Open Access. Powered by Scholars. Published by Universities.®
Physical Sciences and Mathematics Commons™
Open Access. Powered by Scholars. Published by Universities.®
Articles 1 - 30 of 39
Full-Text Articles in Physical Sciences and Mathematics
A Novel Privacy Preserving User Identification Approach For Network Traffic, Nathan Clarke, Fudong Li, Steven Furnell
A Novel Privacy Preserving User Identification Approach For Network Traffic, Nathan Clarke, Fudong Li, Steven Furnell
Research outputs 2014 to 2021
The prevalence of the Internet and cloud-based applications, alongside the technological evolution of smartphones, tablets and smartwatches, has resulted in users relying upon network connectivity more than ever before. This results in an increasingly voluminous footprint with respect to the network traffic that is created as a consequence. For network forensic examiners, this traffic represents a vital source of independent evidence in an environment where anti-forensics is increasingly challenging the validity of computer-based forensics. Performing network forensics today largely focuses upon an analysis based upon the Internet Protocol (IP) address – as this is the only characteristic available. More typically, …
Proceedings Of The 15th Australian Digital Forensics Conference, 5-6 December 2017, Edith Cowan University, Perth, Australia, Craig Valli
Australian Digital Forensics Conference
Conference Foreword This is the sixth year that the Australian Digital Forensics Conference has been held under the banner of the Security Research Institute, which is in part due to the success of the security conference program at ECU. As with previous years, the conference continues to see a quality papers with a number from local and international authors. 8 papers were submitted and following a double blind peer review process, 5 were accepted for final presentation and publication. Conferences such as these are simply not possible without willing volunteers who follow through with the commitment they have initially made, …
Iseek, A Tool For High Speed, Concurrent, Distributed Forensic Data Acquisition, Richard Adams, Graham Mann, Valerie Hobbs
Iseek, A Tool For High Speed, Concurrent, Distributed Forensic Data Acquisition, Richard Adams, Graham Mann, Valerie Hobbs
Australian Digital Forensics Conference
Electronic discovery (also written as e-discovery or eDiscovery) and digital forensics are processes in which electronic data is sought, located, secured, and processed with the expectation that it may be used as evidence in legal proceedings. Electronic evidence plays a fundamental role in many aspects of litigation (Stanfield, 2009). However, both eDiscovery and digital forensic approaches that rely on the creation of an index as part of their processing are struggling to cope with the huge increases in hard disk storage capacity. This paper introduces a novel technology that meets the existing and future data volume challenges faced by practitioners …
An Automated Approach For Digital Forensic Analysis Of Heterogeneous Big Data, Hussam Mohammed, Nathan Clarke, Fudong Li
An Automated Approach For Digital Forensic Analysis Of Heterogeneous Big Data, Hussam Mohammed, Nathan Clarke, Fudong Li
Research outputs 2014 to 2021
The major challenges with big data examination and analysis are volume, complex interdependence across content, and heterogeneity. The examination and analysis phases are considered essential to a digital forensics process. However, traditional techniques for the forensic investigation use one or more forensic tools to examine and analyse each resource. In addition, when multiple resources are included in one case, there is an inability to cross-correlate findings which often leads to inefficiencies in processing and identifying evidence. Furthermore, most current forensics tools cannot cope with large volumes of data. This paper develops a novel framework for digital forensic analysis of heterogeneous …
File System Modelling For Digital Triage: An Inductive Profiling Approach, Benjamin Rice, Benjamin Turnbull
File System Modelling For Digital Triage: An Inductive Profiling Approach, Benjamin Rice, Benjamin Turnbull
Australian Digital Forensics Conference
Digital Triage is the initial, rapid screening of electronic devices as a precursor to full forensic analysis. Triage has numerous benefits including resource prioritisation, greater involvement of criminal investigators and the rapid provision of initial outcomes. In traditional scientific forensics and criminology, certain behavioural attributes and character traits can be identified and used to construct a case profile to focus an investigation and narrow down a list of suspects. This research introduces the Triage Modelling Tool (TMT), that uses a profiling approach to identify how offenders utilise and structure files through the creation of file system models. Results from the …
Cyber Blackbox For Collecting Network Evidence, Jooyoung Lee, Sunoh Choi, Yangseo Choi, Jonghyun Kim, Ikkyun Kim, Youngseok Lee
Cyber Blackbox For Collecting Network Evidence, Jooyoung Lee, Sunoh Choi, Yangseo Choi, Jonghyun Kim, Ikkyun Kim, Youngseok Lee
Australian Digital Forensics Conference
