56,083 research outputs found
HyBIS: Windows Guest Protection through Advanced Memory Introspection
Effectively protecting the Windows OS is a challenging task, since most
implementation details are not publicly known. Windows has always been the main
target of malwares that have exploited numerous bugs and vulnerabilities.
Recent trusted boot and additional integrity checks have rendered the Windows
OS less vulnerable to kernel-level rootkits. Nevertheless, guest Windows
Virtual Machines are becoming an increasingly interesting attack target. In
this work we introduce and analyze a novel Hypervisor-Based Introspection
System (HyBIS) we developed for protecting Windows OSes from malware and
rootkits. The HyBIS architecture is motivated and detailed, while targeted
experimental results show its effectiveness. Comparison with related work
highlights main HyBIS advantages such as: effective semantic introspection,
support for 64-bit architectures and for latest Windows (8.x and 10), advanced
malware disabling capabilities. We believe the research effort reported here
will pave the way to further advances in the security of Windows OSes
A comparison of forensic evidence recovery techniques for a windows mobile smart phone
<p>Acquisition, decoding and presentation of information from mobile devices is complex and challenging. Device memory is usually integrated into the device, making isolation prior to recovery difficult. In addition, manufacturers have adopted a variety of file systems and formats complicating decoding and presentation.</p>
<p>A variety of tools and methods have been developed (both commercially and in the open source community) to assist mobile forensics investigators. However, it is unclear to
what extent these tools can present a complete view of the information held on a mobile device, or the extent the results produced by different tools are consistent.</p>
<p>This paper investigates what information held on a Windows Mobile smart phone can be recovered using several different approaches to acquisition and decoding. The paper demonstrates that no one technique recovers all information of potential forensic interest from a Windows Mobile device; and that in some cases the information recovered is
conflicting.</p>
Privacy Preserving Internet Browsers: Forensic Analysis of Browzar
With the advance of technology, Criminal Justice agencies are being
confronted with an increased need to investigate crimes perpetuated partially
or entirely over the Internet. These types of crime are known as cybercrimes.
In order to conceal illegal online activity, criminals often use private
browsing features or browsers designed to provide total browsing privacy. The
use of private browsing is a common challenge faced in for example child
exploitation investigations, which usually originate on the Internet. Although
private browsing features are not designed specifically for criminal activity,
they have become a valuable tool for criminals looking to conceal their online
activity. As such, Technological Crime units often focus their forensic
analysis on thoroughly examining the web history on a computer. Private
browsing features and browsers often require a more in-depth, post mortem
analysis. This often requires the use of multiple tools, as well as different
forensic approaches to uncover incriminating evidence. This evidence may be
required in a court of law, where analysts are often challenged both on their
findings and on the tools and approaches used to recover evidence. However,
there are very few research on evaluating of private browsing in terms of
privacy preserving as well as forensic acquisition and analysis of privacy
preserving internet browsers. Therefore in this chapter, we firstly review the
private mode of popular internet browsers. Next, we describe the forensic
acquisition and analysis of Browzar, a privacy preserving internet browser and
compare it with other popular internet browser
Recovering Residual Forensic Data from Smartphone Interactions with Cloud Storage Providers
There is a growing demand for cloud storage services such as Dropbox, Box,
Syncplicity and SugarSync. These public cloud storage services can store
gigabytes of corporate and personal data in remote data centres around the
world, which can then be synchronized to multiple devices. This creates an
environment which is potentially conducive to security incidents, data breaches
and other malicious activities. The forensic investigation of public cloud
environments presents a number of new challenges for the digital forensics
community. However, it is anticipated that end-devices such as smartphones,
will retain data from these cloud storage services. This research investigates
how forensic tools that are currently available to practitioners can be used to
provide a practical solution for the problems related to investigating cloud
storage environments. The research contribution is threefold. First, the
findings from this research support the idea that end-devices which have been
used to access cloud storage services can be used to provide a partial view of
the evidence stored in the cloud service. Second, the research provides a
comparison of the number of files which can be recovered from different
versions of cloud storage applications. In doing so, it also supports the idea
that amalgamating the files recovered from more than one device can result in
the recovery of a more complete dataset. Third, the chapter contributes to the
documentation and evidentiary discussion of the artefacts created from specific
cloud storage applications and different versions of these applications on iOS
and Android smartphones
Cyber security investigation for Raspberry Pi devices
Big Data on Cloud application is growing rapidly. When the cloud is attacked, the investigation relies on digital forensics evidence. This paper proposed the data collection via Raspberry Pi devices, in a healthcare situation. The significance of this work is that could be expanded into a digital device array that takes big data security issues into account. There are many potential impacts in health area. The field of Digital Forensics Science has been tagged as a reactive science by some who believe research and study in the field often arise as a result of the need to respond to event which brought about the needs for investigation; this work was carried as a proactive research that will add knowledge to the field of Digital Forensic Science.
