132,954 research outputs found
BitTorrent Sync: First Impressions and Digital Forensic Implications
With professional and home Internet users becoming increasingly concerned
with data protection and privacy, the privacy afforded by popular cloud file
synchronisation services, such as Dropbox, OneDrive and Google Drive, is coming
under scrutiny in the press. A number of these services have recently been
reported as sharing information with governmental security agencies without
warrants. BitTorrent Sync is seen as an alternative by many and has gathered
over two million users by December 2013 (doubling since the previous month).
The service is completely decentralised, offers much of the same
synchronisation functionality of cloud powered services and utilises encryption
for data transmission (and optionally for remote storage). The importance of
understanding BitTorrent Sync and its resulting digital investigative
implications for law enforcement and forensic investigators will be paramount
to future investigations. This paper outlines the client application, its
detected network traffic and identifies artefacts that may be of value as
evidence for future digital investigations.Comment: Proc. of Digtial Forensics Research Workshop (DFRWS EU 2014
Rethinking Digital Forensics
© IAER 2019In the modern socially-driven, knowledge-based virtual computing environment in which organisations are operating, the current digital forensics tools and practices can no longer meet the need for scientific rigour. There has been an exponential increase in the complexity of the networks with the rise of the Internet of Things, cloud technologies and fog computing altering business operations and models. Adding to the problem are the increased capacity of storage devices and the increased diversity of devices that are attached to networks, operating autonomously. We argue that the laws and standards that have been written, the processes, procedures and tools that are in common use are increasingly not capable of ensuring the requirement for scientific integrity. This paper looks at a number of issues with current practice and discusses measures that can be taken to improve the potential of achieving scientific rigour for digital forensics in the current and developing landscapePeer reviewe
Beginner's Guide for Cybercrime Investigators
In the real world there are people who enter the homes and steal everything they find valuable. In the virtual world there are individuals who penetrate computer systems and "steal" all your valuable data. Just as in the real world, there are uninvited guests and people feel happy when they steal or destroy someone else's property, the computer world could not be deprived of this unfortunate phenomenon. It is truly detestable the perfidy of these attacks. For if it can be observed immediately the apparent lack of box jewelry, penetration of an accounting server can be detected after a few months when all clients have given up the company services because of the stolen data came to competition and have helped it to make best deals.
Cybercrime is a phenomenon of our time, often reflected in the media. Forensic investigation of computer systems has a number of features that differentiate it fundamentally from other types of investigations. The computer itself is the main source of information for the investigator.
CONTENTS:
Computing systems and storage media
- Computing devices
- - Peripheral devices
- - External drives for media storage
- Typology of data stored on specific supports – File systems
- - Program that allows working with ” inactive” space
- Information that can be obtained from the computing system environment
Computer networks
- Copper wire in computer networks
- Optical fibers
- Wireless LAN
- Internet and Intranet
Software and services
- Client/server architecture
- Protocols and Standards
- Internet Services
- - e-Mail
- - - Spam
- - HTTP
- - Web address - URL
- - Web browsers
- - - Browser cookies
- - Working with web pages
- - - Choosing your favorite web pages
- - - Keeping track of visited web pages
- - - Saving web pages
- - Proxy servers
- - Privacy on the Internet
- FTP
- Instant Messaging
- Peer-to-peer networks
Vulnerabilities
- The first attacks on the Internet
- Cybercrime
- - Typologies of cyber attackers
- - - Classification of cyber attackers according to their skills and objectives
- Classification of risks and incidents in cyberworld
- - Classification as a list of terms
- - List of categories
- - Categories of results
- - Empirical lists
- Events, attacks and incidents
- Online security events, actions, and targets
- - Actions
- - Targets
- Attacks
- - Tools
- - Vulnerabilities
- - Unauthorized results
Cybercrime laws
- The concept of "cybercrime"
Investigations
- Computer forensic investigations
- Digital evidence
- Digital sampling during investigations
- The suspect
- Witnesses in cybercrime
- Transporting of samples in laboratory
- Analysis of samples
- Preparing team members
- Computer tools
Convention on Cybercrime
- Preamble
- Chapter I – Use of terms
- Chapter II – Measures to be taken at the national level
- - Section 1 – Substantive criminal law
- - - Title 1 – Offences against the confidentiality, integrity and availability of computer data and systems
- - - Title 2 – Computer-related offences
- - - Title 3 – Content-related offences
- - - Title 4 – Offences related to infringements of copyright and related rights
- - - Title 5 – Ancillary liability and sanctions
- - Section 2 – Procedural law
- - - Title 1 – Common provisions
- - - Title 2 – Expedited preservation of stored computer data
- - - Title 3 – Production order
- - - Title 4 – Search and seizure of stored computer data
- - - Title 5 – Real-time collection of computer data
- - Section 3 – Jurisdiction
- Chapter III – International co-operation
- - Section 1 – General principles
- - - Title 1 – General principles relating to international co-operation
- - - Title 2 – Principles relating to extradition
- - - Title 3 – General principles relating to mutual assistance
- - - Title 4 – Procedures pertaining to mutual assistance requests in the absence of applicable international agreements
- - Section 2 – Specific provisions
- - - Title 1 – Mutual assistance regarding provisional measures
- - - Title 2 – Mutual assistance regarding investigative powers
- - - Title 3 – 24/7 Network
- Chapter IV – Final provisions
Recommendation No. R (95) 13
- Appendix to Recommendation No. R (95) 13
- - I. Search and seizure
- - II. Technical surveillance
- - III. Obligations to co-operate with the investigating authorities
- - IV. Electronic evidence
- - V. Use of encryption
- - VI. Research, statistics and training
- - VII. International co-operation
Rules for obtaining digital evidence by police officers
Standards in the field of digital forensics
Principles in digital evidence
Procedures model for the forensic examination
- Hard disk examination
Code of Ethics
Sources and references
About
- Nicolae Sfetcu
- - By the same author
- - Contact
Publishing House
- MultiMedia Publishin
Measuring Accuracy of Automated Parsing and Categorization Tools and Processes in Digital Investigations
This work presents a method for the measurement of the accuracy of evidential
artifact extraction and categorization tasks in digital forensic
investigations. Instead of focusing on the measurement of accuracy and errors
in the functions of digital forensic tools, this work proposes the application
of information retrieval measurement techniques that allow the incorporation of
errors introduced by tools and analysis processes. This method uses a `gold
standard' that is the collection of evidential objects determined by a digital
investigator from suspect data with an unknown ground truth. This work proposes
that the accuracy of tools and investigation processes can be evaluated
compared to the derived gold standard using common precision and recall values.
