Physical Sciences and Mathematics Commons^™

Correlating Orphaned Windows Registry Data Structures, Damir Kahvedžić, Tahar Kechadi

Annual ADFSL Conference on Digital Forensics, Security and Law

Recently, it has been shown that deleted entries of the Microsoft Windows registry (keys) may still reside in the system files once the entries have been deleted from the active database. Investigating the complete keys in context may be extremely important from both a Forensic Investigation point of view and a legal point of view where a lack of context can bring doubt to an argument. In this paper we formalise the registry behaviour and show how a retrieved value may not maintain a relation to the part of the registry it belonged to and hence lose that context. We …

Graduate Accounting Students' Perception Of It Forensics: A Multi-Dimensional Analysis, Grover S. Kearns

Annual ADFSL Conference on Digital Forensics, Security and Law

Forensics and information technology (IT) have become increasingly important to accountants and auditors. Undergraduate accounting students are introduced to general IT topics but discussion of forensic knowledge is limited. A few schools have introduced an undergraduate major in forensic accounting. Some graduate schools offer accounting students an emphasis in forensic or fraud accounting that includes instruction in forensics and information technology. When students do not view the IT topics as being equally important to their careers as traditional accounting topics, these attitudes may reduce the quality of the course. In an effort to assess student attitudes, a survey of 46 …

Visualization Of Honeypot Data Using Graphviz And Afterglow, Craig Valli

Annual ADFSL Conference on Digital Forensics, Security and Law

This research in progress paper explores the use of Graphviz and Afterglow for the analysis of data emanating from a honeypot system. Honeypot systems gather a wide range of data that is often difficult to readily search for patterns and trends using conventional log file analysis techniques. The data from the honeypots has been statically extracted and processed through Afterglow scripts to produce inputs suitable for use by the DOT graph based tools contained within Graphviz. This paper explores some of the benefits and drawbacks of currently using this type of approach.

Keywords: honeypot, network forensics, visualization, Graphviz, Afterglow

Spitzer Observations Of The Oldest White Dwarfs In The Solar Neighborhood, Mukremin Kilic, Ted Von Hippel, Et Al.

Publications

We present Spitzer 5-15 μm spectroscopy of one cool white dwarf and 3.6-8 μm photometry of 51 cool white dwarfs with T eff < 6000 K. The majority of our targets have accurate BVRIJHKphotometry and trigonometric parallax measurements available, which enables us to perform a detailed model atmosphere analysis using their optical, near- and mid-infrared photometry with state-of-the-art model atmospheres. We demonstrate that the optical and infrared spectral energy distributions of cool white dwarfs are well reproduced by our grid of models. Our best-fit models are consistent with the observations within 5% in all filters except the IRAC 8 μm band, which has the lowest signal-to-noise ratio photometry. Excluding …

Inverting Color–Magnitude Diagrams To Access Precise Star Cluster Parameters: A New White Dwarf Age For The Hyades, Steven Degennaro, Ted Von Hippel, Et Al.

Publications

We have extended our Bayesian modeling of stellar clusters—which uses main-sequence stellar evolution models, a mapping between initial masses and white dwarf (WD) masses, WD cooling models, and WD atmospheres—to include binary stars, field stars, and two additional main-sequence stellar evolution models. As a critical test of our Bayesian modeling technique, we apply it to Hyades UBV photometry, with membership priors based on proper motions and radial velocities, where available. Under the assumption of a particular set of WD cooling models and atmosphere models, we estimate the age of the Hyades based on cooling WDs to be 648 ± 45 …

Book Review: Clocks In The Sky: The Story Of Pulsars, T. D. Oswalt

Publications

This document is Dr. Oswalt’s review of Clocks in the Sky: The Story of Pulsars by Geoff McNamara, Springer/Praxis, 2008 190p, 9780387765600 $29.95.

Multisite Photometry Of The Pulsating Herbig Ae Star V346 Ori, S. Bernabei, Terry D. Oswalt, V. Ripepi, A. Ruoppo, Et Al.

