A Covert Data Transport Protocol

Both enterprise and national firewalls filter network connections. For data forensics and botnet removal applications, it is important to establish the information source. In this paper, we describe a data transport layer which allows a client to transfer encrypted data that provides no discernible information regarding the data source. We use a domain generation algorithm (DGA) to encode AES encrypted data into domain names that current tools are unable to reliably differentiate from valid domain names. The domain names are registered using (free) dynamic DNS services. The data transmission format is not vulnerable to Deep Packet Inspection (DPI).Comment: 8 pages, 10 figures, conferenc

Spoiled Onions: Exposing Malicious Tor Exit Relays

Several hundred Tor exit relays together push more than 1 GiB/s of network traffic. However, it is easy for exit relays to snoop and tamper with anonymised network traffic and as all relays are run by independent volunteers, not all of them are innocuous. In this paper, we seek to expose malicious exit relays and document their actions. First, we monitored the Tor network after developing a fast and modular exit relay scanner. We implemented several scanning modules for detecting common attacks and used them to probe all exit relays over a period of four months. We discovered numerous malicious exit relays engaging in different attacks. To reduce the attack surface users are exposed to, we further discuss the design and implementation of a browser extension patch which fetches and compares suspicious X.509 certificates over independent Tor circuits. Our work makes it possible to continuously monitor Tor exit relays. We are able to detect and thwart many man-in-the-middle attacks which makes the network safer for its users. All our code is available under a free license

A framework for the forensic investigation of unstructured email relationship data

Our continued reliance on email communications ensures that it remains a major source of evidence during a digital investigation. Emails comprise both structured and unstructured data. Structured data provides qualitative information to the forensics examiner and is typically viewed through existing tools. Unstructured data is more complex as it comprises information associated with social networks, such as relationships within the network, identification of key actors and power relations, and there are currently no standardised tools for its forensic analysis. Moreover, email investigations may involve many hundreds of actors and thousands of messages. This paper posits a framework for the forensic investigation of email data. In particular, it focuses on the triage and analysis of unstructured data to identify key actors and relationships within an email network. This paper demonstrates the applicability of the approach by applying relevant stages of the framework to the Enron email corpus. The paper illustrates the advantage of triaging this data to identify (and discount) actors and potential sources of further evidence. It then applies social network analysis techniques to key actors within the data set. This paper posits that visualisation of unstructured data can greatly aid the examiner in their analysis of evidence discovered during an investigation

When Technology Meets Money Laundering, What Should Law Do? New Products And Payment Systems And Cross Border Courier

Money Laundering has become very sophisticated by technology assistance. Perpetrator is tending to use the help of technology to create easiness of doing crime. This condition is supported also by the activity of cash courier across border which has been choosing as means to do money laundering. Some Conventions and/or multilateral agreement between countries have appointed the vulnerability of exploration of money laundering through cash courier. From research, it can be understood, the Convention just gives the guideline how to detect, but as long as it happens, there is no specific measurement how to recognize it directly. Since money laundering is proceed of crime. It needs an inspection and evaluation from the Authority and decides that the crime is money laundering. It is not a crime against Customs Law. Other condition that increases possibility to support money laundering is the development of new products and payment systems. So many innovation conducted by technology creates new payments methods and products, such as bitcoin, litecoin, linden dollars, other crypto currency and other bearer negotiable instruments, could help offender to do money laundering. In the research, it was discovered that the crime is developing further rather than the law. Technology seems like taking place in the heart of the money launderer and robs the position of the law, even though Technology is never created for something bad. The research is a qualitative research that will analyze how the law can work together with technology to fight against money laundering. The hypothesis of this research is that law is having a good position as guidance of the development of technology, and technology is having good role to trigger the readiness of law to develop. Thus money laundering will not be easy to “develop” when technology meet law. The government of every country in the world need to synergies information on new technological discovery this is very important as it will help each country to formulate laws bordering on trans-border crime especially on money laundering. Money laundering comes in different formats and styles with the introduction of different payment system across the world. One of such latest development is the introduction of crypto-currency i.e. bitcoin a fiat currency that is mainly a block chain technology driven

BLOGS: ANTI-FORENSICS and COUNTER ANTI-FORENSICS

Blogging gives an ordinary person the ability to have a conversation with a wide audience and has become one of the fastest growing uses of the Web. However, dozens of employee-bloggers have been terminated for exercising what they consider to be their First Amendment right to free speech and would-be consumer advocates face potential liability for voicing their opinions. To avoid identification and prevent retribution, bloggers have sought to maintain anonymity by taking advantage of various tools and procedures - anti-forensics. Unfortunately some anonymous bloggers also post content that is in violation of one or more laws. Some blogging content might be viewed as harassing others - an area known as cyber-bullying. Law enforcement and network forensics specialists are developing procedures called Counter Anti-forensics that show some promise to identify those who violate the law. However, these techniques must be used with caution so as not to violate the rights of others