Acquisition and Analysis of Digital Evidencein Android Smartphones

From an expert's standpoint, an Android phone is a large data repositorythat can be stored either locally or remotely. Besides, its platform allows analysts toacquire device data and evidence, collecting information about its owner and facts underinvestigation. This way, by means of exploring and cross referencing that rich data source,one can get information related to unlawful acts and its perpetrator. There are widespreadand well documented approaches to forensic examining mobile devices and computers.Nevertheless, they are neither specific nor detailed enough to be conducted on Androidcell phones. These approaches are not totally adequate to examine modern smartphones,since these devices have internal memories whose removal or mirroring procedures areconsidered invasive and complex, due to difficulties in having direct hardware access. Theexam and analysis are not supported by forensic tools when having to deal with specific filesystems, such as YAFFS2 (Yet Another Flash File System). Furthermore, specific featuresof each smartphone platform have to be considered prior to acquiring and analyzing itsdata. In order to deal with those challenges, this paper proposes a method to perform dataacquisition and analysis of Android smartphones, regardless of version and manufacturer.The proposed approach takes into account existing techniques of computer and cellphone forensic examination, adapting them to specific Android characteristics, its datastorage structure, popular applications and the conditions under which the device wassent to the forensic examiner. The method was defined in a broad manner, not namingspecific tools or techniques. Then, it was deployed into the examination of six Androidsmartphones, which addressed different scenarios that an analyst might face, and wasvalidated to perform an entire evidence acquisition and analysis

Acquisition of digital evidence in android smartphones

From an expert\u27s perspective, an Android phone is a large data repository that can be stored either locally or remotely. Besides, its platform allows analysts to acquire device data, collecting information about its owner and facts that are under investigation. This way, by exploring and cross referencing that rich data source, one can get information related to unlawful acts and its perpetrator. There are widespread and well documented approaches to forensic examining mobile devices and computers. Nevertheless, they are not specific nor detailed enough to examine modern smartphones, since these devices have internal memories whose removal or mirroring procedures are considered invasive and complex, due to difficulties in having direct hardware access. Furthermore, specific features of each smartphone platform have to be considered prior to acquiring its data. In order to deal with those challenges, this paper proposes a method to perform data acquisition of Android smartphones, regardless of version and manufacturer. The proposed approach takes into account existing techniques of computer and cell phone forensic examination, adapting them to specific Android characteristics, its data storage structure, popular applications and the conditions under which the device was sent to the forensic examiner. The method was defined in a broad fashion, not naming specific tools or techniques. Then, it was deployed into the examination of six Android smartphones, addressing different scenarios that an analyst might face, and was validated to perform an entire evidence acquisition

Novel approaches to applied cybersecurity in privacy, encryption, security systems, web credentials, and education

