Navigating the IoT landscape: Unraveling forensics, security issues, applications, research challenges, and future

Given the exponential expansion of the internet, the possibilities of security attacks and cybercrimes have increased accordingly. However, poorly implemented security mechanisms in the Internet of Things (IoT) devices make them susceptible to cyberattacks, which can directly affect users. IoT forensics is thus needed for investigating and mitigating such attacks. While many works have examined IoT applications and challenges, only a few have focused on both the forensic and security issues in IoT. Therefore, this paper reviews forensic and security issues associated with IoT in different fields. Future prospects and challenges in IoT research and development are also highlighted. As demonstrated in the literature, most IoT devices are vulnerable to attacks due to a lack of standardized security measures. Unauthorized users could get access, compromise data, and even benefit from control of critical infrastructure. To fulfil the security-conscious needs of consumers, IoT can be used to develop a smart home system by designing a FLIP-based system that is highly scalable and adaptable. Utilizing a blockchain-based authentication mechanism with a multi-chain structure can provide additional security protection between different trust domains. Deep learning can be utilized to develop a network forensics framework with a high-performing system for detecting and tracking cyberattack incidents. Moreover, researchers should consider limiting the amount of data created and delivered when using big data to develop IoT-based smart systems. The findings of this review will stimulate academics to seek potential solutions for the identified issues, thereby advancing the IoT field.Comment: 77 pages, 5 figures, 5 table

Organizational Interaction Mechanisms Affecting Strategic Decision-Making During Cybercrime Investigations

