发布求助
文献互助 智能选刊 最新文献

2015 Ninth International Conference on IT Security Incident Management & IT Forensics最新文献

筛选
英文 中文
Supporting Forensic Design - A Course Profile to Teach Forensics 辅助法医学设计——法医学教学课程简介
2015 Ninth International Conference on IT Security Incident Management & IT Forensics Pub Date : 2015-05-18 DOI: 10.1109/IMF.2015.16
Stefan Kiltz, J. Dittmann, C. Vielhauer
{"title":"Supporting Forensic Design - A Course Profile to Teach Forensics","authors":"Stefan Kiltz, J. Dittmann, C. Vielhauer","doi":"10.1109/IMF.2015.16","DOIUrl":"https://doi.org/10.1109/IMF.2015.16","url":null,"abstract":"There is a growing demand for experts with a dedicated knowledge of forensics, especially in the domain of digital and digitised forensics, besides a general shortage of teaching of digital forensics. Further, there is prominent lack of standardisation in designing a curriculum [18]. We address this by offering the profile ForensikDesign@Informatik [23] to the bachelor's degree at university level. By teaching digital and digitised forensics, we propose a model-based approach combining the practitioners and the computer scientist's view [19], also to address the standardisation issue. We identify three main application areas: teaching conventional digital forensic examinations using existing tools and methods following the model-based approach, the design of new forensic tools and methods and the system design to achieve a desired degree of forensic readiness in the conflict field of a degree of anonymity. The last two application areas, we believe, also justify teaching at university level. We set an international focus, and highlight the science part of forensic sciences. Selected law aspects are addressed both for motivational and comparative purposes. We implement different teaching strategies and provide dedicated resources (technical, organisational and personnel). Finally, we outline the two options for the profile ForensikDesign@Informatik, depending on the effort of commitment by the students.","PeriodicalId":132870,"journal":{"name":"2015 Ninth International Conference on IT Security Incident Management & IT Forensics","volume":"31 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-05-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121538406","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 13
Windows NT pagefile.sys Virtual Memory Analysis Windows NT页面文件。sys虚拟内存分析
2015 Ninth International Conference on IT Security Incident Management & IT Forensics Pub Date : 2015-05-18 DOI: 10.1109/IMF.2015.10
M. Gruhn
{"title":"Windows NT pagefile.sys Virtual Memory Analysis","authors":"M. Gruhn","doi":"10.1109/IMF.2015.10","DOIUrl":"https://doi.org/10.1109/IMF.2015.10","url":null,"abstract":"As hard disk encryption, RAM disks, persistent data avoidance technology and memory resident malware become morewidespread, memory analysis becomes more important. In order to provide more virtual memory than is actually physicalpresent on a system, an operating system may transfer frames of memory to a pagefile on persistent storage. Current memoryanalysis software does not incorporate such pagefiles and thus misses important information. We therefore present a detailedanalysis of Windows NT paging. We use dynamic gray-box analysis, in which we place known data into virtual memory andexamine where it is mapped to, in either the physical memory or the pagefile, and cross-reference these findings with theWindows NT Research Kernel source code. We demonstrate how to decode the non-present page table entries, and accuratelyreconstruct the complete virtual memory space, including non-present memory pages on Windows NT systems using 32-bit,PAE or IA32e paging. Our analysis approach can be used to analyze other operating systems as well.","PeriodicalId":132870,"journal":{"name":"2015 Ninth International Conference on IT Security Incident Management & IT Forensics","volume":"193 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-05-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114402412","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 7
Recovery of SQLite Data Using Expired Indexes 使用过期索引恢复SQLite数据
2015 Ninth International Conference on IT Security Incident Management & IT Forensics Pub Date : 2015-05-18 DOI: 10.1109/IMF.2015.11
Felix Ramisch, Martin Rieger
