Anti-Forensics and the Case for Studying People

Posted by mouthyb | Posted in , | Posted on 4:23 PM


I have IRL friends who are most kind to me, in terms of sending really fascinating articles over messenger. One of them, a CS security specialist, sends me an article on security which discuss the need for statistical analysis of the individuals involved in computer crime and for techniques which encompass not just the cordoning off of the computer/s involved, but the ability to formulate narratives of crime and interrogate witnesses as a tool for understanding where to look.

I was surprised to find out, considering the heavy statistical content of models for network and demand analysis, that computer scientists at my university are not required to take any statistics. In fact, while they are required to take conventional math courses through discrete math and perform proofs, they do not necessarily have to model using statistics, either.

This rather blows my mind, considering the utility of statistics to model diverse systems in which (as with all human behavior) the outcome is not fully known. Some of the algorithms with which I am familiar, like TidalTrust and eigentrust, use statistical methods for scaling potential behavior between pairs in a network, as a way of looking at the dynamics between aggregate groups online, where the users involved have little way of knowing each other and make decisions about trust.

Obviously, choosing to trust someone (like, for instance, choosing to make an exception in your computer's firewall for a site) is both not 100% predictable, and very contingent on the individual user. The question of studying human behavior comes up in the conversation on dealing with users and attacks for a reason: those statistical tools offer the best chance of understanding trends once you've released software (or in this case a virus) into the wild, where programs and users interact.

In the article my friend sent me, the person writing bemoans the fact that despite extraordinarily complex tools in computer crime forensics, finding the individual hacker using only the tools of that field is close to impossible in a sophisticated attack because of the rapid development of anti-forensics tools, the broad way these tools are available and a general inability to trust the findings of the computer, alone. The actions which have yielded the best results combined something of being a detective in homicide, statistical analysis and, of course, continued development in forensics, since those tools are the baseline for gathering information.

I've heard it said often that anything which studies people can't be real science. This is as data-driven, if alternately modeled, as it's possible to be when studying something released into the wild.

And this is the kind of thing I can't wait to be doing.

Comments (0)

Post a Comment