2,064 research outputs found
Automatic Error Localization for Software using Deductive Verification
Even competent programmers make mistakes. Automatic verification can detect
errors, but leaves the frustrating task of finding the erroneous line of code
to the user. This paper presents an automatic approach for identifying
potential error locations in software. It is based on a deductive verification
engine, which detects errors in functions annotated with pre- and
post-conditions. Using an automatic theorem prover, our approach finds
expressions in the code that can be modified such that the program satisfies
its specification. Scalability is achieved by analyzing each function in
isolation. We have implemented our approach in the widely used Frama-C
framework and present first experimental results. This is an extended version
of [8], featuring an additional appendix.Comment: This is an extended version of [8], featuring an additional appendi
Privacy Preserving Internet Browsers: Forensic Analysis of Browzar
With the advance of technology, Criminal Justice agencies are being
confronted with an increased need to investigate crimes perpetuated partially
or entirely over the Internet. These types of crime are known as cybercrimes.
In order to conceal illegal online activity, criminals often use private
browsing features or browsers designed to provide total browsing privacy. The
use of private browsing is a common challenge faced in for example child
exploitation investigations, which usually originate on the Internet. Although
private browsing features are not designed specifically for criminal activity,
they have become a valuable tool for criminals looking to conceal their online
activity. As such, Technological Crime units often focus their forensic
analysis on thoroughly examining the web history on a computer. Private
browsing features and browsers often require a more in-depth, post mortem
analysis. This often requires the use of multiple tools, as well as different
forensic approaches to uncover incriminating evidence. This evidence may be
required in a court of law, where analysts are often challenged both on their
findings and on the tools and approaches used to recover evidence. However,
there are very few research on evaluating of private browsing in terms of
privacy preserving as well as forensic acquisition and analysis of privacy
preserving internet browsers. Therefore in this chapter, we firstly review the
private mode of popular internet browsers. Next, we describe the forensic
acquisition and analysis of Browzar, a privacy preserving internet browser and
compare it with other popular internet browser
Android Anti-forensics: Modifying CyanogenMod
Mobile devices implementing Android operating systems inherently create
opportunities to present environments that are conducive to anti-forensic
activities. Previous mobile forensics research focused on applications and data
hiding anti-forensics solutions. In this work, a set of modifications were
developed and implemented on a CyanogenMod community distribution of the
Android operating system. The execution of these solutions successfully
prevented data extractions, blocked the installation of forensic tools, created
extraction delays and presented false data to industry accepted forensic
analysis tools without impacting normal use of the device. The research
contribution is an initial empirical analysis of the viability of operating
system modifications in an anti-forensics context along with providing the
foundation for future research.Comment: Karlsson, K.-J. and W.B. Glisson, Android Anti-forensics: Modifying
CyanogenMod in Hawaii International Conference on System Sciences (HICSS-47).
