发布求助
文献互助 智能选刊 最新文献

J. Digit. Forensics Secur. Law最新文献

筛选
英文 中文
Accurate Modeling of The Siemens S7 SCADA Protocol For Intrusion Detection And Digital Forensic 西门子S7 SCADA协议入侵检测与数字取证的精确建模
J. Digit. Forensics Secur. Law Pub Date : 2014-09-17 DOI: 10.15394/JDFSL.2014.1169
A. Kleinmann, A. Wool
{"title":"Accurate Modeling of The Siemens S7 SCADA Protocol For Intrusion Detection And Digital Forensic","authors":"A. Kleinmann, A. Wool","doi":"10.15394/JDFSL.2014.1169","DOIUrl":"https://doi.org/10.15394/JDFSL.2014.1169","url":null,"abstract":"The Siemens S7 protocol is commonly used in SCADA systems for communications between a Human Machine Interface (HMI) and the Programmable Logic Controllers (PLCs). This paper presents a model-based Intrusion Detection Systems (IDS) designed for S7 networks. The approach is based on the key observation that S7 trac to and from a specic PLC is highly periodic; as a result, each HMI-PLC channel can be modeled using its own unique Deterministic Finite Automaton (DFA). The resulting DFA-based IDS is very sensitive and is able to ag anomalies such as a message appearing out of its position in the normal sequence or a message referring to a single unexpected bit. The intrusion detection approach was evaluated on trac from two production systems. Despite its high sensitivity, the system had a very low false positive rate - over 99.82% of the trac was identied as normal.","PeriodicalId":351663,"journal":{"name":"J. Digit. Forensics Secur. Law","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-09-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125832176","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 72
Multi-Stakeholder Case Prioritization in Digital Investigations 数字调查中的多利益相关者案例优先排序
J. Digit. Forensics Secur. Law Pub Date : 2014-09-17 DOI: 10.15394/jdfsl.2014.1171
Joshua James
{"title":"Multi-Stakeholder Case Prioritization in Digital Investigations","authors":"Joshua James","doi":"10.15394/jdfsl.2014.1171","DOIUrl":"https://doi.org/10.15394/jdfsl.2014.1171","url":null,"abstract":"This work examines the problem of case prioritization in digital investigations for better utilization of limited criminal investigation resources. Current methods of case prioritization, as well as observed prioritization methods used in digital forensic investigation laboratories are examined. After, a multi-stakeholder approach to case prioritization is given that may help reduce reputational risk to digital forensic laboratories while improving resource allocation. A survey is given that shows diering opinions of investigation priority between Law Enforcement and the public that is used in the development of a prioritization model. Finally, an example case is given to demonstrate the practicality of the proposed method.","PeriodicalId":351663,"journal":{"name":"J. Digit. Forensics Secur. Law","volume":"114 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-09-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131730157","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
Personal Denial Of Service (PDOS) Attacks: A Discussion and Exploration of a New Category of Cyber Crime 个人拒绝服务攻击:一种新型网络犯罪的探讨与探索
J. Digit. Forensics Secur. Law Pub Date : 2014-03-31 DOI: 10.15394/jdfsl.2014.1161
Michael R. Bartolacci, L. LeBlanc, Ashley L. Podhradsky
{"title":"Personal Denial Of Service (PDOS) Attacks: A Discussion and Exploration of a New Category of Cyber Crime","authors":"Michael R. Bartolacci, L. LeBlanc, Ashley L. Podhradsky","doi":"10.15394/jdfsl.2014.1161","DOIUrl":"https://doi.org/10.15394/jdfsl.2014.1161","url":null,"abstract":"The growth of the Internet has created a corresponding growth in Internet-based crimes and online misbehavior, particularly among younger computer-savvy people who learned the technical skills necessary for such activities throughout their entire lives. We define a new category of cyber crime called a Personal Denial of Service attack (PDOS). A PDOS is a cyber crime in which an individual deliberately prevents the access of an individual or small group to online services such as email or banking. Due to the nature of a PDOS, these acts can be overlooked by law enforcement and organizations that operate Internet infrastructure such as universities. We analyze a PDOS attack in the context of the Routine Activities Theory of criminal justice. We also surveyed university students to ascertain their attitudes towards online account breaches as related to a PDOS attack.  Our motivation for this work is twofold: to stress the need for cyber ethics education at the university level, and to illustrate how a previously uncategorized type of cyber crime is easily perpetrated in such an environment.","PeriodicalId":351663,"journal":{"name":"J. Digit. Forensics Secur. Law","volume":"87 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-03-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121928873","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
