421 research outputs found
Detecting Hardware-assisted Hypervisor Rootkits within Nested Virtualized Environments
Virtual machine introspection (VMI) is intended to provide a secure and trusted platform from which forensic information can be gathered about the true behavior of malware within a guest. However, it is possible for malware to escape a guest into the host and for hypervisor rootkits, such as BluePill, to stealthily transition a native OS into a virtualized environment. This research examines the effectiveness of selected detection mechanisms against hardware-assisted virtualization rootkits (HAV-R) within a nested virtualized environment. It presents the design, implementation, analysis, and evaluation of a hypervisor rootkit detection system which exploits both processor and translation lookaside buffer-based mechanisms to detect hypervisor rootkits within a variety of nested virtualized systems. It evaluates the effects of different types of virtualization on hypervisor rootkit detection and explores the effectiveness in-guest HAV-R obfuscation efforts. The results provide convincing evidence that the HAV-Rs are detectable in all SVMI scenarios examined, regardless of HAV-R or virtualization type. Also, that the selected detection techniques are effective at detection of HAV-R within nested virtualized environments, and that the type of virtualization implemented in a VMI system has minimal to no effect on HAV-R detection. Finally, it is determined that in-guest obfuscation does not successfully obfuscate the existence of HAV-R
A MODEL OF DIGITAL PIANO TRAINING SYSTEM TO IMPROVE THE COMPREHENSIVE PERFORMANCE OF PRE-SCHOOL EDUCATION MAJOR SUDENTS: A CASE STUDY AT A PUBLIC UNIVERSITY IN HUNAN, CHINA
The purpose of this study is to improve the digital piano comprehensive teaching level of students majoring in preschool education in Hunan province, China. This is a mixed method research, which includes both qualitative and quantitative data. The researcher conducted semi-structure interviews with 8 digital piano group teachers, it is concluded that the digital piano group teachers seldom use the complete teaching system and effective technology to integrate into the actual teaching activities. The researcher then utilized the TPACK framework, to selected Piano Performance Skills, Digital Piano Teaching level and Basic Music theory as Training and evaluation to construct a Digital Piano Training System (DPTS). The DPTS system was tested at a public university in Hunan province that offers a digital piano course and has 360 pre-school students, 30 students were selected and given a one-month. After comparing pre and posttest, the results revealed that after receiving the DPTS training system, students have significantly improved in three aspects: Piano Performance Skills, Digital Piano Teaching level and Basic Music theory. Therefore, it was concluded and confirmed that the DPTS was the effective teaching tools in piano teaching for preschool education major students. As the result, the institutions should consider implementing DPTS as one of the piano teaching strategies
Multimedia Distribution Process Tracking for Android and iOS
The crime of illegally filming and distributing images or videos worldwide is
increasing day by day. With the increasing penetration rate of smartphones,
there has been a rise in crimes involving secretly taking pictures of people's
bodies and distributing them through messengers. However, little research has
been done on these related issue. The crime of distributing media using the
world's popular messengers, WhatsApp and Telegram, is continuously increasing.
It is also common to see criminals distributing illegal footage through various
messengers to avoid being caught in the investigation network. As these crimes
increase, there will continue to be a need for professional investigative
personnel, and the time required for criminal investigations will continue to
increase. In this paper, we propose a multimedia forensic method for tracking
footprints by checking the media information that changes when images and
videos shot with a smartphone are transmitted through instant messengers. We
have selected 11 of the world's most popular instant messengers and two secure
messengers. In addition, we selected the most widely used Android and iOS
operating systems for smartphones. Through this study, we were able to confirm
that it is possible to trace footprints related to the distribution of instant
messengers by analyzing transmitted images and videos. Thus, it was possible to
determine which messengers were used to distribute the video when it was
transmitted through multiple messengers.Comment: 10 page
An analysis into the exploitation of the post-attendee URL feature in Zoom webinar regarding malware transmission
In response to the COVID-19 pandemic, large businesses and organizations relied on video conferencing applications such as Zoom to maintain public health guidelines due in part to their robust set of features to facilitate productive group events while maintaining social distancing recommendations. While Zoom has many features that can be found in similar video conferencing applications, Zoom also contains a plethora of unique and cutting-edge features to entice modern users. However, when new features are introduced, an inherent risk of vulnerability exploitation has the potential to overshadow the benefits of the feature. One such vulnerable feature within Zoom webinar that is often overlooked is the post-attendee URL, a feature that allows Zoom webinar hosts to set a URL that participants will be redirected to after joining. This study aims to showcase the vulnerabilities of this feature by utilizing URLs of malicious websites and direct download links of files to transmit malware to Zoom webinar participants of the desktop application version of Zoom webinar. This study will also provide an analysis of the residual digital artifacts that are left behind when this feature is utilized to provide digital forensic examiners with the ability to create a comprehensive timeline of events for cases involving this type of attack
An information presentation method based on tree-like super entity component
Information systems are increasingly oriented in the direction of large-scale integration due to the explosion of multi-source information. It is therefore important to discuss how to reasonably organize and present information from multiple structures and sources on the same information system platform. In this study, we propose a 3C (Components, Connections, Container) component model by combining white-box and black-box methods, design a tree-like super entity based on the model, present its construction and related algorithm, and take a tree-like super entity as the information organization method for multi-level entities. In order to represent structural, semi-structural and non-structural data on the same information system platform, an information presentation method based on an editable e-book component has been developed by combining the tree-like super entity component, QQ-style menu and 1/K switch connection component, which has been successfully applied in the Flood Protection Project Information System of the Yangtze River in China. © 2011 Elsevier Inc
Intensional Cyberforensics
This work focuses on the application of intensional logic to cyberforensic
analysis and its benefits and difficulties are compared with the
finite-state-automata approach. This work extends the use of the intensional
programming paradigm to the modeling and implementation of a cyberforensics
investigation process with backtracing of event reconstruction, in which
evidence is modeled by multidimensional hierarchical contexts, and proofs or
disproofs of claims are undertaken in an eductive manner of evaluation. This
approach is a practical, context-aware improvement over the finite state
automata (FSA) approach we have seen in previous work. As a base implementation
language model, we use in this approach a new dialect of the Lucid programming
language, called Forensic Lucid, and we focus on defining hierarchical contexts
based on intensional logic for the distributed evaluation of cyberforensic
expressions. We also augment the work with credibility factors surrounding
digital evidence and witness accounts, which have not been previously modeled.
