Jonathan Grier

Last updated
Jonathan Grier
Nationality United States
Known for Stochastic forensics
Scientific career
Fields Computer Science

Jonathan Grier is a computer scientist, consultant, and entrepreneur. He is best known for his work on stochastic forensics and insider data theft. [1] [2] [3] [4] He has also contributed to computer security, digital forensics, and software development. [1] [4] [5]

A computer scientist is a person who has acquired the knowledge of computer science, the study of the theoretical foundations of information and computation and their application.

Stochastic forensics is a method to forensically reconstruct digital activity lacking artifacts, by analyzing emergent properties resulting from the stochastic nature of modern computers. Unlike traditional computer forensics, which relies on digital artifacts, stochastic forensics does not require artifacts and can therefore recreate activity which would otherwise be invisible. Its chief application is the investigation of insider data theft.

Data theft is a growing phenomenon primarily caused by system administrators and office workers with access to technology such as database servers, desktop computers and a growing list of hand-held devices capable of storing digital information, such as USB flash drives, iPods and even digital cameras. Since employees often spend a considerable amount of time developing contacts and confidential and copyrighted information for the company they work for, they may feel they have some right to the information and are inclined to copy and/or delete part of it when they leave the company, or misuse it while they are still in employment. They can be sold and bought and then used by criminals and criminal organizations. Alternatively, an employee may choose to deliberately abuse trusted access to information for the purpose of exposing misconduct by the employer; From the perspective of the society such an act of whistleblowing can be seen as positive and is in certain situations protected by law in some jurisdictions, such as the USA.

Contents

Grier is a frequent speaker at computer conferences such as Black Hat, ACSAC, and DFRWS. [6] [7] [8] [9] His research has appeared in the Journal of Digital Investigation, SecurityFocus, Digital Forensics Magazine and InformationWeek. [1] [2] [5] His work has been cited by Microsoft Press, IBM Internet Security Systems, Hewlett-Packard, SC Magazine and the FBI National Infrastructure Protection Center. [4] [10] [11] [12] [13] [14] [15]

Black Hat Briefings computer security conference

Black Hat Briefings is a computer security conference that provides security consulting, training, and briefings to hackers, corporations, and government agencies around the world. Black Hat brings together a variety of people interested in information security ranging from non-technical individuals, executives, hackers, and industry leading security professionals. The conference takes place regularly in Las Vegas, Barcelona, London, Abu Dhabi. The conference has also been hosted in Amsterdam, Tokyo and Washington, D.C. in the past.

SecurityFocus is an online computer security news portal and purveyor of information security services. Home to the well-known Bugtraq mailing list, SecurityFocus columnists and writers included former Department of Justice cybercrime prosecutor Mark Rasch, and hacker-turned-journalist Kevin Poulsen.

<i>InformationWeek</i> monthly web magazine

InformationWeek is a digital magazine which conducts corresponding face-to-face events, virtual events, and research. It is headquartered in San Francisco, California and was first published in 1985 by CMP Media, later called UBM Technology Group.

Grier is an advisor to private clients in computer security, software development and information technology, [4] and conducts training in computer security and forensics for private clients and the Department of Defense Cyber Crime Center. [16]

Computer security, cybersecurity or information technology security is the protection of computer systems from theft or damage to their hardware, software or electronic data, as well as from disruption or misdirection of the services they provide.

Software development is the process of conceiving, specifying, designing, programming, documenting, testing, and bug fixing involved in creating and maintaining applications, frameworks, or other software components. Software development is a process of writing and maintaining the source code, but in a broader sense, it includes all that is involved between the conception of the desired software through to the final manifestation of the software, sometimes in a planned and structured process. Therefore, software development may include research, new development, prototyping, modification, reuse, re-engineering, maintenance, or any other activities that result in software products.

Information technology (IT) is the use of computers to store, retrieve, transmit, and manipulate data, or information, often in the context of a business or other enterprise. IT is considered to be a subset of information and communications technology (ICT). An information technology system is generally an information system, a communications system or, more specifically speaking, a computer system – including all hardware, software and peripheral equipment – operated by a limited group of users.

