Held in Orlando, Florida at the National Center for Forensic Science at the University of Central Florida this IFIP Working Group is one part of the larger organization whose mission is: IFIP's mission is to be the leading, truly international, apolitical organization which encourages and assists in the development, exploitation and application of Information Technology for the benefit of all people. Parts of IF Held in Orlando, Florida at the National Center for Forensic Science at the University of Central Florida this IFIP Working Group is one part of the larger organization whose mission is:IFIP’s mission is to be the leading, truly international, apolitical organization which encourages and assists in the development, exploitation and application of Information Technology for the benefit of all people.Parts of IFIP consisist of TCs (Technical Commitees) and WGs (Working Groups) contribute to, and often lead, progresses in the state-of-knowledge andstate-of-the-art: voluntary work of its WG members is catalysed into creative synergy, with societal relevance. I got the chance to co-author a paper on the Role of Calibration in Establishing the Foundation for Expert Testimony with Barbara Endicott-Popovsky (University of Washington Center for Information Assurance and Cybersecurity) and Deborah A. Frincke (Cybersecurity Directorate Pacific Northwest National Labs). In a nutshell, we did a bunch of testing using a Spirent Test Center regarding the actual performance issues surrounding an aggregating tap typically used for Network Forensics. In this case we started with a NetOptics 10/100 copper aggregating tap with 1Mb of buffer. The point we’re trying to make is that aggregating taps can’t be used blindly and investigators need to be aware of their proper use and limitations.So anyway, our opening keynote was given by Peter “Mudge” Zatko now with BBN Technologies, former CEO and Chief Scientist, L0pht. So while his keynote covered quite a bit of territory he did raise some VERY interesting thoughts: Functional Fixation: Given the example of holding up a quarter, he would ask a group what it was. He related how he would get statements mostly along the line of “monetary exchange item” or such. Normally he would NOT get suggestions of how it is a: Decision maker, ie. flip a coin Door stop screwdriver etc He also mentioned how a new vulnerability could appear in a major operating system, what would you do? Wait for the vendor to release a patch with a set of system possibly open to attack? Read that the vulnerability was in the dcom routines and just desensitize these machines to dcom attacks?He also asked the group how many processors a typical laptop has in it? Most of us only counted CPU’s. He pointed out that something like a new Mac Laptop might have upwards of 50 processors in it. Heck, the old Gateway keyboards could store 128 characters per key that was intended to be used for macros. What he was really trying to do was to get us to stop fixating on traditional functions and look at how IT gear could be used for malicious means. Well, it was a great talk and we got to talk about some of the issues that the forensics community is going to have to deal with in the future. So while this is good news for malicious hackers, it’s bad news for companies actually interested in protecting itself from litigation and regulatory scrutiny.Look for more summaries on talks from the conference by forensic professionals from around the world. Technology Industry