Open Access. Powered by Scholars. Published by Universities.®
Physical Sciences and Mathematics Commons™
Open Access. Powered by Scholars. Published by Universities.®
Articles 1 - 29 of 29
Full-Text Articles in Physical Sciences and Mathematics
Image Similarity Using Dynamic Time Warping Of Fractal Features, Ahmed Ibrahim, Craig Valli
Image Similarity Using Dynamic Time Warping Of Fractal Features, Ahmed Ibrahim, Craig Valli
Australian Digital Forensics Conference
Hashing algorithms such as MD/SHA variants have been used for years by forensic investigators to look for known artefacts of interest such as malicious files. However, such hashing algorithms are not effective when their hashes change with the slightest alteration in the file. Fuzzy hashing overcame this limitation to a certain extent by providing a close enough measure for slight modifications. As such, image forensics is an essential part of any digital crime investigation, especially in cases involving child pornography. Unfortunately such hashing algorithms can be thwarted easily by operations as simple as saving the original file in a different …
Analysis Into Developing Accurate And Efficient Intrusion Detection Approaches, Priya Rabadia, Craig Valli
Analysis Into Developing Accurate And Efficient Intrusion Detection Approaches, Priya Rabadia, Craig Valli
Australian Digital Forensics Conference
Cyber-security has become more prevalent as more organisations are relying on cyber-enabled infrastructures to conduct their daily actives. Subsequently cybercrime and cyber-attacks are increasing. An Intrusion Detection System (IDS) is a cyber-security tool that is used to mitigate cyber-attacks. An IDS is a system deployed to monitor network traffic and trigger an alert when unauthorised activity has been detected. It is important for IDSs to accurately identify cyber-attacks against assets on cyber-enabled infrastructures, while also being efficient at processing current and predicted network traffic flows. The purpose of the paper is to outline the importance of developing an accurate and …
Suitability Of Lacunarity Measure For Blind Steganalysis, Ahmed Ibrahim
Suitability Of Lacunarity Measure For Blind Steganalysis, Ahmed Ibrahim
Australian Digital Forensics Conference
Blind steganalysis performance is influenced by several factors including the features used for classification. This paper investigates the suitability of using lacunarity measure as a potential feature vectorfor blind steganalysis. Differential Box Counting (DBC) based lacunarity measure has been employed using the traditional sequential grid (SG) and a new radial strip (RS) approach. The performance of the multi-class SVM based classifier was unfortunately not what was expected. However, the findings show that both the SG and RS lacunarity produce enough discriminating features that warrant further research.
Finding Evidence Of Wordlists Being Deployed Against Ssh Honeypots – Implications And Impacts, Priya Rabadia, Craig Valli
Finding Evidence Of Wordlists Being Deployed Against Ssh Honeypots – Implications And Impacts, Priya Rabadia, Craig Valli
Australian Digital Forensics Conference
This paper is an investigation focusing on activities detected by three SSH honeypots that utilise Kippo honeypot software. The honeypots were located on the same /24 IPv4 network and configured as identically as possible. The honeypots used the same base software and hardware configurations. The data from the honeypots were collected during the period 17th July 2012 and 26th November 2013, a total of 497 active day periods. The analysis in this paper focuses on the techniques used to attempt to gain access to these systems by attacking entities. Although all three honeypots are have the same configuration settings and …
Volatile Memory Acquisition Tools – A Comparison Across Taint And Correctness, William Campbell
Volatile Memory Acquisition Tools – A Comparison Across Taint And Correctness, William Campbell
Australian Digital Forensics Conference
The growth in volatile memory forensics has steadily increased in recent times. With this growth comes a need to test the tools associated with this practise. Although there appears to be a large amount of effort in testing static memory capture tools, there is perhaps less so for volatile memory capture. This paper describes the attempts at categorizing criteria for testing, and then introduces and extends upon a methodology proposed by Lempereur and colleagues in 2012. Four tools (Windows Memory Reader, WinPmem, FTK Imager and DumpIt) are tested against two criteria (impact and completeness). WMR and DumpIt were found to …
Security Of Internet Protocol Cameras – A Case Example, William Campbell
Security Of Internet Protocol Cameras – A Case Example, William Campbell
Australian Digital Forensics Conference
The interaction of consumer devices and the internet, especially in relation to security, has always been tenuous. Where it is in the best interests of companies to produce products that are cheap and accessible, these traits often go against that of security. This investigation undertakes an analysis of one such device – the DCS 930L internet protocol camera from D Link. This camera is analysed for vulnerabilities, with an emphasis on those relating to authentication mechanisms. Several vulnerabilities are identified, and potential attacks based on these are discussed. Solutions or mitigations to these vulnerabilities are presented.
