Forensic imaging and analysis of Apple iOS devices

In this thesis we present our research on digital forensics on the iOS platform, structured along three areas: forensic imaging; forensic analysis; and anti-forensic techniques. In the field of forensic imaging, we demonstrate that the iPad can control external storage devices attached via USB, using Apple's Camera Connection Kit adapters. This results in a 30x speed boost compared to the traditional Wi-Fi transfer. In terms of forensic analysis, we found that printing documents wirelessly via AirPrint leaves a trace in the device that, when recovered, reveals the full contents of the documents that have been printed. Finally, in terms of anti-forensics, we created a proof-of-concept tool that disables a number of system services used by forensic tools to retrieve data. The tool also applies other hardening measures aimed at preventing the abuse of the services that remain activated.Esta tesis presenta nuestra investigación sobre informática forense en la plataforma iOS, estructurada en tres áreas: adquisición forense; análisis forense; y técnicas anti-forenses. En el campo de adquisición forense, demostramos que el iPad puede controlar dispositivos externos de almacenamiento conectados vía USB, usando los adaptadores del Apple Camera Connection Kit. Esto supone una velocidad de transferencia 30 veces superior a la transferencia vía Wi-Fi. En cuanto al análisis forense, observamos que la impresión inalámbrica de documentos vía AirPrint deja un rastro en el dispositivo que, al ser recuperado, revela el contenido completo de los documentos que hayan sido impresos. Por último, en el ámbito de técnicas anti-forenses implementamos una herramienta como prueba de concepto que deshabilita determinados servicios del sistema usados por las herramientas forenses para extraer datos del dispositivo. La herramienta también aplica otras medidas de seguridad para prevenir la explotación de los servicios que continúen activados.Aquesta tesi presenta la nostra investigació sobre informàtica forense a la plataforma iOS, estructurada en tres àrees: adquisició forense; anàlisi forense; i tècniques antiforenses. En el camp d'adquisició forense, demostrem que l'iPad pot controlar dispositius externs d'emmagatzematge connectats via USB, usant els adaptadors de l'Apple Camera Connection Kit. Això suposa una velocitat de transferència 30 vegades superior a la transferència via Wi-Fi. Pel que fa a l'anàlisi forense, observem que la impressió sense fil de documents a partir d'AirPrint deixa un rastre al dispositiu que, en ser recuperat, revela el contingut complet dels documents que hagin estat impresos. Finalment, en l'àmbit de tècniques antiforenses implementem una eina com a prova de concepte que deshabilita determinats serveis del sistema usats per les eines forenses per a extreure dades del dispositiu. L'eina també aplica altres mesures de seguretat per a prevenir l'explotació dels serveis que continuïn activats.Tecnologías de la información y de rede

Cybersecurity: Past, Present and Future

The digital transformation has created a new digital space known as cyberspace. This new cyberspace has improved the workings of businesses, organizations, governments, society as a whole, and day to day life of an individual. With these improvements come new challenges, and one of the main challenges is security. The security of the new cyberspace is called cybersecurity. Cyberspace has created new technologies and environments such as cloud computing, smart devices, IoTs, and several others. To keep pace with these advancements in cyber technologies there is a need to expand research and develop new cybersecurity methods and tools to secure these domains and environments. This book is an effort to introduce the reader to the field of cybersecurity, highlight current issues and challenges, and provide future directions to mitigate or resolve them. The main specializations of cybersecurity covered in this book are software security, hardware security, the evolution of malware, biometrics, cyber intelligence, and cyber forensics. We must learn from the past, evolve our present and improve the future. Based on this objective, the book covers the past, present, and future of these main specializations of cybersecurity. The book also examines the upcoming areas of research in cyber intelligence, such as hybrid augmented and explainable artificial intelligence (AI). Human and AI collaboration can significantly increase the performance of a cybersecurity system. Interpreting and explaining machine learning models, i.e., explainable AI is an emerging field of study and has a lot of potentials to improve the role of AI in cybersecurity.Comment: Author's copy of the book published under ISBN: 978-620-4-74421-

Digital Watermarking for Verification of Perception-based Integrity of Audio Data

