发布求助
文献互助 智能选刊 最新文献

2008 Third International Workshop on Systematic Approaches to Digital Forensic Engineering最新文献

筛选
英文 中文
A Research Configuration for a Digital Network Forensic Lab 数字网络取证实验室的研究配置
2008 Third International Workshop on Systematic Approaches to Digital Forensic Engineering Pub Date : 2008-05-22 DOI: 10.1109/SADFE.2008.23
Jeffrey S. Marean, M. Losavio, Ibrahim N. Imam
{"title":"A Research Configuration for a Digital Network Forensic Lab","authors":"Jeffrey S. Marean, M. Losavio, Ibrahim N. Imam","doi":"10.1109/SADFE.2008.23","DOIUrl":"https://doi.org/10.1109/SADFE.2008.23","url":null,"abstract":"Summary form only given. The digital forensic network lab is implemented with the goal of providing all students and faculty with a configurable research environment ideally suited for conducting network forensic testing on all TCP/IP network protocols passing through it. Of particular interest are protocols that are commonly used for file sharing, message passing, and those that actively obfuscate or encrypt message traffic. Notably, Bit Torrent protocol, P2P protocols, IM (instant messaging) protocols, and anonymizing protocols such as I2P, Thor, and Freenet. Items of interest in protocol analysis include packet payload, sender and receiver real IP address, and crypto analysis.The forensic test bed consists of an a main node populated with a Cisco WAN router. This is the master router for the lab. It routes internal traffic between the three research nodes and selected outside networks. Populating the a node and the two remote nodes, B and C, are a combination of a Cisco routers, Cisco firewalls, Cisco switches, and computers. Each node has five dual core X86 computers capable of running combinations of Linux x86- 32 or -64 OS's, Microsoft x86-32 or -64 OS's, and, if necessary, both OS's can be configured to either use Microsoft, VMWare or Xen virtualization software. The a main node is connected remotely to the C node via a campus fast Ethernet circuit. While the B node, co-located with the a main node, is connected together via a fast Ethernet and Tl circuit. To increase the infrastructure component of the lab we have the ability to selectively place the forensic lab into an existing classroom domain for wider access to students and faculty researchers.","PeriodicalId":391486,"journal":{"name":"2008 Third International Workshop on Systematic Approaches to Digital Forensic Engineering","volume":"16 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-05-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115624046","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Implications of Attorney Experiences with Digital Forensics and Electronic Evidence in the United States 美国律师在数字取证和电子证据方面的经验启示
2008 Third International Workshop on Systematic Approaches to Digital Forensic Engineering Pub Date : 2008-05-22 DOI: 10.1109/SADFE.2008.11
M. Losavio, D. Keeling, Adel Said Elmaghraby, George E. Higgins, J. Shutt
{"title":"Implications of Attorney Experiences with Digital Forensics and Electronic Evidence in the United States","authors":"M. Losavio, D. Keeling, Adel Said Elmaghraby, George E. Higgins, J. Shutt","doi":"10.1109/SADFE.2008.11","DOIUrl":"https://doi.org/10.1109/SADFE.2008.11","url":null,"abstract":"The experiences of lawyers with electronic evidence and digital forensics are examined. The assessment indicates disparate experiences based on case type as to 1) the use of different types of electronic evidence, 2) disputes over that use and 3) utilization of digital forensics experts. Further study indicates use of electronic evidence continues to increase, from which we infer increased challenges to the reliability of digital forensic testimony.","PeriodicalId":391486,"journal":{"name":"2008 Third International Workshop on Systematic Approaches to Digital Forensic Engineering","volume":"14 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-05-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124565187","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
SÁDI - Statistical Analysis for Data Type Identification SÁDI -数据类型识别的统计分析
2008 Third International Workshop on Systematic Approaches to Digital Forensic Engineering Pub Date : 2008-05-22 DOI: 10.1109/SADFE.2008.13
Sarah J. Moody, R. Erbacher
{"title":"SÁDI - Statistical Analysis for Data Type Identification","authors":"Sarah J. Moody, R. Erbacher","doi":"10.1109/SADFE.2008.13","DOIUrl":"https://doi.org/10.1109/SADFE.2008.13","url":null,"abstract":"A key task in digital forensic analysis is the location of relevant information within the computer system. Identification of the relevancy of data is often dependent upon the identification of the type of data being examined. Typical file type identification is based upon file extension or magic keys. These typical techniques fail in many typical forensic analysis scenarios such as needing to deal with embedded data, such as with Microsoft Word files, or file fragments. The SADI (Statistical Analysis Data Identification) technique applies statistical analysis of the byte values of the data in such a way that the accuracy of the technique does not rely on the potentially misleading metadata information but rather the values of the data itself. The development of SADI provides the capability to identify what digitally stored data actually represents and will also allow for the selective extraction of portions of the data for additional investigation; i.e., in the case of embedded data. Thus, our research provides a more effective type identification technique that does not fail on file fragments, embedded data types, or with obfuscated data.","PeriodicalId":391486,"journal":{"name":"2008 Third International Workshop on Systematic Approaches to Digital Forensic Engineering","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-05-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122659787","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 45
