Open Access. Powered by Scholars. Published by Universities.®

Physical Sciences and Mathematics Commons

Open Access. Powered by Scholars. Published by Universities.®

2008

Edith Cowan University

Articles 1 - 30 of 83

Full-Text Articles in Physical Sciences and Mathematics

Iphone Forensics Methodology And Tools, Haitham Al-Hajri, Krishnun Sansurooah Dec 2008

Iphone Forensics Methodology And Tools, Haitham Al-Hajri, Krishnun Sansurooah

Australian Digital Forensics Conference

iPhone mobile devices are rapidly overtaking the new generation of mobile phones market, especially among the young generation. It is also gaining a lot of popularity among security specialists and fancy gadgets for collectors. The device is considered as a “special” mobile phone due to its ability to perform multi-operations if not multitasking. It can therefore be used as a entertainment media device, a camera, a GPS, Internet surfing via Wi-Fi technology, Internet Mobile Edge Services, personal organizer, and finally performing as a cell phone with all the usual services including sms, and so forth. However, the difference between the …

Go to article

Information Sharing: Hackers Vs Law Enforcement, David P. Biros, Mark Weiser, Jim Burkman, Jason Nichols Dec 2008

Information Sharing: Hackers Vs Law Enforcement, David P. Biros, Mark Weiser, Jim Burkman, Jason Nichols

Australian Information Warfare and Security Conference

The fields of information assurance and digital forensics continue to grow in both importance and complexity, spurred on by rapid advancement in digital crime. Contemporary law enforcement professionals facing such issues quickly discover that they cannot be successful while operating in a vacuum and turn to colleagues for assistance. However, there is a clear need for greater IT-based knowledge sharing capabilities amongst law enforcement organizations; an environment historically typified by a silo mentality. A number of efforts have attempted to provide such capabilities, only to be met with limited enthusiasm and difficulties in sustaining continued use. Conversely, the hacker community …

Go to article

Security Metrics - A Critical Analysis Of Current Methods, Manwinder Kaur, Andy Jones Dec 2008

Security Metrics - A Critical Analysis Of Current Methods, Manwinder Kaur, Andy Jones

Australian Information Warfare and Security Conference

This paper documents and analyses a number of security metrics currently in popular use. These will include government standards and commercial methods of measuring security on networks. It will conclude with a critical look at some of the problems and challenges faced when using the metrics available today, and also with the development of new metrics.

Go to article

Protecting Critical Infrastructure With Games Technology, Adrian Boeing, Martin Masek, Bill Bailey Dec 2008

Protecting Critical Infrastructure With Games Technology, Adrian Boeing, Martin Masek, Bill Bailey

Australian Information Warfare and Security Conference

It is widely recognised that there is a considerable gap in the protection of the national infrastructure. Trying to identify what is in fact ‘critical’ is proving to be very difficult as threats constantly evolve. An interactive prototyping tool is useful in playing out scenarios and simulating the effect of change, however existing simulators in the critical infrastructure area are typically limited in the visual representation and interactivity. To remedy this we propose the use of games technology. Through its use, critical infrastructure scenarios can be rapidly constructed, tested, and refined. In this paper, we highlight the features of games …

Go to article

A Holistic Scada Security Standard For The Australian Context, Christopher Beggs Dec 2008

A Holistic Scada Security Standard For The Australian Context, Christopher Beggs

Australian Information Warfare and Security Conference

Supervisory Control and Data Acquisition (SCADA) systems which control Australia’s critical infrastructure are currently demonstrating signs of vulnerabilities as they are being interconnected to corporate networks, essentially exposing them to malicious threats. This paper discusses the vulnerabilities associated with SCADA systems, as well as discussing various SCADA standards and initiatives that have been developed in recent years to mitigate such threats. The paper presents the requirement for a holistic SCADA security standard that is practical and feasible for each SCADA industry sector.

Go to article

Visualisation Of Critical Infrastructure Failure, W D. Wilde, M J. Warren Dec 2008

Visualisation Of Critical Infrastructure Failure, W D. Wilde, M J. Warren

Australian Information Warfare and Security Conference

The paper explores the complexity of critical infrastructure and critical infrastructure failure (CIF), real life examples are used to discuss the complexity involved. The paper then discusses what Visualisation is and how Visualisation can be applied to a security situation, in particular critical infrastructure. The paper concludes by discussing the future direction of the research.

