发布求助
文献互助 智能选刊 最新文献

2011 Sixth IEEE International Workshop on Systematic Approaches to Digital Forensic Engineering最新文献

筛选
英文 中文
Preparing for the Next Wikileaks: Making Forensics Techniques Work 为下一个维基解密做准备:让取证技术发挥作用
2011 Sixth IEEE International Workshop on Systematic Approaches to Digital Forensic Engineering Pub Date : 2011-05-05 DOI: 10.1109/SADFE.2011.14
R. Erbacher
{"title":"Preparing for the Next Wikileaks: Making Forensics Techniques Work","authors":"R. Erbacher","doi":"10.1109/SADFE.2011.14","DOIUrl":"https://doi.org/10.1109/SADFE.2011.14","url":null,"abstract":"The success of Manning in acquiring and releasing US State Department cables provides strong implications for the likelihood of similar insider threat attacks occurring again in the future. Such future attacks will likely employ more sophisticated methodologies. The first goal of this paper is to begin examining what such sophisticated insider threat attacks might include. Traditionally, organizations have avoided employing insider threat detection mechanisms due to the high rate of false positives and false negatives. This is a consequence of the chaotic nature and sheer volume of data needing analysis. A second goal of this paper is to begin proposing mechanism by which insider threat detection can be made feasible, especially in critical domains. More specifically this paper proposes multiple layers of event detection which when correlated over time will provide identification of significant irregularities requiring investigation.","PeriodicalId":264200,"journal":{"name":"2011 Sixth IEEE International Workshop on Systematic Approaches to Digital Forensic Engineering","volume":"32 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-05-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130550293","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
Computer Forensics And Electronic Evidence - Failure of Competent Computer Forensic Analysis And Other Computer-Related Acts As Ineffective Assistance Of Counsel 计算机取证和电子证据-作为律师无效协助的合格计算机取证分析和其他计算机相关行为的失败
2011 Sixth IEEE International Workshop on Systematic Approaches to Digital Forensic Engineering Pub Date : 2011-05-05 DOI: 10.1109/SADFE.2011.6
M. Losavio, D. Keeling
{"title":"Computer Forensics And Electronic Evidence - Failure of Competent Computer Forensic Analysis And Other Computer-Related Acts As Ineffective Assistance Of Counsel","authors":"M. Losavio, D. Keeling","doi":"10.1109/SADFE.2011.6","DOIUrl":"https://doi.org/10.1109/SADFE.2011.6","url":null,"abstract":"American defendants have the right to the effective assistance of counsel in criminal prosecutions pursuant to the Sixth Amendment to the U.S. Constitution. We examine how the effective assistance of counsel addresses competence and expertise with computer and digital forensics and electronic evidence. There is a floor of competence in modern litigation requiring competence as to the use of computer forensic services, at least in cases where electronic evidence is used. This is an area that is only now developing and which will continue to evolve. Examination of reported United States cases show a significant increase in the referenced use of computer forensics from 2004 through 2010, indicating significant growth in the use of digital forensics. Digital forensics has also been referenced by the courts, thought to a lesser degree. There are also the first reported cases to appear that assert defense counsel was ineffective for not using such counsel, asserting that counsel was not competent in that failure. The numbers of such cases, though, are too small to indicate anything other than the appearance of this concern as a matter required of competent counsel. Nonetheless, it may indicate a growing use and expectation of competence in the use of computer and digital forensic expertise in the analysis of electronic evidence.","PeriodicalId":264200,"journal":{"name":"2011 Sixth IEEE International Workshop on Systematic Approaches to Digital Forensic Engineering","volume":"6 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-05-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131261572","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
Characterizing Data Structures for Volatile Forensics 易失性取证的数据结构特征
2011 Sixth IEEE International Workshop on Systematic Approaches to Digital Forensic Engineering Pub Date : 2011-05-05 DOI: 10.1109/SADFE.2011.5
Ellick Chan, S. Venkataraman, Nadia Tkach, Kevin Larson, Alejandro Gutierrez, R. Campbell
