Cyber Forensic and Data Collection Challenges in Nigeria

- The importance of structural investigation to obtain a reliable chain of evidence on cyber-attacks organizations or individual data for application of legal presentation in court in computer forensics. Where ever there is a discovery of evidence or proofs of illegal misuse of organization data it leads to the prosecution of the culprits. Today the technology in cyber forensic is utilizing the application of scientific methods and technics to recover data from electronic and digital media. This scientific method requires expertise that goes beyond regular forensic data collection, techniques, and practices which must conform to universal standards. Increase in the use of computer and the internet has resulted in the change in human behaviors and ways in which they communicate, this growth in technology has given rise to cybercrimes which have caused the insecurity of the cyberspace in general. The increase in the growth of computer and the Internet use has changed the human behavior and ways of communication, this growth in technology has given rise to the rise in cybercrime which is now sophisticated and difficult to trace, investigate, and prosecution of criminals without reliable and accurate data collection

Intensional Cyberforensics

This work focuses on the application of intensional logic to cyberforensic analysis and its benefits and difficulties are compared with the finite-state-automata approach. This work extends the use of the intensional programming paradigm to the modeling and implementation of a cyberforensics investigation process with backtracing of event reconstruction, in which evidence is modeled by multidimensional hierarchical contexts, and proofs or disproofs of claims are undertaken in an eductive manner of evaluation. This approach is a practical, context-aware improvement over the finite state automata (FSA) approach we have seen in previous work. As a base implementation language model, we use in this approach a new dialect of the Lucid programming language, called Forensic Lucid, and we focus on defining hierarchical contexts based on intensional logic for the distributed evaluation of cyberforensic expressions. We also augment the work with credibility factors surrounding digital evidence and witness accounts, which have not been previously modeled. The Forensic Lucid programming language, used for this intensional cyberforensic analysis, formally presented through its syntax and operational semantics. In large part, the language is based on its predecessor and codecessor Lucid dialects, such as GIPL, Indexical Lucid, Lucx, Objective Lucid, and JOOIP bound by the underlying intensional programming paradigm.Comment: 412 pages, 94 figures, 18 tables, 19 algorithms and listings; PhD thesis; v2 corrects some typos and refs; also available on Spectrum at http://spectrum.library.concordia.ca/977460

SoK: Design, Vulnerabilities and Defense of Cryptocurrency Wallets

The rapid growth of decentralized digital currencies, enabled by blockchain technology, has ushered in a new era of peer-to-peer transactions, revolutionizing the global economy. Cryptocurrency wallets, serving as crucial endpoints for these transactions, have become increasingly prevalent. However, the escalating value and usage of these wallets also expose them to significant security risks and challenges. This research aims to comprehensively explore the security aspects of cryptocurrency wallets. It provides a taxonomy of wallet types, analyzes their design and implementation, identifies common vulnerabilities and attacks, and discusses defense mechanisms and mitigation strategies. The taxonomy covers custodial, non-custodial, hot, and cold wallets, highlighting their unique characteristics and associated security considerations. The security analysis scrutinizes the theoretical and practical aspects of wallet design, while assessing the efficacy of existing security measures and protocols. Notable wallet attacks, such as Binance, Mt. Gox are examined to understand their causes and consequences. Furthermore, the paper surveys defense mechanisms, transaction monitoring, evaluating their effectiveness in mitigating threats

Fool me once: A systematic review of techniques to authenticate digital artefacts

When conducting digital forensic investigations, practitioners are concerned with understanding whether the digital artefacts they encounter are authentic and have not been the subject of tampering activity. This is one factor of investigations which could potentially impact of the reliability of any subsequent findings. Some research into this problem has already been undertaken, however there is currently very little understanding of how effective current technique are. In this paper, a Systematic Review (SR) of existing literature will be undertaken to identify the techniques that currently exist to authenticate digital artefacts. Furthermore, consideration will be given to understanding whether existing techniques are effective in solving the problem of digital artefact authentication and whether they are accessible by the practitioner community. The results of the SR will show that while research effort has been devoted to this problem, there are relatively few techniques which can be generally applied. Additionally, very little effort has been devoted to understanding the effectiveness of these techniques. Furthermore, the lack of standardised datasets for evaluation makes comparison between techniques impossible and none of the identified papers provided publicly available implementations. The shortcomings identified in this SR show that further research effort in this area could benefit the community in its aim to produce more reliable findings in forensic investigations