Hot Zone Identification: Analyzing Effects of Data Sampling on Spam Clustering 热点区识别:数据采样对垃圾邮件聚类的影响分析
J. Digit. Forensics Secur. Law Pub Date : 2014-03-31 DOI: 10.15394/JDFSL.2014.1164
R. Khan, M. Mizan, Ragib Hasan, A. Sprague
{"title":"Hot Zone Identification: Analyzing Effects of Data Sampling on Spam Clustering","authors":"R. Khan, M. Mizan, Ragib Hasan, A. Sprague","doi":"10.15394/JDFSL.2014.1164","DOIUrl":"https://doi.org/10.15394/JDFSL.2014.1164","url":null,"abstract":"Email is the most common and comparatively the most efficient means of exchanging information in today's world. However, given the widespread use of emails in all sectors, they have been the target of spammers since the beginning. Filtering spam emails has now led to critical actions such as forensic activities based on mining spam email. The data mine for spam emails at the University of Alabama at Birmingham is considered to be one of the most prominent resources for mining and identifying spam sources. It is a widely researched repository used by researchers from different global organizations. The usual process of mining the spam data involves going through every email in the data mine and clustering them based on their different attributes. However, given the size of the data mine, it takes an exceptionally long time to execute the clustering mechanism each time. In this paper, we have illustrated sampling as an efficient tool for data reduction, while preserving the information within the clusters, which would thus allow the spam forensic experts to quickly and effectively identify the ‘hot zone’ from the spam campaigns. We have provided detailed comparative analysis of the quality of the clusters after sampling, the overall distribution of clusters on the spam data, and timing measurements for our sampling approach. Additionally, we present different strategies which allowed us to optimize the sampling process using data-preprocessing and using the database engine's computational resources, and thus improving the performance of the clustering process.","PeriodicalId":351663,"journal":{"name":"J. Digit. Forensics Secur. Law","volume":"246 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-03-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116235324","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 11
Book Review: The Basics of Digital Forensics: The Primer for Getting Started in Digital Forensics 书评:数字取证的基础知识:入门数字取证
J. Digit. Forensics Secur. Law Pub Date : 2014-03-31 DOI: 10.15394/JDFSL.2014.1165
Stephen Larson
{"title":"Book Review: The Basics of Digital Forensics: The Primer for Getting Started in Digital Forensics","authors":"Stephen Larson","doi":"10.15394/JDFSL.2014.1165","DOIUrl":"https://doi.org/10.15394/JDFSL.2014.1165","url":null,"abstract":"Sammons, John. (2012). The Basics of Digital Forensics: The Primer for Getting Started in Digital Forensics. Waltham, MA: Syngress, 208 pages, Print Book ISBN: 9781597496612. eBook ISBN : 9781597496629. Print: US $29.95. eBook: US$20.97. Includes exercises, case studies, references, and index. Reviewed by Stephen Larson, PhD. Assistant Professor, Slippery Rock University of PA The Basics of Digital Forensics: The Primer for Getting Started in Digital Forensics is well-named–it really is very basic. And it should be, as the book’s intended audience includes entry-level digital forensics professionals and complimentary fields such as law enforcement, legal, and general information security. Though the copyright is 2012, some of the data is from 2009, and there is mention of estimates for 2010. (see PDF for full review)","PeriodicalId":351663,"journal":{"name":"J. Digit. Forensics Secur. Law","volume":"10 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-03-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133092043","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
Using Internet Artifacts to Profile a Child Pornography Suspect 利用互联网文物对儿童色情犯罪嫌疑人进行侧写
J. Digit. Forensics Secur. Law Pub Date : 2014-03-31 DOI: 10.15394/JDFSL.2014.1163
M. Rogers, Kathryn C. Seigfried-Spellar
