Open Access. Powered by Scholars. Published by Universities.®
- Keyword
-
- Digital forensics (3)
- Abstract syntax tree fingerprinting (1)
- Analysis (1)
- Android (1)
- Banking Trojan malware (1)
-
- BeEF (1)
- Bluetooth (1)
- Botnets (1)
- Canary files (1)
- Cloud computing (1)
- Cloud customer (1)
- Cloud forensics (1)
- Cloud provider (1)
- Communications (1)
- Computer (1)
- Correlation (1)
- Covert (1)
- Custom ROMS (1)
- Cyber deception (1)
- Cybercrime (1)
- Data Erasure (1)
- Decoy documents (1)
- Digital Fingerprinting (1)
- Digital forensic investigation (1)
- Disruption (1)
- Eavesdropping (1)
- Embedded device (1)
- Evidence (1)
- Fake file systems (1)
- Fake files (1)
Articles 1 - 11 of 11
Full-Text Articles in Engineering
The Zombies Strike Back: Towards Client-Side Beef Detection, Maxim Chernyshev, Peter Hannay
The Zombies Strike Back: Towards Client-Side Beef Detection, Maxim Chernyshev, Peter Hannay
Australian Digital Forensics Conference
A web browser is an application that comes bundled with every consumer operating system, including both desktop and mobile platforms. A modern web browser is complex software that has access to system-level features, includes various plugins and requires the availability of an Internet connection. Like any multifaceted software products, web browsers are prone to numerous vulnerabilities. Exploitation of these vulnerabilities can result in destructive consequences ranging from identity theft to network infrastructure damage. BeEF, the Browser Exploitation Framework, allows taking advantage of these vulnerabilities to launch a diverse range of readily available attacks from within the browser context. Existing defensive …
A User-Oriented Network Forensic Analyser: The Design Of A High-Level Protocol Analyser, D Joy, F Li, N L. Clarke, S M. Furnell
A User-Oriented Network Forensic Analyser: The Design Of A High-Level Protocol Analyser, D Joy, F Li, N L. Clarke, S M. Furnell
Australian Digital Forensics Conference
Network forensics is becoming an increasingly important tool in the investigation of cyber and computer-assisted crimes. Unfortunately, whilst much effort has been undertaken in developing computer forensic file system analysers (e.g. Encase and FTK), such focus has not been given to Network Forensic Analysis Tools (NFATs). The single biggest barrier to effective NFATs is the handling of large volumes of low-level traffic and being able to exact and interpret forensic artefacts and their context – for example, being able extract and render application-level objects (such as emails, web pages and documents) from the low-level TCP/IP traffic but also understand how …
A Forensic Overview Of The Lg Smart Tv, Iain Sutherland, Konstantino Xynos, Huw Read, Andy Jones, Tom Drange
A Forensic Overview Of The Lg Smart Tv, Iain Sutherland, Konstantino Xynos, Huw Read, Andy Jones, Tom Drange
Australian Digital Forensics Conference
The emerging Smart TV platform will likely replace traditional television sets over time as the entertainment and communication centrepiece in people’s homes. Given its expanded functionality and now, its online presence, there is a need to identify how they may become part of forensic investigations. The purpose of this paper is to introduce the area of Smart TVs and the potential forensic value these systems present in combination with their ever advancing functionality and capabilities. We provide an overview of Smart TV systems highlighting functionality and potential issues. We also take an initial look at two particular models, from the …
Locational Wireless And Social Media-Based Surveillance, Maxim Chernyshev
Locational Wireless And Social Media-Based Surveillance, Maxim Chernyshev
Australian Digital Forensics Conference
The number of smartphones and tablets as well as the volume of traffic generated by these devices has been growing constantly over the past decade and this growth is predicted to continue at an increasing rate over the next five years. Numerous native features built into contemporary smart devices enable highly accurate digital fingerprinting techniques. Furthermore, software developers have been taking advantage of locational capabilities of these devices by building applications and social media services that enable convenient sharing of information tied to geographical locations. Mass online sharing resulted in a large volume of locational and personal data being publicly …
Forensic Examination And Analysis Of The Prefetch Files On The Banking Trojan Malware Incidents, Andri P. Heriyanto
Forensic Examination And Analysis Of The Prefetch Files On The Banking Trojan Malware Incidents, Andri P. Heriyanto
Australian Digital Forensics Conference
Whenever a program runs within the operating system, there will be data or artefacts created on the system. This condition applies to the malicious software (malware). Although they intend to obscure their presence on the system with anti-forensic techniques, still they have to run on the victim’s system to acquire their objective. Modern malware creates a significant challenge to the digital forensic community since they are being designed to leave limited traces and misdirect the examiner. Therefore, every examiner should consider performing all the forensics approaches such as memory forensic, live-response and Windows file analysis in the related malware incidents …
