Information Security Commons^™

Sim Card Forensics: Digital Evidence, Nada Ibrahim, Nuha Al Naqbi, Farkhund Iqbal, Omar Alfandi

Annual ADFSL Conference on Digital Forensics, Security and Law

With the rapid evolution of the smartphone industry, mobile device forensics has become essential in cybercrime investigation. Currently, evidence forensically-retrieved from a mobile device is in the form of call logs, contacts, and SMSs; a mobile forensic investigator should also be aware of the vast amount of user data and network information that are stored in the mobile SIM card such as ICCID, IMSI, and ADN. The aim of this study is to test various forensic tools to effectively gather critical evidence stored on the SIM card. In the first set of experiments, we compare the selected forensic tools in …

Assessing The Gap: Measure The Impact Of Phishing On An Organization, Brad Wardman

Annual ADFSL Conference on Digital Forensics, Security and Law

Phishing has become one of the most recognized words associated with cybercrime. As more organizations are being targeted by phishing campaigns, there are more options within the industry to deter such attacks. However, there is little research into how much damage these campaigns are causing organizations. This paper will show how financial organizations can be impacted by phishing and present a method for accurately quantifying resultant monetary losses. The methodology presented in this paper can be adapted to other organizations in order to quantify phishing losses across industries.

Keywords: phishing, cybercrime, economics

Wban Security Management In Healthcare Enterprise Environments, Karina Bahena, Manghui Tu

Annual ADFSL Conference on Digital Forensics, Security and Law

As healthcare data are pushed online, consumers have raised big concerns on the breach of their personal information. Law and regulations have placed businesses and public organizations under obligations to take actions to prevent such data breaches. Various vulnerabilities have been identified in healthcare enterprise environments, in which the Wireless Body Area Networks (WBAN) remains to be a major vulnerability, which can be easily taken advantage of by determined adversaries. Thus, vulnerabilities of WBAN systems and the effective countermeasure mechanisms to secure WBAN are urgently needed. In this research, first, the architecture of WBAN system has been explored, and the …

Forensics Analysis Of Privacy Of Portable Web Browsers, Ahmad Ghafarian

Annual ADFSL Conference on Digital Forensics, Security and Law

Web browser vendors offer a portable web browser option which is considered as one of the features that provides user privacy. Portable web browser is a browser that can be launched from a USB flash drive without the need for its installation on the host machine. Most popular web browsers have portable versions of their browsers as well. Portable web browsing poses a great challenge to computer forensic investigators who try to reconstruct the past browsing history, in case of any computer incidence. This research examines various sources in the host machine such as physical memory, temporary, recent, event files, …

Reverse Engineering A Nit That Unmasks Tor Users, Matthew Miller, Joshua Stroschein, Ashley Podhradsky

Annual ADFSL Conference on Digital Forensics, Security and Law

This paper is a case study of a forensic investigation of a Network Investigative Technique (NIT) used by the FBI to deanonymize users of a The Onion Router (Tor) Hidden Service. The forensic investigators were hired by the defense to determine how the NIT worked. The defendant was ac- cused of using a browser to access illegal information. The authors analyzed the source code, binary files and logs that were used by the NIT. The analysis was used to validate that the NIT collected only necessary and legally authorized information. This paper outlines the publicly available case details, how the …

Forensic Analysis Of Smartphone Applications For Privacy Leakage, Diana Hintea, Chrysanthi Taramonli, Robert Bird, Rezhna Yusuf

Annual ADFSL Conference on Digital Forensics, Security and Law

Smartphone and tablets are personal devices that have diffused to near universal ubiquity in recent years. As Smartphone users become more privacy-aware and -conscious, research is needed to understand how “leakage” of private information (personally identifiable information – PII) occurs. This study explores how leakage studies in Droid devices should be adapted to Apple iOS devices. The OWASP Zed Attack Proxy (ZAP) is examined for 50 apps in various categories. This study confirms that: (1) most apps transmit unencrypted sensitive PII, (2) SSL is used by some recipient websites, but without corresponding app compliance with SSL, and (3) most apps …

