318 research outputs found
Augmenting Agent Platforms to Facilitate Conversation Reasoning
Within Multi Agent Systems, communication by means of Agent Communication
Languages (ACLs) has a key role to play in the co-operation, co-ordination and
knowledge-sharing between agents. Despite this, complex reasoning about agent
messaging, and specifically about conversations between agents, tends not to
have widespread support amongst general-purpose agent programming languages.
ACRE (Agent Communication Reasoning Engine) aims to complement the existing
logical reasoning capabilities of agent programming languages with the
capability of reasoning about complex interaction protocols in order to
facilitate conversations between agents. This paper outlines the aims of the
ACRE project and gives details of the functioning of a prototype implementation
within the Agent Factory multi agent framework
EviPlant: An efficient digital forensic challenge creation, manipulation and distribution solution
Education and training in digital forensics requires a variety of suitable
challenge corpora containing realistic features including regular
wear-and-tear, background noise, and the actual digital traces to be discovered
during investigation. Typically, the creation of these challenges requires
overly arduous effort on the part of the educator to ensure their viability.
Once created, the challenge image needs to be stored and distributed to a class
for practical training. This storage and distribution step requires significant
time and resources and may not even be possible in an online/distance learning
scenario due to the data sizes involved. As part of this paper, we introduce a
more capable methodology and system as an alternative to current approaches.
EviPlant is a system designed for the efficient creation, manipulation, storage
and distribution of challenges for digital forensics education and training.
The system relies on the initial distribution of base disk images, i.e., images
containing solely base operating systems. In order to create challenges for
students, educators can boot the base system, emulate the desired activity and
perform a "diffing" of resultant image and the base image. This diffing process
extracts the modified artefacts and associated metadata and stores them in an
"evidence package". Evidence packages can be created for different personae,
different wear-and-tear, different emulated crimes, etc., and multiple evidence
packages can be distributed to students and integrated into the base images. A
number of additional applications in digital forensic challenge creation for
tool testing and validation, proficiency testing, and malware analysis are also
discussed as a result of using EviPlant.Comment: Digital Forensic Research Workshop Europe 201
Methodology for the Automated Metadata-Based Classification of Incriminating Digital Forensic Artefacts
The ever increasing volume of data in digital forensic investigation is one
of the most discussed challenges in the field. Usually, most of the file
artefacts on seized devices are not pertinent to the investigation. Manually
retrieving suspicious files relevant to the investigation is akin to finding a
needle in a haystack. In this paper, a methodology for the automatic
prioritisation of suspicious file artefacts (i.e., file artefacts that are
pertinent to the investigation) is proposed to reduce the manual analysis
effort required. This methodology is designed to work in a human-in-the-loop
fashion. In other words, it predicts/recommends that an artefact is likely to
be suspicious rather than giving the final analysis result. A supervised
machine learning approach is employed, which leverages the recorded results of
previously processed cases. The process of features extraction, dataset
generation, training and evaluation are presented in this paper. In addition, a
toolkit for data extraction from disk images is outlined, which enables this
method to be integrated with the conventional investigation process and work in
an automated fashion
- …