112 research outputs found
The zombies strike back: Towards client-side beef detection
A web browser is an application that comes bundled with every consumer operating system, including both desktop and mobile platforms. A modern web browser is complex software that has access to system-level features, includes various plugins and requires the availability of an Internet connection. Like any multifaceted software products, web browsers are prone to numerous vulnerabilities. Exploitation of these vulnerabilities can result in destructive consequences ranging from identity theft to network infrastructure damage. BeEF, the Browser Exploitation Framework, allows taking advantage of these vulnerabilities to launch a diverse range of readily available attacks from within the browser context. Existing defensive approaches aimed at hardening network perimeters and detecting common threats based on traffic analysis have not been found successful in the context of BeEF detection. This paper presents a proof-of-concept approach to BeEF detection in its own operating environment – the web browser – based on global context monitoring, abstract syntax tree fingerprinting and real-time network traffic analysis
GeoIntelligence: Data Mining Locational Social Media Content for Profiling and Information Gathering
The current social media landscape has resulted in a situation where people are encouraged to share a greater amount of information about their day-to-day lives than ever before. In this environment a large amount of personal data is disclosed in a public forum with little to no regard for the potential privacy impacts. This paper focuses on the presence of geographic data within images, metadata and individual postings. The GeoIntelligence project aims to aggregate this information to educate users on the possible implications of the utilisation of these services as well as providing service to law enforcement and business. This paper demonstrates the ability to profile users on an individual and group basis from data posted openly to social networking services
The impace of custom ROM backups on android external storage erasure
The Android operating system is the current market leader on mobile devices such as smartphones and tablet computers. The core operating system is open source and has a number of developers creating variants of this operating system. These variants, often referred to as custom ROMs are available for a wide number of mobile devices. Custom ROMs provide a number of features, such as enhanced control over the operating system, variation in user interfaces and so on. The process of installing custom ROMs is often accomplished through the use of a ROM manager application. Such applications often provide mechanisms to back up the contents of the mobile device prior to upgrade. This mechanism is utilised in the case of a failed update to restore the device to its previous functional state. Backups produced in this manner are often stored in on an external media such as a micro-SD card.In the conducted research we evaluated devices inbuilt data erasure mechanisms within the context of erasure of backups produced by ROM managers. It was found that simply using the devices Format External / SD function is not an effective means of completely erasing these backups. Once recovered, these backups offer a quick source of information that a potential attacker could carve to retrieve user files such as media transferred to the external or from applications. Although the same files could be recovered from an image of the external storage itself, the carving process is more efficient than traditional carving methods
A non-device specific framework for the development of forensic locational data analysis procedure for consumer grade small and embedded devices
Portable and wearable computing devices such as smart watches, navigation units, mobile phones, and tablet computers commonly ship with Global Navigation Satellite System (GNSS) supported locational awareness. Locational functionality is no longer limited to navigation specific devices such as satellite navigation devices and location tracking systems. Instead the use of these technologies has extended to become secondary functionality on many devices, including mobile phones, cameras, portable computers, and video game consoles. The increase in use of location aware technology is of use to forensic investigators as it has the potential to provide historic locational information. The evidentiary value of these devices to forensic investigators is currently limited due to the lack of available forensic tools and published methods to properly acquire and analyse these data sources. This research addresses this issue through the synthesis of common processes for the development of forensic procedure to acquire and interpret historic locational data from embedded, locationally aware devices.
The research undertaken provides a framework for the generation of forensic procedure to enable the forensic extraction of historical locational data. The framework is device agnostic, relying instead on differential analysis and structured testing to produce a validated method for the extraction of locational history. This framework was evaluated against five devices, selected on a basis of market penetration, availability and a stage
of deduplication.
The examination of the framework took place in a laboratory developed specifically for the research. This laboratory replicates all identified sources of location data for the devices selected. In this case the laboratory is able to simulate cellular (2G and 3G), GNSS (NAVSTAR and GLONASS), and Wi-Fi locationing services. The laboratory is a closed-sky facility, meaning that the laboratory is contained within a faraday cage and all signals are produced and broadcast internally.
Each selected device was run through a series of simulations. These simulations involved the broadcast of signals, replicating the travel of a specific path. Control data was established through the use of appropriate data recording systems, for each of the simulated location signals. On completion of the simulation, each device was forensically acquired and analysed in accordance with the proposed framework.
For each experiment carried out against the five devices, the control and experimental data were compared. In this examination any divergence less than those expected for GNSS were ignored. Any divergence greater than this was examined to establish cause.
