Physical Sciences and Mathematics Commons^™

Analysis Of Forensic Artifacts In Database Memory Using Support Vector Machine, Mahfuzul I. Nissan

University of New Orleans Theses and Dissertations

Memory analysis allows forensic investigators to establish a more complete timeline of system activity using a snapshot of main memory (i.e., RAM). Investigators may rely on such analysis to detect malicious activity and understand the scope of what data was exfiltrated. This is of particular interest in the presence of incomplete or untrusted logs, where a privileged user (or an attacker with such capabilities) can altogether bypass or disable logging. In such instances, a forensic investigator can still rely on the fact that data must ultimately be processed in memory, regardless of the information that is recorded in audit logs. …

Understanding Deviance And Victimization In Cyber Space Among Diverse Populations, Insun Park

International Journal of Cybersecurity Intelligence & Cybercrime

Recent years have witnessed a growing academic interest in deviance and victimization in the cyber space. The current issue of the International Journal of Cybersecurity Intelligence and Cybercrime features three empirical research articles on online behavior of traditionally under-researched populations and a review of much waited book on digital forensics and investigation. This paper was prepared to introduce these important scholarly works in the context of newly emerging scholarship that focuses on the experiences of diverse subgroups in cyberspace.

Improving Kernel Artifact Extraction In Linux Memory Samples Using The Slub Allocator, Daniel A. Donze

LSU Master's Theses

Memory forensics allows an investigator to analyze the volatile memory (RAM) of a computer, providing a view into the system state of the machine as it was running. Examples of items found in memory samples that are of interest to investigators are kernel data structures which can represent processes, files, and sockets. The SLUB allocator is the default small-request memory allocator for modern Linux systems. SLUB allocates “slabs”, which are contiguous sections of pre-allocated memory that are used to efficiently service allocation requests. The predecessor to SLUB, the SLAB allocator, tracked every slab it allocated, allowing extraction of allocated slabs …

A Critical Comparison Of Brave Browser And Google Chrome Forensic Artefacts, Stuart Berham, Sarah Morris

Journal of Digital Forensics, Security and Law

Digital forensic practitioners are tasked with the identification, recovery and analysis of Internet browser artefacts which may have been used in the pursuit of committing a civil or criminal offence. This research paper critically compares the most downloaded browser, Google Chrome, against an increasingly popular Chromium browser known as Brave, said to offer privacy-by-default. With increasing forensic caseloads, data complexity, and requirements for method validation to satisfy ISO 17025 accreditation, recognising the similarities and differences between the browsers, developed on the same underlying technology is essential. The paper describes a series of conducted experiments and subsequent analysis to identify artefacts …

Another Brick In The Wall: An Exploratory Analysis Of Digital Forensics Programs In The United States, Syria Mccullough, Stella Abudu, Ebere Onwubuariri, Ibrahim Baggili

Electrical & Computer Engineering and Computer Science Faculty Publications

We present a comprehensive review of digital forensics programs offered by universities across the United States (U.S.). While numerous studies on digital forensics standards and curriculum exist, few, if any, have examined digital forensics courses offered across the nation. Since digital forensics courses vary from university to university, online course catalogs for academic institutions were evaluated to curate a dataset. Universities were selected based on online searches, similar to those that would be made by prospective students. Ninety-seven (n = 97) degree programs in the U.S. were evaluated. Overall, results showed that advanced technical courses are missing from curricula. We …

Convolutional Neural Networks For Deflate Data Encoding Classification Of High Entropy File Fragments, Nehal Ameen

University of New Orleans Theses and Dissertations

Data reconstruction is significantly improved in terms of speed and accuracy by reliable data encoding fragment classification. To date, work on this problem has been successful with file structures of low entropy that contain sparse data, such as large tables or logs. Classifying compressed, encrypted, and random data that exhibit high entropy is an inherently difficult problem that requires more advanced classification approaches. We explore the ability of convolutional neural networks and word embeddings to classify deflate data encoding of high entropy file fragments after establishing ground truth using controlled datasets. Our model is designed to either successfully classify file …