{"title":"Recovery of SQLite Data Using Expired Indexes","authors":"Felix Ramisch, Martin Rieger","doi":"10.1109/IMF.2015.11","DOIUrl":"https://doi.org/10.1109/IMF.2015.11","url":null,"abstract":"SQLite databases have tremendous forensic potential. In addition to active data, expired data remain in the database file, if the option secure delete is not applied. Tests of available forensic tools show, that the indexes were not considered, although they may complete the recovery of the table structures. Algorithms for their recovery and combination with each other or with table data are worked out. A new tool, SQLite Index Recovery, was developed for this study. The use with test data and data of Apple Mail shows, that the recovery of indexes is possible and enriches the recovery of ordinary table data.","PeriodicalId":132870,"journal":{"name":"2015 Ninth International Conference on IT Security Incident Management & IT Forensics","volume":"156 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-05-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123471266","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 7
Latent Fingerprint Aging from a Hyperspectral Perspective: First Qualitative Degradation Studies Using UV/VIS Spectroscopy 高光谱视角下的潜在指纹老化:首次使用紫外/可见光谱进行定性降解研究
2015 Ninth International Conference on IT Security Incident Management & IT Forensics Pub Date : 2015-05-18 DOI: 10.1109/IMF.2015.18
R. Merkel
{"title":"Latent Fingerprint Aging from a Hyperspectral Perspective: First Qualitative Degradation Studies Using UV/VIS Spectroscopy","authors":"R. Merkel","doi":"10.1109/IMF.2015.18","DOIUrl":"https://doi.org/10.1109/IMF.2015.18","url":null,"abstract":"Latent print age estimation is an important topic in the emerging field of digitized crime scene forensics. While several capturing devices have recently been studied towards this goal, hyperspectral imaging in the UV/VIS (ultraviolet and visible light) range of the electromagnetic spectrum has not been investigated so far. Addressing this research gap, a first qualitative evaluation on the aging behavior of 30 latent print time series from 6 different donors is conducted, utilizing an optical reflection spectrometer. Results show more unpredictable aging tendencies in the ultraviolet spectral range, whereas a general logarithmic trend from prior work (using non-spectral capturing devices) is confirmed for the visible light band. Furthermore, a different behavior of eccrine and sebaceous print components is found, especially in the ultraviolet band, where sebaceous components seem to become reflective to the emitted radiation and might furthermore be utilized for studying longer aging periods in contrast to eccrine prints. Overall, the combined degradation information of the ultraviolet and the visible light band seem to provide the most reliable results for measuring a reproducible aging trend, serving as a potential opportunity to address the strong influence of different sweat compositions on the aging behavior of latent prints.","PeriodicalId":132870,"journal":{"name":"2015 Ninth International Conference on IT Security Incident Management & IT Forensics","volume":"23 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-05-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129659412","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
Towards Automated Incident Handling: How to Select an Appropriate Response against a Network-Based Attack? 迈向自动化事件处理:如何选择适当的响应来对抗基于网络的攻击?
2015 Ninth International Conference on IT Security Incident Management & IT Forensics Pub Date : 2015-05-18 DOI: 10.1109/IMF.2015.13
Sven Ossenbuhl, Jessica Steinberger, Harald Baier
{"title":"Towards Automated Incident Handling: How to Select an Appropriate Response against a Network-Based Attack?","authors":"Sven Ossenbuhl, Jessica Steinberger, Harald Baier","doi":"10.1109/IMF.2015.13","DOIUrl":"https://doi.org/10.1109/IMF.2015.13","url":null,"abstract":"The increasing amount of network-based attacks evolved to one of the top concerns responsible for network infrastructure and service outages. In order to counteract these threats, computer networks are monitored to detect malicious traffic and initiate suitable reactions. However, initiating a suitable reaction is a process of selecting an appropriate response related to the identified network-based attack. The process of selecting a response requires to take into account the economics of an reaction e.g., risks and benefits. The literature describes several response selection models, but they are not widely adopted. In addition, these models and their evaluation are often not reproducible due to closed testing data. In this paper, we introduce a new response selection model, called REASSESS, that allows to mitigate network-based attacks by incorporating an intuitive response selection process that evaluates negative and positive impacts associated with each countermeasure. We compare REASSESS with the response selection models of IE-IRS, ADEPTS, CS-IRS, and TVA and show that REASSESS is able to select the most appropriate response to an attack in consideration of the positive and negative impacts and thus reduces the effects caused by an network-based attack. Further, we show that REASSESS is aligned to the NIST incident life cycle. We expect REASSESS to help organizations to select the most appropriate response measure against a detected network-based attack, and hence contribute to mitigate them.","PeriodicalId":132870,"journal":{"name":"2015 Ninth International Conference on IT Security Incident Management & IT Forensics","volume":"49 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-05-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131986147","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 24