A Forensically-Enabled Iaas Cloud Computing Architecture, Saad Alqahtany, Nathan Clarke, Steven Furnell, Christoph Reich
A Forensically-Enabled Iaas Cloud Computing Architecture, Saad Alqahtany, Nathan Clarke, Steven Furnell, Christoph Reich
Australian Digital Forensics Conference
Current cloud architectures do not support digital forensic investigators, nor comply with today’s digital forensics procedures largely due to the dynamic nature of the cloud. Whilst much research has focused upon identifying the problems that are introduced with a cloud-based system, to date there is a significant lack of research on adapting current digital forensic tools and techniques to a cloud environment. Data acquisition is the first and most important process within digital forensics – to ensure data integrity and admissibility. However, access to data and the control of resources in the cloud is still very much provider-dependent and complicated …
Up-Dating Investigation Models For Smart Phone Procedures, Brian Cusack, Raymond Lutui
Up-Dating Investigation Models For Smart Phone Procedures, Brian Cusack, Raymond Lutui
Australian Digital Forensics Conference
The convergence of services in Smart Technologies such as iPhones, Androids and multiple tablet work surfaces challenges the scope of any forensic investigation to include cloud environments, devices and service media. The analysis of current investigation guidelines suggests that each element in an investigation requires an independent procedure to assure the preservation of evidence. However we dispute this view and review the possibility of consolidating current investigation guidelines into a unified best practice guideline. This exploratory research proposes to fill a gap in digital forensic investigation knowledge for smart technologies used in business environments and to propose a better way …
Listening To Botnet Communication Channels To Protect Information Systems, Brian Cusack, Sultan Almutairi
Listening To Botnet Communication Channels To Protect Information Systems, Brian Cusack, Sultan Almutairi
Australian Digital Forensics Conference
Botnets are a weapon of choice for people who wish to exploit information systems for economic advantage. A large percentage of high value commercial targets such as banking transaction systems and human customers are web connected so that access is gained through Internet services. A Botnet is designed to maximise the possibility of an economic success through the low cost of attacks and the high number that may be attempted in any small time unit. In this paper we report exploratory research into the communications of Botnets. The research question was: How do Botnets talk with the command and control …
Towards A Set Of Metrics To Guide The Generation Of Fake Computer File Systems, Ben Whitham
Towards A Set Of Metrics To Guide The Generation Of Fake Computer File Systems, Ben Whitham
Australian Digital Forensics Conference
Fake file systems are used in the field of cyber deception to bait intruders and fool forensic investigators. File system researchers also frequently generate their own synthetic document repositories, due to data privacy and copyright concerns associated with experimenting on real-world corpora. For both these fields, realism is critical. Unfortunately, after creating a set of files and folders, there are no current testing standards that can be applied to validate their authenticity, or conversely, reliably automate their detection. This paper reviews the previous 30 years of file system surveys on real world corpora, to identify a set of discrete measures …
The Impact Of Custom Rom Backups On Android External Storage Erasure, Haydon Hope, Peter Hannay
The Impact Of Custom Rom Backups On Android External Storage Erasure, Haydon Hope, Peter Hannay
Australian Digital Forensics Conference
The Android operating system is the current market leader on mobile devices such as smartphones and tablet computers. The core operating system is open source and has a number of developers creating variants of this operating system. These variants, often referred to as custom ROMs are available for a wide number of mobile devices. Custom ROMs provide a number of features, such as enhanced control over the operating system, variation in user interfaces and so on. The process of installing custom ROMs is often accomplished through the use of a ROM manager application. Such applications often provide mechanisms to back …
Finding Evidence Of Wordlists Being Deployed Against Ssh Honeypots – Implications And Impacts, Priya Rabadia, Craig Valli
Finding Evidence Of Wordlists Being Deployed Against Ssh Honeypots – Implications And Impacts, Priya Rabadia, Craig Valli
Australian Digital Forensics Conference
This paper is an investigation focusing on activities detected by three SSH honeypots that utilise Kippo honeypot software. The honeypots were located on the same /24 IPv4 network and configured as identically as possible. The honeypots used the same base software and hardware configurations. The data from the honeypots were collected during the period 17th July 2012 and 26th November 2013, a total of 497 active day periods. The analysis in this paper focuses on the techniques used to attempt to gain access to these systems by attacking entities. Although all three honeypots are have the same configuration settings and …