Intensional Cyberforensics

This work focuses on the application of intensional logic to cyberforensic analysis and its benefits and difficulties are compared with the finite-state-automata approach. This work extends the use of the intensional programming paradigm to the modeling and implementation of a cyberforensics investigation process with backtracing of event reconstruction, in which evidence is modeled by multidimensional hierarchical contexts, and proofs or disproofs of claims are undertaken in an eductive manner of evaluation. This approach is a practical, context-aware improvement over the finite state automata (FSA) approach we have seen in previous work. As a base implementation language model, we use in this approach a new dialect of the Lucid programming language, called Forensic Lucid, and we focus on defining hierarchical contexts based on intensional logic for the distributed evaluation of cyberforensic expressions. We also augment the work with credibility factors surrounding digital evidence and witness accounts, which have not been previously modeled. The Forensic Lucid programming language, used for this intensional cyberforensic analysis, formally presented through its syntax and operational semantics. In large part, the language is based on its predecessor and codecessor Lucid dialects, such as GIPL, Indexical Lucid, Lucx, Objective Lucid, and JOOIP bound by the underlying intensional programming paradigm.Comment: 412 pages, 94 figures, 18 tables, 19 algorithms and listings; PhD thesis; v2 corrects some typos and refs; also available on Spectrum at http://spectrum.library.concordia.ca/977460

Technical and legal perspectives on forensics scenario

The dissertation concerns digital forensic. The expression digital forensic (sometimes called digital forensic science) is the science that studies the identification, storage, protection, retrieval, documentation, use, and every other form of computer data processing in order to be evaluated in a legal trial. Digital forensic is a branch of forensic science. First of all, digital forensic represents the extension of theories, principles and procedures that are typical and important elements of the forensic science, computer science and new technologies. From this conceptual viewpoint, the logical consideration concerns the fact that the forensic science studies the legal value of specific events in order to contrive possible sources of evidence. The branches of forensic science are: physiological sciences, social sciences, forensic criminalistics and digital forensics. Moreover, digital forensic includes few categories relating to the investigation of various types of devices, media or artefacts. These categories are: - computer forensic: the aim is to explain the current state of a digital artefact; such as a computer system, storage medium or electronic document; - mobile device forensic: the aim is to recover digital evidence or data from mobile device, such as image, log call, log sms and so on; - network forensic: the aim is related to the monitoring and analysis of network traffic (local, WAN/Internet, UMTS, etc.) to detect intrusion more in general to find network evidence; - forensic data analysis: the aim is examine structured data to discover evidence usually related to financial crime; - database forensic: the aim is related to databases and their metadata. The origin and historical development of the discipline of study and research of digital forensic are closely related to progress in information and communication technology in the modern era. In parallel with the changes in society due to new technologies and, in particular, the advent of the computer and electronic networks, there has been a change in the mode of collection, management and analysis of evidence. Indeed, in addition to the more traditional, natural and physical elements, the procedures have included further evidence that although equally capable of identifying an occurrence, they are inextricably related to a computer or a computer network or electronic means. The birth of computer forensics can be traced back to 1984, when the FBI and other American investigative agencies have began to use software for the extraction and analysis of data on a personal computer. At the beginning of the 80s, the CART(Computer Analysis and Response Team) was created within the FBI, with the express purpose of seeking the so-called digital evidence. This term is used to denote all the information stored or transmitted in digital form that may have some probative value. While the term evidence, more precisely, constitutes the judicial nature of digital data, the term forensic emphasizes the procedural nature of matter, literally, "to be presented to the Court". Digital forensic have a huge variety of applications. The most common applications are related to crime or cybercrime. Cybercrime is a growing problem for government, business and private. - Government: security of the country (terrorism, espionage, etc.) or social problems (child pornography, child trafficking and so on). - Business: purely economic problems, for example industrial espionage. - Private: personal safety and possessions, for example phishing, identity theft. Often many techniques, used in digital forensics, are not formally defined and the relation between the technical procedure and the law is not frequently taken into consideration. From this conceptual perspective, the research work intends to define and optimize the procedures and methodologies of digital forensic in relation to Italian regulation, testing, analysing and defining the best practice, if they are not defined, concerning common software. The research questions are: 1. The problem of cybercrime is becoming increasingly significant for governments, businesses and citizens. - In relation to governments, cybercrime involves problems concerning national security, such as terrorism and espionage, and social questions, such as trafficking in children and child pornography. - In relation to businesses, cybercrime entails problems concerning mainly economic issues, such as industrial espionage. - In relation to citizens, cybercrime involves problems concerning personal security, such as identity thefts and fraud. 2. Many techniques, used within the digital forensic, are not formally defined. 3. The relation between procedures and legislation are not always applied and taken into consideratio

