Introductory Computer Forensics

INTERPOL (International Police) built cybercrime programs to keep up with emerging cyber threats, and aims to coordinate and assist international operations for ?ghting crimes involving computers. Although signi?cant international efforts are being made in dealing with cybercrime and cyber-terrorism, ?nding effective, cooperative, and collaborative ways to deal with complicated cases that span multiple jurisdictions has proven dif?cult in practic

Mobile Forensics – The File Format Handbook

This open access book summarizes knowledge about several file systems and file formats commonly used in mobile devices. In addition to the fundamental description of the formats, there are hints about the forensic value of possible artefacts, along with an outline of tools that can decode the relevant data. The book is organized into two distinct parts: Part I describes several different file systems that are commonly used in mobile devices. · APFS is the file system that is used in all modern Apple devices including iPhones, iPads, and even Apple Computers, like the MacBook series. · Ext4 is very common in Android devices and is the successor of the Ext2 and Ext3 file systems that were commonly used on Linux-based computers. · The Flash-Friendly File System (F2FS) is a Linux system designed explicitly for NAND Flash memory, common in removable storage devices and mobile devices, which Samsung Electronics developed in 2012. · The QNX6 file system is present in Smartphones delivered by Blackberry (e.g. devices that are using Blackberry 10) and modern vehicle infotainment systems that use QNX as their operating system. Part II describes five different file formats that are commonly used on mobile devices. · SQLite is nearly omnipresent in mobile devices with an overwhelming majority of all mobile applications storing their data in such databases. · The second leading file format in the mobile world are Property Lists, which are predominantly found on Apple devices. · Java Serialization is a popular technique for storing object states in the Java programming language. Mobile application (app) developers very often resort to this technique to make their application state persistent. · The Realm database format has emerged over recent years as a possible successor to the now ageing SQLite format and has begun to appear as part of some modern applications on mobile devices. · Protocol Buffers provide a format for taking compiled data and serializing it by turning it into bytes represented in decimal values, which is a technique commonly used in mobile devices. The aim of this book is to act as a knowledge base and reference guide for digital forensic practitioners who need knowledge about a specific file system or file format. It is also hoped to provide useful insight and knowledge for students or other aspiring professionals who want to work within the field of digital forensics. The book is written with the assumption that the reader will have some existing knowledge and understanding about computers, mobile devices, file systems and file formats

Mobile Forensics – The File Format Handbook

This open access book summarizes knowledge about several file systems and file formats commonly used in mobile devices. In addition to the fundamental description of the formats, there are hints about the forensic value of possible artefacts, along with an outline of tools that can decode the relevant data. The book is organized into two distinct parts: Part I describes several different file systems that are commonly used in mobile devices. · APFS is the file system that is used in all modern Apple devices including iPhones, iPads, and even Apple Computers, like the MacBook series. · Ext4 is very common in Android devices and is the successor of the Ext2 and Ext3 file systems that were commonly used on Linux-based computers. · The Flash-Friendly File System (F2FS) is a Linux system designed explicitly for NAND Flash memory, common in removable storage devices and mobile devices, which Samsung Electronics developed in 2012. · The QNX6 file system is present in Smartphones delivered by Blackberry (e.g. devices that are using Blackberry 10) and modern vehicle infotainment systems that use QNX as their operating system. Part II describes five different file formats that are commonly used on mobile devices. · SQLite is nearly omnipresent in mobile devices with an overwhelming majority of all mobile applications storing their data in such databases. · The second leading file format in the mobile world are Property Lists, which are predominantly found on Apple devices. · Java Serialization is a popular technique for storing object states in the Java programming language. Mobile application (app) developers very often resort to this technique to make their application state persistent. · The Realm database format has emerged over recent years as a possible successor to the now ageing SQLite format and has begun to appear as part of some modern applications on mobile devices. · Protocol Buffers provide a format for taking compiled data and serializing it by turning it into bytes represented in decimal values, which is a technique commonly used in mobile devices. The aim of this book is to act as a knowledge base and reference guide for digital forensic practitioners who need knowledge about a specific file system or file format. It is also hoped to provide useful insight and knowledge for students or other aspiring professionals who want to work within the field of digital forensics. The book is written with the assumption that the reader will have some existing knowledge and understanding about computers, mobile devices, file systems and file formats

