Open Access. Powered by Scholars. Published by Universities.®
Physical Sciences and Mathematics Commons™
Open Access. Powered by Scholars. Published by Universities.®
- Keyword
-
- [RSTDPub] (5)
- Digital forensics (3)
- Forensic (2)
- Forensic Computing (2)
- Honeynet (2)
-
- ICQ (2)
- Software (2)
- Abnormality ranking (1)
- Analysis (1)
- Anomaly detection (1)
- Attack vector (1)
- Cell phone evidence (1)
- Chntpw (1)
- Computer Forensics (1)
- Computer crime (1)
- Detection (1)
- Digital Evidence (1)
- Digital device forensics (1)
- Digital evidence (1)
- Ecrime (1)
- Electronic surveillance (1)
- Email (1)
- Enron email corpus (1)
- Enterprise computer forensics (1)
- Erasure software (1)
- Evidence acquisition (1)
- Extraction (1)
- FORZA framework (1)
- Firewall testing (1)
- Forensic Computing methodologies (1)
Articles 1 - 17 of 17
Full-Text Articles in Physical Sciences and Mathematics
A Methodology For The Examination Of The Effectiveness Of Secure Erasure Tools Running On Windows Xp - Research In Progress, Anthony Hadfield, Michael Ahern, Leo Sell, Andrew Woodward
A Methodology For The Examination Of The Effectiveness Of Secure Erasure Tools Running On Windows Xp - Research In Progress, Anthony Hadfield, Michael Ahern, Leo Sell, Andrew Woodward
Australian Digital Forensics Conference
Currently, there appears to be a lack of academic research in the area of testing the efficacy of secure erasure applications and utilities in regard to the activities of an average user in a home or small business context. This research in progress aims to develop a testing methodology that will provide a forensically sound base for which to analyse these tools. It involves the installation of various Internet related applications (for example browsers, instant messaging software and download clients), and the use of these applications for typical Internet activities (e.g. internet banking, instant messaging, web browsing and other activities …
A Digital Forensic Practitioner's Guide To Giving Evidence In A Court Of Law, Shayne Sherman
A Digital Forensic Practitioner's Guide To Giving Evidence In A Court Of Law, Shayne Sherman
Australian Digital Forensics Conference
An expert in IT forensics can discover significant and damning evidence that may convict a suspect. However, no matter how momentous the evidence or how clever you may have been at recovering it, if you can’t present the evidence in a coherent and understandable way to the court the case may be lost. This paper will attempt to provide you with some translation tools and methods to assist the IT professional in giving comprehensible forensic evidence in a criminal prosecution or at Industrial Relations Commissions to jurors and the judiciary about highly complex IT concepts and recovery methodology. By using …
Bitlocker - The End Of Digital Forensics?, Andrew Woodward
Bitlocker - The End Of Digital Forensics?, Andrew Woodward
Australian Digital Forensics Conference
Microsoft’s upcoming operating system release, Windows Vista, contains the option to encrypt all information on a hard drive. Previous versions of Windows have used the encrypting file system (EFS), allowing users to selectively encrypt files and folders on a drive. The technology is called BitLocker, and poses a problem for forensic investigators, as all information on the drive will be encrypted, and therefore unreadable. The technology has some limitations, such as only 2 versions out of the 5 available contain this technology and it also requires a trusted platform module (TPM) in order to operate. Other inherent limitations, along with …
Leading Hackers Down The Garden Path, Suen Yek
Leading Hackers Down The Garden Path, Suen Yek
Australian Digital Forensics Conference
Can a hacker be controlled by predetermined deception? Limiting the decision making capabilities of hackers is one technique of network countermeasure that a honeynet enables. By furnishing a honeynet with a realistic range of services but restricted vulnerabilities, a hacker may be forced to direct their attacks to the only available exploits. This research discusses the deployment of a honeynet configured with a deceptive TELNET and TFTP exploit. Four hackers were invited to attack the honeynet and the analysis of their compromise identified if they engaged in a guided pathway to the intended deception. Hand trace analysis was performed on …
Freeware Live Forensics Tools Evaluation And Operation Tips, Ricci Ieong
Freeware Live Forensics Tools Evaluation And Operation Tips, Ricci Ieong
Australian Digital Forensics Conference
Highlighted by a digital forensics investigation specialists from FBI in DFRWS 2006, live forensics investigations already become one of the most important procedures in digital forensics investigations. Many digital forensics investigation product companies have already joint the battlefield in developing their only live forensics tools. However, similar to the development trend in traditional digital forensics, evaluation criteria for Live Digital Forensics could only be standardized after operating procedures being standardized. One way to standardize the Live Digital Forensics Investigation procedure is to define the investigation objectives around the core digital forensics principles. Through the use of FORZA framework, a more …
A Fuzzy Approach For Detecting Anomalous Behaviour In E-Mail Traffic, Mark Jynhuey Lim, Michael Negnevitsky, Jacky Hartnett
A Fuzzy Approach For Detecting Anomalous Behaviour In E-Mail Traffic, Mark Jynhuey Lim, Michael Negnevitsky, Jacky Hartnett
Australian Digital Forensics Conference
This paper investigates the use of fuzzy inference for detection of abnormal changes in email traffic communication behaviour. Several communication behaviour measures and metrics are defined for extracting information on the traffic communication behaviour of email users. The information from these behaviour measures is then combined using a hierarchy of fuzzy inference systems, to provide an abnormality rating for overall changes in communication behaviour of suspect email accounts. The use of fuzzy inference is then demonstrated with a case study investigating the email traffic behaviour of a person’s email accounts from the Enron email corpus.
