Cyber security investigation for Raspberry Pi devices

Big Data on Cloud application is growing rapidly. When the cloud is attacked, the investigation relies on digital forensics evidence. This paper proposed the data collection via Raspberry Pi devices, in a healthcare situation. The significance of this work is that could be expanded into a digital device array that takes big data security issues into account. There are many potential impacts in health area. The field of Digital Forensics Science has been tagged as a reactive science by some who believe research and study in the field often arise as a result of the need to respond to event which brought about the needs for investigation; this work was carried as a proactive research that will add knowledge to the field of Digital Forensic Science. The Raspberry Pi is a cost-effective, pocket sized computer that has gained global recognition since its development in 2008; with the wide spread usage of the device for different computing purposes. Raspberry Pi can potentially be a cyber security device, which can relate with forensics investigation in the near future. This work has used a systematic approach to study the structure and operation of the device and has established security issues that the widespread usage of the device can pose, such as health or smart city. Furthermore, its evidential information applied in security will be useful in the event that the device becomes a subject of digital forensic investigation in the foreseeable future. In healthcare system, PII (personal identifiable information) is a very important issue. When Raspberry Pi plays a processor role, its security is vital; consequently, digital forensics investigation on the Raspberry Pies becomes necessary

Forensic Attacks Analysis and the Cyber Security of Safety-Critical Industrial Control Systems

Industrial Control Systems (ICS) and SCADA (Supervisory Control And Data Acquisition) applications monitor and control a wide range of safety-related functions. These include energy generation where failures could have significant, irreversible consequences. They also include the control systems that are used in the manufacture of safety-related products. In this case bugs in an ICS/SCADA system could introduce flaws in the production of components that remain undetected before being incorporated into safety-related applications. Industrial Control Systems, typically, use devices and networks that are very different from conventional IP-based infrastructures. These differences prevent the re-use of existing cyber-security products in ICS/SCADA environments; the architectures, file formats and process structures are very different. This paper supports the forensic analysis of industrial control systems in safety-related applications. In particular, we describe how forensic attack analysis is used to identify weaknesses in devices so that we can both protect components but also determine the information that must be analyzed during the aftermath of a cyber-incident. Simulated attacks detect vulnerabilities; a risk-based approach can then be used to assess the likelihood and impact of any breach. These risk assessments are then used to justify both immediate and longer-term countermeasures

ADSL router forensics part 1: An introduction to a new source of electronic evidence

Currently there appears to be a lack of research in the area of developing tools, testing methodologies, and creating standards for ADSL router forensics. The paper examines a wide range of literature and introduces the concept of ADSL router forensics as a new and potential field of research for digital forensics investigators. It begins by examining why there is a need for router forensics by detailing some of the more common threats which consumers may experience while online. An outline will be provided discussing the feasibility, limitations and potential risks of router forensics. The paper will then examine one possible avenue for undertaking router forensics and how this applies to the Linksys WRT54g and finally portrays where the research will continue to hereafter

ADSL router forensics part 1: An introduction to a new source of electronic evidence

Currently there appears to be a lack of research in the area of developing tools, testing methodologies, and creating standards for ADSL router forensics. The paper examines a wide range of literature and introduces the concept of ADSL router forensics as a new and potential field of research for digital forensics investigators. It begins by examining why there is a need for router forensics by detailing some of the more common threats which consumers may experience while online. An outline will be provided discussing the feasibility, limitations and potential risks of router forensics. The paper will then examine one possible avenue for undertaking router forensics and how this applies to the Linksys WRT54g and finally portrays where the research will continue to hereafter

ADSL Router Forensics Part 2: Acquiring Evidence

The demand for high-speed Internet access is escalating high sales of ADSL routers. In-turn this has prompted individuals to attack and exploit the vulnerabilities in these devices. To respond to these threats, methods of acquisition and analysis are needed. The configuration data provides a wealth of information into the current state of the device. Hence, this data may be used to identify and interpret unlawful ways in which the device was used. This paper is centres around an empirical learning approach identifying techniques to address the device’s acquirable limitations taking into consideration that the owner may not willingly present login credentials to directly access the device. This paper demonstrates a procedural method of obtaining data of interest from ADSL routers. It further elaborates on the methods by detailing how to extract and understand this configuration data

