Physical Sciences and Mathematics Commons^™

Front Matter

Journal of Digital Forensics, Security and Law

No abstract provided.

Back Matter

Journal of Digital Forensics, Security and Law

No abstract provided.

Masthead

Journal of Digital Forensics, Security and Law

No abstract provided.

Extracting Windows Event Logs Using Memory Forensics, Matthew Veca

University of New Orleans Theses and Dissertations

Abstract Microsoft’s Windows Operating System provides a logging service that collects, filters and stores event messages from the kernel and applications into log files (.evt and .evtx). Volatility, the leading open source advanced memory forensic suite, currently allows users to extract these events from memory dumps of Windows XP and Windows 2003 machines. Currently there is no support for users to extract the event logs (.evtx) from Windows Vista, Win7 or Win8 memory dumps, and Volatility users have to rely on outside software in order to do this. This thesis discusses a newly developed evtxlogs.py plugin for Volatility, which allows …

Ramping Down Chinese Commercial Cyber Espionage, Emilio Iasiello

Emilio Iasiello

While detractors believe that commercial cyber espionage hasn’t really stopped, recent Chinese efforts show a government trying to get a handle on its large spying apparatus that could include hired and independent contractors acting autonomously in addition to its other resources. While complete cessation may never occur, significant timely reduction demonstrates Beijing’s willingness to work with the United States as a partner and not a pariah, and provides a foundation from which the two governments can move forward on other cyber security areas where incongruity persists.

Web Based Cyber Forensics Training For Law Enforcement, Nick Sturgeon

Purdue Polytechnic Masters Theses

Training and education are two of the most important aspects within cyber forensics. These topics have been of concern since the inception of the field. Training law enforcement is particularly important to ensure proper execution of the digital forensics process. It is also important because the proliferation of technology in to society continues to grow at an exponential rate. Just as technology is used for good there are those that will choose to use it for criminal gains. It is critical that Law Enforcement have the tools and training in cyber forensics. This research looked to determine if web based …

Capstone Revival, Mary Mesele, Ruochen Lu, Quilin Jiang

School of Professional Studies

The capstone project is a culminating experience whereby students choose to research a topic that is relevant in their field of study and have been highly regarded as important learning activities. The capstone allows students to use research, analytical, problem solving and evaluation skills they have learned in the course of the graduate program. McGill indicates the benefit of the completion of a capstone project not only in gaining knowledge in capstone but also in learning how to apply the knowledge gained in other courses in the major (McGill, 2012). Currently, COPACE (College of Professional and Continuing Education) has three …

On The Unreliability Of Bug Severity Data, Yuan Tian, Nasir Ali, David Lo, Ahmed E. Hassan

Research Collection School Of Computing and Information Systems

Severity levels, e.g., critical and minor, of bugs are often used to prioritize development efforts. Prior research efforts have proposed approaches to automatically assign the severity label to a bug report. All prior efforts verify the accuracy of their approaches using human-assigned bug reports data that is stored in software repositories. However, all prior efforts assume that such human-assigned data is reliable. Hence a perfect automated approach should be able to assign the same severity label as in the repository – achieving a 100% accuracy. Looking at duplicate bug reports (i.e., reports referring to the same problem) from three open-source …

An Immersive Telepresence System Using Rgb-D Sensors And Head-Mounted Display, Xinzhong Lu, Ju Shen, Saverio Perugini, Jianjun Yang

Computer Science Faculty Publications

We present a tele-immersive system that enables people to interact with each other in a virtual world using body gestures in addition to verbal communication. Beyond the obvious applications, including general online conversations and gaming, we hypothesize that our proposed system would be particularly beneficial to education by offering rich visual contents and interactivity. One distinct feature is the integration of egocentric pose recognition that allows participants to use their gestures to demonstrate and manipulate virtual objects simultaneously. This functionality enables the instructor to effectively and efficiently explain and illustrate complex concepts or sophisticated problems in an intuitive manner. The …

Assessing The Physical Security Of Idfs With Psatool: A Case Study, Sulabh Bista

Electronic Theses and Dissertations

PSATool is a checklist-based, web-based application for assessing the physical security of Intermediate Distribution Frameworks. IDFs, or wiring closets, are an integral if often neglected component of information security. Earlier work by Timbs (2013) identified 52 IDF-related security requirements based on federal and international standards for physical security. PSATool refines Timbs’ prototype application for IDF assessment, extending it with support for mobile-device-based data entry.