Improving Memory Forensics Through Emulation And Program Analysis, Ryan Dominick Maggio

LSU Doctoral Dissertations

Memory forensics is an important tool in the hands of investigators. However, determining if a computer is infected with malicious software is time consuming, even for experts. Tasks that require manual reverse engineering of code or data structures create a significant bottleneck in the investigative workflow. Through the application of emulation software and symbolic execution, these strains have been greatly lessened, allowing for faster and more thorough investigation. Furthermore, these efforts have reduced the barrier for forensic investigation, so that reasonable conclusions can be drawn even by non-expert investigators. While previously Volatility had allowed for the detection of malicious hooks …

Exploring The Learning Efficacy Of Digital Forensics Concepts And Bagging & Tagging Of Digital Devices In Immersive Virtual Reality, Courtney Hassenfeldt, Jillian Jacques, Ibrahim Baggili

Electrical & Computer Engineering and Computer Science Faculty Publications

This work presents the first account of evaluating learning inside a VR experience created to teach Digital Forensics (DF) concepts, and a hands-on laboratory exercise in Bagging & Tagging a crime scene with digital devices. First, we designed and developed an immersive VR experience which included a lecture and a lab. Next, we tested it with (n = 57) participants in a controlled experiment where they were randomly assigned to a VR group or a physical group. Both groups were subjected to the same lecture and lab, but one was in VR and the other was in the real world. …

What’S In The Cloud? - An Examination Of The Impact Of Cloud Storage Usage On The Browser Cache., Graeme Horsman

Journal of Digital Forensics, Security and Law

Cloud storage is now a well established and popular service adopted by many individuals, often at limited or no cost. It provides users with the ability to store content on a cloud service provider’s infrastructure offering the benefit of redundancy, reliability, security, flexibility of access and the potential assumed liability of the provider for data loss within the contexts of a licensing agreement. Consequently, this form of remote storage provides a regulatory challenge as content which once resided upon a seized digital exhibit, available for scrutiny during a digital forensic investigatory, may no longer be present where attempting to acquire …

Cybersecurity, Digital Forensics, And Mobile Computing: Building The Pipeline Of Next-Generation University Graduates Through Focused High School Summer Camps, Mahmoud K. Quweider, Fitratullah Khan, Liyu Zhang, Lei Xu, Yessica Rodriguez, Yessenia Rodriguez

Computer Science Faculty Publications and Presentations

To prepare the next generation of skilled university graduates that would help in filling the national need for cybersecurity, digital forensics, and mobile computing professionals, a team of minority/under-represented graduate students, the University Upward Bound Program (a federally funded program and part of the U.S. Department of Education; one of 967 programs nationwide) staff, and faculty from the Computer Science (CS) department got together and proposed a focused 10-week long funded summer camp for two local high schools with the following objectives:

1. Provide graduate students to instruct in the areas of` mobile application development, forensics and cyber Security.

2. …

Cybercrime And Digital Forensics: Bridging The Gap In Legislation, Investigation And Prosecution Of Cybercrime In Nigeria, Kabiru H. Mohammed, Yusuf D. Mohammed, Abiodun A. Solanke

International Journal of Cybersecurity Intelligence & Cybercrime

The advancement of Information and Communication Technologies (ICT) opens new avenues and ways for cybercriminals to commit crime. The primary goal of this paper is to raise awareness regarding gaps that exist with regards to Nigeria’s capabilities to adequately legislate, investigate and prosecute cases of cybercrimes. The major source of cybercrime legislation in Nigeria is an act of the National Assembly which is majorly a symbolic legislation rather than a full and active legislation. In perusing these avenues of inquiry, the authors seek to identify systemic impediments which hinder law enforcement agencies, prosecutors, and investigators from properly carrying out their …

Sequence Pattern Mining With Variables, James S. Okolica, Gilbert L. Peterson, Robert F. Mills, Michael R. Grimaila

