Open Access. Powered by Scholars. Published by Universities.®

Physical Sciences and Mathematics Commons

Open Access. Powered by Scholars. Published by Universities.®

Computer Sciences

PDF

Australian Digital Forensics Conference

2010

Articles 1 - 18 of 18

Full-Text Articles in Physical Sciences and Mathematics

Fireguard - A Secure Browser With Reduced Forensic Footprint, Don Griffiths, Peter James Jan 2010

Fireguard - A Secure Browser With Reduced Forensic Footprint, Don Griffiths, Peter James

Australian Digital Forensics Conference

Fireguard is a secure portable browser designed to reduce both data leakage from browser data remnants and cyber attacks from malicious code exploiting vulnerabilites in browser plug-ins, extensions and software updates. A browser can leave data remnants on a host PC hard disk drive, often unbeknown to a user, in the form of cookies, histories, saved passwords, cached web pages and downloaded objects. Forensic analysis, using freely available computer forensic tools, may reveal sensitive and confidential information. A browser’s capability to increase its features through plug-ins and extensions and perform patch management or upgrade to a new release via a …

Go to article

Does The Use Of Mimo Technology Used By 802.11n Reduce Or Increase The Impact Of Denial Of Service Attacks?, William Pung, Andrew Woodward Jan 2010

Does The Use Of Mimo Technology Used By 802.11n Reduce Or Increase The Impact Of Denial Of Service Attacks?, William Pung, Andrew Woodward

Australian Digital Forensics Conference

This paper presents the results of a simulated wireless DoS attack against a 802.11g connection that uses Single Input Single Output (SISO), and an 802.11n device that utilizes MIMO. The aim of the experiment was to determine whether the impact of a denial of service attack against MIMO architecture is greater than SISO, since it is capable of receiving more(multiple) attack frames/packets within a given time frame. It was found that both devices were negatively impacted by such attacks, and that throughout was similarly affected. It was also observed that increasing the packet flood rate resulted in a corresponding and …

Go to article

Lessons Learned From An Investigation Into The Analysis Avoidance Techniques Of Malicious Software, Murray Brand, Craig Valli, Andrew Woodward Jan 2010

Lessons Learned From An Investigation Into The Analysis Avoidance Techniques Of Malicious Software, Murray Brand, Craig Valli, Andrew Woodward

Australian Digital Forensics Conference

This paper outlines a number of key lessons learned from an investigation into the techniques malicious executable software can employ to hinder digital forensic examination. Malware signature detection has been recognised by researchers to be far less than ideal. Thus, the forensic analyst may be required to manually analyse suspicious files. However, in order to hinder the forensic analyst, hide its true intent and to avoid detection, modern malware can be wrapped with packers or protectors, and layered with a plethora of antianalysis techniques. This necessitates the forensic analyst to develop static and dynamic analysis skills tailored to navigate a …

Go to article

Evidential Recovery In A Rfid Business System, Brian Cusack, Ar Kar Ayaw Jan 2010

Evidential Recovery In A Rfid Business System, Brian Cusack, Ar Kar Ayaw

Australian Digital Forensics Conference

Efficient stock management in the commercial retail sector is being dominated by Radio Frequency Identification (RFID) tag implementations. Research reports of the security risk of RFID tags show that breaches are likely and that forensic readiness is a requirement. In this paper a RFID tag business simulation is reported that replicates previous research reports of security breaches with the purpose of identifying potential evidence after such attacks. A Read/Write Tag was cloned and used to replicate a SQL poisoning attack on a simulated Business System. A forensic investigation was then undertaken to identify potential locations for evidential recovery. This paper …

Go to article

The Science, The Technology, The Law, Ken Fowle Jan 2010

The Science, The Technology, The Law, Ken Fowle

Australian Digital Forensics Conference

Forensic science must satisfy two needs; that of the scientific community and that of the legal profession. It is hoped that the legal and scientific outcomes should be based on one and the same thing. Science, Technology and Law depend upon the establishment of a reliable basis of fact. But in the Court it is the law that finally decides what is fact, what is opinion and what the truth should be. This paper looks at the role of the Forensic Practitioner’s requirement for understanding the science, the technology and the law. It endeavours to explain the reasons, using cases, …

Go to article

Avoiding Sanctions At The E-Discovery Meet-And-Confer In Common Law Countries, Milton Luoma, Vicki Luoma Jan 2010

Avoiding Sanctions At The E-Discovery Meet-And-Confer In Common Law Countries, Milton Luoma, Vicki Luoma

Australian Digital Forensics Conference

The rules of civil procedure in common law countries have been amended to better deal with the requirements of electronic discovery. One of the key changes in case management is the scheduling of a meet-and-confer session where the parties to litigation must meet early in the case before any discovery procedures have begun to exchange information regarding the nature, location, formats, and pertinent facts regarding custody and control of a party’s electronically stored information (ESI). Failure to abide by the rules and participate in good faith at the meet-and-confer session can have dire consequences for the parties and lawyers involved. …