Publications

The study of pulsation in Pre--Main--Sequence intermediate-mass stars represents an important tool for deriving information on fundamental stellar parameters and internal structure, as well as for testing current theoretical models. Interest in this class of variable stars has significantly increased during the last decade and about 30 members are presently known in the literature. AIMS: We have constructed the frequency spectrum of the oscillations in V346 Ori. We apply asteroseismic tools to these data to estimate the intrinsic parameters (mass, luminosity, effective temperature) of V346 Ori and to obtain information on its internal structure. METHODS: CCD time series photometry in …

Numerical Simulations Of Snake Dissipative Solitons In Complex Cubic-Quintic Ginzburg-Landau Equation, S.C. Mancas, Harihar Khanal

Publications

Numerical simulations of the complex cubic-quintic Ginzburg-Landau equation (CCQGLE), a canonical equation governing the weakly nonlinear behavior of dissipative systems in a wide variety of disciplines, reveal five entirely novel classes of pulse or solitary waves solutions, viz. pulsating, creeping, snaking, erupting, and chaotical solitons. Here, we develop a theoretical framework for analyzing the full spatio-temporal structure of one class of dissipative solution (snaking soliton) of the CCQGLE using the variational approximation technique and the dynamical systems theory. The qualitative behavior of the snaking soliton is investigated using the numerical simulations of (a) the full nonlinear complex partial differential equation …

Spatiotemporal Structure Of Pulsating Solitons In The Cubic-Quintic Ginzburg-Landau Equation: A Novel Variational Formulation, S.C. Mancas, S. Roy Choudhury

Publications

Comprehensive numerical simulations (reviewed in Dissipative Solitons, Akhmediev and Ankiewicz (Eds.), Springer, Berlin, 2005) of pulse solutions of the cubic–quintic Ginzburg–Landau Equation (CGLE), a canonical equation governing the weakly nonlinear behavior of dissipative systems in a wide variety of disciplines, reveal various intriguing and entirely novel classes of solutions. In particular, there are five new classes of pulse or solitary waves solutions, viz. pulsating, creeping, snake, erupting, and chaotic solitons. In contrast to the regular solitary waves investigated in numerous integrable and non-integrable systems over the last three decades, these dissipative solitons are not stationary in time. Rather, they are …

Back Matter

Journal of Digital Forensics, Security and Law

No abstract provided.

Masthead

Journal of Digital Forensics, Security and Law

No abstract provided.

Front Matter

Journal of Digital Forensics, Security and Law

No abstract provided.

Photometric Calibrations For 21st Century Science, Stephen M. Kent, Terry D. Oswalt, Mary Elizabeth Kaiser, Et Al.

Publications

The answers to fundamental science questions in astrophysics, ranging from the history of the expansion of the universe to the sizes of nearby stars, hinge on our ability to make precise measurements of diverse astronomical objects. As our knowledge of the underlying physics of objects improves along with advances in detectors and instrumentation, the limits on our capability to extract science from measurements is set, not by our lack of understanding of the nature of these objects, but rather by the most mundane of all issues: the precision with which we can calibrate observations in physical units. We stress the …

Dynamical And Precipitation Structures Of Poleward-Moving Tropical Cyclones In Eastern Canada, 1979-2005, Shawn M. Milrad, Eyad H. Atallah, John R. Gyakum

Publications

Tropical cyclones in the western North Atlantic basin are a persistent threat to human interests along the east coast of North America. Occurring mainly during the late summer and early autumn, these storms often cause strong winds and extreme rainfall and can have a large impact on the weather of eastern Canada. From 1979 to 2005, 40 named (by the National Hurricane Center) tropical cyclones tracked over eastern Canada. Based on the time tendency of the low-level (850–700 hPa) vorticity, the storms are partitioned into two groups: ‘‘intensifying’’ and ‘‘decaying.’’ The 16 intensifying and 12 decaying cases are then analyzed …

The Dust Cloud Around The White Dwarf G 29-38. Ii. Spectrum From 5 To 40 Μm And Mid-Infrared Photometric Variability, William T. Reach, Ted Von Hippel, Et Al.

