Open Access. Powered by Scholars. Published by Universities.®

Engineering Commons

Open Access. Powered by Scholars. Published by Universities.®

Embry-Riddle Aeronautical University

Information Security

2014

Articles 31 - 57 of 57

Full-Text Articles in Engineering

Accurate Modeling Of The Siemens S7 Scada Protocol For Intrusion Detection And Digital Forensics, Amit Kleinmann, Avishai Wool Jan 2014

Accurate Modeling Of The Siemens S7 Scada Protocol For Intrusion Detection And Digital Forensics, Amit Kleinmann, Avishai Wool

Journal of Digital Forensics, Security and Law

The Siemens S7 protocol is commonly used in SCADA systems for communications between a Human Machine Interface (HMI) and the Programmable Logic Controllers (PLCs). This paper presents a model-based Intrusion Detection Systems (IDS) designed for S7 networks. The approach is based on the key observation that S7 traffic to and from a specific PLC is highly periodic; as a result, each HMI-PLC channel can be modeled using its own unique Deterministic Finite Automaton (DFA). The resulting DFA-based IDS is very sensitive and is able to flag anomalies such as a message appearing out of its position in the normal sequence …

Go to article

Fast Rtp Detection And Codecs Classification In Internet Traffic, Petr Matousek, Ondrej Rysavy, Martin Kmet Jan 2014

Fast Rtp Detection And Codecs Classification In Internet Traffic, Petr Matousek, Ondrej Rysavy, Martin Kmet

Journal of Digital Forensics, Security and Law

This paper presents a fast multi-stage method for on-line detection of RTP streams and codec identification of transmitted voice or video traffic. The method includes an RTP detector that filters packets based on specific values from UDP and RTP headers. When an RTP stream is successfully detected, codec identification is applied using codec feature sets. The paper shows advantages and limitations of the method and its comparison with other approaches. The method was implemented as a part of network forensics framework NetFox developed in project SEC6NET. Results show that the method can be successfully used for Lawful Interception as well …

Go to article

Exploring Forensic Implications Of The Fusion Drive, Shruti Gupta, Marcus Rogers Jan 2014

Exploring Forensic Implications Of The Fusion Drive, Shruti Gupta, Marcus Rogers

Journal of Digital Forensics, Security and Law

This paper explores the forensic implications of Apple’s Fusion Drive. The Fusion Drive is an example of auto-tiered storage. It uses a combination of a flash drive and a magnetic drive. Data is moved between the drives automatically to maximize system performance. This is different from traditional caches because data is moved and not simply copied. The research included understanding the drive structure, populating the drive, and then accessing data in a controlled setting to observe data migration strategies. It was observed that all the data is first written to the flash drive with 4 GB of free space always …

Go to article

An Efficient Similarity Digests Database Lookup – A Logarithmic Divide & Conquer Approach, Frank Breitinger, Christian Rathgeb, Harald Baier Jan 2014

An Efficient Similarity Digests Database Lookup – A Logarithmic Divide & Conquer Approach, Frank Breitinger, Christian Rathgeb, Harald Baier

Journal of Digital Forensics, Security and Law

Investigating seized devices within digital forensics represents a challenging task due to the increasing amount of data. Common procedures utilize automated file identification, which reduces the amount of data an investigator has to examine manually. In the past years the research field of approximate matching arises to detect similar data. However, if n denotes the number of similarity digests in a database, then the lookup for a single similarity digest is of complexity of O(n). This paper presents a concept to extend existing approximate matching algorithms, which reduces the lookup complexity from O(n) to O(log(n)). Our proposed approach is based …

Go to article

“Time For Some Traffic Problems”: Enhancing E-Discovery And Big Data Processing Tools With Linguistic Methods For Deception Detection, Erin S. Crabb Jan 2014

“Time For Some Traffic Problems”: Enhancing E-Discovery And Big Data Processing Tools With Linguistic Methods For Deception Detection, Erin S. Crabb