Go to article

Digital Forensics Analysis Of Spectral Estimation Methods, Tolga Mataracioglu, Unal Tatar Jan 2010

Digital Forensics Analysis Of Spectral Estimation Methods, Tolga Mataracioglu, Unal Tatar

Australian Digital Forensics Conference

Steganography is the art and science of writing hidden messages in such a way that no one apart from the intended recipient knows of the existence of the message. In today’s world, it is widely used in order to secure the information. Since digital forensics aims to detect, recover and examine the digital evidence and steganography is a method for hiding digital evidence, detecting the steganography is an important step in digital forensics process. In this paper, the traditional spectral estimation methods are introduced. The performance analysis of each method is examined by comparing all of the spectral estimation methods. …

Go to article

Zombie Hard Disks - Data From The Living Dead, Iain Sutherland, Gareth Davies, Andy Jones, Andrew J. C. Blyth Jan 2010

Zombie Hard Disks - Data From The Living Dead, Iain Sutherland, Gareth Davies, Andy Jones, Andrew J. C. Blyth

Australian Digital Forensics Conference

There have been a number of studies conducted in relation to data remaining on disks purchased on the second hand market. A large number of these studies have indicated that a proportion of these disks contain a degree of residual data placed on the drive by the original owners. The Security Research Centre at BT has sponsored a residual data study over the last five years examining disks sourced around the globe, in the UK, USA, Germany France and Australia. In 2008 as part of a 5 year study, Glamorgan University in conjunction with Edith Cowan University in Australia, Longwood …

Go to article

Development, Delivery And Dynamics Of A Digital Forensics Subject, Tanveer A. Zia Jan 2010

Development, Delivery And Dynamics Of A Digital Forensics Subject, Tanveer A. Zia

Australian Digital Forensics Conference

Digital forensics is a newly developed subject offered at Charles Sturt University (CSU). This subject serves as one of the core subjects for Master of Information Systems Security (Digital Forensics stream) course. The subject covers the legislative, regulatory, and technical aspects of digital forensics. The modules provide students detailed knowledge on digital forensics legislations, digital crime, forensics processes and procedures, data acquisition and validation, e-discovery tools, e-evidence collection and preservation, investigating operating systems and file systems, network forensics, email and web forensics, presenting reports and testimony as an expert witness. This paper summarises the process of subject development, delivery, assessments, …

Go to article

Forensic Analysis Of The Windows 7 Registry, Khawla Abdulla Alghafli, Andrew Jones, Thomas Anthony Martin Jan 2010

Forensic Analysis Of The Windows 7 Registry, Khawla Abdulla Alghafli, Andrew Jones, Thomas Anthony Martin

Australian Digital Forensics Conference

The recovery of digital evidence of crimes from storage media is an increasingly time consuming process as the capacity of the storage media is in a state of constant growth. It is also a difficult and complex task for the forensic investigator to analyse all of the locations in the storage media. These two factors, when combined, may result in a delay in bringing a case to court. The concept of this paper is to start the initial forensic analysis of the storage media in locations that are most likely to contain digital evidence, the Windows Registry. Consequently, the forensic …

Go to article

The 2010 Personal Firewall Robustness Evaluation, Satnam Singh Bhamra Jan 2010

The 2010 Personal Firewall Robustness Evaluation, Satnam Singh Bhamra

Australian Digital Forensics Conference

With the advent of cheaper Internet connections, the number of Internet connections among home users is on the rise. Generally, home users have little understanding of the security concerns associated with Internet connectivity. To protect against computer attacks, generally a home user may install a personal firewall on his/her computer. To determine the effectiveness of personal firewalls, evaluation tests were performed against the ten firewall products available to users at local electronic stores and listed on popular firewall security websites. The firewalls were tested in their default and maximum security mode. The investigation was carried out by performing a port …

Go to article

Cyber Forensics Assurance, Glenn S. Dardick Jan 2010

Cyber Forensics Assurance, Glenn S. Dardick

Australian Digital Forensics Conference

As the usage of Cyber Forensics increases, so does the potential for errors in the practice of applying Cyber Forensic. Errors in opinions derived from faulty practices have resulted in grievous miscarriages of justice. However, utilizing the foundations of Information Systems Assurance and Information Quality, a solid foundation for improving the quality and effectiveness of Cyber Forensics can be derived. The foundations of Information Systems Assurance and information Quality provide a solid foundation for improving the current efforts in Cyber Forensics. With increasing computer and network systems usage as well as the increasing frequency of attacks on information systems, the …

