Trust Account Fraud And Effective Information Security Management,
2010
University of South Australia
Trust Account Fraud And Effective Information Security Management, Sameera Mubarak
Journal of Digital Forensics, Security and Law
The integrity of lawyers’ trust accounts has come under scrutiny in the last few years. There are strong possibilities of information technology security breaches happening within the firms, either accidental or deliberate. The damage caused by these security breaches could be extreme. For example, a trust account fund in an Australian law firm was misused in a security breach in which Telstra charged A$50,000 for phone usage, mainly for ISD calls to Hong Kong. Our study involved interviewing principals of ten law companies to find out solicitors’ attitudes to computer security and the possibility of breaches of their trust accounts. …
Malware Forensics: Discovery Of The Intent Of Deception,
2010
Edith Cowan University
Malware Forensics: Discovery Of The Intent Of Deception, Murray Brand, Craig Valli, Andrew Woodward
Journal of Digital Forensics, Security and Law
Malicious software (malware) has a wide variety of analysis avoidance techniques that it can employ to hinder forensic analysis. Although legitimate software can incorporate the same analysis avoidance techniques to provide a measure of protection against reverse engineering and to protect intellectual property, malware invariably makes much greater use of such techniques to make detailed analysis labour intensive and very time consuming. Analysis avoidance techniques are so heavily used by malware that the detection of the use of analysis avoidance techniques could be a very good indicator of the presence of malicious intent. However, there is a tendency for analysis …
The 2009 Analysis Of Information Remaining On Disks Offered For Sale On The Second Hand Market,
2010
Security Research Centre, Edith Cowan University, Khalifa University of Science, Technology and Research
The 2009 Analysis Of Information Remaining On Disks Offered For Sale On The Second Hand Market, Andy Jones, Craig Valli, Glenn S. Dardick, Iain Sutherland, G. Dabibi, Gareth Davies
Journal of Digital Forensics, Security and Law
The ever increasing use and reliance upon computers in both the public and private sector has led to enormous numbers of computers being disposed of at the end of their useful life within an organisation. As the cost of computers has dropped, their use in the home has also continued to increase. In most organisations, computers have a relatively short life and are replaced on a regular basis with the result that, if not properly cleansed of data, they are released into the public domain containing data that can be relatively up to date. This problem is exacerbated by the …
Avoiding Sanctions At The E-Discovery Meet-And-Confer In Common Law Countries,
2010
Metropolitan State University
Avoiding Sanctions At The E-Discovery Meet-And-Confer In Common Law Countries, Milton Luoma, Vicki Luoma
Journal of Digital Forensics, Security and Law
The rules of civil procedure in common law countries have been amended to better deal with the requirements of electronic discovery. One of the key changes in case management is the scheduling of a meet-and-confer session where the parties to litigation must meet early in the case before any discovery procedures have begun to exchange information regarding the nature, location, formats, and pertinent facts regarding custody and control of a party’s electronically stored information (ESI). Failure to abide by the rules and participate in good faith at the meet-and-confer session can have dire consequences for the parties and lawyers involved. …
Table Of Contents,
2010
Embry-Riddle Aeronautical University
Table Of Contents
Journal of Digital Forensics, Security and Law
No abstract provided.
Table Of Contents,
2010
Embry-Riddle Aeronautical University
Table Of Contents
Journal of Digital Forensics, Security and Law
No abstract provided.
Collaborative Risk Method For Information Security Management Practices: A Case Context Within Turkey,
2010
Franklin University
Collaborative Risk Method For Information Security Management Practices: A Case Context Within Turkey, Bilge Karabacak, Sevgi Ozkan
All Faculty and Staff Scholarship
In this case study, a collaborative risk method for information security management has been analyzed considering the common problems encountered during the implementation of ISO standards in eight Turkish public organizations. This proposed risk method has been applied within different public organizations and it has been demonstrated to be effective and problem-free. The fundamental issue is that there is no legislation that regulates the information security liabilities of the public organizations in Turkey. The findings and lessons learned presented in this case provide useful insights for practitioners when implementing information security management projects in other international public sector organizations.