Journal of Digital Forensics, Security and Law

Linguistic deception theory provides methods to discover potentially deceptive texts to make them accessible to clerical review. This paper proposes the integration of these linguistic methods with traditional e-discovery techniques to identify deceptive texts within a given author’s larger body of written work, such as their sent email box. First, a set of linguistic features associated with deception are identified and a prototype classifier is constructed to analyze texts and describe the features’ distributions, while avoiding topic-specific features to improve recall of relevant documents. The tool is then applied to a portion of the Enron Email Dataset to illustrate how …

Go to article

Evidentiary Power And Propriety Of Digital Identifiers And The Impact On Privacy Rights In The United States, Michael Losavio, Deborah Keeling Jan 2014

Evidentiary Power And Propriety Of Digital Identifiers And The Impact On Privacy Rights In The United States, Michael Losavio, Deborah Keeling

Journal of Digital Forensics, Security and Law

Media and network systems capture and store data about electronic activity in new, sometimes unprecedented ways; computational systems make for new means of analysis and knowledge development. These new forms offer new, powerful tactical tools for investigations of electronic malfeasance under traditional legal regulation of state power, particular that of Fourth Amendment limitations on police searches and seizures under the U.S. Constitution. But autonomy, identity and authenticity concerns with electronic data raise issues of public policy, privacy and proper police oversight of civil society. We examine those issues and their implications for digital and computational forensics

Go to article

Relating Admissibility Standards For Digital Evidence To Attack Scenario Reconstruction, Changwei Liu, Anoop Singhal, Duminda Wijesekera Jan 2014

Relating Admissibility Standards For Digital Evidence To Attack Scenario Reconstruction, Changwei Liu, Anoop Singhal, Duminda Wijesekera

Journal of Digital Forensics, Security and Law

Attackers tend to use complex techniques such as combining multi-step, multi-stage attack with anti-forensic tools to make it difficult to find incriminating evidence and reconstruct attack scenarios that can stand up to the expected level of evidence admissibility in a court of law. As a solution, we propose to integrate the legal aspects of evidence correlation into a Prolog based reasoner to address the admissibility requirements by creating most probable attack scenarios that satisfy admissibility standards for substantiating evidence. Using a prototype implementation, we show how evidence extracted by using forensic tools can be integrated with legal reasoning to reconstruct …

Go to article

From The Editor, Ibrahim Baggili Jan 2014

From The Editor, Ibrahim Baggili

Journal of Digital Forensics, Security and Law

In this issue we have three papers that have made the cut. The first paper titled “The Cost of Privacy: Riley v. California’s Impact on Cell Phone Searches” is timely. In 2014 there was a unanimous decision that requires a warrant for all cell phone searches. This has some strong implications on the forensic analysis of mobile phones, and to that end, this article discusses and summarizes this legal precedent with its practical implications.

Go to article

Effects Of The Factory Reset On Mobile Devices, Riqui Schwamm, Neil C. Rowe Jan 2014

Effects Of The Factory Reset On Mobile Devices, Riqui Schwamm, Neil C. Rowe

Journal of Digital Forensics, Security and Law

Mobile devices usually provide a “factory-reset” tool to erase user-specific data from the main secondary storage. 9 Apple iPhones, 10 Android devices, and 2 BlackBerry devices were tested in the first systematic evaluation of the effectiveness of factory resets. Tests used the Cellebrite UME-36 Pro with the UFED Physical Analyzer, the Bulk Extractor open-source tool, and our own programs for extracting metadata, classifying file paths, and comparing them between images. Two phones were subjected to more detailed analysis. Results showed that many kinds of data were removed by the resets, but much user-specific configuration data was left. Android devices did …