Secure network programming in wireless sensor networks

Network programming is one of the most important applications in Wireless Sensor Networks as It provides an efficient way to update program Images running on sensor nodes without physical access to them. Securing these updates, however, remains a challenging and important issue, given the open deployment environment of sensor nodes. Though several security schemes have been proposed to impose the authenticity and Integrity protection on network programming applications, they are either energy Inefficient as they tend to use digital signature or lacks the data confidentiality. In addition, due to the absence of secure memory management in the current sensor hardware, the attacker could inject malicious code into the program flash by exploiting buffer overflow In the memory despite the secure code dissemination. The contribution of this thesis Is to provide two software-based security protocols and one hardware-based remote attestation protocol for network programming application. Our first protocol deploys multiple one-way key chains for a multi-hop sensor network. The scheme Is shown to be lower In computational, power consumption and communication costs yet still able to secure multi•hop propagation of program images. Our second protocol utilizes an Iterative hash structure to the data packets in network programming application, ensuring the data confidentiality and authenticity. In addition, we Integrated confidentiality and DoS-attack-resistance in a multi•hop code dissemination protocol. Our final solution is a hardware-based remote attestation protocol for verification of running codes on sensor nodes. An additional piece of tamper-proof hardware, Trusted Platform Module (TPM), is imposed into the sensor nodes. It secures the sensitive information (e.g., the session key) from attackers and monitors any platform environment changes with the Internal registers. With these features of TPM, the code Injection attack could be detected and removed when the contaminated nodes are challenged in our remote attestation protocol. We implement the first two software-based protocols with Deluge as the reference network programming protocol in TinyOS, evaluate them with the extensive simulation using TOSSIM and validate the simulation results with experiments using Tmote. We implement the remote attestation protocol on Fleck, a sensor platform developed by CSIRO that Integrates an Atmel TPM chip

INFERENCE-BASED FORENSICS FOR EXTRACTING INFORMATION FROM DIVERSE SOURCES

Digital forensics is tasked with the examination and extraction of evidence from a diverse set of devices and information sources. While digital forensics has long been synonymous with file recovery, this label no longer adequately describes the science’s role in modern investigations. Spurred by evolving technologies and online crime, law enforcement is shifting the focus of digital forensics from its traditional role in the final stages of an investigation to assisting investigators in the earliest phases — often before a suspect has been identified and a warrant served. Investigators need new forensic techniques to investigate online crimes, such as child pornography trafficking on peer-to-peer networks (p2p), and to extract evidence from new information sources, such as mobile phones. The traditional approach of developing tools tailored specifically to each source is no longer tenable given the diversity, volume of storage, and introduction rate of new devices and network applications. Instead, we propose the adoption of flexible, inference-based techniques to extract evidence from any format. Such techniques can be readily applied to a wide variety of different evidence sources without requiring significant manual work on the investigator’s part. The primary contribution of my dissertation is a set of novel forensic techniques for extracting information from diverse data sources. We frame the evaluation using two different, but increasingly important, forensic scenarios: mobile phone triage and network-based investigations. Via probabilistic descriptions of typical data structures, and using a classic dynamic programming algorithm, our phone triage techniques are able to identify user information in phones across varied models and manufacturers. We also show how to incorporate feedback from the investigator to improve the usability of extracted information. For network-based investigations, we quantify and characterize the extent of contraband trafficking on peer-to-peer networks. We suggest various techniques for prioritizing law enforcement’s limited resources. We finally investigate techniques that use system logs to generate and then analyze a finite state model of a protocol’s implementation. The objective is to infer behavior that an investigator can leverage to further law enforcement objectives. We evaluate all of our techniques using the real-world legal constraints and restrictions of investigators

