Open Access. Powered by Scholars. Published by Universities.®
- Discipline
- Keyword
-
- Digital forensics (2)
- Accreditation (1)
- Attacks on files (1)
- Automation (1)
- Bit errors (1)
-
- Block-chain (1)
- Booter operators (1)
- Call Data Records (1)
- Call Detail Records (1)
- Certification (1)
- Charging Data Records (1)
- Chip-off (1)
- Clandestine Organ Transplants (1)
- Credentialing (1)
- Cryptographic hashing (1)
- Curriculum (1)
- Cybercrime (1)
- DLT (1)
- DRDoS (1)
- Dark Web Crawling (1)
- Data Privacy (1)
- Digital Forensic (1)
- Digital Forensics Framework (1)
- Distributed Ledger Technology (1)
- Exclusively opened file. (1)
- Flash memory chip (1)
- Forensic analysis (1)
- Forensics (1)
- Hypervisorbased protection (1)
- Image comparison (1)
Articles 1 - 13 of 13
Full-Text Articles in Information Security
Fast Forensic Triage Using Centralised Thumbnail Caches On Windows Operating Systems, Sean Mckeown, Gordon Russell, Petra Leimich
Fast Forensic Triage Using Centralised Thumbnail Caches On Windows Operating Systems, Sean Mckeown, Gordon Russell, Petra Leimich
Journal of Digital Forensics, Security and Law
A common investigative task is to identify known contraband images on a device, which typically involves calculating cryptographic hashes for all the files on a disk and checking these against a database of known contraband. However, modern drives are now so large that it can take several hours just to read this data from the disk, and can contribute to the large investigative backlogs suffered by many law enforcement bodies. Digital forensic triage techniques may thus be used to prioritise evidence and effect faster investigation turnarounds. This paper proposes a new forensic triage method for investigating disk evidence relating to …
Memoryranger Prevents Highjacking File_Object Structures In Windows Kernel, Igor Korkin
Memoryranger Prevents Highjacking File_Object Structures In Windows Kernel, Igor Korkin
Journal of Digital Forensics, Security and Law
Windows OS kernel memory is one of the main targets of cyber-attacks. By launching such attacks, hackers are succeeding in process privilege escalation and tampering users’ data by accessing kernel-mode memory. This paper considers a new example of such an attack, which results in access to the files opened in an exclusive mode. Windows built-in security features prevent such a legal access, but attackers can circumvent them by patching dynamically allocated objects. The research shows that the newest Windows 10 x64 is vulnerable to this attack. The paper provides an example of using MemoryRanger, a hypervisor- based solution to prevent …
Improved Decay Tolerant Inference Of Previously Uninstalled Computer Applications, Oluwaseun Adegbehingbe, James Jones
Improved Decay Tolerant Inference Of Previously Uninstalled Computer Applications, Oluwaseun Adegbehingbe, James Jones
Journal of Digital Forensics, Security and Law
When an application is uninstalled from a computer system, the application’s deleted file contents are overwritten over time, depending on factors such as operating system, available unallocated disk space, user activity, etc. As this content decays, the ability to infer the application’s prior presence, based on the remaining digital artifacts, becomes more difficult. Prior research inferring previously installed applications by matching sectors from a hard disk of interest to a previously constructed catalog of labeled sector hashes showed promising results. This prior work used a white list approach to identify relevant artifacts, resulting in no irrelevant artifacts but incurring the …
Examining The Correlates Of Failed Drdos Attacks, Thomas Hyslip, Thomas Holt
Examining The Correlates Of Failed Drdos Attacks, Thomas Hyslip, Thomas Holt
Journal of Digital Forensics, Security and Law
Over the last decade, there has been a rise in cybercrime services offered on a feefor- service basis, enabling individuals to direct attacks against various targets. One of the recent services offered involves stresser or booter operators, who offer distributed reflected denial of service (DRDoS) attacks on an hourly or subscription basis. These attacks involve the use of malicious traffic reflected off of webservers to increase the volume of traffic, which is directed toward websites and servers rendering them unusable. Researchers have examined DRDoS attacks using realtime data, though few have considered the experience of their customers and the factors …
Enhancing Forensic-Tool Security With Rust: Development Of A String Extraction Utility, Jens Getreu, Olaf Maennel
Enhancing Forensic-Tool Security With Rust: Development Of A String Extraction Utility, Jens Getreu, Olaf Maennel
Journal of Digital Forensics, Security and Law
The paper evaluates the suitability of the Rust ecosystem for forensic tool development. As a case study, a forensic tool named Stringsext is developed. Starting from analyzing the specefic requirements of forensic software in general and those of the present case study, all stages of the software development life-cycle are executed and evaluated. Stringsext is a re-implementation and enhancement of the GNU-strings tool, a widely used program in forensic investigations. Stringsext recognizes Cyrillic, CJKV East Asian characters and other scripts in all supported multi-byte-encodings while GNU-strings fails in finding these in UTF-16 and other encodings. During the case study it …