Go to article

From The Editor-In-Chief, Ibrahim Baggili Jan 2014

From The Editor-In-Chief, Ibrahim Baggili

Journal of Digital Forensics, Security and Law

Welcome to JDFSL’s fourth and final issue for 2014! First, I would like to thank our editorial board, reviewers, and the JDFSL team for bringing this issue to life. It has been a big year for JDFSL as the journal continues to progress. I would like to highlight our critical achievements for 2014 before touching on the papers that were accepted in this issue: 1. JDFSL has gone to a fully open access model without author payment through support from academic institutions. 2. JDFSL has formed and continues to form partnerships with various conferences that relate to cyber security and …

Go to article

Testing Framework For Mobile Device Forensics Tools, Maxwell Anobah, Shahzad Saleem, Oliver Popov Jan 2014

Testing Framework For Mobile Device Forensics Tools, Maxwell Anobah, Shahzad Saleem, Oliver Popov

Journal of Digital Forensics, Security and Law

The proliferation of mobile communication and computing devices, in particular smart mobile phones, is almost paralleled with the increasing number of mobile device forensics tools in the market. Each mobile forensics tool vendor, on one hand claims to have a tool that is best in terms of performance, while on the other hand each tool vendor seems to be using different standards for testing their tools and thereby defining what support means differently. To overcome this problem, a testing framework based on a series of tests ranging from basic forensics tasks such as file system reconstruction up to more complex …

Go to article

The Cost Of Privacy: Riley V. California’S Impact On Cell Phone Searches, Jennifer L. Moore, Jonathan Langton, Joseph Pochron Jan 2014

The Cost Of Privacy: Riley V. California’S Impact On Cell Phone Searches, Jennifer L. Moore, Jonathan Langton, Joseph Pochron

Journal of Digital Forensics, Security and Law

Riley v. California is the United States Supreme Court’s first attempt to regulate the searches of cell phones by law enforcement. The 2014 unanimous decision requires a warrant for all cell phone searches incident to arrest absent an emergency. This work summarizes the legal precedent and analyzes the limitations and practical implications of the ruling. General guidelines for members of the criminal justice system at all levels consistent with the Supreme Court’s decision are provided.

Go to article

Quantifying Relevance Of Mobile Digital Evidence As They Relate To Case Types: A Survey And A Guide For Best Practice, Shahzad Saleem, Ibrahim Baggili, Oliver Popov Jan 2014

Quantifying Relevance Of Mobile Digital Evidence As They Relate To Case Types: A Survey And A Guide For Best Practice, Shahzad Saleem, Ibrahim Baggili, Oliver Popov

Journal of Digital Forensics, Security and Law

In this work, a survey was conducted to help quantify the relevance of nineteen types of evidence (such as SMS) to seven types of digital investigations associated with mobile devices (MD) (such as child pornography). 97 % of the respondents agreed that every type of digital evidence has a different level of relevance to further or solve a particular investigation. From 55 serious participants, a dataset of 5,772 responses regarding the relevance of nineteen types of digital evidence for all the seven types of digital investigations was obtained. The results showed that (i) SMS belongs to the most relevant type …

Go to article

Technical Soddi Defenses: The Trojan Horse Defense Revisited, Chad M. Steel Jan 2014

Technical Soddi Defenses: The Trojan Horse Defense Revisited, Chad M. Steel

Journal of Digital Forensics, Security and Law

In 2004, the Trojan horse defense was at a crossroads, having been successfully employed in two child pornography cases in the United Kingdom, resulting in acquittals. Despite the early successes, the Trojan horse defense has failed to become a regularly employed strategy. The original Trojan horse defense has now become part of the more general technical SODDI (Some Other Dude Did It) defense, which includes the possibility of unknown actors using unsecured Wi-Fi connections or having physical access to a computer to perform criminal acts. In the past ten years, it has not been effective in the United States for …

Go to article

Fighting Child Pornography: A Review Of Legal And Technological Developments, Jasmine V. Eggestein, Kenneth J. Knapp Jan 2014

Fighting Child Pornography: A Review Of Legal And Technological Developments, Jasmine V. Eggestein, Kenneth J. Knapp

