"Looking is not as bad as touching - or is it?" Considering risk in offenders who use child sexual exploitation material

There has been much debate about the availability of child sexual exploitation material (CSEM) on the internet, highlighted by the tragic deaths of April Jones (5 years) and Tia Sharp (12 years), whose killers viewed and collected CSEM. Discussion surrounding such cases has focused on a potentially causal link between CSEM and sexually motivated crimes against children. Since the advent of the internet, convictions for the possession, exchange and/or production of CSEM have risen dramatically. A substantial body of research on internet sex offenders has emerged and professionals are developing a knowledge base regarding assessment and treatment needs of CSEM users. However, the question of risk remains a central concern: How likely is a CSEM user to commit a contact sex offence against a child in the future? Is there a causal link between “looking” and “touching”? The Lucy Faithfull Foundation, together with Prof Derek Perkins (West London Mental Health Trust) & Dr Hannah Merdian (University of Lincoln) would like to invite you to a one-day conference addressing the issue of risk assessment and risk management in working with CSEM users. The Lucy Faithfull Foundation (LFF) is a child protection charity, committed to reducing the risk of children being sexually abused. Proceeds from the conference and any donations will go to the Lucy Faithfull Foundation with sincere thanks to support its work

The Malware Analysis Body of Knowledge (MABOK)

The ability to forensically analyse malicious software (malware) is becoming an increasingly important discipline in the field of Digital Forensics. This is because malware is becoming stealthier, targeted, profit driven, managed by criminal organizations, harder to detect and much harder to analyse. Malware analysis requires a considerable skill set to delve deep into malware internals when it is designed specifically to detect and hinder such attempts. This paper presents a foundation for a Malware Analysis Body of Knowledge (MABOK) that is required to successfully forensically analyse malware. This body of knowledge has been the result of several years of research into malware dissection

VCU Media Lab

We propose the establishment of a VCU Media Lab – a professional creative media technology unit whose mission is to support the development, design, production and delivery of innovative media, multimedia, computer-based instruction, publications and tools in support of VCU education, research and marketing initiatives. This centrally administered, budgeted and resourced facility will acknowledge, refine, focus and expand media services that are currently being provided at VCU in a decentralized manner

Security Incident Response Criteria: A Practitioner's Perspective

Industrial reports indicate that security incidents continue to inflict large financial losses on organizations. Researchers and industrial analysts contend that there are fundamental problems with existing security incident response process solutions. This paper presents the Security Incident Response Criteria (SIRC) which can be applied to a variety of security incident response approaches. The criteria are derived from empirical data based on in-depth interviews conducted within a Global Fortune 500 organization and supporting literature. The research contribution of this paper is twofold. First, the criteria presented in this paper can be used to evaluate existing security incident response solutions and second, as a guide, to support future security incident response improvement initiatives

Medical Cyber-Physical Systems Development: A Forensics-Driven Approach

The synthesis of technology and the medical industry has partly contributed to the increasing interest in Medical Cyber-Physical Systems (MCPS). While these systems provide benefits to patients and professionals, they also introduce new attack vectors for malicious actors (e.g. financially-and/or criminally-motivated actors). A successful breach involving a MCPS can impact patient data and system availability. The complexity and operating requirements of a MCPS complicates digital investigations. Coupling this information with the potentially vast amounts of information that a MCPS produces and/or has access to is generating discussions on, not only, how to compromise these systems but, more importantly, how to investigate these systems. The paper proposes the integration of forensics principles and concepts into the design and development of a MCPS to strengthen an organization's investigative posture. The framework sets the foundation for future research in the refinement of specific solutions for MCPS investigations.Comment: This is the pre-print version of a paper presented at the 2nd International Workshop on Security, Privacy, and Trustworthiness in Medical Cyber-Physical Systems (MedSPT 2017

A comparison of forensic toolkits and mass market data recovery applications

Digital forensic application suites are large, expensive, complex software products, offering a range of functions to assist in the investigation of digital artifacts. Several authors have raised concerns as to the reliability of evidence derived from these products. This is of particular concern, given that many forensic suites are closed source and therefore can only be subject to black box evaluation. In addition, many of the individual functions integrated into forensic suites are available as commercial stand-alone products, typically at a much lower cost, or even free. This paper reports research which compared (rather than individually evaluated) the data recovery function of two forensic suites and three stand alone `non-forensic' commercial applications. The research demonstrates that, for this function at least, the commercial data recovery tools provide comparable performance to that of the forensic software suites. In addition, the research demonstrates that there is some variation in results presented by all of the data recovery tools

Realistic Man, Fantasy Policeman: The Longevity of Ruth Rendell's Reginald Wexford

Publisher does not allow open access until after publicatio