Df 2.0: An Automated, Privacy Preserving, And Efficient Digital Forensic Framework That Leverages Machine Learning For Evidence Prediction And Privacy Evaluation, Robin Verma, Jayaprakash Govindaraj Dr, Saheb Chhabra, Gaurav Gupta
Df 2.0: An Automated, Privacy Preserving, And Efficient Digital Forensic Framework That Leverages Machine Learning For Evidence Prediction And Privacy Evaluation, Robin Verma, Jayaprakash Govindaraj Dr, Saheb Chhabra, Gaurav Gupta
Journal of Digital Forensics, Security and Law
The current state of digital forensic investigation is continuously challenged by the rapid technological changes, the increase in the use of digital devices (both the heterogeneity and the count), and the sheer volume of data that these devices could contain. Although data privacy protection is not a performance measure, however, preventing privacy violations during the digital forensic investigation, is also a big challenge. With a perception that the completeness of investigation and the data privacy preservation are incompatible with each other, the researchers have provided solutions to address the above-stated challenges that either focus on the effectiveness of the investigation …
Forensic Cell Site Analysis: Mobile Network Operator Evidence Integrity Maintenance Research, John B. Minor
Forensic Cell Site Analysis: Mobile Network Operator Evidence Integrity Maintenance Research, John B. Minor
Journal of Digital Forensics, Security and Law
Mobile Network Operator (MNO) and Mobile Virtual Network Operator (MVNO) evidence have become an important evidentiary focus in the courtroom. This type of evidence is routinely produced as business records under U.S. Federal Rules of Evidence for use in the emerging discipline of Forensic Cell Site Analysis. The research was undertaken to determine if evidence produced by operators should be classified as digital evidence and, if so, what evidence handling methodologies are appropriate to ensure evidence integrity. This research project resulted in the creation of a method of determining if business records produced by MNO/MVNO organizations are digital evidence and …
A Framework To Reveal Clandestine Organ Trafficking In The Dark Web And Beyond, Michael P. Heinl, Bo Yu, Duminda Wijesekera
A Framework To Reveal Clandestine Organ Trafficking In The Dark Web And Beyond, Michael P. Heinl, Bo Yu, Duminda Wijesekera
Journal of Digital Forensics, Security and Law
Due to the scarcity of transplantable organs, patients have to wait on long lists for many years to get a matching kidney. This scarcity has created an illicit market place for wealthy recipients to avoid long waiting times. Brokers arrange such organ transplants and collect most of the payment that is sometimes channeled to fund other illicit activities. In order to collect and disburse payments, they often resort to money laundering-like schemes of money transfers. As the low-cost Internet arrives in some of the affected countries, social media and the dark web are used to illegally trade human organs. This …
Digital Forensics, A Need For Credentials And Standards, Nima Zahadat
Digital Forensics, A Need For Credentials And Standards, Nima Zahadat
Journal of Digital Forensics, Security and Law
The purpose of the conducted study was to explore the credentialing of digital forensic investigators, drawing from applicable literature. A qualitative, descriptive research design was adopted which entailed searching across Google Scholar and ProQuest databases for peer reviewed articles on the subject matter. The resulting scholarship was vetted for timeliness and relevance prior to identification of key ideas on credentialing. The findings of the study indicated that though credentialing was a major issue in digital forensics with an attentive audience of stakeholders, it had been largely overshadowed by the fundamental curricula problems in the discipline. A large portion of research …
Chip-Off Success Rate Analysis Comparing Temperature And Chip Type, Choli Ence, Joan Runs Through, Gary D. Cantrell
Chip-Off Success Rate Analysis Comparing Temperature And Chip Type, Choli Ence, Joan Runs Through, Gary D. Cantrell
Journal of Digital Forensics, Security and Law
Throughout the digital forensic community, chip-off analysis provides examiners with a technique to obtain a physical acquisition from locked or damaged digital device. Thermal based chip-analysis relies upon the application of heat to remove the flash memory chip from the circuit board. Occasionally, a flash memory chip fails to successfully read despite following similar protocols as other flash memory chips. Previous research found the application of high temperatures increased the number of bit errors present in the flash memory chip. The purpose of this study is to analyze data collected from chip-off analyses to determine if a statistical difference exists …