Open Access. Powered by Scholars. Published by Universities.®
Articles 1 - 13 of 13
Full-Text Articles in Entire DC Network
Digital Forensic Readiness Intelligence Crime Repository, Victor R. Kebande, Nickson M. Karie, Kim-Kwang R. Choo, Sadi Alawadi
Digital Forensic Readiness Intelligence Crime Repository, Victor R. Kebande, Nickson M. Karie, Kim-Kwang R. Choo, Sadi Alawadi
Research outputs 2014 to 2021
It may not always be possible to conduct a digital (forensic) investigation post-event if there is no process in place to preserve potential digital evidence. This study posits the importance of digital forensic readiness, or forensic-by-design, and presents an approach that can be used to construct a Digital Forensic Readiness Intelligence Repository (DFRIR). Based on the concept of knowledge sharing, the authors leverage this premise to suggest an intelligence repository. Such a repository can be used to cross-reference potential digital evidence (PDE) sources that may help digital investigators during the process. This approach employs a technique of capturing PDE from …
Digital Forensic Readiness In Operational Cloud Leveraging Iso/Iec 27043 Guidelines On Security Monitoring, Sheunesu Makura, H. S. Venter, Victor R. Kebande, Nickson M. Karie, Richard A. Ikuesan, Sadi Alawadi
Digital Forensic Readiness In Operational Cloud Leveraging Iso/Iec 27043 Guidelines On Security Monitoring, Sheunesu Makura, H. S. Venter, Victor R. Kebande, Nickson M. Karie, Richard A. Ikuesan, Sadi Alawadi
Research outputs 2014 to 2021
An increase in the use of cloud computing technologies by organizations has led to cybercriminals targeting cloud environments to orchestrate malicious attacks. Conversely, this has led to the need for proactive approaches through the use of digital forensic readiness (DFR). Existing studies have attempted to develop proactive prototypes using diverse agent-based solutions that are capable of extracting a forensically sound potential digital evidence. As a way to address this limitation and further evaluate the degree of PDE relevance in an operational platform, this study sought to develop a prototype in an operational cloud environment to achieve DFR in the cloud. …
Ontology‐Driven Perspective Of Cfraas, Victor R. Kebande, Nickson M. Karie, Richard A. Ikuesan, Hein S. Venter
Ontology‐Driven Perspective Of Cfraas, Victor R. Kebande, Nickson M. Karie, Richard A. Ikuesan, Hein S. Venter
Research outputs 2014 to 2021
A Cloud Forensic Readiness as a Service (CFRaaS) model allows an environment to preemptively accumulate relevant potential digital evidence (PDE) which may be needed during a post‐event response process. The benefit of applying a CFRaaS model in a cloud environment, is that, it is designed to prevent the modification/tampering of the cloud architectures or the infrastructure during the reactive process, which if it could, may end up having far‐reaching implications. The authors of this article present the reactive process as a very costly exercise when the infrastructure must be reprogrammed every time the process is conducted. This may hamper successful …
Acquisition Of Evidence From Network Intrusion Detection Systems, Brian Cusack, Muteb Alqahtani
Acquisition Of Evidence From Network Intrusion Detection Systems, Brian Cusack, Muteb Alqahtani
Australian Digital Forensics Conference
The literature reviewed suggests that Network Intrusion Systems (NIDS) are valuable tools for the detection of malicious behaviour in network environments. NIDS provide alerts and the trigger for rapid responses to attacks. Our previous research had shown that NIDS performance in wireless networks had a wide variation under different workloads. In this research we chose wired networks and asked the question: What is the evidential value of NIDS? Three different NIDS were tested under two different attacks and with six different packet rates. The results were alarming. As the work loading increased the NIDS detection capability fell rapidly and as …
Identifying Bugs In Digital Forensic Tools, Brian Cusack, Alain Homewood
Identifying Bugs In Digital Forensic Tools, Brian Cusack, Alain Homewood
Australian Digital Forensics Conference
Bugs can be found in all code and the consequences are usually managed through upgrade releases, patches, and restarting operating systems and applications. However, in mission critical systems complete fall over systems are built to assure service continuity. In our research we asked the question, what are the professional risks of bugs in digital forensic tools? Our investigation reviewed three high use professional proprietary digital forensic tools, one in which we identified six bugs and evaluated these bug in terms of potential impacts on an investigator’s work. The findings show that yes major brand name digital forensic tools have software …
Tracing Vnc And Rdp Protocol Artefacts On Windows Mobile And Windows Smartphone For Forensic Purpose, Paresh Kerai
Tracing Vnc And Rdp Protocol Artefacts On Windows Mobile And Windows Smartphone For Forensic Purpose, Paresh Kerai
International Cyber Resilience conference
Remote access is the means of acquiring access to a computer or network remotely or from distance. It is typically achieved through the internet which connects people, corporate offices and telecommuters to the internal network of organizations or individuals. In recent years there has been a greater adoption of remote desktop applications that help administrators to configure and repair computers remotely over the network. However, this technology has also benefited cyber criminals. For example they can connect to computers remotely and perform illegal activity over the network. This research will focus on Windows mobile phones and the Paraben forensics software …
A Study Into The Forensic Recoverability Of Data From 2nd Hand Blackberry Devices: World-Class Security, Foiled By Humans, Craig Valli, Andrew Jones
A Study Into The Forensic Recoverability Of Data From 2nd Hand Blackberry Devices: World-Class Security, Foiled By Humans, Craig Valli, Andrew Jones
Research outputs pre 2011
Blackberry RIM devices are arguably one of the more secure platforms for email, calendaring and voice. It is one of the few devices in this arena that has approval for carrying restricted security classifications. Blackberry devices do suffer from the same basic fundamental flaw in that they have a human operator. This research was about the blind purchase of Blackberry devices from auctions. Of the 15 Blackberry examined in this study 3 were able to be fully recovered. They all revealed personal and corporate details about the users of the devices.
