Open Access. Powered by Scholars. Published by Universities.®
- Keyword
-
- Accreditation (1)
- Attacks on files (1)
- Automation (1)
- Block-chain (1)
- Booter operators (1)
-
- Call Data Records (1)
- Call Detail Records (1)
- Certification (1)
- Charging Data Records (1)
- Credentialing (1)
- Cryptographic hashing (1)
- Curriculum (1)
- Cybercrime (1)
- DLT (1)
- DRDoS (1)
- Data Privacy (1)
- Digital Forensic (1)
- Digital Forensics Framework (1)
- Digital forensics (1)
- Distributed Ledger Technology (1)
- Exclusively opened file. (1)
- Forensic analysis (1)
- Hypervisorbased protection (1)
- Image comparison (1)
- Image processing (1)
- Image thumbnails (1)
- Known file analysis (1)
- Logistic regression (1)
- Machine Learning (1)
- Malicious traffic (1)
- Publication
- Publication Type
Articles 1 - 12 of 12
Full-Text Articles in Law
Fast Forensic Triage Using Centralised Thumbnail Caches On Windows Operating Systems, Sean Mckeown, Gordon Russell, Petra Leimich
Fast Forensic Triage Using Centralised Thumbnail Caches On Windows Operating Systems, Sean Mckeown, Gordon Russell, Petra Leimich
Journal of Digital Forensics, Security and Law
A common investigative task is to identify known contraband images on a device, which typically involves calculating cryptographic hashes for all the files on a disk and checking these against a database of known contraband. However, modern drives are now so large that it can take several hours just to read this data from the disk, and can contribute to the large investigative backlogs suffered by many law enforcement bodies. Digital forensic triage techniques may thus be used to prioritise evidence and effect faster investigation turnarounds. This paper proposes a new forensic triage method for investigating disk evidence relating to …
Memoryranger Prevents Highjacking File_Object Structures In Windows Kernel, Igor Korkin
Memoryranger Prevents Highjacking File_Object Structures In Windows Kernel, Igor Korkin
Journal of Digital Forensics, Security and Law
Windows OS kernel memory is one of the main targets of cyber-attacks. By launching such attacks, hackers are succeeding in process privilege escalation and tampering users’ data by accessing kernel-mode memory. This paper considers a new example of such an attack, which results in access to the files opened in an exclusive mode. Windows built-in security features prevent such a legal access, but attackers can circumvent them by patching dynamically allocated objects. The research shows that the newest Windows 10 x64 is vulnerable to this attack. The paper provides an example of using MemoryRanger, a hypervisor- based solution to prevent …
Improved Decay Tolerant Inference Of Previously Uninstalled Computer Applications, Oluwaseun Adegbehingbe, James Jones
Improved Decay Tolerant Inference Of Previously Uninstalled Computer Applications, Oluwaseun Adegbehingbe, James Jones
Journal of Digital Forensics, Security and Law
When an application is uninstalled from a computer system, the application’s deleted file contents are overwritten over time, depending on factors such as operating system, available unallocated disk space, user activity, etc. As this content decays, the ability to infer the application’s prior presence, based on the remaining digital artifacts, becomes more difficult. Prior research inferring previously installed applications by matching sectors from a hard disk of interest to a previously constructed catalog of labeled sector hashes showed promising results. This prior work used a white list approach to identify relevant artifacts, resulting in no irrelevant artifacts but incurring the …
Examining The Correlates Of Failed Drdos Attacks, Thomas Hyslip, Thomas Holt
Examining The Correlates Of Failed Drdos Attacks, Thomas Hyslip, Thomas Holt
Journal of Digital Forensics, Security and Law
Over the last decade, there has been a rise in cybercrime services offered on a feefor- service basis, enabling individuals to direct attacks against various targets. One of the recent services offered involves stresser or booter operators, who offer distributed reflected denial of service (DRDoS) attacks on an hourly or subscription basis. These attacks involve the use of malicious traffic reflected off of webservers to increase the volume of traffic, which is directed toward websites and servers rendering them unusable. Researchers have examined DRDoS attacks using realtime data, though few have considered the experience of their customers and the factors …
Enhancing Forensic-Tool Security With Rust: Development Of A String Extraction Utility, Jens Getreu, Olaf Maennel
Enhancing Forensic-Tool Security With Rust: Development Of A String Extraction Utility, Jens Getreu, Olaf Maennel
