Investigation of bypassing malware defences and malware detections

Nowadays, malware incident is one of the most expensive damages caused by attackers. Malwares are caused different attacks, so considerations and implementations of malware defences for internal networks are important. In this papers, different techniques such as repacking, reverse engineering and hex editing for bypassing host-based Anti Virus (AV) signatures are illustrated, and the description and comparison of different channels and methods when malware might reach the host from outside the networks are demonstrated. After that, bypassing HTTP/SSL and SMTP malware defences as channels are discussed. Finally, as it is important to find and detect new and unknown malware before the malware gets in to the victims, a new malware detection technique base on honeynet systems is surveyed

A survey about impacts of cloud computing on digital forensics

Nowadays, digital storage of computer data is moving toward cloud computing which is a set of infrastructure provides data storage for organizations and individuals. Due to this large scale, in case an attack occurs in the network of a cloud it would be a big challenge to investigate the cloud. Therefore, digital forensics in cloud computing is a new discipline related to the increasing use of computers, networks and digital storage devices in numerous criminal activities in both traditional and Hi-Tech. This study reviews the literature on some challenges in cloud computing forensic investigation, and it is followed by evaluation and analysis of all types of information on cloud computing and its impacts on computer forensic investigations in publishing alliances with the survey was carried out in the field

Machine Learning Aided Static Malware Analysis: A Survey and Tutorial

Malware analysis and detection techniques have been evolving during the last decade as a reflection to development of different malware techniques to evade network-based and host-based security protections. The fast growth in variety and number of malware species made it very difficult for forensics investigators to provide an on time response. Therefore, Machine Learning (ML) aided malware analysis became a necessity to automate different aspects of static and dynamic malware investigation. We believe that machine learning aided static analysis can be used as a methodological approach in technical Cyber Threats Intelligence (CTI) rather than resource-consuming dynamic malware analysis that has been thoroughly studied before. In this paper, we address this research gap by conducting an in-depth survey of different machine learning methods for classification of static characteristics of 32-bit malicious Portable Executable (PE32) Windows files and develop taxonomy for better understanding of these techniques. Afterwards, we offer a tutorial on how different machine learning techniques can be utilized in extraction and analysis of a variety of static characteristic of PE binaries and evaluate accuracy and practical generalization of these techniques. Finally, the results of experimental study of all the method using common data was given to demonstrate the accuracy and complexity. This paper may serve as a stepping stone for future researchers in cross-disciplinary field of machine learning aided malware forensics.Comment: 37 Page

Towards secure model for SCADA systems

Nowadays, Supervisory Control And Data Acquisition (SCADA) systems have huge influences on the human life. They provide a distance remote controlling, monitoring and information gathering of transmission, production and distribution of every automation systems such as electric power, power plants, refineries, rail transportation, waste and water systems, oil and gas. In this paper, different possible threats, risks and vulnerabilities in the SCADA systems are surveyed, and some mitigation strategies to improve the SCADA security systems are proposed

Digital forensics trends and future

Nowadays, rapid evolution of computers and mobile phones has caused these devices to be used in criminal activities. Providing appropriate and sufficient security measures is a difficult job due to complexity of devices which makes investigating crimes involving these devices even harder. Digital forensic is the procedure of investigating computer crimes in the cyber world. Many researches have been done in this area to help forensic investigation to resolve existing challenges. This paper attempts to look into trends of applications of digital forensics and security at hand in various aspects and provide some estimations about future research trends in this area

Analysis of known and unknown malware bypassing techniques

Nowadays, malware attacks are the most expensive damages for organizations in different types of computer and network systems. While different types of attacks are well surveyed and documented, little details related to bypass malware detections and defenses are provided in the public domains. Malware caused different types of attacks such as denial of service (DoS) attacks,business espionage, extorting money, etc. Therefore, implementing malware defenses for organizations’ internal networks are uttermost important.In this paper, bypassing the well-known and unknown malware through the host-based Anti Viruses (AVs) that are based on signature detection is illustrated, and it is shown that how even a known malware might be bypassed anti viruses and firewalls to be executed in organizations’ internal computer networks. Right after that, an unknown malware detection system to protect organization’s internal networks from unknown and known malware before they reach into the victims’ systems is surveyed and provided

