Social and Behavioral Sciences Commons^™

Leveraging The Windows Amcache.Hve File In Forensic Investigations, Bhupendra Singh, Upasna Singh

Journal of Digital Forensics, Security and Law

The Amcache.hve is a registry hive file that is created by Microsoft® Windows® to store the information related to execution of programs. This paper highlights the evidential potential of Amcache.hve file and its application in the area of user activity analysis. The study uncovers numerous artifacts retained in Amcache.hve file when a user performs certain actions such as running host-based applications, installation of new applications, or running portable applications from external devices. The results of experiments demonstrate that Amcache.hve file stores intriguing artifacts related to applications such as timestamps of creation and last modification of any application; name, description, publisher …

The 2016 Analysis Of Information Remaining On Computer Hard Disks Offered For Sale On The Second Hand Market In The Uae, Thomas Martin, Andy Jones, Mohammed Alzaabi

Journal of Digital Forensics, Security and Law

This research describes our survey of data remaining on computer hard disks sold on the second hand market in the United Arab Emirates (UAE). This is a repetition of the first survey conducted in 2012 (Jones, Martin, & Alzaabi, 2012). Similar studies have been carried over the last ten years in the United Kingdom, Australia, USA, Germany and France: (Jones, Mee, Meyler, & Gooch, 2005), (Jones, Valli, Sutherland, & Thomas, 2006), (Jones, Valli, Dardick, & Sutherland, 2008), (Jones, Valli, Dardick, & Sutherland, 2009). This research was undertaken to gain insight into the volumes of data found on second-hand disks purchased …

The Impact Of Sha-1 File Hash Collisions On Digital Forensic Imaging: A Follow-Up Experiment, Gary C. Kessler

Journal of Digital Forensics, Security and Law

A previous paper described an experiment showing that Message Digest 5 (MD5) hash collisions of files have no impact on integrity verification in the forensic imaging process. This paper describes a similar experiment applied when two files have a Secure Hash Algorithm (SHA-1) collision.

Table Of Contents

Journal of Digital Forensics, Security and Law

No abstract provided.

Bloom Filters Optimized Wu-Manber For Intrusion Detection, Monther Aldwairi, Koloud Al-Khamaiseh, Fatima Alharbi, Babar Shah

Journal of Digital Forensics, Security and Law

With increasing number and severity of attacks, monitoring ingress and egress network traffic is becoming essential everyday task. Intrusion detection systems are the main tools for capturing and searching network traffic for potential harm. Signature-based intrusion detection systems are the most widely used, and they simply use a pattern matching algorithms to locate attack signatures in intercepted network traffic. Pattern matching algorithms are very expensive in terms of running time and memory usage, leaving intrusion detection systems unable to detect attacks in real-time. We propose a Bloom filters optimized Wu-Manber pattern matching algorithm to speed up intrusion detection. The Bloom …

A Survey Of Social Network Forensics, Umit Karabiyik, Muhammed Abdullah Canbaz, Ahmet Aksoy, Tayfun Tuna, Esra Akbas, Bilal Gonen, Ramazan S. Aygun

Journal of Digital Forensics, Security and Law

Social networks in any form, specifically online social networks (OSNs), are becoming a part of our everyday life in this new millennium especially with the advanced and simple communication technologies through easily accessible devices such as smartphones and tablets. The data generated through the use of these technologies need to be analyzed for forensic purposes when criminal and terrorist activities are involved. In order to deal with the forensic implications of social networks, current research on both digital forensics and social networks need to be incorporated and understood. This will help digital forensics investigators to predict, detect and even prevent …

The Impact Of Md5 File Hash Collisions On Digital Forensic Imaging, Gary C. Kessler

Journal of Digital Forensics, Security and Law

The Message Digest 5 (MD5) hash is commonly used as for integrity verification in the forensic imaging process. The ability to force MD5 hash collisions has been a reality for more than a decade, although there is a general consensus that hash collisions are of minimal impact to the practice of computer forensics. This paper describes an experiment to determine the results of imaging two disks that are identical except for one file, the two versions of which have different content but otherwise occupy the same byte positions on the disk, are the same size, and have the same hash …

A New Distributed Chinese Wall Security Policy Model, Saad Fehis, Omar Nouali, Mohand-Tahar Kechadi

Journal of Digital Forensics, Security and Law

The application of the Chinese wall security policy model (CWSPM) to control the information flows between two or more competing and/or conflicting companies in cloud computing (Multi-tenancy) or in the social network, is a very interesting solution. The main goal of the Chinese Wall Security Policy is to build a wall between the datasets of competing companies, and among the system subjects. This is done by the applying to the subjects mandatory rules, in order to control the information flow caused between them. This problem is one of the hottest topics in the area of cloud computing (as a distributed …