Applied Cybersecurity is a domain that interconnects people, processes, technologies, usage environment and vulnerabilities in a complex manner. As a cybersecurity expert at CTI Renato Archer- a research institute from Brazilian Ministry of Science, Technology and Innovations, author developed novel approaches to help solve practical and practice-based problems in applied cybersecurity over the last ten years. The needs of the government, industry, customers, and real-life problems in five categories: Privacy, Encryption, Web Credentials, Security Systems and Education, were the research stimuli. Based on prior outputs, this thesis presents a cohesive narrative of the novel approaches in the mentioned categories consolidating fifteen research publications. The customers and society, in general, expect that companies, universities, and the government will protect them from any cyber threats. Fifteen research papers that compose this thesis elucidate a broader context of cyber threats, errors in security software and gaps in cybersecurity education. This thesis's research points out that a large number of organisations are vulnerable to cyber threats and procedures and practices around cybersecurity are questionable. Therefore, society expects a periodic reassessment of cybersecurity systems, practices and policies. Privacy has been extensively debated in many countries due to personal implications and civil liberties with citizenship at stake. Since 2018, GDPR has been in force in the EU and has been a milestone for people and institutions' privacy. The novel work in privacy, supported by four research papers, discusses the private mode navigation in several browsers and shows how privacy is a fragile feeling. The secrets of different companies, countries and armed forces are entrusted to encryption technologies. Three research papers support the encryption element discussed in this thesis. It explores vulnerabilities in the most used encryption software. It provides data exposure scenarios showing how companies, government and universities are vulnerable and proposes best practices. Credentials are data that give someone the right to access a location or a system. They usually involve a login, a username, email, access code and a password. It is customary to have a rigorous demand for security credentials a sensitive system of information. The work on web credentials in this thesis, supported by one research paper, examines a novel experiment that permits the intruder to extract user credentials in home banking and e-commerce websites, revealing common cyber flaws and vulnerabilities. Antimalware systems are complex software engineering systems purposely designed to be safe and reliable despite numerous operational idiosyncrasies. Antimalware systems have been deployed for protecting information systems for decades. The novel work on security systems presented in the thesis, supported by five research papers, explores antimalware attacks and software engineering structure problems. Cybersecurity's primary awareness is expected through school and University education, but the academic discourse is often dissociated from practice. The discussion-based on two research papers presents a new insight into cybersecurity education and proposes an IRCS Index of Relevance in Cybersecurity (IRCS) to classify the computer science courses offered in UK Universities relevance of cybersecurity in their curricula. In a nutshell, the thesis presents a coherent and novel narrative to applied cybersecurity in five categories spanning software, systems, and education

Fingerprinting Encrypted Tunnel Endpoints

Operating System fingerprinting is a reconnaissance method used by Whitehats and Blackhats alike. Current techniques for fingerprinting do not take into account tunneling protocols, such as IPSec, SSL/TLS, and SSH, which effectively `wrap` network traffic in a ciphertext mantle, thus potentially rendering passive monitoring ineffectual. Whether encryption makes VPN tunnel endpoints immune to fingerprinting, or yields the encrypted contents of the VPN tunnel entirely indistinguishable, is a topic that has received modest coverage in academic literature. This study addresses these question by targeting two tunnelling protocols: IPSec and SSL/TLS. A new fingerprinting methodology is presented, several fingerprinting discriminants are identified, and test results are set forth, showing that endpoint identities can be uncovered, and that some of the contents of encrypted VPN tunnels can in fact be discerned.Dissertation (MSc (Computer Science))--University of Pretoria, 2005.Computer Scienceunrestricte

Colombia and the Intelligence Cycle in the 21st Century, the Digital Age

Luuretsükkel on luureinfo analüüsimise ja kogumise peamine protsess, mida kasutatakse\n\rkogu maailmas. Kuna see süsteem on vananenud, siis ei saa see lahendada neid ülesandeid,\n\rmida tehnoloogia areng ja digiajastu on kaasa toonud. Info liigub küberruumis.\n\rLuuretsükkel kasutab erinevaid luureinfo vorme, tarvitades otsingus, kogumises, analüüsis\n\rja levitamises kaasaegseid tehnoloogilisi vahendeid. Luures on teada ebaõnnestumisi, mis\n\rtulenesid sellest, et ei suudetud jälgida luuretsüklit info muutumise kiiruse või\n\rolemasolevatest tehnoloogilistest süsteemidest puuduliku teadlikkuse tõttu.\n\rLuureprotsessi tuleb integreerida tehnoloogia ja küberruumiga, et 21. sajandil luurevõimet\n\rarendada. On vaja kasutada kõiki ressursse ja integreerida kõiki\n\rolemasolevaid tehnoloogilisi allikaid põhilistest protsessidest alates.\n\rTäielik protsess, mis ühendab luureinfo saamise protsessi küberruumi ja infotehnoloogia\n\rkasutamisega, on vajalik selleks, et olemasolevat informatsiooni kasutada ja kindlustada.\n\rSee uurimistöö pakub uut, luure läbiviimiseks mõeldut mikrotsüklite protsessi. See koosneb\n\rviiest mikrotsüklist ja selle eesmärk on luure protsesside ja tehnoloogiate integreerimine, et\n\rsaada paremaid tulemusi 21. sajandi luure arengutes.The intelligence cycle is the main process in developing and obtaining intelligence used worldwide. Currently, it has problems and is outdated because it was not created to face the challenges that technology and the digital age have brought about. Information moves and travels in cyberspace, which are current as well as the future land of conflicts. The intelligence cycle is using technology systems through different forms of intelligence taking advantage of current technological developments for the search, collection, analysis and dissemination, but is not being fully exploited. Cases have been observed, where intelligence failed because of not following the intelligence cycle due to the speed of information or lack of knowledge of technological systems at the service of intelligence. The intelligence process must be integrated and work hand in hand with technology and the cyberspace, developing intelligence for the 21st century. It is necessary to use all resources and integrate all existing technological sources starting from the core of the process. \n\rA complete process that integrates the process of obtaining intelligence with the use and exploitation of cyberspace and information technology is required for increasing, securing and exploiting all available information. In the development of this thesis, a new process of micro cycles for intelligence has been developed. It consists of five micro cycles and its purpose is to integrate intelligence processes and technology for better results in this new era of intelligence development in 21st century