Malware In The Mobile Device Android Environment, Diana Hintea, Robert Bird, Andrew Walker

Annual ADFSL Conference on Digital Forensics, Security and Law

exploit smartphone operating systems has exponentially expanded. Android has become the main target to exploit due to having the largest install base amongst the smartphone operating systems and owing to the open access nature in which application installations are permitted. Many Android users are unaware of the risks associated with a malware infection and to what level current malware scanners protect them. This paper tests how efficient the currently available malware scanners are. To achieve this, ten representative Android security products were selected and tested against a set of 5,560 known and categorized Android malware samples. The tests were carried …

One-Time Pad Encryption Steganography System, Michael J. Pelosi, Gary Kessler, Michael Scott S. Brown

Annual ADFSL Conference on Digital Forensics, Security and Law

In this paper we introduce and describe a novel approach to adaptive image steganography which is combined with One-Time Pad encryption, and demonstrate the software which implements this methodology. Testing using the state-of-the-art steganalysis software tool StegExpose concludes the image hiding is reliably secure and undetectable using reasonably-sized message payloads (≤25% message bits per image pixel; bpp). Payload image file format outputs from the software include PNG, BMP, JP2, JXR, J2K, TIFF, and WEBP. A variety of file output formats is empirically important as most steganalysis programs will only accept PNG, BMP, and possibly JPG, as the file inputs.

Keywords: …

Inferring Previously Uninstalled Applications From Residual Partial Artifacts, Jim Jones, Tahir Khan, Kathryn Laskey, Alex Nelson, Mary Laamanen, Douglas White

Annual ADFSL Conference on Digital Forensics, Security and Law

In this paper, we present an approach and experimental results to suggest the past presence of an application after the application has been uninstalled and the system has remained in use. Current techniques rely on the recovery of intact artifacts and traces, e.g., whole files, Windows Registry entries, or log file entries, while our approach requires no intact artifact recovery and leverages trace evidence in the form of residual partial files. In the case of recently uninstalled applications or an instrumented infrastructure, artifacts and traces may be intact and complete. In most cases, however, digital artifacts and traces are al- …

Covert6: A Tool To Corroborate The Existence Of Ipv6 Covert Channels, Raymond A. Hansen, Lourdes Gino, Dominic Savio

Annual ADFSL Conference on Digital Forensics, Security and Law

Covert channels are any communication channel that can be exploited to transfer information in a manner that violates the system’s security policy. Research in the field has shown that, like many communication channels, IPv4 and the TCP/IP protocol suite have been susceptible to covert channels, which could be exploited to leak data or be used for anonymous communications. With the introduction of IPv6, researchers are acutely aware that many vulnerabilities of IPv4 have been remediated in IPv6. However, a proof of concept covert channel system was demonstrated in 2006. A decade later, IPv6 and its related protocols have undergone major …

Applying Grounded Theory Methods To Digital Forensics Research, Ahmed Almarzooqi, Andrew Jones, Richard Howley

Annual ADFSL Conference on Digital Forensics, Security and Law

Deciding on a suitable research methodology is challenging for researchers. In this paper, grounded theory is presented as a systematic and comprehensive qualitative methodology in the emergent field of digital forensics research. This paper applies grounded theory in a digital forensics research project undertaken to study how organisations build and manage digital forensics capabilities. This paper gives a step-by-step guideline to explain the procedures and techniques of using grounded theory in digital forensics research. The paper gives a detailed explanation of how the three grounded theory coding methods (open, axial, and selective coding) can be used in digital forensics research. …

Using Computer Behavior Profiles To Differentiate Between Users In A Digital Investigation, Shruti Gupta, Marcus Rogers

