologies
Approaches to Preservation Storage Technologies Approaches to Preservation Storage Technologies
Approaches to Preservation Storage Technologies
 
June brownbagpressurvey
June brownbagpressurveyJune brownbagpressurvey
June brownbagpressurvey
 
ChemSpider as an integration hub for interlinked chemistry data
ChemSpider as an integration hub for interlinked chemistry dataChemSpider as an integration hub for interlinked chemistry data
ChemSpider as an integration hub for interlinked chemistry data
 
Online Psychological Testing by Australian Psychological Society (2018)
Online Psychological Testing by Australian Psychological Society (2018)Online Psychological Testing by Australian Psychological Society (2018)
Online Psychological Testing by Australian Psychological Society (2018)
 
Systems Engineering and Requirements Management in Medical Device Product Dev...
Systems Engineering and Requirements Management in Medical Device Product Dev...Systems Engineering and Requirements Management in Medical Device Product Dev...
Systems Engineering and Requirements Management in Medical Device Product Dev...
 
Challenges in medical imaging and the VISCERAL model
Challenges in medical imaging and the VISCERAL modelChallenges in medical imaging and the VISCERAL model
Challenges in medical imaging and the VISCERAL model
 
understanding the validity and increased scrutiny of data used for compliance...
understanding the validity and increased scrutiny of data used for compliance...understanding the validity and increased scrutiny of data used for compliance...
understanding the validity and increased scrutiny of data used for compliance...
 
Hazid & hazops
Hazid & hazopsHazid & hazops
Hazid & hazops
 
ACEDS Dallas - Back to School Lessons on the EDRM
ACEDS Dallas - Back to School Lessons on the EDRMACEDS Dallas - Back to School Lessons on the EDRM
ACEDS Dallas - Back to School Lessons on the EDRM
 
The Importance of Open Data and Models for Energy Systems Analysis
The Importance of Open Data and Models for Energy Systems AnalysisThe Importance of Open Data and Models for Energy Systems Analysis
The Importance of Open Data and Models for Energy Systems Analysis
 
Incident response
Incident responseIncident response
Incident response
 
Geoscientific Data Management Principles
Geoscientific Data Management PrinciplesGeoscientific Data Management Principles
Geoscientific Data Management Principles
 
Assurance Cases: Medical Device Summit West, San Francisco, CA. June 13, 2013
Assurance Cases: Medical Device Summit West, San Francisco, CA. June 13, 2013Assurance Cases: Medical Device Summit West, San Francisco, CA. June 13, 2013
Assurance Cases: Medical Device Summit West, San Francisco, CA. June 13, 2013
 
Lecture 4 Root Cause Analysis in Company
Lecture 4 Root Cause Analysis in CompanyLecture 4 Root Cause Analysis in Company
Lecture 4 Root Cause Analysis in Company
 
Ensuring data quality
Ensuring data qualityEnsuring data quality
Ensuring data quality
 
eSource, DIA EuroMeeting, Lisbon, March 2005
eSource, DIA EuroMeeting, Lisbon, March 2005eSource, DIA EuroMeeting, Lisbon, March 2005
eSource, DIA EuroMeeting, Lisbon, March 2005
 

More from EnergyTech2015

Tues PM banquet keynote featuring Virginia A Greiman
Tues PM banquet keynote featuring Virginia A GreimanTues PM banquet keynote featuring Virginia A Greiman
Tues PM banquet keynote featuring Virginia A GreimanEnergyTech2015
 
Mark Minnucci: Deployment of MBSE and the Emergence of a Systems-Thinking Cul...
Mark Minnucci: Deployment of MBSE and the Emergence of a Systems-Thinking Cul...Mark Minnucci: Deployment of MBSE and the Emergence of a Systems-Thinking Cul...
Mark Minnucci: Deployment of MBSE and the Emergence of a Systems-Thinking Cul...EnergyTech2015
 