Voice Over Ip: Forensic Computing Implications, Matthew Simon, Jill Slay
Voice Over Ip: Forensic Computing Implications, Matthew Simon, Jill Slay
Australian Digital Forensics Conference
The issues faced by law enforcement authorities concerning VoIP are very different from that of traditional telephony. VoIP provides strong encryption and a decentralised databased network. Wiretapping is not applicable to VoIP calls and packet capturing is negated by encryption. New methods are required to collect evidence from systems running VoIP software. This paper presents work in progress and, based on a literature review of the field, explores a methodology that may be used to advance this research area.
Validation Of Forensic Computing Software Utilizing Black Box Testing Techniques, Tom Wilsdon, Jill Slay
Validation Of Forensic Computing Software Utilizing Black Box Testing Techniques, Tom Wilsdon, Jill Slay
Australian Digital Forensics Conference
The process of validating the correct operation of software is difficult for a variety of reasons. The need to validate software utilised as forensic computing tools suffers the same fate and is hampered to a greater extent with the source code of said tools usually not being accessible. Therefore a testing regime must be developed that offers a high degree of correctness and high probability of finding software faults with limited ability to view source code. Software testing is a complex component of software engineering in its own right. This complexity is encountered with an infinite number of environments posed …
Taxonomy Of Computer Forensics Methodologies And Procedures For Digital Evidence Seizure, Krishnun Sansurooah
Taxonomy Of Computer Forensics Methodologies And Procedures For Digital Evidence Seizure, Krishnun Sansurooah
Australian Digital Forensics Conference
The increase risk and incidence of computer misuse has raised awareness in public and private sectors of the need to develop defensive and offensives responses. Such increase in incidence of criminal, illegal and inappropriate computer behavior has resulted in organizations forming specialist teams to investigate these behaviors. There is now widespread recognition of the importance of specialised forensic computing investigation teams that are able to operate. Forensics analysis is the process of accurately documenting and interpreting information more precisely digital evidence for the presentation to an authoritative group and in most cases that group would be a court of law. …
Enterprise Computer Forensics: A Defensive And Offensive Strategy To Fight Computer Crime, Fahmid Imtiaz
Enterprise Computer Forensics: A Defensive And Offensive Strategy To Fight Computer Crime, Fahmid Imtiaz
Australian Digital Forensics Conference
As days pass and the cyber space grows, so does the number of computer crimes. The need for enterprise computer forensic capability is going to become a vital decision for the CEO’s of large or even medium sized corporations for information security and integrity over the next couple of years. Now days, most of the companies don’t have in house computer/digital forensic team to handle a specific incident or a corporate misconduct, but having digital forensic capability is very important and forensic auditing is very crucial even for small to medium sized organizations. Most of the corporations and organizations are …
Mobile Handset Forensic Evidence: A Challenge For Law Enforcement, Marwan Al-Zarouni
Mobile Handset Forensic Evidence: A Challenge For Law Enforcement, Marwan Al-Zarouni
Australian Digital Forensics Conference
Mobile phone proliferation in our societies is on the increase. Advances in semiconductor technologies related to mobile phones and the increase of computing power of mobile phones led to an increase of functionality of mobile phones while keeping the size of such devices small enough to fit in a pocket. This led mobile phones to become portable data carriers. This in turn increased the potential for data stored on mobile phone handsets to be used as evidence in civil or criminal cases. This paper examines the nature of some of the newer pieces of information that can become potential evidence …
Honeypots: How Do You Know When You Are Inside One?, Simon Innes, Craig Valli
Honeypots: How Do You Know When You Are Inside One?, Simon Innes, Craig Valli
Australian Digital Forensics Conference