Studies in Green Hydrolysis of Waste Wool

A large amount of raw wool, practically unserviceable for textile uses, is generated in Europe from sheep shearing and butchery; this is a byproduct that is either dumped, burned or sent to landfill. Following the European Commission regulations on animal by-product control, unserviceable raw wool is classified as a category 3 special waste materials, and its collection, storage, transport, treatment, use, and disposal is subject to European Union regulations because of a potential risk source to human and animal health. Raw wool has a noticeable chemical potential to conceive and generate a broad category of products, spreading from protein-based scaffold tissues to fertilizers. Considering all these points, raw wool has potential to create a circular economy rather than just wasted as an unserviceable material. In general, raw wool finds its application in insulation panels, composites, carpets, etc., but needs a complete pre-treatment before use. The problems begin with the use of raw wool is that; it cannot be used as a fertilizer without any previous pretreatment such as washing because of the potential risk of infection and its slow degradation process in the soil environment. For these reasons, fertilization with untreated greasy wool is forbidden by the EU legislation, which strictly provides guidelines for raw wool storage, transportation, and disposal. These costs heavily weigh on the profit of sheep farmers. The primary objective of this study is to develop the cost-effective, sustainable process to use raw wool prior to any pretreatment. This study aims at • Converting waste wool into nitrogen fertilizers at a commercial scale for grassland management and cultivation purposes. • Development of potential novel applications of hydrolyzed wool In order to achieve the desired aim of fertilizer, the chemical breakdown of wool needs to be done using sustainable way, i.e., chemical-free process. In general, hydrolysis process is performed using acids, bases, and enzymes. The literature survey on existing hydrolysis processes, their limitations, industrial scale-up viability, sustainability, cost-effectiveness, etc., lead towards the process where chemical transformation is based on a green economically sustainable hydrolysis treatment using only green solvent superheated water. The other the advantage of green hydrolysis is that it sterilizes the wool at high temperature, which indirectly overcomes the problem of pretreatment prior to use and infection problem in the application phase.In order to understand the extent of degradation and industrial viability of the superheated water hydrolysis process with the aim of fertilizer; the development the process implies two steps: the first one at laboratory scale (batch process) and the second at semi-industrial scale (continuous process). A set of experiments on batch scale reactors was performed to monitor process parameters and extent a degree of hydrolysis on raw wool; to establish the ground for designing and construction of semi-industrial scale reactor. The green hydrolysis process optimization was carried out in batch and semi-industrial scale reactors by varying parameters such as temperature, wool density, material to liquor ratio, time, depending on the extent of degradation of the final hydrolyzed product. Controlled treatment with superheated water converts wool keratin into simpler compounds. At the end of the process, it is possible to obtain a hydrolyzed product in either solid or liquid phase depending on the extent of hydrolysis parameters implemented. The presence of amino acids, primary nutrients, and micronutrients in wool hydrolyzates, along with a concentration of heavy metals below the standard limit, confirm the possibility of using wool hydrolyzates as nitrogen based ecologically sound fertilizer. On the way to find the possible application of keratin hydrolyzate other than fertilizer, which overcomes the environmental problem of wool waste and byproducts were found to be a foaming agent for dyeing. The foam-forming the behavior of the keratin hydrolyzate along with its application in dyeing was studied to develop sustainable and green dyeing process. The surface tension, foam stability, blow ratio, bubble size of the keratin hydrolyzate in aqueous solutions with and without dyeing auxiliaries were determined. The dyeing influential parameter such as wet pickup was studied to identify their effect on dye fixation and color strength. The foam dyeing was compared with conventional cold-pad batch and pad-steam processes for cotton and wool, respectively. The combination of green hydrolysis and the biodegradable keratin hydrolyzate resulted in the sustainable green dyeing process

At Home, In Kansas City

The poems that make up the substantive portion of this dissertation have been organized into a sequence made up of two large sets of poems. The poems of the first set, called "Essays," neither describe nor evaluate the objects, individuals, actions, or events of their titles: rather, each poem presents an attempt to make sense of them and of my response to them, as one attempts to makes sense of any novel experience and of one's response to it. In this way, the poems are involved in both (self)observation and (self)examination; they take the measure of what it is that one sees, just as they evince an awareness of one's own disposition and sensibility in the measuring. This first set opens up into the second set, entitled "Poems," composed ostensibly of the generalizations, universal or otherwise, with which the inductive method culminates. And yet, these generalizations cannot quite participate in a reification of that method, for they are not bound, nor do they mark or trace their binding, to the experiences and the responses that precede them. They are generalizations, they may be said to "say something," but to arrive at that saying, they have had to veer away, to find some space where the intractable complexities of the world itself and the objects, events, actions, individuals that constitute it may be held in abeyance. Ultimately, as the reader moves from one poem to the next, from one set to the other, he or she may come to experience a narrative, of the poet trying to find something to say about the world and his experience of it, that provides some context for a realization of the possibility and productivity of a critique of the conventional. The poems frustrate the application of conventional frames just as they use them as points of reference, providing the reader with a mechanism for assimilating the poems to some point of view while compelling him or her to work away from any conventional construal to something more novel, yet nevertheless meaningful