In recent years, the hottest topics in the security field are related to the advanced and persistent attacks. As an approach to solve this problem, we propose a cyber blackbox which collects and preserves network traffic on a virtual volume based WORM device, called EvidenceLock to ensure data integrity for security and forensic analysis. As a strategy to retain traffic for long enough periods, we introduce a deduplication method. Also this paper includes a study on the network evidence which is collected and preserved for analyzing the cause of cyber incident. Then, a method is proposed to suggest a starting …
The Challenges Of Seizing And Searching The Contents Of Wi-Fi Devices For The Modern Investigator, Dan Blackman, Patryk Szewczyk
The Challenges Of Seizing And Searching The Contents Of Wi-Fi Devices For The Modern Investigator, Dan Blackman, Patryk Szewczyk
Australian Digital Forensics Conference
To the modern law enforcement investigator, the potential for an offender to have a mobile device on his or her person, who connects to a Wi-Fi network, may afford evidence to place them at a scene, at a particular time. Whilst tools to interrogate mobile devices and Wi-Fi networks, have undergone significant development, little research has been conducted with regards to interrogating Wi-Fi routers and the evidence they may contain. This paper demonstrates that multiple inhibiting factors exist for forensic investigators when attempting to extract data from Wi-Fi routers at the scene. Data volatility means the Wi-Fi router cannot be …
The Spy In Your Pocket: Smartphones And Geo-Location Data, Krishnun Sansurooah, Bradley Keane
The Spy In Your Pocket: Smartphones And Geo-Location Data, Krishnun Sansurooah, Bradley Keane
Australian Digital Forensics Conference
The integration of Global Positioning Systems and Smartphones has seen the significance of location based services rise. Geo-location data could prove to be an invaluable source of evidence in a forensic investigation. An attempt to extract geo-location data from an iPhone4s and Huawei Ascend G526 in a forensically sound manner revealed significant geo-location data embedded within geo-tags within photos taken on the devices. Other limited evidence was located on the devices.
A User-Oriented Network Forensic Analyser: The Design Of A High-Level Protocol Analyser, D Joy, F Li, N L. Clarke, S M. Furnell
A User-Oriented Network Forensic Analyser: The Design Of A High-Level Protocol Analyser, D Joy, F Li, N L. Clarke, S M. Furnell
Australian Digital Forensics Conference
Network forensics is becoming an increasingly important tool in the investigation of cyber and computer-assisted crimes. Unfortunately, whilst much effort has been undertaken in developing computer forensic file system analysers (e.g. Encase and FTK), such focus has not been given to Network Forensic Analysis Tools (NFATs). The single biggest barrier to effective NFATs is the handling of large volumes of low-level traffic and being able to exact and interpret forensic artefacts and their context – for example, being able extract and render application-level objects (such as emails, web pages and documents) from the low-level TCP/IP traffic but also understand how …
A Forensic Overview Of The Lg Smart Tv, Iain Sutherland, Konstantino Xynos, Huw Read, Andy Jones, Tom Drange
A Forensic Overview Of The Lg Smart Tv, Iain Sutherland, Konstantino Xynos, Huw Read, Andy Jones, Tom Drange
Australian Digital Forensics Conference
The emerging Smart TV platform will likely replace traditional television sets over time as the entertainment and communication centrepiece in people’s homes. Given its expanded functionality and now, its online presence, there is a need to identify how they may become part of forensic investigations. The purpose of this paper is to introduce the area of Smart TVs and the potential forensic value these systems present in combination with their ever advancing functionality and capabilities. We provide an overview of Smart TV systems highlighting functionality and potential issues. We also take an initial look at two particular models, from the …
A Forensically-Enabled Iaas Cloud Computing Architecture, Saad Alqahtany, Nathan Clarke, Steven Furnell, Christoph Reich
A Forensically-Enabled Iaas Cloud Computing Architecture, Saad Alqahtany, Nathan Clarke, Steven Furnell, Christoph Reich
Australian Digital Forensics Conference
Current cloud architectures do not support digital forensic investigators, nor comply with today’s digital forensics procedures largely due to the dynamic nature of the cloud. Whilst much research has focused upon identifying the problems that are introduced with a cloud-based system, to date there is a significant lack of research on adapting current digital forensic tools and techniques to a cloud environment. Data acquisition is the first and most important process within digital forensics – to ensure data integrity and admissibility. However, access to data and the control of resources in the cloud is still very much provider-dependent and complicated …
12th Australian Digital Forensics Conference, 2014, Edith Cowan University: Conference Details, Security Research Institute, Edith Cowan University
12th Australian Digital Forensics Conference, 2014, Edith Cowan University: Conference Details, Security Research Institute, Edith Cowan University
Australian Digital Forensics Conference
No abstract provided.
