Open Access. Powered by Scholars. Published by Universities.®
Physical Sciences and Mathematics Commons™
Open Access. Powered by Scholars. Published by Universities.®
- Keyword
-
- Digital forensics (4)
- Network forensics (2)
- [RSTDPub] (2)
- Android (1)
- Application profiles (1)
-
- Application software (1)
- Association Rules (1)
- Attack Cause Analysis (1)
- BGA rework (1)
- Backdoor.AndroidOS.Obad (1)
- Bluetooth (1)
- Browsers (1)
- Bulk_extractor (1)
- Chip-Off Forensics (1)
- Criminology (1)
- Cyber Attacks (1)
- Cyber Security (1)
- Cyber attacks (1)
- Cyber incident forensics (1)
- Data Mining (1)
- Data compromise (1)
- Data interception (1)
- Dataset creation (1)
- Decision Trees (1)
- Device discovery (1)
- Device fingerprinting (1)
- Device profiling (1)
- Differential analysis (1)
- Digital Forensic XML (1)
- Digital forensic analysis (1)
Articles 1 - 16 of 16
Full-Text Articles in Physical Sciences and Mathematics
Mapping The Laws Which Apply To Intercepting Wireless Communications In A Western Australian Legal Context, Tim Thomas, Craig Valli
Mapping The Laws Which Apply To Intercepting Wireless Communications In A Western Australian Legal Context, Tim Thomas, Craig Valli
Australian Digital Forensics Conference
The rapid evolution and deployment of WiFi technology creates a new environment where offenders can intercept and obtain sensitive information for use in the commissioning of further criminal activity. This paper explores how the law applies to an protects the wireless communications environment, with specific focus on the interception of WiFi data communications.
Steganography As A Threat – Fairytale Or Fact?, Tom Cleary
Steganography As A Threat – Fairytale Or Fact?, Tom Cleary
Australian Digital Forensics Conference
Almost since the birth of the Internet, there has been a fear that steganographically-encoded threats would be used to bring harm. Serious consideration has been given to the idea that merely downloading an image could introduce malware. Yet, for decades, evidence of this malware channel has been missing in action. There is still an unwritten assumption that images are harmless. Many vendors have implicitly avoided producing defences against steganographic threats. Is it truly impossible to make a widely harmful exploit this way or have malicious actors accepted general wisdom? Three recent papers suggest that there may be a new chapter …
Towards A Standardised Strategy To Collect And Distribute Application Software Artifacts, Thomas Laurenson, Stephen Macdonell, Hank Wolfe
Towards A Standardised Strategy To Collect And Distribute Application Software Artifacts, Thomas Laurenson, Stephen Macdonell, Hank Wolfe
Australian Digital Forensics Conference
Reference sets contain known content that are used to identify relevant or filter irrelevant content. Application profiles are a type of reference set that contain digital artifacts associated with application software. An application profile can be compared against a target data set to identify relevant evidence of application usage in a variety of investigation scenarios. The research objective is to design and implement a standardised strategy to collect and distribute application software artifacts using application profiles. An advanced technique for creating application profiles was designed using a formalised differential analysis strategy. The design was implemented in a live differential forensic …
Improving The Detection And Validation Of Inland Revenue Numbers, Henry Gee, Thomas Laurenson, Hank Wolfe
Improving The Detection And Validation Of Inland Revenue Numbers, Henry Gee, Thomas Laurenson, Hank Wolfe
Australian Digital Forensics Conference
Forensic analysis commonly involves searching an investigation target for personal identifiable information. An Inland Revenue Department (IRD) number is used for taxation purposes in New Zealand and can provide evidence of perpetrator identity, transaction information or electronic fraud. This research has designed and implemented a bulk_extractor feature scanner to detect and validate IRD numbers (features). The IRD scanner has been tested on a known data set to ensure tool functionality. A large real world data set was then used to determine scanner effectiveness in a realistic investigation scenario. Real world data set testing highlighted a high number of unrelated features …
Mobile Device Damage And The Challenges To The Modern Investigator, Dan Blackman
Mobile Device Damage And The Challenges To The Modern Investigator, Dan Blackman
Australian Digital Forensics Conference
Mobile Forensics has developed into an area of significant concern to law enforcement agencies and their counterparts, specifically as a result of individuals moving away from using traditional computers and focusing attention on their mobile device. Due to the smart phone being almost permanently attached to the person or in near proximity, it has become a significant source of information for investigators and can mean the difference between proving guilt or innocence. Tools have long been established, which provide agencies the ability to encapsulate expertise, which allows the easy download and production of reports for the mobile device and how …