Go to article

Media, Government And Manipulation: The Cases Of The Two Gulf Wars, William Hutchinson Dec 2008

Media, Government And Manipulation: The Cases Of The Two Gulf Wars, William Hutchinson

Australian Information Warfare and Security Conference

This paper explores the bias and manipulation of the Western mass media during the Gulf wars of 1991 and 2003. The tactics of compliance and the ethics of the press and journalists are examined. The need for a pluralist press is extolled.

Go to article

The Malware Analysis Body Of Knowledge (Mabok), Craig Valli Mar 2008

The Malware Analysis Body Of Knowledge (Mabok), Craig Valli

Australian Digital Forensics Conference

The ability to forensically analyse malicious software (malware) is becoming an increasingly important discipline in the field of Digital Forensics. This is because malware is becoming stealthier, targeted, profit driven, managed by criminal organizations, harder to detect and much harder to analyse. Malware analysis requires a considerable skill set to delve deep into malware internals when it is designed specifically to detect and hinder such attempts. This paper presents a foundation for a Malware Analysis Body of Knowledge (MABOK) that is required to successfully forensically analyse malware. This body of knowledge has been the result of several years of research …

Go to article

Survey And Future Trends Of Efficient Cryptographic Function Implementations On Gpgpus, Adrian Boeing Mar 2008

Survey And Future Trends Of Efficient Cryptographic Function Implementations On Gpgpus, Adrian Boeing

Australian Digital Forensics Conference

Many standard cryptographic functions are designed to benefit from hardware specific implementations. As a result, there have been a large number of highly efficient ASIC and FPGA hardware based implementations of standard cryptographic functions. Previously, hardware accelerated devices were only available to a limited set of users. General Purpose Graphic Processing Units (GPGPUs) have become a standard consumer item and have demonstrated orders of magnitude performance improvements for general purpose computation, including cryptographic functions. This paper reviews the current and future trends in GPU technology, and examines its potential impact on current cryptographic practices.

Go to article

Email 'Message-Ids' Helpful For Forensic Analysis?, Satheesaan Pasupatheeswaran Mar 2008

Email 'Message-Ids' Helpful For Forensic Analysis?, Satheesaan Pasupatheeswaran

Australian Digital Forensics Conference

Finding the source of spoofed email is a challenging task for forensic investigators. Header of an email has several fields that can be used for investigation. An investigator can easily understand the evidences embedded within most of the header fields of an email, except the message-id field. Therefore, there is a need to understand how message-ids are constructed and what useful information can be recovered from them. The immediate aim of the analysis is to find the message-id construction mechanism of ‘Sendmail’ mail transfer agent (MTA) version 8.14 and how the findings can be used successfully in forensic analysis. Source …

Go to article

Malware Detection And Removal: An Examination Of Personal Anti-Virus Software, Patryk Szewczyk, Murray Brand Mar 2008

Malware Detection And Removal: An Examination Of Personal Anti-Virus Software, Patryk Szewczyk, Murray Brand

Australian Digital Forensics Conference

SoHo users are increasingly faced with the dilemma of applying appropriate security mechanisms to their computer with little or no knowledge of which countermeasure will deal with which potential threat. As problematic as it may seem for individuals to apply appropriate safeguards, individuals with malicious intent are advancing methods by which malicious software may operate undetected on a target host. Previous research has identified that there are numerous ways in which malware may go undetected on a target workstation. This paper examines the quality of malware removal programs currently available on the market, which consumers may use whilst utilising the …

Go to article

Data Hiding In Windows Executable Files, Daemin Shin, Yeog Kim, Keunduck Byun, Sangjin Lee Mar 2008

Data Hiding In Windows Executable Files, Daemin Shin, Yeog Kim, Keunduck Byun, Sangjin Lee

Australian Digital Forensics Conference

A common technique for hiding information in executable files is the embedding a limited amount of information in program binaries. The hiding technique is commonly achieved by using special software tools as e.g. the tools presented by Hydan and Stilo in (Rakan, 2004, Bertrand, 2005). These tools can be used to commit crimes as e.g. industrial spy activities or other forms of illegal data access. In this paper, we propose new methods for hiding information in Portable Executable (PE) files. PE is a file format for executables used in the 32-bit and 64-bit versions of the Windows operating system. In …

