8 research outputs found
Freeware Live Forensics tools evaluation and operation tips
Highlighted by a digital forensics investigation specialists from FBI in DFRWS 2006, live forensics investigations already become one of the most important procedures in digital forensics investigations. Many digital forensics investigation product companies have already joint the battlefield in developing their only live forensics tools. However, similar to the development trend in traditional digital forensics, evaluation criteria for Live Digital Forensics could only be standardized after operating procedures being standardized. One way to standardize the Live Digital Forensics Investigation procedure is to define the investigation objectives around the core digital forensics principles. Through the use of FORZA framework, a more legal and investigation oriented live digital forensics investigation procedures have been outlined. Based on the FORZA based procedure, a set of operation best practices, operational tips and evaluation criteria was derived. Using the derived criteria, various free Live Forensics toolkits including Windows Forensics Toolchest (WFT), Incident Response Collection Report (IRCR), First Responders Evidence Disk (FRED) and Computer Online Forensic Evidence (COFEE) were evaluated and reported in this paper
Analysis of peer-to-peer investigation model
ï»ż
Peer-to-Peer (P2P) file sharing is one of the most commonly used methods for sharing files over a network, especially large files such as videos or music recordings. In North America, P2P file-sharing networks occupied approximately 50% of the network traffic in 2011 [3]. Many files shared through P2P networks are related to Internet piracy or unintentional file sharing. Foxy P2P network, a typical search-based P2P network, is in the spotlight for sensitive file sharing. Peers download the files by using keywords instead of resource links. Therefore, the investigation mechanisms developed to identify the first seeder in Bit-Torrent network â another type of P2P network [54], cannot be applied to this scenario.
Identifying the first seeder is the critical step in P2P investigation. The investigator cannot collect necessary evidence without locating the first seeder. Therefore, conducting forensic analysis is impossible. Moreover, validating the actual first seeder will be challenging when more than one uploader is identified.
This study started by analyzing different P2P networks and comparing their underlying features. Categorizing the P2P file-sharing networks resulted in the identification of the key functions for file sharing. Two difficulties in Foxy network investigation, namely, unknown file publication time and uncertainty of network coverage by uploaders and downloaders, were also highlighted.
To further examine the Foxy P2P network, a controlled testing environment for the P2P network was developed in a network simulation environment (i.e., NS-3). Tests were conducted in the simulation environment, and the effects of various attributes (file size, file transfer rate, file popularity) on the growth of the number of uploaders (represented by the seeder curve) were analyzed.
Results demonstrated that the shape of the seeder curve was affected by the file propagation feature of the file-sharing activity. The slow-rising period, which represented the competition for the file content being shared among peers, was recorded at the initial stage of file sharing in the P2P network. Competition for file content is one of the key factors related to the success or failure in performing P2P investigation through the simulation environment.
An investigation algorithm and four validation rules were proposed based on the above key factor to perform P2P investigation. Through controlled and randomly selected experiments, the investigation could be applied to the search-based P2P file-sharing environment as long as the required slow-rising period in other P2P networks was followed [68].
Analysis of the experimental results demonstrated the ability of the proposed investigation model and the validation rules. The results verified and confirmed the observed seeder in the P2P file-sharing scenario if competitions among downloaders for the shared file content existed. The limitations of the P2P investigation and validation model were also discussed.published_or_final_versionComputer ScienceDoctoralDoctor of Philosoph
Security and privacy issues of smart card payment on Web
Smart cards are replacing traditional magnetic cards payment transaction. This is because of enhanced security capabilities that can be built in a smart card. With the high popularity of web technology, there is a trend towards smart cards are used as an electronic wallet for micro-payment transaction on Internet. Most of the related work of smart card payment transaction on web concentrates only on the security aspects of hardware/firmware, encryption method and key management, or they only propose the online shopping protocol by uni-directional payment transaction based on the scenery of exact payment from the customer to merchant during business activity. Furthermore, the shopping protocols proposed so far do not support negotiation, bargaining or privacy issues between the parties during transaction. The main focus of this paper is to raise some important security and privacy issues for bi-directional payment transaction with change among more than two parties involved business activity