Options
Scanlon, Mark
Preferred name
Scanlon, Mark
Official Name
Scanlon, Mark
Research Output
Now showing 1 - 10 of 26
- PublicationAn Analytical Approach to the Recovery of Data from 3rd Party Proprietary CCTV File Systems(2016-07-08)
; ; ; According to recent predictions, the global video surveillance market is expected to reach $42.06 billion annually by 2020. The market is extremely fragmented with only around 40% of the market being accounted for by the 15 top video surveillance equipment suppliers as in an annual report issued by IMS Research. The remaining market share was split amongst the numerous other smaller companies who provide CCTV solutions, usually at lower prices than their brand name counterparts. This cost cutting generally results in a lower specification of components. Recently, an investigation was undertaken in relation to a serious criminal offence, of which significant video footage had been captured on a CCTV DigitalVideo Recorder (DVR). The unit was setup to save the last 31 days of footage to an internal hard drive. However, despite the referenced footage being within this timeframe, it could not be located. The DVR unit was submitted for forensic examination anddata retrieval of specified video footage which, according to the proprietary video backup application, was not retrievable. In this paper, we present the process and method of the forensic retrieval of video footage from a DVR. The objective of this method is to retrieve the oldest video footage possible from a proprietary designed file storage system. We also evaluate our approach with a Ganz CCTV DVR system model C-MPDVR-16 to show that the file system of a DVR has been reversed engineering with no initial knowledge, application or documentation available.1442 - PublicationLeveraging Decentralization to Extend the Digital Evidence Acquisition Window: Case Study On Bittorent Sync(Association of Digital Forensics, Security and Law, 2014-09-20)
; ; ; File synchronization services such as Dropbox, Google Drive, Microsoft OneDrive, Apple iCloud, etc., are becoming increasingly popular in today’s always-connected world. A popular alternative to the aforementioned services is BitTorrent Sync. This is a decentralized/cloudless file synchronization service and is gaining significant popularity among Internet users with privacy concerns over where their data is stored and who has the ability to access it. The focus of this paper is the remote recovery of digital evidence pertaining to files identified as being accessed or stored on a suspect’s computer or mobile device. A methodology for the identification, investigation, recovery and verification of such remote digital evidence is outlined. Finally, a proof-of-concept remote evidence recovery from BitTorrent Sync shared folder highlighting a number of potential scenarios for the recovery and verification of such evidence189 - PublicationStudy of Peer-to-Peer Network Based Cybercrime Investigation: Application on Botnet TechnologiesThe scalable, low overhead attributes of Peer-to-Peer (P2P) Internet protocols and networks lend themselves well to being exploited by criminals to execute a large range of cybercrimes. The types of crimes aided by P2P technology include copyright infringement, sharing of illicit images of children, fraud, hacking/cracking, denial of service attacks and virus/malware propagation through the use of a variety of worms, botnets, malware, viruses and P2P file sharing. This project is focused on study of active P2P nodes along with the analysis of the undocumented communication methods employed in many of these large unstructured networks. This is achieved through the design and implementation of an efficient P2P monitoring and crawling toolset.The requirement for investigating P2P based systems is not limited to the more obvious cybercrimes listed above, as many legitimate P2P based applications may also be pertinent to a digital forensic investigation, e.g, voice over IP, instant messaging, etc. Investigating these networks has become increasingly difficult due to the broad range of network topologies and the ever increasing and evolving range of P2P based applications. In this work we introduce the Universal P2P Network Investigation Framework (UP2PNIF), a framework which enables significantly faster and less labour intensive investigation of newly discovered P2P networks through the exploitation of the commonalities in P2P network functionality. In combination with a reference database of known network characteristics, it is envisioned that any known P2P network can be instantly investigated using the framework, which can intelligently determine the best investigation methodology and greatly expedite the evidence gathering process. A proof of concept tool was developed for conducting investigations on the BitTorrent network. A Number of investigations conducted using this tool are outlined in Chapter 6.
