The impact of U3 devices on forensic analysis

Flash and USB portable drives are now in common place use in computing environments. The U3 smart drive is one emerging type of enhanced flash drive. It is believed that U3 smart drive devices do not leave any record or evidence on a host PC after use. Therefore, it is conceivable that it could be used in a digital crime or attack on a computer or networked system. In circumstances where a portable device such as a U3 has been used, it is more complex for a forensic analyst to find evidence of its use. This paper discusses the impact of U3 smart drive devices on a forensic investigation. Further, it describes the forensic investigation undertaken of a computer in which U3 was used

The Impact of U3 Devices on Forensic Analysis

Flash and USB portable drives are now in common place use in computing environments. The U3 smart drive is one emerging type of enhanced flash drive. It is believed that U3 smart drive devices do not leave any record or evidence on a host PC after use. Therefore, it is conceivable that it could be used in a digital crime or attack on a computer or networked system. In circumstances where a portable device such as a U3 has been used, it is more complex for a forensic analyst to find evidence of its use. This paper discusses the impact of U3 smart drive devices on a forensic investigation. Further, it describes the forensic investigation undertaken of a computer in which U3 was used

How Virtualized Environments Affect Computer Forensics

Virtualized environments can make forensics investigation more difficult. Technological advances in virtualization tools essentially make removable media a PC that can be carried around in a pocket or around a neck. Running operating systems and applications this way leaves very little trace on the host system. This paper will explore all the newest methods for virtualized environments and the implications they have on the world of forensics. It will begin by describing and differentiating between software and hardware virtualization. It will then move on to explain the various methods used for server and desktop virtualization. Next, it will describe the fundamentals of a traditional forensic investigation and explain how virtualization affects this process. Finally, it will describe the common methods to find virtualization artifacts and identify virtual activities that affect the examination process. Keywords: Hardware-assisted, Hypervisor, Para-virtualization, Virtual Machine, virtualization, VMware, Moka5, MojoPac, Portable Virtual Privacy Machine, VirtualBox

Privacy preservation in social media environments using big data

With the pervasive use of mobile devices, social media, home assistants, and smart devices, the idea of individual privacy is fading. More than ever, the public is giving up personal information in order to take advantage of what is now considered every day conveniences and ignoring the consequences. Even seemingly harmless information is making headlines for its unauthorized use (18). Among this data is user trajectory data which can be described as a user\u27s location information over a time period (6). This data is generated whenever users access their devices to record their location, query the location of a point of interest, query directions to get to a location, request services to come to their location, and many other applications. This data could be used by a malicious adversary to track a user\u27s movements, location, daily patterns, and learn details personal to the user. While the best course of action would be to hide this information entirely, this data can be used for many beneficial purposes as well. Emergency vehicles could be more efficiently routed based on trajectory patterns, businesses could make intelligent marketing or building decisions, and users themselves could benefit by taking advantage of more conveniences. There are several challenges to publishing this data while also preserving user privacy. For example, while location data has good utility, users expect their data to be private. For real world applications, users generate many terabytes of data every day. To process this volume of data for later use and anonymize it in order to hide individual user identities, this thesis presents an efficient algorithm to change the processing time for anonymization from days, as seen in (20), to a matter of minutes or hours. We cannot focus just on location data, however. Social media has a great many uses, one of which being the sharing of images. Privacy cannot stop with location, but must reach to other data as well. This thesis addresses the issue of image privacy in this work, as often images can be even more sensitive than location --Abstract, page iv

Privacy preservation in mobile social networks

In this day and age with the prevalence of smartphones, networking has evolved in an intricate and complex way. With the help of a technology-driven society, the term "social networking" was created and came to mean using media platforms such as Myspace, Facebook, and Twitter to connect and interact with friends, family, or even complete strangers. Websites are created and put online each day, with many of them possessing hidden threats that the average person does not think about. A key feature that was created for vast amount of utility was the use of location-based services, where many websites inform their users that the website will be using the users' locations to enhance the functionality. However, still far too many websites do not inform their users that they may be tracked, or to what degree. In a similar juxtaposed scenario, the evolution of these social networks has allowed countless people to share photos with others online. While this seems harmless at face-value, there may be times in which people share photos of friends or other non-consenting individuals who do not want that picture viewable to anyone at the photo owner's control. There exists a lack of privacy controls for users to precisely de fine how they wish websites to use their location information, and for how others may share images of them online. This dissertation introduces two models that help mitigate these privacy concerns for social network users. MoveWithMe is an Android and iOS application which creates decoys that move locations along with the user in a consistent and semantically secure way. REMIND is the second model that performs rich probability calculations to determine which friends in a social network may pose a risk for privacy breaches when sharing images. Both models have undergone extensive testing to demonstrate their effectiveness and efficiency.Includes bibliographical reference