Go to article

Subverting National Internet Censorship - An Investigation Into Existing Tools And Techniques, Jason Smart, Kyle Tedeschi, Daniel Meakins, Peter Hannay, Christopher Bolan Mar 2008

Subverting National Internet Censorship - An Investigation Into Existing Tools And Techniques, Jason Smart, Kyle Tedeschi, Daniel Meakins, Peter Hannay, Christopher Bolan

Australian Digital Forensics Conference

The announcement of a trial of a National level internet filter in Australia has caused renewed interest in the arena of internet censorship. Whilst details on the schemes being tested have been fairly sparse the announcement of the trial itself, has drawn wide condemnation from privacy advocates throughout the world. Given this announcement it was decided to test and compare three of the most popular free tools available that allow for the bypassing of internet censorship devices such as those used within China. Tests were conducted using three software packages, Freegate, GPass and GTunnel which were analysed through packet capture …

Go to article

Industrial Espionage From Residual Data: Risks And Countermeasures, Iain Sutherland Mar 2008

Industrial Espionage From Residual Data: Risks And Countermeasures, Iain Sutherland

Australian Digital Forensics Conference

This paper outlines the possible recovery of potentially sensitive corporate information from residual data. It outlines previous work on the recovery of information contained on second hand hard disks and handheld devices and discusses the risk of individuals conducting industrial espionage by targeting specific organizations. It examines the possible avenues for an attacker to obtain a storage device, then discusses the skill level required to extract information from the storage devices and considers the potential risk to an organization from this particular avenue of attack. The paper concludes by proposing a number of possible countermeasures to enable organizations to reduce …

Go to article

The 2008 Australian Study Of Remnant Data Contained On 2nd Hand Hard Disks: The Saga Continues, Craig Valli, Andrew Woodward Mar 2008

The 2008 Australian Study Of Remnant Data Contained On 2nd Hand Hard Disks: The Saga Continues, Craig Valli, Andrew Woodward

Australian Digital Forensics Conference

This study looked for remnant data on enterprise level hard drives that were purchased through auctions. The drives were analysed for information, be it topical or formatted. In the event that drives were formatted, forensic tools were used to recover this data. This years study revealed a high level of not simply un-erased drives, but drives which contained information that related to critical infrastructure providers. That such a small sample size yielded such a high rate of un-erased drives is of considerable concern, and it may be necessary for the government to become involved.

Go to article

Issues Common To Australian Critical Infrastructure Providers Scada Networks Discovered Through Computer And Network Vulnerability Analysis, Craig Valli Mar 2008

Issues Common To Australian Critical Infrastructure Providers Scada Networks Discovered Through Computer And Network Vulnerability Analysis, Craig Valli

Australian Digital Forensics Conference

This paper reports on generic issues discovered as a result of conducting computer and network vulnerability assessments (CNVA) on Australian critical infrastructure providers. Generic issues discovered included policy, governance, IT specific such as segregation, patching and updating. Physical security was also lacking in some cases. Another issue was that previous security audits had failed to identify any of these issues. Of major concern is that despite education and awareness programs, and a body of knowledge referring to these issues, they are still occurring. It may be necessary for the federal government to force organisations to undergo computer and network vulnerability …

Go to article

Forensic Acquisition And Analysis Of The Tomtom One Satellite Navigation Unit, Peter Hannay Mar 2008

Forensic Acquisition And Analysis Of The Tomtom One Satellite Navigation Unit, Peter Hannay

Australian Digital Forensics Conference

Global Positioning Systems are becoming increasingly pervasive. The forensic acquisition and analysis of these units is of great interest as it has the potential to yield historic locational data for these units. Analysis of the TomTom one satellite navigation unit has resulted in a method to reliably extract historic data from these devices in a forensically sound manner.