This paper will discuss honeypots and their use and effectiveness as a security measure in an IT environment. It will specifically discuss various methods of honeypot implementations. Furthermore, this paper will look into the weaknesses within a honeypot system. This will include attacks against honeypots and methods a hacker may use to detect the presence of a honeypot or the fact that he/she is actually inside one. Finally this paper will discuss methods of further securing honeypots and ways the community is dealing with security flaws as they are identified
Enhancing The Forensic Icq Logfile Extraction Tool, Kim Morfitt
Enhancing The Forensic Icq Logfile Extraction Tool, Kim Morfitt
Australian Digital Forensics Conference
Programmers of forensic tools need to ensure that their tools are of suitable use, robustness and correctness for their output to be used as evidence. One tool for logfile extraction that is currently under development and is intended for forensic use extracts information from ICQ clients has several limitations that need to be overcome before it is of significant value to forensic investigators. This paper covers the process and research involved in further developing the tool, and overcoming a subset of the limitations of the tool. It also documents what was learnt in the process about the logfiles and the …
Structural Analysis Of The Log Files Of The Icq Client Version 2003b, Kim Morfitt
Structural Analysis Of The Log Files Of The Icq Client Version 2003b, Kim Morfitt
Australian Digital Forensics Conference
Instant messenger programs can generate log files of user interactions which are of interest to forensic investigators. Some of the log files are in formats that are difficult for investigators to extract useful and accurate information from. The official ICQ client is one such program. Users log files are stored in a binary format that is difficult to understand and often changes with different client versions. Previous research has been performed that documents the format of the log files, however this research only covers earlier versions of the client. This paper explores the 2003b version of the ICQ client. It …
Personal Firewalls - Testing Robustness, Patryk Szewczyk, Craig Valli
Personal Firewalls - Testing Robustness, Patryk Szewczyk, Craig Valli
Australian Digital Forensics Conference
Consumers require personal firewalls that are highly secure, easy to use, configurable and uptodate with the latest signatures to detect malicious network activity. Robustness tests were performed on a selection of the ten most popular firewalls by market share. The test system used was a vanilla installation of Windows XP with SP2 and all the most recent updates and patches. Each firewall was installed with its default configuration following the didactic instructions given by the firewall. The investigation was carried out by performing an installation, penetration, performance and update test. A third party bitTorrent application was also installed mimicking a …
Forensic Analysis Of The Contents Of Nokia Mobile Phones, B. Williamson, P. Apeldoorn, B. Cheam, M. Mcdonald
Forensic Analysis Of The Contents Of Nokia Mobile Phones, B. Williamson, P. Apeldoorn, B. Cheam, M. Mcdonald
Australian Digital Forensics Conference
Acquiring information from a mobile phone is now an important issue in many criminal investigations. Mobile phones can contain large amounts of information which can be of use in an investigation. These include typical mobile device data including SMS, phone records and calendar and diary entries. As the difference between a PDA and a mobile phone is now blurred, the data that can reside on a mobile phone is somewhat endless. This report focuses on the performance of different mobile phone forensic software devices, and reports the findings. All aspects of the different software pieces will be reported, as well …
Liars - Laptop Inspector And Recovery System, Andrew Woodward
Liars - Laptop Inspector And Recovery System, Andrew Woodward
Australian Digital Forensics Conference
Of the many notebook computers which are stolen, a large number are subsequently recovered. However, if the device is password protected, and the serial number has been removed, then it is difficult for police or other authorities to trace the legitimate owner. The squad dedicated to computer related crime do not have sufficient resources to conduct a thorough forensic examination of every laptop in order to determine its rightful owner. This project aims to produce a tool which can be used by virtually any police officer, or other person, which does not alter the hard drive in any fashion. This …