Faculty Publications

Sequence pattern mining (SPM) seeks to find multiple items that commonly occur together in a specific order. One common assumption is that all of the relevant differences between items are captured through creating distinct items, e.g., if color matters then the same item in two different colors would have two items created, one for each color. In some domains, that is unrealistic. This paper makes two contributions. The first extends SPM algorithms to allow item differentiation through attribute variables for domains with large numbers of items, e.g, by having one item with a variable with a color attribute rather than …

Ontologies And The Semantic Web For Digital Investigation Tool Selection, Hayden Wimmer, Lei Chen, Thomas Narock

Journal of Digital Forensics, Security and Law

The nascent field of digital forensics is heavily influenced by practice. Much digital forensics research involves the use, evaluation, and categorization of the multitude of tools available to researchers and practitioners. As technology evolves at an increasingly rapid pace, the digital forensics field must constantly adapt by creating and evaluating new tools and techniques to perform forensic analysis on many disparate systems such as desktops, notebook computers, mobile devices, cloud, and personal wearable sensor devices, among many others. While researchers have attempted to use ontologies to classify the digital forensics domain on various dimensions, no ontology of digital forensic tools …

Digital Forensics Investigative Framework For Control Rooms In Critical Infrastructure, Brian Cusack, Amr Mahmoud

Australian Digital Forensics Conference

In this paper a cyber-forensic framework with a detailed guideline for protecting control systems is developed to improve the forensic capability for big data in critical infrastructures. The main objective of creating a cyber-forensic plan is to cover the essentials of monitoring, troubleshooting, data reconstruction, recovery, and the safety of classified information. The problem to be addressed in control rooms is the diversity and quantity of data, and for investigators, bringing together the different skill groups for managing data and device diversity. This research embraces establishing of a new digital forensic model for critical infrastructures that supports digital forensic investigators …

Digital Anti-Forensics: An Implementation And Examination, Stephanie Dachs

Student Theses

The rise of computer use and technical adeptness by the general public in the last two decades are undeniable. With greater use comes a greater possibility for misuse, evidenced by today’s incredible number of crimes involving computers as well as the growth in severity from that of cyber hooliganism to cyber warfare. Although frequently utilized for privacy and security purposes, the vast range of anti-forensic techniques has contributed to the ability for hackers and criminals to obstruct computer forensic investigations.

Understanding how anti-forensics may alter important and relevant data on an electronic device will prove useful for the success and …

A Survey Of Social Network Forensics, Umit Karabiyik, Muhammed Abdullah Canbaz, Ahmet Aksoy, Tayfun Tuna, Esra Akbas, Bilal Gonen, Ramazan S. Aygun

Journal of Digital Forensics, Security and Law

Social networks in any form, specifically online social networks (OSNs), are becoming a part of our everyday life in this new millennium especially with the advanced and simple communication technologies through easily accessible devices such as smartphones and tablets. The data generated through the use of these technologies need to be analyzed for forensic purposes when criminal and terrorist activities are involved. In order to deal with the forensic implications of social networks, current research on both digital forensics and social networks need to be incorporated and understood. This will help digital forensics investigators to predict, detect and even prevent …

In-The-Wild Residual Data Research And Privacy, William B. Glisson, Tim Storer, Andrew Blyth, George Grispos, Matt Campbell

Journal of Digital Forensics, Security and Law

As the world becomes increasingly dependent on technology, researchers in both industry and academia endeavor to understand how technology is used, the impact it has on everyday life, the artifact life-cycle and overall integrations of digital information. In doing so, researchers are increasingly gathering 'real-world' or 'in-the-wild' residual data, obtained from a variety of sources, without the explicit consent of the original owners. This data gathering raises significant concerns regarding privacy, ethics and legislation, as well as practical considerations concerning investigator training, data storage, overall security and data disposal. This research surveys recent studies of residual data gathered in-the-wild and …

In The Wild Residual Data Research And Privacy, William Bradley Glisson, Tim Storer, Andrew Blyth, George Grispos, Matt Campbell