Forensic Memory Dump Analysis And Recovery Of The Artefacts Of Using Tor Bundle Browser – The Need, Divya Dayalamurthy
Forensic Memory Dump Analysis And Recovery Of The Artefacts Of Using Tor Bundle Browser – The Need, Divya Dayalamurthy
Australian Digital Forensics Conference
The Onion Routing (TOR) project is a network of virtual tunnels that facilitates secure, private communications on the internet. A recent article published in “The Registry” claims that TOR bundle browser usage has increased in recent years; statistics show that in January 2012, there were approximately 950,000 users globally and now in August 2013 that figure is estimated to have reached 1,200,000 users. The report also illustrates that The United states of America and the United Kingdom are major contributors towards the massive increase in TOR usage. Similarly, other countries like India and Brazil have increased usage to 32,000 and …
Sellers Continue To Give Away Confidential Information On Second Hand Memory Cards Sold In Australia, Patryk Szewczyk, Nikki Robins, Krishnun Sansurooah
Sellers Continue To Give Away Confidential Information On Second Hand Memory Cards Sold In Australia, Patryk Szewczyk, Nikki Robins, Krishnun Sansurooah
Australian Digital Forensics Conference
Second hand storage devices can be treasure troves of confidential data. This study investigated the remnant data on second hand memory cards that were purchased through Australian second hand auction websites throughout 2013. Memory cards continue to increase in capacity and are used in both smart phones and tablet computers as persistent storage. During this study a total of 140 second hand memory cards were purchased throughout 2013. Each memory card had its data recovered and subsequently analysed. The results show that sellers are sending memory cards with no evidence of erasure; poor attempts to erase data; or simply asking …
Remote Access Forensics For Vnc And Rdp On Windows Platform, Paresh Kerai
Remote Access Forensics For Vnc And Rdp On Windows Platform, Paresh Kerai
Australian Digital Forensics Conference
There has been a greater implementation of remote access technologies in recent years. Many organisations are adapting remote technologies such as Virtual Network Computing (VNC) and remote desktop (RDP) applications as customer support application. They use these applications to remotely configure computers and solve computer and network issues of the client on spot. Therefore, the system administrator or the desktop technician does not have to sit on the client computer physically to solve a computer issue. This increase in adaptation of remote applications is of interest to forensic investigators; this is because illegal activities can be performed over the connection. …
Secure State Deletion: Testing The Efficacy And Integrity Of Secure Deletion Tools Onsolid State Drives, Michael Freeman, Andrew Woodward
Secure State Deletion: Testing The Efficacy And Integrity Of Secure Deletion Tools Onsolid State Drives, Michael Freeman, Andrew Woodward
Australian Digital Forensics Conference
The research aimed to determine the efficacy and integrity of several hard-drive disk deletion tools on solid state drives (SSDs). SSDs contain new technologies such as wear-levelling and device under provisioning to provide efficient functionality and speed for data management, but the same technologies may also provide obstacles to ensuring that all information is fully removed from the drive. Furthermore SSDs stores files in 4KB pages, yet data can only be deleted in 512KB blocks. This function uses the disk controller to remove all the pages from the block a file is being deleted from, storing the pages in a …
Digital Forensics And The Legal System: A Dilemma Of Our Times, James Tetteh Ami-Narh, Patricia A.H. Williams
Digital Forensics And The Legal System: A Dilemma Of Our Times, James Tetteh Ami-Narh, Patricia A.H. Williams
Australian Digital Forensics Conference
Computers have become an important part of our lives and are becoming fundamental to activities in the home and workplace. Individuals use computer technology to send emails, access banking information, pay taxes, purchase products, surf the internet and so on. Business also use computers and the Internet to perform accounting tasks, manage customer information, store trade secrets, and develop new products and services. State, Federal and Local government agencies use the computer and Internet to create and access information. Similarly, digital systems have become the mainstay of criminal activity. Legal proceedings have always been influenced by tradition and court decisions. …
Preventing The Acquisition Of Data From Virtual Machine Based Secure Portableexecution Environments, Peter James
Preventing The Acquisition Of Data From Virtual Machine Based Secure Portableexecution Environments, Peter James
