发布求助
文献互助 智能选刊 最新文献

2014 Eighth International Conference on IT Security Incident Management & IT Forensics最新文献

筛选
英文 中文
Post-Mortem Memory Analysis of Cold-Booted Android Devices 冷启动Android设备的事后内存分析
2014 Eighth International Conference on IT Security Incident Management & IT Forensics Pub Date : 2014-05-12 DOI: 10.1109/IMF.2014.8
Christian Hilgers, Holger Macht, Tilo Müller, Michael Spreitzenbarth
{"title":"Post-Mortem Memory Analysis of Cold-Booted Android Devices","authors":"Christian Hilgers, Holger Macht, Tilo Müller, Michael Spreitzenbarth","doi":"10.1109/IMF.2014.8","DOIUrl":"https://doi.org/10.1109/IMF.2014.8","url":null,"abstract":"As recently shown in 2013, Android-driven smartphones and tablet PCs are vulnerable to so-called cold boot attacks. With physical access to an Android device, forensic memory dumps can be acquired with tools like FROST that exploit the remanence effect of DRAM to read out what is left in memory after a short reboot. While FROST can in some configurations be deployed to break full disk encryption, encrypted user partitions are usually wiped during a cold boot attack, such that a post-mortem analysis of main memory remains the only source of digital evidence. Therefore, we provide an in-depth analysis of Android's memory structures for system and application level memory. To leverage FROST in the digital investigation process of Android cases, we provide open-source Volatility plugins to support an automated analysis and extraction of selected Dalvik VM memory structures.","PeriodicalId":419890,"journal":{"name":"2014 Eighth International Conference on IT Security Incident Management & IT Forensics","volume":"17 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-05-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122004608","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 36
Information Security Incident Management: Planning for Failure 信息安全事件管理:失败计划
2014 Eighth International Conference on IT Security Incident Management & IT Forensics Pub Date : 2014-05-12 DOI: 10.1109/IMF.2014.10
M. B. Line, Inger Anne Tøndel, M. Jaatun
{"title":"Information Security Incident Management: Planning for Failure","authors":"M. B. Line, Inger Anne Tøndel, M. Jaatun","doi":"10.1109/IMF.2014.10","DOIUrl":"https://doi.org/10.1109/IMF.2014.10","url":null,"abstract":"This paper reports on an interview study on information security incident management that has been conducted in organizations operating industrial control systems that are highly dependent on conventional IT systems. Six distribution service operators from the power industry have participated in the study. We have investigated current practice regarding planning and preparation activities for incident management, and identified similarities and differences between the two traditions of conventional IT systems and industrial control systems. The findings show that there are differences between the IT and ICS disciplines in how they perceive an information security incident and how they plan and prepare for responding to such. The completeness of documented plans and procedures for incident management varies. Where documentation exists, this is in general not well-established throughout the organization. Training exercises with specific focus on information security are rarely performed. There is a need to create amore unified approach to information security incident management in order for the power industry to be sufficiently prepared to meet the challenges posed by Smart Grids in the near future.","PeriodicalId":419890,"journal":{"name":"2014 Eighth International Conference on IT Security Incident Management & IT Forensics","volume":"30 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-05-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121466913","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 23
The Humming Hum: Background Noise as a Carrier of ENF Artifacts in Mobile Device Audio Recordings 嗡嗡声:背景噪声作为移动设备录音中ENF伪影的载体
2014 Eighth International Conference on IT Security Incident Management & IT Forensics Pub Date : 2014-05-12 DOI: 10.1109/IMF.2014.14
Niklas Fechner, Matthias Kirchner
{"title":"The Humming Hum: Background Noise as a Carrier of ENF Artifacts in Mobile Device Audio Recordings","authors":"Niklas Fechner, Matthias Kirchner","doi":"10.1109/IMF.2014.14","DOIUrl":"https://doi.org/10.1109/IMF.2014.14","url":null,"abstract":"Audio forensics based on fluctuations in the electrical network frequency (ENF) has become one of the major approaches for the authentication of digital audio recordings. Yet little is known about the circumstances and preconditions under which battery-powered devices leave ENF artifacts in their recordings. Our study with multiple mobile recording devices confirms the hypothesis that background noise, generated by mains-powered electronic devices in proximity to the recording device, is a carrier of ENF artifacts. Experiments in an indoor setting suggest a very high robustness and indicate the presence of ENF artifacts even multiple rooms apart from the noise source.","PeriodicalId":419890,"journal":{"name":"2014 Eighth International Conference on IT Security Incident Management & IT Forensics","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-05-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124347972","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 33
AFAUC -- Anti-forensics of Storage Devices by Alternative Use of Communication Channels AFAUC—通过替代使用通信渠道对存储设备进行反取证
2014 Eighth International Conference on IT Security Incident Management & IT Forensics Pub Date : 2014-05-12 DOI: 10.1109/IMF.2014.11
Harald Baier, J. Knauer