An Investigation Into The Efficiency Of Forensic Data Erasure Tools For Removable Usb Flash Memory Storage Devices, Krishnun Sansurooah, Haydon Hope, Hani Almutairi, Fayadh Alnazawi, Yunhan Jiang
An Investigation Into The Efficiency Of Forensic Data Erasure Tools For Removable Usb Flash Memory Storage Devices, Krishnun Sansurooah, Haydon Hope, Hani Almutairi, Fayadh Alnazawi, Yunhan Jiang
Australian Digital Forensics Conference
Securely erasing data is of key importance to anyone that is concerned with the security of their sensitive information, whether an individual or an organization. Simply deleting the data in question or formatting the storage device is not enough to ensure that the data cannot be recovered. Furthermore, with the uptake of Universal Serial Bus drives (USBs) flash memory based storage devices have replaced previous portable secondary storage media. Therefore, it is of a major concern whether these tools and products developed for securely erasing data secondary storage Hard Disk Drives (HDDs) would be as efficient when targeting the USB …
Security Analysis And Forensic Investigation Of Home & Commercial Alarm Systemsin New Zealand: Current Research Findings, Alastair Nisbet, Maria Kim
Security Analysis And Forensic Investigation Of Home & Commercial Alarm Systemsin New Zealand: Current Research Findings, Alastair Nisbet, Maria Kim
Australian Digital Forensics Conference
Alarm systems with keypads, sensors and sirens protect our homes and commercial premises from intruders. The reliability of these systems has improved over the past years but the technology has remained largely as it was 3 decades ago. With simple keypads and generally 4 digit PIN codes used for setting and unsetting the alarms, the main protection against a determined intruder is the necessity to choose robust PIN codes. However, with PIN codes chosen that are generally easy to remember and therefore relatively easy to guess, or numbers chosen to follow a pattern on the keypad, the main protection from …
Sellers Continue To Give Away Confidential Information On Second Hand Memory Cards Sold In Australia, Patryk Szewczyk, Nikki Robins, Krishnun Sansurooah
Sellers Continue To Give Away Confidential Information On Second Hand Memory Cards Sold In Australia, Patryk Szewczyk, Nikki Robins, Krishnun Sansurooah
Australian Digital Forensics Conference
Second hand storage devices can be treasure troves of confidential data. This study investigated the remnant data on second hand memory cards that were purchased through Australian second hand auction websites throughout 2013. Memory cards continue to increase in capacity and are used in both smart phones and tablet computers as persistent storage. During this study a total of 140 second hand memory cards were purchased throughout 2013. Each memory card had its data recovered and subsequently analysed. The results show that sellers are sending memory cards with no evidence of erasure; poor attempts to erase data; or simply asking …
The 2012 Investigation Into Remnant Data On Second Hand Memory Cards Sold In Australia, Patryk Szewczyk, Krishnun Sansurooah
The 2012 Investigation Into Remnant Data On Second Hand Memory Cards Sold In Australia, Patryk Szewczyk, Krishnun Sansurooah
Australian Digital Forensics Conference
This study investigates the remnant data on memory cards that were purchased through Australian second hand auctions sites in 2012. Memory cards are increasing in capacity and are commonly used amongst many consumer orientated electronic devices including mobile phones, tablet computers, cameras and multimedia devices. This study examined 78 second hand memory cards. The investigation shows that confidential data is present on many of the memory cards and that in many instances there is no evidence to suggest that the seller attempted to erase data. In many instances the sellers are asking the buyer to erase the data on the …
Guidelines For The Digital Forensic Processing Of Smartphones, Khawla Abdulla Alghafli, Andrew Jones, Thomas Anthony Martin
Guidelines For The Digital Forensic Processing Of Smartphones, Khawla Abdulla Alghafli, Andrew Jones, Thomas Anthony Martin
Australian Digital Forensics Conference
Today Smartphone devices are widespread and they hold a number of types of information about the owner and their activities. As a result of the widespread adoption of these devices into every aspect of our lives they can be involved in almost any crime. The aim of digital forensics of Smartphone devices is to recover the digital evidence in a forensically sound manner so that the digital evidence can be presented and accepted in court. The digital forensic process consists of four phases which are preservation, acquisition, examination/analysis and finally presentation. In this paper we look at various types of …
Organisational Preparedness For Hosted Virtual Desktops In The Context Of Digital Forensics, Nirbhay Jawale, Ajit Narayanan
Organisational Preparedness For Hosted Virtual Desktops In The Context Of Digital Forensics, Nirbhay Jawale, Ajit Narayanan
Australian Digital Forensics Conference