Tracing Usb Device Artefacts On Windows Xp Operating System For Forensic Purpose, Victor Chileshe Luo
Tracing Usb Device Artefacts On Windows Xp Operating System For Forensic Purpose, Victor Chileshe Luo
Australian Digital Forensics Conference
On Windows systems several identifiers are created when a USB device is plugged into a universal serial bus. Some of these artefacts or identifiers are unique to the device and consistent across different Windows platforms as well as other operating systems such as Linux. Another key factor that makes these identifiers forensically important is the fact that they are traceable even after the system has been shut down. Hence they can be used in forensic investigations to identify specific devices that have been connected to the system in question
Structural Analysis Of The Log Files Of The Icq Client Version 2003b, Kim Morfitt
Structural Analysis Of The Log Files Of The Icq Client Version 2003b, Kim Morfitt
Australian Digital Forensics Conference
Instant messenger programs can generate log files of user interactions which are of interest to forensic investigators. Some of the log files are in formats that are difficult for investigators to extract useful and accurate information from. The official ICQ client is one such program. Users log files are stored in a binary format that is difficult to understand and often changes with different client versions. Previous research has been performed that documents the format of the log files, however this research only covers earlier versions of the client. This paper explores the 2003b version of the ICQ client. It …
Forensic Analysis Of The Contents Of Nokia Mobile Phones, B. Williamson, P. Apeldoorn, B. Cheam, M. Mcdonald
Forensic Analysis Of The Contents Of Nokia Mobile Phones, B. Williamson, P. Apeldoorn, B. Cheam, M. Mcdonald
Australian Digital Forensics Conference
Acquiring information from a mobile phone is now an important issue in many criminal investigations. Mobile phones can contain large amounts of information which can be of use in an investigation. These include typical mobile device data including SMS, phone records and calendar and diary entries. As the difference between a PDA and a mobile phone is now blurred, the data that can reside on a mobile phone is somewhat endless. This report focuses on the performance of different mobile phone forensic software devices, and reports the findings. All aspects of the different software pieces will be reported, as well …
A Forensic Log File Extraction Tool For Icq Instant Messaging Clients, Kim Morfitt, Craig Valli
A Forensic Log File Extraction Tool For Icq Instant Messaging Clients, Kim Morfitt, Craig Valli
Research outputs pre 2011
Instant messenger programs such as ICQ are often used by hackers and criminals for illicit purposes and consequently the log files from such programs are of interest in a forensic investigation. This paper outlines research that has resulted in the development of a tool for the extraction of ICQ log file entries. Detailed reconstruction of data from log files was achieved with a number of different ICQ software. There are several limitations with the current design including timestamp information not adjusted for the time zone, data could be altered, and conversations must be manually reconstructed. Future research will aim to …
After Conversation - A Forensic Icq Logfile Extraction Tool, Kim Morfitt, Craig Valli
After Conversation - A Forensic Icq Logfile Extraction Tool, Kim Morfitt, Craig Valli
Research outputs pre 2011
Instant messenger programs such as ICQ are often used by hackers and criminals for illicit purposes and consequently the logfiles from such programs are of forensic interest. This paper outlines research in progress that has resulted in the development of a tool for the extraction of ICQ logfile entries. Detailed reconstruction of data from logfiles was achieved with a number of different ICQ software, with other programs still to be tested. There are several limitations including timestamp information not adjusted for the time zone, data could be altered, and conversations must be manually reconstructed. Future research will aim to address …
Issues Relating To The Forensic Analysis Of Pda And Telephony (Pdat) Enabled Devices, Craig Valli
Issues Relating To The Forensic Analysis Of Pda And Telephony (Pdat) Enabled Devices, Craig Valli
Research outputs pre 2011
An emergent technology is the PDAT (Personal Digital Assistant & Telecommunicator) a hybrid of a mobile phone and coupled with a PDA's computing and storage abilities. Potentially every mobile phone is now an alternate or possibly primary computing and data repository for individuals. This paper explores current issues relating to its merger with mobile phone technology.