Nuclear Power: Black Sky Liability Or Black Sky Asset?, Sherrell R. Greene

International Journal of Nuclear Security

Ready access to abundant electricity is a key enabler of modern life. During the past decade the vulnerability of Critical Infrastructure sectors in the U.S. to a variety of natural hazards and man-made threats has become increasingly apparent. The electrical infrastructure (the “Grid”) is the foundation for all other critical civil infrastructures upon which our society depends. Therefore, protection of the Grid is an energy security, homeland security, and national security issue of highest importance. Geomagnetic disturbances (GMD) induced by solar coronal mass ejections (CMEs), electromagnetic pulse (EMP) attacks, and cyber attacks are three events having the potential to plunge …

Solid State Protective Device Topological Trade-Offs For Mvdc Systems, Vikas Singh

Theses and Dissertations

Presently accepted approaches to protection are “Unit-Based” which means the power converter(s) feeding the bus coordinate with no-load electromechanical switches to isolate faulted portions of the bus. However, “Breaker-Based” approaches, which rely upon solid state circuit breakers for fault mitigation can result in higher reliability of power and potentially higher survivability. The inherent speed of operation of solid state protective devices will also play a role in fault isolation, hence reducing stress level on all system components. A comparison study is performed of protective device topologies that are suitable for shipboard distribution systems rated between 4kVdc and 20kVdc from the …

Vulnerability Analysis And Security Framework For Zigbee Communication In Iot, Charbel Azzi

UNLV Theses, Dissertations, Professional Papers, and Capstones

Securing IoT (Internet of Things) systems in general, regardless of the communication technology used, has been the concern of many researchers and private companies. As for ZigBee security concerns, much research and many experiments have been conducted to better predict the nature of potential security threats. In this research we are addressing several ZigBee vulnerabilities by performing first hand experiments and attack simulations on ZigBee protocol. This will allow us to better understand the security issues surveyed and find ways to mitigate them. Based on the attack simulations performed and the survey conducted, we have developed a ZigBee IoT framework …

Designing Laboratories For Small Scale Digital Device Forensics, Richard P. Mislan, Tim Wedge

Annual ADFSL Conference on Digital Forensics, Security and Law

The ubiquity of small scale digital devices (SSDD), the public’s ever increasing societal dependence on SSDD, and the continual presence of SSDD at all types of crime scenes, including non-technical and violent crimes, demand a formalized curriculum for the education and training of future cyber forensic examiners. This paper presents the various SSDD forensics labs currently in use and under development for future use at the Purdue University Cyber Forensics Laboratory. The primary objective of each module is to provide specific real-world cases for the learning, comprehension, and understanding of hands-on investigative techniques and methodologies. The purpose of this paper …

Network Forensic Investigation Of Internal Misuse/Crime In Saudi Arabia: A Hacking Case, Abdulrazaq Al-Murjan, Konstantinos Xynos

Annual ADFSL Conference on Digital Forensics, Security and Law

There are ad-hoc guidelines and a limited policy on computer incident response that does not include computer forensic preparation procedures (e.g. logging incidents). In addition, these guidelines do not consider the requirement of Islamic law for admissible evidence at an organisational level in Saudi Arabia. Network forensic investigation might breach the Saudi law if they follow ad-hoc or international digital forensic standards such as Association of Chief Police Officers (ACPO) guidelines. This might put the organisation in a costly situation when a malicious employee sues an Islamic court. This is because the law of Saudi Arabia is complying with Islamic …

Paper Session Ii: Computer Forensics Field Triage Process Model, Marcus K. Rogers, James Goldman, Rick Mislan, Timothy Wedge, Steve Debrota

Annual ADFSL Conference on Digital Forensics, Security and Law

With the proliferation of digital based evidence, the need for the timely identification, analysis and interpretation of digital evidence is becoming more crucial. In many investigations critical information is required while at the scene or within a short period of time - measured in hours as opposed to days. The traditional cyber forensics approach of seizing a system(s)/media, transporting it to the lab, making a forensic image(s), and then searching the entire system for potential evidence, is no longer appropriate in some circumstances. In cases such as child abductions, pedophiles, missing or exploited persons, time is of the essence. In …

Development Of A National Repository Of Digital Forensic Intelligence, Mark Weiser, David P. Biros, Greg Mosier

Annual ADFSL Conference on Digital Forensics, Security and Law

Many people do all of their banking online, we and our children communicate with peers through computer systems, and there are many jobs that require near continuous interaction with computer systems. Criminals, however, are also “connected”, and our online interaction provides them a conduit into our information like never before. Our credit card numbers and other fiscal information are at risk, our children's personal information is exposed to the world, and our professional reputations are on the line.