Two example case studies are presented showing the measurement of the accuracy
of automated analysis tools as compared to an in-depth analysis by an expert.
It is shown that such measurement can allow investigators to determine changes
in accuracy of their processes over time, and determine if such a change is
caused by their tools or knowledge.Comment: 17 pages, 2 appendices, 1 figure, 5th International Conference on
Digital Forensics and Cyber Crime; Digital Forensics and Cyber Crime, pp.
147-169, 201
BitTorrent Sync: Network Investigation Methodology
The volume of personal information and data most Internet users find
themselves amassing is ever increasing and the fast pace of the modern world
results in most requiring instant access to their files. Millions of these
users turn to cloud based file synchronisation services, such as Dropbox,
Microsoft Skydrive, Apple iCloud and Google Drive, to enable "always-on" access
to their most up-to-date data from any computer or mobile device with an
Internet connection. The prevalence of recent articles covering various
invasion of privacy issues and data protection breaches in the media has caused
many to review their online security practices with their personal information.
To provide an alternative to cloud based file backup and synchronisation,
BitTorrent Inc. released an alternative cloudless file backup and
synchronisation service, named BitTorrent Sync to alpha testers in April 2013.
BitTorrent Sync's popularity rose dramatically throughout 2013, reaching over
two million active users by the end of the year. This paper outlines a number
of scenarios where the network investigation of the service may prove
invaluable as part of a digital forensic investigation. An investigation
methodology is proposed outlining the required steps involved in retrieving
digital evidence from the network and the results from a proof of concept
investigation are presented.Comment: 9th International Conference on Availability, Reliability and
Security (ARES 2014
Academic Performance and Behavioral Patterns
Identifying the factors that influence academic performance is an essential
part of educational research. Previous studies have documented the importance
of personality traits, class attendance, and social network structure. Because
most of these analyses were based on a single behavioral aspect and/or small
sample sizes, there is currently no quantification of the interplay of these
factors. Here, we study the academic performance among a cohort of 538
undergraduate students forming a single, densely connected social network. Our
work is based on data collected using smartphones, which the students used as
their primary phones for two years. The availability of multi-channel data from
a single population allows us to directly compare the explanatory power of
individual and social characteristics. We find that the most informative
indicators of performance are based on social ties and that network indicators
result in better model performance than individual characteristics (including
both personality and class attendance). We confirm earlier findings that class
attendance is the most important predictor among individual characteristics.
Finally, our results suggest the presence of strong homophily and/or peer
effects among university students
On the Road to Accurate Biomarkers for Cardiometabolic Diseases by Integrating Precision and Gender Medicine Approaches
The need to facilitate the complex management of cardiometabolic diseases (CMD) has led to the detection of many biomarkers, however, there are no clear explanations of their role in the prevention, diagnosis or prognosis of these diseases. Molecules associated with disease pathways represent valid disease surrogates and well-fitted CMD biomarkers. To address this challenge, data from multi-omics types (genomics, epigenomics, transcriptomics, proteomics, metabolomics, microbiomics, and nutrigenomics), from human and animal models, have become available. However, individual omics types only provide data on a small part of molecules involved in the complex CMD mechanisms, whereas, here, we propose that their integration leads to multidimensional data. Such data provide a better understanding of molecules related to CMD mechanisms and, consequently, increase the possibility of identifying well-fitted biomarkers. In addition, the application of gender medicine also helps to identify accurate biomarkers according to gender, facilitating a differential CMD management. Accordingly, the impact of gender differences in CMD pathophysiology has been widely demonstrated, where gender is referred to the complex interrelation and integration of sex (as a biological and functional marker of the human body) and psychological and cultural behavior (due to ethnical, social, and religious background). In this review, all these aspects are described and discussed, as well as potential limitations and future directions in this incipient field
B-CoC: A Blockchain-Based Chain of Custody for Evidences Management in Digital Forensics
One of the main issues in digital forensics is the management of evidences. From the time of evidence collection until the time of their exploitation in a legal court, evidences may be accessed by multiple parties involved in the investigation that take temporary their ownership. This process, called Chain of Custody (CoC), must ensure that evidences are not altered during the investigation, despite multiple entities owned them, in order to be admissible in a legal court. Currently digital evidences CoC is managed entirely manually with entities involved in the chain required to fill in documents accompanying the evidence. In this paper, we propose a Blockchain-based Chain of Custody (B-CoC) to dematerialize the CoC process guaranteeing auditable integrity of the collected evidences and traceability of owners. We developed a prototype of B-CoC based on Ethereum and we evaluated its performance
- …