Ausgewählte Chancen und Herausforderungen der digitalen Transformation für die Produktentwicklung und Unternehmensorganisation im Finanzdienstleistungssektor

Vor dem Hintergrund der digitalen Transformation sind Finanzdienstleistungsunternehmen auf unterschiedlichen Ebenen zahlreichen Chancen sowie Herausforderungen ausgesetzt. Während der Einsatz neuer Technologien die Optimierung bestehender Geschäftsprozesse sowie das Angebot digitalisierter Finanzdienstleistungen ermöglicht, geht dies zugleich mit veränderten Arbeitsbedingungen innerhalb der Unternehmensorganisation einher. Darüber hinaus sind Finanzdienstleister dazu angehalten die sich ändernden Kundenerwartungen bei den bisherigen Geschäftsaktivitäten sowie bei der Produktentwicklung zu berücksichtigen. Das Ziel der vorliegenden kumulativen Dissertation ist es, bestehende Forschungsdesiderate hinsichtlich der Auswirkungen der digitalen Transformation auf den Finanzdienstleistungssektor, differenziert nach der Kunden- und Produktperspektive sowie der internen Unternehmensperspektive, vertiefend zu analysieren. Das Technology-Organization-Environment (TOE)-Framework von DePietro et al. (1990) wird dabei als theoretischer Rahmen zur Einordnung und Strukturierung der Forschungsmodule verwendet. Die Ergebnisse der acht Module zeigen, dass die Kundenbedürfnisse und –erwartungen im Finanzdienstleistungssektor verstärkt von der digitalen Transformation beeinflusst werden. Dies zeigt sich in der Beratungstätigkeit bspw. durch das Angebot neuer Kundenkanäle sowie der aus dem steigenden Wettbewerbsdruck resultierenden erhöhten Preistransparenz. Im Rahmen der Produktentwicklung sind zudem u. a. ESG-Risiken und Silent Cyber-Risiken zu beachten. Aus der Analyse der Auswirkungen der digitalen Transformation auf die Unternehmensorganisation geht hervor, dass über den Einsatz digitaler Innovationen innerhalb des Backoffice die Realisation von Effizienzgewinnen sowie das Entgegenwirken eines Personalmangels möglich ist. Darüber hinaus wird in den Modulen der Einfluss des Faktors Mensch auf die Cyber-Sicherheit hervorgehoben. Während dieser einerseits als „schwächstes Glied“ und potenzielles Angriffsziel im Sicherheitskonstrukt der Unternehmen dargestellt wird, ist andererseits das Potenzial der Beschäftigten zur Frühwarnung zu berücksichtigen

Security and defence research in the European Union: a landscape review

This landscape report describes the state of play of the European Union’s policies and activities in security and defence and the EU-funded research aimed at supporting them, with an exclusive focus on intentional harm. It is organised around several thematic building blocks under the umbrella of the three core priorities defined in the European agenda on security. The report reviews the current main risks and threats but also those that may emerge within the next 5 years, the policy and operational means developed to combat them, the main active stakeholders and the EU legislation in force. In this context, a short history of EU research on security and defence is presented, followed by an inventory of relevant research and development projects funded under the Horizon 2020 framework programme during the period 2014-2018. The specific contributions of the Joint Research Centre to security research are also highlighted. Finally, future avenues for security and defence research and development are discussed. Please note that the executive summary of this landscape report has been published simultaneously as a companion document.JRC.E.7-Knowledge for Security and Migratio