Finding the Evidence in Tamper-Evident Logs 在可篡改日志中查找证据
2008 Third International Workshop on Systematic Approaches to Digital Forensic Engineering Pub Date : 2008-05-22 DOI: 10.1109/SADFE.2008.22
Daniel Sandler, Kyle Derr, Scott A. Crosby, D. Wallach
{"title":"Finding the Evidence in Tamper-Evident Logs","authors":"Daniel Sandler, Kyle Derr, Scott A. Crosby, D. Wallach","doi":"10.1109/SADFE.2008.22","DOIUrl":"https://doi.org/10.1109/SADFE.2008.22","url":null,"abstract":"Secure logs are powerful tools for building systems that must resist forgery, prove temporal relationships, and stand up to forensic scrutiny. The proofs of order and integrity encoded in these tamper-evident chronological records, typically built using hash chaining, may be used by applications to enforce operating constraints or sound alarms at suspicious activity. However, existing research stops short of discussing how one might go about automatically determining whether a given secure log satisfies a given set of constraints on its records. In this paper, we discuss our work on Querifier, a tool that accomplishes this. It can be used offline as an analyzer for static logs, or online during the runtime of a logging application. Querifier rules are written in a flexible pattern-matching language that adapts to arbitrary log structures; given a set of rules and available log data, Querifier presents evidence of correctness and offers counterexamples if desired. We describe Querfier's implementation and offer early performance results.","PeriodicalId":391486,"journal":{"name":"2008 Third International Workshop on Systematic Approaches to Digital Forensic Engineering","volume":"21 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-05-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128741771","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 12
Protecting Digital Legal Professional Privilege (LPP) Data 保护数字法律专业特权(LPP)数据
2008 Third International Workshop on Systematic Approaches to Digital Forensic Engineering Pub Date : 2008-05-22 DOI: 10.1109/SADFE.2008.19
F. Law, P. Lai, Z. L. Jiang, R. Ieong, M. Kwan, K. Chow, L. Hui, S. Yiu, C. Chong
{"title":"Protecting Digital Legal Professional Privilege (LPP) Data","authors":"F. Law, P. Lai, Z. L. Jiang, R. Ieong, M. Kwan, K. Chow, L. Hui, S. Yiu, C. Chong","doi":"10.1109/SADFE.2008.19","DOIUrl":"https://doi.org/10.1109/SADFE.2008.19","url":null,"abstract":"To enable free communication between legal advisor and his client for proper functioning of the legal system, certain documents, known as legal professional privilege (TPP) documents, can be excluded as evidence for prosecution. In physical world, protection of TPP information is well addressed and proper procedure for handling TPP articles has been established. However, there does not exist a forensically sound procedure for protecting \"digital\" TPP information. In this paper, we try to address this important, but rarely addressed, issue. We point out the difficulties of handling digital TPP data and discuss the shortcomings of the current practices, then we propose a feasible procedure for solving this problem.","PeriodicalId":391486,"journal":{"name":"2008 Third International Workshop on Systematic Approaches to Digital Forensic Engineering","volume":"40 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-05-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133954136","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 8
Combining Physical and Digital Evidence in Vehicle Environments 结合车辆环境中的物理和数字证据
2008 Third International Workshop on Systematic Approaches to Digital Forensic Engineering Pub Date : 2008-05-22 DOI: 10.1109/SADFE.2008.10
D. Nilsson, U. Larson
{"title":"Combining Physical and Digital Evidence in Vehicle Environments","authors":"D. Nilsson, U. Larson","doi":"10.1109/SADFE.2008.10","DOIUrl":"https://doi.org/10.1109/SADFE.2008.10","url":null,"abstract":"Traditional forensic investigations of vehicles aims at gathering physical evidence since most crimes involving vehicles are physical. However, in the near future digital crimes on vehicles will most likely surge, and therefore it will be necessary to also gather digital evidence. In this paper, we investigate the possibilities of combining physical and digital evidence in forensic investigations of vehicle crime scenes. We show that digital evidence can be used to improve the investigation of physical crimes and, respectively, that physical evidence can be used to improve the investigation of digital crimes. We also recognize that by gathering purely physical or digital evidence certain crimes cannot be solved. Finally, we show that by combining physical and digital evidence it is possible to distinguish between different types of physical and digital crime.","PeriodicalId":391486,"journal":{"name":"2008 Third International Workshop on Systematic Approaches to Digital Forensic Engineering","volume":"32 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-05-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129358443","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 16
Legal Issues Pertaining to the Development of Digital Forensic Tools 与数字取证工具发展有关的法律问题
2008 Third International Workshop on Systematic Approaches to Digital Forensic Engineering Pub Date : 2008-05-22 DOI: 10.1109/SADFE.2008.17
Charles W. Adams