The discipline of Digital Forensics in law enforcement agencies around the nation and world has grown to match the increased risk and …

Designing A Data Warehouse For Cyber Crimes, Il-Yeol Song, John D. Maguire, Ki Jung Lee, Namyoun Choi, Xiaohua Hu, Peter Chen

Annual ADFSL Conference on Digital Forensics, Security and Law

One of the greatest challenges facing modern society is the rising tide of cyber crimes. These crimes, since they rarely fit the model of conventional crimes, are difficult to investigate, hard to analyze, and difficult to prosecute. Collecting data in a unified framework is a mandatory step that will assist the investigator in sorting through the mountains of data. In this paper, we explore designing a dimensional model for a data warehouse that can be used in analyzing cyber crime data. We also present some interesting queries and the types of cyber crime analyses that can be performed based on …

Safety Of Lithium Nickel Cobalt Aluminum Oxide Battery Packs In Transit Bus Applications, Timothy Cleary, Marc Serra Bosch, Jim Kreibick, Joel Anstrom

Mineta Transportation Institute

The future of mass transportation is clearly moving toward the increased efficiency and greenhouse gas reduction of hybrid and electric vehicles. With the introduction of high-power/high-energy storage devices such as lithium ion battery systems serving as a key element in the system, valid safety and security concerns emerge. This is especially true when the attractive high-specific-energy and power-chemistry lithium nickel cobalt aluminum oxide (NCA) is used. This chemistry provides great performance but presents a safety and security risk when used in large quantities, such as for a large passenger bus. If triggered, the cell can completely fuel its own fire, …

Table Of Contents

Journal of Digital Forensics, Security and Law

No abstract provided.

Configuring The Urban Smart Grid: Transitions, Experimentation, And Governance, Anthony Michael Levenda

Dissertations and Theses

In the face of challenges of energy security, decarbonization, resilience, and the replacement of aging infrastructure systems, federal, state, and local actors are facilitating the development of smart electricity networks to transition towards a more sustainable electricity system. In the United States, development of "smart grids" is being pursued as a national policy mandate and goal, promising that the deployment of smart grid technologies -- referring in general to digital information and communication technologies that sense, monitor, control and manage the electric grid -- will make electricity systems more environmentally sustainable and reliable, and at the same time, provide opportunities …

Special Issue On Cyberharassment Investigation: Advances And Trends, Joanne Bryce, Virginia N. L. Franqueira, Andrew Marrington

Journal of Digital Forensics, Security and Law

Empirical and anecdotal evidence indicates that cyberharassment is more prevalent as the use of social media becomes increasingly widespread, making geography and physical proximity irrelevant. Cyberharassment can take different forms (e.g., cyberbullying, cyberstalking, cybertrolling), and be motivated by the objectives of inflicting distress, exercising control, impersonation, and defamation. Little is currently known about the modus operandi of offenders and their psychological characteristics. Investigation of these behaviours is particularly challenging because it involves digital evidence distributed across the devices of both alleged offenders and victims, as well as online service providers, sometimes over an extended period of time. This special issue …

Differentiating Cyberbullies And Internet Trolls By Personality Characteristics And Self-Esteem, Lauren A. Zezulka, Kathryn C. Seigfried-Spellar

Journal of Digital Forensics, Security and Law

Cyberbullying and internet trolling are both forms of online aggression or cyberharassment; however, research has yet to assess the prevalence of these behaviors in relationship to one another. In addition, the current study was the first to investigate whether individual differences and self-esteem discerned between self-reported cyberbullies and/or internet trolls (i.e., Never engaged in either, Cyberbully-only, Troll-only, Both Cyberbully and Troll). Of 308 respondents solicited from Mechanical Turk, 70 engaged in cyberbullying behaviors, 20 engaged in only trolling behaviors, 129 self-reported both behaviors, and 89 self-reported neither behavior. Results yielded low self-esteem, low conscientiousness, and low internal moral values for …

The Impact Of Low Self-Control On Online Harassment: Interaction With Opportunity., Hyunin Baek, Michael M. Losavio, George E. Higgins

Journal of Digital Forensics, Security and Law

Developing Internet technology has increased the rates of youth online harassment. This study examines online harassment from adolescents with low self-control and the moderating effect of opportunity. The data used in this study were collected by the Korea Institute of Criminology in 2009. The total sample size was 1,091. The results indicated that low self-control, opportunity, and gender have a significant influence on online harassment. However, these results differed according to gender; for males, low self-control significantly impacted online harassment; for females, however, only low self-control significantly impacted online harassment. Furthermore, the interaction between low self-control and opportunity did not …

Toward Online Linguistic Surveillance Of Threatening Messages, Brian H. Spitzberg, Jean Mark Gawron

