Computer Engineering Commons^™

Cybercrime And The 2012 London Olympics, Denis Edgar-Nevill

Annual ADFSL Conference on Digital Forensics, Security and Law

The London 2012 Olympics is just three years away and the clock is ticking to put in place plans get it right. The potential for cybercrime to cause harm during this event is very great; harm to national reputation, harm to the reputation to the Olympic movement, and harm to individuals competing, watching or officiating. This paper considers the need to address these risks by taking a look at what has happened in the past at sporting events and the rising wave of electronic security threats and fraud facilitated by computers at recent Olympics. The problems for law enforcement are …

Methodology For Investigating Individuals Online Social Networking Persona, Jonathan T. Rajewski

Annual ADFSL Conference on Digital Forensics, Security and Law

When investigators from either the private or public sector review digital data surrounding a case for evidentiary value, they typically conduct a systematic categorization process to identify the relevant digital devices. Armed with the proper methodology to accomplish this task, investigators can quickly recognize the appropriate digital devices for forensic processing and review. This paper purposes a methodology for investigating an individual’s online social networking persona.

Keywords: Social Networking, Web 2.0, Internet Investigations, Online Social Networking Community

Bluetooth Hacking: A Case Study, Dennis Browning, Gary C. Kessler

Annual ADFSL Conference on Digital Forensics, Security and Law

This paper describes a student project examining mechanisms with which to attack Bluetooth-enabled devices. The paper briefly describes the protocol architecture of Bluetooth and the Java interface that programmers can use to connect to Bluetooth communication services. Several types of attacks are described, along with a detailed example of two attack tools, Bloover II and BT Info.

Keywords: Bluetooth hacking, mobile phone hacking, wireless hacking

Concerning File Slack, Stephen P. Larson

Annual ADFSL Conference on Digital Forensics, Security and Law

In this paper we discuss the phenomena known as file slack. File slack is created each time a file is created on a hard disk, and can contain private or confidential data. Unfortunately, the methods used by Microsoft Windows operating systems to organize and save files require file slack, and users have no control over what data is saved in file slack. This document will help create awareness about the security issue of file slack and discuss research results concerning file slack.

Keywords : Computer Forensics, File Slack, Ram Slack, Disk Slack

The Computer Fraud And Abuse Act And The Law Of Unintended Consequences, Milton Luoma, Vicki Luoma

Annual ADFSL Conference on Digital Forensics, Security and Law

One of the most unanticipated results of the Computer Fraud and Abuse Act arose from the law of unintended consequences. The CFAA was originally enacted in 1984 to protect federal government computers from intrusions and damage caused by hackers, identity thieves, and other cyber criminals. The law was later amended to extend the scope of its application to financial institutions’, business’s and consumers’ computers. To aid in the pursuit of cyber criminals, one of the subsequent revisions to the law included provision “G” that gave the right to private parties to seek compensation for damages in a civil action for …

Why Are We Not Getting Better At Data Disposal?, Andy Jones

Annual ADFSL Conference on Digital Forensics, Security and Law

This paper describes two sets of research, the first of which has been carried out over a period of four years into the levels and types of information that can be found on computer hard disks that are offered for sale on the second hand market. The second research project examined a number of second-hand hand held devices including PDAs, mobile (cell) phones and RIM Blackberry devices. The primary purpose of this research was to gain an understanding of the reasons for the failure to effectively remove potentially sensitive information from the disks and handheld devices. Other objectives included determining …

Don’T Touch That! And Other E-Discovery Issues, Linda Volonino

Annual ADFSL Conference on Digital Forensics, Security and Law

The ability to preserve and access electronically stored information (ESI) took on greater urgency when amendments to the Federal Rules of Civil Procedure went into effect in December 2006. These amendments, referred to as the electronic discovery (e-discovery) amendments, focus on the discovery phase of civil litigation, audits, or investigations. Discovery is the investigative phase of a legal case when opponents learn what evidence is available and how accessible it is. When ESI is the subject of discovery, it is called e-discovery. Recognizing that most business and personal records and communications are electronic, Judge Shira A. Scheindlin stated, "We used …

