9,093 research outputs found

    UK security breach investigations report: an analysis of data compromise cases

    Get PDF
    This report, rather than relying on questionnaires and self-reporting, concerns cases that were investigated by the forensic investigation team at 7Safe. Whilst removing any inaccuracies arising from self-reporting, the authors acknowledge that the limitation of the sample size remains. It is hoped that the unbiased reporting by independent investigators has yielded interesting facts about modern security breaches. All data in this study is based on genuine completed breach investigations conducted by the compromise investigation team over the last 18 months

    Taxonomy for Anti-Forensics Techniques & Countermeasures

    Get PDF
    Computer Forensic Tools are used by forensics investigators to analyze evidence from the seized devices collected at a crime scene or from a person, in such ways that the results or findings can be used in a court of law. These computer forensic tools are very important and useful as they help the law enforcement personnel to solve crimes. Computer criminals are now aware of the forensics tools used; therefore, they use countermeasure techniques to efficiently obstruct the investigation processes. By doing so, they make it difficult or almost impossible for investigators to uncover the evidence. These techniques, used against the computer forensics processes, are called Anti-forensics. This paper describes some of the many anti-forensics’ method, techniques and tools using a taxonomy. The taxonomy classified anti-forensics into different levels and different categories: WHERE, WHICH, WHAT, and HOW. The WHERE level indicates where anti-forensics can occur during an investigation. The WHICH level indicates which anti-forensics techniques exist. The WHAT level defines the exact method used for each technique. Finally, the HOW level indicates the tools used. Additionally, some countermeasures were proposed

    Anti-forensics: Furthering Digital Forensic Science Through a New Extended, Granular Taxonomy

    Get PDF
    Anti-forensic tools, techniques and methods are becoming a formidable obstacle for the digital forensic community. Thus, new research initiatives and strategies must be formulated to address this growing problem. In this work we first collect and categorize 308 antidigital forensic tools to survey the field. We then devise an extended anti-forensic taxonomy to the one proposed by Rogers (2006) in order to create a more comprehensive taxonomy and facilitate linguistic standardization. Our work also takes into consideration anti-forensic activity which utilizes tools that were not originally designed for antiforensic purposes, but can still be used with malicious intent. This category was labeled as Possible indications of anti-forensic activity, as certain software, scenarios, and digital artifacts could indicate anti-forensic activity on a system. We also publicly share our data sets, which includes categorical data on 308 collected anti-forensic tools, as well as 2780 unique hash values related to the installation files of 191 publicly available anti-forensic tools. As part of our analysis, the collected hash set was ran against the National Institute of Standards and Technology\u27s 2016 National Software Reference Library, and only 423 matches were found out of the 2780 hashes. Our findings indicate a need for future endeavors in creating and maintaining exhaustive anti-forensic hash data sets

    Analysis of digital evidence in identity theft investigations

    Get PDF
    Identity Theft could be currently considered as a significant problem in the modern internet driven era. This type of computer crime can be achieved in a number of different ways; various statistical figures suggest it is on the increase. It intimidates individual privacy and self assurance, while efforts for increased security and protection measures appear inadequate to prevent it. A forensic analysis of the digital evidence should be able to provide precise findings after the investigation of Identity Theft incidents. At present, the investigation of Internet based Identity Theft is performed on an ad hoc and unstructured basis, in relation to the digital evidence. This research work aims to construct a formalised and structured approach to digital Identity Theft investigations that would improve the current computer forensic investigative practice. The research hypothesis is to create an analytical framework to facilitate the investigation of Internet Identity Theft cases and the processing of the related digital evidence. This research work makes two key contributions to the subject: a) proposing the approach of examining different computer crimes using a process specifically based on their nature and b) to differentiate the examination procedure between the victim’s and the fraudster’s side, depending on the ownership of the digital media. The background research on the existing investigation methods supports the need of moving towards an individual framework that supports Identity Theft investigations. The presented investigation framework is designed based on the structure of the existing computer forensic frameworks. It is a flexible, conceptual tool that will assist the investigator’s work and analyse incidents related to this type of crime. The research outcome has been presented in detail, with supporting relevant material for the investigator. The intention is to offer a coherent tool that could be used by computer forensics investigators. Therefore, the research outcome will not only be evaluated from a laboratory experiment, but also strengthened and improved based on an evaluation feedback by experts from law enforcement. While personal identities are increasingly being stored and shared on digital media, the threat of personal and private information that is used fraudulently cannot be eliminated. However, when such incidents are precisely examined, then the nature of the problem can be more clearly understood