A Collaborative Process Based Risk Analysis For Information Security Management Systems,
2010
Franklin University
A Collaborative Process Based Risk Analysis For Information Security Management Systems, Bilge Karabacak, Sevgi Ozkan
All Faculty and Staff Scholarship
Today, many organizations quote intent for ISO/IEC 27001:2005 certification. Also, some organizations are en route to certification or already certified. Certification process requires performing a risk analysis in the specified scope. Risk analysis is a challenging process especially when the topic is information security. Today, a number of methods and tools are available for information security risk analysis. The hard task is to use the best fit for the certification. In this work we have proposed a process based risk analysis method which is suitable for ISO/IEC 27001:2005 certifications. Our risk analysis method allows the participation of staff to the …
Nearest Neighbor Search With Strong Location Privacy,
2010
The Chinese University of Hong Kong
Nearest Neighbor Search With Strong Location Privacy, Stavros Papadopoulos, Spiridon Bakiras, Dimitris Papadias
Publications and Research
The tremendous growth of the Internet has significantly reduced the cost of obtaining and sharing information about individuals, raising many concerns about user privacy. Spatial queries pose an additional threat to privacy because the location of a query may be sufficient to reveal sensitive information about the querier. In this paper we focus on k nearest neighbor (kNN) queries and define the notion of strong location privacy, which renders a query indistinguishable from any location in the data space. We argue that previous work fails to support this property for arbitrary kNN search. Towards this end, we introduce methods that …
Clustering Spam Domains And Destination Websites: Digital Forensics With Data Mining,
2010
University of Alabama, Birmingham
Clustering Spam Domains And Destination Websites: Digital Forensics With Data Mining, Chun Wei, Alan Sprague, Gary Warner, Anthony Skjellum
Journal of Digital Forensics, Security and Law
Spam related cyber crimes have become a serious threat to society. Current spam research mainly aims to detect spam more effectively. We believe the identification and disruption of the supporting infrastructure used by spammers is a more effective way of stopping spam than filtering. The termination of spam hosts will greatly reduce the profit a spammer can generate and thwart his ability to send more spam. This research proposes an algorithm for clustering spam domains extracted from spam emails based on the hosting IP addresses and tracing the IP addresses over a period of time. The results show that many …
Table Of Contents,
2010
Embry-Riddle Aeronautical University
Table Of Contents
Journal of Digital Forensics, Security and Law
No abstract provided.
Forensic Analysis Of The Windows 7 Registry,
2010
Khalifa University of Science, Technology and Research (KUSTAR)
Forensic Analysis Of The Windows 7 Registry, Khawla A. Alghafli, Andrew Jones, Thomas A. Martin
Journal of Digital Forensics, Security and Law
The recovery of digital evidence of crimes from storage media is an increasingly time consuming process as the capacity of the storage media is in a state of constant growth. It is also a difficult and complex task for the forensic investigator to analyse all of the locations in the storage media. These two factors, when combined, may result in a delay in bringing a case to court. The concept of this paper is to start the initial forensic analysis of the storage media in locations that are most likely to contain digital evidence, the Windows Registry. Consequently, the forensic …
Table Of Contents,
2010
Embry-Riddle Aeronautical University
Table Of Contents
Journal of Digital Forensics, Security and Law
No abstract provided.
On The Potential Of Limitation-Oriented Malware Detection And Prevention Techniques On Mobile Phones,
2010
Singapore Management University
On The Potential Of Limitation-Oriented Malware Detection And Prevention Techniques On Mobile Phones, Qiang Yan, Robert H. Deng, Yingjiu Li, Tieyan Li
Research Collection School Of Computing and Information Systems
The malware threat for mobile phones is expected to increase with the functionality enhancement of mobile phones. This threat is exacerbated with the surge in population of smart phones instilled with stable Internet access which provides attractive targets for malware developers. Prior research on malware protection has focused on avoiding the negative impact of the functionality limitations of mobile phones to keep the performance cost within the limitations of mobile phones. Being different, this paper investigates the positive impact of these limitations on suppressing the development of mobile malware. We study the state-of-the-art mobile malware, as well as the progress …
Generating System Requirements For A Mobile Digital Evidence Collection System: A Preliminary Step Towards Enhancing The Forensic Collection Of Digital Devices,
2010
University of New Haven
Generating System Requirements For A Mobile Digital Evidence Collection System: A Preliminary Step Towards Enhancing The Forensic Collection Of Digital Devices, Ibrahim Baggili
Electrical & Computer Engineering and Computer Science Faculty Publications