Analysis Of The ‘Db’ Windows Registry Data Structure, Damir Kahvedžić, Tahar Kechadi

Annual ADFSL Conference on Digital Forensics, Security and Law

The Windows Registry stores a wide variety of data representing a host of different user properties, settings and program information. The data structures used by the registry are designed to be adaptable to store these differences in a simple format. In this paper we will highlight the existence of a rare data structure that is used to store a large amount of data within the registry hives. We analyse the manner in which this data structure stores its data and the implications that it may have on evidence retrieval and digital investigation. In particular, we reveal that the three of …

Correlating Orphaned Windows Registry Data Structures, Damir Kahvedžić, Tahar Kechadi

Annual ADFSL Conference on Digital Forensics, Security and Law

Recently, it has been shown that deleted entries of the Microsoft Windows registry (keys) may still reside in the system files once the entries have been deleted from the active database. Investigating the complete keys in context may be extremely important from both a Forensic Investigation point of view and a legal point of view where a lack of context can bring doubt to an argument. In this paper we formalise the registry behaviour and show how a retrieved value may not maintain a relation to the part of the registry it belonged to and hence lose that context. We …

Graduate Accounting Students' Perception Of It Forensics: A Multi-Dimensional Analysis, Grover S. Kearns

Annual ADFSL Conference on Digital Forensics, Security and Law

Forensics and information technology (IT) have become increasingly important to accountants and auditors. Undergraduate accounting students are introduced to general IT topics but discussion of forensic knowledge is limited. A few schools have introduced an undergraduate major in forensic accounting. Some graduate schools offer accounting students an emphasis in forensic or fraud accounting that includes instruction in forensics and information technology. When students do not view the IT topics as being equally important to their careers as traditional accounting topics, these attitudes may reduce the quality of the course. In an effort to assess student attitudes, a survey of 46 …

Visualization Of Honeypot Data Using Graphviz And Afterglow, Craig Valli

Annual ADFSL Conference on Digital Forensics, Security and Law

This research in progress paper explores the use of Graphviz and Afterglow for the analysis of data emanating from a honeypot system. Honeypot systems gather a wide range of data that is often difficult to readily search for patterns and trends using conventional log file analysis techniques. The data from the honeypots has been statically extracted and processed through Afterglow scripts to produce inputs suitable for use by the DOT graph based tools contained within Graphviz. This paper explores some of the benefits and drawbacks of currently using this type of approach.

Keywords: honeypot, network forensics, visualization, Graphviz, Afterglow

Continuous Fraud Detection In Enterprise Systems Through Audit Trail Analysis, Peter J. Best, Pall Rikhardsson, Mark Toleman

Journal of Digital Forensics, Security and Law

Enterprise systems, real time recording and real time reporting pose new and significant challenges to the accounting and auditing professions. This includes developing methods and tools for continuous assurance and fraud detection. In this paper we propose a methodology for continuous fraud detection that exploits security audit logs, changes in master records and accounting audit trails in enterprise systems. The steps in this process are: (1) threat monitoringsurveillance of security audit logs for ‘red flags’, (2) automated extraction and analysis of data from audit trails, and (3) using forensic investigation techniques to determine whether a fraud has actually occurred. We …

Visualisation Of Honeypot Data Using Graphviz And Afterglow, Craig Valli

Journal of Digital Forensics, Security and Law

This research in progress paper explores the use of Graphviz and Afterglow for the analysis of data emanating from a honeypot system. Honeypot systems gather a wide range of data that is often difficult to readily search for patterns and trends using conventional log file analysis techniques. The data from the honeypots has been statically extracted and processed through Afterglow scripts to produce inputs suitable for use by the DOT graph based tools contained within Graphviz. This paper explores some of the benefits and drawbacks of currently using this type of approach.

