Computer Engineering Commons^™

The Zombies Strike Back: Towards Client-Side Beef Detection, Maxim Chernyshev, Peter Hannay

Australian Digital Forensics Conference

A web browser is an application that comes bundled with every consumer operating system, including both desktop and mobile platforms. A modern web browser is complex software that has access to system-level features, includes various plugins and requires the availability of an Internet connection. Like any multifaceted software products, web browsers are prone to numerous vulnerabilities. Exploitation of these vulnerabilities can result in destructive consequences ranging from identity theft to network infrastructure damage. BeEF, the Browser Exploitation Framework, allows taking advantage of these vulnerabilities to launch a diverse range of readily available attacks from within the browser context. Existing defensive …

A User-Oriented Network Forensic Analyser: The Design Of A High-Level Protocol Analyser, D Joy, F Li, N L. Clarke, S M. Furnell

Australian Digital Forensics Conference

Network forensics is becoming an increasingly important tool in the investigation of cyber and computer-assisted crimes. Unfortunately, whilst much effort has been undertaken in developing computer forensic file system analysers (e.g. Encase and FTK), such focus has not been given to Network Forensic Analysis Tools (NFATs). The single biggest barrier to effective NFATs is the handling of large volumes of low-level traffic and being able to exact and interpret forensic artefacts and their context – for example, being able extract and render application-level objects (such as emails, web pages and documents) from the low-level TCP/IP traffic but also understand how …

A Forensic Overview Of The Lg Smart Tv, Iain Sutherland, Konstantino Xynos, Huw Read, Andy Jones, Tom Drange

Australian Digital Forensics Conference

The emerging Smart TV platform will likely replace traditional television sets over time as the entertainment and communication centrepiece in people’s homes. Given its expanded functionality and now, its online presence, there is a need to identify how they may become part of forensic investigations. The purpose of this paper is to introduce the area of Smart TVs and the potential forensic value these systems present in combination with their ever advancing functionality and capabilities. We provide an overview of Smart TV systems highlighting functionality and potential issues. We also take an initial look at two particular models, from the …

Locational Wireless And Social Media-Based Surveillance, Maxim Chernyshev

Australian Digital Forensics Conference

The number of smartphones and tablets as well as the volume of traffic generated by these devices has been growing constantly over the past decade and this growth is predicted to continue at an increasing rate over the next five years. Numerous native features built into contemporary smart devices enable highly accurate digital fingerprinting techniques. Furthermore, software developers have been taking advantage of locational capabilities of these devices by building applications and social media services that enable convenient sharing of information tied to geographical locations. Mass online sharing resulted in a large volume of locational and personal data being publicly …

Forensic Examination And Analysis Of The Prefetch Files On The Banking Trojan Malware Incidents, Andri P. Heriyanto

Australian Digital Forensics Conference

Whenever a program runs within the operating system, there will be data or artefacts created on the system. This condition applies to the malicious software (malware). Although they intend to obscure their presence on the system with anti-forensic techniques, still they have to run on the victim’s system to acquire their objective. Modern malware creates a significant challenge to the digital forensic community since they are being designed to leave limited traces and misdirect the examiner. Therefore, every examiner should consider performing all the forensics approaches such as memory forensic, live-response and Windows file analysis in the related malware incidents …

A Forensically-Enabled Iaas Cloud Computing Architecture, Saad Alqahtany, Nathan Clarke, Steven Furnell, Christoph Reich

Australian Digital Forensics Conference

Current cloud architectures do not support digital forensic investigators, nor comply with today’s digital forensics procedures largely due to the dynamic nature of the cloud. Whilst much research has focused upon identifying the problems that are introduced with a cloud-based system, to date there is a significant lack of research on adapting current digital forensic tools and techniques to a cloud environment. Data acquisition is the first and most important process within digital forensics – to ensure data integrity and admissibility. However, access to data and the control of resources in the cloud is still very much provider-dependent and complicated …

Up-Dating Investigation Models For Smart Phone Procedures, Brian Cusack, Raymond Lutui

Australian Digital Forensics Conference

The convergence of services in Smart Technologies such as iPhones, Androids and multiple tablet work surfaces challenges the scope of any forensic investigation to include cloud environments, devices and service media. The analysis of current investigation guidelines suggests that each element in an investigation requires an independent procedure to assure the preservation of evidence. However we dispute this view and review the possibility of consolidating current investigation guidelines into a unified best practice guideline. This exploratory research proposes to fill a gap in digital forensic investigation knowledge for smart technologies used in business environments and to propose a better way …

