A survey on digital forensics trends

Digital forensic has evolved from addressing minor computer crimes to investigation of complex international cases with massive effect on the world. This paper studies the evolution of the digital forensic; its origins, its current position and its future directions. This paper sets the scene with exploring past literature on digital forensic approaches followed by the assessment and analysis of current state of art in both industrial and academic digital forensics research. The obtained results are compared and analyzed to provide a comprehensive view of the current digital forensics landscape. Furthermore, this paper highlights critical digital forensic issues that are being overlooked and not being addressed as deserved. The paper finally concludes with offering future research directions in this area

Forensics investigation challenges in cloud computing environments

Cloud computing discusses about sharing any imaginable entity such as process units, storage devices or software. The provided service is utterly economical and expandable. Cloud computing attractive benefits entice huge interest of both business owners and cyber thefts. Consequently, the “computer forensic investigation” step into the play to find evidences against criminals. As a result of the new technology and methods used in cloud computing, the forensic investigation techniques face different types of issues while inspecting the case. The most profound challenges are difficulties to deal with different rulings obliged on variety of data saved in different locations, limited access to obtain evidences from cloud and even the issue of seizing the physical evidence for the sake of integrity validation or evidence presentation. This paper suggests a simple yet very useful solution to conquer the aforementioned issues in forensic investigation of cloud systems. Utilizing TPM in hypervisor, implementing multi-factor authentication and updating the cloud service provider policy to provide persistent storage devices are some of the recommended solutions. Utilizing the proposed solutions, the cloud service will be compatible to the current digital forensic investigation practices; alongside it brings the great advantage of being investigable and consequently the trust of the client

Cloud computing and conflicts with digital forensic investigation

Unfortunately, the nature of the cloud is in conflict with the characteristic of digital forensic investigation approach since many of the common forensic steps are not possible to follow during the inspection of the case. The distribution of cloud resource location in different countries, utilization of numerous storage devices and very limited physical access to the low-level storage devices and physical memories are just some of the reasons caused this conflict. This paper proposes some basic, yet useful, solutions to conquer the described issues. Implementing multi-factor authentication, utilizing Trusted Platform Module (TPM) in Hypervisor and applying specific changes in the Cloud Service Provider (CSP) contract to provide persistent storage to the customer are parts of suggested approaches, capable of making the current digital forensic investigation practices applicable to the cloud computing environments. This is an absolutely essential requirement for CSP’s mainly due to the significance of the clients’ trust which demands the ability for being investigated

Cyber warfare trends and future

Nowadays, an old fiction known as cyber warfare is coming true. US Pentagon declared Cyber Warfare as “Act of War” [1] which makes the Cyber Warfare one of the battlefields (sea, ground, space and air) [2]; if any type of cyber warfare gets detected, the identified source of the attack is responsible of any serious reactions. Cyber warfare is a fast growing concept which requires more investigation and research to avoid possible consequences such as loss of lives and resources. The possibility of getting enormous damage from Cyber-attacks currently are practiced according to real life experiences have been conducted by US cyber research teams [3][4]. In this paper we first explain some basic concepts of cyber warfare and clarify the area of discussion. Then we introduce well-known cyber-attacks and available defensive techniques against it. Finally, we focus on possible effects of the cyber-attacks on potential targets such as Electric Power Infrastructures network

A behaviour-based analytical malware detection framework for android smartphones

The fast growth in the number of Android smartphone users and the lack of suitable malware detection techniques for these devices attract vicious minds to infect users with malicious software. The fact is that today, after more than seven years of initial Android release, there are still malwares spreading in official Android markets. It is necessary to mention that not only the number of users are being increased, the user’s data becoming more and more sensitive. Nowadays, a typical smartphone can contain contact information, private messages, location information, emails or even credit card numbers. Previous studies reported that the initial detection rate of a newly created Android virus is less than 5%, which indicate that the available products in the market are not really effective. Considering the sharp increase in number of mobile malwares and the ineffectiveness of current malware detection solutions, Android users are facing a great problem. In this research, we propose a behaviour-based analytical malware detection framework for Android smartphones (which in known as Nestor). This framework has three main models. The first model is in charge of keeping the primary dataset up to dated. Then the analyser model, M0Droid, utilises behaviour-based malware detection approach to obtain the behavioural factors and generate a signature for every application. This signature is generated based on the system call requests by application and then normalised with median and z-score for generating more accurate and effective signature. It then uses Spearman's rank correlation coefficient to identify similar malware signatures in a previously generated blacklist of malwares signature. The result of all these processing appears in a safe Android market that the end user can download Android application without worrying about malware infection. The outcome of the M0Droid accuracy measurement experiment against malware dataset indicates 60.16% positives malware detection, 39.43% false-positives and 0.4% false-negatives with choosing Spearman correlation coefficient rank of 0.90 as the threshold. This threshold is directly proportional to the false-negative rate while it is inversely proportional to positive and false-positive rates. Moreover, to compare our result with a similar model, we employed the same evaluation method as Crowdroid used to test M0Droid. The result represents an improvement in detection rate since Crowdroid were able to detect 97% of malwares while M0Droid detect all malwares in test environment. It is notable, that the novelty of this work and the most effective factors in obtaining these results are due to employing Linux Monkey for mimicking the user input, zscore for signature normalisation and Spearman's rank correlation coefficient for signatures comparison. We hope this research can be a stepping stone for improvement in Android malware detection techniques and development of safe Android markets which eventually increase the security of end-user devices