File System Modelling For Digital Triage: An Inductive Profiling Approach, Benjamin Rice, Benjamin Turnbull
File System Modelling For Digital Triage: An Inductive Profiling Approach, Benjamin Rice, Benjamin Turnbull
Australian Digital Forensics Conference
Digital Triage is the initial, rapid screening of electronic devices as a precursor to full forensic analysis. Triage has numerous benefits including resource prioritisation, greater involvement of criminal investigators and the rapid provision of initial outcomes. In traditional scientific forensics and criminology, certain behavioural attributes and character traits can be identified and used to construct a case profile to focus an investigation and narrow down a list of suspects. This research introduces the Triage Modelling Tool (TMT), that uses a profiling approach to identify how offenders utilise and structure files through the creation of file system models. Results from the …
Cyber Blackbox For Collecting Network Evidence, Jooyoung Lee, Sunoh Choi, Yangseo Choi, Jonghyun Kim, Ikkyun Kim, Youngseok Lee
Cyber Blackbox For Collecting Network Evidence, Jooyoung Lee, Sunoh Choi, Yangseo Choi, Jonghyun Kim, Ikkyun Kim, Youngseok Lee
Australian Digital Forensics Conference
In recent years, the hottest topics in the security field are related to the advanced and persistent attacks. As an approach to solve this problem, we propose a cyber blackbox which collects and preserves network traffic on a virtual volume based WORM device, called EvidenceLock to ensure data integrity for security and forensic analysis. As a strategy to retain traffic for long enough periods, we introduce a deduplication method. Also this paper includes a study on the network evidence which is collected and preserved for analyzing the cause of cyber incident. Then, a method is proposed to suggest a starting …
Cyber Black Box: Network Intrusion Forensics System For Collecting And Preserving Evidence Of Attack, Jong-Hyun Kim, Joo-Young Lee, Yangseo Choi, Sunoh Choi, Ik-Kyun Kim
Cyber Black Box: Network Intrusion Forensics System For Collecting And Preserving Evidence Of Attack, Jong-Hyun Kim, Joo-Young Lee, Yangseo Choi, Sunoh Choi, Ik-Kyun Kim
Australian Digital Forensics Conference
Once the system is compromised, the forensics and investigation are always executed after the attacks and the loss of some useful instant evidence. Since there is no log information necessary for analyzing an attack cause after the cyber incident occurs, it is difficult to analyze the cause of an intrusion even after an intrusion event is recognized. Moreover, in an advanced cyber incident such as advanced persistent threats, several months or more are expended in only analyzing a cause, and it is difficult to find the cause with conventional security equipment. In this paper, we introduce a network intrusion forensics …
Comparison Of Live Response, Linux Memory Extractor (Lime) And Mem Tool For Acquiring Android’S Volatile Memory In The Malware Incident, Andri Heriyanto, Craig Valli, Peter Hannay
Comparison Of Live Response, Linux Memory Extractor (Lime) And Mem Tool For Acquiring Android’S Volatile Memory In The Malware Incident, Andri Heriyanto, Craig Valli, Peter Hannay
Australian Digital Forensics Conference
The increasing use of encryption and obfuscation within the malware development arena has necessitated the use of volatile memory acquisition on smartphone platforms. Current smartphone forensics research lacks a well-formulated process for the acquisition of volatile memory. This research evaluates and contrasts three differing tools for acquisition of volatile memory from the Android platform: Live Response, Linux Memory Extractor (LiME) and Mem Tool. Evaluation is conducted through practical examination during the analysis of an infected device. The results demonstrate a combination of LiME and the Volatility Framework provides the most robust findings. Complexities due to the nature of LiME prevent …
Mining Social Networking Sites For Digital Evidence, Brian Cusack, Saud Alshaifi
Mining Social Networking Sites For Digital Evidence, Brian Cusack, Saud Alshaifi
Australian Digital Forensics Conference
OnLine Social Networking sites (SNS) hold a vast amount of information that individuals and organisations post about themselves. Investigations include SNS as sources of evidence and the challenge is to have effective tools to extract the evidence. In this exploratory research we apply the latest version of a proprietary tool to identify potential evidence from five SNS using three different browsers. We found that each web browser influenced the scope of the evidence extracted. In previous research we have shown that different open source and proprietary tools influence the scope of evidence obtained. In this research we asked, What variation …
The Challenges Of Seizing And Searching The Contents Of Wi-Fi Devices For The Modern Investigator, Dan Blackman, Patryk Szewczyk
The Challenges Of Seizing And Searching The Contents Of Wi-Fi Devices For The Modern Investigator, Dan Blackman, Patryk Szewczyk
