The focus “Cyber Security & IT Forensics” deals with selected topics related to the security of the computer infrastructure, such as confidentiality, integrity and availability of data, but also with questions related to the protection of privacy. The digital society only functions if people can rely on a secure and trustworthy computer infrastructure. This consists of powerful end devices, omnipresent networks and central servers. Confidentiality, integrity and availability of data, but also protection of privacy are central to this. The focus is on the devices that people use directly and daily: their smartphones, tablets or laptops. Malware It is primarily these devices that are attacked by malware. Criminal elements spread malware around the world with the aim of deriving economic or financial benefit from it. Malware is a computer programme that usually performs unwanted functions invisibly. They appear in a wide variety of forms:
- Computer viruses are programmes that spread copies of themselves via the exchange of documents on storage media
- Computer worms infect other computers via networks
- Trojan horses, on the other hand, are programmes that superficially benefit the user, but invisibly perform unwanted functions in the background, such as stealing passwords or contact information.
- Recently, the number of cases in which so-called ransomware is used has increased. These are malware programmes that encrypt the user data of a system with a secret key, so that their access is blocked by the user for the time being. Access is only possible again after the payment of a ransom (ransom) by the communication of a secret key.
Protection through research In our research, we investigate how malware works. We try to understand how they work, how they spread and what they do. We also study the development history of the malware. Understanding the development history helps us to better protect and anticipate the systems. Our know-how is in demand from companies and service providers who provide security-critical computer infrastructure and/or use it themselves. On the other hand, the knowledge gained flows into teaching, for example so that students learn how to write robust software that is resistant to attacks of this kind. Protection of privacy Computers and terminals, networked with the Internet, represent a combination of private and public space, similar to private living space and public space (streets, squares, transport systems, public services). Just as there is protection of private information (for example, medical secrecy, voting secrecy) in real spaces, there must be the same protection in cyberspace. We are dealing with the question of how this protection can be provided on the basis of concrete issues such as e-voting, personal health data or mobility pricing. IT forensics If norms established by society are violated, it is important to record the facts in the case of suspicious incidents. As in the real world, traces of criminal acts must also be recorded in cyberspace, and in such a way that their evidence will stand up before a judge. The question here is: Are there traces in the suspects’ devices that confirm a criminal act that has been committed? Our research focuses on the field of memory forensics. On the teaching side, we actively help in the Master’s training course Maîtrise universitaire ès Sciences en science forensique orientation investigation et identification numériques at the University of Lausanne.