Annual ADFSL Conference on Digital Forensics, Security and Law

Most digital crimes involve finding evidence on the computer and then linking it to a suspect using login information, such as a username and a password. However, login information is often shared or compromised. In such a situation, there needs to be a way to identify the user without relying exclusively on login credentials. This paper introduces the concept that users may show behavioral traits which might provide more information about the user on the computer. This hypothesis was tested by conducting an experiment in which subjects were required to perform common tasks on a computer, over multiple sessions. The …

Acceleration Of Statistical Detection Of Zero-Day Malware In The Memory Dump Using Cuda-Enabled Gpu Hardware, Igor Korkin, Iwan Nesterow

Annual ADFSL Conference on Digital Forensics, Security and Law

This paper focuses on the anticipatory enhancement of methods of detecting stealth software. Cyber security detection tools are insufficiently powerful to reveal the most recent cyber-attacks which use malware. In this paper, we will present first an idea of the highest stealth malware, as this is the most complicated scenario for detection because it combines both existing anti-forensic techniques together with their potential improvements. Second, we will present new detection methods which are resilient to this hidden prototype. To help solve this detection challenge, we have analyzed Windows’ memory content using a new method of Shannon Entropy calculation; methods of …

Current Challenges And Future Research Areas For Digital Forensic Investigation, David Lillis, Brett A. Becker, Tadhg O’Sullivan, Mark Scanlon

Annual ADFSL Conference on Digital Forensics, Security and Law

Given the ever-increasing prevalence of technology in modern life, there is a corresponding increase in the likelihood of digital devices being pertinent to a criminal investigation or civil litigation. As a direct consequence, the number of investigations requiring digital forensic expertise is resulting in huge digital evidence backlogs being encountered by law enforcement agencies throughout the world. It can be anticipated that the number of cases requiring digital forensic analysis will greatly increase in the future. It is also likely that each case will require the analysis of an increasing number of devices including computers, smartphones, tablets, cloud-based services, Internet …

Forensic Analysis Of Ares Galaxy Peer-To-Peer Network, Frank Kolenbrander, Nhien-An Le-Khac, Tahar Kechadi

Annual ADFSL Conference on Digital Forensics, Security and Law

Child Abuse Material (CAM) is widely available on P2P networks. Over the last decade several tools were made for 24/7 monitoring of peer-to-peer (P2P) networks to discover suspects that use these networks for downloading and distribution of CAM. For some countries the amount of cases generated by these tools is so great that Law Enforcement (LE) just cannot handle them all. This is not only leading to backlogs and prioritizing of cases but also leading to discussions about the possibility of disrupting these networks and sending warning messages to potential CAM offenders. Recently, investigators are reporting that they are creating …

Keynote Speaker, Chuck Easttom

Annual ADFSL Conference on Digital Forensics, Security and Law

Conference Keynote Speaker, Chuck Easttom

The History Of Chinese Cybersecurity: Current Effects On Chinese Society Economy, And Foreign Relations, Vaughn C. Rogers

Seton Hall University Dissertations and Theses (ETDs)

Chinese cybersecurity has become an infamous topic in the field of cybersecurity today, causing a great deal of controversy. The controversy stems from whether or not censorship is hindering Chinese economy, society, and relationships with other countries. The White Papers (中国政府白皮书), the Constitution of the People’s Republic of China (中华人民共和国宪法), and The Internet in China (中国互联网状况) all suggest that there is a free flow of Internet both within and without China that promotes peaceful socioeconomic development which the Chinese government seeks to promote. But is China sacrificing lucrative business prospects to secure …

Information Technology Proposal For The Town Of Spencer, Vijay Basava, Corey Kenyon, Mahdi Soltani

School of Professional Studies

The Town of Spencer came to us looking for a plan to build and maintain their own personal fiber network for connection between departments and to improve data security for important information. After assessing the existing landscape and determining the various paths forward, we created network diagrams and plans for the movement forward of this project.

After assessing a variety of plans, we found that a full single-mode fiber network would be the best system for the implementation in Spencer. While it was the highest cost, it also scored the highest in our assessment.

