32,660 research outputs found
A forensically-enabled IASS cloud computing architecture
Current cloud architectures do not support digital forensic investigators, nor comply with today’s digital forensics procedures largely due to the dynamic nature of the cloud. Whilst much research has focused upon identifying the problems that are introduced with a cloud-based system, to date there is a significant lack of research on adapting current digital forensic tools and techniques to a cloud environment. Data acquisition is the first and most important process within digital forensics – to ensure data integrity and admissibility. However, access to data and the control of resources in the cloud is still very much provider-dependent and complicated by the very nature of the multi-tenanted operating environment. Thus, investigators have no option but to rely on cloud providers to acquire evidence, assuming they would be willing or are required to by law. Furthermore, the evidence collected by the Cloud Service Providers (CSPs) is still questionable as there is no way to verify the validity of this evidence and whether evidence has already been lost. This paper proposes a forensic acquisition and analysis model that fundamentally shifts responsibility of the data back to the data owner rather than relying upon a third party. In this manner, organisations are free to undertaken investigations at will requiring no intervention or cooperation from the cloud provider. The model aims to provide a richer and complete set of admissible evidence than what current CSPs are able to provide
Medical Cyber-Physical Systems Development: A Forensics-Driven Approach
The synthesis of technology and the medical industry has partly contributed
to the increasing interest in Medical Cyber-Physical Systems (MCPS). While
these systems provide benefits to patients and professionals, they also
introduce new attack vectors for malicious actors (e.g. financially-and/or
criminally-motivated actors). A successful breach involving a MCPS can impact
patient data and system availability. The complexity and operating requirements
of a MCPS complicates digital investigations. Coupling this information with
the potentially vast amounts of information that a MCPS produces and/or has
access to is generating discussions on, not only, how to compromise these
systems but, more importantly, how to investigate these systems. The paper
proposes the integration of forensics principles and concepts into the design
and development of a MCPS to strengthen an organization's investigative
posture. The framework sets the foundation for future research in the
refinement of specific solutions for MCPS investigations.Comment: This is the pre-print version of a paper presented at the 2nd
International Workshop on Security, Privacy, and Trustworthiness in Medical
Cyber-Physical Systems (MedSPT 2017
Modifications and Improvements to the Sea Beam System on Board R/V Thomas Washington
A number of modifications to the narrowbeam echo-sounder and echo processor of the Sea Beammultibeam bathymetric survey system have been implemented. These include the design and construction of a digital pitch compensator, the ability to use a variety of sensors for vertical reference, the design and construction of hardware test equipment, and an interface to the shipboard DEC VAX-11/730 computer for data logging, automation of start-up procedures, and performance monitorin
Calm before the storm: the challenges of cloud computing in digital forensics
Cloud computing is a rapidly evolving information technology (IT) phenomenon. Rather than procure, deploy and manage a physical IT infrastructure to host their software applications, organizations are increasingly deploying their infrastructure into remote, virtualized environments, often hosted and managed by third parties. This development has significant implications for digital forensic investigators, equipment vendors, law enforcement, as well as corporate compliance and audit departments (among others). Much of digital forensic practice assumes careful control and management of IT assets (particularly data storage) during the conduct of an investigation. This paper summarises the key aspects of cloud computing and analyses how established digital forensic procedures will be invalidated in this new environment. Several new research challenges addressing this changing context are also identified and discussed
A Forensically Sound Adversary Model for Mobile Devices
In this paper, we propose an adversary model to facilitate forensic
investigations of mobile devices (e.g. Android, iOS and Windows smartphones)
that can be readily adapted to the latest mobile device technologies. This is
essential given the ongoing and rapidly changing nature of mobile device
technologies. An integral principle and significant constraint upon forensic
practitioners is that of forensic soundness. Our adversary model specifically
considers and integrates the constraints of forensic soundness on the
adversary, in our case, a forensic practitioner. One construction of the
adversary model is an evidence collection and analysis methodology for Android
devices. Using the methodology with six popular cloud apps, we were successful
in extracting various information of forensic interest in both the external and
internal storage of the mobile device
Forensic Analysis of the ChatSecure Instant Messaging Application on Android Smartphones
We present the forensic analysis of the artifacts generated on Android
smartphones by ChatSecure, a secure Instant Messaging application that provides
strong encryption for transmitted and locally-stored data to ensure the privacy
of its users.
We show that ChatSecure stores local copies of both exchanged messages and
files into two distinct, AES-256 encrypted databases, and we devise a technique
able to decrypt them when the secret passphrase, chosen by the user as the
initial step of the encryption process, is known.
Furthermore, we show how this passphrase can be identified and extracted from
the volatile memory of the device, where it persists for the entire execution
of ChatSecure after having been entered by the user, thus allowing one to carry
out decryption even if the passphrase is not revealed by the user.
Finally, we discuss how to analyze and correlate the data stored in the
databases used by ChatSecure to identify the IM accounts used by the user and
his/her buddies to communicate, as well as to reconstruct the chronology and
contents of the messages and files that have been exchanged among them.
For our study we devise and use an experimental methodology, based on the use
of emulated devices, that provides a very high degree of reproducibility of the
results, and we validate the results it yields against those obtained from real
smartphones
- …