3,465 research outputs found
Medical Cyber-Physical Systems Development: A Forensics-Driven Approach
The synthesis of technology and the medical industry has partly contributed
to the increasing interest in Medical Cyber-Physical Systems (MCPS). While
these systems provide benefits to patients and professionals, they also
introduce new attack vectors for malicious actors (e.g. financially-and/or
criminally-motivated actors). A successful breach involving a MCPS can impact
patient data and system availability. The complexity and operating requirements
of a MCPS complicates digital investigations. Coupling this information with
the potentially vast amounts of information that a MCPS produces and/or has
access to is generating discussions on, not only, how to compromise these
systems but, more importantly, how to investigate these systems. The paper
proposes the integration of forensics principles and concepts into the design
and development of a MCPS to strengthen an organization's investigative
posture. The framework sets the foundation for future research in the
refinement of specific solutions for MCPS investigations.Comment: This is the pre-print version of a paper presented at the 2nd
International Workshop on Security, Privacy, and Trustworthiness in Medical
Cyber-Physical Systems (MedSPT 2017
Calm before the storm: the challenges of cloud computing in digital forensics
Cloud computing is a rapidly evolving information technology (IT) phenomenon. Rather than procure, deploy and manage a physical IT infrastructure to host their software applications, organizations are increasingly deploying their infrastructure into remote, virtualized environments, often hosted and managed by third parties. This development has significant implications for digital forensic investigators, equipment vendors, law enforcement, as well as corporate compliance and audit departments (among others). Much of digital forensic practice assumes careful control and management of IT assets (particularly data storage) during the conduct of an investigation. This paper summarises the key aspects of cloud computing and analyses how established digital forensic procedures will be invalidated in this new environment. Several new research challenges addressing this changing context are also identified and discussed
Precognition: Automated Digital Forensic Readiness System for Mobile Computing Devices in Enterprises
Enterprises are facing an unprecedented risk of security incidents due to the influx of emerging technologies, like smartphones and wearables. Most of the current Mobile security systems are not maturing in pace with technological advances. They lack the ability to learn and adapt from the past knowledge base. In the case of a security incident, enterprises find themselves underprepared for the lack of evidence and data. The systems are not designed to be forensic ready. There is a need for automated security analysis and forensically ready solution, which can learn and continuously adapt to new challenges, improve efficiency and productivity of the system. In this research, the authors have designed a security analysis and digital forensic readiness system targeted at smartphones and wearables in an enterprise environment. The proposed system detects applications violating security policies, analyzes Android and iOS applications to identify possible vulnerabilities on the server, apply machine learning algorithms to improve the efficiency and accuracy of vulnerability prediction. The System continuously learns from past incidents, proactively collect required information from the devices which can help in digital forensics. Machine learning techniques are applied to the set of features extracted from the decompiled Mobile applications and applications classified based on consisting of one or more vulnerabilities. The system was evaluated in a real-world enterprise environment with 14151 mobile applications and vulnerabilities was predicted with an accuracy of 94.2%. The system can also work on virtual instances of the mobile devices
Determining Training Needs for Cloud Infrastructure Investigations using I-STRIDE
As more businesses and users adopt cloud computing services, security
vulnerabilities will be increasingly found and exploited. There are many
technological and political challenges where investigation of potentially
criminal incidents in the cloud are concerned. Security experts, however, must
still be able to acquire and analyze data in a methodical, rigorous and
forensically sound manner. This work applies the STRIDE asset-based risk
assessment method to cloud computing infrastructure for the purpose of
identifying and assessing an organization's ability to respond to and
investigate breaches in cloud computing environments. An extension to the
STRIDE risk assessment model is proposed to help organizations quickly respond
to incidents while ensuring acquisition and integrity of the largest amount of
digital evidence possible. Further, the proposed model allows organizations to
assess the needs and capacity of their incident responders before an incident
occurs.Comment: 13 pages, 3 figures, 3 tables, 5th International Conference on
Digital Forensics and Cyber Crime; Digital Forensics and Cyber Crime, pp.
223-236, 201
A Conceptual Cloud Forensic Investigation Process Model for Software as a Service(SaaS) Applications
This paper explore a structured and systematic approach cloud forensic investigation process model for SaaS applications, to investigate the digital crimes in the cloud environment and contributing to enhanced security and privacy of acquired data during forensic investigation .The proposed model offers the distinctive characteristics of cloud environments and the varying levels of access and control within them. In this proposed model, the systematic forensic investigation process is detailed with microscopic details with four phases namely the initial phase, the acquisition phase, the analysis phase, and the reporting phase in Cloud environment. Ultimately, this research aims to enhance the overall trustworthiness and reliability of SaaS applications forensic for fostering a safer and more secure cloud computing forensic investigation landscape by using the chain of custody
Digital forensic readiness intelligence crime repository
It may not always be possible to conduct a digital (forensic) investigation post-event if there is no process in place to preserve potential digital evidence. This study posits the importance of digital forensic readiness, or forensic-by-design, and presents an approach that can be used to construct a Digital Forensic Readiness Intelligence Repository (DFRIR). Based on the concept of knowledge sharing, the authors leverage this premise to suggest an intelligence repository. Such a repository can be used to cross-reference potential digital evidence (PDE) sources that may help digital investigators during the process. This approach employs a technique of capturing PDE from different sources and creating a DFR repository that can be able to be shared across diverse jurisdictions among digital forensic experts and law enforcement agencies (LEAs), in the form of intelligence. To validate the approach, the study has employed a qualitative approach based on a number of metrics and an analysis of experts\u27 opinion has been incorporated. The DFRIR seeks to maximize the collection of PDE, and reducing the time needed to conduct forensic investigation (e.g., by reducing the time for learning). This study then explains how such an approach can be employed in conjunction with ISO/IEC 27043: 2015
Digital Forensics Investigation Frameworks for Cloud Computing and Internet of Things
Rapid growth in Cloud computing and Internet of Things (IoT) introduces new vulnerabilities that can be exploited to mount cyber-attacks. Digital forensics investigation is commonly used to find the culprit and help expose the vulnerabilities. Traditional digital forensics tools and methods are unsuitable for use in these technologies. Therefore, new digital forensics investigation frameworks and methodologies are required. This research develops frameworks and methods for digital forensics investigations in cloud and IoT platforms
- …