Cyber-security internals of a Skoda Octavia vRS:a hands on approach

The convergence of information technology and vehicular technologies are a growing paradigm, allowing information to be sent by and to vehicles. This information can further be processed by the Electronic Control Unit (ECU) and the Controller Area Network (CAN) for in-vehicle communications or through a mobile phone or server for out-vehicle communication. Information sent by or to the vehicle can be life-critical (e.g. breaking, acceleration, cruise control, emergency communication, etc. . . ). As vehicular technology advances, in-vehicle networks are connected to external networks through 3 and 4G mobile networks, enabling manufacturer and customer monitoring of different aspects of the car. While these services provide valuable information, they also increase the attack surface of the vehicle, and can enable long and short range attacks. In this manuscript, we evaluate the security of the 2017 Skoda Octavia vRS 4x4. Both physical and remote attacks are considered, the key fob rolling code is successfully compromised, privacy attacks are demonstrated through the infotainment system, the Volkswagen Transport Protocol 2.0 is reverse engineered. Additionally, in-car attacks are highlighted and described, providing an overlook of potentially deadly threats by modifying ECU parameters and components enabling digital forensics investigation are identified

Evaluation of Two Commercially Available Cannabidiol Formulations for Use in Electronic Cigarettes

Since 24 states and the District of Columbia have legalized marijuana in some form, suppliers of legal marijuana have developed Cannabis sativa products for use in electronic cigarettes (e-cigarettes). Personal battery powered vaporizers, or e-cigarettes, were developed to deliver a nicotine vapor such that smokers could simulate smoking tobacco without the inherent pathology of inhaled tobacco smoke. The liquid formulations used in these devices are comprised of an active ingredient such as nicotine mixed with vegetable glycerin (VG) and/or propylene glycol (PG) and flavorings. A significant active ingredient of C. sativa, cannabidiol (CBD), has been purported to have anti-convulsant, anti-nociceptive, and anti-psychotic properties. These properties have potential medical therapies such as intervention of addictive behaviors, treatments for epilepsy, management of pain for cancer patients, and treatments for schizophrenia. However, CBD extracted from C. sativa remains a DEA Schedule I drug since it has not been approved by the FDA for medical purposes. Two commercially available e-cigarette liquid formulations reported to contain 3.3 mg/mL of CBD as the active ingredient were evaluated. These products are not regulated by the FDA in manufacturing or in labeling of the products and were found to contain 6.5 and 7.6 mg/mL of CBD in VG and PG with a variety of flavoring agents. Presently, while labeled as to content, the quality control of manufacturers and the relative safety of these products is uncertain

General Counsel of the FBI, James Baker, in Conversation with Professor Mary DeRosa on the FBI and International Justice

Mary DeRosa, Georgetown Law Professor, former Deputy Counsel to President Obama for National Security Affairs, former Legal Advisor to the National Security Council under President Obama, and former Deputy Legal Adviser to the National Security Council in the Clinton Administration, interviewed current General Counsel of the Federal Bureau of Investigation (FBI), James Baker. The two discussed the FBI’s role in international law enforcement and the domestic tension between technological advancement and law enforcement duties

A Forensically Sound Adversary Model for Mobile Devices

In this paper, we propose an adversary model to facilitate forensic investigations of mobile devices (e.g. Android, iOS and Windows smartphones) that can be readily adapted to the latest mobile device technologies. This is essential given the ongoing and rapidly changing nature of mobile device technologies. An integral principle and significant constraint upon forensic practitioners is that of forensic soundness. Our adversary model specifically considers and integrates the constraints of forensic soundness on the adversary, in our case, a forensic practitioner. One construction of the adversary model is an evidence collection and analysis methodology for Android devices. Using the methodology with six popular cloud apps, we were successful in extracting various information of forensic interest in both the external and internal storage of the mobile device

Are Mobile Device Examinations Practiced like \u27Forensics\u27?

Mobile device forensics is sometimes disparaged as not really being ‘forensics.’ This paper discusses the relationship between digital forensics and other forensic sciences, and the relationship of mobile device forensics to the broader field of digital forensics. It specifically addresses the question of whether mobile device forensics processes – and practices – rise to the level of suitable forensics quality

Paper characteristics and their influence on the ability of single metal deposition to detect fingermarks

This study aims at exploring the way paper samples may impact the performance of Single-Metal Deposition (SMD II), a fingermark detection technique known for its versatility of application as well as its sensitivity regarding porous substrates. To get a broader view on how porous substrates may impact the SMD II performances, 74 North American and European papers types were collected, characterized (UV-visible and infrared spectroscopy, roughness, porosity, and surface pH), and processed as substrates bearing fingermarks. This part of the study represented a first valuable outcome by the number of samples considered. After processing with SMD II, the samples were characterized again with the techniques mentioned above, background staining and fingermark quality were assessed and associated with a quality score. Overall, no positive nor negative trend was observed between the paper characteristics and the SMD II performance. As a consequence, it is currently still not possible to predict if a paper sample will behave well or bad with SMD II. Of all the monitored parameters, the chemical composition of the surface coating (i.e., silica or calcium carbonate) may be worth exploring further, as it has been observed that some coatings undergo partial degradation during the SMD II process. As a result, secretion residue may be damaged by the chemical solubilization of the support layer if they failed to penetrate deeper into the substrate

Forensic investigation of small-scale digital devices: a futuristic view

Small-scale digital devices like smartphones, smart toys, drones, gaming consoles, tablets, and other personal data assistants have now become ingrained constituents in our daily lives. These devices store massive amounts of data related to individual traits of users, their routine operations, medical histories, and financial information. At the same time, with continuously evolving technology, the diversity in operating systems, client storage localities, remote/cloud storages and backups, and encryption practices renders the forensic analysis task multi-faceted. This makes forensic investigators having to deal with an array of novel challenges. This study reviews the forensic frameworks and procedures used in investigating small-scale digital devices. While highlighting the challenges faced by digital forensics, we explore how cutting-edge technologies like Blockchain, Artificial Intelligence, Machine Learning, and Data Science may play a role in remedying concerns. The review aims to accumulate state-of-the-art and identify a futuristic approach for investigating SSDDs

Understanding Issues in Cloud Forensics: Two Hypothetical Case Studies

The inevitable vulnerabilities and criminal targeting of cloud environments demand an understanding of how digital forensic investigations of the cloud can be accomplished. We present two hypothetical case studies of cloud crimes; child pornography being hosted in the cloud, and a compromised cloudbased website. Our cases highlight shortcomings of current forensic practices and laws. We describe significant challenges with cloud forensics, including forensic acquisition, evidence preservation and chain of custody, and open problems for continued research. Keywords: Cloud computing, cloud forensics, digital forensics, case studie