Intensional Cyberforensics

This work focuses on the application of intensional logic to cyberforensic analysis and its benefits and difficulties are compared with the finite-state-automata approach. This work extends the use of the intensional programming paradigm to the modeling and implementation of a cyberforensics investigation process with backtracing of event reconstruction, in which evidence is modeled by multidimensional hierarchical contexts, and proofs or disproofs of claims are undertaken in an eductive manner of evaluation. This approach is a practical, context-aware improvement over the finite state automata (FSA) approach we have seen in previous work. As a base implementation language model, we use in this approach a new dialect of the Lucid programming language, called Forensic Lucid, and we focus on defining hierarchical contexts based on intensional logic for the distributed evaluation of cyberforensic expressions. We also augment the work with credibility factors surrounding digital evidence and witness accounts, which have not been previously modeled. The Forensic Lucid programming language, used for this intensional cyberforensic analysis, formally presented through its syntax and operational semantics. In large part, the language is based on its predecessor and codecessor Lucid dialects, such as GIPL, Indexical Lucid, Lucx, Objective Lucid, MARFL, and JOOIP bound by the underlying intensional programming paradigm

Educating the effective digital forensics practitioner: academic, professional, graduate and student perspectives

Over the years, digital forensics has become an important and sought-after profession where the gateway of training and education has developed vastly over the past decade. Many UK higher education (HE) institutions now deliver courses that prepare students for careers in digital forensics and, in most recent advances, cyber security. Skills shortages and external influences attributed within the field of cyber security, and its relationship as a discipline with digital forensics, has shifted the dynamic of UK higher education provisions. The implications of this now sees the route to becoming a digital forensic practitioner, be it in law enforcement or business, transform from on-the-job training to university educated, trained analysts. This thesis examined courses within HE and discovered that the delivery of these courses often overlooked areas such as mobile forensics, live data forensics, Linux and Mac knowledge. This research also considered current standards available across HE to understand whether educational programmes are delivering what is documented as relevant curriculum. Cyber security was found to be the central focus of these standards within inclusion of digital forensics, adding further to the debate and lack of distinctive nature of digital forensics as its own discipline. Few standards demonstrated how the topics, knowledge, skills and competences drawn were identified as relevant and effective for producing digital forensic practitioners. Additionally, this thesis analyses and discusses results from 201 participants across five stakeholder groups: graduates, professionals, academics, students and the public. These areas were selected due to being underdeveloped in existing literature and the crucial role they play in the cycle of producing effective practitioners. Analysis on stakeholder views, experiences and thoughts surrounding education and training offer unique insight, theoretical underpinnings and original contributions not seen in existing literature. For example, challenges, costs and initial issues with introducing graduates to employment for the employers and/or supervising practitioners, the lack of awareness and contextualisation on behalf of students and graduates towards what knowledge and skills they have learned and acquired on a course and its practical application on-the-job which often lead to suggestions of a lack of fundamental knowledge and skills. This is evidenced throughout the thesis, but examples include graduates: for their reflections on education based on their new on-the-job experiences and practices; professionals: for their job experiences and requirements, academics: for their educational practices and challenges; students: their initial expectations and views; and, the public: for their general understanding. This research uniquely captures these perspectives, bolstering the development of digital forensics as an academic discipline, along with the importance these diverse views play in the overall approach to delivering skilled practitioners. While the main contribution to knowledge within this thesis is its narrative focusing on the education of effective digital forensic practitioners and its major stakeholders, this thesis also makes additional contributions both academically and professionally; including the discussion, analysis and reflection of: - improvements for education and digital forensics topics for research and curriculum development; - where course offerings can be improved for institutions offering digital forensic degree programmes; - the need for further collaboration between industry and academia to provide students and graduates with greater understanding of the real-life role of a digital forensic practitioner and the expectations in employment; - continuous and unique challenges within both academia and the industry which digital forensics possess and the need for improved facilities and tool development to curate and share problem and scenario-based learning studies