Go to article

Extraction Of User Activity Through Comparison Of Windows Restore Points, Damir Kahvedžić, Tahar Kechadi Mar 2008

Extraction Of User Activity Through Comparison Of Windows Restore Points, Damir Kahvedžić, Tahar Kechadi

Australian Digital Forensics Conference

The extraction of past user activity is one of the main goals in the analysis of digital evidence. In this paper we present a methodology for extracting this activity by comparing multiple Restore Points found in the Windows XP operating system. We concentrate on comparing the copies of the registry hives found within these points. The registry copies represent a snapshot in time of the state of the system. Differences between them can reveal user activity from one instant to another. This approach is implemented and presented as a tool that is able to compare any set of offline hive …

Go to article

Malware, Viruses And Log Visualisation, Iain Swanson Mar 2008

Malware, Viruses And Log Visualisation, Iain Swanson

Australian Digital Forensics Conference

This paper will look at the current state of visualization in relation to mainly malware collector logs, network logs and the possibility of visualizing their payloads. We will show that this type of visualization of activity on the network can help us in the forensic investigation of the traffic, which may contain unwanted pieces of cod, and may identify any patterns within the traffic or payloads that might help us determine the nature of the traffic visually. We will further speculate on a framework that could be built which would be able to finger print any type of malware, based …

Go to article

Digital Forensics And The Legal System: A Dilemma Of Our Times, James Tetteh Ami-Narh, Patricia A.H. Williams Mar 2008

Digital Forensics And The Legal System: A Dilemma Of Our Times, James Tetteh Ami-Narh, Patricia A.H. Williams

Australian Digital Forensics Conference

Computers have become an important part of our lives and are becoming fundamental to activities in the home and workplace. Individuals use computer technology to send emails, access banking information, pay taxes, purchase products, surf the internet and so on. Business also use computers and the Internet to perform accounting tasks, manage customer information, store trade secrets, and develop new products and services. State, Federal and Local government agencies use the computer and Internet to create and access information. Similarly, digital systems have become the mainstay of criminal activity. Legal proceedings have always been influenced by tradition and court decisions. …

Go to article

Validating Digital Evidence For Legal Argument, Richard Boddington, Valerie Hobbs, Graham Mann Mar 2008

Validating Digital Evidence For Legal Argument, Richard Boddington, Valerie Hobbs, Graham Mann

Australian Digital Forensics Conference

Digital evidence is now common in legal cases, but the understanding of the legal fraternity as to how far conventional ideas of evidence can be extended into the digital domain lags behind. Evidence determines the truth of an issue but its weight is subject to examination and verification through existing forms of legal argument. There is a need for a practical ‘roadmap’ that can guide the legal practitioner in identifying digital evidence relevant to support a case and in assessing its weight. A vital, but sometimes under estimated stage is that of validating the evidence before evaluating its weight. In …

Go to article

Preventing The Acquisition Of Data From Virtual Machine Based Secure Portableexecution Environments, Peter James Mar 2008

Preventing The Acquisition Of Data From Virtual Machine Based Secure Portableexecution Environments, Peter James

Australian Digital Forensics Conference

A Virtual Machine (VM) based secure Portable Execution Environment (PEE) provides a safe and secure environment that can be loaded into a host PC and an application executed with a degree of confidence that the application is separated, protected and little or no forensic evidence remains after the application has executed. A VM based secure PEE is characterised as a USB storage device containing a VM with a trusted guest operating system and application(s) which is stored in a protected partition, strong authentication to only allow an authorised user to load the VM into the host PC, and full storage …

Go to article

Trouble In Florida: The Genesis Of Phishing Attacks On Australian Banks, Stephen Mccombie Mar 2008

Trouble In Florida: The Genesis Of Phishing Attacks On Australian Banks, Stephen Mccombie

Australian Digital Forensics Conference

Today Phishing of Internet banks is a well know problem and globally is responsible for more than US$3 billion in fraud annually. To date there has been limited research into the individuals and groups responsible for these attacks. Considerable anecdotal evidence exists to suggest that transnational organised crime groups are involved in Phishing. The involvement of these groups, particularly those operating out of Eastern Europe, is of concern given their sophistication and resources. Earlier work by CRL@mq looked at a month of Phishing against one Australian financial institution and clustering indicative of a small number of groups being responsible was …

Go to article

Data Recovery From Palmmsgv001, Satheesaan Pasupatheeswaran Mar 2008

Data Recovery From Palmmsgv001, Satheesaan Pasupatheeswaran

Australian Digital Forensics Conference

Both SMS and MMS data analysis is an important factor in mobile forensic analysis. Author did not find any mobile forensic tool that is capable of extracting short messages (SMS) and multimedia messages (MMS) from Palm Treo 750. SMS file of Palm Treo 750 is called PalmMgeV001 and it is a proprietary file system. A research work done to find a method to recover SMS data from PalmMsgV001 file. This paper is going to describe the research work and its findings. This paper also discusses a methodology that will help recover SMS data from PalmMsgV001. The PalmMsgV001 file is analysed …