A survey on malware propagation, analysis, and detection

Over the last decades, there were lots of studies made on malware and their countermeasures. The most recent reports emphasize that the invention of malicious software is rapidly increasing. Moreover, the intensive use of networks and Internet increases the ability of the spreading and the effectiveness of this kind of software. On the other hand, researchers and manufacturers making great efforts to produce anti-malware systems with effective detection methods for better protection on computers. In this paper, a detailed review has been conducted on the current situation of malware infection and the work done to improve anti-malware or malware detection systems. Thus, it provides an up-to-date comparative reference for developers of malware detection systems

M0Droid : an android behavioral-based malware detection model

Anti-mobile malware has attracted the attention of the research and security community in recent years due to the increasing threat of mobile malware and the significant increase in the number of mobile devices. M0Droid, a novel Android behavioral-based malware detection technique comprising a lightweight client agent and a server analyzer, is proposed here. The server analyzer generates a signature for every application (app) based on the system call requests of the app (termed app behavior) and normalizes the generated signature to improve accuracy. The analyzer then uses Spearman’s rank correlation coefficient to identify malware with similar behavior signatures in a previously generated blacklist of malwares signatures. The main contribution of this research is the proposed method to generate standardized mobile malware signatures based on their behavior and a method for comparing generated signatures. Preliminary experiments running M0Droid against Genome dataset and APK submissions of Android client agent or developers indicate a detection rate of 60.16% with 39.43% false-positives and 0.4% false-negatives at a threshold value of 0.90. Increasing or decreasing the threshold value can adjust the strictness of M0Droid. As the threshold value increases, the false-negative rate will also increase, and as the threshold value decreases, the detection and false-positive rates will also decrease. The authors hope that this research will contribute towards Android malware detection techniques

Cloud forensics issues and oppurtunities

Cloud computing technology is a rapidly growing field of study, which relies on sharing computing resources rather than having local servers or personal devices to handle applications. Most of the growth in this field is due to transfer of the traditional model of IT services to a novel model of cloud and the ubiquity of access to electronic and digital devices. Cloud computing posed a critical risk and challenges to digital investigators, but provides plenty of opportunities to investigators for improving the digital forensics. Moreover, cloud service providers and customers have yet to establish adequate forensic capabilities that could support investigations of criminal activities in the cloud. Notwithstanding the cloud presents some promising technical and economic benefits, users still resist to use cloud mainly due to security issues because it poses a challenge in doing cloud forensic investigations. Regarding this some research has been done, which propose solutions in doing forensic investigation. In this review paper, we take the first step towards reviewing the cloud forensics works that have been done by other researchers, and then do some discussion and analysis based on our findings to consider the opportunities and challenges confront the cloud forensics based on our findings

Comparison of the effect of two drugs pethidine and lidocaine on post-extubation complications in patients undergoing general anesthesia

Introduction: Many surgical operations require tracheal intubation for anesthetizing the patients. Intubation and extubation are usually associated with complications in patients. Reducing these complications increases surgical efficiency and also patient satisfaction with surgery. Analgesics are used to reduce these complications. Therefore, the present research was conducted to compare the effects of Lidocaine and pethidine on reducing post-extubation complications in patients referred to operating theatres in Peymaniyeh Hospital in Jahrom. Methodology: This clinical trial was carried out on 210 patients who were randomly put into the pethidine, Lidocaine, and control groups. After the surgical procedures and before removing the endotracheal tube, the first group received 20 mg of pethidine, the second group 2ml of Lidocaine, and the third group did not receive any drug.  Post-extubation complications such as sore throat, coughing, nausea and vomiting, straining, laryngospasm, transient hypoxemia, and strained voice were compared. The information was analyzed using SPSS 11.5 and descriptive statistical tests (mean and percentage) and inferential statistical tests (chi-square, t-test, ANOVA, etc.) Results: Patients who received pethidine suffered less straining (p=0.032) and sore throat (p=0.046), but there were no significant differences between the two experimental groups in laryngospasm, transient hypoxemia, nausea and vomiting, coughing, and strained voice.  The Lidocaine and the control groups did not differ significantly in post-extubation complications (p>0.05). Furthermore, a larger number of the patients in the pethidine group developed sore throat compared to the Lidocaine group (p=0.049). Conclusions: Although pethidine was more effective in reducing pain than Lidocaine, yet it did not decrease many of the complications. Therefore, the best method is to concurrently use low doses of both pethidine and Lidocaine

Performance of android forensics data recovery tools

Recovering deleted or hidden data is among the most important duties of forensics investigators. Extensive utilization of smartphones as subject, objects, or tools of crime made them an important part of residual forensics. This chapter investigates the effectiveness of mobile forensic data recovery tools in recovering evidences from a Samsung Galaxy S2 i9100 Android phone. We seek to determine the amount of data that could be recovered using Phone image carver, Access data FTK, Foremost, Diskdigger, and Recover My File forensic tools. The findings reflected the difference between recovery capacities of studied tools showing their suitability in their specialized contexts only