Research

In 2010, Grier introduced stochastic forensics as an alternative to traditional digital forensics which typically relies on digital artifacts. [2] Stochastic forensics' chief application is investigation of data theft, especially by insiders. [2] Grier was inspired by the statistical mechanics method used in physics. [5]

Digital forensics

Digital forensics is a branch of forensic science encompassing the recovery and investigation of material found in digital devices, often in relation to computer crime. The term digital forensics was originally used as a synonym for computer forensics but has expanded to cover investigation of all devices capable of storing digital data. With roots in the personal computing revolution of the late 1970s and early 1980s, the discipline evolved in a haphazard manner during the 1990s, and it was not until the early 21st century that national policies emerged.

Digital artifact Undesired or unintended alteration in data introduced in a digital process by an involved technique and/or technology

Digital artifact in information science, is any undesired or unintended alteration in data introduced in a digital process by an involved technique and/or technology. In anthropology and archeology a digital artifact is an artifact that is of a digital nature or creation. For example, a gif is such an artifact.

Insider threat

An insider threat is a malicious threat to an organization that comes from people within the organization, such as employees, former employees, contractors or business associates, who have inside information concerning the organization's security practices, data and computer systems. The threat may involve fraud, the theft of confidential or commercially valuable information, the theft of intellectual property, or the sabotage of computer systems. The insider threat comes in three categories: 1) malicious insiders, which are people who take advantage of their access to inflict harm on an organization; 2) negligent insiders, which are people who make errors and disregard policies, which place their organizations at risk; and 3) infiltrators, who are external actors that obtain legitimate access credentials without authorization.

In 2001, Grier exposed several security flaws in a number of techniques then popular in Common Gateway Interface web applications. [11] This was a contributing factor in the move from flat file databases to modern database management systems. [17]

In computing, Common Gateway Interface (CGI) offers a standard protocol for web servers to execute programs that execute like console applications running on a server that generates web pages dynamically. Such programs are known as CGI scripts or simply as CGIs. The specifics of how the script is executed by the server are determined by the server. In the common case, a CGI script executes at the time a request is made and generates HTML.

Other

Grier is a member of the Association of Orthodox Jewish Scientists, where he lectures on the intersection of Halakha with computer science and physics. [18]

The Association of Orthodox Jewish Scientists (AOJS) is an organization of scientists that focuses on the interrelationships between science and Halakha.

Halakha is the collective body of Jewish religious laws derived from the written and Oral Torah. Halakha is based on biblical commandments (mitzvot), subsequent Talmudic and rabbinic law, and the customs and traditions compiled in the many books such as the Shulchan Aruch. Halakha is often translated as "Jewish Law", although a more literal translation might be "the way to behave" or "the way of walking". The word derives from the root that means "to behave". Halakha guides not only religious practices and beliefs, but also numerous aspects of day-to-day life.

Computer science Study of the theoretical foundations of information and computation

Computer science is the study of processes that interact with data and that can be represented as data in the form of programs. It enables the use of algorithms to manipulate, store, and communicate digital information. A computer scientist studies the theory of computation and the practice of designing software systems.

In 1994, Yeshiva University named Grier a Yeshiva University Distinguished Scholar.

Related Research Articles

Cybercrime, or computer-oriented crime, is a crime that involves a computer and a network. The computer may have been used in the commission of a crime, or it may be the target. Cybercrimes can be defined as: "Offences that are committed against individuals or groups of individuals with a criminal motive to intentionally harm the reputation of the victim or cause physical or mental harm, or loss, to the victim directly or indirectly, using modern telecommunication networks such as Internet and mobile phones (Bluetooth/SMS/MMS)". Cybercrime may threaten a person or a nation's security and financial health. Issues surrounding these types of crimes have become high-profile, particularly those surrounding hacking, copyright infringement, unwarranted mass-surveillance, sextortion, child pornography, and child grooming. There are also problems of privacy when confidential information is intercepted or disclosed, lawfully or otherwise. Debarati Halder and K. Jaishankar further define cybercrime from the perspective of gender and defined 'cybercrime against women' as "Crimes targeted against women with a motive to intentionally harm the victim psychologically and physically, using modern telecommunication networks such as internet and mobile phones". Internationally, both governmental and non-state actors engage in cybercrimes, including espionage, financial theft, and other cross-border crimes. Cybercrimes crossing international borders and involving the actions of at least one nation state is sometimes referred to as cyberwarfare.