{"title":"Legal Issues Pertaining to the Development of Digital Forensic Tools","authors":"Charles W. Adams","doi":"10.1109/SADFE.2008.17","DOIUrl":"https://doi.org/10.1109/SADFE.2008.17","url":null,"abstract":"Developers of new and improved forensic tools need to design them with the end result of their use in court in mind. Law enforcement must be able to show that the forensic tools and techniques produce reliable evidence in order for a court to consider it. Reliability is enhanced by demonstration that the forensic tools conform to the general standards within the forensic community. In addition, forensic tools must have adequate safeguards to protect the privacy of the public. Designing forensic tools so that they produce audit trails may help to verify that the use of forensic tools is limited appropriately to comply with court authorization.","PeriodicalId":391486,"journal":{"name":"2008 Third International Workshop on Systematic Approaches to Digital Forensic Engineering","volume":"147 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-05-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130643040","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 31
Node-Based Probing and Monitoring to Investigate Use of Peer-to-Peer Technologies for Distribution of Contraband Material 基于节点的探测和监测以调查使用点对点技术分发违禁品的情况
2008 Third International Workshop on Systematic Approaches to Digital Forensic Engineering Pub Date : 2008-05-22 DOI: 10.1109/SADFE.2008.16
O. Nasraoui, D. Keeling, Adel Said Elmaghraby, George E. Higgins, M. Losavio
{"title":"Node-Based Probing and Monitoring to Investigate Use of Peer-to-Peer Technologies for Distribution of Contraband Material","authors":"O. Nasraoui, D. Keeling, Adel Said Elmaghraby, George E. Higgins, M. Losavio","doi":"10.1109/SADFE.2008.16","DOIUrl":"https://doi.org/10.1109/SADFE.2008.16","url":null,"abstract":"We consider the requirements for node-based probing and monitoring for network forensic investigation of the use of peer-to-peer technologies for distribution of contraband material. The architecture of peer-to-peer (P2P) data exchanges must be examined for opportunities to capture data on the transfer of contraband data with a focus on node structures in P2P exchanges. This examination is of technical, social and legal aspects of P2P use leading to the design and testing offorensically-sound investigative tools and protocols. Computational research must examine: 1. Undercover Node-based Probing and Monitoring to Build an Approximate Model of Network Activity 2. Flagging Contraband Content (keyword, hashes, other patterns) 3. Evaluation against different recipient querying, distribution and routing cases 4. Using the Evaluation results to fine-tune the node positioning strategy Legal and social research is needed to examine the U.S. and transnational legal constraints on the use of particular tools and the presence of possible behavioral signatures.","PeriodicalId":391486,"journal":{"name":"2008 Third International Workshop on Systematic Approaches to Digital Forensic Engineering","volume":"6 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-05-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128109776","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
Exemplifying Attack Identification and Analysis in a Novel Forensically Viable Syslog Model 在一种新的法医可行的Syslog日志模型中举例说明攻击识别和分析
2008 Third International Workshop on Systematic Approaches to Digital Forensic Engineering Pub Date : 2008-05-22 DOI: 10.1109/SADFE.2008.14
S. Monteiro, R. Erbacher
{"title":"Exemplifying Attack Identification and Analysis in a Novel Forensically Viable Syslog Model","authors":"S. Monteiro, R. Erbacher","doi":"10.1109/SADFE.2008.14","DOIUrl":"https://doi.org/10.1109/SADFE.2008.14","url":null,"abstract":"This research builds on our method for validating syslog entries proposed in [5]. The goal of the proposed method is to allow syslog files to be forensically viable. The goal with this phase of the work is to implement the proposed method and evaluate the forensic validity of the method under real-world conditions. This paper discusses that implementation and the ability for the generated authentication logs and access fingerprints to both identify malicious activity and identify the source of this activity. While work has been done to develop secure log files, i.e., making them tamper resistant, there has been no prior work to ensure they are forensically valid.","PeriodicalId":391486,"journal":{"name":"2008 Third International Workshop on Systematic Approaches to Digital Forensic Engineering","volume":"107 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-05-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124992223","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 14
Towards the Virtual Memory Space Reconstruction for Windows Live Forensic Purposes 面向Windows实时取证目的的虚拟内存空间重构
2008 Third International Workshop on Systematic Approaches to Digital Forensic Engineering Pub Date : 2008-05-22 DOI: 10.1109/SADFE.2008.21
Antonio Savoldi, P. Gubian
{"title":"Towards the Virtual Memory Space Reconstruction for Windows Live Forensic Purposes","authors":"Antonio Savoldi, P. Gubian","doi":"10.1109/SADFE.2008.21","DOIUrl":"https://doi.org/10.1109/SADFE.2008.21","url":null,"abstract":"The aim of this paper is to demonstrate the usefulness of the pagefile in a live forensic context. The forensic science is striving to find new methodologies to analyze the massive quantity of data normally present in a medium-sized workstation, which can have up to several terabytes of storage devices. As a result, the live forensic approach seems to be the only one which can guarantee promptness in obtaining evidential data to be used in the investigative process. The current approach of volatile forensic analysis does not consider the pagefile as an important element to be used in the analysis. Therefore, we have developed a solution which permits to correlate evidential data within the pagefile to the relative process located in the RAM dump. This work can be considered a natural extension of our previous work on this topic.","PeriodicalId":391486,"journal":{"name":"2008 Third International Workshop on Systematic Approaches to Digital Forensic Engineering","volume":"35 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-05-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132654298","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 12
下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信