A ‘criminal personas’ approach to countering criminal creativity

This paper describes a pilot study of a ‘criminal personas’ approach to countering criminal creativity. The value of the personas approach has been assessed by comparing the identification of criminal opportunity, through ‘traditional’ brainstorming and then through ‘criminal personas’ brainstorming The method involved brainstorm sessions with Computer Forensics Practitioners and with Product Designers, where they were required to generate criminal scenarios, select the most serious criminal opportunities, and propose means of countering them. The findings indicated that there was merit in further research in the development and application of the ‘criminal personas’ approach. The generation of criminal opportunity ideas and proposal of counter criminal solutions were both greater when the brainstorm approach involved the group responding through their given criminal personas

Pattern for malware remediation – A last line of defence tool against Malware in the global communication platform

Malware is becoming a major problem to every organization that operates on the global communication platform. The malicious software programs are advancing in sophistication in many ways in order to defeat harden deployed defenses. When an organization’s defense fails to keep this malice invasion out, the organization would incur significant amount of risks and damages. Risks include data leakage, inability to operate and tarnished corporate image. Damages include compensation costs to customers and partners, service unavailability and loss of customers’ and partners’ confidence in the organization. This in turn will affect the organization’s business continuity. In order to manage the risks and damages induced by Malware incidents, incident responders are called upon to be the last line of defense against the digital onslaught assault. However incident responders are challenged too by the deep levels of knowledge, skills and experience required to contain the ever advancing and persistent Malware. This paper proposes the establishment of a Pattern template for Malware Remediation to aid incident responders to overcome their competency limitations in order to provide organizations the tool to repel Malware and to reduce the associated risks. Examples and details of the proposed patters are provided with discussions on future direction of the research work

Exploring the Challenges of Forensic Technology in Responding to Identity Document Theft in Polokwane Policing Area, South Africa

This study explores the challenges of forensic technology in responding to Identity Document (ID) theft as an approach used by the South African Police Service (SAPS) in the Polokwane policing area. This study further evaluates the availability of technological and conventional resources to respond to this scourge, as well as the capabilities of the SAPS to utilise the available [lack of forensic technology] resources to respond best to ID theft. This was done by analysing preventative measures, associated with these challenges, as faced by SAPS and other relevant stakeholders on responding to this crime in the Polokwane Central Business District (CBD), Bendor Park, and Flora Park, coupled with the number of stores situated in the business sectors of these selected areas. For this study, the researchers adopted a quantitative research approach with 90 respondents in the identified areas. This study established that the secretive nature of ID theft makes it difficult for the relevant stakeholders (Not limited to the local SAPS, Businesses, and Public members as presented by this study) to effectively respond to this scourge. Negatively, the forefront gatekeepers to respond to this crime are mainly SAPS Constables with less training to investigates ID theft properly. Thus, find themselves being more reactive than proactive, which contributes to the difficulty of locating potential perpetrators in the process of conventional investigations applications. Furthermore, ID thieves utilise advanced technological resources (I.e. Computer hacking software), as opposed to SAPS which does not have systems nor capacity to effectively respond to this crime. The limited resources at the disposal of SAPS also renders its effort in responding to this crime inadequate. For recommendations; significant emphases should be directed on the promotion of public awareness through public education for the use of forensic technology as an investigative and identification tool of responding to ID theft. The intensive training of SAPS officials and inter-governmental corroboration between SAPS, Department of Home Affairs (DHA), and other relevant stakeholders in understanding this technology are highly advised

A Comprehensive Analysis of the Role of Artificial Intelligence and Machine Learning in Modern Digital Forensics and Incident Response

In the dynamic landscape of digital forensics, the integration of Artificial Intelligence (AI) and Machine Learning (ML) stands as a transformative technology, poised to amplify the efficiency and precision of digital forensics investigations. However, the use of ML and AI in digital forensics is still in its nascent stages. As a result, this paper gives a thorough and in-depth analysis that goes beyond a simple survey and review. The goal is to look closely at how AI and ML techniques are used in digital forensics and incident response. This research explores cutting-edge research initiatives that cross domains such as data collection and recovery, the intricate reconstruction of cybercrime timelines, robust big data analysis, pattern recognition, safeguarding the chain of custody, and orchestrating responsive strategies to hacking incidents. This endeavour digs far beneath the surface to unearth the intricate ways AI-driven methodologies are shaping these crucial facets of digital forensics practice. While the promise of AI in digital forensics is evident, the challenges arising from increasing database sizes and evolving criminal tactics necessitate ongoing collaborative research and refinement within the digital forensics profession. This study examines the contributions, limitations, and gaps in the existing research, shedding light on the potential and limitations of AI and ML techniques. By exploring these different research areas, we highlight the critical need for strategic planning, continual research, and development to unlock AI's full potential in digital forensics and incident response. Ultimately, this paper underscores the significance of AI and ML integration in digital forensics, offering insights into their benefits, drawbacks, and broader implications for tackling modern cyber threats

Educating the effective digital forensics practitioner: academic, professional, graduate and student perspectives