PSATool was used to assess 25 IDFs at a regional university, a college and a manufacturing corporation, with an average of 9 minutes per assessment. Network managers and assessors involved in the assessments characterized PSATool as …

Bl-Mle: Block-Level Message-Locked Encryption For Secure Large File Deduplication, Rongmao Chen, Yi Mu, Guomin Yang, Fuchun Guo

Research Collection School Of Computing and Information Systems

Deduplication is a popular technique widely used to save storage spaces in the cloud. To achieve secure deduplication of encrypted files, Bellare et al. formalized a new cryptographic primitive named message-locked encryption (MLE) in Eurocrypt 2013. Although an MLE scheme can be extended to obtain secure deduplication for large files, it requires a lot of metadata maintained by the end user and the cloud server. In this paper, we propose a new approach to achieve more efficient deduplication for (encrypted) large files. Our approach, named block-level message-locked encryption (BL-MLE), can achieve file-level and block-level deduplication, block key management, and proof …

The Role Of Cryptography In Security For Electronic Commerce, Ann Murphy, David Murphy

The ITB Journal

Many businesses and consumers are wary of conducting business over the Internet due to a perceived lack of security. Electronic business is subject to a variety of threats such as unauthorised access, misappropriation, alteration and destruction of both data and systems. This paper explores the major security concerns of businesses and users and describes the cryptographic techniques used to reduce such risks.

Data Verifications For Online Social Networks, Mahmudur Rahman

FIU Electronic Theses and Dissertations

Social networks are popular platforms that simplify user interaction and encourage collaboration. They collect large amounts of media from their users, often reported from mobile devices. The value and impact of social media makes it however an attractive attack target. In this thesis, we focus on the following social media vulnerabilities. First, review centered social networks such as Yelp and Google Play have been shown to be the targets of significant search rank and malware proliferation attacks. Detecting fraudulent behaviors is thus paramount to prevent not only public opinion bias, but also to curb the distribution of malware. Second, the …

Forensic And Management Challenges In Wireless And Mobile Network Environment, Sookhyun Yang

Doctoral Dissertations

The Internet recently passed an historic inflection point, with the number of broadband wireless/mobile devices surpassing the number of wired PCs and servers connected to the Internet. Smartphones, laptops, tablets, machine-to-machine (M2M) devices, and other portable devices have penetrated our daily lives. According to Cisco, by 2018, wired devices will account for only 39% of IP traffic, with the remaining traffic produced by wireless/mobile devices. This proliferation of wireless/mobile devices is profoundly changing many of the characteristics of network applications, protocols, and operation, and posing fundamental challenges to the Internet architecture. In light of this new trend, this thesis focuses …

Threat Analysis, Countermeaures And Design Strategies For Secure Computation In Nanometer Cmos Regime, Raghavan Kumar

Doctoral Dissertations

Advancements in CMOS technologies have led to an era of Internet Of Things (IOT), where the devices have the ability to communicate with each other apart from their computational power. As more and more sensitive data is processed by embedded devices, the trend towards lightweight and efficient cryptographic primitives has gained significant momentum. Achieving a perfect security in silicon is extremely difficult, as the traditional cryptographic implementations are vulnerable to various active and passive attacks. There is also a threat in the form of "hardware Trojans" inserted into the supply chain by the untrusted third-party manufacturers for economic incentives. Apart …

Some Principles For Banks’ Internal Control System In Albania, Artur Ribaj

UBT International Conference

Internal control involves everything that controls risks to a bank. The objectives of internal control as a system relate to the reliability of financial reporting, timely feedback on the achievement of operational or strategic goals, and compliance with laws and regulations. The objectives of internal control at a specific transaction level refer to the actions taken to achieve the target within the allowed limit of risk. An effective internal control system reduces process variation, leading to more predictable outcomes. There are some important documents for regulating the internal control system as such: The Directive 2006/43/EC “On statutory audits of annual …