Antud lõputöö eesmärk on mõista ja selgitada organisatsioonide vahelist suhtlust õiguskorra tagamisel otsuste langetamise valdkondades kui nähtust, mis hõlmab koostöö ja teabe jagamise kontseptsioone ning viise, mis mõjutavad küberkuritegevuse uurimise protsesse. Uurimisobjekti probleem tuleneb ebapiisavast interdistsiplinaarsest tööst ja teoreetilistest sotsiaalteaduste arengutest tehnika vallas ning täpsemalt kavandatud lahenduste puudumisest, mis võiks suunata küberkuritegevuse uurimisega seotud juhtimisfunktsioone. Selle tulemusena seisavad õiguskaitsebürood (ÕKBd) silmitsi üha kasvavate raskustega, mis puudutavad nii protsesse, kommunikatsiooni kui koostööd, mis tulenevad keerulise teabe jagamise vajadusest. Eelkõige tekitavad raskusi küsimusi õigeaegne teabevahetus ja usaldamatus. Lõputöös on liigitatud takistused, mis võivad pidurdada uurimisprotsesse ja mõju strateegiliste otsuste langetamisel. Samuti püüab lõputöö sõnastada tingimused, mis on vajalikud optimaalse ja koostööl põhineva teabevahetuskeskkonna loomiseks, et võidelda küberkuritegevuse vastu.\n\rMetoodiline lähenemine hõlmab kvalitatiivset sisuanalüüsi, uuringud, juhtumikirjeldust ja teiseste andmete kasutamist. Esiteks, määratleb töö terminid ja eristab mõisted tõlgenduste kaudu, et aidata luua täpne olukorra kaardistus küberkuritegevuse ökosüsteemis. Antud kaardistus hõlmab ökosüsteemi sidusrühmade vaatepunktist ja määratleb nende koostoime mehhanismid. Seejärel määratletakse lõputöös põhilised takistused ja vajadused, mille uuriv protsess paljastab, ja tehakse ettepanek uue optimeeritud küberkuritegevuse uurimise analüüsi mudeliks. See analüütiline tööriist saab teavitada ja raporteerida protsessi etappidest, mis vajaks suuremat uurimist. Viimasena uuritakse Kolumbia politsei küberkuritegevuskeskuse (KKT) juhtumit, et näitlikustada, kuidas uuritud perspektiive saaks rakendada. \n\rTöö tulemused soovitavad, et funktsionaalseid aspekte saaks parandada, kui lisada juhtimise elemente uurimisprotsessi ettevalmistavasse järku. Ühtlasi saab hõlbustada kriminaalmenetluse uurimisel ka suhtlust sidusrühmadega ja teabe varustamisega. Veelgi enam, läbi haldusmenetlusprotsesside saab parandada nii usaldussuhteid kui teabe liikumise mustreid ja lõpuks suurendada organisatsioonide tõhusust võitluses küberkuritegevusega.\n\rSee lõputöö panustab teoreetilise baasi arendamisse, selgitab põhimõisted, mis tulenevad interdistsiplinaarsest kontseptsioonide ja teooriate integratsioonist. Samuti esitleb lõputöö praktilisi vahendeid, mida saab kohaldada juhtimisorganisatsioonide koostoimemehhanismidele küberkuritegevuse uurimisel. Töös esitletakse vajaduste analüüsi tulemusi, parimate praktikate rakendamise suuniseid ning ettepanekut optimeeritud uurimismudeli ellurakendamiseks, mis lähtub organisatsiooni suhtluse vajadustest. Eelnimetatud moodustavad tööriistkasti praktilistest vahenditest, mida rakendada juhtimistehnikates, et suurendada tõhusust ja toetada otsuste tegemist võitluses küberkuritegevusega.The aim of this thesis is to understand and explain organizational interaction in law enforcement decision-making spheres, as a phenomenon that involves the concepts of collaboration, cooperation and information sharing, and the way that these affect cybercrime investigation processes. The problem research steams from the insufficient interdisciplinary work and theoretical developments of social sciences within technical fields and more specifically the lack of conceptualizations that could guide managerial functions related to cyber crime investigations. As a result, Law Enforcement Agencies (LEAs) face increasing difficulties concerning processes, communication, and collaboration derived from complex information sharing needs, and in particular, issues of timely delivery and mistrust. The thesis is concerned with a classification of impediments that may obstruct investigation processes and impact strategic decision-making, and with the formulation of the necessary conditions to generate an optimal and collaborative information-sharing environment for fighting against cybercrime. \n\r\n\rThe methodological approach includes qualitative content analysis, surveys, a case study and the use of secondary data. First, the work defines terms and differentiates concepts via interpretation, to help to establish an accurate mapping of the current situation within a cybercrime ecosystem from the stakeholders’ point of view and determine their interaction mechanisms. Then, it progresses onto the identification of the main obstacles and needs that the investigative process reveals, and proposes a new optimized model of cybercrime investigations analysis. This analytical tool can inform and report on the stages of the process that would require greater intervention. Last, the case of the Police Cybercrime Center (CCP) of Colombia is studied; to illustrate how these perspectives may apply.\n\r\n\rThe results of this work suggest that by including management elements at the preparatory stage of the investigative process, functional aspects could be improved, and the interaction with stakeholders and the provision of information to support the criminal investigation can be facilitated. Furthermore, that via administrative procedures, trust relationships can be improved as well as information flow patterns and ultimately increase organizational efficiency in the fight against cybercrime. \n\r\n\rThis thesis contributes with theoretical development, clarification of key terms resulting from the interdisciplinary integration of concepts and theories, and practical instruments applicable to guide managerial organizational interaction mechanisms in cybercrime investigations. Other contributions of meaningful implications are the results of the analysis of needs, the guidelines for the implementation of best practices, and the proposal of implementation of an optimized model of investigation based on the need of organizational interaction. Those conform a toolbox of practical instruments for the implementation of managerial techniques to enhance effectiveness and support decision-making in combating cybercrime

Are You Ready? A Proposed Framework For The Assessment Of Digital Forensic Readiness

This dissertation develops a framework to assess Digital Forensic Readiness (DFR) in organizations. DFR is the state of preparedness to obtain, understand, and present digital evidence when needed. This research collects indicators of digital forensic readiness from a systematic literature review. More than one thousand indicators were found and semantically analyzed to identify the dimensions to where they belong. These dimensions were subjected to a q-sort test and validated using association rules, producing a preliminary framework of DFR for practitioners. By classifying these indicators into dimensions, it was possible to distill them into 71 variables further classified into either extant or perceptual variables. Factor analysis was used to identify latent factors within the two groups of variables. A statistically-based framework to assess DFR is presented, wherein the extant indicators are used as a proxy of the real DFR status and the perceptual factors as the perception of this status

The Proceedings of 15th Australian Information Security Management Conference, 5-6 December, 2017, Edith Cowan University, Perth, Australia

