Low Budget Forensic Drive Imaging Using Arm Based Single Board Computers

Traditional forensic analysis of hard disks and external media typically involves a powered down machine and “dead analysis” of these devices. Forensic acquisition of hard drives and external media has traditionally been by one of several means: standalone forensic duplicator; using a hardware write-blocker or dock attached to a laptop, computer, workstation, etc., forensic operating systems that live boot from a USB, CD/DVD or virtual machines with preinstalled operating systems. Standalone forensics acquisition and imaging devices generally cost thousands of dollars. In this paper, we propose the use of single board computers as forensic imaging devices. Single board computers can provide a low budget forensic imaging solution that can be used in a lab, remote acquisition, or even be configured as portable imaging devices. This project tests different ARM processor based single board computers and the software available at the present time. The project includes image acquisition using a write-blocker, software write-blockers and without write-blockers to test the various configurations. The final results demonstrate clearly that ARM based single board computers can be used as low cost and low energy forensic imaging devices

An Indistinguishability Model for Evaluating Diverse Classes of Phishing Attacks and Quantifying Attack Efficacy

Phishing is a growing threat to Internet users and causes billions of dollars in damage every year. While there are a number of research articles that study the tactics, techniques and procedures employed by phishers in the literature, in this paper, we present a theoretical yet practical model to study this menacing threat in a formal manner. While it is common folklore knowledge that a successful phishing attack entails creating messages that are indistinguishable from the natural, expected messages by the intended victim, this concept has not been formalized. Our model attempts to capture a phishing attack in terms of this indistinguishability between the natural and phishing message probability distributions. We view the actions performed by a phisher as an attempt to create messages that are indistinguishable to the victim from that of normal messages. To the best of our knowledge, this is the first study that places phishing on a concrete theoretical framework and offers a new perspective to analyze this threat. We propose metrics to analyze the success probability of a phishing attack taking into account the input used by a phisher and the work involved in creating deceptive email messages. Finally, we study and apply our model to a new class of phishing attacks called collaborative spear phishing that is gaining momentum. Recent examples include Operation Woolen-Goldfish in 2015, Rocket Kitten in 2014 and Epsilon email breach in 2011. We point out fundamental flaws in the current email-based marketing business model which enables such targeted spear phishing collaborative attacks. In this sense, our study is very timely and presents new and emerging trends in phishing

Cloud Storage Client Application Analysis

The research proposed in this paper focuses on gathering evidence from devices with UNIX/Linux systems (in particular on Ubuntu 14.04 and Android OS), and Windows 8.1, in order to find artifacts left by cloud storage applications that suggests their use even after the deletion of the applications. The work performed aims to expand upon the prior work done by other researches in the field of cloud forensics and to show an example of analysis. We show where and what type of data remnants can be found using our analysis and how this information can be used as evidence in a digital forensic investigation

Disaster Recovery Management with PowerShell PSDRM

Securing information and infrastructure is at the top of every organization’s priority. Security solutions are necessary and when properly implemented can minimize the exposure of an organization’s risk to compromise. Implementation can be costly and standardization is challenging. There are many cybersecurity solutions available ranging from open source to premium level coverages that can include deployment, monitoring, detection, and response. As threats evolve, the impacts of exploits become more difficult to thwart and in cases of ransomware the affects can immobilize a company and lead to lasting economic reprisal. Disaster Recovery provides an aspect of Cybersecurity and the most fundamental requirement for an organization to maintain continuity. When an organization publicly acknowledges compromise of their infrastructure regardless of the nature of the attack, the outfall is loss of confidence which inevitably impacts both internal and external stakeholders. This in turn leads to further efficiency loss to the businesses profitability as the primary resources are allocated to investigative and resolution matters. What this research\u27s primary goal is to focus on Disaster Recovery and provide an executable with PowerShell at the backend to perform a selective approach to automating Disaster Recovery within Virtualization infrastructures. This research shows methods on which an administrator could build their project using native tools such as PowerShell, to provide their own customized automated Disaster Recovery solutions designed for Virtualized environments by initiating a backup, test, restore and conserve volatile state. Too often does an organization lack the necessary skillsets needed to bring an organization back to service after an attack as much has seen in the effect of Ransomware attacks. Providing these means for organizations gives those with less than a financial advantage a fighting chance against unanticipated attacks. We accomplish this by standardizing a method for the roles responsible in the organization for ensuring security measures are maintained using PowerShell

Studies of preliminary phytochemical and Anti-arthritic activity of heart wood of Cedrus deodar (Roxb.)

ABSTRACT The aim of the research was to validate the use of cedrus deodar in external applications in the ayurvedic system of medicine.and conduct a preliminary phytochemical study of the same to help deduce the possible active ingredients.The petroleum ether, chloroform, alcoholic extracts of the heart wood of Cedrus deodar were prepared by Soxhlet extractor and examined for its external anti arthritic activity in rats using the freunds adjuvant method. The results of the phytochemical study revealed the presence of alkaloids, flavonoids, glycosides, phenolic compounds, saponins and proteins. Application of all the three extracts exhibited significant inhibition of CFA (Complete Freund's Adjuvant) induced rat paw edema when compared with the arthritic control group. These findings seem to justify the use of the plant in traditional Indian medicine in the treatment of inflammation, including arthritic conditions

A One-time Stegosystem and Applications to Efficient Covert Communication

We present the first information-theoretic steganographic protocol with an asymptotically optimal ratio of key length to message length that operates on arbitrary covertext distributions with constant min-entropy. Our results are also applicable to the computational setting: our stegosystem can be composed over a pseudorandom generator to send longer messages in a computationally secure fashion. In this respect our scheme offers a significant improvement in terms of the number of pseudorandom bits generated by the two parties in comparison to previous results known in the computational setting. Central to our approach for improving the overhead for general distributions is the use of combinatorial constructions that have been found to be useful in other contexts for derandomization: almost $t$-wise independent function families

Deception Detection Using Machine Learning

Today’s digital society creates an environment potentially conducive to the exchange of deceptive information. The dissemination of misleading information can have severe consequences on society. This research investigates the possibility of using shared characteristics among reviews, news articles, and emails to detect deception in text-based communication using machine learning techniques. The experiment discussed in this paper examines the use of Bag of Words and Part of Speech tag features to detect deception on the aforementioned types of communication using Neural Networks, Support Vector Machine, Naïve Bayesian, Random Forest, Logistic Regression, and Decision Tree. The contribution of this paper is two-fold. First, it provides initial insight into the identification of text communication cues useful in detecting deception across different types of text-based communication. Second, it provides a foundation for future research involving the application of machine learning algorithms to detect deception on different types of text communication