Computer Vision from Spatial-Multiplexing Cameras at Low Measurement Rates

abstract: In UAVs and parking lots, it is typical to first collect an enormous number of pixels using conventional imagers. This is followed by employment of expensive methods to compress by throwing away redundant data. Subsequently, the compressed data is transmitted to a ground station. The past decade has seen the emergence of novel imagers called spatial-multiplexing cameras, which offer compression at the sensing level itself by providing an arbitrary linear measurements of the scene instead of pixel-based sampling. In this dissertation, I discuss various approaches for effective information extraction from spatial-multiplexing measurements and present the trade-offs between reliability of the performance and computational/storage load of the system. In the first part, I present a reconstruction-free approach to high-level inference in computer vision, wherein I consider the specific case of activity analysis, and show that using correlation filters, one can perform effective action recognition and localization directly from a class of spatial-multiplexing cameras, called compressive cameras, even at very low measurement rates of 1\%. In the second part, I outline a deep learning based non-iterative and real-time algorithm to reconstruct images from compressively sensed (CS) measurements, which can outperform the traditional iterative CS reconstruction algorithms in terms of reconstruction quality and time complexity, especially at low measurement rates. To overcome the limitations of compressive cameras, which are operated with random measurements and not particularly tuned to any task, in the third part of the dissertation, I propose a method to design spatial-multiplexing measurements, which are tuned to facilitate the easy extraction of features that are useful in computer vision tasks like object tracking. The work presented in the dissertation provides sufficient evidence to high-level inference in computer vision at extremely low measurement rates, and hence allows us to think about the possibility of revamping the current day computer systems.Dissertation/ThesisDoctoral Dissertation Electrical Engineering 201

An Insider Misuse Threat Detection and Prediction Language

Numerous studies indicate that amongst the various types of security threats, the problem of insider misuse of IT systems can have serious consequences for the health of computing infrastructures. Although incidents of external origin are also dangerous, the insider IT misuse problem is difficult to address for a number of reasons. A fundamental reason that makes the problem mitigation difficult relates to the level of trust legitimate users possess inside the organization. The trust factor makes it difficult to detect threats originating from the actions and credentials of individual users. An equally important difficulty in the process of mitigating insider IT threats is based on the variability of the problem. The nature of Insider IT misuse varies amongst organizations. Hence, the problem of expressing what constitutes a threat, as well as the process of detecting and predicting it are non trivial tasks that add up to the multi- factorial nature of insider IT misuse. This thesis is concerned with the process of systematizing the specification of insider threats, focusing on their system-level detection and prediction. The design of suitable user audit mechanisms and semantics form a Domain Specific Language to detect and predict insider misuse incidents. As a result, the thesis proposes in detail ways to construct standardized descriptions (signatures) of insider threat incidents, as means of aiding researchers and IT system experts mitigate the problem of insider IT misuse. The produced audit engine (LUARM – Logging User Actions in Relational Mode) and the Insider Threat Prediction and Specification Language (ITPSL) are two utilities that can be added to the IT insider misuse mitigation arsenal. LUARM is a novel audit engine designed specifically to address the needs of monitoring insider actions. These needs cannot be met by traditional open source audit utilities. ITPSL is an XML based markup that can standardize the description of incidents and threats and thus make use of the LUARM audit data. Its novelty lies on the fact that it can be used to detect as well as predict instances of threats, a task that has not been achieved to this date by a domain specific language to address threats. The research project evaluated the produced language using a cyber-misuse experiment approach derived from real world misuse incident data. The results of the experiment showed that the ITPSL and its associated audit engine LUARM provide a good foundation for insider threat specification and prediction. Some language deficiencies relate to the fact that the insider threat specification process requires a good knowledge of the software applications used in a computer system. As the language is easily expandable, future developments to improve the language towards this direction are suggested

Game Theory for Security Investments in Cyber and Supply Chain Networks

In a constantly and intricately connected world that is going digital, cybersecurity is imperative to not just the success but also the survival of a business. The ubiquitous digital transformation is fueled by a convulsive growth of devices and data that are leading important innovations in the domain of cyber-physical systems. However, this growth has also enabled internal and external threats to skyrocket, depicting the inherent dichotomy. With an evolving threat landscape, a perpetrator has to be successful once, while the defenders have to continually succeed in fending-off attacks to protect critical infrastructure and digital assets. Businesses are facing a barrage of attacks, majority of which have a financial or an espionage motive. Against the hackers, businesses put forth an asymmetric and myopic struggle.Through this dissertation, I contribute to the modeling and analysis of security investments in cyber and supply chain networks considering network vulnerability also nonlinear budget constraints. The latter contributes significantly to the literature on variational inequality, game theory, and cybersecurity by being methodologically relevant to the application and solution of such problems. I also explore cooperation in terms of cybersecurity among firms in a network, providing a quantitative basis to information sharing to explore its financial and policy related benefits. This work extends the current literature in the cooperative game theory and cybersecurity domains

Exploring engineering employability competencies through interpersonal and enterprise skills

Many researchers in engineering education have studied the engineering curriculum, employability, industrial training, generic skills and gender issues. From a wide spectrum of study, there is a gap around issues of interpersonal skills and enterprise skills in engineering education that has not been studied. Previous study has shown that there is unemployment amongst graduate engineers in Malaysia. This study aimed to assess whether the suggested lack of interpersonal and enterprise skills competencies cause unemployment amongst engineering graduates in Malaysia. This study also intended to appraise whether engineering undergraduates have received a quality work placement appropriate to their learning, knowledge and employability skills and also to create awareness about interpersonal and enterprise skills competencies amongst engineering undergraduates, higher education educators and employers in Malaysia. This study intended to create awareness about the importance of interpersonal and enterprise skills amongst engineers. A mixed method of questionnaire survey and interview was used to access data from fmal year engineering students and employers in Malaysia. Results from the study have provided evidence that interpersonal and enterprise skills are not a major contributor to unemployment of engineering graduates in Malaysia. This study has created new awareness of the subject that will allow the enhancement of the engineering education curriculum. This study has demonstrated that when interviewing companies for the purposes of research into curriculum it is necessary to have full awareness of their culture and ways of working