Intrusion detection system in software-defined networks

Mestrado de dupla diplomação com a UTFPR - Universidade Tecnológica Federal do ParanáSoftware-Defined Networking technologies represent a recent cutting-edge paradigm in network management, offering unprecedented flexibility and scalability. As the adoption of SDN continues to grow, so does the urgency of studying methods to enhance its security. It is the critical importance of understanding and fortifying SDN security, given its pivotal role in the modern digital ecosystem. With the ever-evolving threat landscape, research into innovative security measures is essential to ensure the integrity, confidentiality, and availability of network resources in this dynamic and transformative technology, ultimately safeguarding the reliability and functionality of our interconnected world. This research presents a novel approach to enhancing security in Software-Defined Networking through the development of an initial Intrusion Detection System. The IDS offers a scalable solution, facilitating the transmission and storage of network traffic with robust support for failure recovery across multiple nodes. Additionally, an innovative analysis module incorporates artificial intelligence (AI) to predict the nature of network traffic, effectively distinguishing between malicious and benign data. The system integrates a diverse range of technologies and tools, enabling the processing and analysis of network traffic data from PCAP files, thus contributing to the reinforcement of SDN security.As tecnologias de Redes Definidas por Software representam um paradigma recente na gestão de redes, oferecendo flexibilidade e escalabilidade sem precedentes. À medida que a adoção de soluções SDN continuam a crescer, também aumenta a urgência de estudar métodos para melhorar a sua segurança. É de extrema importância compreender e fortalecer a segurança das SDN, dado o seu papel fundamental no ecossistema digital moderno. Com o cenário de ameaças em constante evolução, a investigação de medidas de segurança inovadoras é essencial para garantir a integridade, a confidencialidade e a disponibilidade dos recursos da rede nesta tecnologia dinâmica e transformadora. Esta investigação apresenta uma nova abordagem para melhorar a segurança nas redes definidas por software através do desenvolvimento de um sistema inicial de deteção de intrusões. O IDS oferece uma solução escalável, facilitando a transmissão e o armazenamento do tráfego de rede com suporte robusto para recuperação de falhas em vários nós. Além disso, um módulo de análise inovador incorpora inteligência artificial (IA) para prever a natureza do tráfego de rede, distinguindo efetivamente entre dados maliciosos e benignos. O sistema integra uma gama diversificada de tecnologias e ferramentas, permitindo o processamento e a análise de dados de tráfego de rede a partir de ficheiros PCAP, contribuindo assim para o reforço da segurança SDN

Diseñar un Laboratorio de Ciencias Forenses Digitales en el Cuerpo Técnico de Investigación de la Fiscalía General de la Nación, Seccional Medellín.