The Impact Of Hard Disk Firmware Steganography On Computer Forensics, Iain Sutherland, Gareth Davies, Nick Pringle, Andrew Blyth

Journal of Digital Forensics, Security and Law

The hard disk drive is probably the predominant form of storage media and is a primary data source in a forensic investigation. The majority of available software tools and literature relating to the investigation of the structure and content contained within a hard disk drive concerns the extraction and analysis of evidence from the various file systems which can reside in the user accessible area of the disk. It is known that there are other areas of the hard disk drive which could be used to conceal information, such as the Host Protected Area and the Device Configuration Overlay. There …

Bluetooth Hacking: A Case Study, Dennis Browning, Gary C. Kessler

Journal of Digital Forensics, Security and Law

This paper describes a student project examining mechanisms with which to attack Bluetooth-enabled devices. The paper briefly describes the protocol architecture of Bluetooth and the Java interface that programmers can use to connect to Bluetooth communication services. Several types of attacks are described, along with a detailed example of two attack tools, Bloover II and BT Info.

Detection Of Steganography-Producing Software Artifacts On Crime-Related Seized Computers, Asawaree Kulkarni, James Goldman, Brad Nabholz, William Eyre

Journal of Digital Forensics, Security and Law

Steganography is the art and science of hiding information within information so that an observer does not know that communication is taking place. Bad actors passing information using steganography are of concern to the national security establishment and law enforcement. An attempt was made to determine if steganography was being used by criminals to communicate information. Web crawling technology was used and images were downloaded from Web sites that were considered as likely candidates for containing information hidden using steganographic techniques. A detection tool was used to analyze these images. The research failed to demonstrate that steganography was prevalent on …

Correlating Orphaned Windows Registry Data Structures, Damir Kahvedžić, Tahar Kechadi

Journal of Digital Forensics, Security and Law

Recently, it has been shown that deleted entries of the Microsoft Windows registry (keys) may still reside in the system files once the entries have been deleted from the active database. Investigating the complete keys in context may be extremely important from both a Forensic Investigation point of view and a legal point of view where a lack of context can bring doubt to an argument. In this paper we formalise the registry behaviour and show how a retrieved value may not maintain a relation to the part of the registry it belonged to and hence lose that context. We …

To License Or Not To License Revisited: An Examination Of State Statutes Regarding Private Investigators And Digital Examiners, Thomas Lonardo, Doug White, Alan Rea

Journal of Digital Forensics, Security and Law

In this update to the previous year's study, the authors examine statutes that regulate, license, and enforce investigative functions in each US state. After identification and review of Private Investigator licensing requirements, the authors find that very few state statutes explicitly differentiate between Private Investigators and Digital Examiners. After contacting all state agencies the authors present a distinct grouping organizing state approaches to professional Digital Examiner licensing. The authors conclude that states must differentiate between Private Investigator and Digital Examiner licensing requirements and oversight.

Book Review: Cyber Security And Global Information Assurance: Threat Analysis And Response Solutions, Gary C. Kessler

Journal of Digital Forensics, Security and Law

I freely admit that this book was sent to me by the publisher for the expressed purpose of my writing a review and that I know several of the chapter authors. With that disclosure out of the way, let me say that the book is well worth the review (and I get to keep my review copy).
The preface to the book cites the 2003 publication of The National Strategy to Secure Cyberspace by the White House, and the acknowledgement by the U.S. government that our economy and national security were fully dependent upon computers, networks, and the telecommunications infrastructure. …

Insecurity By Obscurity: A Review Of Soho Router Literature From A Network Security Perspective, Patryk Szewczyk, Craig Valli

Journal of Digital Forensics, Security and Law

Because of prevalent threats to SoHo based ADSL Routers, many more devices are compromised. Whilst an end-user may be at fault for not applying the appropriate security mechanisms to counter these threats, vendors should equally share the blame. This paper reveals that the lack of security related content and poor overall design could impact on end-users’ interpretation and willingness to implement security controls on their ADSL router. It argues that whilst the number of threats circulating the Internet is increasing, vendors are not improving their product literature.

