393 research outputs found
A comparison of forensic evidence recovery techniques for a windows mobile smart phone
<p>Acquisition, decoding and presentation of information from mobile devices is complex and challenging. Device memory is usually integrated into the device, making isolation prior to recovery difficult. In addition, manufacturers have adopted a variety of file systems and formats complicating decoding and presentation.</p>
<p>A variety of tools and methods have been developed (both commercially and in the open source community) to assist mobile forensics investigators. However, it is unclear to
what extent these tools can present a complete view of the information held on a mobile device, or the extent the results produced by different tools are consistent.</p>
<p>This paper investigates what information held on a Windows Mobile smart phone can be recovered using several different approaches to acquisition and decoding. The paper demonstrates that no one technique recovers all information of potential forensic interest from a Windows Mobile device; and that in some cases the information recovered is
conflicting.</p>
MEMORY FORENSIC DEVELOPMENT AND CHALLENGES IN IDENTIFYING DIGITAL CRIME : A REVIEW
Digital forensic technology is currently advancing along with the demands to uncover various crimes using technology. Memory Forensic is one of the investigative fields in digital forensics. We use the Systematic Literature Review method to identify the developments and challenges of Forensic Memory in identifying digital crimes, analyzed from various reference papers according to the Include and Exclude Criteria and based on the specified Research Question. Authors chose from 30 reference journals from 3 online journal databases namely IEEE Explore, Sciencedirect, and Springer with themes related to forensic memory based on certain criteria for further review to determine the development of digital crime. The results of the SLR that we convey are the result of a study related to the use of Memory Forensic in identifying various digital attacks and challenges faced in the future
Drone forensic analysis using open source tools
Carrying capabilities of drones and their easy accessibility to public have led to an increase in crimes committed using drones in recent years. For this reason, the need for forensic analysis of drones captured from the crime scenes and the devices used for these drones is also paramount. This paper presents the extraction and identification of important artefacts from the recorded flight data as well as the associated mobile devices using open source tools and some basic scripts developed to aid the analysis of two popular drone systems- the DJI Phantom 3 Professional and Parrot AR. Drone 2.0. Although different drones vary in their operations, this paper extends the extraction and analysis of the data from the drones and associated devices using some generic methods which are forensically sound adhering to the guidelines of the Association of Chief Police Officers (ACPO)
Drone Forensic Analysis Using Open Source Tools
Carrying capabilities of drones and their easy accessibility to public have led to an increase in crimes committed using drones in recent years. For this reason, the need for forensic analysis of drones captured from the crime scenes and the devices used for these drones is also paramount. This paper presents the extraction and identification of important artefacts from the recorded flight data as well as the associated mobile devices using open source tools and some basic scripts developed to aid the analysis of two popular drone systems- the DJI Phantom 3 Professional and Parrot AR. Drone 2.0. Although different drones vary in their operations, this paper extends the extraction and analysis of the data from the drones and associated devices using some generic methods which are forensically sound adhering to the guidelines of the Association of Chief Police Officers (ACPO)
Exploring application memory
Increasingly complex malware continues to evade detection, stealing information, taking systems offline, and disrupting functionality of many computer systems. Traditional techniques have not adequately protected systems from attackers, and the most commonly used detection techniques overlook the contents of memory.
Modern systems contain a wealth of information in the contents of memory, but making use of that information is anything but trivial. There are a number of challenges related to both the acquisition and analysis of a system's memory.
Many forensic situations could involve machines in hostile environments, and many acquisition techniques result in artifacts, which reduce the fidelity of the image and hinder the analysis phase. Although the kernel memory space has come a long way in being mapped, the state of application memory has largely been unexplored.
We have created a toolset that extracts the application's context from the structure of pointers in a sample of that application's memory. This context allows us to perform statistical analysis, visualize the structure of memory, and provides a new way to train classifiers
A Digital Forensics Case Study of the DJI Mini 3 Pro and DJI RC
The consumer drone market is rapidly expanding with new drone models
featuring unique variations of hardware and software. The rapid development of
drone technology and variability in drone systems can make it difficult for
digital forensic investigators and tools to keep pace and effectively extract
and analyse digital evidence from drones. Furthermore, the growing popularity
of drones and their increased use in illegal and harmful activities, such as
smuggling, espionage, and even terrorism, has led to an increase in the number
of drone forensic cases for authorities to manage. To assist forensic
investigators, a static digital forensic case study was conducted on two drone
devices recently released by Da-Jiang Innovations (DJI): the Mini 3 Pro drone,
and its remote controller, the DJI RC. The study discovered the presence of
several digital artefacts on both devices, including recorded media, flight
logs, and other information that could help investigators trace the drone's
usage and identify its operator. Additionally, this paper explored several
methods for extracting and visualising the drone's flight history, and
highlights some of the potential methods used to limit, obscure, or remove key
types of digital evidence.Comment: 20 Pages, 23 figure
Two Challenges of Stealthy Hypervisors Detection: Time Cheating and Data Fluctuations
Hardware virtualization technologies play a significant role in cyber
security. On the one hand these technologies enhance security levels, by
designing a trusted operating system. On the other hand these technologies can
be taken up into modern malware which is rather hard to detect. None of the
existing methods is able to efficiently detect a hypervisor in the face of
countermeasures such as time cheating, temporary self uninstalling, memory
hiding etc. New hypervisor detection methods which will be described in this
paper can detect a hypervisor under these countermeasures and even count
several nested ones. These novel approaches rely on the new statistical
analysis of time discrepancies by examination of a set of instructions, which
are unconditionally intercepted by a hypervisor. Reliability was achieved
through the comprehensive analysis of the collected data despite its
fluctuation. These offered methods were comprehensively assessed in both Intel
and AMD CPUs.Comment: 25 pages, 7 figures, 8 tables. Paper presented at the Proceedings of
the 10th Annual Conference on Digital Forensics, Security and Law (CDFSL),
33-57, Daytona Beach, Florida, USA (2015, May 18-21
- …