    The Pegasus spyware scandal: a critical review of Citizen Lab's "CatalanGate"

    Get PDF
    This document dissects the report “CatalanGate: Extensive Mercenary Spyware Operation against Catalans Using Pegasus and Candiru”, published on 18 April 2022, by Citizen Lab at the Munk School of Global Affairs and Public Policy, University of Toronto, and reveals a series of serious methodological and ethical issues that severely undermine its value as evidentiary basis for parliamentary committees and court trials. This critical review shows that Citizen Lab’s research design, fieldwork, and reporting of findings in the “CatalanGate” report clash with commonly accepted norms of academic research conduct and integrity. The variety and gravity of the pitfalls discovered suggest that Citizen Lab and the political organisations that collaborated with them in the elaboration of the report may have tried to purposefully induce a strong political bias to shape public opinion and achieve strong media impact. This critical review recommends the University of Toronto to launch an independent investigation on this report and to retract its publication. The CatalanGate report cannot be considered a rigorous academic work. It breaches most academic research conventions and does not respect the protocols and principles of digital forensic investigation. It appears to have been designed and conducted with the purpose of becoming a political instrument for Catalan nationalists, feeding evidence for lawsuits that both Apple and secessionist parties were planning, and attempting to justify ex-post the nullity of several trials that had taken place after the unilateral secession attempt in October 2017 —based on the pretended illegal monitoring of lawyers by the Spanish authorities at the time these trials took place—. As such, it could be considered as a key element in a disinformation campaign. It is beyond the scope of this review to assess whether Spain spied —legally or illegally— on some of the participants in the investigation or if Pegasus was the spyware of choice. This review shows, however, that the CatalanGate report does not meet the minimal requisites to be used as evidentiary basis for either legal procedures or parliamentary committees of enquiry. An independent investigation for research misconduct is expected in cases as serious as this one. Any parliamentary committee or court of justice investigating CatalanGate should request independent forensic experts —without connections to Citizen Lab or Amnesty Tech— to reproduce the analyses and assess their validity and reliability. It is important to rule out false positives as well as to identify any potential alterations or fabrications of evidence, such as manufactured positive results, taking advantage of the absence of a chain of custody of evidence in this investigation. The lack of checks on the actions of internet security and privacy watchdogs, such as Citizen Lab, and their potential “capture” by Big Tech corporations and partisan political groups should be a source of concern for the European Union. Citizen Lab is right to demand public accountability and transparency from European Member states, but it is also important that they also adhere to these same principles and that accusations against governments do not drive attention away from responsibilities and challenges incurred by Big Tech corporations regarding internet security

