Open Access. Powered by Scholars. Published by Universities.®
- Keyword
-
- Digital forensics (5)
- Survey (3)
- Cyber forensics (2)
- Android forensics (1)
- Android malware; Decompiler; Smali code/Baksmali (1)
-
- Anti-Forensics (1)
- Anti-digital forensics (1)
- Anti-forensics (1)
- Anti-forensics taxonomy (1)
- Apple Maps forensics (1)
- Approximate matching (1)
- Bing forensics (1)
- Bytewise (1)
- Bytewise Approximate Matching (1)
- Categorical data set (1)
- Collective action (1)
- Computer crime (1)
- Computer forensics (1)
- DEX (1)
- Dalvik EXecutable (1)
- Deviant groups (1)
- Deviant hacking groups (1)
- Digital evidence (1)
- Digital forensic tool testing (1)
- Digital investigation (1)
- Evaluation (1)
- Expected utility (1)
- FSA (1)
- Focal structure analysis (1)
- Forensic artifact; Digital forensics; CybOX; Curated forensic artifact; CuFA; Artifact definition (1)
Articles 1 - 10 of 10
Full-Text Articles in Information Security
Cufa: A More Formal Definition For Digital Forensic Artifacts, Vikram S. Harichandran, Daniel Walnycky, Ibrahim Baggili, Frank Breitinger
Cufa: A More Formal Definition For Digital Forensic Artifacts, Vikram S. Harichandran, Daniel Walnycky, Ibrahim Baggili, Frank Breitinger
Electrical & Computer Engineering and Computer Science Faculty Publications
The term “artifact” currently does not have a formal definition within the domain of cyber/ digital forensics, resulting in a lack of standardized reporting, linguistic understanding between professionals, and efficiency. In this paper we propose a new definition based on a survey we conducted, literature usage, prior definitions of the word itself, and similarities with archival science. This definition includes required fields that all artifacts must have and encompasses the notion of curation. Thus, we propose using a new term e curated forensic artifact (CuFA) e to address items which have been cleared for entry into a CuFA database (one …
Deleting Collected Digital Evidence By Exploiting A Widely Adopted Hardware Write Blocker, Christopher S. Meffert, Ibrahim Baggili, Frank Breitinger
Deleting Collected Digital Evidence By Exploiting A Widely Adopted Hardware Write Blocker, Christopher S. Meffert, Ibrahim Baggili, Frank Breitinger
Electrical & Computer Engineering and Computer Science Faculty Publications
In this primary work we call for the importance of integrating security testing into the process of testing digital forensic tools. We postulate that digital forensic tools are increasing in features (such as network imaging), becoming networkable, and are being proposed as forensic cloud services. This raises the need for testing the security of these tools, especially since digital evidence integrity is of paramount importance. At the time of conducting this work, little to no published anti-forensic research had focused on attacks against the forensic tools/process.We used the TD3, a popular, validated, touch screen disk duplicator and hardware write blocker …
Anti-Forensics: Furthering Digital Forensic Science Through A New Extended, Granular Taxonomy, Kevin Conlan, Ibrahim Baggili, Frank Breitinger
Anti-Forensics: Furthering Digital Forensic Science Through A New Extended, Granular Taxonomy, Kevin Conlan, Ibrahim Baggili, Frank Breitinger
Electrical & Computer Engineering and Computer Science Faculty Publications
Anti-forensic tools, techniques and methods are becoming a formidable obstacle for the digital forensic community. Thus, new research initiatives and strategies must be formulated to address this growing problem. In this work we first collect and categorize 308 antidigital forensic tools to survey the field. We then devise an extended anti-forensic taxonomy to the one proposed by Rogers (2006) in order to create a more comprehensive taxonomy and facilitate linguistic standardization. Our work also takes into consideration anti-forensic activity which utilizes tools that were not originally designed for antiforensic purposes, but can still be used with malicious intent. This category …
Rapid Android Parser For Investigating Dex Files (Rapid), Xiaolu Zhang, Frank Breitinger, Ibrahim Baggili
Rapid Android Parser For Investigating Dex Files (Rapid), Xiaolu Zhang, Frank Breitinger, Ibrahim Baggili
Electrical & Computer Engineering and Computer Science Faculty Publications
Android malware is a well-known challenging problem and many researchers/vendors/practitioners have tried to address this issue through application analysis techniques. In order to analyze Android applications, tools decompress APK files and extract relevant data from the Dalvik EXecutable (DEX) files. To acquire the data, investigators either use decompiled intermediate code generated by existing tools, e.g., Baksmali or Dex2jar or write their own parsers/dissemblers. Thus, they either need additional time because of decompiling the application into an intermediate representation and then parsing text files, or they reinvent the wheel by implementing their own parsers. In this article, we present Rapid Android …
A Cyber Forensics Needs Analysis Survey: Revisiting The Domain's Needs A Decade Later, Vikram S. Harichandran, Frank Breitinger, Ibrahim Baggili, Andrew Marrington
A Cyber Forensics Needs Analysis Survey: Revisiting The Domain's Needs A Decade Later, Vikram S. Harichandran, Frank Breitinger, Ibrahim Baggili, Andrew Marrington
Electrical & Computer Engineering and Computer Science Faculty Publications
