17 research outputs found
Cybercrime Related Topics : Review Study
A cybercrime is a crime that involves a computer or a computer network. The computer may have been used in committing the crime, or it may be the target. Cybercrime may harm someone's security or finances. There are many privacy concerns surrounding cybercrime when confidential information is intercepted or disclosed, lawfully or otherwise. Internationally, both governmental and non-state actors engage in cybercrimes, including espionage, financial theft, and other cross-border crimes. Cybercrimes crossing international borders and involving the actions of at least one nation-state are sometimes referred to as cyberwarfare. Warren Buffett describes cybercrime as the "number one problem with mankind" and said that cybercrime "poses real risks to humanity.
An Investigation into the Efficacy of Three Erasure Tools under Windows 7
This paper examined three erasure software tools aimed at removing evidence of online and other activity, and was investigated using the Windows 7 operating system as the test platform. The tools in question were Anti- Tracks, Free Internet Eraser and Free Internet Window Washer. The findings included each of the tested software’s ability to completely erase target data on the drive. It also included examined whether the data was erased or merely the link to the data was deleted, making the file recoverable. It was found that the Anti-Tracks program did not erase any of the information targeted by the researchers. The Free Internet Window Washer software was able to erase Internet Explorer browser history, and recent document activity for the operating system, but not any other activity or information was erased. The last tool, Free Internet Eraser was able to erase all information apart from MSN Messenger chat history, and the temporary internet files. The conclusion is that end users should be careful in selecting or using such erasure tools as they may behave differently under different operating systems, and may not always remove beyond recovery all information
Anti-Forensic Trace Detection in Digital Forensic Triage Investigations
Anti-forensics, whether intentionally to disrupt investigations or simply an effort to make a computer system run better, is becoming of increasing concern to digital investigators. This work attempts to assess the problem of anti-forensics techniques commonly deployed in South Korea. Based on identified challenges, a method of signature-based anti-forensic trace detection is proposed for triage purposes that will assist investigators in quickly making decisions about the suspect digital devices before conducting a full investigation. Finally, a prototype anti-forensic trace detection system is given to demonstrate the practicality of the proposed method
Forensic examination and analysis of the Prefetch files on the banking Trojan malware incidents
Whenever a program runs within the operating system, there will be data or artefacts created on the system. This condition applies to the malicious software (malware). Although they intend to obscure their presence on the system with anti-forensic techniques, still they have to run on the victim’s system to acquire their objective. Modern malware creates a significant challenge to the digital forensic community since they are being designed to leave limited traces and misdirect the examiner. Therefore, every examiner should consider performing all the forensics approaches such as memory forensic, live-response and Windows file analysis in the related malware incidents to acquire all the potential evidence on a victim’s system. There is a challenge when an examiner only has an option to perform post-mortem forensic approach. It leads to a question: what is a forensic examination and analysis that available to obtain evidence in such incidents? The paper shows how the Prefetching process works on a system, common characteristics and the differences in the Prefetching process related to the various versions of Windows. Thus, the paper shows how the Prefetch files contain the evidentiary value which could answer what, how, where and when the banking Trojan malware infects the system. Finally, the paper shows that forensic examination and analysis of the Prefetch files can find the data remnants of banking Trojan malware incidents
Next Generation Aircraft Architecture and Digital Forensic
The focus of this research is to establish a baseline understanding of the Supervisory Control and Data Acquisition (SCADA) systems that enable air travel. This includes the digital forensics needed to identify vulnerabilities, mitigate those vulnerabilities, and develop processes to mitigate the introduction of vulnerabilities into those systems. The pre-Next Generation Air Transportation System (NextGen) notional aircraft architecture uses air gap interconnection, non-IP-based communications, and non-integrated modular avionics. The degree of digital forensics accessibility is determined by the comparison of pre-NextGen Notional Aircraft Architecture and NextGen Notional Aircraft Architecture. Digital forensics accessibility is defined by addressing Eden\u27s five challenges facing SCADA forensic investigators. The propositional and predicate logic analysis indicates that the NextGen Notional Aircraft Architecture is not digital forensic accessible