Es claro que la tecnología mejora nuestras vidas, los procesos y las industrias. Los diferentes avances dan un reflejo en el aumento de transacciones electrónicas como cajeros automáticos, banca virtual, comercio electrónico, transacciones en línea, etc. cada uno de estos procesos han permitido mejorar las actividades al interior de las organizaciones y fortalecer el personal. Pero así mismo, se han generado una serie de desafíos en aspectos de seguridad informática y de la información que conllevan riesgos que permiten el surgimiento del crimen cibernético, el cual da lugar a los delitos Informáticos. La falta de definición e implementación de políticas de seguridad informática, es una de las dificultades de algunas las compañías, y que se convierte en un estímulo para quienes se aprovechan de muchas falencias para ejecutar ataques cibernéticos de tipo robo de información, secreteo empresarial y posibles filtraciones de datos digitales relevantes. Esto deja a los usuarios y organizaciones expuestos a la pérdida y divulgación de datos e información reservada, así que es necesario desarrollar investigaciones que logren establecer los hechos, causas, consecuencias y agentes generadores de dichas eventualidades. Dado lo anterior, el proyecto tiene la finalidad de crear de un laboratorio de Ciencias Forenses Digitales en la ciudad de Medellín, que permita aplicar una metodología para la recolección y análisis de evidencia digital, utilizando procedimientos que se acojan a los estándares para la gestión de incidentes en la seguridad de la información y que permitan el desarrollo adecuado de una investigación, dicho proyecto se ejecutó a través de tres fases: la situación actual de los grupos de delitos informáticos en Colombia, las características de un laboratorio Forense y los resultados del diseño de un laboratorio de Ciencias Forenses Digitales, permitiendo la obtención del diseño del laboratorio que puede ser implementado para las diferentes funciones asociadas a la investigación de delitos.It is a reality that technology improves our lives, processes, and industries. Different advances give a reflex of the raising of electronic transactions like ATM´s, virtual bank, e-commerce, on-line transactions, etc. Each process has allowed to enhance activities within organizations and strengthen staff. Likewise, there have been generated a lot of challenges in information and informatic security that leads to risks allowing the appearance of cybernetic crimes, giving place to informatic crimes… The lack of definition and implementation of informatic security policies, is one of the difficulties in some companies that becomes a stimulus for those who take advantage of shortcomings to execute cybernetic attacks like information substraction, bussiness secrecy and some relevant digital data filtering. This leads users and organizations exposed to data and reserved information loss or divulgation, so it is neccesary to develop some investigations that could detect facts, causes, consequences and generating agents of those eventualities. Given the above, the project aims to create a Digital Forensic Sciences laboratory in the city of Medellín, which allows applying a methodology for the collection and analysis of digital evidence, using procedures that comply with the standards for the management of incidents in information security and that allow the proper development of an investigation, said project was executed through three phases: the current situation of the groups of computer crimes in Colombia, the characteristics of a Forensic laboratory and the results of the design of a Digital Forensic Sciences laboratory, allowing obtaining the laboratory design that can be implemented for the different functions associated with crime investigation

Tematski zbornik radova međunarodnog značaja. Tom 1 / Međunarodni naučni skup "Dani Arčibalda Rajsa", Beograd, 1-2. mart 2013

The Thematic Conference Proceedings contains 138 papers written by eminent scholars in the field of law, security, criminalistics, police studies, forensics, medicine, as well as members of national security system participating in education of the police, army and other security services from Russia, Ukraine, Belarus, China, Poland, Slovakia, Czech Republic, Hungary, Slovenia, Bosnia and Herzegovina, Montenegro, Republic of Srpska and Serbia. Each paper has been reviewed by two competent international reviewers, and the Thematic Conference Proceedings in whole has been reviewed by five international reviewers. The papers published in the Thematic Conference Proceedings contain the overview of con-temporary trends in the development of police educational system, development of the police and contemporary security, criminalistics and forensics, as well as with the analysis of the rule of law activities in crime suppression, situation and trends in the above-mentioned fields, and suggestions on how to systematically deal with these issues. The Thematic Conference Proceedings represents a significant contribution to the existing fund of scientific and expert knowledge in the field of criminalistic, security, penal and legal theory and practice. Publication of this Conference Proceedings contributes to improving of mutual cooperation between educational, scientific and expert institutions at national, regional and international level