Electronic Forms-Based Computing For Evidentiary Analysis, Andy Luse, Brian Mennecke, Anthony M. Townsend

Journal of Digital Forensics, Security and Law

The paperwork associated with evidentiary collection and analysis is a highly repetitive and time-consuming process which often involves duplication of work and can frequently result in documentary errors. Electronic entry of evidencerelated information can facilitate greater accuracy and less time spent on data entry. This manuscript describes a general framework for the implementation of an electronic tablet-based system for evidentiary processing. This framework is then utilized in the design and implementation of an electronic tablet-based evidentiary input prototype system developed for use by forensic laboratories which serves as a verification of the proposed framework. The manuscript concludes with a discussion …

A Synopsis Of Proposed Data Protection Legislation In Sa, Francis S. Cronjé

Journal of Digital Forensics, Security and Law

Privacy International1 made the following statement regarding South Africa’s financial sector in its 2005 world survey: “South Africa has a well-developed financial system and banking infrastructure. Despite the sophistication of the financial sector, the privacy of financial information is weakly regulated by a code of conduct for banks issued by the Banking Council.” This extract highlights some of the problems South Africa are experiencing with its current status on privacy as viewed from an International perspective. In recent years the International society has stepped up its efforts in creating a global village wherein the individual could be assured of having …

Prevention Is Better Than Prosecution: Deepening The Defence Against Cyber Crime, Jacqueline Fick

Journal of Digital Forensics, Security and Law

In the paper the author proposes that effectively and efficiently addressing cyber crime requires a shift in paradigm. For businesses and government departments alike the focus should be on prevention, rather than the prosecution of cyber criminals. The Defence in Depth strategy poses a practical solution for achieving Information Assurance in today’s highly networked environments. In a world where “absolute security” is an unachievable goal, the concept of Information Assurance poses significant benefits to securing one of an organization’s most valuable assets: Information. It will be argued that the approach of achieving Information Assurance within an organisation, coupled with the …

Table Of Contents

Journal of Digital Forensics, Security and Law

No abstract provided.

Table Of Contents

Journal of Digital Forensics, Security and Law

No abstract provided.

Table Of Contents

Journal of Digital Forensics, Security and Law

No abstract provided.

Table Of Contents

Journal of Digital Forensics, Security and Law

No abstract provided.

Self-Reported Cyber Crime: An Analysis On The Effects Of Anonymity And Pre-Employment Integrity, Ibrahim Baggili, Marcus Rogers

Electrical & Computer Engineering and Computer Science Faculty Publications

A key issue facing today’s society is the increase in cyber crimes. Cyber crimes pose threats to nations, organizations and individuals across the globe. Much of the research in cyber crime has risen from computer science-centric programs, and little experimental research has been performed on the psychology of cyber crime. This has caused a knowledge gap in the study of cyber crime. To this end, this research focuses on understanding psychological concepts related to cyber crime. Through an experimental design, participants were randomly assigned to three groups with varying degrees of anonymity. After each treatment, participants were asked to self-report …

Graduate Accounting Students' Perception Of It Forensics: A Multi-Dimensional Analysis, Grover S. Kearns

Journal of Digital Forensics, Security and Law

Forensics and information technology (IT) have become increasingly important to accountants and auditors. Undergraduate accounting students are introduced to general IT topics but discussion of forensic knowledge is limited. A few schools have introduced an undergraduate major in forensic accounting. Some graduate schools offer accounting students an emphasis in forensic or fraud accounting that includes instruction in forensics and information technology. When students do not view the IT topics as being equally important to their careers as traditional accounting topics, these attitudes may reduce the quality of the course. In an effort to assess student attitudes, a survey of 46 …

Defining A Forensic Audit, G. S. Smith, D. L. Crumbley

Journal of Digital Forensics, Security and Law

Disclosures about new financial frauds and scandals are continually appearing in the press. As a consequence, the accounting profession's traditional methods of monitoring corporate financial activities are under intense scrutiny. At the same time, there is recognition that principles-based GAAP from the International Accounting Standards Board will become the recognized standard in the U.S. The authors argue that these two factors will change the practices used to fight corporate malfeasance as investigators adapt the techniques of accounting into a forensic audit engagement model.