Journal of Digital Forensics, Security and Law
The paper evaluates the suitability of the Rust ecosystem for forensic tool development. As a case study, a forensic tool named Stringsext is developed. Starting from analyzing the specefic requirements of forensic software in general and those of the present case study, all stages of the software development life-cycle are executed and evaluated. Stringsext is a re-implementation and enhancement of the GNU-strings tool, a widely used program in forensic investigations. Stringsext recognizes Cyrillic, CJKV East Asian characters and other scripts in all supported multi-byte-encodings while GNU-strings fails in finding these in UTF-16 and other encodings. During the case study it …
Df 2.0: An Automated, Privacy Preserving, And Efficient Digital Forensic Framework That Leverages Machine Learning For Evidence Prediction And Privacy Evaluation, Robin Verma, Jayaprakash Govindaraj Dr, Saheb Chhabra, Gaurav Gupta
Df 2.0: An Automated, Privacy Preserving, And Efficient Digital Forensic Framework That Leverages Machine Learning For Evidence Prediction And Privacy Evaluation, Robin Verma, Jayaprakash Govindaraj Dr, Saheb Chhabra, Gaurav Gupta
Journal of Digital Forensics, Security and Law
The current state of digital forensic investigation is continuously challenged by the rapid technological changes, the increase in the use of digital devices (both the heterogeneity and the count), and the sheer volume of data that these devices could contain. Although data privacy protection is not a performance measure, however, preventing privacy violations during the digital forensic investigation, is also a big challenge. With a perception that the completeness of investigation and the data privacy preservation are incompatible with each other, the researchers have provided solutions to address the above-stated challenges that either focus on the effectiveness of the investigation …
Forensic Cell Site Analysis: Mobile Network Operator Evidence Integrity Maintenance Research, John B. Minor
Forensic Cell Site Analysis: Mobile Network Operator Evidence Integrity Maintenance Research, John B. Minor
Journal of Digital Forensics, Security and Law
Mobile Network Operator (MNO) and Mobile Virtual Network Operator (MVNO) evidence have become an important evidentiary focus in the courtroom. This type of evidence is routinely produced as business records under U.S. Federal Rules of Evidence for use in the emerging discipline of Forensic Cell Site Analysis. The research was undertaken to determine if evidence produced by operators should be classified as digital evidence and, if so, what evidence handling methodologies are appropriate to ensure evidence integrity. This research project resulted in the creation of a method of determining if business records produced by MNO/MVNO organizations are digital evidence and …
Forensic Analysis Of Spy Applications In Android Devices, Shinelle Hutchinson, Umit Karabiyik
Forensic Analysis Of Spy Applications In Android Devices, Shinelle Hutchinson, Umit Karabiyik
Annual ADFSL Conference on Digital Forensics, Security and Law
Smartphones with Google's Android operating system are becoming more and more popular each year, and with this increased user base, comes increased opportunities to collect more of these users' private data. There have been several instances of malware being made available via the Google Play Store, which is one of the predominant means for users to download applications. One effective way of collecting users' private data is by using Android Spyware. In this paper, we conduct a forensic analysis of a malicious Android spyware application and present our findings. We also highlight what information the application accesses and what it …
Digital Forensics, A Need For Credentials And Standards, Nima Zahadat
Digital Forensics, A Need For Credentials And Standards, Nima Zahadat
Journal of Digital Forensics, Security and Law
The purpose of the conducted study was to explore the credentialing of digital forensic investigators, drawing from applicable literature. A qualitative, descriptive research design was adopted which entailed searching across Google Scholar and ProQuest databases for peer reviewed articles on the subject matter. The resulting scholarship was vetted for timeliness and relevance prior to identification of key ideas on credentialing. The findings of the study indicated that though credentialing was a major issue in digital forensics with an attentive audience of stakeholders, it had been largely overshadowed by the fundamental curricula problems in the discipline. A large portion of research …