{"title":"Characterizing Data Structures for Volatile Forensics","authors":"Ellick Chan, S. Venkataraman, Nadia Tkach, Kevin Larson, Alejandro Gutierrez, R. Campbell","doi":"10.1109/SADFE.2011.5","DOIUrl":"https://doi.org/10.1109/SADFE.2011.5","url":null,"abstract":"Volatile memory forensic tools can extract valuable evidence from latent data structures present in memory dumps. However, current techniques are generally limited by a lack of understanding of the underlying data without the use of expert knowledge. In this paper, we characterize the nature of such evidence by using deep analysis techniques to better understand the life-cycle and recoverability of latent program data in memory. We have developed Cafegrind, a tool that can systematically build an object map and track the use of data structures as a program is running. Statistics collected by our tool can show which data structures are the most numerous, which structures are the most frequently accessed and provide summary statistics to guide forensic analysts in the evidence gathering process. As programs grow increasingly complex and numerous, the ability to pinpoint specific evidence in memory dumps will be increasingly helpful. Cafegrind has been tested on a number of real-world applications and we have shown that it can successfully map up to 96% of heap accesses.","PeriodicalId":264200,"journal":{"name":"2011 Sixth IEEE International Workshop on Systematic Approaches to Digital Forensic Engineering","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-05-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127412638","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 12
Secure Digital Chains of Evidence 安全的数字证据链
2011 Sixth IEEE International Workshop on Systematic Approaches to Digital Forensic Engineering Pub Date : 2011-05-05 DOI: 10.1109/SADFE.2011.16
N. Kuntze, C. Rudolph
{"title":"Secure Digital Chains of Evidence","authors":"N. Kuntze, C. Rudolph","doi":"10.1109/SADFE.2011.16","DOIUrl":"https://doi.org/10.1109/SADFE.2011.16","url":null,"abstract":"Computers, mobile phones, embedded devices and other components of IT systems can often be easily manipulated. Therefore, in forensic use of digital evidence it is necessary to carefully check that the probative force of the evidence is sufficient. For applications where critical processes can lead to disputes and resolving disputed relies on digital evidence one open question is how to build the system in a way that secure digital evidence is available. This paper introduces the notion of secure digital chains of evidence and proposes a high-level architecture for systems that can provide such chains of evidence. Finally, possible building blocks are explored for the realisation of a distributed and heterogeneous system with support for secure digital chains of evidence.","PeriodicalId":264200,"journal":{"name":"2011 Sixth IEEE International Workshop on Systematic Approaches to Digital Forensic Engineering","volume":"13 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-05-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115374830","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 19
A Dual Cube Hashing Scheme for Solving LPP Integrity Problem 求解LPP完整性问题的对偶立方体哈希方案
2011 Sixth IEEE International Workshop on Systematic Approaches to Digital Forensic Engineering Pub Date : 2011-05-05 DOI: 10.1109/SADFE.2011.1
Jun-bin Fang, Z. L. Jiang, S. Yiu, K. Chow, L. Hui, Long Chen, X. Niu
{"title":"A Dual Cube Hashing Scheme for Solving LPP Integrity Problem","authors":"Jun-bin Fang, Z. L. Jiang, S. Yiu, K. Chow, L. Hui, Long Chen, X. Niu","doi":"10.1109/SADFE.2011.1","DOIUrl":"https://doi.org/10.1109/SADFE.2011.1","url":null,"abstract":"In digital forensics, data stored in a hard disk usually contains valuable evidence. Preserving the integrity of the data in the hard disk is a critical issue. A single hash value for the whole hard disk is not appropriate as the investigation may take a long time and latent sector errors (LSEs) (bad sectors due to media imperfection, for example) which cause a sector suddenly unreadable will make the hash value inconsistent. On the other hand, using a hash per sector may need to store a lot of hash values. Previous research has been conducted to use fewer hash values, but can resist some of LSEs to decrease the number of unverifiable sectors even if there are LSEs. This integrity problem is more complicated in the presence of Legal Professional Privileged (LPP) data inside a seized hard disk in digital forensic as the hard disk has to be cloned once seized and the original hard disk will be sealed after cloning. Hash values need to be computed during this cloning process. However, the cloned copy will be returned to the suspect for the deletion of LPP data before the investigator can work on the sanitized copy. Thus, the integrity of unmodified sectors has to be verified using the hash values computed based on the original hard disk. This paper found that existing schemes are not good enough to solve the integrity problem in the presence of both LSEs and deletion of LPP data. We then propose the idea of a “Dual Cube” hashing scheme to solve the problem. The experiments show the proposed scheme performs better than the previous schemes and fits easily into the digital forensic procedure.","PeriodicalId":264200,"journal":{"name":"2011 Sixth IEEE International Workshop on Systematic Approaches to Digital Forensic Engineering","volume":"23 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-05-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115775972","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Building Open and Scalable Digital Forensic Tools 构建开放和可扩展的数字取证工具
