An Argumentation-Based Reasoner to Assist Digital Investigation and Attribution of Cyber-Attacks

We expect an increase in the frequency and severity of cyber-attacks that comes along with the need for efficient security countermeasures. The process of attributing a cyber-attack helps to construct efficient and targeted mitigating and preventive security measures. In this work, we propose an argumentation-based reasoner (ABR) as a proof-of-concept tool that can help a forensics analyst during the analysis of forensic evidence and the attribution process. Given the evidence collected from a cyber-attack, our reasoner can assist the analyst during the investigation process, by helping him/her to analyze the evidence and identify who performed the attack. Furthermore, it suggests to the analyst where to focus further analyses by giving hints of the missing evidence or new investigation paths to follow. ABR is the first automatic reasoner that can combine both technical and social evidence in the analysis of a cyber-attack, and that can also cope with incomplete and conflicting information. To illustrate how ABR can assist in the analysis and attribution of cyber-attacks we have used examples of cyber-attacks and their analyses as reported in publicly available reports and online literature. We do not mean to either agree or disagree with the analyses presented therein or reach attribution conclusions

TLAD 2010 Proceedings:8th international workshop on teaching, learning and assesment of databases (TLAD)

This is the eighth in the series of highly successful international workshops on the Teaching, Learning and Assessment of Databases (TLAD 2010), which once again is held as a workshop of BNCOD 2010 - the 27th International Information Systems Conference. TLAD 2010 is held on the 28th June at the beautiful Dudhope Castle at the Abertay University, just before BNCOD, and hopes to be just as successful as its predecessors.The teaching of databases is central to all Computing Science, Software Engineering, Information Systems and Information Technology courses, and this year, the workshop aims to continue the tradition of bringing together both database teachers and researchers, in order to share good learning, teaching and assessment practice and experience, and further the growing community amongst database academics. As well as attracting academics from the UK community, the workshop has also been successful in attracting academics from the wider international community, through serving on the programme committee, and attending and presenting papers.This year, the workshop includes an invited talk given by Richard Cooper (of the University of Glasgow) who will present a discussion and some results from the Database Disciplinary Commons which was held in the UK over the academic year. Due to the healthy number of high quality submissions this year, the workshop will also present seven peer reviewed papers, and six refereed poster papers. Of the seven presented papers, three will be presented as full papers and four as short papers. These papers and posters cover a number of themes, including: approaches to teaching databases, e.g. group centered and problem based learning; use of novel case studies, e.g. forensics and XML data; techniques and approaches for improving teaching and student learning processes; assessment techniques, e.g. peer review; methods for improving students abilities to develop database queries and develop E-R diagrams; and e-learning platforms for supporting teaching and learning

TLAD 2010 Proceedings:8th international workshop on teaching, learning and assesment of databases (TLAD)

This is the eighth in the series of highly successful international workshops on the Teaching, Learning and Assessment of Databases (TLAD 2010), which once again is held as a workshop of BNCOD 2010 - the 27th International Information Systems Conference. TLAD 2010 is held on the 28th June at the beautiful Dudhope Castle at the Abertay University, just before BNCOD, and hopes to be just as successful as its predecessors.The teaching of databases is central to all Computing Science, Software Engineering, Information Systems and Information Technology courses, and this year, the workshop aims to continue the tradition of bringing together both database teachers and researchers, in order to share good learning, teaching and assessment practice and experience, and further the growing community amongst database academics. As well as attracting academics from the UK community, the workshop has also been successful in attracting academics from the wider international community, through serving on the programme committee, and attending and presenting papers.This year, the workshop includes an invited talk given by Richard Cooper (of the University of Glasgow) who will present a discussion and some results from the Database Disciplinary Commons which was held in the UK over the academic year. Due to the healthy number of high quality submissions this year, the workshop will also present seven peer reviewed papers, and six refereed poster papers. Of the seven presented papers, three will be presented as full papers and four as short papers. These papers and posters cover a number of themes, including: approaches to teaching databases, e.g. group centered and problem based learning; use of novel case studies, e.g. forensics and XML data; techniques and approaches for improving teaching and student learning processes; assessment techniques, e.g. peer review; methods for improving students abilities to develop database queries and develop E-R diagrams; and e-learning platforms for supporting teaching and learning

Google Drive forensic analysis via application programming interface.

Rapid development of cloud computing brings challenges to digital forensic investigation, where traditional digital forensic tools and methodologies do not apply well. New approaches are needed to overcome emerged problems. This research focuses on analyzing a popular cloud storage service Google Drive in a forensically sound manner. The application programming interface (API) approach is chosen as the main method to perform digital forensic investigation. A sample application is developed to acquire evidence from Google Drive. Experiments were then conducted to evaluate its effect based on results. By comparing the results with other approaches, the API approach proves to be effective and reliable for digital forensic examiners and forensic software developers to consider as available tool in their arsenal

Question: where would you go to escape detection if you wanted to do something illegal on the Internet? Hint: shush!

The background to this paper is the introduction of public access IT facilities in public libraries. These facilities have seen recorded instances of misuse alongside weaknesses in checking identities of users and in explaining Acceptable Use Policies (AUPs) to users. The FRILLS (Forensic Readiness of Local Libraries in Scotland) project, funded by the Scottish Library and Information Council, attempted to survey the situation in Scottish public libraries and develop a forensic readiness logging regime for use in them. There is in depth discussion of the use of logging in public library computer facilitie

Using digital logs to reduce academic misdemeanour by students in digital forensic assessments

Identifying academic misdemeanours and actual applied effort in student assessments involving practical work can be problematic. For instance, it can be difficult to assess the actual effort that a student applied, the sequence and method applied, and whether there was any form of collusion or collaboration. In this paper we propose a system of using digital logs generated by selected software tools (such as FTK- Forensic Toolkit and EnCase), for the purpose of identifying the effort and sequence of events that students followed to complete their learning activities, (say, arriving at conclusions relating to an assessment question) and thereby determining whether it is likely that an academic misdemeanour may have occurred. The paper elaborates on an assessment exercise conducted with a cohort of 67 students in a specific class of disciplinary learning, highlighting the process that students have to follow, and then proceeds to show in some details how selected logging facilities can be used to provide evidence that students may have committed an academic misdemeanour