Credit Information System In Albania, Valbona Çinaj, Bashkim Ruseti

UBT International Conference

The booming lending period and many lenders (16 banks and 21 non-bank financial Institutions in Albania) brought about unprecedented competition in credit markets within Albania. Economists usually view lending and competition favorably, but in Albania resulted in a number of unforeseen non-performing loans. Findings report increased problems of borrower over-indebtedness, reduced loan repayment incentives, and growing debts for lenders (Campion 2001; McIntosh and Wydick 2005). The weakening performance of lenders is due in part to the absence of information sharing in these markets. Because growing numbers of lenders (banks and non-bank financial Institutions in Albania) increase the level of asymmetric …

It Outsourcing, Besnik Skenderi, Diamanta Skenderi

UBT International Conference

Businesses, shareholders and all other interested parties (Custom, Tax Administration and Customers) require just in time information regarding profit, price, stock and support. Businesses have responded to those requests with implementation of IT (Information Technology) infrastructure, but implementation of advanced IT system infrastructure has created cost for shareholder and there was immediate need to recruit and to train existing staff. With this step, management focus was oriented in non-strategic processes, and for the implementation and managing of those processes, the management did not have necessary skills, due to this reason many companies in US, Europe and Asia have started to …

E-Customer Relationship Management In Insurance Industry In Albania, Evelina Bazini

UBT International Conference

E- Customer relationship management is an issue that every company, large or small must take in some way. Handled well, a CRM strategy can deliver significant benefits for companies and customers. Interaction with customers, in particular, has been enhanced and organizations who wish to remain competitive have started to implement CRM programmes and techniques in order to develop closer relations with their customers and to develop a better understanding of their needs. At the same time, the use of e-commerce techniques in CRM allows insurance organizations to identify customers, monitor their habits and use of information, and deliver them improved …

Modelling Business And Management Systems Using Fuzzy Cognitive Maps: A Critical Overview, Peter P. Groumpos

UBT International Conference

A critical overview of modelling Business and Management (B&M) Systems using Fuzzy Cognitive Maps is presented. A limited but illustrative number of specific applications of Fuzzy Cognitive Maps in diverse B&M systems, such as e business, performance assessment, decision making, human resources management, planning and investment decision making processes is provided and briefly analyzed. The limited survey is given in a table with statics of using FCMs in B&M systems during the last 15 years. The limited survey shows that the applications of Fuzzy Cognitive Maps to today’s Business and Management studies has been steadily increased especially during the last …

Performance Indicators Analysis Inside A Call Center Using A Simulation Program, Ditila Ekmekçiu, Markela Muça, Adrian Naço

UBT International Conference

This paper deals with and shows the results of different performance indicators analyses made utilizing the help of Simulation and concentrated on dimensioning problems of handling calls capacity in a call center. The goal is to measure the reactivity of the call center’s performance to potential changes of critical variables. The literature related to the employment of this kind of instrument in call centers is reviewed, and the method that this problem is treated momentarily is precisely described. The technique used to obtain this paper’s goal implicated a simulation model using Arena Contact Center software that worked as a key …

Security Slicing For Auditing Xml, Xpath, And Sql Injection Vulnerabilities, Julian Thome, Lwin Khin Shar, Lionel Briand

Research Collection School Of Computing and Information Systems

XML, XPath, and SQL injection vulnerabilities are among the most common and serious security issues for Web applications and Web services. Thus, it is important for security auditors to ensure that the implemented code is, to the extent possible, free from these vulnerabilities before deployment. Although existing taint analysis approaches could automatically detect potential vulnerabilities in source code, they tend to generate many false warnings. Furthermore, the produced traces, i.e. dataflow paths from input sources to security-sensitive operations, tend to be incomplete or to contain a great deal of irrelevant information. Therefore, it is difficult to identify real vulnerabilities and …