{"title":"Using Internet Artifacts to Profile a Child Pornography Suspect","authors":"M. Rogers, Kathryn C. Seigfried-Spellar","doi":"10.15394/JDFSL.2014.1163","DOIUrl":"https://doi.org/10.15394/JDFSL.2014.1163","url":null,"abstract":"Digital evidence plays a crucial role in child pornography investigations. However, in the following case study, the authors argue that the behavioral analysis or “profiling” of digital evidence can also play a vital role in child pornography investigations. The following case study assessed the Internet Browsing History (Internet Explorer Bookmarks, Mozilla Bookmarks, and Mozilla History) from a suspected child pornography user’s computer. The suspect in this case claimed to be conducting an ad hoc law enforcement investigation. After the URLs were classified (Neutral; Adult Porn; Child Porn; Adult Dating sites; Pictures from Social Networking Profiles; Chat Sessions; Bestiality; Data Cleaning; Gay Porn), the Internet history files were statistically analyzed to determine prevalence and trends in Internet browsing. First, a frequency analysis was used to determine a baseline of online behavior. Results showed 54% ( n = 3205) of the URLs were classified as “neutral” and 38.8% ( n = 2265) of the URLs were classified as a porn website. Only 10.8% of the URLs were classified as child pornography websites. However when the IE history file was analyzed by visit, or “hit,” count, the Pictures/Profiles (31.5%) category had the highest visit count followed by Neutral (19.3%), Gay Porn (17%), and Child Porn (16.6%). When comparing the frequency of URLs to the Hit Count for each pornography type, it was noted that the accused was accessing gay porn, child porn, chat rooms, and picture profiles (i.e., from Facebook) more often than adult porn and neutral websites. The authors concluded that the suspect in this case was in fact a child pornography user and not an ad hoc investigator, and the findings from the behavioral analysis were admitted as evidence in the sentencing hearing for this case. The authors believe this case study illustrates the ability to conduct a behavioral analysis of digital evidence. More work is required to further validate the behavioral analysis process described, but the ability to infer the predilection for being a consumer of child pornography based on Internet artifacts may prove to be a powerful tool for investigators.","PeriodicalId":351663,"journal":{"name":"J. Digit. Forensics Secur. Law","volume":"147 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-03-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132745427","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 13
On Cyber Attacks and Signature Based Intrusion Detection for MODBUS Based Industrial Control Systems 基于MODBUS的工业控制系统的网络攻击和基于签名的入侵检测
J. Digit. Forensics Secur. Law Pub Date : 2014-03-31 DOI: 10.15394/JDFSL.2014.1162
W. Gao, T. Morris
{"title":"On Cyber Attacks and Signature Based Intrusion Detection for MODBUS Based Industrial Control Systems","authors":"W. Gao, T. Morris","doi":"10.15394/JDFSL.2014.1162","DOIUrl":"https://doi.org/10.15394/JDFSL.2014.1162","url":null,"abstract":"Industrial control system communication networks are vulnerable to reconnaissance, response injection, command injection, and denial of service attacks.  Such attacks can lead to an inability to monitor and control industrial control systems and can ultimately lead to system failure. This can result in financial loss for control system operators and economic and safety issues for the citizens who use these services.  This paper describes a set of 28 cyber attacks against industrial control systems which use the MODBUS application layer network protocol. The paper also describes a set of standalone and state based intrusion detection system rules which can be used to detect cyber attacks and to store evidence of attacks for post incident analysis. All attacks described in this paper were validated in a laboratory environment. The detection rate of the intrusion detection system rules presented by attack class is also presented.","PeriodicalId":351663,"journal":{"name":"J. Digit. Forensics Secur. Law","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-03-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129433961","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 70
Book Review: iPhone and iOS Forensic: Investigation, Analysis and Mobile Security for Apple iPhone, iPad and iOS Devices 《Forensic:针对苹果iPhone、iPad和iOS设备的调查、分析和移动安全》
J. Digit. Forensics Secur. Law Pub Date : 2013-12-31 DOI: 10.15394/JDFSL.2013.1157