In certain application fields digital audio recordings contain sensitive content. Examples are historical archival material in public archives that preserve our cultural heritage, or digital evidence in the context of law enforcement and civil proceedings. Because of the powerful capabilities of modern editing tools for multimedia such material is vulnerable to doctoring of the content and forgery of its origin with malicious intent. Also inadvertent data modification and mistaken origin can be caused by human error. Hence, the credibility and provenience in terms of an unadulterated and genuine state of such audio content and the confidence about its origin are critical factors. To address this issue, this PhD thesis proposes a mechanism for verifying the integrity and authenticity of digital sound recordings. It is designed and implemented to be insensitive to common post-processing operations of the audio data that influence the subjective acoustic perception only marginally (if at all). Examples of such operations include lossy compression that maintains a high sound quality of the audio media, or lossless format conversions. It is the objective to avoid de facto false alarms that would be expectedly observable in standard crypto-based authentication protocols in the presence of these legitimate post-processing. For achieving this, a feasible combination of the techniques of digital watermarking and audio-specific hashing is investigated. At first, a suitable secret-key dependent audio hashing algorithm is developed. It incorporates and enhances so-called audio fingerprinting technology from the state of the art in contentbased audio identification. The presented algorithm (denoted as ”rMAC” message authentication code) allows ”perception-based” verification of integrity. This means classifying integrity breaches as such not before they become audible. As another objective, this rMAC is embedded and stored silently inside the audio media by means of audio watermarking technology. This approach allows maintaining the authentication code across the above-mentioned admissible post-processing operations and making it available for integrity verification at a later date. For this, an existent secret-key ependent audio watermarking algorithm is used and enhanced in this thesis work. To some extent, the dependency of the rMAC and of the watermarking processing from a secret key also allows authenticating the origin of a protected audio. To elaborate on this security aspect, this work also estimates the brute-force efforts of an adversary attacking this combined rMAC-watermarking approach. The experimental results show that the proposed method provides a good distinction and classification performance of authentic versus doctored audio content. It also allows the temporal localization of audible data modification within a protected audio file. The experimental evaluation finally provides recommendations about technical configuration settings of the combined watermarking-hashing approach. Beyond the main topic of perception-based data integrity and data authenticity for audio, this PhD work provides new general findings in the fields of audio fingerprinting and digital watermarking. The main contributions of this PhD were published and presented mainly at conferences about multimedia security. These publications were cited by a number of other authors and hence had some impact on their works

An examination of the Asus WL-HDD 2.5 as a nepenthes malware collector

The Linksys WRT54g has been used as a host for network forensics tools for instance Snort for a long period of time. Whilst large corporations are already utilising network forensic tools, this paper demonstrates that it is quite feasible for a non-security specialist to track and capture malicious network traffic. This paper introduces the Asus Wireless Hard disk as a replacement for the popular Linksys WRT54g. Firstly, the Linksys router will be introduced detailing some of the research that was undertaken on the device over the years amongst the security community. It then briefly discusses malicious software and the impact this may have for a home user. The paper then outlines the trivial steps in setting up Nepenthes 0.1.7 (a malware collector) for the Asus WL-HDD 2.5 according to the Nepenthes and tests the feasibility of running the malware collector on the selected device. The paper then concludes on discussing the limitations of the device when attempting to execute Nepenthes

Applications of micro-CT in the Criminal Justice System of England and Wales: an impact assessment

The Criminal Justice System of England and Wales is currently facing major challenges. One is the financial pressure of government funding cuts, the other the increasing need for professionalisation and rigour within the system. This thesis presents the use of micro Computed Tomography, Additive Manufacturing, and 3D visualisation to address both challenges. By drawing on data from live murder investigations the project examines how these digital technologies can be used to improve the investigation of strangulation deaths, sharp force injuries, and fractures. Each of these categories was treated as a separate case in the overall multiple-case study research design. The increased detail enabled by micro-CT assisted pathologists in the diagnosis of strangulation as previously undetected injuries of the larynx could be identified. A validation study comparing injured to uninjured samples was conducted to increase the strength of the interpretations. For sharp force injuries analysis, micro-CT proved useful for providing the necessary injury characteristics and highly accurate measurements to allow weapon identification. The high resolution of micro-CT scanning also enabled the visualisation of trauma on the smallest of skeletal elements, often encountered in non-accidental injuries in children. The cross-case synthesis revealed the main themes of clarity, objectivity, and visualisation which were improved by using micro-CT irrespective of type of homicide. The significance of these themes further crystallised in semi-structured interviews conducted with various stakeholders of the Criminal Justice System. Management concepts proved suitable to assess the project’s success as the themes used in operations management such as quality, delivery, and cost apply to the delivery of justice as well. A good working relationship with West Midlands Police’s homicide investigators and researchers at WMG was crucial to providing the technology and expertise to address real-life problems whilst ultimately saving taxpayers’ money

Electronic Evidence and Electronic Signatures

In this updated edition of the well-established practitioner text, Stephen Mason and Daniel Seng have brought together a team of experts in the field to provide an exhaustive treatment of electronic evidence and electronic signatures. This fifth edition continues to follow the tradition in English evidence text books by basing the text on the law of England and Wales, with appropriate citations of relevant case law and legislation from other jurisdictions. Stephen Mason (of the Middle Temple, Barrister) is a leading authority on electronic evidence and electronic signatures, having advised global corporations and governments on these topics. He is also the editor of International Electronic Evidence (British Institute of International and Comparative Law 2008), and he founded the innovative international open access journal Digital Evidence and Electronic Signatures Law Review in 2004. Daniel Seng (Associate Professor, National University of Singapore) is the Director of the Centre for Technology, Robotics, AI and the Law (TRAIL). He teaches and researches information technology law and evidence law. Daniel was previously a partner and head of the technology practice at Messrs Rajah & Tann. He is also an active consultant to the World Intellectual Property Organization, where he has researched, delivered papers and published monographs on copyright exceptions for academic institutions, music copyright in the Asia Pacific and the liability of Internet intermediaries