Go to article

An Investigation Into The Efficacy Of Three Erasure Tools Under Windows 7, Cheng Toy Chiang, Kelvin Triton, Andrew Woodward Jan 2010

An Investigation Into The Efficacy Of Three Erasure Tools Under Windows 7, Cheng Toy Chiang, Kelvin Triton, Andrew Woodward

Australian Digital Forensics Conference

This paper examined three erasure software tools aimed at removing evidence of online and other activity, and was investigated using the Windows 7 operating system as the test platform. The tools in question were Anti- Tracks, Free Internet Eraser and Free Internet Window Washer. The findings included each of the tested software’s ability to completely erase target data on the drive. It also included examined whether the data was erased or merely the link to the data was deleted, making the file recoverable. It was found that the Anti-Tracks program did not erase any of the information targeted by the …

Go to article

An Analysis Of Malfeasant Activity Directed At A Voip Honeypot, Craig Valli Jan 2010

An Analysis Of Malfeasant Activity Directed At A Voip Honeypot, Craig Valli

Australian Digital Forensics Conference

This paper analyses data collected over a nine month period in a simple VoIP honeypot based on simple design initially put forward by Usken(2009). The honeypot collected 2083 events of malfeasant activity directed towards commonly used VoIP ports. These events resulted in a range of activity being recorded from simple enumeration to advanced probing and attempts to compromise the victim honeypot. The analysis involved traditional statistics from packet analysis, using customised scripts for extraction of data and graphical analysis using i2 Analyst Workstation. The analysis has uncovered an escalation of network activity directed towards the honeypot over a nine month …

Go to article

Malware Forensics: Discovery Of The Intent Of Deception, Murray Brand, Craig Valli, Andrew Woodward Jan 2010

Malware Forensics: Discovery Of The Intent Of Deception, Murray Brand, Craig Valli, Andrew Woodward

Australian Digital Forensics Conference

Malicious software (malware) has a wide variety of analysis avoidance techniques that it can employ to hinder forensic analysis. Although legitimate software can incorporate the same analysis avoidance techniques to provide a measure of protection against reverse engineering and to protect intellectual property, malware invariably makes much greater use of such techniques to make detailed analysis labour intensive and very time consuming. Analysis avoidance techniques are so heavily used by malware that the detection of the use of analysis avoidance techniques could be a very good indicator of the presence of malicious intent. However, there is a tendency for analysis …

Go to article

The 2009 Analysis Of Information Remaining On Disks Offered For Sale On The Second Hand Market, Andy Jones, Craig Valli, Glenn S. Dardick, Iain Sutherland, G. Dabibi, Gareth Davies Jan 2010

The 2009 Analysis Of Information Remaining On Disks Offered For Sale On The Second Hand Market, Andy Jones, Craig Valli, Glenn S. Dardick, Iain Sutherland, G. Dabibi, Gareth Davies

Australian Digital Forensics Conference

The ever increasing use and reliance upon computers in both the public and private sector has led to enormous numbers of computers being disposed of at the end of their useful life within an organisation. As the cost of computers has dropped, their use in the home has also continued to increase. In most organisations, computers have a relatively short life and are replaced on a regular basis with the result that, if not properly cleansed of data, they are released into the public domain containing data that can be relatively up to date. This problem is exacerbated by the …

Go to article

Towards An Automated Digital Data Forensic Model With Specific Reference To Investigation Processes, Johan Scholtz, Ajit Narayanan Jan 2010

Towards An Automated Digital Data Forensic Model With Specific Reference To Investigation Processes, Johan Scholtz, Ajit Narayanan

Australian Digital Forensics Conference

Existing digital forensics frameworks do not provide clear guidelines for conducting digital forensics investigation. However, had a framework existed, investigations based on known procedures and processes would follow strict prescribed standardisation. This should direct investigations following a set method for comparisons; ensuring future investigation is following one standard. Digital forensics lack confirmed and tested methods; this became obvious when we consider varied interpretations of the same case by participants using different investigation methods. Previous research covered several approaches to setting a forensics framework, which are mere adaptations of previous models. We found that only a few models present a framework …

Go to article

Remote Access Forensics For Vnc And Rdp On Windows Platform, Paresh Kerai Jan 2010

Remote Access Forensics For Vnc And Rdp On Windows Platform, Paresh Kerai

Australian Digital Forensics Conference

There has been a greater implementation of remote access technologies in recent years. Many organisations are adapting remote technologies such as Virtual Network Computing (VNC) and remote desktop (RDP) applications as customer support application. They use these applications to remotely configure computers and solve computer and network issues of the client on spot. Therefore, the system administrator or the desktop technician does not have to sit on the client computer physically to solve a computer issue. This increase in adaptation of remote applications is of interest to forensic investigators; this is because illegal activities can be performed over the connection. …

Go to article