S. Garfinkel
{"title":"Book Review: iPhone and iOS Forensic: Investigation, Analysis and Mobile Security for Apple iPhone, iPad and iOS Devices","authors":"S. Garfinkel","doi":"10.15394/JDFSL.2013.1157","DOIUrl":"https://doi.org/10.15394/JDFSL.2013.1157","url":null,"abstract":"Hoog, A., and Strzempka, K. (2011).  iPhone and iOS Forensic: Investigation, Analysis and Mobile Security for Apple iPhone, iPad and iOS Devices. Syngress, Elsevier, xv + 310 pages; ISBN-10: 1597496596; ISBN-13: 978-1597496599, $69.95 Reviewed by Simson Garfinkel, Naval Postgraduate School In April 2011 news outlets around the world revealed shocking news about Apple’s iPhone: for reasons that were not apparently clear, every iPhone contained a small SQLite database that logged where and when the user had been whenever the phone was turned on, and those records went back for pretty much as long as the user had owned their phone. Apple eventually declared that the data cache was the result of a bug and issued a software update to prune the database (it had previously grown without limit). Privacy activists rejoiced that their beloved iPhones were once again trustworthy. But forensics examiners just shook their heads: many had known about the iPhone’s tracking capabilities for more than a year and had kept quiet. They had made good use of that data. Apple’s pro-privacy patch was actually a setback for law enforcement. (see PDF for full review)","PeriodicalId":351663,"journal":{"name":"J. Digit. Forensics Secur. Law","volume":"40 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-12-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130466491","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Technology Corner: Calculating the Number of Android Lock Patterns: An Unfinished Study in Number Theory 技术角:计算Android锁模式的数量:一个未完成的数论研究
J. Digit. Forensics Secur. Law Pub Date : 2013-12-31 DOI: 10.15394/jdfsl.2013.1156
G. Kessler
{"title":"Technology Corner: Calculating the Number of Android Lock Patterns: An Unfinished Study in Number Theory","authors":"G. Kessler","doi":"10.15394/jdfsl.2013.1156","DOIUrl":"https://doi.org/10.15394/jdfsl.2013.1156","url":null,"abstract":"Although one is unlikely to ever want to brute-force an Android lock pattern, many do wonder about the relative strength of the lock pattern versus a multi-digit personal identification number (PIN). It becomes obvious pretty quickly that there are many more lock patterns than the 10,000 possible four-digit PINs. (see PDF for full technology corner)","PeriodicalId":351663,"journal":{"name":"J. Digit. Forensics Secur. Law","volume":"63 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-12-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130260089","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
The Advanced Data Acquisition Model (ADAM): A Process Model for Digital Forensic Practice 高级数据采集模型(ADAM):数字取证实践的过程模型
J. Digit. Forensics Secur. Law Pub Date : 2013-12-31 DOI: 10.15394/JDFSL.2013.1154
R. Adams, V. Hobbs, Graham A. Mann
{"title":"The Advanced Data Acquisition Model (ADAM): A Process Model for Digital Forensic Practice","authors":"R. Adams, V. Hobbs, Graham A. Mann","doi":"10.15394/JDFSL.2013.1154","DOIUrl":"https://doi.org/10.15394/JDFSL.2013.1154","url":null,"abstract":"As with other types of evidence, the courts make no presumption that digital evidence is reliable without some evidence of empirical testing in relation to the theories and techniques associated with its production. The issue of reliability means that courts pay close attention to the manner in which electronic evidence has been obtained and in particular the process in which the data is captured and stored. Previous process models have tended to focus on one particular area of digital forensic practice, such as law enforcement, and have not incorporated a formal description. We contend that this approach has prevented the establishment of generally accepted standards and processes that are urgently needed in the domain of digital forensics. This paper presents a generic process model as a step towards developing such a generally-accepted standard for a fundamental digital forensic activity-the acquisition of digital evidence.","PeriodicalId":351663,"journal":{"name":"J. Digit. Forensics Secur. Law","volume":"26 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-12-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126524946","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 57
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信