Virtualization in computing has progressed to an extent where desktops can be virtualized and accessed from anywhere. The server hosted model has already surpassed 1% market share of the worldwide professional PC market, with estimates indicating that this is a rapidly growing area. This paper investigates the adequacy of current digital forensic procedures on hosted virtual desktops (HVDs) as there does not appear to be specific methods of locating and extracting evidences from this infrastructure. A hosted virtual desktop deployed in private clouds was simulated to reflect two different computer crime scenarios. It was found that current digital forensic procedures …
A 2011 Investigation Into Remnant Data On Second Hand Memory Cards Sold In Australia, Patryk Szewczyk, Krishnun Sansurooah
A 2011 Investigation Into Remnant Data On Second Hand Memory Cards Sold In Australia, Patryk Szewczyk, Krishnun Sansurooah
Australian Digital Forensics Conference
The use of memory cards is widely used in numerous electronic devices including tablet computers, cameras, mobile phones and multimedia devices. Like a USB drive, memory cards are an inexpensive and portable persistent storage solution. Numerous manufactures are incorporating a memory card interface into their product, allowing for a large array of confidential data to be stored. This research aimed to determine the sensitivity, type and amount of data that remained on second hand memory cards post sale. In 2011, over an eight month period, 119 second hand memory cards were randomly purchased from eBay Australia. The findings from the …
Forensic Recovery And Analysis Of The Artefacts Of Crimeware Toolkits, Murray Brand
Forensic Recovery And Analysis Of The Artefacts Of Crimeware Toolkits, Murray Brand
Australian Digital Forensics Conference
The total cost of cybercrime has been estimated to exceed US$388 billion annually. The availability of crimeware toolkits has lowered the bar for entry to the world of cybercrime. With very little technical knowledge required, cybercriminals can create, deploy and harvest financial data using banking trojans though a point and click graphical user interface that can cost less than US$1000. Technical support is also available for a fee, including technical infrastructure and servers to store harvested data. Fraudsters employing crimeware toolkits have been reported to have stolen US$3.2 million dollars in as little as six months. This paper presents preliminary …
Kindle Forensics: Acquisition And Analysis, Peter Hannay
Kindle Forensics: Acquisition And Analysis, Peter Hannay
Research outputs 2011
The Amazon Kindle eBook reader supports a wide range of capabilities beyond reading books. This functionality includes an inbuilt cellular data connection known as Whispernet. The Kindle provides web browsing, an application framework, eBook delivery and other services over this connection. The historic data left by user interaction with this device may be of forensic interest. Analysis of the Amazon Kindle device has resulted in a method to reliably extract and interpret data from these devices in a forensically complete manner.
Lessons Learned From An Investigation Into The Analysis Avoidance Techniques Of Malicious Software, Murray Brand, Craig Valli, Andrew Woodward
Lessons Learned From An Investigation Into The Analysis Avoidance Techniques Of Malicious Software, Murray Brand, Craig Valli, Andrew Woodward
Australian Digital Forensics Conference
This paper outlines a number of key lessons learned from an investigation into the techniques malicious executable software can employ to hinder digital forensic examination. Malware signature detection has been recognised by researchers to be far less than ideal. Thus, the forensic analyst may be required to manually analyse suspicious files. However, in order to hinder the forensic analyst, hide its true intent and to avoid detection, modern malware can be wrapped with packers or protectors, and layered with a plethora of antianalysis techniques. This necessitates the forensic analyst to develop static and dynamic analysis skills tailored to navigate a …
Cyber Forensics Assurance, Glenn S. Dardick
Cyber Forensics Assurance, Glenn S. Dardick
Australian Digital Forensics Conference
As the usage of Cyber Forensics increases, so does the potential for errors in the practice of applying Cyber Forensic. Errors in opinions derived from faulty practices have resulted in grievous miscarriages of justice. However, utilizing the foundations of Information Systems Assurance and Information Quality, a solid foundation for improving the quality and effectiveness of Cyber Forensics can be derived. The foundations of Information Systems Assurance and information Quality provide a solid foundation for improving the current efforts in Cyber Forensics. With increasing computer and network systems usage as well as the increasing frequency of attacks on information systems, the …
An Investigation Into The Efficacy Of Three Erasure Tools Under Windows 7, Cheng Toy Chiang, Kelvin Triton, Andrew Woodward
An Investigation Into The Efficacy Of Three Erasure Tools Under Windows 7, Cheng Toy Chiang, Kelvin Triton, Andrew Woodward
Australian Digital Forensics Conference