    Forensic Breach Response in Compliance with GDPR

    Get PDF
    Modifications and new approaches for breach response and forensic investigations for compliance with the General Data Protection Regulation, GDPR, is to be expected in May 2018. This paper brings forth the conclusion that engagement from top management is crucial in order to comply with the GDPR requirements. The importance of having a vision and a strategy assessing the matters of breach response, so that resources can enable procedures for an investigation, is articulated. To enable appropriate countermeasures, a clear understanding of the regulation is essential and presented in terms of severity of risk to the rights and freedoms of an individual. Including required actions to take upon a breach and the time-frame of each obligation. Furthermore, the report discusses an approach to approximate the number of individuals being affected by a breach, through looking at the intrusion point. This is an essential step since every incident report that needs to be communicated to Datainspektionen needs to assess the approximate number of individuals affected. Assessing the effects of an incident through the intrusion point-approach, is an initial step before the forensic analyst may define the exact number of affected individuals.Some of the greatest challenges organizations are faced by today are the information security threats, vulnerabilities and risks that all too often reach the state of an incident. Some may argue, the less detected the better. Reporting incidents in the era of the General Data Protection Regulation, GDPR, appears not to be in organizations favor. They may resemble the incident notification process with raising their hands on the highway, announcing they are driving too fast and would like to have a speeding ticket. Will applied sanctions foster absence of speed indicators, in other words, weak detection systems? Absence of evidence is not evidence of absence. If not reported, sanctions will be higher and individuals might be at risks. Breaches are becoming unavoidable and information that is kept might actually cause damage and personally detrimental impact if leaked. Organizations may face severe reputational and financial impact. GDPR, valid from 25 May 2018 when PUL, the current Swedish privacy protection law, will be abolished, addresses this matter through regulatory challenges. Well-managed breach response could save a company from losing both their customers’ trust and money. Breach notifications should be carried out to the national supervisory authority, Datainspektionen, and when necessary to affected individuals. However, the process of identifying which individuals that should be reported to, what exact records that have been compromised, is commonly underestimated. No matter how good the forensic analyst is, if there are no logs to analyze or if the investigation starts too late, there will be challenges in obtaining the requested information. The organization itself should provide the analyst with the best feasible environment for performing an investigation, providing relevant contacts, information and grant access together with searchable and relevant logs. It is essential to discover the breach in time, to be able to contain it and narrow down the number of affected individuals. This paper investigates the adoption of new and altered obligations in incident response and establishes guidance in accordance with GDPR on how to conduct the procedures for breach notification. The paper brings forth the conclusion that engagement from top-management is crucial. By having an information security vision and strategy enabling a proactive culture is the first fundamental step towards giving the forensic analyst the best feasible environment for identifying what records that have been compromised

    A Cyber Forensics Needs Analysis Survey: Revisiting the Domain\u27s Needs a Decade Later

    Get PDF
    The number of successful cyber attacks continues to increase, threatening financial and personal security worldwide. Cyber/digital forensics is undergoing a paradigm shift in which evidence is frequently massive in size, demands live acquisition, and may be insufficient to convict a criminal residing in another legal jurisdiction. This paper presents the findings of the first broad needs analysis survey in cyber forensics in nearly a decade, aimed at obtaining an updated consensus of professional attitudes in order to optimize resource allocation and to prioritize problems and possible solutions more efficiently. Results from the 99 respondents gave compelling testimony that the following will be necessary in the future: 1) better education/training/certification (opportunities, standardization, and skill-sets); 2) support for cloud and mobile forensics; 3) backing for and improvement of open-source tools 3) research on encryption, malware, and trail obfuscation; 4) revised laws (specific, up-to-date, and which protect user privacy); 5) better communication, especially between/with law enforcement (including establishing new frameworks to mitigate problematic communication); 6) more personnel and funding

    Literature based Cyber Security Topics: Handbook

    Get PDF
    Cyber security is the practice of protecting systems, networks, and programs from digital attacks. These cyber attacks are usually aimed at accessing, changing, or destroying sensitive information; extorting money from users; or interrupting normal business processes. Cloud computing has emerged from the legacy data centres. Consequently, threats applicable in legacy system are equally applicable to cloud computing along with emerging new threats that plague only the cloud systems. Traditionally the data centres were hosted on-premises. Hence, control over the data was comparatively easier than handling a cloud system which is borderless and ubiquitous. Threats due to multi-tenancy, access from anywhere, control of cloud, etc. are some examples of why cloud security becomes important. Considering the significance of cloud security, this work is an attempt to understand the existing cloud service and deployment models, and the major threat factors to cloud security that may be critical in cloud environment. It also highlights various methods employed by the attackers to cause the damage. Cyber-attacks are highlighted as well. This work will be profoundly helpful to the industry and researchers in understanding the various cloud specific cyber-attack and enable them to evolve the strategy to counter them more effectively

    A Framework for Examining the Human Side of Anti-Forensic Measures

    Get PDF
    • …
    corecore