The number of successful cyber attacks continues to increase, threatening financial and personal security worldwide. Cyber/digital forensics is undergoing a paradigm shift in which evidence is frequently massive in size, demands live acquisition, and may be insufficient to convict a criminal residing in another legal jurisdiction. This paper presents the findings of the first broad needs analysis survey in cyber forensics in nearly a decade, aimed at obtaining an updated consensus of professional attitudes in order to optimize resource allocation and to prioritize problems and possible solutions more efficiently. Results from the 99 respondents gave compelling testimony that the following …
A Method And A Case Study For The Selection Of The Best Available Tool For Mobile Device Forensics Using Decision Analysis, Shahzad Saleem, Oliver Popov, Ibrahim Baggili
A Method And A Case Study For The Selection Of The Best Available Tool For Mobile Device Forensics Using Decision Analysis, Shahzad Saleem, Oliver Popov, Ibrahim Baggili
Electrical & Computer Engineering and Computer Science Faculty Publications
The omnipresence of mobile devices (or small scale digital devices - SSDD) and more importantly the utility of their associated applications for our daily activities, which range from financial transactions to learning, and from entertainment to distributed social presence, create an abundance of digital evidence for each individual. Some of the evidence may be a result of illegal activities that need to be identified, understood and eventually prevented in the future. There are numerous tools for acquiring and analyzing digital evidence extracted from mobile devices. The diversity of SSDDs, types of evidence generated and the number of tools used to …
Bytewise Approximate Matching: The Good, The Bad, And The Unknown, Vikram S. Harichandran, Frank Breitinger, Ibrahim Baggili
Bytewise Approximate Matching: The Good, The Bad, And The Unknown, Vikram S. Harichandran, Frank Breitinger, Ibrahim Baggili
Electrical & Computer Engineering and Computer Science Faculty Publications
Hash functions are established and well-known in digital forensics, where they are commonly used for proving integrity and file identification (i.e., hash all files on a seized device and compare the fingerprints against a reference database). However, with respect to the latter operation, an active adversary can easily overcome this approach because traditional hashes are designed to be sensitive to altering an input; output will significantly change if a single bit is flipped. Therefore, researchers developed approximate matching, which is a rather new, less prominent area but was conceived as a more robust counterpart to traditional hashing. Since the conception …
Towards Syntactic Approximate Matching-A Pre-Processing Experiment, Doowon Jeong, Frank Breitinger, Hari Kang, Sangjin Lee
Towards Syntactic Approximate Matching-A Pre-Processing Experiment, Doowon Jeong, Frank Breitinger, Hari Kang, Sangjin Lee
Electrical & Computer Engineering and Computer Science Faculty Publications
Over the past few years, the popularity of approximate matching algorithms (a.k.a. fuzzy hashing) has increased. Especially within the area of bytewise approximate matching, several algorithms were published, tested, and improved. It has been shown that these algorithms are powerful, however they are sometimes too precise for real world investigations. That is, even very small commonalities (e.g., in the header of a file) can cause a match. While this is a desired property, it may also lead to unwanted results. In this paper, we show that by using simple pre-processing, we significantly can influence the outcome. Although our test set …
Exploring Deviant Hacker Networks (Dhn) On Social Media Platforms, Samer Al-Kateeb, Kevin Conlan, Nitin Agarwal, Ibrahim Baggili, Frank Breitinger
Exploring Deviant Hacker Networks (Dhn) On Social Media Platforms, Samer Al-Kateeb, Kevin Conlan, Nitin Agarwal, Ibrahim Baggili, Frank Breitinger
Electrical & Computer Engineering and Computer Science Faculty Publications
Online Social Networks (OSNs) have grown exponentially over the past decade. The initial use of social media for benign purposes (e.g., to socialize with friends, browse pictures and photographs, and communicate with family members overseas) has now transitioned to include malicious activities (e.g., cybercrime, cyberterrorism, and cyberwarfare). These nefarious uses of OSNs poses a signi_cant threat to society, and thus requires research attention. In this exploratory work, we study activities of one deviant groups: hacker groups on social media, which we term Deviant Hacker Networks (DHN). We investigated the connection between different DHNs on Twitter: how they are connected, identified …
Find Me If You Can: Mobile Gps Mapping Applications Forensic Analysis & Snavp The Open Source, Modular, Extensible Parser, Jason Moore, Ibrahim Baggili, Frank Breitinger
Find Me If You Can: Mobile Gps Mapping Applications Forensic Analysis & Snavp The Open Source, Modular, Extensible Parser, Jason Moore, Ibrahim Baggili, Frank Breitinger
Electrical & Computer Engineering and Computer Science Faculty Publications
The use of smartphones as navigation devices has become more prevalent. The ubiquity of hand-held navigation devices such as Garmins or Toms Toms has been falling whereas the ownership of smartphones and their adoption as GPS devices is growing. This work provides a comprehensive study of the most popular smartphone mapping applications, namely Google Maps, Apple Maps, Waze, MapQuest, Bing, and Scout, on both Android and iOS. It details what data was found, where it was found, and how it was acquired for each application. Based on the findings, the work allowed for the construction of a tool capable of …