Publications

We model the mineralogy and distribution of dust around the white dwarf G29-39 using the infrared spectrum from 1 to 35 μm. The spectral model for G29-38 dust combines a wide range of materials based on spectral studies of comets and debris disks. In order of their contribution to the mid-infrared emission, the most abundant minerals around G29-38 are amorphous carbon (λ < 8 μm), amorphous and crystalline silicates (5-40 μm), water ice (10-15 and 23-35 μm), and metal sulfides (18-28 μm). The amorphous C can be equivalently replaced by other materials (like metallic Fe) with featureless infrared spectra. The best-fitting crystalline silicate is Fe-rich pyroxene. In order to absorb enough starlight to power the observed emission, the disk must either be much thinner than the stellar radius (so that it can be heated from above and below) or it must have an opening angle wider than 2°. A "moderately optically thick" torus model fits well if the dust extends inward to 50 times the white dwarf radius, all grains hotter than 1100 K are vaporized, the optical depth from the star through the disk is τ∥ = 5, and the radial density profile ∝r –2.7; the total mass of this model disk is 2 × 1019 g. A physically thin (less than the white dwarf radius) and optically thick disk can contribute to the near-infrared continuum only; such a disk cannot …

Book Review: Electronic Imaging In Astronomy: Detectors And Instrumentation 2nd Ed., T. D. Oswalt

Publications

This document is Dr. Oswalt’s review of Electronic imaging in astronomy : detectors and instrumentation 2nd ed. by Ian S. McLean, Springer/Praxis, 2008 552p, 9783540765820 $99.00

Continuous Fraud Detection In Enterprise Systems Through Audit Trail Analysis, Peter J. Best, Pall Rikhardsson, Mark Toleman

Journal of Digital Forensics, Security and Law

Enterprise systems, real time recording and real time reporting pose new and significant challenges to the accounting and auditing professions. This includes developing methods and tools for continuous assurance and fraud detection. In this paper we propose a methodology for continuous fraud detection that exploits security audit logs, changes in master records and accounting audit trails in enterprise systems. The steps in this process are: (1) threat monitoringsurveillance of security audit logs for ‘red flags’, (2) automated extraction and analysis of data from audit trails, and (3) using forensic investigation techniques to determine whether a fraud has actually occurred. We …

Visualisation Of Honeypot Data Using Graphviz And Afterglow, Craig Valli

Journal of Digital Forensics, Security and Law

This research in progress paper explores the use of Graphviz and Afterglow for the analysis of data emanating from a honeypot system. Honeypot systems gather a wide range of data that is often difficult to readily search for patterns and trends using conventional log file analysis techniques. The data from the honeypots has been statically extracted and processed through Afterglow scripts to produce inputs suitable for use by the DOT graph based tools contained within Graphviz. This paper explores some of the benefits and drawbacks of currently using this type of approach.

The Impact Of Hard Disk Firmware Steganography On Computer Forensics, Iain Sutherland, Gareth Davies, Nick Pringle, Andrew Blyth

Journal of Digital Forensics, Security and Law

The hard disk drive is probably the predominant form of storage media and is a primary data source in a forensic investigation. The majority of available software tools and literature relating to the investigation of the structure and content contained within a hard disk drive concerns the extraction and analysis of evidence from the various file systems which can reside in the user accessible area of the disk. It is known that there are other areas of the hard disk drive which could be used to conceal information, such as the Host Protected Area and the Device Configuration Overlay. There …

Bluetooth Hacking: A Case Study, Dennis Browning, Gary C. Kessler

Journal of Digital Forensics, Security and Law

This paper describes a student project examining mechanisms with which to attack Bluetooth-enabled devices. The paper briefly describes the protocol architecture of Bluetooth and the Java interface that programmers can use to connect to Bluetooth communication services. Several types of attacks are described, along with a detailed example of two attack tools, Bloover II and BT Info.

Detection Of Steganography-Producing Software Artifacts On Crime-Related Seized Computers, Asawaree Kulkarni, James Goldman, Brad Nabholz, William Eyre

Journal of Digital Forensics, Security and Law

Steganography is the art and science of hiding information within information so that an observer does not know that communication is taking place. Bad actors passing information using steganography are of concern to the national security establishment and law enforcement. An attempt was made to determine if steganography was being used by criminals to communicate information. Web crawling technology was used and images were downloaded from Web sites that were considered as likely candidates for containing information hidden using steganographic techniques. A detection tool was used to analyze these images. The research failed to demonstrate that steganography was prevalent on …

Correlating Orphaned Windows Registry Data Structures, Damir Kahvedžić, Tahar Kechadi