Journal of Digital Forensics, Security and Law

Threats are communicative acts, but it is not always obvious what they communicate or when they communicate imminent credible and serious risk. This paper proposes a research- and theory-based set of over 20 potential linguistic risk indicators that may discriminate credible from non-credible threats within online threat message corpora. Two prongs are proposed: (1) Using expert and layperson ratings to validate subjective scales in relation to annotated known risk messages, and (2) Using the resulting annotated corpora for automated machine learning with computational linguistic analyses to classify non-threats, false threats, and credible threats. Rating scales are proposed, existing threat corpora …

A Legal Examination Of Revenge Pornography And Cyber-Harassment, Thomas Lonardo, Tricia Martland, Doug White

Journal of Digital Forensics, Security and Law

This paper examines the current state of the statutes in the United States as they relate to cyber-harassment in the context of "revenge porn". Revenge porn refers to websites which cater to those wishing to exploit, harass, or otherwise antagonize their ex partners using pornographic images and videos which were obtained during their relationships. The paper provide examples and illustrations as well as a summary of current statute in the United States. The paper additionally explores some of the various legal remedies available to victims of revenge pornography.

Practical Wired Digital Communications Link Analysis, Raymond Matthew Schmelzer

Dissertations and Theses

This thesis deals with the analysis of a Wired High Speed Serial Data Link (PAM2) which is commonly used throughout the data-communications and tele-communications industry. The goal of this study is to build a scalable simulation tool using Matlab that ultimately uses Receiver Bit Error Ratio (BER) as the metric for data link health. This study is also designed to aid in link specification development.

The Matlab and theoretical development is broken up into three sections being Transmitter (TX), Channel (Hs) and Receiver (RX). Realistic noise impairments can be added to each section along the signal path creating signal stresses …

Cufa: A More Formal Definition For Digital Forensic Artifacts, Vikram S. Harichandran, Daniel Walnycky, Ibrahim Baggili, Frank Breitinger

Electrical & Computer Engineering and Computer Science Faculty Publications

The term “artifact” currently does not have a formal definition within the domain of cyber/ digital forensics, resulting in a lack of standardized reporting, linguistic understanding between professionals, and efficiency. In this paper we propose a new definition based on a survey we conducted, literature usage, prior definitions of the word itself, and similarities with archival science. This definition includes required fields that all artifacts must have and encompasses the notion of curation. Thus, we propose using a new term e curated forensic artifact (CuFA) e to address items which have been cleared for entry into a CuFA database (one …

Deleting Collected Digital Evidence By Exploiting A Widely Adopted Hardware Write Blocker, Christopher S. Meffert, Ibrahim Baggili, Frank Breitinger

Electrical & Computer Engineering and Computer Science Faculty Publications

In this primary work we call for the importance of integrating security testing into the process of testing digital forensic tools. We postulate that digital forensic tools are increasing in features (such as network imaging), becoming networkable, and are being proposed as forensic cloud services. This raises the need for testing the security of these tools, especially since digital evidence integrity is of paramount importance. At the time of conducting this work, little to no published anti-forensic research had focused on attacks against the forensic tools/process.We used the TD3, a popular, validated, touch screen disk duplicator and hardware write blocker …

Anti-Forensics: Furthering Digital Forensic Science Through A New Extended, Granular Taxonomy, Kevin Conlan, Ibrahim Baggili, Frank Breitinger

Electrical & Computer Engineering and Computer Science Faculty Publications

Anti-forensic tools, techniques and methods are becoming a formidable obstacle for the digital forensic community. Thus, new research initiatives and strategies must be formulated to address this growing problem. In this work we first collect and categorize 308 antidigital forensic tools to survey the field. We then devise an extended anti-forensic taxonomy to the one proposed by Rogers (2006) in order to create a more comprehensive taxonomy and facilitate linguistic standardization. Our work also takes into consideration anti-forensic activity which utilizes tools that were not originally designed for antiforensic purposes, but can still be used with malicious intent. This category …

The Influence Of The Electric Supply Industry On Economic Growth In Less Developed Countries, Edward Richard Bee

Dissertations

This study measures the impact that electrical outages have on manufacturing production in 135 less developed countries using stochastic frontier analysis and data from World Bank’s Investment Climate surveys. Outages of electricity, for firms with and without backup power sources, are the most frequently cited constraint on manufacturing growth in these surveys.

Outages are shown to reduce output below the production frontier by almost five percent in Africa and by a lower percentage in South Asia, Southeast Asia and the Middle East and North Africa. Production response to outages is quadratic in form. Outages also increase labor cost, reduce exports …

A Graph Based Departmental Spoken Dialogue System, Julia Isaac

Honors Theses

Spoken dialogue systems are automatic, computer based systems that are a great way for people to receive important information. In this project, I created a spoken dialogue system that people can use to learn about the Computer Science Department at Union College. The system was built by populating an open source dialogue system using a graph based dialogue manager. I improved upon a previous working dialogue system by making the conversations sound more natural, improving the flexibility of the system and making the system more robust. To help with this process a corpus was created using about 200 different dialogues …