A Forensically Sound Adversary Model for Mobile Devices

In this paper, we propose an adversary model to facilitate forensic investigations of mobile devices (e.g. Android, iOS and Windows smartphones) that can be readily adapted to the latest mobile device technologies. This is essential given the ongoing and rapidly changing nature of mobile device technologies. An integral principle and significant constraint upon forensic practitioners is that of forensic soundness. Our adversary model specifically considers and integrates the constraints of forensic soundness on the adversary, in our case, a forensic practitioner. One construction of the adversary model is an evidence collection and analysis methodology for Android devices. Using the methodology with six popular cloud apps, we were successful in extracting various information of forensic interest in both the external and internal storage of the mobile device

Luminous X-ray AGN in Clusters of Galaxies

We present a study of X-ray AGN overdensities in 16 Abell clusters, within the redshift range 0.073<z<0.279, in order to investigate the effect of the hot inter-cluster environment on the triggering of the AGN phenomenon. The X-ray AGN overdensities, with respect to the field expectations, were estimated for sources with L_x>= 10^{42} erg s^{-1} (at the redshift of the clusters) and within an area of 1 h^{-1}_{72} Mpc radius (excluding the core). To investigate the presence or not of a true enhancement of luminous X-ray AGN in the cluster area, we also derived the corresponding optical galaxy overdensities, using a suitable range of $r$-band magnitudes. We always find the latter to be significantly higher (and only in two cases roughly equal) with respect to the corresponding X-ray overdensities. Over the whole cluster sample, the mean X-ray point-source overdensity is a factor of ~4 less than that corresponding to bright optical galaxies, a difference which is significant at a >0.995 level, as indicated by an appropriate t-student test. We conclude that the triggering of luminous X-ray AGN in rich clusters is strongly suppressed. Furthermore, searching for optical SDSS counterparts of all the X-ray sources, associated with our clusters, we found that about half appear to be background QSOs, while others are background and foreground AGN or stars. The true overdensity of X-ray point sources, associated to the clusters, is therefore even smaller than what our statistical approach revealed.Comment: accepted for publication in ApJ Letter

Mobile device forensics: a snapshot

In the increasingly dynamic environment of mobile forensics, this paper provides an overview of the capabilities of three popular mobile forensic tools on three mobile phones based on Apple’s iOS, Google’s Android and RIM’s BlackBerry operating systems. The paper identifies where each specific tool is best applied and also describes the limitations of each in accessing contacts, call history, message data (SMS, MMS and emails), media files and other data. New releases of forensic tools and mobile operating systems may change the way the data are acquired and preserved in the future. It is therefore hoped that future research will continue to provide the digital forensics community with the most up-to-date overview of mobile forensics capabilities

Active Galactic Nuclei in Groups and Clusters of Galaxies: Detection and Host Morphology

The incidence and properties of Active Galactic Nuclei (AGN) in the field, groups, and clusters can provide new information about how these objects are triggered and fueled, similar to how these environments have been employed to study galaxy evolution. We have obtained new XMM-Newton observations of seven X-ray selected groups and poor clusters with 0.02 < z < 0.06 for comparison with previous samples that mostly included rich clusters and optically-selected groups. Our final sample has ten groups and six clusters in this low-redshift range (split at a velocity dispersion of $\sigma = 500$ km/s). We find that the X-ray selected AGN fraction increases from $f_A(L_X>10^{41}; M_R<M_R^*+1) = 0.047^{+0.023}_{-0.016}$ in clusters to $0.091^{+0.049}_{-0.034}$ for the groups (85% significance), or a factor of two, for AGN above an 0.3-8keV X-ray luminosity of $10^{41}$ erg/s hosted by galaxies more luminous than $M_R^*+1$. The trend is similar, although less significant, for a lower-luminosity host threshold of $M_R = -20$ mag. For many of the groups in the sample we have also identified AGN via standard emission-line diagnostics and find that these AGN are nearly disjoint from the X-ray selected AGN. Because there are substantial differences in the morphological mix of galaxies between groups and clusters, we have also measured the AGN fraction for early-type galaxies alone to determine if the differences are directly due to environment, or indirectly due to the change in the morphological mix. We find that the AGN fraction in early-type galaxies is also lower in clusters $f_{A,n>2.5}(L_X>10^{41}; M_R<M_R^*+1) = 0.048^{+0.028}_{-0.019}$ compared to $0.119^{+0.064}_{-0.044}$ for the groups (92% significance), a result consistent with the hypothesis that the change in AGN fraction is directly connected to environment.Comment: 18 pages, 9 figures; accepted by The Astrophysical Journal; for higher-resolution versions of some figures, see http://u.arizona.edu/~tjarnold/Arnold09

