Information Security Commons^™

Using A Virtual Computing Laboratory To Foster Collaborative Learning For Information Security And Information Technology Education, Abdullah Konak, Michael R. Bartolacci

Journal of Cybersecurity Education, Research and Practice

Virtual computer laboratories have been an excellent technological solution to the problem of providing students with hands-on experimentation in information technology fields such as information security in a cost effective and secure manner. A virtual computer laboratory was utilized in this work as a collaborative environment for student learning with the goal of measuring its effect on student learning and attitudes toward laboratory assignments. Experiments were carried out utilizing specially-designed computer-based laboratory activities that included student assessments and surveys upon their completion. The experiments involved both small groups and individual students completing their respective laboratory activities and subsequent assessments/surveys. …

Secure Software Engineering Education: Knowledge Area, Curriculum And Resources, Xiaohong Yuan, Li Yang, Bilan Jones, Huiming Yu, Bei-Tseng Chu

Journal of Cybersecurity Education, Research and Practice

This paper reviews current efforts and resources in secure software engineering education, with the goal of providing guidance for educators to make use of these resources in developing secure software engineering curriculum. These resources include Common Body of Knowledge, reference curriculum, sample curriculum materials, hands-on exercises, and resources developed by industry and open source community. The relationship among the Common Body of Knowledge proposed by the Department of Homeland Security, the Software Engineering Institute at Carnegie Mellon University, and ACM/IEEE are discussed. The recent practices on secure software engineering education, including secure software engineering related programs, courses, and course modules …

A Framework To Manage Sensitive Information During Its Migration Between Software Platforms, Olusegun Ademolu Ajigini, John Andrew Van Der Poll, Jan H. Kroeze Phd

The African Journal of Information Systems

Software migrations are mostly performed by organisations using migration teams. Such migration teams need to be aware of how sensitive information ought to be handled and protected during the implementation of the migration projects. There is a need to ensure that sensitive information is identified, classified and protected during the migration process.

This paper suggests how sensitive information in organisations can be handled and protected during migrations, by using the migration from proprietary software to open source software to develop a management framework that can be used to manage such a migration process. The research employed a sequential explanatory mixed …

Masthead

Journal of Digital Forensics, Security and Law

No abstract provided.

Front Matter

Journal of Digital Forensics, Security and Law

No abstract provided.

Back Matter

Journal of Digital Forensics, Security and Law

No abstract provided.

The Implications Of Rfid Technology In University Id Cards, Michael Beaver

Missouri S&T’s Peer to Peer

Radio frequency identification (RFID) chips have been rising in popularity because of their usefulness and convenience, and have now made their way into the ID cards of universities. An RFID chip is an identification device that, when powered by some nearby source, sends out a signal with information that was stored in the chip. RFID physical security systems work just like a lock and key, with the RFID chip acting as the key. Instead of having a unique pattern, RFID chips have an identification code that is read by the lock. Some RFID chips also hide this code behind a …

The Hacker Syndrome: Review, Martin Johnson

RadioDoc Review

The Hacker Syndrome tells the story of Stephan Ubach, a man who is slowly revealed as an activist and a hero to those involved in the Arab Spring. A man who, as the story unfolds, forgets his own needs - and breaks down. This is also a story of distance - physical and mental. A story of the importance that information plays in people’s lives and how some people are willing to risk their lives for the world to know what is going on. Radio documentaries and features usually require an emotional attachment to the character, while computers, and often …

In-The-Wild Residual Data Research And Privacy, William B. Glisson, Tim Storer, Andrew Blyth, George Grispos, Matt Campbell

Journal of Digital Forensics, Security and Law

As the world becomes increasingly dependent on technology, researchers in both industry and academia endeavor to understand how technology is used, the impact it has on everyday life, the artifact life-cycle and overall integrations of digital information. In doing so, researchers are increasingly gathering 'real-world' or 'in-the-wild' residual data, obtained from a variety of sources, without the explicit consent of the original owners. This data gathering raises significant concerns regarding privacy, ethics and legislation, as well as practical considerations concerning investigator training, data storage, overall security and data disposal. This research surveys recent studies of residual data gathered in-the-wild and …

Security Analysis Of Mvhash-B Similarity Hashing, Donghoon Chang, Somitra Sanadhya, Monika Singh

Journal of Digital Forensics, Security and Law

In the era of big data, the volume of digital data is increasing rapidly, causing new challenges for investigators to examine the same in a reasonable amount of time. A major requirement of modern forensic investigation is the ability to perform automatic filtering of correlated data, and thereby reducing and focusing the manual effort of the investigator. Approximate matching is a technique to find “closeness” between two digital artifacts. mvHash-B is a well-known approximate matching scheme used for finding similarity between two digital objects and produces a ‘score of similarity’ on a scale of 0 to 100. However, no security …