Journal of Digital Forensics, Security and Law

In our digitally connected world, the law is arguably behind the technological developments of the Internet age. While this causes many issues for law enforcement, it is of particular concern in the area of child pornography in the United States. With the wide availability of technologies such as digital cameras, peer-to-peer file sharing, strong encryption, Internet anonymizers and cloud computing, the creation and distribution of child pornography has become more widespread. Simultaneously, fighting the growth of this crime has become more difficult. This paper explores the development of both the legal and technological environments surrounding digital child pornography. In doing …

Go to article

A State-Of-The-Art Review Of Cloud Forensics, Sameera Almulla, Youssef Iraqi, Andrew Jones Jan 2014

A State-Of-The-Art Review Of Cloud Forensics, Sameera Almulla, Youssef Iraqi, Andrew Jones

Journal of Digital Forensics, Security and Law

Cloud computing and digital forensics are emerging fields of technology. Unlike traditional digital forensics where the target environment can be almost completely isolated, acquired and can be under the investigators control; in cloud environments, the distribution of computation and storage poses unique and complex challenges to the investigators. Recently, the term “cloud forensics” has an increasing presence in the field of digital forensics. In this state-of-the-art review, we included the most recent research efforts that used “cloud forensics” as a keyword and then classify the literature into three dimensions: (1) survey-based, (2) technology-based and (3) forensics-procedural-based. We discuss widely accepted …

Go to article

Table Of Contents Jan 2014

Table Of Contents

Journal of Digital Forensics, Security and Law

No abstract provided.

Go to article

Table Of Contents Jan 2014

Table Of Contents

Journal of Digital Forensics, Security and Law

No abstract provided.

Go to article

Table Of Contents Jan 2014

Table Of Contents

Journal of Digital Forensics, Security and Law

No abstract provided.

Go to article

Table Of Contents Jan 2014

Table Of Contents

Journal of Digital Forensics, Security and Law

No abstract provided.

Go to article

Personal Denial Of Service (Pdos) Attacks: A Discussion And Exploration Of A New Category Of Cyber Crime, Michael R. Bartolacci, Larry J. Leblanc, Ashley Podhradsky Jan 2014

Personal Denial Of Service (Pdos) Attacks: A Discussion And Exploration Of A New Category Of Cyber Crime, Michael R. Bartolacci, Larry J. Leblanc, Ashley Podhradsky

Journal of Digital Forensics, Security and Law

The growth of the Internet has created a corresponding growth in Internet-based crimes and online misbehavior, particularly among younger computer-savvy people. Younger generations have grown up in a world where internet access, social networking, e-commerce and smartphones are commonplace. Given this fact, they have learned how to use, and how to abuse, technology. This leads us to define a new category of cybercrime called a Personal Denial of Service attack (PDOS). A PDOS is a cyber-crime in which an individual deliberately prevents the access of another individual or small group to online services such as email or banking. Due to …

Go to article

Forensics Of Software Copyright Infringement Crimes: The Modern Posar Test Juxtaposed With The Dated Afc Test, Vinod P. Bhattathiripad Jan 2014

Forensics Of Software Copyright Infringement Crimes: The Modern Posar Test Juxtaposed With The Dated Afc Test, Vinod P. Bhattathiripad

Journal of Digital Forensics, Security and Law

This paper presents a new development in the forensics of software copyright through a juxtaposed comparison between the proven AFC test and the recent POSAR test, the two forensic procedures for establishing software copyright infringement cases. First, the paper separately overviews the 3-stage, linear sequential AFC test and then the 5-phase, cyclic POSAR test (as AFC’s logical extension). The paper then compares the processes involved in each of the 5 phases of the POSAR test with the processes involved in the 3 stages in the AFC test, for the benefit of forensic practitioners and researchers. Finally, the paper discusses some …

Go to article

Developing A Conceptual Framework For Modeling Deviant Cyber Flash Mob: A Socio-Computational Approach Leveraging Hypergraph Constructs, Samer Al-Khateeb, Nitin Agarwal Jan 2014