{"title":"AFAUC -- Anti-forensics of Storage Devices by Alternative Use of Communication Channels","authors":"Harald Baier, J. Knauer","doi":"10.1109/IMF.2014.11","DOIUrl":"https://doi.org/10.1109/IMF.2014.11","url":null,"abstract":"Since the end of the 1990ies side channel attacks became a very prominent branch of cryptography. In other areas of computer security, however, side channels are not well studied. It is the primary goal of this paper to raise the awareness of the community about the potential existence of side channels during a forensic investigation. We present a concept called AFAUC - anti-forensics of data storage by alternative use of communication channels. The general idea is to confuse the investigator by abusing a communication channel for unintended purposes. As a concrete example of AFAUC, we access a storage device through its diagnostic interface to obfuscate data on that device. More precisely, we analyse if it is feasible in practice to abuse an existing communication channel, which was designed for a different purpose, to hide data in an area of a hard disc drive (HDD), which is not accessible by an investigator and which is different from the well-known Host Protected Area and Device Configuration Overlay, respectively. The basic idea is to access the HDD via its diagnostic interface in an unintended manner and to manipulate its size in the firmware setting. We show that this is possible even without any expensive tool for a Samsung HDD. Evaluation including a test in a law enforcement laboratory revealed that the hidden data would not be detected in an ordinary case. Hence AFAUC may be used by skilled, but not well-funded users. Although AFAUC is a classical dual-use technology, we would like to initiate the community to come up with further alternative use cases of communication channels to support users in oppressive countries to defend themselves. In contrast to the underground economy these users are typically not well-funded and thus depend on reliable anti-forensic methods.","PeriodicalId":419890,"journal":{"name":"2014 Eighth International Conference on IT Security Incident Management & IT Forensics","volume":"13 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-05-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131574790","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
Information Security Incident Management: Identified Practice in Large Organizations 信息安全事件管理:大型组织中的识别实践
2014 Eighth International Conference on IT Security Incident Management & IT Forensics Pub Date : 2014-05-12 DOI: 10.1109/IMF.2014.9
C. Hove, M. Tarnes, M. B. Line, K. Bernsmed
{"title":"Information Security Incident Management: Identified Practice in Large Organizations","authors":"C. Hove, M. Tarnes, M. B. Line, K. Bernsmed","doi":"10.1109/IMF.2014.9","DOIUrl":"https://doi.org/10.1109/IMF.2014.9","url":null,"abstract":"This paper presents a case study on current practice of information security incident management in three large organizations. Qualitative interviews, document studies, and a survey have been performed. Our analysis shows that the organizations have plans and procedures in place, however, not all of these are well established throughout the organizations. Some challenges were prominent in all three organizations, which were related to communication, information collection and dissemination, employee involvement, and allocation of responsibilities. This paper presents our main findings from the study, including current practice for incident management and more details on the identified challenges, and some recommendations for further studies in this field.","PeriodicalId":419890,"journal":{"name":"2014 Eighth International Conference on IT Security Incident Management & IT Forensics","volume":"63 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-05-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131834610","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 40
Assuming a State of Compromise: A Best Practise Approach for SMEs on Incident Response Management 假设妥协状态:中小企业事件响应管理的最佳实践方法
2014 Eighth International Conference on IT Security Incident Management & IT Forensics Pub Date : 2014-05-12 DOI: 10.1109/IMF.2014.13
Alexander Harsch, S. Idler, S. Thurner
{"title":"Assuming a State of Compromise: A Best Practise Approach for SMEs on Incident Response Management","authors":"Alexander Harsch, S. Idler, S. Thurner","doi":"10.1109/IMF.2014.13","DOIUrl":"https://doi.org/10.1109/IMF.2014.13","url":null,"abstract":"Up-to-date studies and surveys regarding IT security show, that companies of every size and branch nowadays are faced with the growing risk of cyber crime. Many tools, standards and best practices are in place to support enterprise IT security experts in dealing with the upcoming risks, whereas meanwhile especially small and medium sized enterprises(SMEs) feel helpless struggling with the growing threats. This article describes an approach, how SMEs can attain high quality assurance whether they are a victim of cyber crime, what kind of damage resulted from a certain attack and in what way remediation can be done. The focus on all steps of the analysis lies in the economic feasibility and the typical environment of SMEs.","PeriodicalId":419890,"journal":{"name":"2014 Eighth International Conference on IT Security Incident Management & IT Forensics","volume":"12 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-05-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115681085","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
A Hierarchical Model for the Description of Internet-Based Communication 基于互联网的通信描述的层次模型
2014 Eighth International Conference on IT Security Incident Management & IT Forensics Pub Date : 2014-05-12 DOI: 10.1109/IMF.2014.12
R. Altschaffel, J. Dittmann, Christian Krätzer, Stefan Kiltz
{"title":"A Hierarchical Model for the Description of Internet-Based Communication","authors":"R. Altschaffel, J. Dittmann, Christian Krätzer, Stefan Kiltz","doi":"10.1109/IMF.2014.12","DOIUrl":"https://doi.org/10.1109/IMF.2014.12","url":null,"abstract":"With this paper we aim to support network traffic management and incident management processes. Hence this paper introduces a model to classify different types of internet-based communication and to establish homogenous representations for various forms of internet-based communication. To achieve these aims an approach to project different types of communications onto a comparable template is presented. This hierarchical approach for the classification of electronic communications is both exhaustive (in the sense of considered types of internet-based communication) and expandable (in terms of the level of granularity of the performed communication behaviour modelling as well as the corresponding data modelling).","PeriodicalId":419890,"journal":{"name":"2014 Eighth International Conference on IT Security Incident Management & IT Forensics","volume":"42 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-05-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133928219","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信