Botnet Forensic Investigation Techniques and Cost Evaluation

Botnets are responsible for a large percentage of damages and criminal activity on the Internet. They have shifted attacks from push activities to pull techniques for the distribution of malwares and continue to provide economic advantages to the exploiters at the expense of other legitimate Internet service users. In our research we asked; what is the cost of the procedural steps for forensically investigating a Botnet attack? The research method applies investigation guidelines provided by other researchers and evaluates these guidelines in terms of the cost to a digital forensic investigator. We conclude that investigation of Botnet attacks is both possible and procedurally feasible for a forensic investigator; but that scope management is critical for controlling the cost of investigation. We recommend quantifying Botnet investigations into five levels of cost based on time, complexity and technical requirements. Keywords: Botnets, Cybercrime, Investigating, Techniques, Costs, Researc

Virtual prototyping of medieval weapons for historical reconstruction of siege scenarios starting from topography and archaeological investigations

Chronicles of sieges to castles or fortresses, using “machinae”, can often be found in historical sources. Moreover, archaeological excavations of castles or fortresses has brought to light rocks or projectiles whose carving suggests a military usage. Nevertheless, chronicles and discoveries alone, are seldom enough to propose a faithful reconstruction of these machines. Therefore, the aim of this research is the development of methodologies for reconstructing virtual scenarios of sieges, starting from the scarce information available. In order to achieve it, a procedure for the virtual reconstruction of the siege machine has been set up, focusing on typology and dimensions of the machines, also investigating possible fire positions according to topography. The entire procedure has been developed using the siege of Cervara di Roma’s Rocca as a case study. Late medieval chronicles (end of 13th Century) report the siege brought by the papal army in order to restore the jurisdiction on the Cervara’s stronghold, following the insurrection of a group of vassals headed by a monk named Pelagio. The discovery, in the area of the Rocca, of a stone that could have been used as a projectile confirms what reported. The proposed methodology is composed of two parts. The first one is connected to the study of the “internal ballistics”, to understand the performances and to build virtual models of siege machines. The second part is the study of the “external ballistics”, then to the positioning and shooting ability of possible machines, analysing the topography of the area. In this paper, we present the feasibility of this methodology through the preliminary results achieved correlating internal and external ballistics

Data Loss Prevention Management and Control: Inside Activity Incident Monitoring, Identification, and Tracking in Healthcare Enterprise Environments

As healthcare data are pushed online, consumers have raised big concerns on the breach of their personal information. Law and regulations have placed businesses and public organizations under obligations to take actions to prevent data breach. Among various threats, insider threats have been identified to be a major threat on data loss. Thus, effective mechanisms to control insider threats on data loss are urgently needed. The objective of this research is to address data loss prevention challenges in healthcare enterprise environment. First, a novel approach is provided to model internal threat, specifically inside activities. With inside activities modeling, data loss paths and threat vectors are formally described and identified. Then, threat vectors and potential data loss paths have been investigated in a healthcare enterprise environment. Threat vectors have been enumerated and data loss statistics data for some threat vectors have been collected. After that, issues on data loss prevention and inside activity incident identification, tracking, and reconstruction are discussed. Finally, evidences of inside activities are modeled as evidence trees to provide guidance for inside activity identification and reconstruction

Digital Investigation of Security Attacks on Cardiac Implantable Medical Devices

A Cardiac Implantable Medical device (IMD) is a device, which is surgically implanted into a patient's body, and wirelessly configured using an external programmer by prescribing physicians and doctors. A set of lethal attacks targeting these devices can be conducted due to the use of vulnerable wireless communication and security protocols, and the lack of security protection mechanisms deployed on IMDs. In this paper, we propose a system for postmortem analysis of lethal attack scenarios targeting cardiac IMDs. Such a system reconciles in the same framework conclusions derived by technical investigators and deductions generated by pathologists. An inference system integrating a library of medical rules is used to automatically infer potential medical scenarios that could have led to the death of a patient. A Model Checking based formal technique allowing the reconstruction of potential technical attack scenarios on the IMD, starting from the collected evidence, is also proposed. A correlation between the results obtained by the two techniques allows to prove whether a potential attack scenario is the source of the patient's death.Comment: In Proceedings AIDP 2014, arXiv:1410.322

The evolution of the double-horse chariots from the bronze age to the Hellenistic times

Light chariots with spoked wheels were developed initially in Syria or Northern Mesopotamia at about the beginning of the 2nd millennium B.C. and quickly propagated all over Middle East. The two-wheeled horsedrawn chariot was one of the most important inventions in history. It gave humanity its first concept of personal transport, and for two thousand years it was the key technology of war. Information on chariots of Mesopotamia, Egypt, the Mycenaean and Archaic Greece, China, and Europe, with light and flexible spoked wheels from extant findings of ancient chariots, stone reliefs, and vase paintings is used for a design study of the dual chariot and its evolution in the centuries. Design reconstruction of the dual chariot found in Anyang China is incorporated herewith to prove that its development contains the seeds of a primitive design activity

The evolution of the double-horse chariots from the bronze age to the Hellenistic times

Light chariots with spoked wheels were developed initially in Syria or Northern Mesopotamia at about the beginning of the 2nd millennium B.C. and quickly propagated all over Middle East. The two-wheeled horsedrawn chariot was one of the most important inventions in history. It gave humanity its first concept of personal transport, and for two thousand years it was the key technology of war. Information on chariots of Mesopotamia, Egypt, the Mycenaean and Archaic Greece, China, and Europe, with light and flexible spoked wheels from extant findings of ancient chariots, stone reliefs, and vase paintings is used for a design study of the dual chariot and its evolution in the centuries. Design reconstruction of the dual chariot found in Anyang China is incorporated herewith to prove that its development contains the seeds of a primitive design activity