Conference Foreword The annual Security Congress, run by the Security Research Institute at Edith Cowan University, includes the Australian Information Security and Management Conference. Now in its fifteenth year, the conference remains popular for its diverse content and mixture of technical research and discussion papers. The area of information security and management continues to be varied, as is reflected by the wide variety of subject matter covered by the papers this year. The papers cover topics from vulnerabilities in “Internet of Things” protocols through to improvements in biometric identification algorithms and surveillance camera weaknesses. The conference has drawn interest and papers from within Australia and internationally. All submitted papers were subject to a double blind peer review process. Twenty two papers were submitted from Australia and overseas, of which eighteen were accepted for final presentation and publication. We wish to thank the reviewers for kindly volunteering their time and expertise in support of this event. We would also like to thank the conference committee who have organised yet another successful congress. Events such as this are impossible without the tireless efforts of such people in reviewing and editing the conference papers, and assisting with the planning, organisation and execution of the conference. To our sponsors, also a vote of thanks for both the financial and moral support provided to the conference. Finally, thank you to the administrative and technical staff, and students of the ECU Security Research Institute for their contributions to the running of the conference

Understanding indicators of compromise against cyber-attacks in industrial control systems: a security perspective

Numerous sophisticated and nation-state attacks on Industrial Control Systems (ICSs) have increased in recent years, exemplified by Stuxnet and Ukrainian Power Grid. Measures to be taken post-incident are crucial to reduce damage, restore control, and identify attack actors involved. By monitoring Indicators of Compromise (IOCs), the incident responder can detect malicious activity triggers and respond quickly to a similar intrusion at an earlier stage. However, in order to implement IOCs in critical infrastructures, we need to understand their contexts and requirements. Unfortunately, there is no survey paper in the literature on IOC in the ICS environment and only limited information is provided in research articles. In this paper, we describe different standards for IOC representation and discuss the associated challenges that restrict security investigators from developing IOCs in the industrial sectors. We also discuss the potential IOCs against cyber-attacks in ICS systems. Furthermore, we conduct a critical analysis of existing works and available tools in this space. We evaluate the effectiveness of identified IOCs’ by mapping these indicators to the most frequently targeted attacks in the ICS environment. Finally we highlight the lessons to be learnt from the literature and the future problems in the domain along with the approaches that might be taken

The future of Cybersecurity in Italy: Strategic focus area

This volume has been created as a continuation of the previous one, with the aim of outlining a set of focus areas and actions that the Italian Nation research community considers essential. The book touches many aspects of cyber security, ranging from the definition of the infrastructure and controls needed to organize cyberdefence to the actions and technologies to be developed to be better protected, from the identification of the main technologies to be defended to the proposal of a set of horizontal actions for training, awareness raising, and risk management

A structured approach to malware detection and analysis in digital forensics investigation

A thesis submitted to the University of Bedfordshire in partial fulfilment of the requirement for the degree of PhDWithin the World Wide Web (WWW), malware is considered one of the most serious threats to system security with complex system issues caused by malware and spam. Networks and systems can be accessed and compromised by various types of malware, such as viruses, worms, Trojans, botnet and rootkits, which compromise systems through coordinated attacks. Malware often uses anti-forensic techniques to avoid detection and investigation. Moreover, the results of investigating such attacks are often ineffective and can create barriers for obtaining clear evidence due to the lack of sufficient tools and the immaturity of forensics methodology. This research addressed various complexities faced by investigators in the detection and analysis of malware. In this thesis, the author identified the need for a new approach towards malware detection that focuses on a robust framework, and proposed a solution based on an extensive literature review and market research analysis. The literature review focussed on the different trials and techniques in malware detection to identify the parameters for developing a solution design, while market research was carried out to understand the precise nature of the current problem. The author termed the new approaches and development of the new framework the triple-tier centralised online real-time environment (tri-CORE) malware analysis (TCMA). The tiers come from three distinctive phases of detection and analysis where the entire research pattern is divided into three different domains. The tiers are the malware acquisition function, detection and analysis, and the database operational function. This framework design will contribute to the field of computer forensics by making the investigative process more effective and efficient. By integrating a hybrid method for malware detection, associated limitations with both static and dynamic methods are eliminated. This aids forensics experts with carrying out quick, investigatory processes to detect the behaviour of the malware and its related elements. The proposed framework will help to ensure system confidentiality, integrity, availability and accountability. The current research also focussed on a prototype (artefact) that was developed in favour of a different approach in digital forensics and malware detection methods. As such, a new Toolkit was designed and implemented, which is based on a simple architectural structure and built from open source software that can help investigators develop the skills to critically respond to current cyber incidents and analyses