Conception of a Master Course for IT and Media Forensics Part II: Android Forensics IT和媒体取证硕士课程的概念第二部分:Android取证
2015 Ninth International Conference on IT Security Incident Management & IT Forensics Pub Date : 2015-05-18 DOI: 10.1109/IMF.2015.19
K. Bellin, R. Creutzburg
{"title":"Conception of a Master Course for IT and Media Forensics Part II: Android Forensics","authors":"K. Bellin, R. Creutzburg","doi":"10.1109/IMF.2015.19","DOIUrl":"https://doi.org/10.1109/IMF.2015.19","url":null,"abstract":"The growth of Android in the mobile sector and the interest to investigate these devices from a forensic point of view has rapidly increased. Many companies have security problems with mobile devices in their own IT infrastructure. To respond to these incidents, it is important to have professional trained staff. Furthermore, it is necessary to further train their existing employees in the practical applications of mobile forensics owing to the fact that a lot of companies are trusted with very sensitive data. Inspired by these facts, this paper addresses training approaches and practical exercises to investigate Android mobile devices.","PeriodicalId":132870,"journal":{"name":"2015 Ninth International Conference on IT Security Incident Management & IT Forensics","volume":"35 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-05-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123381660","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Smart Home Definition and Security Threats 智能家居定义和安全威胁
2015 Ninth International Conference on IT Security Incident Management & IT Forensics Pub Date : 2015-05-18 DOI: 10.1109/IMF.2015.17
M. Schiefer
{"title":"Smart Home Definition and Security Threats","authors":"M. Schiefer","doi":"10.1109/IMF.2015.17","DOIUrl":"https://doi.org/10.1109/IMF.2015.17","url":null,"abstract":"The home of the future should be a smart one, to support us in our daily life. Up to now only a few security incidents in that area are known. Depending on different security analyses, this fact is rather a result of the low spread of Smart Home products than the success of such systems security. Given that Smart Homes become more and more popular, we will consider current incidents and analyses to estimate potential security threats in the future. The definitions of a Smart Home drift widely apart. Thus we first need to define Smart Home for ourselves and additionally provide a way to categorize the big mass of products into smaller groups.","PeriodicalId":132870,"journal":{"name":"2015 Ninth International Conference on IT Security Incident Management & IT Forensics","volume":"67 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-05-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129753283","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 72
Improving the Detection of Encrypted Data on Storage Devices 提高对存储设备上加密数据的检测能力
2015 Ninth International Conference on IT Security Incident Management & IT Forensics Pub Date : 2015-05-18 DOI: 10.1109/IMF.2015.12
S. Thurner, M. Grun, S. Schmitt, Harald Baier
{"title":"Improving the Detection of Encrypted Data on Storage Devices","authors":"S. Thurner, M. Grun, S. Schmitt, Harald Baier","doi":"10.1109/IMF.2015.12","DOIUrl":"https://doi.org/10.1109/IMF.2015.12","url":null,"abstract":"The detection of persistently stored encrypted data plays an increasingly important role in digital forensics. This is especially true during live analysis of IT systems, when the encrypted data structures are temporarily decrypted in main memory and thus can be accessed as plaintext. One method commonly used to detect the presence of encrypted data on a storage device is the calculation of entropy. However, this method has a significant drawback: both random and compressed data have a very similar entropy compared to encrypted data, which yields a high false positive rate. That is why entropy is not very suitable to differentiate between these types of data.In this work we suggest both a workflow for detection of encrypted data structures on a storage device and an improved classification algorithm. The classification part of the workflow is based on statistical tests. For