Evidential Reasoning For Forensic Readiness, Yi-Ching Liao, Hanno Langweg

Journal of Digital Forensics, Security and Law

To learn from the past, we analyse 1,088 "computer as a target" judgements for evidential reasoning by extracting four case elements: decision, intent, fact, and evidence. Analysing the decision element is essential for studying the scale of sentence severity for cross-jurisdictional comparisons. Examining the intent element can facilitate future risk assessment. Analysing the fact element can enhance an organization's capability of analysing criminal activities for future offender profiling. Examining the evidence used against a defendant from previous judgements can facilitate the preparation of evidence for upcoming legal disclosure. Follow the concepts of argumentation diagrams, we develop an automatic judgement summarizing …

Low Budget Forensic Drive Imaging Using Arm Based Single Board Computers, Eric Olson, Narasimha Shashidhar

Journal of Digital Forensics, Security and Law

Traditional forensic analysis of hard disks and external media typically involves a powered down machine and “dead analysis” of these devices. Forensic acquisition of hard drives and external media has traditionally been by one of several means: standalone forensic duplicator; using a hardware write-blocker or dock attached to a laptop, computer, workstation, etc., forensic operating systems that live boot from a USB, CD/DVD or virtual machines with preinstalled operating systems. Standalone forensics acquisition and imaging devices generally cost thousands of dollars. In this paper, we propose the use of single board computers as forensic imaging devices. Single board computers can …

Digital Forensics In Law Enforcement: A Needs Based Analysis Of Indiana Agencies, Teri A. Cummins Flory

Journal of Digital Forensics, Security and Law

Cyber crime is a growing problem, with the impact to society increasing exponentially, but the ability of local law enforcement agencies to investigate and successfully prosecute criminals for these crimes is unclear. Many national needs assessments have previously been conducted, and all indicated that state and local law enforcement did not have the training, tools, or staff to effectively conduct digital investigations, but very few have been completed recently. This study provided a current and localized assessment of the ability of Indiana law enforcement agencies to effectively investigate crimes involving digital evidence, the availability of training for both law enforcement …

Table Of Contents

Journal of Digital Forensics, Security and Law

No abstract provided.

Exploring Deviant Hacker Networks (Dhm) On Social Media Platforms, Samer Al-Khateeb, Kevin J. Conlan, Nitin Agarwal, Ibrahim Baggili, Frank Breitinger

Journal of Digital Forensics, Security and Law

Online Social Networks (OSNs) have grown exponentially over the past decade. The initial use of social media for benign purposes (e.g., to socialize with friends, browse pictures and photographs, and communicate with family members overseas) has now transitioned to include malicious activities (e.g., cybercrime, cyberterrorism, and cyberwarfare). These nefarious uses of OSNs poses a significant threat to society, and thus requires research attention. In this exploratory work, we study activities of one deviant groups: hacker groups on social media, which we term Deviant Hacker Networks (DHN). We investigated the connection between different DHNs on Twitter: how they are connected, identified …

Log Analysis Using Temporal Logic And Reconstruction Approach: Web Server Case, Murat Gunestas, Zeki Bilgin

Journal of Digital Forensics, Security and Law

We present a post-mortem log analysis method based on Temporal Logic (TL), Event Processing Language (EPL), and reconstruction approach. After showing that the proposed method could be adapted to any misuse event or attack, we specifically investigate the case of web server misuses. To this end, we examine 5 different misuses on Wordpress web servers, and generate corresponding log files of these attacks for forensic analysis. Then we establish attack patterns and formalize them by means of a special case of temporal logic, i.e. many sorted first order metric temporal logic (MSFOMTL). Later on, we implement these attack patterns in …

Bytewise Approximate Matching: The Good, The Bad, And The Unknown, Vikram S. Harichandran, Frank Breitinger, Ibrahim Baggili

Journal of Digital Forensics, Security and Law

Hash functions are established and well-known in digital forensics, where they are commonly used for proving integrity and file identification (i.e., hash all files on a seized device and compare the fingerprints against a reference database). However, with respect to the latter operation, an active adversary can easily overcome this approach because traditional hashes are designed to be sensitive to altering an input; output will significantly change if a single bit is flipped. Therefore, researchers developed approximate matching, which is a rather new, less prominent area but was conceived as a more robust counterpart to traditional hashing. Since the conception …

