An information security awareness program to address common security concerns in IT unit

Educated and trained people are critical success factor in any IT work environment to minimize threats or misuse of the organizational assets that may damage the growth, excellence, and efficiency of any business. However, humans are always the weakest point in any security plan. Awareness is by far the most successful technique that does not cost much when compared with training and education and may reduce the total expenditure on security. Having a properly planned information security awareness program greatly impact the raising of the awareness level among the organization\u27s staff. Information Technology unit represents a critical success factor in knowledge management and plays a major role in the decision-making process within any organization. We assess that the initial step in delivering any security awareness plan to the business should start from within IT unit, and this is aligned with the perception that security is the sole responsibility of the IT department. Most of the former studies proposed general information security awareness programs and guidelines, but few of them targeted IT unit. The purpose of this research is to propose an information security awareness program (ISAP) to be used by IT unit to enhance the level of information security standard regardless of the organization type. Our research study differs from other studies in that we targeted the IT unit when building ISAP. Furthermore, we identify several awareness knowledge areas for each sub-division. © 2014 IEEE

LiFE (Logical iOS Forensics Examiner): An Open Source iOS Backup Forensics Examination Tool

In this paper, we present LiFE (Logical iOS Forensics Examiner), an open source iOS backup forensics examination tool. This tool helps both researchers and practitioners alike in both understanding the backup structures of iOS devices and forensically examining iOS backups. The tool is currently capable of parsing device information, call history, voice messages, GPS locations, conversations, notes, images, address books, calendar entries, SMS messages, Aux locations, facebook data and e-mails. The tool consists of both a manual interface (where the user is able to manually examine the backup structures) and an automated examination interface (where the tool pulls out evidence from known files). Additionally, LiFE is designed so that the evidence located in files would retain its integrity. It is important to note that most of the evidence examined by LiFE is parsed from SQLite databases that are backed up by iTunes. LiFE also offers an extensibility option to the user, where an examiner can add new evidence SQLite files to the application that can be automatically parsed, and these known files are then automatically populated in the automated GUI’s toolbar with an icon added to the investigator’s liking

LiFE (Logical iOSForensics Examiner): An Open Source iOSBackup Forensics Examination Tool

In this paper, we present LiFE (Logical iOS Forensics Examiner), an open source iOS backup forensics examination tool. This tool helps both researchers and practitioners alike in both understanding the backup structures of iOS devices and forensically examining iOS backups. The tool is currently capable of parsing device information, call history, voice messages, GPS locations, conversations, notes, images, address books, calendar entries, SMS messages, Aux locations, facebook data and e-mails. The tool consists of both a manual interface (where the user is able to manually examine the backup structures) and an automated examination interface (where the tool pulls out evidence from known files). Additionally, LiFE is designed so that the evidence located in files would retain its integrity. It is important to note that most of the evidence examined by LiFE is parsed from SQLite databases that are backed up by iTunes. LiFE also offers an extensibility option to the user, where an examiner can add new evidence SQLite files to the application that can be automatically parsed, and these known files are then automatically populated in the automated GUI’s toolbar with an icon added to the investigator’s liking. Keywords: iOS forensics, Small Scale Digital Devices, iPhone forensics, iPad forensics, SQLite, Open source tools, iTunes backup, Extensible forensics software, File identification, LiF

Towards a unified agent-based approach for real time computer forensic evidence collection

In this paper we present preliminary results for a real time computer forensics agent that logs computer activity on a Windows computer system for subsequent forensic investigation. The agent, which is developed using the .NET 2010 framework includes six modules. Each module is dedicated to keep track and record a specific category of user activities. For instance, the Windows Event Watcher logs the Windows OS events and the Removable Devices Detector logs any external devices that are plugged in or removed from a system. Currently, the aforementioned two modules are implemented and tested with carefully designed scenarios using Windows XP and Windows 7 operating systems. Copyright 2013 ACM

CAT Record (Computer Activity Timeline Record): A Unified Agent Based Approach for Real Time Computer Forensic Evidence Collection

In this paper we present CAT Record - a real time computer forensics agent that records computer activity for subsequent forensic investigation on a Windows computer system as actions are taking place on a system. This approach is different from the traditional post-mortem approach of examining a hard disk since activities are being recorded as they are happening. The prototype agent included six modules 1) Windows Event Watcher - which records the Windows Operating System events 2) Active Window Detector - which records the active windows on the screen 3) Font-Time-Power-Resolution Detector - which records changes in font, time, power or resolution on the system 4) Explorers Monitor - which records the activity when opening an item from the Windows Explorer or Internet Explorer 5) Removable Devices Detector - which records any external devices that are plugged in or removed from a system and 6) File System Watcher - which records the activity taking place on the file system. CAT Record was stress tested in three scenarios using an automated program that was written to test the accuracy of the agent and its memory consumption on Windows XP and Windows 7. Overall, the results indicated that the amount of recorded data varied between Windows XP and Windows 7 and that CAT Record on average did not consume more than 42,876 KB of memory per second during its operation under extremely stressful tests

CAT Record (computer activity timeline record): A unified agent based approach for real time computer forensic evidence collection

© 2013 IEEE. In this paper we present CAT Record - a real time computer forensics agent that records computer activity for subsequent forensic investigation on a Windows computer system as actions are taking place on a system. This approach is different from the traditional post-mortem approach of examining a hard disk since activities are being recorded as they are happening. The prototype agent included six modules 1) Windows Event Watcher - which records the Windows Operating System events 2) Active Window Detector - which records the active windows on the screen 3) Font-Time-Power-Resolution Detector - which records changes in font, time, power or resolution on the system 4) Explorers Monitor - which records the activity when opening an item from the Windows Explorer or Internet Explorer 5) Removable Devices Detector - which records any external devices that are plugged in or removed from a system and 6) File System Watcher - which records the activity taking place on the file system. CAT Record was stress tested in three scenarios using an automated program that was written to test the accuracy of the agent and its memory consumption on Windows XP and Windows 7. Overall, the results indicated that the amount of recorded data varied between Windows XP and Windows 7 and that CAT Record on average did not consume more than 42,876 KB of memory per second during its operation under extremely stressful tests