Australian Digital Forensics Conference
A Virtual Machine (VM) based secure Portable Execution Environment (PEE) provides a safe and secure environment that can be loaded into a host PC and an application executed with a degree of confidence that the application is separated, protected and little or no forensic evidence remains after the application has executed. A VM based secure PEE is characterised as a USB storage device containing a VM with a trusted guest operating system and application(s) which is stored in a protected partition, strong authentication to only allow an authorised user to load the VM into the host PC, and full storage …
Data Recovery From Palmmsgv001, Satheesaan Pasupatheeswaran
Data Recovery From Palmmsgv001, Satheesaan Pasupatheeswaran
Australian Digital Forensics Conference
Both SMS and MMS data analysis is an important factor in mobile forensic analysis. Author did not find any mobile forensic tool that is capable of extracting short messages (SMS) and multimedia messages (MMS) from Palm Treo 750. SMS file of Palm Treo 750 is called PalmMgeV001 and it is a proprietary file system. A research work done to find a method to recover SMS data from PalmMsgV001 file. This paper is going to describe the research work and its findings. This paper also discusses a methodology that will help recover SMS data from PalmMsgV001. The PalmMsgV001 file is analysed …
Virtual Environments Support Insider Security Violations, Iain Swanson, Patricia A.H. Williams
Virtual Environments Support Insider Security Violations, Iain Swanson, Patricia A.H. Williams
Australian Digital Forensics Conference
This paper describes an investigation into how an employee using a virtual environment can circumvent any or all of the security, policies and procedures within an organization. The paper discusses the fundamental issues that organizations must address to be able to detect such an attack. Attacks of this nature may be malicious with intent to cause disruption by flooding the network or disabling specific equipment, or non-malicious by quietly gathering critical information such as user names and passwords or a colleague’s internet banking details. Identification of potential residual evidence following an attack is presented. Such evidence may be used to …
Malware, Viruses And Log Visualisation, Iain Swanson
Malware, Viruses And Log Visualisation, Iain Swanson
Australian Digital Forensics Conference
This paper will look at the current state of visualization in relation to mainly malware collector logs, network logs and the possibility of visualizing their payloads. We will show that this type of visualization of activity on the network can help us in the forensic investigation of the traffic, which may contain unwanted pieces of cod, and may identify any patterns within the traffic or payloads that might help us determine the nature of the traffic visually. We will further speculate on a framework that could be built which would be able to finger print any type of malware, based …
An Overview And Examination Of Digital Pda Devices Under Forensics Toolkits, Krishnun Sansurooah
An Overview And Examination Of Digital Pda Devices Under Forensics Toolkits, Krishnun Sansurooah
Australian Digital Forensics Conference
Personal Digital Assistants most commonly known as PDAs are becoming more and more fashionable and affordable in the working environment. With the advent and rapidly increasing technology these handled devices are now targeted by a lot of person with criminal intentions. But unfortunately crime does not choose its technology and nowadays those ultra light handhelds are getting more and more involved in crimes. This therefore become an onerous task for the forensics examiners who needs the proper forensics tools to investigate the information held on these devices. The purpose of this report will browse the current forensics toolkits available and …
Forensic Analysis Avoidance Techniques Of Malware, Murray Brand
Forensic Analysis Avoidance Techniques Of Malware, Murray Brand
Australian Digital Forensics Conference
Anti-forensic techniques are increasingly being used by malware writers to avoid detection and analysis of their malicious code. Penalties for writing malware could include termination of employment, fines or even, imprisonment. Malware writers are motivated not to get caught and are actively using subversive techniques to avoid forensic analysis. Techniques employed include obfuscation, anti-disassembly, encrypted and compressed data, data destruction and anti-debugging. Automated detection and classification work is progressing in this field. This includes analysing statistical structures such as assembly instructions, system calls, system dependence graphs and classification through machine learning.