Conceptual evidence collection and analysis methodology for Android devices

Android devices continue to grow in popularity and capability meaning the need for a forensically sound evidence collection methodology for these devices also increases. This chapter proposes a methodology for evidence collection and analysis for Android devices that is, as far as practical, device agnostic. Android devices may contain a significant amount of evidential data that could be essential to a forensic practitioner in their investigations. However, the retrieval of this data requires that the practitioner understand and utilize techniques to analyze information collected from the device. The major contribution of this research is an in-depth evidence collection and analysis methodology for forensic practitioners.Comment: in Cloud Security Ecosystem (Syngress, an Imprint of Elsevier), 201

Gaseous Structures in Barred Galaxies: Effects of the Bar Strength

Using hydrodynamic simulations, we investigate the physical properties of gaseous substructures in barred galaxies and their relationships with the bar strength. The gaseous medium is assumed to be isothermal and unmagnetized. The bar potential is modeled as a Ferrers prolate with index n. To explore situations with differing bar strength, we vary the bar mass fbar relative to the spheroidal component as well as its aspect ratio. We derive expressions as functions of fbar and the aspect ratio for the bar strength Qb and the radius r(Qb) where the maximum bar torque occurs. When applied to observations, these expressions suggest that bars in real galaxies are most likely to have fbar=0.25-0.5 and n<1. Dust lanes approximately follow one of x1-orbits and tend to be more straight under a stronger and more elongated bar, but are insensitive to the presence of self-gravity. A nuclear ring of a conventional x2 type forms only when the bar is not so massive or elongated. The radius of an x2-type ring is generally smaller than the inner Lindblad resonance, decreases systematically with increasing Qb, and slightly larger when self-gravity is included. This evidences that the ring position is not determined by the resonance but by the amount of angular momentum loss at dust-lane shocks. Nuclear spirals exist only when the ring is of the x2-type and sufficiently large in size. Unlike the other features, nuclear spirals are transient in that they start out as being tightly-wound and weak, and then due to the nonlinear effect unwind and become stronger until turning into shocks, with an unwinding rate higher for larger Qb. The mass inflow rate to the galaxy center is found to be less than 0.01 Msun/yr for models with Qb<0.2, while becoming larger than 0.1 Msun/yr when Qb>0.2 and self-gravity is included.Comment: 24 pages, 17 figures, 5 tables; Accepted for publication in the ApJ; Version with full-resolution figures available at http://mirzam.snu.ac.kr/~wkim/Bar/barHDn.pd

BUILDING THE NEXT GENERATION OF CYBER SECURITY PROFESSIONALS

Cyber security is an area of strategic and policy interest to governments and enterprises globally, which results in an increase in the demand for cyber security professionals. However, there is a lack of education based on sound theories, standards and practices. In this paper, we adapted the Situational Crime Prevention Theory and the NICE National Cybersecurity Workforce Framework in the design and delivery of our courses, particularly in the Cyber Security Exercise (CSE) which forms an integral part of the courses. The CSE is an attack/defence environment where students are grouped and given a virtual machine with which to host a number of services (e.g. HTTP(S), FTP and SSH) for access by other groups. The CSE is designed to mirror real-world environments where the students´ skills will be applied. An overview of the CSE architecture was also provided for readers interested in replicating the exercise in their institutions. Based on student assessment and feedback, we found that our approach was useful in transferring theoretical knowledge to practical skills suitable for the cyber security workforce

Two-Dimensional Magnetohydrodynamic Simulations of Barred Galaxies

Barred galaxies are known to possess magnetic fields that may affect the properties of bar substructures such as dust lanes and nuclear rings. We use two-dimensional high-resolution magnetohydrodynamic (MHD) simulations to investigate the effects of magnetic fields on the formation and evolution of such substructures as well as on the mass inflow rates to the galaxy center. The gaseous medium is assumed to be infinitesimally-thin, isothermal, non-self-gravitating, and threaded by initially uniform, azimuthal magnetic fields. We find that there exists an outermost x1-orbit relative to which gaseous responses to an imposed stellar bar potential are completely different between inside and outside. Inside this orbit, gas is shocked into dust lanes and infalls to form a nuclear ring. Magnetic fields are compressed in dust lanes, reducing their peak density. Magnetic stress removes further angular momentum of the gas at the shocks, temporarily causing the dust lanes to bend into an 'L' shape and eventually leading to a smaller and more centrally distributed ring than in unmagnetized models. The mass inflow rates in magnetized models correspondingly become larger, by more than two orders of magnitude when the initial fields have an equipartition value with thermal energy, than in the unmagnetized counterparts. Outside the outermost x1-orbit, on the other hand, an MHD dynamo due to the combined action of the bar potential and background shear operates near the corotation and bar-end regions, efficiently amplifying magnetic fields. The amplified fields shape into trailing magnetic arms with strong fields and low density. The base of the magnetic arms has a thin layer in which magnetic fields with opposite polarity reconnect via a tearing-mode instability. This produces numerous magnetic islands with large density which propagate along the arms to turn the outer disk into a highly chaotic state.Comment: 22 pages, 19 figures, 3 tables; Accepted for publication in the ApJ; Version with full-resolution figures available at http://mirzam.snu.ac.kr/~wkim/Bar/mhdbar.pd