Defense and Security Studies Commons^™

Botnet Forensic Investigation Techniques And Cost Evaluation, Brian Cusack

Annual ADFSL Conference on Digital Forensics, Security and Law

Botnets are responsible for a large percentage of damages and criminal activity on the Internet. They have shifted attacks from push activities to pull techniques for the distribution of malwares and continue to provide economic advantages to the exploiters at the expense of other legitimate Internet service users. In our research we asked; what is the cost of the procedural steps for forensically investigating a Botnet attack? The research method applies investigation guidelines provided by other researchers and evaluates these guidelines in terms of the cost to a digital forensic investigator. We conclude that investigation of Botnet attacks is both …

Development And Dissemination Of A New Multidisciplinary Undergraduate Curriculum In Digital Forensics, Masooda Bashir, Jenny A. Applequist, Roy H. Campbell, Lizanne Destefano, Gabriela L. Garcia, Anthony Lang

Annual ADFSL Conference on Digital Forensics, Security and Law

The Information Trust Institute (ITI) at the University of Illinois at Urbana-Champaign is developing an entirely new multidisciplinary undergraduate curriculum on the topic of digital forensics, and this paper presents the findings of the development process, including initial results and evaluation of a pilot offering of the coursework to students. The curriculum consists of a four-course sequence, including introductory and advanced lecture courses with parallel laboratory courses, followed by an advanced course. The content has been designed to reflect both the emerging national standards and the strong multidisciplinary character of the profession of digital forensics, and includes modules developed collaboratively …

Computer Forensics For Accountants, Grover S. Kearns

Annual ADFSL Conference on Digital Forensics, Security and Law

Digital attacks on organizations are becoming more common and more sophisticated. Firms are interested in providing data security and having an effective means to respond to attacks. Accountants possess important investigative and analytical skills that serve to uncover fraud in forensic investigations. Some accounting students take courses in forensic accounting but few colleges offer a course in computer forensics for accountants. Educators wishing to develop such a course may find developing the curriculum daunting. A major element of such a course is the use of forensic software. This paper argues the importance of computer forensics to accounting students and offers …

Applying Memory Forensics To Rootkit Detection, Igor Korkin, Ivan Nesterov

Annual ADFSL Conference on Digital Forensics, Security and Law

Volatile memory dump and its analysis is an essential part of digital forensics. Among a number of various software and hardware approaches for memory dumping there are authors who point out that some of these approaches are not resilient to various anti-forensic techniques, and others that require a reboot or are highly platform dependent. New resilient tools have certain disadvantages such as low speed or vulnerability to rootkits which directly manipulate kernel structures, e.g., page tables. A new memory forensic system – Malware Analysis System for Hidden Knotty Anomalies (MASHKA) is described in this paper. It is resilient to popular …

The Federal Rules Of Civil Procedure: Politics In The 2013-2014 Revision, John W. Bagby, Byron Granda, Emily Benoit, Alexander Logan, Ryan Snell, Joseph J. Schwerha

Annual ADFSL Conference on Digital Forensics, Security and Law

Pre-trial discovery is perpetually controversial. Parties advantaged by strict privacy can often avoid justice when this is disadvantageous to their interests. Contrawise, parties advantaged by relaxed litigation privacy can achieve justice when all facts are accessible irrespective of their repositories, ownership or control. American-style pre-trial discovery in civil and regulatory enforcement is relatively rare around the world. U.S. discovery rules open nearly all relevant and non-privileged data for use by opposing parties. The traditional discovery process was costly and time consuming in the world of tangible paper data. However, these burdens have increased, rather than diminished as often predicted, as …

Testing And Evaluating The Harmonised Digital Forensic Investigation Process In Post Mortem Digital Investigation, Emilio R. Mumba, H. S. Venter

Annual ADFSL Conference on Digital Forensics, Security and Law

Existing digital forensic investigation process models have provided guidelines for identifying and preserving potential digital evidence captured from a crime scene. However, for any of the digital forensic investigation process models developed across the world to be adopted and fully applied by the scientific community, it has to be tested. For this reason, the Harmonized Digital Forensic Investigation Process (HDFIP) model, currently a working draft towards becoming an international standard for digital forensic investigations (ISO/IEC 27043), needs to be tested.

This paper, therefore, presents the findings of a case study used to test the HDFIP model implemented in the ISO/IEC …

Generation And Handling Of Hard Drive Duplicates As Piece Of Evidence, T. Kemmerich, F. Junge, N. Kuntze, C. Rudolph, B. Endicott-Popovsky, L. Großkopf

Annual ADFSL Conference on Digital Forensics, Security and Law

An important area in digital forensics is images of hard disks. The correct production of the images as well as the integrity and authenticity of each hard disk image is essential for the probative force of the image to be used at court. Integrity and authenticity are under suspicion as digital evidence is stored and used by software based systems. Modifications to digital objects are hard or even impossible to track and can occur even accidentally. Even worse, vulnerabilities occur for all current computing systems. Therefore, it is difficult to guarantee a secure environment for forensic investigations. But intended deletions …

Internet Addiction To Child Pornography, Rachel Sitarz, Marcus Rogers, Lonnie Bentley, Eugene Jackson

Annual ADFSL Conference on Digital Forensics, Security and Law

During the present age and time, it seems as though people in society have become addicted to nearly anything and everything, whether it be to a substance, an activity or an object. The Internet and pornography is no exception. While commonly thought of as a deviant behavior, many are displaying addictions towards the Internet and pornography. More alarming, however, are those who are viewing, downloading, or trading child pornography and displaying addictive Internet behaviors, for they are spending excessive amounts of time engaging in the proliferation of child pornographic materials. For this reason, addiction to the Internet and usage of …

Using Internet Artifacts To Profile A Child Pornography Suspect, Marcus K. Rogers, Kathryn C. Seigfried-Spellar

Annual ADFSL Conference on Digital Forensics, Security and Law

Digital evidence plays a crucial role in child pornography investigations. However, in the following case study, the authors argue that the behavioral analysis or “profiling” of digital evidence can also play a vital role in child pornography investigations. The following case study assessed the Internet Browsing History (Internet Explorer Bookmarks, Mozilla Bookmarks, and Mozilla History) from a suspected child pornography user’s computer. The suspect in this case claimed to be conducting an ad hoc law enforcement investigation. After the URLs were classified (Neutral; Adult Porn; Child Porn; Adult Dating sites; Pictures from Social Networking Profiles; Chat Sessions; Bestiality; Data Cleaning; …

Life (Logical Iosforensics Examiner): An Open Source Iosbackup Forensics Examination Tool, Ibrahim Baggili, Shadi Al Awawdeh, Jason Moore

Annual ADFSL Conference on Digital Forensics, Security and Law

In this paper, we present LiFE (Logical iOS Forensics Examiner), an open source iOS backup forensics examination tool. This tool helps both researchers and practitioners alike in both understanding the backup structures of iOS devices and forensically examining iOS backups. The tool is currently capable of parsing device information, call history, voice messages, GPS locations, conversations, notes, images, address books, calendar entries, SMS messages, Aux locations, facebook data and e-mails. The tool consists of both a manual interface (where the user is able to manually examine the backup structures) and an automated examination interface (where the tool pulls out evidence …

Why Penetration Testing Is A Limited Use Choice For Sound Cyber Security Practice, Craig Valli, Andrew Woodward, Peter Hannay, Mike Johnstone

Annual ADFSL Conference on Digital Forensics, Security and Law

Penetration testing of networks is a process that is overused when demonstrating or evaluating the cyber security posture of an organisation. Most penetration testing is not aligned with the actual intent of the testing, but rather is driven by a management directive of wanting to be seen to be addressing the issue of cyber security. The use of penetration testing is commonly a reaction to an adverse audit outcome or as a result of being penetrated in the first place. Penetration testing used in this fashion delivers little or no value to the organisation being tested for a number of …

Awareness Of Scam E-Mails: An Exploratory Research Study, Tejashree D. Datar, Kelly A. Cole, Marcus K. Rogers

Annual ADFSL Conference on Digital Forensics, Security and Law

The goal of this research was to find the factors that influence a user’s ability to identify e-mail scams. It also aimed to understand user’s awareness regarding e-mail scams and actions that need to be taken if and when victimized. This study was conducted on a university campus with 163 participants. This study presented the participants with two scam e-mails and two legitimate e-mails and asked the participants to correctly identify these e-mails as scam or legitimate. The study focused on the ability of people to differentiate between scam and legitimate e-mails. The study attempted to determine factors that influence …

There's A Pattern Here: The Case To Integrate Environmental Security Into Homeland Security Strategy, James D. Ramsay, Terrence M. O'Sullivan

Security Studies & International Affairs - Daytona Beach

The time is long overdue to acknowledge that global climate and resource stresses, encompassed by the concept of environmental security (ES), are an increasingly important part of "homeland" security (HS) study and practice, by even the most restricted definitions of HS. Environmental security issues will affect global economic and political stability, US national interests, and the risk of war and terrorism. Just as homeland security encompasses many complex issues and interconnected subfields, environmental security (ES) is interdisciplinary by nature. In essence, ES is an emergent discipline borrowing from a combination of environmental studies — which decades ago integrated environmental science …

Paradigms For Cybersecurity Education In A Homeland Security Program, Gary C. Kessler, James Ramsay

Applied Aviation Sciences - Daytona Beach

Cybersecurity threats to the nation are growing in intensity, frequency, and severity and are a very real threat to the security of the country. Academia has responded to a wide variety of homeland security (HS) threats to the nation by creating formal curricula in the field, although these programs almost exclusively focus on physical threats (e.g., terrorist attacks, and natural and man-made disasters), law and policy and transportation . Although cybersecurity programs are commonly available in U.S. colleges and universities, they are invariably offered as a technical course of study nested within engineering (or other STEM) programs. We observe that …

Paradigms For Cybersecurity Education In A Homeland Security Program, Gary C. Kessler, James Ramsay

Security Studies & International Affairs - Daytona Beach

Cybersecurity threats to the nation are growing in intensity, frequency, and severity and are a very real threat to the security of the country. Academia has responded to a wide variety of homeland security (HS) threats to the nation by creating formal curricula in the field, although these programs almost exclusively focus on physical threats (e.g., terrorist attacks, and natural and man-made disasters), law and policy and transportation . Although cybersecurity programs are commonly available in U.S. colleges and universities, they are invariably offered as a technical course of study nested within engineering (or other STEM) programs. We observe that …

The Advanced Persistent Threat And The Role Of Cybersecurity Education, Gary C. Kessler

Security Studies & International Affairs - Daytona Beach

"The changing face of infowar • The Advanced Persistent Threat • Examples of recent cyber attacks • Mitigation and preparation • Formalizing the response • The role(s) of education"--Overview

The Advanced Persistent Threat And The Role Of Cybersecurity Education, Gary C. Kessler

Applied Aviation Sciences - Daytona Beach

No abstract provided.

Development Of An Outcomes-Based Undergraduate Curriculum In Homeland Security, James D. Ramsay, Daniel A. Cutrer, Robert Raffel

Security Studies & International Affairs - Daytona Beach

As a professional discipline, homeland security is complex, dynamic, and interdisciplinary and not given to facile definition. As an academic discipline, homeland security is relatively new and growing, and its workforce aging. As such, there is an acknowledged need to develop academic homeland security programs to try and meet anticipated workforce needs. However, the lack of an accreditation system or a set of available published outcomes (or standards) have complicated efforts towards homeland security program development. At present, determining which courses to teach and which outcomes in each course to pursue must be left to anecdotal conversations, reviews of the …

Development Of An Outcomes-Based Undergraduate Curriculum In Homeland Security, James D. Ramsay, Daniel Cutrer, Robert Raffel

Applied Aviation Sciences - Daytona Beach

As a professional discipline, homeland security is complex, dynamic, and interdisciplinary and not given to facile definition. As an academic discipline, homeland security is relatively new and growing, and its workforce aging. As such, there is an acknowledged need to develop academic homeland security programs to try and meet anticipated workforce needs. However, the lack of an accreditation system or a set of available published outcomes (or standards) have complicated efforts towards homeland security program development. At present, determining which courses to teach and which outcomes in each course to pursue must be left to anecdotal conversations, reviews of the …

Terrorism And The Law: Show Trials And Why The Show Must Go On, Ibpp Editor

International Bulletin of Political Psychology

The author discusses the nature and meaning of terrorism trials during the United States’ war on terror.

Revisiting The United States Hostage Negotiation Policy: An Academic Imperative. Part I, Ibpp Editor

International Bulletin of Political Psychology

This article comes in two parts - the article and the notes.

Article abstract: To get hostages released without harm requires a national policy committed to that principle. With that in mind, there needs to be an understanding of the perpetrators' "objective view" of reality. These views have political, economic, psychological, cultural, ethno-religious and perceptual dimensions. Those multivariate dimensions of any hostage situation mandate policies that should be based on law enforcement and military perspectives, in order to be flexible enough to permit their consideration and continuously evaluate their national and international implications.

Part II: Notes and bibliography for Part …

Revisiting The United States Hostage Negotiation Policy: An Academic Imperative. Part Ii, Ibpp Editor

International Bulletin of Political Psychology

This article comes in two parts - the article and the notes.

Article abstract: To get hostages released without harm requires a national policy committed to that principle. With that in mind, there needs to be an understanding of the perpetrators' "objective view" of reality. These views have political, economic, psychological, cultural, ethno-religious and perceptual dimensions. Those multivariate dimensions of any hostage situation mandate policies that should be based on law enforcement and military perspectives, in order to be flexible enough to permit their consideration and continuously evaluate their national and international implications.

Part II: Notes and bibliography for Part …

Trends. Accountability In Security Organizations: The Case Of The United States Navy, Ibpp Editor

International Bulletin of Political Psychology

Controversy surrounds the adjudication of the United States Navy (USN) commander whose submarine collided with and then sank a Japanese fishing boat in February 200l. The USN has Issued a letter of reprimand to the commander and is allowing him to leave the Navy with full pension based on his current rank, as opposed to authorizing a court-martial that would have rendered the commander liable to very serious criminal charges and sentences. At Issue have been the effects of the adjudication on military personnel aware of the adjudication.

More Spy Games: A Problem With Credibility Of Sources For Counterintelligence And Personnel Security, Ibpp Editor

International Bulletin of Political Psychology

This article identifies implications of recent meta-evaluations of psychological assessment methods for attempts at identifying individuals who are committing treason or otherwise violating security policies.

Trends. Psychologies Of Personnel Security And Counterintelligence Failure: Racism, Satisficing, And Wen Ho Lee, Ibpp Editor

International Bulletin of Political Psychology

This article discusses issues surrounding the actions of Mr. Wen Ho Lee in the context of espionage, treason, and national security as well as racial profiling and the problems with conducting counterintelligence.

The Pollard Case And The Nature Of Espionage, Ibpp Editor

International Bulletin of Political Psychology

This article describes some common misconceptions in evaluating the appropriateness of penalties for individuals convicted of espionage.

The Magic Of Science And The Science Of Magic: Polygraphy, Deception, And National Security, Ibpp Editor

International Bulletin of Political Psychology

This article highlights philosophical problems on the road to identifying deception.