Stack Layout Randomization With Minimal Rewriting Of Android Binaries, Yu Liang, Xinjie Ma, Daoyuan Wu, Xiaoxiao Tang, Debin Gao, Guojun Peng, Chunfu Jia, Huanguo Zhang

Research Collection School Of Computing and Information Systems

Stack-based attacks typically require that attackers have a good understanding of the stack layout of the victim program. In this paper, we leverage specific features on ARM architecture and propose a practical technique that introduces randomness to the stack layout when an Android application executes. We employ minimal binary rewriting on the Android app that produces randomized executable of the same size which can be executed on an unmodified Android operating system. Our experiments on applying this randomization on the most popular 20 free Android apps on Google Play show that the randomization coverage of functions increases from 65% (by …

Security And Privacy Of Electronic Health Information Systems: Editorial, Elisa Bertino, Robert H. Deng, Xinyi Huang, Jianying Zhou

Research Collection School Of Computing and Information Systems

Digital technologies have dramatically transformed our daily lives by bringing countless conveniences and benefits. As an evolving concept, electronic health information has become the focus of attention in both academia and industry. By leveraging modern digital technologies like the internet and the cloud, electronic health information systems will be a key enabling technology in improving the quality and convenience of patient care, encouraging patient participation in their care, reducing medical errors, improving practice efficiencies, and saving time and cost. The complexity of electronic health information systems, however, raises several new security and privacy issues. It is thus critical to investigate …

Blackboard-Based Electronic Warfare System, Jeremy Straub

Jeremy Straub

With internet-connected, SCADA and cyber-physical systems becoming the next battlefield for crime and warfare, technologies for defending and attacking these systems are growing in prevalence. For entities with significant asset collections that are prospectively vulnerable to this type of an attack, autonomous response, retaliation and attack capabilities are necessary to respond to a growing threat from numerous sectors. This paper presents a command and control technique for cyberwarfare based on the Blackboard Architecture. It discusses the utility of this approach and proposes a distributed command system that can run across multiple nodes of various types.

Implementing And Testing A Novel Chaotic Cryptosystem, Samuel Jackson, Scott Kerlin, Jeremy Straub

Jeremy Straub

Cryptography in the domain of small satellites is a relatively new area of research. Compared to typical desktop computers, small satellites have limited bandwidth, processing power, and battery power. Many of the current encryption schemes were developed for desktop computers and servers, and as such may be unsuitable for small satellites. In addition, most cryptographic research in the domain of small satellites focuses on hardware solutions, which can be problematic given the limited space requirements of small satellites.

This paper investigates potential software solutions that could be used to encrypt and decrypt data on small satellites and other devices with …

Whatsapp Network Forensics: Decrypting And Understanding The Whatsapp Call Signaling Messages, Filip Karpisek, Ibrahim Baggili, Frank Breitinger

Electrical & Computer Engineering and Computer Science Faculty Publications

WhatsApp is a widely adopted mobile messaging application with over 800 million users. Recently, a calling feature was added to the application and no comprehensive digital forensic analysis has been performed with regards to this feature at the time of writing this paper. In this work, we describe how we were able to decrypt the network traffic and obtain forensic artifacts that relate to this new calling feature which included the: a) WhatsApp phone numbers, b) WhatsApp server IPs, c) WhatsApp audio codec (Opus), d) WhatsApp call duration, and e) WhatsApp's call termination. We explain the methods and tools used …

Professor Frank Breitinger's Full Bibliography, Frank Breitinger

Electrical & Computer Engineering and Computer Science Faculty Publications

No abstract provided.

Why Education In The Law And Policy Of Cybersecurity Is A Must, Markus Rauschecker

Homeland Security Publications

No abstract provided.

Secured Client Portal, Krishnakar Mogili, Rajitha Thippireddy, Shobhan Tula

All Capstone Projects

This project is aimed at developing an online search Portal for the Placement Department of the college. The system is an online application that can be accessed throughout the organization and outside as well with proper login provided. This system can be used as an Online Job Portal for the Placement Department of the college to manage the student information with regards to placement. Students logging should be able to upload their information in the form of a CV. Visitors/Company representatives logging in may also access/search any information put up by Students.