Anti-forensics: Furthering Digital Forensic Science Through a New Extended, Granular Taxonomy
Anti-forensic tools, techniques and methods are becoming a formidable obstacle for the digital forensic community. Thus, new research initiatives and strategies must be formulated to address this growing problem. In this work we first collect and categorize 308 antidigital forensic tools to survey the field. We then devise an extended anti-forensic taxonomy to the one proposed by Rogers (2006) in order to create a more comprehensive taxonomy and facilitate linguistic standardization. Our work also takes into consideration anti-forensic activity which utilizes tools that were not originally designed for antiforensic purposes, but can still be used with malicious intent. This category was labeled as Possible indications of anti-forensic activity, as certain software, scenarios, and digital artifacts could indicate anti-forensic activity on a system. We also publicly share our data sets, which includes categorical data on 308 collected anti-forensic tools, as well as 2780 unique hash values related to the installation files of 191 publicly available anti-forensic tools. As part of our analysis, the collected hash set was ran against the National Institute of Standards and Technology\u27s 2016 National Software Reference Library, and only 423 matches were found out of the 2780 hashes. Our findings indicate a need for future endeavors in creating and maintaining exhaustive anti-forensic hash data sets
Computer Anti-forensics Methods and their Impact on Computer Forensic Investigation
Electronic crime is very difficult to investigate and prosecute, mainly
due to the fact that investigators have to build their cases based on artefacts left
on computer systems. Nowadays, computer criminals are aware of computer forensics
methods and techniques and try to use countermeasure techniques to efficiently
impede the investigation processes. In many cases investigation with
such countermeasure techniques in place appears to be too expensive, or too
time consuming to carry out. Often a case can end up being abandoned and investigators
are left with a sense of personal defeat. The methodologies used
against the computer forensics processes are collectively called Anti-Forensics.
This paper explores the anti forensics problem in various stages of computer forensic
investigation from both a theoretical and practical point of view
Taxonomy for Anti-Forensics Techniques & Countermeasures
Computer Forensic Tools are used by forensics investigators to analyze evidence from the seized devices collected at a crime scene or from a person, in such ways that the results or findings can be used in a court of law. These computer forensic tools are very important and useful as they help the law enforcement personnel to solve crimes. Computer criminals are now aware of the forensics tools used; therefore, they use countermeasure techniques to efficiently obstruct the investigation processes. By doing so, they make it difficult or almost impossible for investigators to uncover the evidence. These techniques, used against the computer forensics processes, are called Anti-forensics. This paper describes some of the many anti-forensics’ method, techniques and tools using a taxonomy. The taxonomy classified anti-forensics into different levels and different categories: WHERE, WHICH, WHAT, and HOW. The WHERE level indicates where anti-forensics can occur during an investigation. The WHICH level indicates which anti-forensics techniques exist. The WHAT level defines the exact method used for each technique. Finally, the HOW level indicates the tools used. Additionally, some countermeasures were proposed
Recommended from our members
Fool me once: A systematic review of techniques to authenticate digital artefacts
When conducting digital forensic investigations, practitioners are concerned with understanding whether the digital artefacts they encounter are authentic and have not been the subject of tampering activity. This is one factor of investigations which could potentially impact of the reliability of any subsequent findings. Some research into this problem has already been undertaken, however there is currently very little understanding of how effective current technique are. In this paper, a Systematic Review (SR) of existing literature will be undertaken to identify the techniques that currently exist to authenticate digital artefacts. Furthermore, consideration will be given to understanding whether existing techniques are effective in solving the problem of digital artefact authentication and whether they are accessible by the practitioner community. The results of the SR will show that while research effort has been devoted to this problem, there are relatively few techniques which can be generally applied. Additionally, very little effort has been devoted to understanding the effectiveness of these techniques. Furthermore, the lack of standardised datasets for evaluation makes comparison between techniques impossible and none of the identified papers provided publicly available implementations. The shortcomings identified in this SR show that further research effort in this area could benefit the community in its aim to produce more reliable findings in forensic investigations