Computer forensics

Computer forensics is a branch of digital forensic science pertaining to evidence found in computers and digital storage media. The goal of computer forensics is to examine digital media in a forensically sound manner with the aim of identifying, preserving, recovering, analyzing and presenting facts and opinions about the digital information.

InfraGard organization

InfraGard is a non-profit organization serving as a public-private partnership between U.S. businesses and the Federal Bureau of Investigation. The organization is an information sharing and analysis effort serving the interests, and combining the knowledge base of, a wide range of private sector and government members. InfraGard is an association of individuals that facilitates information sharing and intelligence between businesses, academic institutions, state and local law enforcement agencies, and other participants dedicated to prevent hostile acts against the United States. InfraGard's mutual nondisclosure agreements among its members (individuals) and the FBI promotes trusted discussions of vulnerabilities and solutions that companies and individuals may be hesitant to place in the public domain and provide access to additional threat information from the FBI.

Simson Garfinkel American academic and journalist

Simson L. Garfinkel is the US Census Bureau's Senior Computer Scientist for Confidentiality and Data Access. Previously, he was a computer scientist at the National Institute of Standards and Technology (2015-2017) and, prior to that, an associate professor at the Naval Postgraduate School in Monterey, California (2006-2015). In addition to his research, Garfinkel is a journalist, an entrepreneur, and an inventor; his work is generally concerned with computer security, privacy, and information technology.

Anti-computer forensics is a general term for a set of techniques used as countermeasures to forensic analysis.

The Institute for Information Infrastructure Protection (I3P) is a consortium of national cyber security institutions, including academic research centers, U.S. federal government laboratories, and nonprofit organizations, all of which have long-standing, widely recognized expertise in cyber security research and development (R&D). The I3P is managed by The George Washington University, which is home to a small administrative staff that oversees and helps direct consortium activities.

Howard Schmidt American computer security expert

Howard Anthony Schmidt was a partner with Tom Ridge in Ridge Schmidt Cyber LLC, a consultancy company in the field of cybersecurity. He was the Cyber-Security Coordinator of the Obama Administration, operating in the Executive Office of the President of the United States. He announced his retirement from that position on May 17, 2012, effective at the end of the month.

Department of Defense Cyber Crime Center

The Department of Defense Cyber Crime Center (DC3) is designated as a Federal Cyber Center by National Security Presidential Directive 54/Homeland Security Presidential Directive 23, as a Department of Defense (DoD) center of excellence for Digital and Multimedia (D/MM) forensics by DoD Directive 5505.13E, and serves as the operational focal point for the Defense Industrial Base (DIB) Cybersecurity and Information Assurance (CS/IA) Program. DC3 operates under the Air Force Office of Special Investigations.

Eoghan Casey is a digital forensics professional, researcher, and author. Casey has conducted a wide range of digital investigations, including data breaches, fraud, violent crimes, identity theft, and on-line criminal activity. He is also a member of the Digital/Multimedia Scientific Area Committee of the Organization for Scientific Area Committees. He helps organize the digital forensic research DFRWS.org conferences each year, and is on the DFRWS Board of Directors. He has a B.S. in Mechanical Engineering from the University of California, Berkeley, an M.A. in Educational Communication and Technology from New York University, and a Ph.D. in Computer Science from University College Dublin.

FBI Criminal, Cyber, Response, and Services Branch

The Criminal, Cyber, Response, and Services Branch (CCRSB) is a service within the Federal Bureau of Investigation (FBI). Created in 2002 as part of the U.S. government's post-9/11 response, the CCRSB is responsible for investigating financial crime, white-collar crime, violent crime, organized crime, public corruption, violations of individual civil rights, and drug-related crime. In addition, the Branch also oversees all computer-based crime related to counterterrorism, counterintelligence, and criminal threats against the United States.

The FBI Cyber Division is a Federal Bureau of Investigation division which heads the national effort to investigate and prosecute internet crimes, including "cyber based terrorism, espionage, computer intrusions, and major cyber fraud." This division of the FBI uses the information it gathers during investigation to inform the public of current trends in cyber crime.Federal Bureau of Investigation It focuses around three main priorities: computer intrusion, identity theft, and cyber fraud. It was created in 2002.

