643 research outputs found
Data reduction and data mining framework for digital forensic evidence: storage, intelligence, review and archive
With the volume of digital forensic evidence rapidly increasing, this paper proposes a data reduction and data mining framework that incorporates a process of reducing data volume by focusing on a subset of information.
Foreword
The volume of digital forensic evidence is rapidly increasing, leading to large backlogs. In this paper, a Digital Forensic Data Reduction and Data Mining Framework is proposed. Initial research with sample data from South Australia Police Electronic Crime Section and Digital Corpora Forensic Images using the proposed framework resulted in significant reduction in the storage requirementsâthe reduced subset is only 0.196 percent and 0.75 percent respectively of the original data volume. The framework outlined is not suggested to replace full analysis, but serves to provide a rapid triage, collection, intelligence analysis, review and storage methodology to support the various stages of digital forensic examinations. Agencies that can undertake rapid assessment of seized data can more effectively target specific criminal matters. The framework may also provide a greater potential intelligence gain from analysis of current and historical data in a timely manner, and the ability to undertake research of trends over time
Money laundering risks of prepaid stored value cards
In the past decade, there has been an increasing reliance on electronic means of transferring funds for personal and business purposes. One recent development has been the emergence of plastic cards with the capacity to store value electronically, which can be used for a range of retail transactions. With the advent of comprehensive anti-money laundering laws throughout the developed world, criminals are turning to alternative ways of moving funds across borders to circumvent reporting and detection systems. One identified risk is the misuse of prepaid stored value cards to keep the proceeds of crime and move them across borders without alerting law enforcement and financial intelligence units. This paper describes the nature of these risks and considers whether existing regulatory measures are adequate to address them
A Forensically Sound Adversary Model for Mobile Devices
In this paper, we propose an adversary model to facilitate forensic
investigations of mobile devices (e.g. Android, iOS and Windows smartphones)
that can be readily adapted to the latest mobile device technologies. This is
essential given the ongoing and rapidly changing nature of mobile device
technologies. An integral principle and significant constraint upon forensic
practitioners is that of forensic soundness. Our adversary model specifically
considers and integrates the constraints of forensic soundness on the
adversary, in our case, a forensic practitioner. One construction of the
adversary model is an evidence collection and analysis methodology for Android
devices. Using the methodology with six popular cloud apps, we were successful
in extracting various information of forensic interest in both the external and
internal storage of the mobile device
Medical Cyber-Physical Systems Development: A Forensics-Driven Approach
The synthesis of technology and the medical industry has partly contributed
to the increasing interest in Medical Cyber-Physical Systems (MCPS). While
these systems provide benefits to patients and professionals, they also
introduce new attack vectors for malicious actors (e.g. financially-and/or
criminally-motivated actors). A successful breach involving a MCPS can impact
patient data and system availability. The complexity and operating requirements
of a MCPS complicates digital investigations. Coupling this information with
the potentially vast amounts of information that a MCPS produces and/or has
access to is generating discussions on, not only, how to compromise these
systems but, more importantly, how to investigate these systems. The paper
proposes the integration of forensics principles and concepts into the design
and development of a MCPS to strengthen an organization's investigative
posture. The framework sets the foundation for future research in the
refinement of specific solutions for MCPS investigations.Comment: This is the pre-print version of a paper presented at the 2nd
International Workshop on Security, Privacy, and Trustworthiness in Medical
Cyber-Physical Systems (MedSPT 2017
BUILDING THE NEXT GENERATION OF CYBER SECURITY PROFESSIONALS
Cyber security is an area of strategic and policy interest to governments and enterprises globally, which results in an increase in the demand for cyber security professionals. However, there is a lack of education based on sound theories, standards and practices. In this paper, we adapted the Situational Crime Prevention Theory and the NICE National Cybersecurity Workforce Framework in the design and delivery of our courses, particularly in the Cyber Security Exercise (CSE) which forms an integral part of the courses. The CSE is an attack/defence environment where students are grouped and given a virtual machine with which to host a number of services (e.g. HTTP(S), FTP and SSH) for access by other groups. The CSE is designed to mirror real-world environments where the studentsÂŽ skills will be applied. An overview of the CSE architecture was also provided for readers interested in replicating the exercise in their institutions. Based on student assessment and feedback, we found that our approach was useful in transferring theoretical knowledge to practical skills suitable for the cyber security workforce
Revisit Of McCullagh--Barreto Two-Party ID-Based Authenticated Key Agreement Protocols
The recently proposed two-party ID-based authenticated key agreement protocols (with and without escrow) and its variant resistant to key-compromise impersonation by McCullagh & Barreto are revisited. The protocol carries a proof of security in the Bellare & Rogaway (1993) model. In this paper, it is demonstrated that the protocols and its variant are not secure if the adversary is allowed to send a Reveal query to reveal non-partner players who had accepted the same session key
A Proof of Revised Yahalom Protocol in the Bellare and Rogaway (1993) Model
Although the Yahalom protocol, proposed by Burrows, Abadi, and Needham in 1990, is one of the most prominent key establishment protocols analyzed by researchers from the computer security community (using automated proof tools), a simplified version of the protocol is only recently proven secure by Backes and Pfitzmann (2006) in their \textit{cryptographic library} framework. We present a protocol for key establishment that is closely based on the Yahalom protocol. We then present a security proof in the Bellare and Rogaway (1993) model and the random oracle model. We also observe that no partnering mechanism is specified within the Yahalom protocol. We then present a brief discussion on the role and the possible construct of session identifiers as a form of partnering mechanism, which allows the right session key to be identified in concurrent protocol executions. We then recommend that session identifiers should be included within protocol specification rather than consider session identifiers as artefacts in protocol proof
Resource materials on technology-enabled crime
Designed to assist prosecutors and members of the judiciary faced with proceedings involving technology-enabled crime, the report will be a useful general guide to concepts and terms for other non-technical people
- âŠ