Physical Sciences and Mathematics Commons^™

Front Matter

Journal of Digital Forensics, Security and Law

No abstract provided.

Masthead

Journal of Digital Forensics, Security and Law

No abstract provided.

A Power Grid Incident Identification Based On Physically Derived Cyber-Event Detection, Travis Atkison, Nathan Wallace

Journal of Digital Forensics, Security and Law

This article proposes a cyber-event detection framework to aid in incident Identification and digital forensics cases aimed at investigating cyber crime committed against the critical infrastructure power grid. However, unlike other similar investigative techniques, the proposed approach examines only the physical information to derive a cyber conclusion. The developed framework extracts information from the physical parameters stored in historical databases of SCADA systems. The framework uses a pseudo-trusted model derived from randomly selected power system observations found in the historical databases. Afterwards, a technique known as Bayesian Model Averaging is used to average the models and create a more trusted …

File Type Identification - Computational Intelligence For Digital Forensics, Konstantinos Karampidis, Giorgos Papadourakis

Journal of Digital Forensics, Security and Law

In modern world, the use of digital devices for leisure or professional reasons is growing quickly; nevertheless, criminals try to fool authorities and hide evidence in a computer by changing the file type. File type detection is a very demanding task for a digital forensic examiner. In this paper, a new methodology is proposed – in a digital forensics perspective- to identify altered file types with high accuracy by employing computational intelligence techniques. The proposed methodology is applied to the three most common image file types (jpg, png and gif) as well as to uncompressed tiff images. A three-stage process …

Forensic Cell Site Analysis: A Validation & Error Mitigation Methodology, John B. Minor

Journal of Digital Forensics, Security and Law

The E911 Initiative in the mid-1990s established an opportunity to obtain location specific digital evidence of subscriber activity from cellular carriers. Call Detail Records (CDR) containing Cell Site Location Information (CSLI) evidence production was made available from cellular carriers in response to the CALEA, 911 and ECPA acts. In the late 1990s, cellular carriers began to produce evidence for investigative and litigation purposes. CDR/CSLI evidence has become an important evidentiary focus in the courtroom. This research project resulted in the creation of a method of validating cellular carrier records accuracy and mitigating errors in forensic cell site analyst conclusions. The …

Towards A More Representative Definition Of Cyber Security, Daniel Schatz, Rabih Bashroush, Julie Wall

Journal of Digital Forensics, Security and Law

In recent years, ‘Cyber Security’ has emerged as a widely-used term with increased adoption by practitioners and politicians alike. However, as with many fashionable jargon, there seems to be very little understanding of what the term really entails. Although this is may not be an issue when the term is used in an informal context, it can potentially cause considerable problems in context of organizational strategy, business objectives, or international agreements. In this work, we study the existing literature to identify the main definitions provided for the term ‘Cyber Security’ by authoritative sources. We then conduct various lexical and semantic …

Applying A Contingency Framework To Digital Forensic Processes In Cloud Based Acquisitions, Diane Barrett

Journal of Digital Forensics, Security and Law

The change in business models to incorporate a wide variety of cloud computing environments has resulted in the escalation of computer crimes in the areas of security breaches and hacking. Methods to acquire evidence in a cloud computing environment are limited due to the complexity of the cloud environment. Since digital acquisition processes in cloud computing environments are still in the infancy stages, there have been no studies in the application of existing frameworks to this type environment based on traditional forensic processes.

This paper describes a qualitative study conducted to develop a robust contingency framework for deciding when to …

Signatures Of Viber Security Traffic, M.A.K. Sudozai, N. Habib, S. Saleem, A.A. Khan

Journal of Digital Forensics, Security and Law

Viber is one of the widely used mobile chat application which has over 606 million users on its platform. Since the recent release of Viber 6.0 in March/April 2016 and its further updates, Viber provides end-to-end encryption based on Open Whisper Signal security architecture. With proprietary communication protocol scattered on distributed cluster of servers in different countries and secure cryptographic primitives, Viber offers a difficult paradigm of traffic analysis. In this paper, we present a novel methodology of identification of Viber traffic over the network and established a model which can classify its services of audio and audio/video calls, message …

From The Editors, Carole L. Hollingsworth, Michael E. Whitman, Herbert J. Mattord

Journal of Cybersecurity Education, Research and Practice

Welcome to the third issue of the Journal of Cybersecurity Education, Research and Practice (JCERP).