2011 Sixth IEEE International Workshop on Systematic Approaches to Digital Forensic Engineering Pub Date : 2011-05-05 DOI: 10.1109/SADFE.2011.3
Vassil Roussev
{"title":"Building Open and Scalable Digital Forensic Tools","authors":"Vassil Roussev","doi":"10.1109/SADFE.2011.3","DOIUrl":"https://doi.org/10.1109/SADFE.2011.3","url":null,"abstract":"We define a digital forensic investigative process as scalable if it can keep the average time per investigation constant in the face of growing target sizes and diversity. In technical terms, we consider scalability in terms of speed, cost, extensibility, and user interface abstractions. We argue that both commercial and open source products are showing a growing disconnect with actual scalability needs of digital forensic practice. In our view, the current technical approaches need to be rethought from the ground up. We put forward the idea that a new generation of technologies developed for the Internet should be adapted as the architectural basis for developing the new generation of open and scalable forensic tools.","PeriodicalId":264200,"journal":{"name":"2011 Sixth IEEE International Workshop on Systematic Approaches to Digital Forensic Engineering","volume":"13 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-05-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122270300","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 10
Technical Issues of Forensic Investigations in Cloud Computing Environments 云计算环境下法医调查的技术问题
2011 Sixth IEEE International Workshop on Systematic Approaches to Digital Forensic Engineering Pub Date : 2011-05-05 DOI: 10.1109/SADFE.2011.17
Dominik Birk, Chris Wegener
{"title":"Technical Issues of Forensic Investigations in Cloud Computing Environments","authors":"Dominik Birk, Chris Wegener","doi":"10.1109/SADFE.2011.17","DOIUrl":"https://doi.org/10.1109/SADFE.2011.17","url":null,"abstract":"Cloud Computing is arguably one of the most discussed information technologies today. It presents many promising technological and economical opportunities. However, many customers remain reluctant to move their business IT infrastructure completely to the cloud. One of their main concerns is Cloud Security and the threat of the unknown. Cloud Service Providers (CSP) encourage this perception by not letting their customers see what is behind their virtual curtain. A seldomly discussed, but in this regard highly relevant open issue is the ability to perform digital investigations. This continues to fuel insecurity on the sides of both providers and customers. Cloud Forensics constitutes a new and disruptive challenge for investigators. Due to the decentralized nature of data processing in the cloud, traditional approaches to evidence collection and recovery are no longer practical. This paper focuses on the technical aspects of digital forensics in distributed cloud environments. We contribute by assessing whether it is possible for the customer of cloud computing services to perform a traditional digital investigation from a technical point of view. Furthermore we discuss possible solutions and possible new methodologies helping customers to perform such investigations.","PeriodicalId":264200,"journal":{"name":"2011 Sixth IEEE International Workshop on Systematic Approaches to Digital Forensic Engineering","volume":"440 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-05-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126992708","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 232
Protecting Digital Data Privacy in Computer Forensic Examination 在电脑法证检验中保障数码资料私隐
2011 Sixth IEEE International Workshop on Systematic Approaches to Digital Forensic Engineering Pub Date : 2011-05-05 DOI: 10.1109/SADFE.2011.15
F. Law, Patrick P. F. Chan, S. Yiu, K. Chow, M. Kwan, Hayson Tse, P. Lai
