发布求助
文献互助 智能选刊 最新文献

2008 Third International Annual Workshop on Digital Forensics and Incident Analysis最新文献

筛选
英文 中文
An Investigation into the Development of an Anti-forensic Tool to Obscure USB Flash Drive Device Information on a Windows XP Platform Windows XP平台上USB设备信息反取证模糊工具的开发研究
2008 Third International Annual Workshop on Digital Forensics and Incident Analysis Pub Date : 2008-10-09 DOI: 10.1109/WDFIA.2008.13
P. Thomas, Alun Morris
{"title":"An Investigation into the Development of an Anti-forensic Tool to Obscure USB Flash Drive Device Information on a Windows XP Platform","authors":"P. Thomas, Alun Morris","doi":"10.1109/WDFIA.2008.13","DOIUrl":"https://doi.org/10.1109/WDFIA.2008.13","url":null,"abstract":"When a USB flash drive is plugged into a Windows XP computer, a number of registry settings and log files are automatically updated that reflect the use of the USB flash drive. This information is often important in criminal proceedings where the use of a USB flash drive can be shown to have copied data to and from the computer. The aim of this work was to evaluate the information that can identify USB flash drive usage on a Windows XP computer and to understand how that information could be used by a computer forensics investigator. A tool was produced to perform a function that allowed the amendment of the information concerned with USB flash device usage. This amendment of data will be intentional and deliberate and can therefore be defined as being an anti forensics tool.","PeriodicalId":259636,"journal":{"name":"2008 Third International Annual Workshop on Digital Forensics and Incident Analysis","volume":"17 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126067247","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 14
Global Positioning Systems: Analysis Principles and Sources of Evidence in User Devices 全球定位系统:用户设备中的分析原则和证据来源
2008 Third International Annual Workshop on Digital Forensics and Incident Analysis Pub Date : 2008-10-09 DOI: 10.1109/WDFIA.2008.12
D. Jones, I. Sutherland, T. Tryfonas
{"title":"Global Positioning Systems: Analysis Principles and Sources of Evidence in User Devices","authors":"D. Jones, I. Sutherland, T. Tryfonas","doi":"10.1109/WDFIA.2008.12","DOIUrl":"https://doi.org/10.1109/WDFIA.2008.12","url":null,"abstract":"The growing popularity of Global Positioning Systems and other location-based telecommunications service provision provide a further potential source of data for the forensic investigator. Network- or device located information may have evidential value in supporting a case by providing details or proof of visited locations, navigation through particular routes,or communications with third parties. In this paper we focus on the examination of the end users portable device and we highlight the nature and locations where potential evidence may be left behind.","PeriodicalId":259636,"journal":{"name":"2008 Third International Annual Workshop on Digital Forensics and Incident Analysis","volume":"33 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128131657","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
Forensic Value of Backscatter from Email Spam 垃圾邮件反向散射的法医学价值
2008 Third International Annual Workshop on Digital Forensics and Incident Analysis Pub Date : 2008-10-09 DOI: 10.1109/WDFIA.2008.10
C. Fuhrman
{"title":"Forensic Value of Backscatter from Email Spam","authors":"C. Fuhrman","doi":"10.1109/WDFIA.2008.10","DOIUrl":"https://doi.org/10.1109/WDFIA.2008.10","url":null,"abstract":"Email backscatter is a side effect of email spam, viruses or worms. When a spam or malware-laden email is sent, it nearly always has a forged sender address. If this email fails to reach its recipient, e.g., because the recipientpsilas mailbox is full or the recipient has set up an out-of-the-office auto-responder, the recipientpsilas mail system may attempt to generate and send an automated message replying to the forged sender. This unsolicited message sent to the forged sender is an email backscatter. On massive email spam runs where the same address (or domain) is forged as the sender, there can be significant amounts of backscatter email to the forged address. We consider potential forensic value in the analysis of email backscatter, for example, the times when certain compromised machines were used to send spams. We present results of an analysis performed with our Backscatter Email Analysis Tool (BEAT) of a massive backscatter incident that occurred in mid April, 2008.","PeriodicalId":259636,"journal":{"name":"2008 Third International Annual Workshop on Digital Forensics and Incident Analysis","volume":"83 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124136992","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
Malicious Hosts Detection through Truth Powered Approach 基于真相驱动方法的恶意主机检测
2008 Third International Annual Workshop on Digital Forensics and Incident Analysis Pub Date : 2008-10-09 DOI: 10.1109/WDFIA.2008.6
M. Chihoub
{"title":"Malicious Hosts Detection through Truth Powered Approach","authors":"M. Chihoub","doi":"10.1109/WDFIA.2008.6","DOIUrl":"https://doi.org/10.1109/WDFIA.2008.6","url":null,"abstract":"The widespread adoption of mobile agents as a best appropriate mean for supporting distributed computing is facing the major problem of security. The subtle issue of malicious hosts is by far the most difficult facet of this concern. Many various solutions had been reported in the area of mobile agentspsila trustworthiness, varying from tamper free hardware to pure software protocols. Nonetheless, none is fully satisfactory. This paper addresses the issues of mobile agentspsila trustworthiness in a new basis. In fact, our approach uses a mediation procedure, resorting at last to a mechanism enforcing the truth where the malicious character of a host is unambiguously reported. The core ideas of our approach are new. However, the principles driving them were around for years, since the era of distributed systems investigations. This paper will develop the issues raised by our approach.","PeriodicalId":259636,"journal":{"name":"2008 Third International Annual Workshop on Digital Forensics and Incident Analysis","volume":"43 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134188798","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Determining Culpability in Investigations of Malicious E-mail Dissemination within the Organisation 在机构内调查恶意电子邮件传播的罪责确定