convenience of the investigator an important goal is to minimize the number of falsely classified unencrypted data structures (e.g. compressed data is classified as encrypted data). Our approach to achieve this goal is to combine different statistical tests. As a practical proof of concept we provide and evaluate a tool for automated analysis of storage devices that implements a multitude of statistical tests for improved detection of encrypted data, compared to both the application of only one such test and the calculation of entropy. More precisely our tool is able to reliably distinguish high-entropy file formats (i.e. DOCX, JPG, PDF, ZIP) from encrypted files (i.e. a truecrypt container).","PeriodicalId":132870,"journal":{"name":"2015 Ninth International Conference on IT Security Incident Management & IT Forensics","volume":"2004 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-05-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116051233","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
Platform Independent Malware Analysis Framework 平台独立的恶意软件分析框架
2015 Ninth International Conference on IT Security Incident Management & IT Forensics Pub Date : 2015-05-18 DOI: 10.1109/IMF.2015.21
Ulf Losche, Maik Morgenstern, H. Pilz
{"title":"Platform Independent Malware Analysis Framework","authors":"Ulf Losche, Maik Morgenstern, H. Pilz","doi":"10.1109/IMF.2015.21","DOIUrl":"https://doi.org/10.1109/IMF.2015.21","url":null,"abstract":"Over the past years malicious software has evolved to a persistent threat on all major computer platforms. Due tothe high number of new threats which are released every day security researchers have developed automatic systems toanalyze and classify unknown pieces of software. While these techniques are technically mature on the Windows platformthey still have to be improved on many other platforms such as Linux and Mac OS X. As the process of malware analysis isvery similar on all platforms we have developed a platform independent framework to easily implement malware analysison a new platform. This paper will cover our experience with malware analysis and we will show our generic approach,which can be applied on any platform.","PeriodicalId":132870,"journal":{"name":"2015 Ninth International Conference on IT Security Incident Management & IT Forensics","volume":"7 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-05-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134408135","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Mobile Payment Fraud: A Practical View on the Technical Architecture and Starting Points for Forensic Analysis of New Attack Scenarios 移动支付诈骗:新攻击场景取证分析技术架构与起点的实用视角
2015 Ninth International Conference on IT Security Incident Management & IT Forensics Pub Date : 2015-05-18 DOI: 10.1109/IMF.2015.14
Christof Kier, G. Madlmayr, Alexander Nawratil, Michael Schafferer, Christian Schanes, T. Grechenig
{"title":"Mobile Payment Fraud: A Practical View on the Technical Architecture and Starting Points for Forensic Analysis of New Attack Scenarios","authors":"Christof Kier, G. Madlmayr, Alexander Nawratil, Michael Schafferer, Christian Schanes, T. Grechenig","doi":"10.1109/IMF.2015.14","DOIUrl":"https://doi.org/10.1109/IMF.2015.14","url":null,"abstract":"As payment cards and mobile devices are equipped with Near Field Communication (NFC) technology, electronic payment transactions at physical Point of Sale (POS) environments are changing. Payment transactions do not require the customerto insert their card into a slot of the payment terminal. The customer is able to simply swipe the payment card or mobilephone in front of a dedicated zone of the terminal to initiate a payment transaction. Secure Elements (SEs) in mobile phonesand payment cards with NFC should keep sensitive application data in a save place to protect it from abuse by attackers.Although hardware and the operating system of such a chip has to go through an intensive process of security testing, thecurrent integration of such a chip in mobile phones easily allows attackers to access the information stored. In the followingpaper we present the implementation of two different proof-of-concept attacks. Out of the analysis of the attack scenarios, wepropose various starting points for the forensic analysis in order to detect such fraudulent transactions. The presented conceptshould lead to fewer fraudulent transactions as well as protected evidence in case of fraud.","PeriodicalId":132870,"journal":{"name":"2015 Ninth International Conference on IT Security Incident Management & IT Forensics","volume":"60 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-05-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124685778","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信