Interdisciplinary Informatics Faculty Publications

As the world becomes increasingly dependent on technology, researchers in both industry and academia endeavor to understand how technology is used, the impact it has on everyday life, the artifact life-cycle and overall integrations of digital information. In doing so, researchers are increasingly gathering ‘real- world’ or ‘in-the-wild’ residual data, obtained from a variety of sources, without the explicit consent of the original owners. This data gathering raises significant concerns regarding privacy, ethics and legislation, as well as practical considerations concerning investigator training, data storage, overall security and data disposal. This research surveys recent studies of residual data gathered in-the-wild …

Google Earth Forensics On Ios 10’S Location Service, Brian Cusack, Raymond Lutui

Australian Digital Forensics Conference

The easy access and common usage of GNSS systems has provided a wealth of evidential information that may be accessed by a digital forensic investigator. Google Earth is commonly used on all manner of devices for geolocation services and consequently has a wide range of tools that will relate real time and stored GNSS data to maps. As an aid to investigation Google Earth forensics is available for use. An investigator can use it by downloading geolocation data from devices and placing it on Google Earth maps, place geolocation data on historical archival maps, or by direct usage of the …

Creating Volatility Support For Freebsd, Elyse Bond

University of New Orleans Theses and Dissertations

Digital forensics is the investigation and recovery of data from digital hardware. The field has grown in recent years to include support for operating systems such as Windows, Linux and Mac OS X. However, little to no support has been provided for less well known systems such as the FreeBSD operating system.

The project presented in this paper focuses on creating the foundational support for FreeBSD via Volatility, a leading forensic tool in the digital forensic community. The kernel and source code for FreeBSD were studied to understand how to recover various data from analysis of a given system’s memory …

Computer Forensic Projects For Accountants, Grover S. Kearns

Journal of Digital Forensics, Security and Law

Digital attacks on organizations are becoming more common and more sophisticated. Firms are interested in providing data security and having an effective means to respond to attacks. Accountants possess important investigative and analytical skills that serve to uncover fraud in forensic investigations. Some accounting students take courses in forensic accounting but few colleges offer a course in computer forensics for accountants. Educators wishing to develop such a course may find developing the curriculum daunting. A major element of such a course is the use of forensic software. This paper argues the importance of computer forensics to accounting students and offers …

On The Network Performance Of Digital Evidence Acquisition Of Small Scale Devices Over Public Networks, Irvin Homem, Spyridon Dosis

Journal of Digital Forensics, Security and Law

While cybercrime proliferates – becoming more complex and surreptitious on the Internet – the tools and techniques used in performing digital investigations are still largely lagging behind, effectively slowing down law enforcement agencies at large. Real-time remote acquisition of digital evidence over the Internet is still an elusive ideal in the combat against cybercrime. In this paper we briefly describe the architecture of a comprehensive proactive digital investigation system that is termed as the Live Evidence Information Aggregator (LEIA). This system aims at collecting digital evidence from potentially any device in real time over the Internet. Particular focus is made …

A 3-D Stability Analysis Of Lee Harvey Oswald In The Backyard Photo, Srivamshi Pittala, Emily Whiting, Hany Farid

Journal of Digital Forensics, Security and Law

Fifty years have passed since the assassination of U.S. President Kennedy. Despite the long passage of time, it is still argued that the famous backyard photo of Oswald, holding the same type of rifle used to assassinate the President, is a fake. These claims include, among others, that Oswald’s pose in the photo is physically implausible. We describe a detailed 3-D stability analysis to determine if this claim is warranted.