Cyber Security For Everyone: An Introductory Course For Non-Technical Majors, Marc J. Dupuis

Journal of Cybersecurity Education, Research and Practice

In this paper, we describe the need for and development of an introductory cyber security course. The course was designed for non-technical majors with the goal of increasing cyber security hygiene for an important segment of the population—college undergraduates. While the need for degree programs that focus on educating and training individuals for occupations in the ever-growing cyber security field is critically important, the need for improved cyber security hygiene from the average everyday person is of equal importance. This paper discusses the approach used, curriculum developed, results from two runs of the course, and frames the overall structure of …

Pedagogical Resources For Industrial Control Systems Security: Design, Implementation, Conveyance, And Evaluation, Guillermo A. Francia Iii, Greg Randall, Jay Snellen

Journal of Cybersecurity Education, Research and Practice

Industrial Control Systems (ICS), which are pervasive in our nation’s critical infrastructures, are becoming increasingly at risk and vulnerable to internal and external threats. It is imperative that the future workforce be educated and trained on the security of such systems. However, it is equally important that careful and deliberate considerations must be exercised in designing and implementing the educational and training activities that pertain to ICS. To that end, we designed and implemented pedagogical materials and tools to facilitate the teaching and learning processes in the area of ICS security. In this paper, we describe those resources, the professional …

How Much Should We Teach The Enigma Machine?, Jeffrey A. Livermore

Journal of Cybersecurity Education, Research and Practice

Developing courses and programs in Information Assurance can feel like trying to force ten pounds of flour into a five pound sack. We want to pack more into our courses than we have time to teach. As new technologies develop, we often find it necessary to drop old technologies out of the curriculum and our students miss out on the historical impacts the old technologies had. The discipline is so broad and deep that we have to carefully choose what concepts and technologies we study in depth, what we mention in passing, and what we leave out. Leaving out important …

Table Of Contents

Journal of Digital Forensics, Security and Law

No abstract provided.

Front Matter

Journal of Digital Forensics, Security and Law

No abstract provided.

Masthead

Journal of Digital Forensics, Security and Law

No abstract provided.

Special Issue Of Best Papers From The 11th International Conference On Systematic Approaches To Digital Forensic Engineering (Sadfe 2016)

Journal of Digital Forensics, Security and Law

The SADFE series feature the different editions of the International Conference on Systematic Approaches to Digital Forensics Engineering. Now in its eleventh edition, SADFE has established itself as the premier conference for researchers and practitioners working in Systematic Approaches to Digital Forensics Engineering.

SADFE 2016, the eleventh international conference on Systematic Approaches to Digital Forensic Engineering was held in Kyoto, Japan, September 20 - 22, 2016.

Digital forensics engineering and the curation of digital collections in cultural institutions face pressing and overlapping challenges related to provenance, chain of custody, authenticity, integrity, and identity. The generation, analysis and sustainability of digital …

A Forensic Email Analysis Tool Using Dynamic Visualization, Johannes Stadlinger, Andreas Dewald

Journal of Digital Forensics, Security and Law

Communication between people counts to the most important information of today’s business. As a result, in case of forensic investigations in big companies, analysis of communication data in general and especially email, as the still most widely used business communication platform with an immense and still growing volume, is a typical task in digital forensics. One of the challenges is to identify the relevant communication partners and structures in the suspects surrounding as quickly as possible in order to react appropriately and identify further targets of evaluation. Due to the amount of emails in typical inboxes, reading through all the …

Find Me If You Can: Mobile Gps Mapping Applications Forensic Analysis & Snavp The Open Source, Modular, Extensible Parser, Jason Moore, Ibrahim Baggili, Frank Breitinger

Journal of Digital Forensics, Security and Law

The use of smartphones as navigation devices has become more prevalent. The ubiquity of hand-held navigation devices such as Garmins or Toms Toms has been falling whereas the ownership of smartphones and their adoption as GPS devices is growing. This work provides a comprehensive study of the most popular smartphone mapping applications, namely Google Maps, Apple Maps, Waze, MapQuest, Bing, and Scout, on both Android and iOS. It details what data was found, where it was found, and how it was acquired for each application. Based on the findings, the work allowed for the construction of a tool capable of …

Anti-Forensic Trace Detection In Digital Forensic Triage Investigations, Kyoung Jea Park, Jung-Min Park, Eun-Jin Kim, Chang Geun Cheon, Joshua I. James

Journal of Digital Forensics, Security and Law

Anti-forensics, whether intentionally to disrupt investigations or simply an effort to make a computer system run better, is becoming of increasing concern to digital investigators. This work attempts to assess the problem of anti-forensics techniques commonly deployed in South Korea. Based on identified challenges, a method of signature-based anti-forensic trace detection is proposed for triage purposes that will assist investigators in quickly making decisions about the suspect digital devices before conducting a full investigation. Finally, a prototype anti-forensic trace detection system is given to demonstrate the practicality of the proposed method.

Compression Of Virtual-Machine Memory In Dynamic Malware Analysis, James E. Fowler Ph.D.

Journal of Digital Forensics, Security and Law

Lossless compression of memory dumps from virtual machines that run malware samples is considered with the goal of significantly reducing archival costs in dynamic-malware-analysis applications. Given that, in such dynamic-analysis scenarios, malware samples are typically run in virtual machines just long enough to activate any self-decryption or other detection- avoidance maneuvers, the virtual-machine memory typically changes little from that of the baseline state, with the difference being attributable in large degree to the loading of additional executables and libraries. Consequently, delta coding is proposed to compress the current virtual-machine memory dump by coding its differences with respect to a predicted …