Listening To Botnet Communication Channels To Protect Information Systems, Brian Cusack, Sultan Almutairi

Australian Digital Forensics Conference

Botnets are a weapon of choice for people who wish to exploit information systems for economic advantage. A large percentage of high value commercial targets such as banking transaction systems and human customers are web connected so that access is gained through Internet services. A Botnet is designed to maximise the possibility of an economic success through the low cost of attacks and the high number that may be attempted in any small time unit. In this paper we report exploratory research into the communications of Botnets. The research question was: How do Botnets talk with the command and control …

Towards A Set Of Metrics To Guide The Generation Of Fake Computer File Systems, Ben Whitham

Australian Digital Forensics Conference

Fake file systems are used in the field of cyber deception to bait intruders and fool forensic investigators. File system researchers also frequently generate their own synthetic document repositories, due to data privacy and copyright concerns associated with experimenting on real-world corpora. For both these fields, realism is critical. Unfortunately, after creating a set of files and folders, there are no current testing standards that can be applied to validate their authenticity, or conversely, reliably automate their detection. This paper reviews the previous 30 years of file system surveys on real world corpora, to identify a set of discrete measures …

The Impact Of Custom Rom Backups On Android External Storage Erasure, Haydon Hope, Peter Hannay

Australian Digital Forensics Conference

The Android operating system is the current market leader on mobile devices such as smartphones and tablet computers. The core operating system is open source and has a number of developers creating variants of this operating system. These variants, often referred to as custom ROMs are available for a wide number of mobile devices. Custom ROMs provide a number of features, such as enhanced control over the operating system, variation in user interfaces and so on. The process of installing custom ROMs is often accomplished through the use of a ROM manager application. Such applications often provide mechanisms to back …

Finding Evidence Of Wordlists Being Deployed Against Ssh Honeypots – Implications And Impacts, Priya Rabadia, Craig Valli

Australian Digital Forensics Conference

This paper is an investigation focusing on activities detected by three SSH honeypots that utilise Kippo honeypot software. The honeypots were located on the same /24 IPv4 network and configured as identically as possible. The honeypots used the same base software and hardware configurations. The data from the honeypots were collected during the period 17th July 2012 and 26th November 2013, a total of 497 active day periods. The analysis in this paper focuses on the techniques used to attempt to gain access to these systems by attacking entities. Although all three honeypots are have the same configuration settings and …

Performance Evaluation Of A Technology Independent Security Gateway For Next Generation Networks, Fudong Li, Nathan Clarke, Steven Furnell, Is-Mkwawa Mkwawa

Research outputs 2014 to 2021

With the all IP based Next Generation Networks being deployed around the world, the use of real-time multimedia service applications is being extended from normal daily communications to emergency situations. However, currently different emergency providers utilise differing networks and different technologies. As such, conversations could be terminated at the setup phase or data could be transmitted in plaintext should incompatibility issues exit between terminals. To this end, a novel security gateway that can provide the necessary security support for incompatible terminals was proposed, developed and implemented to ensure the successful establishment of secure real-time multimedia conversations. A series of experiments …

Detection And Control Of Small Civilian Uavs, Matthew Peacock

Theses : Honours

With the increasing proliferation of small civilian Unmanned Aerial Vehicles (UAVs), the threat to critical infrastructure (CI) security and privacy is now widely recognised and must be addressed. These devices are easily available at a low cost, with their usage largely unrestricted allowing users to have no accountability. Further, current implementations of UAVs have little to no security measures applied to their control interfaces. To combat the threat raised by small UAVs, being aware of their presence is required, a task that can be challenging and often requires customised hardware.

This thesis aimed to address the threats posed by the …

Website Accessibility In Australia And The National Transition Strategy: Outcomes And Findings, Vivienne Conway

Theses: Doctorates and Masters

In the most recent statistics, published by the Australian Bureau of Statistics in 2012, it was reported that slightly under one in five people stated they had a disability. A further twenty-one percent of the population (4.7 million people) reported that they had a long-term health condition that did not restrict their everyday activities. This total group of people who suffer either a disability or a long-term health condition numbers 8.9 million people, or over thirty-nine percent of the Australian population. Of the people reporting a disability, 3.7 million or eighty-eight percent of that group experienced limitations in the activities …