Developing A Conceptual Framework For Modeling Deviant Cyber Flash Mob: A Socio-Computational Approach Leveraging Hypergraph Constructs, Samer Al-Khateeb, Nitin Agarwal

Journal of Digital Forensics, Security and Law

In a Flash Mob (FM) a group of people get together in the physical world perform an unpredicted act and disperse quickly. Cyber Flash Mob (CFM) is the cyber manifestation of flash mob coordinated primarily using social media. Deviant Cyber Flash Mob (or, DCFM) is a special case of CFM, which is categorized as the new face of transnational crime organizations (TCOs). The DCFM phenomenon can be considered as a form of a cyber-collective action that is defined as an action aiming to improve group’s conditions (such as, status or power). In this paper, we conduct a conceptual analysis of …

Go to article

Audit: Automated Disk Investigation Toolkit, Umit Karabiyik, Sudhir Aggarwal Jan 2014

Audit: Automated Disk Investigation Toolkit, Umit Karabiyik, Sudhir Aggarwal

Journal of Digital Forensics, Security and Law

Software tools designed for disk analysis play a critical role today in forensics investigations. However, these digital forensics tools are often difficult to use, usually task specific, and generally require professionally trained users with IT backgrounds. The relevant tools are also often open source requiring additional technical knowledge and proper configuration. This makes it difficult for investigators without some computer science background to easily conduct the needed disk analysis. In this paper, we present AUDIT, a novel automated disk investigation toolkit that supports investigations conducted by non-expert (in IT and disk technology) and expert investigators. Our proof of concept design …

Go to article

A Study Of Forensic Imaging In The Absence Of Write-Blockers, Gary C. Kessler, Gregory H. Carlton Jan 2014

A Study Of Forensic Imaging In The Absence Of Write-Blockers, Gary C. Kessler, Gregory H. Carlton

Journal of Digital Forensics, Security and Law

Best practices in digital forensics demand the use of write-blockers when creating forensic images of digital media, and this has been a core tenet of computer forensics training for decades. The practice is so ingrained that the integrity of images created without a write-blocker are immediately suspect. This paper describes a research framework that compares forensic images acquired with and without utilizing write-blockers in order to understand the extent of the differences, if any, in the resultant forensic copies. We specifically address whether differences are superficial or evidentiary, and we discuss the impact of admitting evidence acquired without write blocking. …

Go to article

Book Review: The X-Ways Forensics Practitioner's Guide, Linda Lau Jan 2014

Book Review: The X-Ways Forensics Practitioner's Guide, Linda Lau

Journal of Digital Forensics, Security and Law

Brett Shavers is a former law enforcement officer, a digital forensics examiner, an adjunct instructor, and a frequent speaker at many conferences. After writing his first book, titled Placing the Suspect Behind the Keyboard: Using Digital Forensics and Investigative Techniques to Identify Cybercrime Suspects, he co-wrote his 2nd book with Eric Zimmerman and Jimmy Weg, who is a knowledgeable technical editor. Both Brett and Eric are experts in cyber forensics, with many years of law enforcement experience at both the state and federal levels.

Go to article

Book Review: Judiciary-Friendly Forensics Of Software Copyright Infringement (Vinod Polpaya Bhattathiripad), Pedro L. P. Sanchez Jan 2014

Book Review: Judiciary-Friendly Forensics Of Software Copyright Infringement (Vinod Polpaya Bhattathiripad), Pedro L. P. Sanchez

Journal of Digital Forensics, Security and Law

Judiciary-Friendly Forensics of Software Copyright Infringement is a book by Dr. Vinod Polpaya Bhattathiripad, published by IGI-Global as part of its Research Essentials series. The book discusses the forensics of software copyright infringement and highlights theoretical, functional, and procedural matters in the investigation of copyright infringement of software products, as well as the development of forensic technologies to detect and avoid software piracy. It is of interest to software forensic experts, lawyers in the field of copyright infringement, judges, software professionals, and students.

Go to article

First Prev