Over the years, digital forensics has become an important and sought-after profession where the gateway of training and education has developed vastly over the past decade. Many UK higher education (HE) institutions now deliver courses that prepare students for careers in digital forensics and, in most recent advances, cyber security. Skills shortages and external influences attributed within the field of cyber security, and its relationship as a discipline with digital forensics, has shifted the dynamic of UK higher education provisions. The implications of this now sees the route to becoming a digital forensic practitioner, be it in law enforcement or business, transform from on-the-job training to university educated, trained analysts. This thesis examined courses within HE and discovered that the delivery of these courses often overlooked areas such as mobile forensics, live data forensics, Linux and Mac knowledge. This research also considered current standards available across HE to understand whether educational programmes are delivering what is documented as relevant curriculum. Cyber security was found to be the central focus of these standards within inclusion of digital forensics, adding further to the debate and lack of distinctive nature of digital forensics as its own discipline. Few standards demonstrated how the topics, knowledge, skills and competences drawn were identified as relevant and effective for producing digital forensic practitioners. Additionally, this thesis analyses and discusses results from 201 participants across five stakeholder groups: graduates, professionals, academics, students and the public. These areas were selected due to being underdeveloped in existing literature and the crucial role they play in the cycle of producing effective practitioners. Analysis on stakeholder views, experiences and thoughts surrounding education and training offer unique insight, theoretical underpinnings and original contributions not seen in existing literature. For example, challenges, costs and initial issues with introducing graduates to employment for the employers and/or supervising practitioners, the lack of awareness and contextualisation on behalf of students and graduates towards what knowledge and skills they have learned and acquired on a course and its practical application on-the-job which often lead to suggestions of a lack of fundamental knowledge and skills. This is evidenced throughout the thesis, but examples include graduates: for their reflections on education based on their new on-the-job experiences and practices; professionals: for their job experiences and requirements, academics: for their educational practices and challenges; students: their initial expectations and views; and, the public: for their general understanding. This research uniquely captures these perspectives, bolstering the development of digital forensics as an academic discipline, along with the importance these diverse views play in the overall approach to delivering skilled practitioners. While the main contribution to knowledge within this thesis is its narrative focusing on the education of effective digital forensic practitioners and its major stakeholders, this thesis also makes additional contributions both academically and professionally; including the discussion, analysis and reflection of: - improvements for education and digital forensics topics for research and curriculum development; - where course offerings can be improved for institutions offering digital forensic degree programmes; - the need for further collaboration between industry and academia to provide students and graduates with greater understanding of the real-life role of a digital forensic practitioner and the expectations in employment; - continuous and unique challenges within both academia and the industry which digital forensics possess and the need for improved facilities and tool development to curate and share problem and scenario-based learning studies

Use of Force Doctrine: How the League of Nations Forged The Modern Interpretation of Use of Force?

The objectives include: 1. To drive home the need for today's networked organizations to support the notion that the professional practice of computer forensics and knowledge of relevant laws is essential. 2. To help stakeholders consider how technology forensics blends into overall corporate computer security as a strategic feature. 3. To enlighten the mass on issues associated with computer forensics. 4. To embark on product awareness and campaign to leverage cybercrime. RESEARCH METHODOLOGY The researcher has adopted the doctrinal study as the information of policy decisions and analysis of precedents and its implications have already been made available through journals, research papers, and other scholarly works in circulation. The doctrinal study aids the researcher in presenting a practical and real-world view of the method in which investigations for cybercrime are being carried out in the country in the present scenario. The present research can be called doctrinal as it is an examination that has been finished on an honest to goodness social word by strategy for exploring present statutory courses of action as well as going through various precedents and examining the operation of the concerned statutes in real-life scenarios. RESEARCH QUESTIONS 1. Whether the present statutory provisions regarding the investigation are achieving their desired objectives? 2. Whether our current laws and investigative mechanisms are sufficiently equipped to deal with the burgeoning volume of cyber-crimes in the post-covid era? 3. Whether the current strength of investigating officers and cybercrime cells are adequate to ensure proper investigation? 4. Whether there is a need to undertake the training of officers and up gradation of technology to keep pace with the rapidly involving ways in which cybercrime is committed

Foundations, Properties, and Security Applications of Puzzles: A Survey

Cryptographic algorithms have been used not only to create robust ciphertexts but also to generate cryptograms that, contrary to the classic goal of cryptography, are meant to be broken. These cryptograms, generally called puzzles, require the use of a certain amount of resources to be solved, hence introducing a cost that is often regarded as a time delay---though it could involve other metrics as well, such as bandwidth. These powerful features have made puzzles the core of many security protocols, acquiring increasing importance in the IT security landscape. The concept of a puzzle has subsequently been extended to other types of schemes that do not use cryptographic functions, such as CAPTCHAs, which are used to discriminate humans from machines. Overall, puzzles have experienced a renewed interest with the advent of Bitcoin, which uses a CPU-intensive puzzle as proof of work. In this paper, we provide a comprehensive study of the most important puzzle construction schemes available in the literature, categorizing them according to several attributes, such as resource type, verification type, and applications. We have redefined the term puzzle by collecting and integrating the scattered notions used in different works, to cover all the existing applications. Moreover, we provide an overview of the possible applications, identifying key requirements and different design approaches. Finally, we highlight the features and limitations of each approach, providing a useful guide for the future development of new puzzle schemes.Comment: This article has been accepted for publication in ACM Computing Survey