11,761 research outputs found
Detection of Metasploit Attacks Using RAM Forensic on Proprietary Operating Systems
Information technology has become an essential thing in the digital era as it is today. With the support of computer networks, information technology is used as a medium for exchanging data and information. Much information is confidential. Therefore, security is also essential. Metasploit is one of the frameworks commonly used by penetration testers to audit or test the security of a computer system legally, but it does not rule out the possibility that Metasploit can also be used for crime. For this reason, it is necessary to carry out a digital forensic process to uncover these crimes. In this study, a simulation of attacks on Windows 10 will be carried out with Metasploit. Then the digital forensics process uses live forensics techniques on computer RAM, where the computer RAM contains information about the processes running on the computer. The live forensic technique is important because information on RAM will be lost if the computer is off. This research will use FTK Imager, Dumpit, and Magnet RAM Capture as the RAM acquisition tool and Volatility as the analysis tool. The results of the research have successfully shown that the live forensics technique in RAM is able to obtain digital evidence in the form of an attacker's IP, evidence of exploits/Trojans, processes running on RAM, operating system profiles used and the location of the exploits/Trojan when executed by the victim
BitTorrent Sync: First Impressions and Digital Forensic Implications
With professional and home Internet users becoming increasingly concerned
with data protection and privacy, the privacy afforded by popular cloud file
synchronisation services, such as Dropbox, OneDrive and Google Drive, is coming
under scrutiny in the press. A number of these services have recently been
reported as sharing information with governmental security agencies without
warrants. BitTorrent Sync is seen as an alternative by many and has gathered
over two million users by December 2013 (doubling since the previous month).
The service is completely decentralised, offers much of the same
synchronisation functionality of cloud powered services and utilises encryption
for data transmission (and optionally for remote storage). The importance of
understanding BitTorrent Sync and its resulting digital investigative
implications for law enforcement and forensic investigators will be paramount
to future investigations. This paper outlines the client application, its
detected network traffic and identifies artefacts that may be of value as
evidence for future digital investigations.Comment: Proc. of Digtial Forensics Research Workshop (DFRWS EU 2014
Privacy Preserving Internet Browsers: Forensic Analysis of Browzar
With the advance of technology, Criminal Justice agencies are being
confronted with an increased need to investigate crimes perpetuated partially
or entirely over the Internet. These types of crime are known as cybercrimes.
In order to conceal illegal online activity, criminals often use private
browsing features or browsers designed to provide total browsing privacy. The
use of private browsing is a common challenge faced in for example child
exploitation investigations, which usually originate on the Internet. Although
private browsing features are not designed specifically for criminal activity,
they have become a valuable tool for criminals looking to conceal their online
activity. As such, Technological Crime units often focus their forensic
analysis on thoroughly examining the web history on a computer. Private
browsing features and browsers often require a more in-depth, post mortem
analysis. This often requires the use of multiple tools, as well as different
forensic approaches to uncover incriminating evidence. This evidence may be
required in a court of law, where analysts are often challenged both on their
findings and on the tools and approaches used to recover evidence. However,
there are very few research on evaluating of private browsing in terms of
privacy preserving as well as forensic acquisition and analysis of privacy
preserving internet browsers. Therefore in this chapter, we firstly review the
private mode of popular internet browsers. Next, we describe the forensic
acquisition and analysis of Browzar, a privacy preserving internet browser and
compare it with other popular internet browser
HyBIS: Windows Guest Protection through Advanced Memory Introspection
Effectively protecting the Windows OS is a challenging task, since most
implementation details are not publicly known. Windows has always been the main
target of malwares that have exploited numerous bugs and vulnerabilities.
Recent trusted boot and additional integrity checks have rendered the Windows
OS less vulnerable to kernel-level rootkits. Nevertheless, guest Windows
Virtual Machines are becoming an increasingly interesting attack target. In
this work we introduce and analyze a novel Hypervisor-Based Introspection
System (HyBIS) we developed for protecting Windows OSes from malware and
rootkits. The HyBIS architecture is motivated and detailed, while targeted
experimental results show its effectiveness. Comparison with related work
highlights main HyBIS advantages such as: effective semantic introspection,
support for 64-bit architectures and for latest Windows (8.x and 10), advanced
malware disabling capabilities. We believe the research effort reported here
will pave the way to further advances in the security of Windows OSes
Rethinking Digital Forensics
© IAER 2019In the modern socially-driven, knowledge-based virtual computing environment in which organisations are operating, the current digital forensics tools and practices can no longer meet the need for scientific rigour. There has been an exponential increase in the complexity of the networks with the rise of the Internet of Things, cloud technologies and fog computing altering business operations and models. Adding to the problem are the increased capacity of storage devices and the increased diversity of devices that are attached to networks, operating autonomously. We argue that the laws and standards that have been written, the processes, procedures and tools that are in common use are increasingly not capable of ensuring the requirement for scientific integrity. This paper looks at a number of issues with current practice and discusses measures that can be taken to improve the potential of achieving scientific rigour for digital forensics in the current and developing landscapePeer reviewe
Recommended from our members
Forensically-Sound Analysis of Security Risks of using Local Password Managers
Password managers have been developed to address the human challenges associated with password security, i.e., to solve usability issues in a secure way. They offer, e.g., features to create strong passwords, to manage the increasing number of passwords a typical user has, and to auto-fill passwords, sparing users the hassle of not only remembering but also typing them. Previous studies have focused mainly on the security analysis of cloud-based and browser-based password managers; security of local password managers remains mostly under-explored. This paper takes a forensic approach and reports on a case study of three popular local password managers: KeePass (v2.28), Password Safe (v3.35.1) and RoboForm (v7.9.12). Results revealed that either the master password or the content of the password database could be found unencrypted in Temp folders, Page files or Recycle bin, even after the applications had been closed. Therefore, an attacker or malware with temporary access to the computer on which the password managers were running may be able to steal sensitive information, even though these password managers are meant to keep the databases encrypted and protected at all times
- …