Carl E. Landwehr is an American computer scientist whose research focus is cybersecurity and trustworthy computing. His work has addressed the identification of software vulnerabilities toward high assurance software development, architectures for intrusion-tolerant and multilevel security systems, token-based authentication, and system evaluation and certification methods. In an invited essay for ACSAC 2013, he proposed the idea of developing building codes for building software that is used in critical infrastructures. He has been invited to present this idea at various professional meetings and organized an NSF funded workshop to develop a building code and research agenda for medical device software security. The final committee report is available through the Cyber Security and Policy Institute of the George Washington University, and the building code through the IEEE.

Microsoft Digital Crimes Unit organization

The Microsoft Digital Crimes Unit (DCU) is a Microsoft sponsored team of international legal and internet security experts employing the latest tools and technologies to stop or interfere with cyber crime and cyber threats.The Microsoft Digital Crimes Unit was assembled in 2008. Shortly after in 2013 a Cybercrime center for the DCU was opened in Redmond, Washington. There are about 100 members of the DCU stationed just in Redmond, Washington at the original Cybercrime Center. Members of the DCU consist of Lawyers, Data Scientists, Investigators, Forensic Analysts, and Engineers to list a few. The DCU has international offices located in major cities such as: Beijing, Berlin, Bogota, Delhi, Dublin, Hong Kong, Sydney, and Washington, D.C. The DCU's main focuses are child protection, copyright infringement and malware crimes. The DCU must work closely with law enforcement to ensure the perpetrators are punished to the full extent of the law. The DCU has taken down many major botnets such as the Citadel, Rustock, and Zeus. Around the world malware has cost users about $113 billion and the DCU's jobs is to shut them down in accordance with the law.

Georgios (George) V. Magklaras is a computer scientist working as a Senior Computer Systems Engineer at the University of Oslo, in Norway. He also co-founded Steelcyber Scientific, an information security based consultancy specializing in digital forensics. He is an information security researcher and developed methods in the field of insider IT misuse detection and prediction and digital forensics. He is also an active systems administrator information security consultant and Information Technology practitioner working with High Performance Computing, especially in the fields of Life Sciences and Bioinformatics applications. He has been a strong advocate of Linux, Open Source tools and the Perl programming language and has given a series of lectures internationally in the fields of Intrusion Detection Systems, Digital Forensics, Bioinformatics, Computer Programming and Systems Administration.

The following outline is provided as an overview of and topical guide to computer security:

Stefano Fratepietro is an Italian IT Security Expert also known as "hacker buono" and is the developer of the Deft Linux Distribution.

References

  1. 1 2 3 Grier, Jonathan (2011). "Detecting data theft using stochastic forensics". Journal of Digital Investigation. 8(Supplement), S71-S77.
  2. 1 2 3 4 Schwartz, Mathew J. (December 13, 2011)."How Digital Forensics Detects Insider Theft". InformationWeek .
  3. Chickowski, Ericka (June 26, 2012). "New Forensics Method May Nab Insider Thieves". Dark Reading.
  4. 1 2 3 4 "Insider Threat Spotlight". (August 2012). SC Magazine
  5. 1 2 3 Grier, Jonathan (May 2012). "Investigating Data Theft with Stochastic Forensics". "Digital Forensics Magazine."
  6. Black Hat Briefings , USA 2012.Catching Insider Data Theft with Stochastic Forensics.
  7. ACSAC,. ACSAC 2012 Program.
  8. ACSAC, ACSAC 2011 Program.
  9. DFRWS, DFRWS 2011 Agenda Archived 2013-03-14 at the Wayback Machine ..
  10. Howard, Michael and David LeBlanc (2001). Writing Secure Code. Microsoft Press
  11. 1 2 IBM Internet Security Systems (2001). Xforce Database.
  12. Hewlett-Packard (2010-09-15). HP Security Bulletin. Accessed 2013-02-08.
  13. FBI National Infrastructure Protection Center (2001). Cybernotes. Issue 2001-8.
  14. FBI National Infrastructure Protection Center (2001). Cybernotes. Issue 2001-10.
  15. FBI National Infrastructure Protection Center (2001). Cybernotes. Issue 2001-15.
  16. Department of Defense Cyber Crime Center, 2012 DC3 Agenda.
  17. SecurityWatch (July 12, 2001). Get Ready for the CGI updates!
  18. Association of Orthodox Jewish Scientists, AOJS 2012 Summer Convention Program.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.