Including network routers in forensic investigation

Network forensics concerns the identification and preservation of evidence from an event that has occurred or is likely to occur. The scope of network forensics encompasses the networks, systems and devices associated with the physical and human networks. In this paper we are assessing the forensic potential of a router in investigations. A single router is taken as a case study and analysed to determine its forensic value from both static and live investigation perspectives. In the live investigation, tests using steps from two to seven routers were used to establish benchmark expectations for network variations. We find that the router has many attributes that make it a repository and a site for evidence collection. The implications of this research are for investigators and the inclusion of routers in network forensic investigations

Including Network Routers In Forensic Investigation

Network forensics concerns the identification and preservation of evidence from an event that has occurred or is likely to occur. The scope of network forensics encompasses the networks, systems and devices associated with the physical and human networks. In this paper we are assessing the forensic potential of a router in investigations. A single router is taken as a case study and analysed to determine its forensic value from both static and live investigation perspectives. In the live investigation, tests using steps from two to seven routers were used to establish benchmark expectations for network variations. We find that the router has many attributes that make it a repository and a site for evidence collection. The implications of this research are for investigators and the inclusion of routers in network forensic investigations

Evaluating the security vulenerabilities of the IP6to4 tunnelling mechanism

The two versions of Internet Protocol (IP) rely on mechanisms that will convert one protocol to the other and vice versa. Version 4 is still prevalent in the Internet backbone and version 6 in most private networks. In this research we focus on the automatic tunnelling mechanism that provides the encapsulation at one end of the transition tunnel and the de-encapsulation at the other end dependant on the direction of transition. In our research we asked: How secure is the automatic tunnelling mechanism? It is a simple question but important given the number of times transition may occur in any communication and the potential for vulnerabilities. To test the capability of the software instance we launched attacks on the inside and the outside of the tunnel; recorded performance variations and noted opportunities for information sniffing. In all instances the results show weaknesses that can be exploited and the potential for an outsider to not only launch for example DoS attacks but to also disrupt the information being managed in the tunnel. How secure is the automatic tunnelling mechanism

Up-dating investigation models for smart phone procedures

The convergence of services in Smart Technologies such as iPhones, Androids and multiple tablet work surfaces challenges the scope of any forensic investigation to include cloud environments, devices and service media. The analysis of current investigation guidelines suggests that each element in an investigation requires an independent procedure to assure the preservation of evidence. However we dispute this view and review the possibility of consolidating current investigation guidelines into a unified best practice guideline. This exploratory research proposes to fill a gap in digital forensic investigation knowledge for smart technologies used in business environments and to propose a better way to approach smart technology investigations

Google earth forensics on IOS 10’s location service

The easy access and common usage of GNSS systems has provided a wealth of evidential information that may be accessed by a digital forensic investigator. Google Earth is commonly used on all manner of devices for geolocation services and consequently has a wide range of tools that will relate real time and stored GNSS data to maps. As an aid to investigation Google Earth forensics is available for use. An investigator can use it by downloading geolocation data from devices and placing it on Google Earth maps, place geolocation data on historical archival maps, or by direct usage of the application in a device. In this paper we review the Google Earth forensics tool and use a simplistic scenario to demonstrate the power of the application for courtroom walk-throughs. The entry-level tool is free and can be used effectively to enhance the presentation of geolocation data

Tonga’s organisational vulnerability to social engineering

Tonga is a small developing island in the south pacific and ICT is still in its early stages. In this paper we ask the questions, what is social engineering and who is this social engineer, what are the threats to Tonga, how can these threats be identified and which countermeasures can be taken to mitigate the risk of social engineering? The answers to these questions will lead to a social engineering risk management framework to make the risks of social engineering more transparent and help organisations implement mitigating controls against social engineering. The study was performed in four chosen organisations in Tonga, who were involved with Information Communications, Finance, and Cyber Security in order to model threats and countermeasures and develop a risk management framework

