Towards a Threat Intelligence Informed Digital Forensics Readiness Framework

Digital Forensic Readiness (DFR) has received little attention by the research community, when compared to the core digital forensic investigation processes. DFR was primarily about logging of security events to be leveraged by the forensic analysis phase. However, the increasing number of security incidents and the overwhelming volumes of data produced mandate the development of more effective and efficient DFR approaches. We propose a DFR framework focusing on the prioritisation, triaging and selection of Indicators of Compromise (IoC) to be used in investigations of security incidents. A core component of the framework is the contextualisation of the IoCs to the underlying organisation, which can be achieved with the use of clustering and classification algoriihms and a local IoC database

Interoperability Challenges in the Cybersecurity Information Sharing Ecosystem

Threat intelligence helps businesses and organisations make the right decisions in their fight against cyber threats, and strategically design their digital defences for an optimised and up-to-date security situation. Combined with advanced security analysis, threat intelligence helps reduce the time between the detection of an attack and its containment. This is achieved by continuously providing information, accompanied by data, on existing and emerging cyber threats and vulnerabilities affecting corporate networks. This paper addresses challenges that organisations are bound to face when they decide to invest in effective and interoperable cybersecurity information sharing and categorises them in a layered model. Based on this, it provides an evaluation of existing sources that share cybersecurity information. The aim of this research is to help organisations improve their cyber threat information exchange capabilities, to enhance their security posture and be more prepared against emerging threats

Novel classification algorithm for ballistic target based on HRRP frame

Nowadays the identification of ballistic missile warheads in a cloud of decoys and debris is essential for defence systems in order to optimize the use of ammunition resources, avoiding to run out of all the available interceptors in vain. This paper introduces a novel solution for the classification of ballistic targets based on the computation of the inverse Radon transform of the target signatures, represented by a high resolution range profile frame acquired within an entire period of the main rotation of the target. Namely, the precession for warheads and the tumbling for decoys are taken into account. Following, the pseudo-Zernike moments of the resulting transformation are evaluated as the final feature vector for the classifier. The extracted features guarantee robustness against target's dimensions and rotation velocity, and the initial phase of the target's motion. The classification results on simulated data are shown for different polarizations of the electromagnetic radar waveform and for various operational conditions, confirming the validity of the algorithm

Actionable Threat Intelligence for Digital Forensics Readiness

The purpose of this paper is to formulate a novel model for enhancing the effectiveness of existing Digital Forensic Readiness (DFR) schemes by leveraging the benefits of cyber threat information sharing. This paper employs a quantitative methodology to identify the most popular Threat Intelligence elements and introduces a formalized procedure to correlate these elements with potential digital evidence resulting in the quick and accurate identification of patterns of malware activities. While threat intelligence exchange steadily becomes a common practice for the prevention or detection of security incidents, the proposed approach highlights its usefulness for the digital forensics domain. The proposed model can help organizations to improve their digital forensic readiness posture and thus minimize the time and cost of cybercrime incident

Improving Forensic Triage Efficiency through Cyber Threat Intelligence

The complication of information technology and the proliferation of heterogeneous security devices that produce increased volumes of data coupled with the ever-changing threat landscape challenges have an adverse impact on the efficiency of information security controls and digital forensics, as well as incident response approaches. Cyber Threat Intelligence (CTI)and forensic preparedness are the two parts of the so-called managed security services that defendants can employ to repel, mitigate or investigate security incidents. Despite their success, there is no known effort that has combined these two approaches to enhance Digital Forensic Readiness (DFR) and thus decrease the time and cost of incident response and investigation. This paper builds upon and extends a DFR model that utilises actionable CTI to improve the maturity levels of DFR. The effectiveness and applicability of this model are evaluated through a series of experiments that employ malware-related network data simulating real-world attack scenarios. To this extent, the model manages to identify the root causes of information security incidents with high accuracy (90.73%), precision (96.17%) and recall (93.61%), while managing to decrease significantly the volume of data digital forensic investigators need to examine. The contribution of this paper is twofold. First, it indicates that CTI can be employed by digital forensics processes. Second, it demonstrates and evaluates an efficient mechanism that enhances operational DFR

An integrated view of theiInfluence of temperature, pressure, and humidity on the stability of trimorphic cysteamine hydrochloride

Understanding the phase behavior of pharmaceuticals is important for dosage form development and regulatory requirements, in particular after the incident with ritonavir. In the present paper, a comprehensive study of the solid-state phase behavior of cysteamine hydrochloride used in the treatment of nephropathic cystinosis and recently granted orphan designation by the European Commission is presented employing (high-pressure) calorimetry, water vapor sorption, and X-ray diffraction as a function of temperature. A new crystal form (I2/a, form III) has been discovered, and its structure has been solved by X-ray powder diffraction, while two other crystalline forms are already known. The relative thermodynamic stabilities of the commercial form I and of the newly discovered form III have been established; they possess an overall enantiotropic phase relationship, with form I stable at room temperature and form III stable above 37 degrees C. Its melting temperature was found at 67.3 +/- 0.5 degrees C. Cysteamine hydrochloride is hygroscopic and immediately forms a concentrated saturated solution in water with a surprisingly high concentration of 47.5 mol % above a relative humidity of 35%. No hydrate has been observed. A temperature composition phase diagram is presented that has been obtained with the unary pressure temperature phase diagram, measurements, and calculations. For development, form I would be the best form to use in any solid dosage form, which should be thoroughly protected against humidity.Postprint (author's final draft

Introducing responsibly self-healing into the incident management lifecycle

In this paper we propose an approach for adopting the self-healing paradigm in complex networking environments. We argue that a straightforward application of self-healing capabilities may have an adverse effect on incident response due to the ill-understanding of the state of the system under protection. We sketch how the use of the Cynefin framework leverages the understanding of complex systems at the appropriate level of detail. In particular, we show how the framework can help to understand how the environment operates and to identify ways to improve its resilience and ability to recover from failures

Reuse of fractional waveform libraries for MIMO radar and electronic countermeasures

A fundamental aspect in the hardware-software design of modern radar systems, for example MIMO or Low Probability of Intercept Radar, is to operate in electromagnetically crowded environments. Proper radar waveform design is central to effective solutions in such systems. In this paper cross-interference and waveform reuse for a set of waveform libraries based on the fractional Fourier transform are presented and analysed. The results demonstrate the potential of the novel libraries in increasing the number of available waveforms and for stealth transmissions

GNSS based passive bistatic radar for micro-doppler based classification of helicopters : experimental validation

The capability of using illuminators of opportunity for target classification is of great interest to the radar community. In particular the alternative use of Global Navigation Satellite System (GNSS) has recently initiated a number of studies that aim to exploit this source of illumination for passive radar. We recently introduced the concept of a GNSS based passive radar for extraction of micro-Doppler signatures from helicopter rotor blades with the aim of identify this kind of targets. In this paper we present the experimental validation of our concept with real data from two different models of helicopte

Detecting and manipulating compressed alternate data streams in a forensics investigation

Data hiding technique through Alternate Data Streams in compressed form is poorly documented and less known among Forensic experts. This paper deals with the documentation of Compressed ADS and their attributes concerning hiding information, provides a simple technique of creating compressed ADS and using it in a malicious manner. Finally a method is presented in order to detect and manipulate ADS in a proper way, complying with the Computer Forensic techniques. © 2008 IEEE