Charlton Fire Department Resident Expectations: Survey And Analysis, Natalie Omary, Jingxin Wen, Junchen Chen, Denis Kornev

School of Professional Studies

The Town of Charlton is located in the heart of the Massachusetts with a resident population of just under 14,000 people. The Charlton Fire Department serves the town for needs related to fire fighting, fire prevention, burning permits and inspection services along with emergency medical services. The Department has requested the assistance of the Clark University COPACE Capstone students in creating and conducting survey in order to get a sense of what the resident of the town know about the fire department and to better gauge their expectations about what the department can provide for them. The survey was formulated …

Cybersecurity Awareness Shrewsbury Public Schools, Brittany Crompton, David Thompson, Manuel Reyes, Xueyan Zhao, Xueke Zou

School of Professional Studies

In the 21st Century, technology reaches every aspect of our lives. As “digital citizens” we must be aware of the dangers both to our technological equipment and our personal information stored, transmitted, and processed on this equipment. The Cybersecurity Awareness curriculum developed for the Shrewsbury Public School district is designed to meet this need, as well as foster an interest in technology and ethical computer use.

Analysis Of The Point Of Sales System At Tower Hill Botanical Garden And Suggested Courses Of Action, Brian Dunn, Keerthi Bandi, Chantal Kopwa Epse Kassa, F.N.U Shelly

School of Professional Studies

As Tower Hill Botanic Garden continues to improve on its operations and enhance the experience of its visitors and members, they are on a quest for a new Point-Of-Sale (POS) system that not only works with its existing hardware and interface with Raiser’s Edge, a smartcloud fundraising and relationship management software central to the garden’s operations but also, have a restaurant module and the capability of operating both in a wireless and hard-wired environment.

Alternatives Unlimited Inc. Property Service Application, Jalpa Dave, Pennie Nataliya, Neelakshi Bali

School of Professional Studies

The purpose of this project is to propose Property service application to be enforced for documenting and managing the work orders raised throughout the residencies. The company is looking into an application that would facilitate to track and monitor the maintenance request received in a systematic order and ensuring priority work request is resolved within the set time frame. The project is to enhance the property service's work more efficiently as this will provide a high level of charge for the occupants by providing quicker response to their requests. The Objectives set to achieve for this project are realistic and …

Developing An Online Database Of Experts For The Worcester Regional Chamber Of Commerce, Zikan Chen, Douglas Grey, Pranjal Shah

School of Professional Studies

The Worcester Regional Chamber of Commerce as part of their mission to attract business to the Worcester area, want to create an online searchable database of industry experts made up of faculty members of the Colleges and Universities in the Worcester area. This online database will be placed on the Worcester Regional Chamber of Commerce Higher Education – Business Partnership page on their website. The limitations placed on this request are that the Regional Chamber as of this moment have no monetary or Information Technologies resources to provide for the realization of this request.

The proliferation of as A Service …

Doc Wayne Youth Services, Inc. Capstone Project Youth Employment And Mentoring, Bongani T. Jeranyama, Zhengjun Liu, Sarah Parsons

School of Professional Studies

In Boston, Massachusetts, young adults age 16-19 who have dropped out of high school have a very high unemployment rate of 43.8%. Additionally, in the United States of America the difference between a young adult with a high school diploma as opposed to a young adult without a high school diploma in terms of weekly income is $180 USD; between a young adult with a high school diploma versus a young professional with a bachelor’s degree is $433 USD. These numbers demonstrate the need for services that improve academic achievement, job readiness and preparedness, and youth mentorship for struggling young …

A Nonprofit Model In A For-Profit World: A Closer Look At Sheltered Workshops And Sustainability As An Employee Run Business, Bing Jang, Mitchell Perry, Nikolin Vangjeli, Laura Ducharme