This paper examined three erasure software tools aimed at removing evidence of online and other activity, and was investigated using the Windows 7 operating system as the test platform. The tools in question were Anti- Tracks, Free Internet Eraser and Free Internet Window Washer. The findings included each of the tested software’s ability to completely erase target data on the drive. It also included examined whether the data was erased or merely the link to the data was deleted, making the file recoverable. It was found that the Anti-Tracks program did not erase any of the information targeted by the …
The Adsl Router Forensics Process, Patryk Szewczyk
The Adsl Router Forensics Process, Patryk Szewczyk
Research outputs pre 2011
In 2010 the number of threats targeting ADSL routers is continually increasing. New and emergent threats have been developed to bypass authentication processes and obtain admin privileges directly to the device. As a result many malicious attempts are being made to alter the configuration data and make the device subsequently vulnerable. This paper discusses the non-invasive digital forensics approach into extracting evidence from ADSL routers. Specifically it validates an identified digital forensic process of acquisition. The paper then discusses how the approach may be utilised to extract configuration data ever after a device has been compromised to the point where …
Malware Forensics: Discovery Of The Intent Of Deception, Murray Brand, Craig Valli, Andrew Woodward
Malware Forensics: Discovery Of The Intent Of Deception, Murray Brand, Craig Valli, Andrew Woodward
Australian Digital Forensics Conference
Malicious software (malware) has a wide variety of analysis avoidance techniques that it can employ to hinder forensic analysis. Although legitimate software can incorporate the same analysis avoidance techniques to provide a measure of protection against reverse engineering and to protect intellectual property, malware invariably makes much greater use of such techniques to make detailed analysis labour intensive and very time consuming. Analysis avoidance techniques are so heavily used by malware that the detection of the use of analysis avoidance techniques could be a very good indicator of the presence of malicious intent. However, there is a tendency for analysis …
Adsl Router Forensics Part 2: Acquiring Evidence, Patryk Szewczyk
Adsl Router Forensics Part 2: Acquiring Evidence, Patryk Szewczyk
Australian Digital Forensics Conference
The demand for high-speed Internet access is escalating high sales of ADSL routers. In-turn this has prompted individuals to attack and exploit the vulnerabilities in these devices. To respond to these threats, methods of acquisition and analysis are needed. The configuration data provides a wealth of information into the current state of the device. Hence, this data may be used to identify and interpret unlawful ways in which the device was used. This paper is centres around an empirical learning approach identifying techniques to address the device’s acquirable limitations taking into consideration that the owner may not willingly present login …
Satellite Navigation Forensics Techniques, Peter Hannay
Satellite Navigation Forensics Techniques, Peter Hannay
Australian Digital Forensics Conference
Satellite navigation systems are becoming increasingly common for automotive use within the civilian population. This increase in use is of interest to forensic investigators as satellite navigation devices have the potential to provide historical location data to investigators. The research in progress investigates the data sources and encoding on a number of common satellite navigation devices. The aim of this research is to develop a framework for the acquisition and analysis of common satellite navigation systems in a way that valid for multiple device
Automatic Detection Of Child Pornography, Glen Thompson
Automatic Detection Of Child Pornography, Glen Thompson
Australian Digital Forensics Conference
Before the introduction of the internet, the availability of child pornography was reported as on the decline (Jenkins 2001). Since its emergence, however, the internet has made child pornography a much more accessible and available means of trafficking across borders (Biegel 2001; Jenkins 2001; Wells, Finkelhor et al. 2007). The internet as it is at present is made up of a vast array of protocols and networks where traffickers can anonymously share large volumes of illegal material amongst each other from locations with relaxed or non-existent laws that prohibit the possession or trafficking of illegal material. Likewise the internet is …
The 2009 Analysis Of Information Remaining On Usb Storage Devices Offered Forsale On The Second Hand Market, Andy Jones, Craig Valli, G. Dabibi
The 2009 Analysis Of Information Remaining On Usb Storage Devices Offered Forsale On The Second Hand Market, Andy Jones, Craig Valli, G. Dabibi
Australian Digital Forensics Conference
The use of the USB storage device, also known as the USB drive, a thumb drive, a keychain drive and a flash drive has, for the most part, replaced the floppy disk and to some extent the Compact Disk (CD), the DVD (Digital Video Disk or Digital Versatile Disk) and the external hard disk. Their robustness, size and weight make them easy to transport, but also to lose or misplace. They are inexpensive and are often given away as promotional items by organisations. Over the last few years there has been a dramatic increase in the storage capacity of these …