Helping Making Digital Investigations More Scientific: Meet Napier One
In research, we often focus on providing datasets that can repeatable results. This helps catch those who may pick results that are fake, and also ones that have been carefully selected to show favourable results. And so, in many areas of machine learning, intrusion detection systems (IDSs) and cybersecurity, we use standardized datasets which allow researchers (and developers) to test their models. This produces repeatable results, but should also be representative of real-life conditions.
And, so, if there’s one area of cybersecurity that needs a scientific process it is around the area of incident response and in the gathering of digital data for investigation. Simon Garfinkel is one of the leaders in developing a range of standard datasets that could be used to test investigation tools, and also for datasets that could be used for training. In a classic paper in 2009, Simon and others outlined how we could move the area of digital forensics into a more scientific discipline [1]:
This resulted in the creation of a wide range of relevant datasets for mobile phone analysis, disk analysis, and many other areas [here]:
