A Multi-Key Pirate Decoder Against Traitor Tracing Schemes,
2010
Institute for Infocomm Research
A Multi-Key Pirate Decoder Against Traitor Tracing Schemes, Yongdong Wu, Robert H. Deng
Research Collection School Of Computing and Information Systems
In this paper we introduce an architecture for a multi-key pirate decoder which employs decryption keys from multiple traitors. The decoder has built-in monitoring and self protection functionalities and is capable of defeating most multiple-round based traitor tracing schemes such as the schemes based on the black-box confirmation method. In particular, the proposed pirate decoder is customized to defeat the private key and the public key fully collusion resistant traitor tracing (FTT) schemes, respectively. We show how the decoder prolongs a trace process so that the tracer has to give up his effort. FTT schemes are designed to identify all …
Probabilistic Public Key Encryption With Equality Test,
2010
Singapore Management University
Probabilistic Public Key Encryption With Equality Test, Guomin Yang, Chik How Tan, Qiong Huang, Duncan S. Wong
Research Collection School Of Computing and Information Systems
We present a (probabilistic) public key encryption (PKE) scheme such that when being implemented in a bilinear group, anyone is able to check whether two ciphertexts are encryptions of the same message. Interestingly, bilinear map operations are not required in key generation, encryption or decryption procedures of the PKE scheme, but is only required when people want to do an equality test (on the encrypted messages) between two ciphertexts that may be generated using different public keys. We show that our PKE scheme can be used in different applications such as searchable encryption and partitioning encrypted data. Moreover, we show …
Analyzing The Adoption Of Computer Security Utilizing The Health Belief Model,
2010
Central Washington University
Analyzing The Adoption Of Computer Security Utilizing The Health Belief Model, Chet L. Claar, Jeffrey Johnson
All Faculty Scholarship for the College of the Sciences
The home Internet user faces a hostile environment abundant in potential attacks on their computers. These attacks have been increasing at an alarming rate and cause damage to individuals and organizations regularly, and have the potential to cripple the critical infrastructures of entire countries. Recent research has determined that some individuals are not utilizing additional software protections available to mitigate these potential security risks. This paper seeks to further examine the reasons by proposing a conceptual framework that utilizes the Health Belief Model as a possible way to explain why some people do not perceive a threat sufficient to prompt …
Identifying A Computer Forensics Expert: A Study To Measure The Characteristics Of Forensic Computer Examiners,
2010
California State Polytechnic University
Identifying A Computer Forensics Expert: A Study To Measure The Characteristics Of Forensic Computer Examiners, Gregory H. Carlton, Reginald Worthley
Journal of Digital Forensics, Security and Law
The usage of digital evidence from electronic devices has been rapidly expanding within litigation, and along with this increased usage, the reliance upon forensic computer examiners to acquire, analyze, and report upon this evidence is also rapidly growing. This growing demand for forensic computer examiners raises questions concerning the selection of individuals qualified to perform this work. While courts have mechanisms for qualifying witnesses that provide testimony based on scientific data, such as digital data, the qualifying criteria covers a wide variety of characteristics including, education, experience, training, professional certifications, or other special skills. In this study, we compare task …
Adaptation Of Pyflag To Efficient Analysis Of Seized Computer Data Storage,
2010
AGH University of Science and Technology
Adaptation Of Pyflag To Efficient Analysis Of Seized Computer Data Storage, Aleksander Byrski, Wojciech Stryjewski, Bartłomiej Czechowicz
Journal of Digital Forensics, Security and Law
Based on existing software aimed at investigation support in the analysis of computer data storage seized during investigation (PyFlag), an extension is proposed involving the introduction of dedicated components for data identification and filtering. Hash codes for popular software contained in NIST/NSRL database are considered in order to avoid unwanted files while searching and to classify them into several categories. The extension allows for further analysis, e.g. using artificial intelligence methods. The considerations are illustrated by the overview of the system's design.
Computer Forensic Functions Testing: Media Preparation, Write Protection And Verification,
2010
University of South Australia
Computer Forensic Functions Testing: Media Preparation, Write Protection And Verification, Yinghua Guo, Jill Slay
Journal of Digital Forensics, Security and Law
The growth in the computer forensic field has created a demand for new software (or increased functionality to existing software) and a means to verify that this software is truly forensic i.e. capable of meeting the requirements of the trier of fact. In this work, we review our previous work---a function oriented testing framework for validation and verification of computer forensic tools. This framework consists of three parts: function mapping, requirements specification and reference set development. Through function mapping, we give a scientific and systemized description of the fundamentals of computer forensic discipline, i.e. what functions are needed in the …
Computer Forensics For Graduate Accountants: A Motivational Curriculum Design Approach,
2010
University of South Florida, St. Petersburg
Computer Forensics For Graduate Accountants: A Motivational Curriculum Design Approach, Grover S. Kearns
Journal of Digital Forensics, Security and Law
Computer forensics involves the investigation of digital sources to acquire evidence that can be used in a court of law. It can also be used to identify and respond to threats to hosts and systems. Accountants use computer forensics to investigate computer crime or misuse, theft of trade secrets, theft of or destruction of intellectual property, and fraud. Education of accountants to use forensic tools is a goal of the AICPA (American Institute of Certified Public Accountants). Accounting students, however, may not view information technology as vital to their career paths and need motivation to acquire forensic knowledge and skills. …
Higate (High Grade Anti-Tamper Equipment) Prototype And Application To E-Discovery,
2010
Tokyo Denki University
Higate (High Grade Anti-Tamper Equipment) Prototype And Application To E-Discovery, Yui Sakurai, Yuki Ashino, Tetsutaro Uehara, Hiroshi Yoshiura, Ryoichi Sasaki
Journal of Digital Forensics, Security and Law
These days, most data is digitized and processed in various ways by computers. In the past, computer owners were free to process data as desired and to observe the inputted data as well as the interim results. However, the unrestricted processing of data and accessing of interim results even by computer users is associated with an increasing number of adverse events. These adverse events often occur when sensitive data such as personal or confidential business information must be handled by two or more parties, such as in the case of e-Discovery, used in legal proceedings, or epidemiologic studies. To solve …
Developing Voip Honeypots: A Preliminary Investigation Into Malfeasant Activity,
2010
Edith Cowan University
Developing Voip Honeypots: A Preliminary Investigation Into Malfeasant Activity, Craig Valli
Journal of Digital Forensics, Security and Law
30 years ago PABX systems were compromised by hackers wanting to make long distance calls at some other entities expense. This activity faded as telephony became cheaper and PABX systems had countermeasures installed to overcome attacks. Now the world has moved onto the provision of telephony via broadband enabled Voice over Internet Protocol (VoIP) with this service now being provided as a replacement for conventional fixed wire telephony by major telecommunication providers worldwide. Due to increasing bandwidth it is possible for systems to support multiple voice connections simultaneously. The networked nature of the Internet allows for attackers of these VoIP …
Digital Records Forensics: A New Science And Academic Program For Forensic Readiness,
2010
The University of British Columbia
Digital Records Forensics: A New Science And Academic Program For Forensic Readiness, Luciana Duranti, Barbara Endicott-Popovsky
Journal of Digital Forensics, Security and Law
This paper introduces the Digital Records Forensics project, a research endeavour located at the University of British Columbia in Canada and aimed at the development of a new science resulting from the integration of digital forensics with diplomatics, archival science, information science and the law of evidence, and of an interdisciplinary graduate degree program, called Digital Records Forensics Studies, directed to professionals working for law enforcement agencies, legal firms, courts, and all kind of institutions and business that require their services. The program anticipates the need for organizations to become “forensically ready,” defined by John Tan as “maximizing the ability …
Book Review: Digital Forensic Evidence Examination (2nd Ed.),
2010
Gary Kessler Associates
Book Review: Digital Forensic Evidence Examination (2nd Ed.), Gary C. Kessler
Journal of Digital Forensics, Security and Law
On the day that I sat down to start to write this review, the following e-mail came across on one of my lists: Person A and Person B write back and forth and create an email thread. Person A then forwards the email to Person C, but changes some wording in the email exchange between A & B. What is the easiest way (and is it even possible) to find out when that earlier email message was altered before sent to Person C? Before you try to answer these questions, read Fred Cohen's Digital Forensic Evidence Examination. His book won't …
Reeling In Big Phish With A Deep Md5 Net,
2010
University of Alabama, Birmingham
Reeling In Big Phish With A Deep Md5 Net, Brad Wardman, Gary Warner, Heather Mccalley, Sarah Turner, Anthony Skjellum
Journal of Digital Forensics, Security and Law
Phishing continues to grow as phishers discover new exploits and attack vectors for hosting malicious content; the traditional response using takedowns and blacklists does not appear to impede phishers significantly. A handful of law enforcement projects — for example the FBI's Digital PhishNet and the Internet Crime and Complaint Center (ic3.gov) — have demonstrated that they can collect phishing data in substantial volumes, but these collections have not yet resulted in a significant decline in criminal phishing activity. In this paper, a new system is demonstrated for prioritizing investigative resources to help reduce the time and effort expended examining this …
Solid State Drives: The Beginning Of The End For Current Practice In Digital Forensic Recovery?,
2010
Murdoch University, Perth
Solid State Drives: The Beginning Of The End For Current Practice In Digital Forensic Recovery?, Graeme B. Bell, Richard Boddington
Journal of Digital Forensics, Security and Law
Digital evidence is increasingly relied upon in computer forensic examinations and legal proceedings in the modern courtroom. The primary storage technology used for digital information has remained constant over the last two decades, in the form of the magnetic disc. Consequently, investigative, forensic, and judicial procedures are well-established for magnetic disc storage devices (Carrier, 2005). However, a paradigm shift has taken place in technology storage and complex, transistor-based devices for primary storage are now increasingly common. Most people are aware of the transition from portable magnetic floppy discs to portable USB transistor flash devices, yet the transition from magnetic hard …
Trust Account Fraud And Effective Information Security Management,
2010
University of South Australia
Trust Account Fraud And Effective Information Security Management, Sameera Mubarak
Journal of Digital Forensics, Security and Law
The integrity of lawyers’ trust accounts has come under scrutiny in the last few years. There are strong possibilities of information technology security breaches happening within the firms, either accidental or deliberate. The damage caused by these security breaches could be extreme. For example, a trust account fund in an Australian law firm was misused in a security breach in which Telstra charged A$50,000 for phone usage, mainly for ISD calls to Hong Kong. Our study involved interviewing principals of ten law companies to find out solicitors’ attitudes to computer security and the possibility of breaches of their trust accounts. …
Malware Forensics: Discovery Of The Intent Of Deception,
2010
Edith Cowan University
Malware Forensics: Discovery Of The Intent Of Deception, Murray Brand, Craig Valli, Andrew Woodward
Journal of Digital Forensics, Security and Law
Malicious software (malware) has a wide variety of analysis avoidance techniques that it can employ to hinder forensic analysis. Although legitimate software can incorporate the same analysis avoidance techniques to provide a measure of protection against reverse engineering and to protect intellectual property, malware invariably makes much greater use of such techniques to make detailed analysis labour intensive and very time consuming. Analysis avoidance techniques are so heavily used by malware that the detection of the use of analysis avoidance techniques could be a very good indicator of the presence of malicious intent. However, there is a tendency for analysis …
The 2009 Analysis Of Information Remaining On Disks Offered For Sale On The Second Hand Market,
2010
Security Research Centre, Edith Cowan University, Khalifa University of Science, Technology and Research
The 2009 Analysis Of Information Remaining On Disks Offered For Sale On The Second Hand Market, Andy Jones, Craig Valli, Glenn S. Dardick, Iain Sutherland, G. Dabibi, Gareth Davies
Journal of Digital Forensics, Security and Law
The ever increasing use and reliance upon computers in both the public and private sector has led to enormous numbers of computers being disposed of at the end of their useful life within an organisation. As the cost of computers has dropped, their use in the home has also continued to increase. In most organisations, computers have a relatively short life and are replaced on a regular basis with the result that, if not properly cleansed of data, they are released into the public domain containing data that can be relatively up to date. This problem is exacerbated by the …
Avoiding Sanctions At The E-Discovery Meet-And-Confer In Common Law Countries,
2010
Metropolitan State University
Avoiding Sanctions At The E-Discovery Meet-And-Confer In Common Law Countries, Milton Luoma, Vicki Luoma
Journal of Digital Forensics, Security and Law
The rules of civil procedure in common law countries have been amended to better deal with the requirements of electronic discovery. One of the key changes in case management is the scheduling of a meet-and-confer session where the parties to litigation must meet early in the case before any discovery procedures have begun to exchange information regarding the nature, location, formats, and pertinent facts regarding custody and control of a party’s electronically stored information (ESI). Failure to abide by the rules and participate in good faith at the meet-and-confer session can have dire consequences for the parties and lawyers involved. …
Table Of Contents,
2010
Embry-Riddle Aeronautical University
Table Of Contents
Journal of Digital Forensics, Security and Law
No abstract provided.
Table Of Contents,
2010
Embry-Riddle Aeronautical University
Table Of Contents
Journal of Digital Forensics, Security and Law
No abstract provided.
Collaborative Risk Method For Information Security Management Practices: A Case Context Within Turkey,
2010
Franklin University
Collaborative Risk Method For Information Security Management Practices: A Case Context Within Turkey, Bilge Karabacak, Sevgi Ozkan
All Faculty and Staff Scholarship
In this case study, a collaborative risk method for information security management has been analyzed considering the common problems encountered during the implementation of ISO standards in eight Turkish public organizations. This proposed risk method has been applied within different public organizations and it has been demonstrated to be effective and problem-free. The fundamental issue is that there is no legislation that regulates the information security liabilities of the public organizations in Turkey. The findings and lessons learned presented in this case provide useful insights for practitioners when implementing information security management projects in other international public sector organizations.