Cyber Ethics 4.0 : Serving Humanity with Values

Cyber space influences all sectors of life and society: Artificial Intelligence, Robots, Blockchain, Self-Driving Cars and Autonomous Weapons, Cyberbullying, telemedicine and cyber health, new methods in food production, destruction and conservation of the environment, Big Data as a new religion, the role of education and citizens’ rights, the need for legal regulations and international conventions. The 25 articles in this book cover the wide range of hot topics. Authors from many countries and positions of international (UN) organisations look for solutions from an ethical perspective. Cyber Ethics aims to provide orientation on what is right and wrong, good and bad, related to the cyber space. The authors apply and modify fundamental values and virtues to specific, new challenges arising from cyber technology and cyber society. The book serves as reading material for teachers, students, policy makers, politicians, businesses, hospitals, NGOs and religious organisations alike. It is an invitation for dialogue, debate and solution

Countertrade as a development tool: a comparative analytical approach

This study explores the consequences of defence countertrade arrangements for national development based on the South African experience in comparative perspective. Although defence countertrade has been controversial in many contexts, it is concluded that it may play a positive developmental role. This is premised on the central role governments can play in ensuring that countertrade's role in national economic development – global pressures and neo-liberalism notwithstanding – remains an important tool through which active industrial policy may be pursued. This can include developing and maintaining a defence industrial base (DIB) in those countries that have such capabilities. Countertrade occurs under two kinds of market conditions. The one is where there is a natural need for trading but it is constrained in some way, for example, by an absence of currency or an oversupply. Under these conditions countries can resort to bartering, which involves a commodity for commodity exchange and no money. The second market condition is one where countertrade is purposefully structured to secure reciprocal benefits as a condition of a commercial sales transaction - defence or civil in nature. This is referred to as leveraged procurement and manifests primarily as defence offsets involving the defence industrial base, which is the concern of this study. Around 40 per cent of countries, including South Africa, use various purposely structured government procurement programmes when procuring goods and services abroad. These programmes apply the principle of reciprocity through the use of internationally accepted countertrade practices that manifest in many diverse ways. Although „countertrade‘ is the collective term, it is regularly referred to as „offsets‘. Procurement leverage is used to secure some reciprocal benefit from the foreign seller (benefits sought vary from country to country). Countertrade-related practices occur widely despite the fact that the World Trade Organisation's (WTO) Agreement on Government Procurement (GPA6) rules out the use of offsets. Their use is viewed as a discriminatory procurement practice that interferes with free trade. However, the WTO allows for exceptions in the case of developing countries and also for national security and public health contracts. It is important to note that countertrade (and offset) practices, valued in billions of US Dollars, are applicable mostly to defence contracts, although becoming increasingly relevant in non-defence (i.e. civil) government procurements. This research systematically interrogated and investigated issues surrounding the origins and subsequent popular and increased use of countertrade since the 1980s. The purported negative impact of defence-related offsets on the defence industrial base (i.e. the loss or gain of jobs, technology and market share) of both the exporting and receiving countries is of particular concern to the US government and the European Union (EU). My exploratory mixed method research, together with practitioner (insider) and reflexive research approaches, culminated in a primarily descriptive, qualitative, analytical narrative. The research is further founded on structured survey questionnaires. These specific research approaches are known to be subjective and biased and I thus needed to take extra care to prevent emotive subjectivities, primarily through triangulating my findings against a variety of other views and arguments pertaining to the research question. This was done to provide for a holistic overview, and in consideration of the case study, in particular. It must be noted that South Africa has two sets of industrial participation policies and practices. One is Defence Industrial Participation (DIP) managed exclusively by Armscor, South Africa's acquisition agency, which favours pursuing defence industry development