On Efficiency Of Distributed Password Recovery, Radek Hranický, Martin Holkovič, Petr Matoušek

Journal of Digital Forensics, Security and Law

One of the major challenges in digital forensics today is data encryption. Due to the leaked information about unlawful sniffing, many users decided to protect their data by encryption. In case of criminal activities, forensic experts are challenged how to decipher suspect's data that are subject to investigation. A common method how to overcome password-based protection is a brute force password recovery using GPU-accelerated hardware. This approach seems to be expensive. This paper presents an alternative approach using task distribution based on BOINC platform. The cost, time and energy efficiency of this approach is discussed and compared to the GPU-based …

Towards Syntactic Approximate Matching - A Pre-Processing Experiment, Doowon Jeong, Frank Breitinger, Hari Kang, Sangjin Lee

Journal of Digital Forensics, Security and Law

Over the past few years the popularity of approximate matching algorithms (a.k.a. fuzzy hashing) has increased. Especially within the area of bytewise approximate matching, several algorithms were published, tested and improved. It has been shown that these algorithms are powerful, however they are sometimes too precise for real world investigations. That is, even very small commonalities (e.g., in the header of a le) can cause a match. While this is a desired property, it may also lead to unwanted results. In this paper we show that by using simple pre-processing, we signicantly can in uence the outcome. Although our test …

Electronic Voting Service Using Block-Chain, Kibin Lee, Joshua I. James, Tekachew G. Ejeta, Hyoung J. Kim

Journal of Digital Forensics, Security and Law

Cryptocurrency, and its underlying technologies, has been gaining popularity for transaction management beyond financial transactions. Transaction information is maintained in the block-chain, which can be used to audit the integrity of the transaction. The focus on this paper is the potential availability of block-chain technology of other transactional uses. Block-chain is one of the most stable open ledgers that preserves transaction information, and is difficult to forge. Since the information stored in block-chain is not related to personally identify information, it has the characteristics of anonymity. Also, the block-chain allows for transparent transaction verification since all information in the block-chain …

Countering Noise-Based Splicing Detection Using Noise Density Transfer, Thibault Julliand, Vincent Nozick, Hugues Talbot

Journal of Digital Forensics, Security and Law

Image splicing is a common and widespread type of manipulation, which is defined as pasting a portion of an image onto a second image. Several forensic methods have been developed to detect splicing, using various image properties. Some of these methods exploit the noise statistics of the image to try and find discrepancies. In this paper, we propose a new counter-forensic approach to eliminate the noise differences that can appear in a spliced image. This approach can also be used when creating computer graphics images, in order to endow them with a realistic noise. This is performed by changing the …

An Automated Approach For Digital Forensic Analysis Of Heterogeneous Big Data, Hussam Mohammed, Nathan Clarke, Fudong Li

Journal of Digital Forensics, Security and Law

The major challenges with big data examination and analysis are volume, complex interdependence across content, and heterogeneity. The examination and analysis phases are considered essential to a digital forensics process. However, traditional techniques for the forensic investigation use one or more forensic tools to examine and analyse each resource. In addition, when multiple resources are included in one case, there is an inability to cross-correlate findings which often leads to inefficiencies in processing and identifying evidence. Furthermore, most current forensics tools cannot cope with large volumes of data. This paper develops a novel framework for digital forensic analysis of heterogeneous …

Making Sense Of Email Addresses On Drives, Neil C. Rowe, Riqui Schwamm, Michael R. Mccarrin, Ralucca Gera

Journal of Digital Forensics, Security and Law

Drives found during investigations often have useful information in the form of email addresses which can be acquired by search in the raw drive data independent of the file system. Using this data we can build a picture of the social networks that a drive owner participated in, even perhaps better than investigating their online profiles maintained by social-networking services because drives contain much data that users have not approved for public display. However, many addresses found on drives are not forensically interesting, such as sales and support links. We developed a program to filter these out using a Naïve …

Verification Of Recovered Digital Evidence On The Amazon Kindle, Marcus Thompson, Raymond Hansen

Journal of Digital Forensics, Security and Law

The Amazon Kindle is a popular e-book reader. This popularity will lead criminals to use the Kindle as an accessory to their crime. Very few Kindle publications in the digital forensics domain exist at the time of this writing. Various blogs on the Internet currently provide some of the foundation for Kindle forensics. For this research each fifth generation Kindle was populated with various types of files a typical user may introduce using one method, the USB interface. The Kindle was forensically imaged with AccessData’s Forensic Toolkit Imager before and after each Kindle was populated. Each file was deleted through …

Table Of Contents

Journal of Digital Forensics, Security and Law

No abstract provided.