Exploring The Use Of Plc Debugging Tools For Digital Forensic Investigations On Scada Systems, Tina Wu, Jason R.C. Nurse

Journal of Digital Forensics, Security and Law

The Stuxnet malware attack has provided strong evidence for the development of a forensic capability to aid in thorough post-incident investigations. Current live forensic tools are typically used to acquire and examine memory from computers running either Windows or Unix. This makes them incompatible with embedded devices found on SCADA systems that have their own bespoke operating system. Currently, only a limited number of forensics tools have been developed for SCADA systems, with no development of tools to acquire the program code from PLCs. In this paper, we explore this problem with two main hypotheses in mind. Our first hypothesis …

The Use Of Ontologies In Forensic Analysis Of Smartphone Content, Mohammed Alzaabi, Thomas A. Martin, Kamal Taha, Andy Jones

Journal of Digital Forensics, Security and Law

Digital forensics investigators face a constant challenge in keeping track with evolving technologies such as smartphones. Analyzing the contents of these devices to infer useful information is becoming more time consuming as the volume and complexity of data are increasing. Typically, such analysis is undertaken by a human, which makes it dependent on the experience of the investigator. To overcome such impediments, an automated technique can be utilized in order to aid the investigator to quickly and eciently analyze the data.In this paper, we propose F-DOS; a set of ontologies that models the smartphone content for the purpose of forensic …

The Use Of Ontologies In Forensic Analysis Of Smartphone Content, Mohammed Alzaabi, Thomas Anthony Martin, Kamal Taha, Andy Jones

Research outputs 2014 to 2021

Digital forensics investigators face a constant challenge in keeping track with evolving technologies such as smartphones. Analyzing the contents of these devices to infer useful information is becoming more time consuming as the volume and complexity of data are increasing. Typically, such analysis is undertaken by a human, which makes it dependent on the experience of the investigator. To overcome such impediments, an automated technique can be utilized in order to aid the investigator to quickly and efficiently analyze the data. In this paper, we propose F-DOS; a set of ontologies that models the smartphone content for the purpose of …

Inference-Based Forensics For Extracting Information From Diverse Sources, Robert J. Walls

Doctoral Dissertations

Digital forensics is tasked with the examination and extraction of evidence from a diverse set of devices and information sources. While digital forensics has long been synonymous with file recovery, this label no longer adequately describes the science’s role in modern investigations. Spurred by evolving technologies and online crime, law enforcement is shifting the focus of digital forensics from its traditional role in the final stages of an investigation to assisting investigators in the earliest phases — often before a suspect has been identified and a warrant served. Investigators need new forensic techniques to investigate online crimes, such as child …

Towards An Automated Forensic Examiner (Afe) Based Upon Criminal Profiling & Artificial Intelligence, M Al Fahdi, N L. Clarke, S M. Furnell

Australian Digital Forensics Conference

Digital forensics plays an increasingly important role within society as the approach to the identification of criminal and cybercriminal activities. It is however widely known that a combination of the time taken to undertake a forensic investigation, the volume of data to be analysed and the number of cases to be processed are all significantly increasing resulting in an ever growing backlog of investigations and mounting costs. Automation approaches have already been widely adopted within digital forensic processes to speed up the identification of relevant evidence – hashing for notable files, file signature analysis and data carving to name a …

Automated Timeline Anomaly Detection, Joshua M. Barone

University of New Orleans Theses and Dissertations

Digital forensics is the practice of trained investigators gathering and analyzing evidence from digital devices such as computers and smart phones. On these digital devices, it is possible to change the time on the device for a purpose other than what is intended. Currently there are no documented techniques to determine when this occurs. This research seeks to prove out a technique for determining when the time has been changed on forensic disk image by analyzing the log files found on the image. Out of this research a tool is created to perform this analysis in automated fashion. This tool …

Technology Corner Visualising Forensic Data: Evidence (Part 1), Damian Schofield, Ken Fowle

Journal of Digital Forensics, Security and Law

Visualisation is becoming increasingly important for understanding information, such as investigative data (for example: computing, medical and crime scene evidence) and analysis (for example: network capability assessment, data file reconstruction and planning scenarios). Investigative data visualisation is used to reconstruct a scene or item and is used to assist the viewer (who may well be a member of the general public with little or no understanding of the subject matter) to understand what is being presented. Analysis visualisations, on the other hand, are usually developed to review data, information and assess competing scenario hypotheses for those who usually have an …