A survey on privacy impacts of digital investigation

Digital forensics is becoming more and more demanding as computers evolve into different platforms and penetrate different industries. The usage of computers in today’s society has covered in vast areas and are implemented in fields where the most sensitive information are stored and accessed for various operations. This paper will look into developmental trends of applications of digital forensics and security in various aspects within the span of 7 years based on critical review and statistical analysis, and then contribute the results of significant change and shift of focus in digital forensics development. Then, a discussion will be made on privacy concerns, whether the current development trend is paying more attention to privacy preservation or harsh forensic investigation techniques that usually result in compromised personal information

Digital forensics framework for investigating client cloud storage applications on smartphones

In today's modern world, the growing use of smartphones with the Internet access supported increasing deployment of cloud storage applications to access data anywhere, anytime. It provides a sharp increase of the possibility of malicious activities to abuse the cloud storages. One of the emerging challenges regarding digital forensic research investigations is cloud storage, as well as increasing use of cloud storage applications on mobile devices. The overlap of these two growing technologies further cyber criminals opportunities to conduct malicious activities such as identity theft,piracy, illegal trading, sexual harassment, cyber stalking and cyber terrorism. This has made mobile devices as an important source of evidence in digital investigation. Not knowing where the data may reside can impede the investigators, as it could take considerable time to contact all potential service providers to determine if the data is stored within their cloud service. Current mobile forensic analyzer tools, procedures and methods are able to extract valuable information from VoIP, Social Networking,Mail Applications on smartphones; however, the mobile forensic analyzer tools cannot acquire enough valuable information from cloud applications on smartphones. Therefore, there is a forensically sound need for a digital forensic framework focusing on analysis phase of smartphones to identify potential data on cloud storages. In this thesis, a framework for investigating client cloud storage applications on smartphones is proposed. Using the framework, we seek to analyze and determine the data remnants from the use of five popular cloud client Apps of OneDrive, Box, Mega, GoogleDrive, and Dropbox on the popular smartphones that use operating systems of Android and iOS. A variety of circumstances have been considered, including methods to upload, download, delete and share files in the cloud storage clients to determine residue data on client devices. Moreover, in terms of evidence preservation, possible modifications in files content and metadata that may affect preservation of evidence from these platforms are examined. A variety of artifacts were detected from different users’ activities such as login, upload, download, delete, and sharing files. Moreover, the cloud client applications in the Android device did not cause any alteration to the content of the files. However, the files’ timestamps were changed from the original sample files, and this needs to be considered when forming conclusions in relation to examination of times and dates of the files within the cloud client applications. The findings may assist forensic examiners and practitioners in real world examination of cloud client applications on Android and iOS platforms

Forensic investigation of OneDrive, Box, GoogleDrive and Dropbox applications on Android and iOS devices

In today’s Internet-connected world, mobile devices are increasingly used to access cloud storage services, which allow users to access data anywhere, anytime. Mobile devices have, however, been known to be used and/or targeted by cyber criminals to conduct malicious activities, such as data exfiltration, malware, identity theft, piracy, illegal trading, sexual harassment, cyber stalking and cyber terrorism. Consequently, mobile devices are an increasing important source of evidence in digital investigations. In this paper, we examine four popular cloud client apps, namely OneDrive, Box, GoogleDrive, and Dropbox, on both Android and iOS platforms (two of the most popular mobile operating systems). We identify artefacts of forensic interest, such as information generated during login, uploading, downloading, deletion, and the sharing of files. These findings may assist forensic examiners and practitioners in real-world examination of cloud client applications on Android and iOS platforms