Typing the Dancing Signifier: Jim Andrews' (Vis)Poetics

This study focuses on the work of Jim Andrews, whose electronic poems take advantage of a variety of media, authoring programs, programming languages, and file formats to create poetic experiences worthy of study. Much can be learned about electronic textuality and poetry by following the trajectory of a poet and programmer whose fascination with language in programmable media leads him to distinctive poetic explorations and collaborations. This study offers a detailed exploration of Andrews' poetry, motivations, inspirations, and poetics, while telling a piece of the story of the rise of electronic poetry from the mid 1980s until the present. Electronic poetry can be defined as first generation electronic objects that can only be read with a computer--they cannot be printed out nor read aloud without negating that which makes them "native" to the digital environment in which they were created, exist, and are experienced in. If translated to different media, they would lose the extra-textual elements that I describe in this study as behavior. These "behaviors" electronic texts exhibit are programmed instructions that cause the text to be still, move, react to user input, change, act on a schedule, or include a sound component. The conversation between the growing capabilities of computers and networks and Andrews' poetry is the most extensive part of the study, examining three areas in which he develops his poetry: visual poetry (from static to kinetic), sound poetry (from static to responsive), and code poetry (from objects to applications). In addition to being a literary biography, the close readings of Andrews' poems are media-specific analyses that demonstrate how the software and programming languages used shape the creative and production performances in significant ways. This study makes available new materials for those interested in the textual materiality of Andrews' videogame poem, Arteroids, by publishing the Arteroids Development Folder--a collection of source files, drafts, and old versions of the poem. This collection is of great value to those who wish to inform readings of the work, study the source code and its programming architecture, and even produce a critical edition of the work

Spatially Immersive Networked Composites: A Media Archaeology of the Photogrammetric Image through Glitch Practice

This practice-based research engages new artistic production in an examination of the aesthetics of 3D imaging technologies. In particular, the research concerns the photogrammetric image and its aesthetics as encountered in art practice. Critical discourse on photogrammetry in art practice is underexplored. Where such discourse does exist, for instance in and around the work of the research and activist group Forensic Architecture, it has tended to focus on questions of functionality. This PhD proposes a new starting point for an understanding of photogrammetric representation in its own terms. The study finds the partiality of recent critical research writing on photogrammetry to be too heavily conditioned by discourses of photography. Such discussion fails to appreciate the computational mediation at the heart of photogrammetry. The photogrammetric image is one of a range of images recently emerging which are subject to heavily automated computational processes. This study sets out a 8 conceptual framework for understanding these images; photogrammetric images being one of an emergent range of ‘Spatially-immersive Networked Composites’ or ‘SiNCs’. The research outlines a way of foregrounding qualities of layering and assemblage through computation as pivotal to understanding the image. These images are created through algorithmic analysis resulting in the formation of a computational, navigable environment. The project engages sculptural practice, video, Augmented Reality, and media installations. It provokes a plurality of encounters to be enlisted into the research, thus demonstrating the necessity of art making in this research. New forms of Media Archaeological methods are employed, focusing on glitch practices that explore this evolving technology. Under certain conditions, peculiar errors and aberrations occur. These attributes reveal a glimpse of the image’s materiality by showing estimations and extrapolations of algorithms. Methods devised include generating the conditions for such errors to better understand the aesthetics of Spatially-immersive Networked Composites (SiNCs), both on screen and removed from navigable, screen-based space. The urgency of the research is evident in a digital media environment in which, through automation and algorithmic agency, image production and dissemination are changing rapidly. This research sets the conditions for discussion for emergent forms of imagery, encouraging wider and more critical engagement with the photogrammetric image and its associated, evolving technologie

The Law of Forensics: a proof beyond the shadow of doubt

This book gives an understanding of the application of forensic sciences to the law. It covers the crime scene investigation process, and provides an overview of the various kinds of forensic evidence that may be collected and presented in court. Points out the identification, documentation and collection of physical evidence, including fingerprints, shoe impressions, hair fibers, firearms evidence and questioned documents, It considers biological evidence, including DNA, and tries to analyse the scientific unimpeachablity of DNA, blood spatter and other fluids, forensic anthropology and odontology. Finally, the book engages fire investigation and forensic accounting. It is designed to provide a foundation in the field of criminology who are interested in the use of science and law to solve crime, and considers the impact of television and other media on the field of Forensic Science and the courtroom