Speaker: Professor Brian Levine

Department of Computer Science
University of Massachusetts Amherst

Biography: Dr. Brian Levine joined the UMass Computer Science faculty in Fall 1999 and is currently an associate professor. His research focuses on mobile networks, privacy and forensics, and the Internet, and he has published more than 60 papers on these topics. Much of his work is based experiments using a unique mobile network testbed, DieselNet, which is comprised of computer-equipped PVTA buses and a network of mesh APs in downtown Amherst. Brian's active funding includes awards from the National Science Foundation NETS, GENI, Trustworthy Computing, and SFS programs, DARPA's Disruption Tolerant Networking program, and the National Institute of Justice's Electronic Crime program. He received a CAREER award in 2002 for work in peer-to-peer networking, one of NSF's most prestigious awards for new faculty. He was a UMass Lilly Teaching Fellow in 2003 and was awarded his college's Outstanding Teacher Award in 2007. In 2008, he received the Alumni Award for Excellence in Science & Technology from his undergraduate alma mater, the State University of New York at Albany. He has served as an associate editor of IEEE/ACM Transactions on Networking since 2005, and is the co-founder of the ACM Northeast Digital Forensics Exchange Workshop. He received his PhD in Computer Engineering from the University of California, Santa Cruz in 1999.

Abstract: The strong impact of computing has revolutionized certain types of crime. Dissemination of data to peers is efficient because of the Internet, and criminals have de facto anonymity from exploiting open wireless access points. Mobile devices are extending the reach and character of the Internet and its relevance to crime. Fortunately, the use or even possession of computers by those that commit many crimes will typically result in digital evidence, and investigations of murder, contraband trafficking, identity and intellectual property theft, fraud, and espionage have shown.

In this talk, I review our current research projects in digital forensics that seek to address investigation of these crimes or other violations. First, I will focus on the wired Internet and our work investigating peer-to-peer file sharing networks, which support trafficking in contraband and the exploitation of children. The problem faced in these investigations is not discovering those who commit such crimes. The tools we have developed for P2P investigations are in everyday use by MA and PA State Police and has resulted in evidence of tens of thousands of users sharing such data. The challenge for investigators is instead deciding which of these myriad leads to follow up on next. P2P networks should be viewed as a massive data set representing the dynamic exchange of resources between users. And the most productive next investigation is the user that is selected based on an analysis past network activity. For example, who is often source of new content on the network? Who is a trove of existing data? Ideally, these network characteristics can be linked to real criminological behaviors.

Second, I will focus on wireless and cellular devices. These systems break several assumptions of traditional digital forensics: network addresses are not fixed, geographic locations are not fixed, often the connection is encrypted, and the underlying OS and software is varied and constantly changing. I will review our approaches to addressing some of these problems, including profiling of encrypted network traffic received by a device and reverse engineering of the format and function of data found on a mobile device.