A High-Tech R&D Agenda

A Dartmouth College think tank, the Institute for Security Technology Studies (ISTS), released the third of three reports that analyze and prioritize the technology needs of cyberattack investigators. While the first paper collected data from these cybercrime fighters and the second provided a gap analysis showing the products that exist to assist law enforcement in fighting online crime, the third, Law Enforcement Tools and Technologies for Investigating Cyber Attacks: A National Research and Development Agenda, describes the "critical problem areas encountered during cyber attack investigations that may be addressed through research and development."

Researchers concluded that new technologies could help investigators during the initial investigation in areas such as automating the collection of data from multiple operating systems and graphically representing network topologies to expedite investigations "and alleviate dependence on insiders during data collection tasks." They also noted that law enforcement needs ways to analyze large data sets often found in cybercrime cases; for example, the report notes that from 2002 to 2003, the amount of data examined by the FBI's Computer Analysis and Response team increased by a staggering 432 petabytes.

Later in the investigation, other needed tools include reasonably priced log analysis software that provides findings in easily understood graphical format that can help juries understand technical evidence. Also needed is technology that would "provide the capability to detect, trace, and counter IP spoofing," an area the report calls a "difficult, yet essential, research challenge." The only software available to detect spoofing are the same ones used by attackers and "are not intended as forensically sound utilities."

Finally, the report examined technologies that require significant research and development. These include tools to overcome the use of encryption (which emerged as the most critical concern in the previous report) and steganography, in which evidence is hidden in innocent-looking images or files.

@ Read the full report at SM Online.