ADSL Router Forensics Part 2: Acquiring Evidence

The demand for high-speed Internet access is escalating high sales of ADSL routers. In-turn this has prompted individuals to attack and exploit the vulnerabilities in these devices. To respond to these threats, methods of acquisition and analysis are needed. The configuration data provides a wealth of information into the current state of the device. Hence, this data may be used to identify and interpret unlawful ways in which the device was used. This paper is centres around an empirical learning approach identifying techniques to address the device’s acquirable limitations taking into consideration that the owner may not willingly present login credentials to directly access the device. This paper demonstrates a procedural method of obtaining data of interest from ADSL routers. It further elaborates on the methods by detailing how to extract and understand this configuration data

Defending Against Firmware Cyber Attacks on Safety-Critical Systems

In the past, it was not possible to update the underlying software in many industrial control devices. Engineering teams had to ‘rip and replace’ obsolete components. However, the ability to make firmware updates has provided significant benefits to the companies who use Programmable Logic Controllers (PLCs), switches, gateways and bridges as well as an array of smart sensor/actuators. These updates include security patches when vulnerabilities are identified in existing devices; they can be distributed by physical media but are increasingly downloaded over Internet connections. These mechanisms pose a growing threat to the cyber security of safety-critical applications, which are illustrated by recent attacks on safety-related infrastructures across the Ukraine. Subsequent sections explain how malware can be distributed within firmware updates. Even when attackers cannot reverse engineer the code necessary to disguise their attack, they can undermine a device by forcing it into a constant upload cycle where the firmware installation never terminates. In this paper, we present means of mitigating the risks of firmware attack on safety-critical systems as part of wider initiatives to secure national critical infrastructures. Technical solutions, including firmware hashing, must be augmented by organizational measures to secure the supply chain within individual plants, across companies and throughout safety-related industries

Analysis of Data Remaining on Second Hand ADSL Routers

In theory, an ADSL router can provide an additional layer of security to a wired and wireless network through; access control, wireless encryption, firewall rule sets, and network event logging. An ADSL router may also contain the users’ usage habits and broadband account credentials. However, end-users may be unaware of the intricacies of the security measures available and the potentially confidential information stored on their device. As a result a second hand ADSL router may contain a wealth of user-specific information if not wiped and disposed of in a secure manner. This paper shows the data that was acquired from a selection of second hand ADSL routers purchased during the first quarter of 2011. From the data acquired and analyzed, individuals are not removing their personally identifiable information and are leaving confidential data which may lead to detrimental outcomes if misused. The paper also shows that end-user applied security on these devices was alarmingly low. Thus many consumers may fall victim to new and emergent Internet based crimes if the full security capabilities of their ADSL router are not applie

Analysis of Data Remaining on Second Hand ADSL Routers

In theory, an ADSL router can provide an additional layer of security to a wired and wireless network through; access control, wireless encryption, firewall rule sets, and network event logging. An ADSL router may also contain the users’ usage habits and broadband account credentials. However, end-users may be unaware of the intricacies of the security measures available and the potentially confidential information stored on their device. As a result a second hand ADSL router may contain a wealth of user-specific information if not wiped and disposed of in a secure manner. This paper shows the data that was acquired from a selection of second hand ADSL routers purchased during the first quarter of 2011. From the data acquired and analysed, individuals are not removing their personally identifiable information and are leaving confidential data which may lead to detrimental outcomes if misused. The paper also shows that end-user applied security on these devices was alarmingly low. Thus many consumers may fall victim to new and emergent Internet based crimes if the full security capabilities of their ADSL router are not applie

MEMORY FORENSIC DEVELOPMENT AND CHALLENGES IN IDENTIFYING DIGITAL CRIME : A REVIEW

Digital forensic technology is currently advancing along with the demands to uncover various crimes using technology. Memory Forensic is one of the investigative fields in digital forensics. We use the Systematic Literature Review method to identify the developments and challenges of Forensic Memory in identifying digital crimes, analyzed from various reference papers according to the Include and Exclude Criteria and based on the specified Research Question. Authors chose from 30 reference journals from 3 online journal databases namely IEEE Explore, Sciencedirect, and Springer with themes related to forensic memory based on certain criteria for further review to determine the development of digital crime. The results of the SLR that we convey are the result of a study related to the use of Memory Forensic in identifying various digital attacks and challenges faced in the future