Visual surveillance and direct action protest in the City of London

Due to its workings as a global financial nexus, activists critical of capitalism have used the City of London to stage a number of large-scale direct actions since the 1983-84 Stop the City protests. By examining protest at this renowned site of intensified observation, I argue, we can learn a great deal about what surveillance processes do in practice. To develop its argument, this thesis offers a detailed examination of visual surveillance and counter surveillance practice over four protests: the J18 (1999); the G20 Meltdown (2009); Climate Camp in the City (2009); and Occupy LSX (2011). Based on empirical, qualitative research through archival work, interviews, and video documentation stored at the MayDay Rooms, this thesis demonstrates how City and Met police used visual surveillance to disrupt, re-frame and further criminalise dissent. Over the course of these four protests the police learnt new ways to suppress what they termed ‘extreme’ protest. Conversely, activists developed choreographed, embodied movements and alternative technologies to counter new public order procedures and police surveillance. Politically driven artists, performers and technologists were at the vanguard of these new protest formations, early internet livestreaming and pioneering technical innovations that challenged existing surveillant structures. Yet, as this thesis articulates, over the course of these protests many activists’ inventions were slowly subsumed into proprietary online frameworks, which embed surveillance by default. This thesis uses insights from Marx and Marxist inspired theorists to describe how this method of surveillance and subsumption took place. While police formations informed by this history are increasingly being taken up nationally and internationally, it is vital to understand how state security forces and corporate observers have dealt with ‘extreme’ protests in the City

Impact and key challenges of insider threats on organizations and critical businesses

The insider threat has consistently been identified as a key threat to organizations and governments. Understanding the nature of insider threats and the related threat landscape can help in forming mitigation strategies, including non-technical means. In this paper, we survey and highlight challenges associated with the identification and detection of insider threats in both public and private sector organizations, especially those part of a nation’s critical infrastructure. We explore the utility of the cyber kill chain to understand insider threats, as well as understanding the underpinning human behavior and psychological factors. The existing defense techniques are discussed and critically analyzed, and improvements are suggested, in line with the current state-of-the-art cyber security requirements. Finally, open problems related to the insider threat are identified and future research directions are discussed

Intensional Cyberforensics

This work focuses on the application of intensional logic to cyberforensic analysis and its benefits and difficulties are compared with the finite-state-automata approach. This work extends the use of the intensional programming paradigm to the modeling and implementation of a cyberforensics investigation process with backtracing of event reconstruction, in which evidence is modeled by multidimensional hierarchical contexts, and proofs or disproofs of claims are undertaken in an eductive manner of evaluation. This approach is a practical, context-aware improvement over the finite state automata (FSA) approach we have seen in previous work. As a base implementation language model, we use in this approach a new dialect of the Lucid programming language, called Forensic Lucid, and we focus on defining hierarchical contexts based on intensional logic for the distributed evaluation of cyberforensic expressions. We also augment the work with credibility factors surrounding digital evidence and witness accounts, which have not been previously modeled. The Forensic Lucid programming language, used for this intensional cyberforensic analysis, formally presented through its syntax and operational semantics. In large part, the language is based on its predecessor and codecessor Lucid dialects, such as GIPL, Indexical Lucid, Lucx, Objective Lucid, MARFL, and JOOIP bound by the underlying intensional programming paradigm

Image and Video Forensics

Nowadays, images and videos have become the main modalities of information being exchanged in everyday life, and their pervasiveness has led the image forensics community to question their reliability, integrity, confidentiality, and security. Multimedia contents are generated in many different ways through the use of consumer electronics and high-quality digital imaging devices, such as smartphones, digital cameras, tablets, and wearable and IoT devices. The ever-increasing convenience of image acquisition has facilitated instant distribution and sharing of digital images on digital social platforms, determining a great amount of exchange data. Moreover, the pervasiveness of powerful image editing tools has allowed the manipulation of digital images for malicious or criminal ends, up to the creation of synthesized images and videos with the use of deep learning techniques. In response to these threats, the multimedia forensics community has produced major research efforts regarding the identification of the source and the detection of manipulation. In all cases (e.g., forensic investigations, fake news debunking, information warfare, and cyberattacks) where images and videos serve as critical evidence, forensic technologies that help to determine the origin, authenticity, and integrity of multimedia content can become essential tools. This book aims to collect a diverse and complementary set of articles that demonstrate new developments and applications in image and video forensics to tackle new and serious challenges to ensure media authenticity