Botnet Forensic Investigation Techniques and Cost Evaluation

Botnets are responsible for a large percentage of damages and criminal activity on the Internet. They have shifted attacks from push activities to pull techniques for the distribution of malwares and continue to provide economic advantages to the exploiters at the expense of other legitimate Internet service users. In our research we asked; what is the cost of the procedural steps for forensically investigating a Botnet attack? The research method applies investigation guidelines provided by other researchers and evaluates these guidelines in terms of the cost to a digital forensic investigator. We conclude that investigation of Botnet attacks is both possible and procedurally feasible for a forensic investigator; but that scope management is critical for controlling the cost of investigation. We recommend quantifying Botnet investigations into five levels of cost based on time, complexity and technical requirements. Keywords: Botnets, Cybercrime, Investigating, Techniques, Costs, Researc

Making Online Work, Work

Releasing the potential of online collaborative technologies in distributed work contexts is still a challenge for work systems managers. The availability of the technologies has outrun proven business models that can maximise the extraction of business value. Key problem areas remain in the management of online human interaction, control of business objectives within the medium, and risk management strategies. There are no easy technical solutions to these problems. In this paper the literature on online work systems is reviewed, key problem areas identified, and the solutions in the constrained human co-operation literature evaluated. The outcome variable demonstrates that traditional constraint models may be recast to explain some of the reported variation in online work systems

Enterprise Security Semantics

The rise in the use of the Internet and networks for doing online business has altered the ways Information Systems (IS) security is approached and the adoption of enterprise security models. The debate of Information Technology (IT) and business objectives has far-reaching consequences for the design of software and the management of the Business – IT interface. This paper is specifically concerned with conditioning the problem area of information security. The upsurge and continued use of the Internet as a general medium for doing business generates some security problems that have inadequate treatment (and hence conditioning for solutions) within the different worlds of IT and Business. The challenge is being met by the reworking of traditional network security approaches, and the development of new hybrid models

Assessing Business Value of IT and IS Risk: Security Issues

Enterprise systems have taken full advantage of Information Technology (IT) and Information Systems (IS) to innovate and to create business value. The principal business value for system is utility. System utility is a complex factor that has many contributing variables and the resultant of business value. The metrics of utility are measures such as up-time, customer satisfaction, and so on. In this paper the concern of security as the protection of information assets is discussed in relation to managing the risk of utility. Risk modeling has come under greater scrutiny since the collapse of global financial markets in 2008. A common criticism is that risk models disengage business layers and foster surrogates that anesthetize prudent virtues within the enterprise system. The discussion in this essay proceeds by elaborating current risk modeling trends and concludes by promoting an awareness of the changing scope and expectations for effective business security risk analysis

Steganographic checks in digital forensic investigation: A social networking case

Steganography is an ancient art that has received a mega boost in the digital age. Electronic communications are easily accessible by most people and have a wide range of opportunities to embed secret messages in a diverse range of cover objects. Our research questions were: What can an investigator do to check for hidden messages in social media? And, how much searching is enough? The testing was conducted in replicated social networking sites and digital images were selected as the cover objects. The research findings showed that steganography is as easy as sending an email and not much more difficult than downloading and using one of the many steganographic tools available online. Our advice is that investigators do check for hidden messaging in digital media and that the best practice guide developed be used as a minimal baseline

Acquisition of evidence from network intrusion detection systems

The literature reviewed suggests that Network Intrusion Systems (NIDS) are valuable tools for the detection of malicious behaviour in network environments. NIDS provide alerts and the trigger for rapid responses to attacks. Our previous research had shown that NIDS performance in wireless networks had a wide variation under different workloads. In this research we chose wired networks and asked the question: What is the evidential value of NIDS? Three different NIDS were tested under two different attacks and with six different packet rates. The results were alarming. As the work loading increased the NIDS detection capability fell rapidly and as the complexity of attack increased the NIDS detection capability fell more quickly. We conclude that NIDS have weak evidential value for either system improvement or legal admissibility

Managing wireless security risks in medical services

Medical systems are designed for a range of end users from different professional skill groups and people who carry the devices in and on their bodies. Open, accurate, and efficient communication is the priority for medical systems and consequently strong protection costs are traded against the utility benefits for open systems. In this paper we assess the vulnerabilities created by the professional and end user expectations, and theorise ways to mitigate wireless security vulnerabilities. The benefits of wireless medical services are great in terms of efficiencies, mobility, and information management. These benefits may be realised by treating the vulnerabilities and reducing the cost of adverse events. The purpose of this paper is to raise and to discuss key issues so that others may be motivated to treat the problems and to better optimise the trade-off for design improvement

Digital forensics investigative framework for control rooms in critical infrastructure

In this paper a cyber-forensic framework with a detailed guideline for protecting control systems is developed to improve the forensic capability for big data in critical infrastructures. The main objective of creating a cyber-forensic plan is to cover the essentials of monitoring, troubleshooting, data reconstruction, recovery, and the safety of classified information. The problem to be addressed in control rooms is the diversity and quantity of data, and for investigators, bringing together the different skill groups for managing data and device diversity. This research embraces establishing of a new digital forensic model for critical infrastructures that supports digital forensic investigators with the necessary information for conducting an advanced forensic investigation in Critical Infrastructures. The framework for investigation is presented here and elaborated. The extended work applies the framework to industry case studies and is not reported here

Evaluating IP surveillance camera vulnerabilities

Hacking of IP surveillance camera systems came to public attention in 2016 when the high bandwidth and resources were exploited for a massive DDoS attack that affected one third of all US Internet services. A review of previous studies show that a vast number of IP cameras have been hacked because the default usernames and passwords have not been changed from the factory defaults. In this research we asked, What are the vulnerabilities of an IP surveillance camera? The purpose of the study was to provide identification of vulnerabilities and guidance for the protection of surveillance camera systems. The research shows that the tested surveillance camera had many vulnerabilities and that there is urgency for distributing alerts and best practice guidelines