2008 Third International Annual Workshop on Digital Forensics and Incident Analysis Pub Date : 2008-10-09 DOI: 10.1109/WDFIA.2008.8
J. Haggerty, M. Taylor, D. Gresty
{"title":"Determining Culpability in Investigations of Malicious E-mail Dissemination within the Organisation","authors":"J. Haggerty, M. Taylor, D. Gresty","doi":"10.1109/WDFIA.2008.8","DOIUrl":"https://doi.org/10.1109/WDFIA.2008.8","url":null,"abstract":"Investigating cases of e-mail misuse within an organization (e.g. sexist / racist content, offensive material, etc.) to determine culpability can be a complex process. Such investigations are less likely to result in a formal prosecution, but are more likely to end in disciplinary action. In a criminal investigation, the evidence is collected, analyzed and then presented to the court. In an internal corporate forensics investigation, management must not only assess evidence to determine culpability, but must also determine appropriate levels of corporate discipline to be applied. These range from informal verbal warnings through formal verbal and written warnings, to suspension or termination of employment. Such a process may often be conducted by management who have no experience of the investigatory process. The social network analysis approach presented in this paper can be used not only to analyze and appreciate what can be a complex sequence of events involved in e-mail misuse, but also to determine levels of culpability.","PeriodicalId":259636,"journal":{"name":"2008 Third International Annual Workshop on Digital Forensics and Incident Analysis","volume":"2 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127731514","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 9
Detecting and Manipulating Compressed Alternate Data Streams in a Forensics Investigation 在取证调查中检测和操纵压缩交替数据流
2008 Third International Annual Workshop on Digital Forensics and Incident Analysis Pub Date : 2008-10-09 DOI: 10.1109/WDFIA.2008.9
Adamantini Martini, Alexandros Zaharis, C. Ilioudis
{"title":"Detecting and Manipulating Compressed Alternate Data Streams in a Forensics Investigation","authors":"Adamantini Martini, Alexandros Zaharis, C. Ilioudis","doi":"10.1109/WDFIA.2008.9","DOIUrl":"https://doi.org/10.1109/WDFIA.2008.9","url":null,"abstract":"Data hiding technique through alternate data streams in compressed form is poorly documented and less known among forensic experts. This paper deals with the documentation of compressed ADS and their attributes concerning hiding information, provides a simple technique of creating compressed ADS and using it in a malicious manner. Finally a method is presented in order to detect and manipulate ADS in a proper way, complying with the computer forensic techniques.","PeriodicalId":259636,"journal":{"name":"2008 Third International Annual Workshop on Digital Forensics and Incident Analysis","volume":"25 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115674812","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 7
Two-Dimensional Evidence Reliability Amplification Process Model for Digital Forensics 数字取证二维证据可靠性放大过程模型
2008 Third International Annual Workshop on Digital Forensics and Incident Analysis Pub Date : 2008-10-09 DOI: 10.1109/WDFIA.2008.11
M. Khatir, S.M. Hejazi, E. Sneiders
{"title":"Two-Dimensional Evidence Reliability Amplification Process Model for Digital Forensics","authors":"M. Khatir, S.M. Hejazi, E. Sneiders","doi":"10.1109/WDFIA.2008.11","DOIUrl":"https://doi.org/10.1109/WDFIA.2008.11","url":null,"abstract":"Being related to law and state-of-the-art technology, digital forensics needs more discipline than traditional forensics. The variety of types of crimes, distribution of networks and complexity of information and communication technology, add to the complexity of the process of digital investigations. A rigorous and flexible process model is needed to overcome challenges and obstacles in this area. In this paper we propose a digital forensics process, called \"two-dimensional evidence reliability amplification process model\", which presents a detailed digital forensic process model in five main phases and different roles to perform it. At the same time, this iterative process addresses four essential tasks as the umbrella activities that are applicable across all phases and sub-phases. We have also developed a hypothetical solution based on intersection of events and exploit mathematical operations and symbols for making an algorithm to increase the reliability of evidence. This process model is detailed enough to describe the investigation process so that it could possibly provide a guideline that investigators can take advantage of it during a forensics investigation process.","PeriodicalId":259636,"journal":{"name":"2008 Third International Annual Workshop on Digital Forensics and Incident Analysis","volume":"7 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121465805","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 33
Cyber-Crime Investigations: Complex Collaborative Decision Making 网络犯罪调查:复杂的协同决策
2008 Third International Annual Workshop on Digital Forensics and Incident Analysis Pub Date : 2008-10-09 DOI: 10.1109/WDFIA.2008.7
Peter M. Bednar, Vasilios Katos, C. Hennell, Peter M. Bednar
{"title":"Cyber-Crime Investigations: Complex Collaborative Decision Making","authors":"Peter M. Bednar, Vasilios Katos, C. Hennell, Peter M. Bednar","doi":"10.1109/WDFIA.2008.7","DOIUrl":"https://doi.org/10.1109/WDFIA.2008.7","url":null,"abstract":"This paper reports on the challenges computer forensic investigators face in relation to collaborative decision making, communication and coordination.The opportunities, operational environment and modus operandi of a cyber criminal are considered and used to develop the requirements in terms of both skill sets and procedural support a forensics investigator should have in order to respond to the respective threat vectors. As such, we show how a published framework for systemic thinking can be fit for purpose for supporting the collaborative enquiry and decision-making process.","PeriodicalId":259636,"journal":{"name":"2008 Third International Annual Workshop on Digital Forensics and Incident Analysis","volume":"130 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123404979","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 9
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信