The Raspberry Pi is a cost-effective, pocket sized computer that has gained global recognition since its development in 2008; with the wide spread usage of the device for different computing purposes. Raspberry Pi can potentially be a cyber security device, which can relate with forensics investigation in the near future. This work has used a systematic approach to study the structure and operation of the device and has established security issues that the widespread usage of the device can pose, such as health or smart city. Furthermore, its evidential information applied in security will be useful in the event that the device becomes a subject of digital forensic investigation in the foreseeable future. In healthcare system, PII (personal identifiable information) is a very important issue. When Raspberry Pi plays a processor role, its security is vital; consequently, digital forensics investigation on the Raspberry Pies becomes necessary
Recommended from our members
A survey on online monitoring approaches of computer-based systems
This report surveys forms of online data collection that are in current use (as well as being the subject of research to adapt them to changing technology and demands), and can be used as inputs to assessment of dependability and resilience, although they are not primarily meant for this use
A Survey on Malware Analysis Techniques: Static, Dynamic, Hybrid and Memory Analysis
Now a day the threat of malware is increasing rapidly. A software that sneaks to your computer system without your knowledge with a harmful intent to disrupt your computer operations. Due to the vast number of malware, it is impossible to handle malware by human engineers. Therefore, security researchers are taking great efforts to develop accurate and effective techniques to detect malware. This paper presents a semantic and detailed survey of methods used for malware detection like signature-based and heuristic-based. The Signature-based technique is largely used today by anti-virus software to detect malware, is fast and capable to detect known malware. However, it is not effective in detecting zero-day malware and it is easily defeated by malware that use obfuscation techniques. Likewise, a considerable false positive rate and high amount of scanning time are the main limitations of heuristic-based techniques. Alternatively, memory analysis is a promising technique that gives a comprehensive view of malware and it is expected to become more popular in malware analysis. The main contributions of this paper are: (1) providing an overview of malware types and malware detection approaches, (2) discussing the current malware analysis techniques, their findings and limitations, (3) studying the malware obfuscation, attacking and anti-analysis techniques, and (4) exploring the structure of memory-based analysis in malware detection. The detection approaches have been compared with each other according to their techniques, selected features, accuracy rates, and their advantages and disadvantages. This paper aims to help the researchers to have a general view of malware detection field and to discuss the importance of memory-based analysis in malware detection
Technical and legal perspectives on forensics scenario
The dissertation concerns digital forensic. The expression digital forensic (sometimes called digital forensic science)
is the science that studies the identification, storage, protection, retrieval, documentation, use, and every
other form of computer data processing in order to be evaluated in a legal trial. Digital forensic is a branch of
forensic science. First of all, digital forensic represents the extension of theories, principles and procedures that
are typical and important elements of the forensic science, computer science and new technologies. From this
conceptual viewpoint, the logical consideration concerns the fact that the forensic science studies the legal value
of specific events in order to contrive possible sources of evidence. The branches of forensic science are: physiological
sciences, social sciences, forensic criminalistics and digital forensics. Moreover, digital forensic includes
few categories relating to the investigation of various types of devices, media or artefacts. These categories are:
- computer forensic: the aim is to explain the current state of a digital artefact; such as a computer system,
storage medium or electronic document;
- mobile device forensic: the aim is to recover digital evidence or data from mobile device, such as image, log
call, log sms and so on;
- network forensic: the aim is related to the monitoring and analysis of network traffic (local, WAN/Internet,
UMTS, etc.) to detect intrusion more in general to find network evidence;
- forensic data analysis: the aim is examine structured data to discover evidence usually related to financial
crime;
- database forensic: the aim is related to databases and their metadata.
The origin and historical development of the discipline of study and research of digital forensic are closely
related to progress in information and communication technology in the modern era. In parallel with the changes
in society due to new technologies and, in particular, the advent of the computer and electronic networks, there
has been a change in the mode of collection, management and analysis of evidence. Indeed, in addition to
the more traditional, natural and physical elements, the procedures have included further evidence that although
equally capable of identifying an occurrence, they are inextricably related to a computer or a computer network
or electronic means. The birth of computer forensics can be traced back to 1984, when the FBI and other
American investigative agencies have began to use software for the extraction and analysis of data on a personal
computer. At the beginning of the 80s, the CART(Computer Analysis and Response Team) was created within
the FBI, with the express purpose of seeking the so-called digital evidence. This term is used to denote all the
information stored or transmitted in digital form that may have some probative value. While the term evidence,
more precisely, constitutes the judicial nature of digital data, the term forensic emphasizes the procedural nature
of matter, literally, "to be presented to the Court". Digital forensic have a huge variety of applications. The
most common applications are related to crime or cybercrime. Cybercrime is a growing problem for government,
business and private.
- Government: security of the country (terrorism, espionage, etc.) or social problems (child pornography,
child trafficking and so on).
- Business: purely economic problems, for example industrial espionage.
- Private: personal safety and possessions, for example phishing, identity theft.
Often many techniques, used in digital forensics, are not formally defined and the relation between the technical
procedure and the law is not frequently taken into consideration. From this conceptual perspective, the research
work intends to define and optimize the procedures and methodologies of digital forensic in relation to Italian
regulation, testing, analysing and defining the best practice, if they are not defined, concerning common software.
The research questions are:
1. The problem of cybercrime is becoming increasingly significant for governments, businesses and citizens.
- In relation to governments, cybercrime involves problems concerning national security, such as terrorism
and espionage, and social questions, such as trafficking in children and child pornography.
- In relation to businesses, cybercrime entails problems concerning mainly economic issues, such as
industrial espionage.
- In relation to citizens, cybercrime involves problems concerning personal security, such as identity
thefts and fraud.
2. Many techniques, used within the digital forensic, are not formally defined.
3. The relation between procedures and legislation are not always applied and taken into consideratio
- …