{"title":"Protecting Digital Data Privacy in Computer Forensic Examination","authors":"F. Law, Patrick P. F. Chan, S. Yiu, K. Chow, M. Kwan, Hayson Tse, P. Lai","doi":"10.1109/SADFE.2011.15","DOIUrl":"https://doi.org/10.1109/SADFE.2011.15","url":null,"abstract":"Privacy is a fundamental human right defined in the Universal Declaration of Human Rights. To enable the protection of data privacy, personal data that are not related to the investigation subject should be excluded during computer forensic examination. In the physical world, protection of privacy is controlled and regulated in most countries by laws. Legislation for handling private data has been established in various jurisdictions. In the modern world, the massive use of computers generates a huge amount of private data and there is correspondingly an increased expectation to recognize and respect human rights in digital investigation. However, there does not exist a forensically sound model for protecting private data in the context of digital investigation, and it poses a threat to privacy if the investigation involves the processing of such kind of data. In this paper, we try to address this important issue and present a cryptographic model designed to be incorporated into the current digital investigation framework, thereby adding a possible way to protect data privacy in digital investigation.","PeriodicalId":264200,"journal":{"name":"2011 Sixth IEEE International Workshop on Systematic Approaches to Digital Forensic Engineering","volume":"46 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-05-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121640304","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 38
Fuzzy Trace Validation: Toward an Offline Forensic Tracking Framework 模糊跟踪验证:走向离线取证跟踪框架
2011 Sixth IEEE International Workshop on Systematic Approaches to Digital Forensic Engineering Pub Date : 2011-05-05 DOI: 10.1109/SADFE.2011.8
S. Al-Kuwari, S. Wolthusen
{"title":"Fuzzy Trace Validation: Toward an Offline Forensic Tracking Framework","authors":"S. Al-Kuwari, S. Wolthusen","doi":"10.1109/SADFE.2011.8","DOIUrl":"https://doi.org/10.1109/SADFE.2011.8","url":null,"abstract":"Traditional digital forensics has been almost exclusively concerned with extracting digital traces from electronic devices to reconstruct events surrounding a particular crime. However, it might be equally important to extract complementary physical traces to learn not only about the digital activities of the suspects, but also their physical ones. In this paper, we motivate this relatively new line of research that is actually a hybrid between digital and computational forensics, we call it “offline forensic tracking” where mobility traces of an individual is reconstructed from a set of incomplete traces. We propose a reconstruction framework under various mobility models and briefly discuss how it can adopt a fuzzy Bayesian approach to reconstruct the traces. Beside reconstruction, it is also important to validate the available traces which the reconstructed ones will be based on. Therefore, as a second contribution, we show how to carry out trace validation using fuzzy logic.","PeriodicalId":264200,"journal":{"name":"2011 Sixth IEEE International Workshop on Systematic Approaches to Digital Forensic Engineering","volume":"4 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-05-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122457483","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
Host Identification via USB Fingerprinting 主机识别通过USB指纹
2011 Sixth IEEE International Workshop on Systematic Approaches to Digital Forensic Engineering Pub Date : 2011-05-05 DOI: 10.1109/SADFE.2011.9
Lara Letaw, Joe Pletcher, Kevin R. B. Butler
{"title":"Host Identification via USB Fingerprinting","authors":"Lara Letaw, Joe Pletcher, Kevin R. B. Butler","doi":"10.1109/SADFE.2011.9","DOIUrl":"https://doi.org/10.1109/SADFE.2011.9","url":null,"abstract":"Determining a computer's identity is a challenge of critical importance to a forensics investigator. However, relay and impersonation attacks can defeat even computers that contain trusted computing hardware. In this paper, we consider how to leverage the virtually ubiquitous USB interface to uniquely identify computers based on the characteristics of their hardware, firmware, and software USB stacks. We use a USB protocol analyzer to collect data on 24 machines connected to a range of different USB devices, and demonstrate through machine learning classification techniques that we can differentiate not only between operating systems, but between seemingly unnoticeable differences in machine model types as well. We also show that we can differentiate between real and virtualized hosts responding to USB stimuli, and point to new ways of recognizing remote attacks. These results are a first step in showing that USB is a novel and effective means of identifying machines, and a valuable tool in the arsenal of a forensics kit.","PeriodicalId":264200,"journal":{"name":"2011 Sixth IEEE International Workshop on Systematic Approaches to Digital Forensic Engineering","volume":"48 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-05-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130567535","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 23
下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信