Age Detection Through Keystroke Dynamics From User Authentication Failures

In this paper an incident response approach is proposed for handling detections of authentication failures in systems that employ dynamic biometric authentication and more specifically keystroke user recognition. The main component of the approach is a multi layer perceptron focusing on the age classification of a user. Empirical findings show that the classifier can detect the age of the subject with a probability that is far from the uniform random distribution, making the proposed method suitable for providing supporting yet circumstantial evidence during e-discovery

Privacy Preserving Internet Browsers: Forensic Analysis of Browzar

With the advance of technology, Criminal Justice agencies are being confronted with an increased need to investigate crimes perpetuated partially or entirely over the Internet. These types of crime are known as cybercrimes. In order to conceal illegal online activity, criminals often use private browsing features or browsers designed to provide total browsing privacy. The use of private browsing is a common challenge faced in for example child exploitation investigations, which usually originate on the Internet. Although private browsing features are not designed specifically for criminal activity, they have become a valuable tool for criminals looking to conceal their online activity. As such, Technological Crime units often focus their forensic analysis on thoroughly examining the web history on a computer. Private browsing features and browsers often require a more in-depth, post mortem analysis. This often requires the use of multiple tools, as well as different forensic approaches to uncover incriminating evidence. This evidence may be required in a court of law, where analysts are often challenged both on their findings and on the tools and approaches used to recover evidence. However, there are very few research on evaluating of private browsing in terms of privacy preserving as well as forensic acquisition and analysis of privacy preserving internet browsers. Therefore in this chapter, we firstly review the private mode of popular internet browsers. Next, we describe the forensic acquisition and analysis of Browzar, a privacy preserving internet browser and compare it with other popular internet browser

CHALLENGES AND BARRIERS TO DIGITAL FORENSICS IN THE CLOUD

Cloud computing provides individuals and organizations affordable access to various resources such as storage, servers, computing power, and software among others. The growing use of this decentralized approach presents many opportunities for cost and process optimization but at the same time it brings new challenges and barriers when it comes to solving crimes in the digital realm. For example, the cloud provides redundancy by making multiple copies of the data at various locations across the world. There are currently a lot of discussions regarding the ownership of the data on the cloud and jurisdiction issues because of the decentralized redundancy. So, when a crime occurs and data on the cloud is compromised, this brings up the problem of digital forensic investigations on third party networks and resources. While technology is progressing incredibly fast, policy makers tend to lag behind and not provide law enforcement with the necessary tools to solve some of these new 21st century crimes. The current paper provides an overview of some of the major challenges and barriers to digital forensic investigations involving the cloud. It offers recommendations for overcoming them and discusses directions for future research

Identification, collection, and investigation of electronic imagery as sources of evidence

Given the rapid pace of informatization of society, the number of criminal offences involving the use of computers, their software, as well as telecommunications systems is continuously growing. Such illegal actions are characterized by leaving traces, including electronic imagery. They can be evidence of the commission of criminal offences, which explains the development and improvement of methods for their detection, collection, and investigation by law enforcement agencies. However, today such methods of detecting, collecting, and investigating electronic imagery of evidence are separately contained in several scientific papers of Ukrainian and foreign scientists, which allowed comprehensively covering them in this study. The purpose of this study was to review the theory and practice of the activities of authorized entities for the detection, collection, and investigation of electronic imagery of evidence. The study uses a set of various methods, namely scientific cognition of real phenomena and their connections with the practical activities of authorized bodies for the detection, collection, and investigation of electronic imagery (dialectical method), as well as special and general scientific methods of legal science. The study showed as follows: usually, investigators and operational officers detect electronic imagery independently, or as part of an investigative task force during the investigation of criminal offences, or before their commission; the collection of electronic imagery occurs during procedural actions (usually law enforcement intelligence actions) both from technical devices with which a criminal offence was committed, and from those that were attacked. When extracting electronic imagery, it is advisable to involve a suitable specialist (if possible, a cyberpolice officer); an authorized investigator, specialist, and expert are authorized to examine electronic imagery. Expert research of electronic imagery belongs only to experts and is carried out using the following examinations: computer equipment and software products, telecommunications systems and tools, as well as technical and forensic examination of documents. The conducted review will help authorized practitioners restore the memory of knowledge about information about the tools for detecting, collecting, and investigating electronic imagery, which will ensure the effective implementation of the tasks of criminal proceeding

Digital forensics challenges to big data in the cloud

As a new research area, Digital Forensics is a subject in a rapid development society. Cyber security for Big Data in the Cloud is getting attention more than ever. Computing breach requires digital forensics to seize the digital evidence to locate who done it and what has been done maliciously and possible risk/damage assessing what loss could leads to. In particular, for Big Data attack cases, Digital Forensics has been facing even more challenge than original digital breach investigations. Nowadays, Big Data due to its characteristics of three “V”s (Volume, Velocity, and Variety), they are either synchronized with Cloud (Such as smart phone) or stored on the Cloud, in order to sort out the storage capacity etc. problems, which made Digital Forensics investigation even more difficult. The Big Data-Digital Forensics issue for Cloud is difficult due to some issues. One of them is physically identify specific wanted device. Data are distributed in the cloud, customer or the digital forensics practitioner cannot have a fully access control like the traditional investigation does. The Smart City technique is making use of ICT (information communications technology) to collecting, detecting, analysing and integrating the key information data of core systems in running the cities. Meantime, the control is making intelligent responses to different requirements that include daily livelihood, PII (Personally identifiable information) security, environmental protection, public safety, industrial and commercial activities and city services. The Smart City data are Big Data, collected and gathered by the IoT (Internet of Things). This paper has summerised our review on the trends of Digital Forensics served for Big Data. The evidence acquisition challenge is discussed. A case study of a Smart City project with the IoT collected services Big data which are stored at the cloud computing environment is represented. The techniques can be generalised to other Big Data in the Cloud environment

Source Camera Identification using Non-decimated Wavelet Transform

Source Camera identification of digital images can be performed by matching the sensor pattern noise (SPN) of the images with that of the camera reference signature. This paper presents a non-decimated wavelet based source camera identification method for digital images. The proposed algorithm applies a non-decimated wavelet transform on the input image and split the image into its wavelet sub-bands. The coefficients within the resulting wavelet high frequency sub-bands are filtered to extract the SPN of the image. Cross correlation of the image SPN and the camera reference SPN signature is then used to identify the most likely source device of the image. Experimental results were generated using images of ten cameras to identify the source camera of the images. Results show that the proposed technique generates superior results to that of the state of the art wavelet based source camera identification

Incident Analysis & Digital Forensics in SCADA and Industrial Control Systems

SCADA and industrial control systems have been traditionally isolated in physically protected environments. However, developments such as standardisation of data exchange protocols and increased use of IP, emerging wireless sensor networks and machine-to-machine communication mean that in the near future related threat vectors will require consideration too outside the scope of traditional SCADA security and incident response. In the light of the significance of SCADA for the resilience of critical infrastructures and the related targeted incidents against them (e.g. the development of stuxnet), cyber security and digital forensics emerge as priority areas. In this paper we focus on the latter, exploring the current capability of SCADA operators to analyse security incidents and develop situational awareness based on a robust digital evidence perspective. We look at the logging capabilities of a typical SCADA architecture and the analytical techniques and investigative tools that may help develop forensic readiness to the level of the current threat environment requirements. We also provide recommendations for data capture and retention