School of Professional Studies

Historically, society has tended to isolate and segregate individuals with intellectual and developmental disabilities. Despite improvements such forms of discrimination continue to be a serious social problem. On October 11, 2011, the Department of Justice began an investigation into several state’s systems of providing vocational services to individuals with intellectual and developmental disabilities. This action came about due to several states being out of compliance around Title II of the Americans with Disabilities Act (ADA). Title II of the ADA prohibits discrimination on the basis of disability for all services, programs and activities provided to the public by state and …

Analyzing Shared Value And Social Business Principles: A Case Study Of Honeydrop Beverages And Seven Hills Foundation, Sarah Dys, Maya Grevatt, Brianna Mirabile

School of Professional Studies

Can the business world come together with the nonprofit world to create systems to lift low income women, children, and families out of poverty? The following report aims to show how the changing principles of business have the potential to serve international populations living on less than $2USD per day. For-profit organizations working with citizen sector organizations instead of giving charity provides a sustainable model to connect profit maximization with social good.

Honeydrop Beverages is a company based out of New York that produces lemonade sweetened with honey. Their products do not contain any refined products, only using fresh and …

A Cyber Forensics Needs Analysis Survey: Revisiting The Domain's Needs A Decade Later, Vikram S. Harichandran, Frank Breitinger, Ibrahim Baggili, Andrew Marrington

Electrical & Computer Engineering and Computer Science Faculty Publications

The number of successful cyber attacks continues to increase, threatening financial and personal security worldwide. Cyber/digital forensics is undergoing a paradigm shift in which evidence is frequently massive in size, demands live acquisition, and may be insufficient to convict a criminal residing in another legal jurisdiction. This paper presents the findings of the first broad needs analysis survey in cyber forensics in nearly a decade, aimed at obtaining an updated consensus of professional attitudes in order to optimize resource allocation and to prioritize problems and possible solutions more efficiently. Results from the 99 respondents gave compelling testimony that the following …

A Method And A Case Study For The Selection Of The Best Available Tool For Mobile Device Forensics Using Decision Analysis, Shahzad Saleem, Oliver Popov, Ibrahim Baggili

Electrical & Computer Engineering and Computer Science Faculty Publications

The omnipresence of mobile devices (or small scale digital devices - SSDD) and more importantly the utility of their associated applications for our daily activities, which range from financial transactions to learning, and from entertainment to distributed social presence, create an abundance of digital evidence for each individual. Some of the evidence may be a result of illegal activities that need to be identified, understood and eventually prevented in the future. There are numerous tools for acquiring and analyzing digital evidence extracted from mobile devices. The diversity of SSDDs, types of evidence generated and the number of tools used to …

Evidential Reasoning For Forensic Readiness, Yi-Ching Liao, Hanno Langweg

Journal of Digital Forensics, Security and Law

To learn from the past, we analyse 1,088 "computer as a target" judgements for evidential reasoning by extracting four case elements: decision, intent, fact, and evidence. Analysing the decision element is essential for studying the scale of sentence severity for cross-jurisdictional comparisons. Examining the intent element can facilitate future risk assessment. Analysing the fact element can enhance an organization's capability of analysing criminal activities for future offender profiling. Examining the evidence used against a defendant from previous judgements can facilitate the preparation of evidence for upcoming legal disclosure. Follow the concepts of argumentation diagrams, we develop an automatic judgement summarizing …

Low Budget Forensic Drive Imaging Using Arm Based Single Board Computers, Eric Olson, Narasimha Shashidhar

Journal of Digital Forensics, Security and Law

Traditional forensic analysis of hard disks and external media typically involves a powered down machine and “dead analysis” of these devices. Forensic acquisition of hard drives and external media has traditionally been by one of several means: standalone forensic duplicator; using a hardware write-blocker or dock attached to a laptop, computer, workstation, etc., forensic operating systems that live boot from a USB, CD/DVD or virtual machines with preinstalled operating systems. Standalone forensics acquisition and imaging devices generally cost thousands of dollars. In this paper, we propose the use of single board computers as forensic imaging devices. Single board computers can …