Dartmouth Institute examines cyber attack investigation preparedness

June 19, 2002

HANOVER, N.H. - A report released this week by researchers at Dartmouth's Institute for Security Technology Studies (ISTS) examines the state of investigative tools needed by law enforcement officials who fight cyber crime, committed not only by terrorists but also by organized crime groups, individual "hackers" or nation-states.

The report, titled "Law Enforcement Tools and Technologies for Investigating Cyber Attacks: A National Needs Assessment," details the technology hurdles faced by cyber crime investigators and outlines a wish list of tools and technologies required to do this job better. The report is available on the Internet at , and it is primarily intended for law enforcement officials at each level of government.

Cyber attacks can take many forms: computer intrusions to steal or destroy information; denial-of-service attacks, which can shut down computer networks; or destructive viruses or worms, which propagate automatically and can damage computer networks around the world.

"This report is the first step toward establishing a national research and development agenda on combating cyber attacks," says Michael Vatis, Director of ISTS. "Cyber attacks pose a threat to our national security and our economy, and they are increasing in number, sophistication and severity.

Law enforcement personnel need to be better prepared to prevent and respond to cyber attacks at the federal, state and local levels. The R&D community can play a critical role by developing new technologies that assist investigators in their responsibilities. This report provides useful guidance to researchers in industry, academia and government."

The report outlines areas where focused R&D attention would have the greatest impact in helping address this increasing threat.

"We found that one of the greatest challenges facing cyber investigators is in the area of log analysis," says Andrew Macpherson, Acting Assistant Director of Law Enforcement Programs at ISTS and one of the report's writers. "This makes sense. After all, when an attack is detected, gathering data from a network's activity logs is the logical source to find out what happened. Having better tools to examine those logs is essential."

The ISTS report features seven areas of concern:
  • Preliminary Data Collection: Investigators need tools to automate the collection of data files from multiple operating systems in a victim's network and a better way to retrieve, store and analyze very large volumes of evidence. Also required are an automated process to create a map of a victim's network and an attack-specific data recovery tool.
  • Log Analysis: Investigators need tools that recognize and import activity logs from multiple platforms across a network, reconstruct damaged logs and analyze the data. They also need the ability to organize the log data in a compatible format to share with other law enforcement agencies.
  • Internet Protocol Tracing: Cyber attackers sometimes mask their identity to evade detection or use publicly accessible computers. A combination of technological solutions and changes in public policy would help investigators trace an attack to its source.
  • Emerging Technologies: Keeping up with new technologies remains a priority for cyber crime fighters. Successful cyber attack investigations need to be able to circumvent unbreakable encryption, locate the source of mobile or wireless network attacks, and discover hidden programs, images or signatures on a seized computer.
  • Information Sharing: The ability to share information across agencies would greatly aid in cyber attack investigations. In addition, investigators need a directory or database of cyber crime investigators in each jurisdiction, listing each person's expertise and contact information, to enhance cooperation and information sharing during investigations.
  • Multiple Skill Levels: Because investigators' technical skills and experience vary greatly in this new and rapidly evolving field, new crime-fighting tools must have a built-in capability to adjust to the skill level of the investigator. Help files should accompany all new technology.
  • Ongoing Training: Keeping abreast of new and emerging technology is the backbone to remaining prepared to address this sophisticated type of crime. Efforts should be made to assess current training programs and identify gaps in order to create a national training and development strategy.
ISTS researchers gathered data from a web-based survey of select law enforcement personnel, from site visits to law enforcement agencies, and from a two-day workshop, which convened an expert group of current and former cyber attack investigators and prosecutors. The data revealed numerous technological obstacles to investigating computer network attacks. ISTS personnel are already working on the next step, to evaluate the existing tools and technology in order to find the gaps where the needed technology does not exist so that R&D initiatives can be prioritized accordingly.
Background on ISTS: Dartmouth's Institute for Security Technology Studies (ISTS) serves as a national center for counter-terrorism and cyber security technology research, development and assessment. It is funded in part through the U.S. Justice Department's National Institute of Justice, Office of Science and Technology, and the U.S. Commerce Department's National Institute of Standards and Technology.

Dartmouth College

Related Technology Articles from Brightsurf:

December issue SLAS Technology features 'advances in technology to address COVID-19'
The December issue of SLAS Technology is a special collection featuring the cover article, ''Advances in Technology to Address COVID-19'' by editors Edward Kai-Hua Chow, Ph.D., (National University of Singapore), Pak Kin Wong, Ph.D., (The Pennsylvania State University, PA, USA) and Xianting Ding, Ph.D., (Shanghai Jiao Tong University, Shanghai, China).

October issue SLAS Technology now available
The October issue of SLAS Technology features the cover article, 'Role of Digital Microfl-uidics in Enabling Access to Laboratory Automation and Making Biology Programmable' by Varun B.

Robot technology for everyone or only for the average person?
Robot technology is being used more and more in health rehabilitation and in working life.

Novel biomarker technology for cancer diagnostics
A new way of identifying cancer biomarkers has been developed by researchers at Lund University in Sweden.

Technology innovation for neurology
TU Graz researcher Francesco Greco has developed ultra-light tattoo electrodes that are hardly noticeable on the skin and make long-term measurements of brain activity cheaper and easier.

April's SLAS Technology is now available
April's Edition of SLAS Technology Features Cover Article, 'CURATE.AI: Optimizing Personalized Medicine with Artificial Intelligence'.

Technology in higher education: learning with it instead of from it
Technology has shifted the way that professors teach students in higher education.

Post-lithium technology
Next-generation batteries will probably see the replacement of lithium ions by more abundant and environmentally benign alkali metal or multivalent ions.

Rethinking the role of technology in the classroom
Introducing tablets and laptops to the classroom has certain educational virtues, according to Annahita Ball, an assistant professor in the University at Buffalo School of Social Work, but her research suggests that tech has its limitations as well.

The science and technology of FAST
The Five hundred-meter Aperture Spherical radio Telescope (FAST), located in a radio quiet zone, with the targets (e.g., radio pulsars and neutron stars, galactic and extragalactic 21-cm HI emission).

Read More: Technology News and Technology Current Events
Brightsurf.com is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to Amazon.com.