Collecting digital devices in a forensically sound manner is becoming more critical since 80% of all cases have some sort of digital evidence involved in them (Rogers, 2006, p. 1) .The process of documenting and tagging digital devices is cumbersome and involves details that might not apply to other types of evidence, since each evidence item has unique physical characteristics (Hesitis & Wilbon, 2005, p. 17). The process becomes less manageable when a large number of digital devices are seized. This paper examines the information and issues investigators should be aware of when collecting digital devices at crime scenes. Furthermore, …
Vulnerability Analysis Of Rfid Protocols For Tag Ownership Transfer,
2010
Singapore Management University
Vulnerability Analysis Of Rfid Protocols For Tag Ownership Transfer, Pedro Peris-Lopez, Julio Hernandez-Castro, Juan Tapiador, Tieyan Li, Yingjiu Li
Research Collection School Of Computing and Information Systems
In RFIDSec’08, Song proposed an ownership transfer scheme, which consists of an ownership transfer protocol and a secret update protocol [7]. The ownership transfer protocol is completely based on a mutual authentication protocol proposed in WiSec’08 [8]. In Rizomiliotis et al. (2009) [6], van Deursen and Radomirovic (2008), the first weaknesses to be identified (tag and server impersonation) were addressed and this paper completes the consideration of them all. We find that the mutual authentication protocol, and therefore the ownership transfer protocol, possesses certain weaknesses related to most of the security properties initially required in protocol design: tag information leakage, …
Security And Performance Analysis For Rfid Protocols,
2010
Singapore Management University
Security And Performance Analysis For Rfid Protocols, Bing Liang
Dissertations and Theses Collection (Open Access)
Radio Frequency Identification (RFID) is an advanced object identification technology that has already been applied in various industries. However, the insecure nature of the communication channel between readers and tags makes RFID systems vulnerable to various kinds of attacks. In recent years, many new methods have been proposed to improve the security of RFID systems, such as disabling tags, agent management and establishing cryptographic protocols. Among them, we focus on the last approach, which is more economic and convenient in certain cases. The first part of our work is to categorize typical existing RFID protocols according to their security levels. …
Security In Ad Hoc Networks And Pervasive Computing,
2010
Old Dominion University
Security In Ad Hoc Networks And Pervasive Computing, Isaac Z. Wu, X.-Y. Li, M. Song, C.-M. Liu
Electrical & Computer Engineering Faculty Publications
Pervasive computing is an exciting and blooming research field, in which innovative techniques and applications are continuously emerging and aim to provide ambient and personalized services to users with high quality. Ad hoc networks are wireless, self-organizing systems formed by cooperating nodes within communication range of each other that form temporary networks. Their topology is dynamic, decentralized, ever changing and the nodes may move around arbitrarily. The last few years have witnessed a wealth of research ideas on ad hoc networking that are moving rapidly into implemented standards. Technology under development for ad hoc networks and pervasive computing is making …
Theory Of Entropic Security Decay: The Gradual Degradation In Effectiveness Of Commissioned Security Systems,
2010
Edith Cowan University
Theory Of Entropic Security Decay: The Gradual Degradation In Effectiveness Of Commissioned Security Systems, Michael P. Coole
Theses: Doctorates and Masters
As a quantitative auditing tool for Physical Protection Systems (PPS) the Estimated Adversary Sequence Interruption (EASI) model has been available for many years. Nevertheless, once a systems macro-state measure has been commissioned (Pi) against its defined threat using EASI, there must be a means of articulating its continued efficacy (steady state) or its degradation over time. The purpose of this multi-phase study was to develop the concept and define the term entropic security decay. Phase one presented documentary benchmarks for security decay. This phase was broken into three stages; stage one presented General Systems Theory (GST) as a systems benchmark …
Remote Attestation On Function Execution,
2010
Peking University
Remote Attestation On Function Execution, Liang Gu, Yueqiang Cheng, Xuhua Ding, Robert H. Deng, Yao Guo, Weizhong Shao
Research Collection School Of Computing and Information Systems
Remote attestation provides the basis for one platform to establish trusts on another. In this paper, we consider the problem of attesting the correctness of program executions. We propose to measure the target program and all the objects it depends on, with an assumption that the Secure Kernel and the Trusted Platform Module provide a secure execution environment through process separation. The attestation of the target program begins with a program analysis on the source code or the binary code in order to find out the relevant executables and data objects. Whenever such a data object is accessed or a …