A Proof-Of-Concept Project For Utilizing U3 Technology In Incident Response, Marwan Al-Zarouni, Haitham Al-Hajri
A Proof-Of-Concept Project For Utilizing U3 Technology In Incident Response, Marwan Al-Zarouni, Haitham Al-Hajri
Australian Digital Forensics Conference
This paper discusses the importance of live forensics and the use of an automated USB based smart data gathering technology to be used in incident response. The paper introduces the technology and its application in incidence response as well as highlight how it works. It also explains the tools that it uses to gather the live data from target systems. The paper also highlights some of the advantages and disadvantages of the technology as will as its limitations. The paper concludes with mentioning the importance of testing the tool and ways it can be developed and taken further.
A Forensically Tested Tool For Identification Of Notebook Computers To Aid Recovery: Liars Phase I Proof Of Concept, Peter Hannay, Andrew Woodward, Nic Cope
A Forensically Tested Tool For Identification Of Notebook Computers To Aid Recovery: Liars Phase I Proof Of Concept, Peter Hannay, Andrew Woodward, Nic Cope
Australian Digital Forensics Conference
The LIARS tool was designed to enable identification, and potentially the return, to the rightful owner of stolen laptop or notebook computers. Many laptops are discovered by Police, but time constraints prevent recovered devices from being identified. This project has produced a proof of concept tool which can be used by virtually any police officer, or other investigator, which does not alter the hard drive in any fashion. The tool uses a modified version of the chntpw software, and is based on a forensically tested live Linux CD. The tool examines registry hives for known location of keys which may …
An Approach In Identifying And Tracing Back Spoofed Ip Packets To Their Sources, Krishnun Sansurooah
An Approach In Identifying And Tracing Back Spoofed Ip Packets To Their Sources, Krishnun Sansurooah
Australian Digital Forensics Conference
With internet expanding in every aspect of businesses infrastructure, it becomes more and more important to make these businesses infrastructures safe and secure to the numerous attacks perpetrated on them conspicuously when it comes to denial of service (DoS) attacks. A Dos attack can be summarized as an effort carried out by either a person or a group of individual to suppress a particular outline service. This can hence be achieved by using and manipulating packets which are sent out using the IP protocol included into the IP address of the sending party. However, one of the major drawbacks is …
Mood 300 Iptv Decoder Forensics, An Hilven
Mood 300 Iptv Decoder Forensics, An Hilven
Australian Digital Forensics Conference
Since June 2005, viewers in Belgium can get access digital TV or IPTV available via ADSL through Belgacom, the largest telecommunications provider in the country. The decoders used to enjoy these services are the Mood 300 series from Tilgin (formerly i3 Micro Technology). As of the Mood 337, the decoders contain a hard disk to enable the viewer to record and pause TV programs. Although it is publicly known that the Mood’s hard disk is used to save recorded and paused TV programs, it was still unknown if it contains any data that could be of interest during a forensic …
Tracing Usb Device Artefacts On Windows Xp Operating System For Forensic Purpose, Victor Chileshe Luo
Tracing Usb Device Artefacts On Windows Xp Operating System For Forensic Purpose, Victor Chileshe Luo
Australian Digital Forensics Conference
On Windows systems several identifiers are created when a USB device is plugged into a universal serial bus. Some of these artefacts or identifiers are unique to the device and consistent across different Windows platforms as well as other operating systems such as Linux. Another key factor that makes these identifiers forensically important is the fact that they are traceable even after the system has been shut down. Hence they can be used in forensic investigations to identify specific devices that have been connected to the system in question
Introduction To Mobile Phone Flasher Devices And Considerations For Their Use In Mobile Phone Forensics, Marwan Al-Zarouni
Introduction To Mobile Phone Flasher Devices And Considerations For Their Use In Mobile Phone Forensics, Marwan Al-Zarouni
Australian Digital Forensics Conference
The paper gives an overview of mobile phone flasher devices and their use for servicing mobile phones, their illegitimate uses and their use in mobile phone forensics. It discusses the different varieties of flasher devices and the differences between them. It also discusses the shortcomings of conventional mobile forensics software and highlights the need for the use of flasher devices in mobile forensics to compensate for the shortcomings. The paper then discusses the issues with the use of flasher devices in mobile forensics and precautions and considerations of their use. The paper goes further to suggest means of testing the …