Go to article

Virtual Environments Support Insider Security Violations, Iain Swanson, Patricia A.H. Williams Mar 2008

Virtual Environments Support Insider Security Violations, Iain Swanson, Patricia A.H. Williams

Australian Digital Forensics Conference

This paper describes an investigation into how an employee using a virtual environment can circumvent any or all of the security, policies and procedures within an organization. The paper discusses the fundamental issues that organizations must address to be able to detect such an attack. Attacks of this nature may be malicious with intent to cause disruption by flooding the network or disabling specific equipment, or non-malicious by quietly gathering critical information such as user names and passwords or a colleague’s internet banking details. Identification of potential residual evidence following an attack is presented. Such evidence may be used to …

Go to article

Rfid Communications - Who Is Listening?, Christopher Bolan Jan 2008

Rfid Communications - Who Is Listening?, Christopher Bolan

Australian Information Security Management Conference

Radio Frequency Identification (RFID) is seeing a surge in awareness across a range of industries as a successor to barcoding. The nature of this technology promises a wide range of benefits but it appears to be at the expense of security. This paper investigates an eavesdropping attack against an EPC RFID system and shows how a simple device may be used to record interactions between both Tag and Readers. The device is used to record and decode signals within range and its output is analysed to verify that the attack was indeed successful. The findings verify previous assertions by other …

Go to article

Information Security Governance And Boards Of Directors: Are They Compatible?, Endre Bihari Jan 2008

Information Security Governance And Boards Of Directors: Are They Compatible?, Endre Bihari

Australian Information Security Management Conference

This paper presents a critique of emergent views on the roles of the boards of directors in relation to information security. The analysis highlights several concerns about the separation and validation of proper theory and business assertions of information security at board level. New requirements articulated by industry bodies – represented by a selected group of experts and evident in literature – are compared to the underlying theory of corporate governance to identify possible discrepancies. The discussion shows in particular the importance of staying within the theoretical underpinnings of corporate governance when discussing the topic of governance in general and …

Go to article

Organisational Security Requirements:An Agile Approach To Ubiquitous Information Security, A B. Ruighaver Jan 2008

Organisational Security Requirements:An Agile Approach To Ubiquitous Information Security, A B. Ruighaver

Australian Information Security Management Conference

This paper proposes to address the need for more innovation in organisational information security by adding a security requirement engineering focus. Based on the belief that any heavyweight security requirements process in organisational security will be doomed to fail, we developed a security requirement approach with three dimensions. The use of a simple security requirements process in the first dimension has been augmented by an agile security approach. However, introducing this second dimension of agile security does provide support for, but does not necessarily stimulate, innovation. A third dimension is, therefore, needed to ensure there is a proper focus in …

Go to article

Framework For Anomaly Detection In Okl4-Linux Based Smartphones, Geh W. Chow, Andy Jones Jan 2008

Framework For Anomaly Detection In Okl4-Linux Based Smartphones, Geh W. Chow, Andy Jones

Australian Information Security Management Conference

Smartphones face the same threats as traditional computers. As long as a device has the capabilities to perform logic processing, the threat of running malicious logic exists. The only difference between security threats on traditional computers versus security threats on smartphones is the challenge to understand the inner workings of the operating system on different hardware processor architectures. To improve upon the security of smartphones, anomaly detection capabilities can be implemented at different functional layers of a smartphone in a coherent manner; instead of just looking at individual functional layers. This paper will focus on identifying conceptual points for measuring …

Go to article

Securing A Wireless Network With Eap-Tls: Perception And Realities Of Its Implementation, Brett Turner, Andrew Woodward Jan 2008

Securing A Wireless Network With Eap-Tls: Perception And Realities Of Its Implementation, Brett Turner, Andrew Woodward

Australian Information Security Management Conference

In the arena of wireless security, EAP-TLS is considered one of the most secure protocols. However since its inception the uptake has been poor and the investigation into the reasons for this are sparse. There is an industry perception that EAP-TLS is complex as well as difficult to configure and manage. One of the major barriers is in the use of public key infrastructure and the perceived difficulties in its application. The paper discusses why it is seemingly difficult to implement and how this may differ from the reality of its implementation. This premise is investigated using Windows Server 2003 …

Go to article

Next Last