The Forensic Lucid programming language, used for this intensional
cyberforensic analysis, formally presented through its syntax and operational
semantics. In large part, the language is based on its predecessor and
codecessor Lucid dialects, such as GIPL, Indexical Lucid, Lucx, Objective
Lucid, and JOOIP bound by the underlying intensional programming paradigm.Comment: 412 pages, 94 figures, 18 tables, 19 algorithms and listings; PhD
thesis; v2 corrects some typos and refs; also available on Spectrum at
http://spectrum.library.concordia.ca/977460
The Comparison Performance of Digital Forensic Tools Using Additional Root Access Options
This research used MiChat and SayHi as materials for forensic investigations using three different tools, namely MOBILedit, Magnet Axiom, and Belkasoft. These three tools will show each performance in the forensic process. We also added a rooting process as an option if data cannot be extracted optimally even when using these three applications. The result of this study shows that the cases studied with processes without root access and with root access have the aim of complementing each other in obtaining evidence. So that these two processes complement each other's shortcomings. The main contribution of this research is a recommendation of a tool based on the best performance shown during the forensic process with rooting access and without rooting access. Based on the comparison, Magnet Axiom is superior with a total of 34 items of data found without root access, while MOBILedit is 30 items and 30 items for Belkasoft. While comparison using root access, Magnet Axiom and MOBILedit are superiors with a total of 36 items found in Magnet Axiom without root access, while MOBILedit is 36 items and 33 items for Belkasoft. Based on the test results, it can be concluded that the recommended tool according to the used scenario is Magnet Axiom
Mobile Forensic Investigation on iOS & Android Smartphones: Case Study Investigation on WhatsApp
Following the exponential growth of information and communication technologies, the smartphone market, as well as advances in wireless data networks (3G and 4G), has accelerated. Mobile apps for social networking and instant messaging have been created by these firms. Other instant messaging (IM) smartphone programs like WhatsApp (WA), Viber, and IMO have also been created. WA is the most widely used instant messaging program. With WA, you can send and receive messages in a variety of formats, including text, voice, video, and documents. Various cybercrime incidents were committed through WA's. WA use leaves several artifacts that may be examined to detect the digital evidence. In addition, iOS and Android are two of the most popular smartphone operating systems. Because of this, the inquiry will involve the use of forensic investigative techniques and methodologies. Forensics on both iOS and Android cellphones were utilized to investigate a digital crime that was believed to have been perpetrated in WA. To conclude the investigation, we analyzed chat logs, phone records, and other media to gather proof. Legal framework and established processes were used to guarantee that evidence was preserved from change or destruction and that the witness's account was acceptable in court throughout the investigative process. It was finally stated that the inquiry and evidence had been presented. As a result, WA forensic artifacts might be evaluated and found effectively utilizing the mobile forensic procedure
Trustworthy IAP: An Intelligent Applications Profiler to Investigate Vulnerabilities of Consumer Electronic Devices
As a typical representative of the Internet of Energy (IoE) intelligent era, consumer electronic (CE) devices continue to evolve at a remarkable pace. Computers, as typical and essential CE devices, have been instrumental in enhancing efficiency, communication, entertainment, and information access. As part of this evolution, a significant trend in computer design focuses on achieving low power consumption while maintaining high performance. For instance, a computer’s central processing unit (CPU) dynamically modulates its output power in response to the varying workload demands of running applications. However, these power efficiency mechanisms may inadvertently introduce implicit patterns into the operational states of CE devices. Particularly, the power consumption of a CE device executing various tasks can manifest distinguishable temporal patterns, thereby exposing potential vulnerabilities. Thus, this work aims to investigate the vulnerabilities of CE devices on power consumption mechanisms. We focus on exploring the possibility of using alternating current (AC) power consumption to infer the running applications on a consumer computer. To achieve that, we construct a physical attack system that employs data acquisition, processing, classification, and inference stages to establish a “profiler" for application profiling. The extensive experiment results on the self-collected power consumption dataset (36 applications) demonstrate the effectiveness of the attacking system
- …