The Effectiveness Of Investigative Tools For Secure Digital (Sd) Memory Card Forensics, Haitham Al-Hajri, Patricia Williams
The Effectiveness Of Investigative Tools For Secure Digital (Sd) Memory Card Forensics, Haitham Al-Hajri, Patricia Williams
Australian Digital Forensics Conference
There are many freeware based tools that can be downloaded from the World Wide Web. This paper reports the retrieval results of using these tools on digital images which have been deleted from Secure Digital (SD) cards. Since SD cards and USB flash drives are considered solid state technology, the tools selected are specifically for solid state drives. This research helps classify the selection of the most effective freeware tools that could be used to recover lost or deleted images. Further, it includes some of the issues that would face forensic examiners undertaking such investigations. The tools were tested using …
Honeypots: How Do You Know When You Are Inside One?, Simon Innes, Craig Valli
Honeypots: How Do You Know When You Are Inside One?, Simon Innes, Craig Valli
Australian Digital Forensics Conference
This paper will discuss honeypots and their use and effectiveness as a security measure in an IT environment. It will specifically discuss various methods of honeypot implementations. Furthermore, this paper will look into the weaknesses within a honeypot system. This will include attacks against honeypots and methods a hacker may use to detect the presence of a honeypot or the fact that he/she is actually inside one. Finally this paper will discuss methods of further securing honeypots and ways the community is dealing with security flaws as they are identified
Structural Analysis Of The Log Files Of The Icq Client Version 2003b, Kim Morfitt
Structural Analysis Of The Log Files Of The Icq Client Version 2003b, Kim Morfitt
Australian Digital Forensics Conference
Instant messenger programs can generate log files of user interactions which are of interest to forensic investigators. Some of the log files are in formats that are difficult for investigators to extract useful and accurate information from. The official ICQ client is one such program. Users log files are stored in a binary format that is difficult to understand and often changes with different client versions. Previous research has been performed that documents the format of the log files, however this research only covers earlier versions of the client. This paper explores the 2003b version of the ICQ client. It …
Taxonomy Of Computer Forensics Methodologies And Procedures For Digital Evidence Seizure, Krishnun Sansurooah
Taxonomy Of Computer Forensics Methodologies And Procedures For Digital Evidence Seizure, Krishnun Sansurooah
Australian Digital Forensics Conference
The increase risk and incidence of computer misuse has raised awareness in public and private sectors of the need to develop defensive and offensives responses. Such increase in incidence of criminal, illegal and inappropriate computer behavior has resulted in organizations forming specialist teams to investigate these behaviors. There is now widespread recognition of the importance of specialised forensic computing investigation teams that are able to operate. Forensics analysis is the process of accurately documenting and interpreting information more precisely digital evidence for the presentation to an authoritative group and in most cases that group would be a court of law. …
Enterprise Computer Forensics: A Defensive And Offensive Strategy To Fight Computer Crime, Fahmid Imtiaz
Enterprise Computer Forensics: A Defensive And Offensive Strategy To Fight Computer Crime, Fahmid Imtiaz
Australian Digital Forensics Conference
As days pass and the cyber space grows, so does the number of computer crimes. The need for enterprise computer forensic capability is going to become a vital decision for the CEO’s of large or even medium sized corporations for information security and integrity over the next couple of years. Now days, most of the companies don’t have in house computer/digital forensic team to handle a specific incident or a corporate misconduct, but having digital forensic capability is very important and forensic auditing is very crucial even for small to medium sized organizations. Most of the corporations and organizations are …
Mobile Handset Forensic Evidence: A Challenge For Law Enforcement, Marwan Al-Zarouni
Mobile Handset Forensic Evidence: A Challenge For Law Enforcement, Marwan Al-Zarouni
Australian Digital Forensics Conference
Mobile phone proliferation in our societies is on the increase. Advances in semiconductor technologies related to mobile phones and the increase of computing power of mobile phones led to an increase of functionality of mobile phones while keeping the size of such devices small enough to fit in a pocket. This led mobile phones to become portable data carriers. This in turn increased the potential for data stored on mobile phone handsets to be used as evidence in civil or criminal cases. This paper examines the nature of some of the newer pieces of information that can become potential evidence …