16 research outputs found
Memory-Based antiforensic tools and techniques
Computer forensics is the discipline that deals with the acquisition, investigation, preservation, and presentation
of digital evidence in the court of law. Whereas antiforensics is the terminology used to describe
malicious activities deployed to delete, alter, or hide digital evidence with the main objective of manipulating,
destroying, and preventing the creation of evidence. Various antiforensic methodologies and tools can be
used to interfere with digital evidence and computer forensic tools. However, memory-based antiforensic
techniques are of particular interest because of their effectiveness, advanced manipulation of digital evidence,
and attack on computer forensic tools. These techniques are mainly performed in volatile memory using
advanced data alteration and hiding techniques. For these reasons memory-based antiforensic techniques
are considered to be unbeatable. This article aims to present some of the current antiforensic approaches
and in particular reports on memory-based antiforensic tools and techniques
An Overview on Image Forensics
The aim of this survey is to provide a comprehensive overview of the state of the art in the area of image forensics. These techniques have been designed to identify the source of a digital image or to determine whether the content is authentic or modified, without the knowledge of any prior information about the image under analysis (and thus are defined as passive). All these tools work by detecting the presence, the absence, or the incongruence of some traces intrinsically tied to the digital image by the acquisition device and by any other operation after its creation. The paper has been organized by classifying the tools according to the position in the history of the digital image in which the relative footprint is left: acquisition-based methods, coding-based methods, and editing-based schemes
Forensic Investigation in SQL Server Database Using Temporal Tables & Extended Events Artifacts
Different Database management systems (DBMS) were developed and introduced to store and manipulate data. Microsoft SQL (MSSQL) Server one of the most popular relational DBMS used for large databases. With the increasing use of databases, intentional and unintentional accidents on databases are increasing dramatically. Therefore, there is a great need to develop database forensic investigation (DBFI) tools and models. The temporal table is a new feature introduced with MSSQL server 2012 for track changes, database audit, data loss protection, and data recovery. In addition, the extended events another new feature introduced with MSSQL server 2008 for database performance troubleshooting. This study focused on DBFI in the MSSQL server using temporal tables and extended events artifacts. The experiment is conducted and the results have presented the use of the temporal tables and extended events artifacts in analyzing and determining the internal unauthorized modification on the database
Cybersecurity: Past, Present and Future
The digital transformation has created a new digital space known as
cyberspace. This new cyberspace has improved the workings of businesses,
organizations, governments, society as a whole, and day to day life of an
individual. With these improvements come new challenges, and one of the main
challenges is security. The security of the new cyberspace is called
cybersecurity. Cyberspace has created new technologies and environments such as
cloud computing, smart devices, IoTs, and several others. To keep pace with
these advancements in cyber technologies there is a need to expand research and
develop new cybersecurity methods and tools to secure these domains and
environments. This book is an effort to introduce the reader to the field of
cybersecurity, highlight current issues and challenges, and provide future
directions to mitigate or resolve them. The main specializations of
cybersecurity covered in this book are software security, hardware security,
the evolution of malware, biometrics, cyber intelligence, and cyber forensics.
We must learn from the past, evolve our present and improve the future. Based
on this objective, the book covers the past, present, and future of these main
specializations of cybersecurity. The book also examines the upcoming areas of
research in cyber intelligence, such as hybrid augmented and explainable
artificial intelligence (AI). Human and AI collaboration can significantly
increase the performance of a cybersecurity system. Interpreting and explaining
machine learning models, i.e., explainable AI is an emerging field of study and
has a lot of potentials to improve the role of AI in cybersecurity.Comment: Author's copy of the book published under ISBN: 978-620-4-74421-
Laniakea : an open solution to provide Galaxy "on-demand" instances over heterogeneous cloud infrastructures
Background: While the popular workflow manager Galaxy is currently made available through several publicly accessible servers, there are scenarios where users can be better served by full administrative control over a private Galaxy instance, including, but not limited to, concerns about data privacy, customisation needs, prioritisation of particular job types, tools development, and training activities. In such cases, a cloud-based Galaxy virtual instance represents an alternative that equips the user with complete control over the Galaxy instance itself without the burden of the hardware and software infrastructure involved in running and maintaining a Galaxy server. Results: We present Laniakea, a complete software solution to set up a \u201cGalaxy on-demand\u201d platform as a service. Building on the INDIGO-DataCloud software stack, Laniakea can be deployed over common cloud architectures usually supported both by public and private e-infrastructures. The user interacts with a Laniakea-based service through a simple front-end that allows a general setup of a Galaxy instance, and then Laniakea takes care of the automatic deployment of the virtual hardware and the software components. At the end of the process, the user gains access with full administrative privileges to a private, production-grade, fully customisable, Galaxy virtual instance and to the underlying virtual machine (VM). Laniakea features deployment of single-server or cluster-backed Galaxy instances, sharing of reference data across multiple instances, data volume encryption, and support for VM image-based, Docker-based, and Ansible recipe-based Galaxy deployments. A Laniakea-based Galaxy on-demand service, named Laniakea@ReCaS, is currently hosted at the ELIXIR-IT ReCaS cloud facility. Conclusions: Laniakea offers to scientific e-infrastructures a complete and easy-to-use software solution to provide a Galaxy on-demand service to their users. Laniakea-based cloud services will help in making Galaxy more accessible to a broader user base by removing most of the burdens involved in deploying and running a Galaxy service. In turn, this will facilitate the adoption of Galaxy in scenarios where classic public instances do not represent an optimal solution. Finally, the implementation of Laniakea can be easily adapted and expanded to support different services and platforms beyond Galaxy
Acceleration of Statistical Detection of Zero-day Malware in the Memory Dump Using CUDA-enabled GPU Hardware
This paper focuses on the anticipatory enhancement of methods of detecting stealth software. Cyber security detection tools are insufficiently powerful to reveal the most recent cyber-attacks which use malware. In this paper, we will present first an idea of the highest stealth malware, as this is the most complicated scenario for detection because it combines both existing anti-forensic techniques together with their potential improvements. Second, we will present new detection methods which are resilient to this hidden prototype. To help solve this detection challenge, we have analyzed Windows’ memory content using a new method of Shannon Entropy calculation; methods of digital photogrammetry; the Zipf–Mandelbrot law, as well as by disassembling the memory content and analyzing the output. Finally, we present an idea and architecture of the software tool, which uses CUDA-enabled GPU hardware, to speed-up memory forensics. All three ideas are currently a work in progress.
Keywords: rootkit detection, anti-forensics, memory analysis, scattered fragments, anticipatory enhancement, CUDA
Acceleration of Statistical Detection of Zero-day Malware in the Memory Dump Using CUDA-enabled GPU Hardware
This paper focuses on the anticipatory enhancement of methods of detecting
stealth software. Cyber security detection tools are insufficiently powerful to
reveal the most recent cyber-attacks which use malware. In this paper, we will
present first an idea of the highest stealth malware, as this is the most
complicated scenario for detection because it combines both existing
anti-forensic techniques together with their potential improvements. Second, we
present new detection methods, which are resilient to this hidden prototype. To
help solve this detection challenge, we have analyzed Windows memory content
using a new method of Shannon Entropy calculation; methods of digital
photogrammetry; the Zipf Mandelbrot law, as well as by disassembling the memory
content and analyzing the output. Finally, we present an idea and architecture
of the software tool, which uses CUDA enabled GPU hardware to speed-up memory
forensics. All three ideas are currently a work in progress