Predictable divergence was accepted and non-predictable divergence would have been noted as a limitation. In all instances where data was recovered, all divergences were found to be predictable.
Post analysis, the research found that the proposed framework was successful in producing locational forensic procedure in a non-device specific manner. This success was confirmed for all the devices tested
Kindle Forensics: Acquisition & Analysis
The Amazon Kindle eBook reader supports a wide range of capabilities beyond reading books. This functionality includes an inbuilt cellular data connection known as Whispernet. The Kindle provides web browsing, an application framework, eBook delivery and other services over this connection. The historic data left by user interaction with this device may be of forensic interest. Analysis of the Amazon Kindle device has resulted in a method to reliably extract and interpret data from these devices in a forensically complete manner.
Keywords: forensics, digital forensics, kindle, mobile, embedded, ebook, ereade
Kindle Forensics: Acquisition and Analysis
The Amazon Kindle eBook reader supports a wide range of capabilities beyond reading books. This functionality includes an inbuilt cellular data connection known as Whispernet. The Kindle provides web browsing, an application framework, eBook delivery and other services over this connection. The historic data left by user interaction with this device may be of forensic interest. Analysis of the Amazon Kindle device has resulted in a method to reliably extract and interpret data from these devices in a forensically complete manner
Forensic Acquisition and Analysis of the TomTom One Satellite Navigation Unit
Global Positioning Systems are becoming increasingly pervasive. The forensic acquisition and analysis of these units is of great interest as it has the potential to yield historic locational data for these units. Analysis of the TomTom one satellite navigation unit has resulted in a method to reliably extract historic data from these devices in a forensically sound manner
A methodology for the forensic acquisition of the TomTom One satellite navigation System - A research in progress
The use of Satellite Navigation Systems (SNS) has become increasingly common in recent years. The wide scale adoption of this technology has the potential to provide a valuable resource in forensic investigations. The potential of this resource is based on the ability to retrieve historical location data from the device in question while maintaining forensic integrity. This paper presents a methodology to acquire forensc images of the TomTom One satellite navigation unit. This methodology aims to be comprehensive and straightforward, while maintaining forensic integrity of the original evidence. However, in consideration of the aforementioned methodology, ti should be noted that the defined method may not extract all potential evidence and the viability of collected evidence is dependent on future research into the analysis of said evidence. In order to address this consideration, research into this area is currently ongoing
Kindle Forensics: Acquisition & Analysis
The Amazon Kindle eBook reader supports a wide range of capabilities beyond reading books. This functionality includes an inbuilt cellular data connection known as Whispernet. The Kindle provides web browsing, an application framework, eBook delivery and other services over this connection. The historic data left by user interaction with this device may be of forensic interest. Analysis of the Amazon Kindle device has resulted in a method to reliably extract and interpret data from these devices in a forensically complete manner
Pocket SDV with SDGuardian: A Secure & Forensically Safe Portable Execution Environment
Storage of sensitive and/or business critical data on portable USB attachable mass storage devices is a common practice. The ability to transport large volumes of data from the standard place of work and then access and process the data on an available PC at a different location provides both convenience and flexibility. However, use of such USB attachable mass storage devices presents two major security risks; the risk of loss of the portable storage device during transport and the risk of data remnants residing on a PC after accessing the data from the USB storage device. The latter risk is due to the way Windows and third party applications store temporary information on the host PC\u27s hard disk. Even if every effort is made to delete temporary information it may be possible to recover this information by using forensic data recovery techniques such as header analysis and magnetic force microscopy. The Pocket SDV with SDGuardian provides an elegant solution to the aforementioned security risks. The Pocket SDV is a commercially available USB attachable secure hard disk drive. Features of the Pocket SDV include hardware based encryption, strong authentication, differentiated access rights and cryptographically separate partitioning capabilities. Only a user with the correct authentication credentials can gain access to data stored on the Pocket SDV, thus providing assurance if the Pocket SDV is lost. SDGuardian is a proof of concept toolkit that minimises the remnants left on a PC if it is used to process data stored on a Pocket SDV. Forensic examination of the PC, following processing of data held on a Pocket SDV with SDGuardian, should not reveal any remnants of protected data. In this paper an overview of the Pocket SDV is given and its functionality is enumerated. The motivation for SDGuardian is outlined before discussing the design, capabilities and limitations of the Pocket SDV with SDGuardian
- …