Journal of Digital Forensics, Security and Law

Recently, it has been shown that deleted entries of the Microsoft Windows registry (keys) may still reside in the system files once the entries have been deleted from the active database. Investigating the complete keys in context may be extremely important from both a Forensic Investigation point of view and a legal point of view where a lack of context can bring doubt to an argument. In this paper we formalise the registry behaviour and show how a retrieved value may not maintain a relation to the part of the registry it belonged to and hence lose that context. We …

To License Or Not To License Revisited: An Examination Of State Statutes Regarding Private Investigators And Digital Examiners, Thomas Lonardo, Doug White, Alan Rea

Journal of Digital Forensics, Security and Law

In this update to the previous year's study, the authors examine statutes that regulate, license, and enforce investigative functions in each US state. After identification and review of Private Investigator licensing requirements, the authors find that very few state statutes explicitly differentiate between Private Investigators and Digital Examiners. After contacting all state agencies the authors present a distinct grouping organizing state approaches to professional Digital Examiner licensing. The authors conclude that states must differentiate between Private Investigator and Digital Examiner licensing requirements and oversight.

Book Review: Cyber Security And Global Information Assurance: Threat Analysis And Response Solutions, Gary C. Kessler

Journal of Digital Forensics, Security and Law

I freely admit that this book was sent to me by the publisher for the expressed purpose of my writing a review and that I know several of the chapter authors. With that disclosure out of the way, let me say that the book is well worth the review (and I get to keep my review copy).
The preface to the book cites the 2003 publication of The National Strategy to Secure Cyberspace by the White House, and the acknowledgement by the U.S. government that our economy and national security were fully dependent upon computers, networks, and the telecommunications infrastructure. …

Insecurity By Obscurity: A Review Of Soho Router Literature From A Network Security Perspective, Patryk Szewczyk, Craig Valli

Journal of Digital Forensics, Security and Law

Because of prevalent threats to SoHo based ADSL Routers, many more devices are compromised. Whilst an end-user may be at fault for not applying the appropriate security mechanisms to counter these threats, vendors should equally share the blame. This paper reveals that the lack of security related content and poor overall design could impact on end-users’ interpretation and willingness to implement security controls on their ADSL router. It argues that whilst the number of threats circulating the Internet is increasing, vendors are not improving their product literature.

Electronic Forms-Based Computing For Evidentiary Analysis, Andy Luse, Brian Mennecke, Anthony M. Townsend

Journal of Digital Forensics, Security and Law

The paperwork associated with evidentiary collection and analysis is a highly repetitive and time-consuming process which often involves duplication of work and can frequently result in documentary errors. Electronic entry of evidencerelated information can facilitate greater accuracy and less time spent on data entry. This manuscript describes a general framework for the implementation of an electronic tablet-based system for evidentiary processing. This framework is then utilized in the design and implementation of an electronic tablet-based evidentiary input prototype system developed for use by forensic laboratories which serves as a verification of the proposed framework. The manuscript concludes with a discussion …

A Synopsis Of Proposed Data Protection Legislation In Sa, Francis S. Cronjé

Journal of Digital Forensics, Security and Law

Privacy International1 made the following statement regarding South Africa’s financial sector in its 2005 world survey: “South Africa has a well-developed financial system and banking infrastructure. Despite the sophistication of the financial sector, the privacy of financial information is weakly regulated by a code of conduct for banks issued by the Banking Council.” This extract highlights some of the problems South Africa are experiencing with its current status on privacy as viewed from an International perspective. In recent years the International society has stepped up its efforts in creating a global village wherein the individual could be assured of having …

Prevention Is Better Than Prosecution: Deepening The Defence Against Cyber Crime, Jacqueline Fick

Journal of Digital Forensics, Security and Law

In the paper the author proposes that effectively and efficiently addressing cyber crime requires a shift in paradigm. For businesses and government departments alike the focus should be on prevention, rather than the prosecution of cyber criminals. The Defence in Depth strategy poses a practical solution for achieving Information Assurance in today’s highly networked environments. In a world where “absolute security” is an unachievable goal, the concept of Information Assurance poses significant benefits to securing one of an organization’s most valuable assets: Information. It will be argued that the approach of achieving Information Assurance within an organisation, coupled with the …

Table Of Contents

Journal of Digital Forensics, Security and Law

No abstract provided.

Table Of Contents

Journal of Digital Forensics, Security and Law

No abstract provided.