objectives. The other is the National Industrial Participation Programme (NIPP), managed independently by the Department of Trade and Industry (DTI). The NIPP is primarily focused on the civil industry with a bias towards manufacturing, investments and exports. The DIP is the focus of the case study element of this research. Since its inception in 1968, Armscor has been tasked with establishing a DIB. Until the late 1980s, this DIB made huge strides in developing unique defence equipment to cater for the harsh Southern African environment and its military operational conditions. The DIB's development was enhanced further by the various UN embargoes imposed on the former South African apartheid government. Owing to these embargoes, Armscor dealt with all its defence imports (and exports) in a clandestine manner. Armscor was the only government entity that applied countertrade from around 1988 until 1996 when the DTI introduced NIPP. During the latter part of 1996, Armscor redrafted its countertrade policy with the new DIP policy approved in early 1997. This policy was applied during the biggest arms transaction in South Africa‟s history, namely, the Strategic Defence Package (SDP). A DIP commitment of circa R15 billion resulted from the equipment bought under the SDP. This study investigated how the DIP manifested in practice from 2000 to 2012 within the DIB that involved numerous South African Defence Industry (SADI) entities. The study considered the DIB, its growth and decline, and to what extent the DIP assisted it to retain its capabilities and capacities, including the retention of jobs. Hence, parts of the case study cover issues related to the South African military complex and the SDP‟s selection process. Subsequent investigations into alleged acts of misconduct and maladministration in the selection process, fraud and corruption are also covered, although not in detail, since this matter is sub judice the outcome of the 2011 presidential appointed Arms Procurement Commission (APC) of inquiry that is anticipating completing its investigations in 2015. Although there are many derivative views on the actual defence equipment needs of the South African National Defence Force (SANDF), the study did not endeavour to analyse these views in depth as they are adequately covered in the 1996 Defence Review. Similarly, there are views expressed that South Africa paid much more for its equipment compared with similar types of equipment bought by other countries. A cost comparative analysis was not performed as the exact configuration of each type of equipment can differ substantially due to the unique operational needs of the various defence forces – the exact configuration of such equipment is not in the public domain, since it is a sovereign security concern. Despite many opposing views, it is concluded that DIP (also referred to as defence offsets) has worked for South Africa: in many ways the South African DIP practice compares favourably with internationally accepted best practices. The research‟s postulation that countertrade can be used as a possible development mechanism is therefore supported by the findings of this study that showed that DIP had a positive retention impact on the DIB, and jobs, and made a positive contribution to Gross National Product (GNP7). The study found that the 1997 DIP policy needed to be much better aligned with the broader strategic national industrial development aims and objectives, including better corroboration with the NIPP. In this respect critical inferences are made that the DIP policy primarily focused on the SADI and its capabilities, without considering its wider application in a broader industrial sense. However, in the context of the Armscor legal mandate (i.t.o. Act 57 of 1968) ensuring the establishment of a DIB in South Africa, the DIP policy was clear in its intent to specifically further the interests of only the SADI. However, the 2014 Defence Review recommends that the DIP policy should be much more focused and even prescriptive when considering specific strategic defence needs. Although DIP policy directives contain requirements for establishing strategic local capabilities and capacities that could adequately cater for logistic support, repair and maintenance of foreign produced defence equipment, this aspect was not well contracted in the 1999 SDP. There is also general consensus that foreign obligors should in future not be allowed the freedoms of choice evident in the SDP‟s DIP process, which resulted in numerous smaller companies not benefitting as was generally anticipated. Future defence contracts should not be signed without an appropriate DIP business plan. Hence, all indications are that the DIP regime in South Africa is set to become much more stringent in its application and subsequent discharge administration

Procceedings / 4th International Symposium of Industrial Engineering - SIE 2009, December 10-11, 2009., Belgrade

editors Dragan D. Milanović, Vesna Spasojević-Brkić, Mirjana Misit