2014, IEEE Computer Society Press: Hawai
On the Dissection of Evasive Malware
Complex malware samples feature measures to impede automatic and manual analyses, making their investigation cumbersome. While automatic characterization of malware benefits from recently proposed designs for passive monitoring, the subsequent dissection process still sees human analysts struggling with adversarial behaviors, many of which also closely resemble those studied for automatic systems. This gap affects the day-to-day analysis of complex samples and researchers have not yet attempted to bridge it. We make a first step down this road by proposing a design that can reconcile transparency requirements with manipulation capabilities required for dissection. Our open-source prototype BluePill (i) offers a customizable execution environment that remains stealthy when analysts intervene to alter instructions and data or run third-party tools, (ii) is extensible to counteract newly encountered anti-analysis measures using insights from the dissection, and (iii) can accommodate program analyses that aid analysts, as we explore for taint analysis. On a set of highly evasive samples BluePill resulted as stealthy as commercial sandboxes while offering new intervention and customization capabilities for dissection
Improving Memory Forensics Through Emulation and Program Analysis
Memory forensics is an important tool in the hands of investigators. However, determining if a computer is infected with malicious software is time consuming, even for experts. Tasks that require manual reverse engineering of code or data structures create a significant bottleneck in the investigative workflow. Through the application of emulation software and symbolic execution, these strains have been greatly lessened, allowing for faster and more thorough investigation. Furthermore, these efforts have reduced the barrier for forensic investigation, so that reasonable conclusions can be drawn even by non-expert investigators. While previously Volatility had allowed for the detection of malicious hooks and injected code with an insurmountably high false positive rate, the techniques presented in the work have allowed for a much lower false positive rate automatically, and yield more detailed information when manual analysis is required. The second contribution of this work is to improve the reliability of memory forensic tools. As it currently stands, if some component of the operating system or language runtime has been updated, the task of verifying that these changes do not affect the correctness of investigative tools involves a large reverse engineering effort, and significant domain knowledge, on the part of whoever maintains the tool. Through modifications of the techniques used in the hook analysis, this burden can be lessened or eliminated by comparing the last known functionality to the new functionality. This allows the tool to be updated quickly and effectively, so that investigations can proceed without issue
A pollen identification expert system ; an application of expert system techniques to biological identification : a thesis presented in partial fulfilment of the requirements for the degree of Master of Science in Computer Science Massey University
The application of expert systems techniques to biological identification has been investigated and a system developed which assists a user to identify and count air-borne pollen grains. The present system uses a modified taxonomic data matrix as the structure for the knowledge base. This allows domain experts to easily assess and modify the knowledge using a familiar data structure. The data structure can be easily converted to rules or a simple frame-based structure if required for other applications. A method of ranking the importance of characters for identifying each taxon has been developed which assists the system to quickly narrow an identification by rejecting or accepting candidate taxa. This method is very similar to that used by domain experts
Cybersecurity: Past, Present and Future
The digital transformation has created a new digital space known as
cyberspace. This new cyberspace has improved the workings of businesses,
organizations, governments, society as a whole, and day to day life of an
individual. With these improvements come new challenges, and one of the main
challenges is security. The security of the new cyberspace is called
cybersecurity. Cyberspace has created new technologies and environments such as
cloud computing, smart devices, IoTs, and several others. To keep pace with
these advancements in cyber technologies there is a need to expand research and
develop new cybersecurity methods and tools to secure these domains and
environments. This book is an effort to introduce the reader to the field of
cybersecurity, highlight current issues and challenges, and provide future
directions to mitigate or resolve them. The main specializations of
cybersecurity covered in this book are software security, hardware security,
the evolution of malware, biometrics, cyber intelligence, and cyber forensics.
We must learn from the past, evolve our present and improve the future. Based
on this objective, the book covers the past, present, and future of these main
specializations of cybersecurity. The book also examines the upcoming areas of
research in cyber intelligence, such as hybrid augmented and explainable
artificial intelligence (AI). Human and AI collaboration can significantly
increase the performance of a cybersecurity system. Interpreting and explaining
machine learning models, i.e., explainable AI is an emerging field of study and
has a lot of potentials to improve the role of AI in cybersecurity.Comment: Author's copy of the book published under ISBN: 978-620-4-74421-
Acquisition and Forensic Analysis of Volatile Data Stores
The advent of more witted threats against typical computer systems demonstrates a need for forensic analysis of memory-resident data in addition to the conventional static analysis common today. Some tools are starting to become available to duplicate various types of volatile data stores. Once the data store has been duplicated, current forensic procedures have no vector for extrapolating further information from the duplicate. This thesis is focused on providing the groundwork for performing forensic investigations on the data that is typically stored in a volatile data store, such as system RAM, while creating as small an impact as possible to the state of a system. It is intended that this thesis will give insight to obtaining more post incident response information along with a smaller impact to potential evidence when compared to typical incident response procedures
- …