Australian Digital Forensics Conference
To the modern law enforcement investigator, the potential for an offender to have a mobile device on his or her person, who connects to a Wi-Fi network, may afford evidence to place them at a scene, at a particular time. Whilst tools to interrogate mobile devices and Wi-Fi networks, have undergone significant development, little research has been conducted with regards to interrogating Wi-Fi routers and the evidence they may contain. This paper demonstrates that multiple inhibiting factors exist for forensic investigators when attempting to extract data from Wi-Fi routers at the scene. Data volatility means the Wi-Fi router cannot be …
Image Similarity Using Dynamic Time Warping Of Fractal Features, Ahmed Ibrahim, Craig Valli
Image Similarity Using Dynamic Time Warping Of Fractal Features, Ahmed Ibrahim, Craig Valli
Australian Digital Forensics Conference
Hashing algorithms such as MD/SHA variants have been used for years by forensic investigators to look for known artefacts of interest such as malicious files. However, such hashing algorithms are not effective when their hashes change with the slightest alteration in the file. Fuzzy hashing overcame this limitation to a certain extent by providing a close enough measure for slight modifications. As such, image forensics is an essential part of any digital crime investigation, especially in cases involving child pornography. Unfortunately such hashing algorithms can be thwarted easily by operations as simple as saving the original file in a different …
An Overview Of Bluetooth Device Discovery And Fingerprinting Techniques – Assessing The Local Context, Maxim Chernyshev
An Overview Of Bluetooth Device Discovery And Fingerprinting Techniques – Assessing The Local Context, Maxim Chernyshev
Australian Digital Forensics Conference
The ubiquitous nature of portable communication devices presents a number of opportunities for automated device discovery, tracking and possible owner identification. Consumer devices such as smartphones, tablets, wearables, laptops and vehicle entertainment systems commonly support the 802.15.1 (Bluetooth) wireless communication protocol that enables a variety device discovery and fingerprinting techniques. We provide an overview of these techniques encompassing those native to the protocol as well as those that are possibly protocol-agnostic due to their inherently generic nature. We then introduce an opportunity for a comparison study that sets out to examine and quantify the effectiveness of selected techniques in the …
Security Assessment Of Iot Devices: The Case Of Two Smart Tvs, Maxim Chernyshev, Peter Hannay
Security Assessment Of Iot Devices: The Case Of Two Smart Tvs, Maxim Chernyshev, Peter Hannay
Australian Digital Forensics Conference
Being increasingly complex devices, smart TVs are becoming more capable and have the potential to receive, store, process and transmit considerable amounts of personal data. These capabilities also represent several diverse attack surfaces potentially rendering these devices highly vulnerable. The emergence and high adoption rate of smart TVs have been drawing notable interest from security researchers and industry. We utilise an attack surface area-based approach to assess the security of two modern smart TVs from different vendors and describe some of the possible multi-surface attacks that can be carried out against these devices.
The Spy In Your Pocket: Smartphones And Geo-Location Data, Krishnun Sansurooah, Bradley Keane
The Spy In Your Pocket: Smartphones And Geo-Location Data, Krishnun Sansurooah, Bradley Keane
Australian Digital Forensics Conference
The integration of Global Positioning Systems and Smartphones has seen the significance of location based services rise. Geo-location data could prove to be an invaluable source of evidence in a forensic investigation. An attempt to extract geo-location data from an iPhone4s and Huawei Ascend G526 in a forensically sound manner revealed significant geo-location data embedded within geo-tags within photos taken on the devices. Other limited evidence was located on the devices.
Analysis Into Developing Accurate And Efficient Intrusion Detection Approaches, Priya Rabadia, Craig Valli
Analysis Into Developing Accurate And Efficient Intrusion Detection Approaches, Priya Rabadia, Craig Valli
Australian Digital Forensics Conference
Cyber-security has become more prevalent as more organisations are relying on cyber-enabled infrastructures to conduct their daily actives. Subsequently cybercrime and cyber-attacks are increasing. An Intrusion Detection System (IDS) is a cyber-security tool that is used to mitigate cyber-attacks. An IDS is a system deployed to monitor network traffic and trigger an alert when unauthorised activity has been detected. It is important for IDSs to accurately identify cyber-attacks against assets on cyber-enabled infrastructures, while also being efficient at processing current and predicted network traffic flows. The purpose of the paper is to outline the importance of developing an accurate and …