Matthew Hause: The Smart Grid and MBSE Driven IoT
Matthew Hause: The Smart Grid and MBSE Driven IoT Matthew Hause: The Smart Grid and MBSE Driven IoT
Matthew Hause: The Smart Grid and MBSE Driven IoT EnergyTech2015
 
Bob Garrett: Network of Networks Analysis
Bob Garrett: Network of Networks AnalysisBob Garrett: Network of Networks Analysis
Bob Garrett: Network of Networks AnalysisEnergyTech2015
 
David Long Keynote on Beyond MBSE Looking Towards the Next Evolution in Syste...
David Long Keynote on Beyond MBSE Looking Towards the Next Evolution in Syste...David Long Keynote on Beyond MBSE Looking Towards the Next Evolution in Syste...
David Long Keynote on Beyond MBSE Looking Towards the Next Evolution in Syste...EnergyTech2015
 
John Nairus: Hybrid-Electric Propulsion
John Nairus: Hybrid-Electric Propulsion John Nairus: Hybrid-Electric Propulsion
John Nairus: Hybrid-Electric Propulsion EnergyTech2015
 
Neil Garrigan: Electric Drive Technology Considerations for Aircraft Propulsion
Neil Garrigan: Electric Drive Technology Considerations for Aircraft Propulsion Neil Garrigan: Electric Drive Technology Considerations for Aircraft Propulsion
Neil Garrigan: Electric Drive Technology Considerations for Aircraft Propulsion EnergyTech2015
 
EnergyTech2015 Program Guide
EnergyTech2015 Program GuideEnergyTech2015 Program Guide
EnergyTech2015 Program GuideEnergyTech2015
 

More from EnergyTech2015 (8)

Tues PM banquet keynote featuring Virginia A Greiman
Tues PM banquet keynote featuring Virginia A GreimanTues PM banquet keynote featuring Virginia A Greiman
Tues PM banquet keynote featuring Virginia A Greiman
 
Mark Minnucci: Deployment of MBSE and the Emergence of a Systems-Thinking Cul...
Mark Minnucci: Deployment of MBSE and the Emergence of a Systems-Thinking Cul...Mark Minnucci: Deployment of MBSE and the Emergence of a Systems-Thinking Cul...
Mark Minnucci: Deployment of MBSE and the Emergence of a Systems-Thinking Cul...
 
Matthew Hause: The Smart Grid and MBSE Driven IoT
Matthew Hause: The Smart Grid and MBSE Driven IoT Matthew Hause: The Smart Grid and MBSE Driven IoT
Matthew Hause: The Smart Grid and MBSE Driven IoT
 
Bob Garrett: Network of Networks Analysis
Bob Garrett: Network of Networks AnalysisBob Garrett: Network of Networks Analysis
Bob Garrett: Network of Networks Analysis
 
David Long Keynote on Beyond MBSE Looking Towards the Next Evolution in Syste...
David Long Keynote on Beyond MBSE Looking Towards the Next Evolution in Syste...David Long Keynote on Beyond MBSE Looking Towards the Next Evolution in Syste...
David Long Keynote on Beyond MBSE Looking Towards the Next Evolution in Syste...
 
John Nairus: Hybrid-Electric Propulsion
John Nairus: Hybrid-Electric Propulsion John Nairus: Hybrid-Electric Propulsion
John Nairus: Hybrid-Electric Propulsion
 
Neil Garrigan: Electric Drive Technology Considerations for Aircraft Propulsion
Neil Garrigan: Electric Drive Technology Considerations for Aircraft Propulsion Neil Garrigan: Electric Drive Technology Considerations for Aircraft Propulsion
Neil Garrigan: Electric Drive Technology Considerations for Aircraft Propulsion
 
EnergyTech2015 Program Guide
EnergyTech2015 Program GuideEnergyTech2015 Program Guide
EnergyTech2015 Program Guide
 

Recently uploaded

Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 

Recently uploaded (20)

Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 

Gareth Digby: Systems-Based Approach to Cyber Investigations

  • 1. DR GARETH DIGBY A Systems-based Approach To Cyber Investigations
  • 2. Introduction • This presentation outlines some of the issues associated with cyber investigation evidence collection, analysis and presentation • Simple holistic, system thinking approaches are outlined to help overcome the issues
  • 3. Background • The presentation builds on the Gareth Digby’s and Zane Scott’s, the authors, experience • Providing system thinking approaches to understand and tackle complex problems • Undertaking industrial investigations
  • 5. An Incident • “Failure is an unacceptable difference between expected and observed performance” • Leonards, American Society of Civil Engineers, 1982 • Three phases of process-related incidents • Change from normal to an abnormal operating state • Breakdown of control of abnormal operating phase • Loss of control (of energy accumulations) • Guidelines for Investigating Chemical Process Incidents, Center for Chemical Process Safety, American Institute of Chemical Engineers, 2003 • Causes may be a combination of interrelated deficiencies • Hence the complexity and confusion usually associated with an incident
  • 6. Evidence • Evidence has to support opinion • Evidence must be compelling and show through a preponderance of evidence that the fact is proven • Evidence has to be reliable • The chain of custody must be maintained ProvenKnown
  • 8. Capture • Digital evidence is volatile • We want to capture appropriate evidence in a timely manner
  • 10. Analyze • We want to analyze the evidence and then develop a hypothesis that we can test • The Scientific Method: • Collect data • Establish potential causes and hypothesis • Test for validity
  • 11. Analyze, contd. • However • Hypothesize • Collect data • Test • …. Constrains the exploration of an answer
  • 12. Present • Digital systems are inherently complex • Evidence includes a temporal component • The evidence, analysis and hypothesis have to be explained to non-specialists SimplifyClarify
  • 13. The Conundrum • Capture • Look in appropriate places for evidence • Analysis • Consider all aspects • Presentation • Effective visualization of complex data Use a systematic, holistic approach to collection, analysis and presentation of evidence
  • 14. People-System-Environment Matrix Before During After EnvironmentSystemPeople • Encourages thinking about the environment and people as well as the system of interest • Reminds us to think about the temporal aspects
  • 15. People-System-Environment Matrix • Alternatively known as the 9-Box Matrix • Developed by A. Chapanis and P. Fitts of the US Army Aero Medical Laboratory • Bibliography • “Utilizing The Human, Machine and Environment Matrix In Investigations”, D. Curry, et al, Packer Engineering, Naperville, IL
  • 16. Examples of Use • Using the approach to document evidence from an incident at an oil storage depot • Using the approach to document evidence from an assignment created for teaching computer forensics
  • 17. Oil Storage Depot Incident Scenario Based on a review of the Buncefield Major Incident Investigation Board reports http://www.hse.gov.uk/comah/investigation-reports.htm
  • 18. Example People-System-Environment Matrix Before During After EnvironmentSystemPeople Cold Weather Vapor Contamination Explosion Containment damage Mist reported before incident Tank overfill causes vapor cloud Tank filling overnight Control room operators start transfer Cold weather conditions Firefighters respond Firefighting foam contaminates water Why overfill? Broken level alarm Why ignition? Possibly start of fire pumps when alarm raised Why?Why?
  • 19. Fictional Scenario • In June 2009, King Claudius, following an incident in which a banned play was performed, exiled Hamlet. • However it came to light that Hamlet may have been unknowingly setup by others. • Apologies to Tom Stoppard, “Rosencrantz & Guildenstern Are Dead”
  • 20. People • King Claudius • Queen Gertrude • Hamlet • Rosencrantz • Guildenstern • Ophelia
  • 22. System(s) • Rosencrantz’s laptop • Guildenstern's laptop • Email • Instant messaging • USB memory stick • GPS
  • 24. Use Case Showing Temporal Aspects
  • 26. Simulate To Test Hypothesis
  • 28. Conclusion The presentation has shown how issues associated with the • Collection • Analysis • Presentation … of evidence in cyber investigations can be helped through • taking a holistic and systematic approach to the identification of evidence and • the use of existing systems methods to present the temporal, interrelated nature of the evidence