Financial fraud risk management and corporate governance

Risk management is important so that risk is assessed, understood and appropriately managed. This is important both for conformance and performance. It is essential that strategic planning and management decisions are made appropriately in the context of the risk appetite of the corporation and its various stakeholders – especially its shareholders. If a company does not have a good understanding of risk, the likelihood of conformance and performance failure is high, this implies good internal and external corporate intelligence. Large global corporations have a significant impact on economies around the world. These entities are subject to intense competition and require investor and customer confidence to underpin their activities. Poor governance adversely affects customers and investors, and makes corporation uncompetitive. This can also affect entire economies. In the context of the Global Financial Crisis (GFC), the collapse of the US investment bank Lehman brothers demonstrates that corporate failure can hurt economies globally. The failure of Lehman Brothers to properly manage and understand risk is a clear example of the failure of good governance

The relevance of a good internal control system in a computerised accounting information system

Advancements in information technology (IT) have enabled companies to use computers to carry out their activities that were previously performed manually. Accounting systems that were previously performed manually can now be performed with the help of computers. With all the advantages of computerized accounting software, business owners need to realize that problems do arise for a variety of reasons. Dependence on computers sometimes leads to bigger problems. This paper, therefore provide a detail information about the concept of internal control to its relevance in a computerised accounting information. This study also considers the trend between manual and computerised accounting system. This study concludes with recommendations on how to maximise the effectiveness of developing internal control systems of the computerized accounting systems which are characterized of providing appropriate safety to the systems. The systems can provide information characterized by reliability for the sake of taking decisions. These systems should integrated with other administrative and organizational systems

Innovating additional Layer 2 security requirements for a protected stack

Security is only as good as the weakest link and if the weakness is at a low level in the communication stack then every other Layer has potential to inherit the problem. The OSI Layer model has defined the theoretical architecture for network communications (ISO/IEC 7498-1). Standardisation assures that each element of an internetwork uses the same model and hence a message can be moved intelligibly and correctly between participants. The OSI model divides communications into seven hierarchical Layers that provide the necessary services from the application Layer through to the physical Layer of electricity (ISO/IEC 7498-2). Each Layer is dependent on the one below to provide the more primitive functions and is hence interconnected from top to bottom in a communication chain. The four Layer TCP/IP pragmatic model conveys a similar relationship of dependant services for communication that have inter-dependence (Comer, 1995). The consequence is that no matter how a communication stack is looked at – theoretically or in practice – problems low down impact higher Layers. In this research we looked specifically at the OSI Data Link Layer (2) not only because so much has been written on security issues at this Layer, but also because it is the first Layer where serious abstraction in terms of logics and protocols is made from the primitive physical impulses (Altunbasak et al., 2005; NIST, 2013). These theoretical abstractions offer opportunity for proper and improper manipulation that may either better facilitate communication or impede effective communication. The data link Layer also gives opportunity for a range of logical attacks that may exploit the effective communication but not always for the intended purposes. Such vulnerabilities occur elsewhere in the communication stack but Layer 2 is the first real opportunity for logical attacks (Shanmug et al, 2010; Altunbasak, et al., 2005). This paper is structured to briefly review current literature and define the implications of OSI Layer 2 security vulnerabilities. The OSI model is selected in preference over the TCP/IP model as it has greater clarity around specific layers and reference detail. Two gaps in the literature are identified and theoretical solutions proposed for Layer 2 security

Mobile device wardriving tools’ comparison: Nuku’alofa as case study

This paper describes the justification for a project to assess the security status of wireless networks usage in Nuku’alofa, the CBD of Tonga, By War Driving these suburbs, actual data was gathered to indicate the security status of wireless networks and provide an understanding of the users’ level of awareness and attitudes towards wireless security. This paper also takes the opportunity to compare the performance of the War driving tools that this study employed – GMoN, SWardriving, and Wi-Fi Scan. Wireless network communication remains a challenging and critical issue. This study takes an exploratory approach in which it allows the researcher to explore and dig deeper in to the data to find out the true status of wireless network security in Tonga. Not only that, it also allows the researcher to compare the performance of the tools based on the data. The results are very interesting, they indicate that, since the introduction of the fibre optic network, the usage of wireless communication technology grows as well. However, it is evident that wireless network security is still in its early stages. WEP encryption method is still in use, 24.2% with no encryption, and 9.2% did not change their SSID. In terms of tools’ performances, it is evident in this study that the SWardriving tool outperforms the GMoN and the Wi-Fi Scan tool