385 - PublicationA Week in the Life of the Most Popular BitTorrent Swarms(2010-06-17)
; ; The popularity of peer-to-peer (P2P) file distribution is consistently increasing since the late 1990’s. In 2008, P2P traffic accounted for over half of the world’s Internet traffic. P2P networks lend themselves well to the unauthorised distribution of copyrighted material due to their ease of use, the abundance of material available and the apparent anonymity awarded to the downloaders. This paper presents the results of an investigation conducted on the top 100 most popular BitTorrent swarms over the course of one week. The purpose of this investigation is to quantify the scale of unauthorised distribution of copyrighted material through the use of the BitTorrent protocol. Each IP address, which was discovered over the period of the weeklong investigation, is mapped through the use of a geolocation database, which results in the ability to determine where the participation in these swarms is prominent worldwide.312 - PublicationThe Case for a Collaborative Universal Peer-to-Peer Botnet Investigation Framework(Academic Conferences and Publishing International Limited, 2014-03-25)
; Peer to Peer (P2P) botnets are becoming widely used as a low overhead, efficient, self maintaining, distributed alternative to the traditional client/server model across a broad range of cyberattacks. These cyberattacks can take the form of distributed denial of service attacks, authentication cracking, spamming, cyberwarfare or malware distribution targeting on financial systems. These attacks can also cross over into the physical world attacking critical infrastructure causing its disruption or destruction (power, communications, water, etc.). P2P technology lends itself well to being exploited for such malicious purposes due to the minimal setup, running and maintenance costs involved in executing a globally orchestrated attack, alongside the perceived additional layer of anonymity. In the ever evolving space of botnet technology, reducing the time lag between discovering a newly developed or updated botnet system and gaining the ability to mitigate against it is paramount. Often, numerous investigative bodies duplicate their efforts in creating bespoke tools to combat particular threats. This paper outlines a framework capable of fast tracking the investigative process through collaboration between key stakeholders.71 - PublicationHTML5 Zero Configuration Covert Channels: Security Risks and Challenges(ADFSL, 2015-05-21)
; ; ; ; In recent months there has been an increase in the popularity and public awareness of secure, cloudless file transfer systems. The aim of these services is to facilitate the secure transfer of files in a peer-to- peer (P2P) fashion over the Internet without the need for centralised authentication or storage. These services can take the form of client installed applications or entirely web browser based interfaces. Due to their P2P nature, there is generally no limit to the file sizes involved or to the volume of data transmitted – and where these limitations do exist they will be purely reliant on the capacities of the systems at either end of the transfer. By default, many of these services provide seamless, end-to-end encryption to their users. The cyber security and cyber forensic consequences of the potential criminal use of such services are significant. The ability to easily transfer encrypted data over the Internet opens up a range of opportunities for illegal use to cyber criminals requiring minimal technical know-how. This paper explores a number of these services and provides an analysis of the risks they pose to corporate and governmental security. A number of methods for the forensic investigation of such transfers are discussed.485 - PublicationEnabling the remote acquisition of digital forensic evidence through secure data transmission and verificationProviding the ability to any law enforcement officer to remotely transfer an image from any suspect computer directly to a forensic laboratory for analysis, can only help to greatly reduce the time wasted by forensic investigators in conducting on-site collection of computer equipment. RAFT (Remote Acquisition Forensic Tool) is a system designed to facilitate forensic investigators by remotely gathering digital evidence. This is achieved through the implementation of a secure, verifiable client/server imaging architecture. The RAFT system is designed to be relatively easy to use, requiring minimal technical knowledge on behalf of the user. One of the key focuses of RAFT is to ensure that the evidence it gathers remotely is court admissible. This is achieved by ensuring that the image taken using RAFT is verified to be identical to the original evidence on a suspect computer.
264 - PublicationPrivate Web Browser Forensics: A Case Study on Epic Privacy BrowserOrganized crime, as well as individual criminals, are benefiting from the protection of private browsers to carry out illegal activity, such as money laundering, drug trafficking, the online exchange of child abuse material, etc. Epic Privacy Browser is one common example. It is currently in use in approximately 180 countries worldwide. In this paper, we outline the location and type of evidence available through live and post-mortem state analysis of the Epic Privacy Browser. This analysis identifies how the browser functions during use and where evidence can be recovered after use, the tools, and effective presentation of the recovered material.
609 - PublicationAn Evaluation of Google Plus Communities as an Active Learning Journal Alternative to Improve Learning EfficacyLearning journals are a very beneficial learning tool for students across a range of disciplines. The requirement of frequent entries to a journal encourages students to start achieving the learning objectives from the first week of a module. The completed journal serves as a useful revision resource for students preparing for a final exam or even long after the module’s completion. The downside to learning journals is that they are passive and the class as a whole does not benefit from the variety of opinions, articles and personal experiences logged in their classmates' journals. If the journal is only handed in at the end a semester, there is no room for feedback for the students on their entries until after the module has completed. In this paper, guidelines for the deployment of an active learning journal alternative, using Google Plus Communities, are presented. A literature review is also included for alternative case studies in using learning journals, weblogs, and wikis for recording and encouraging student learning throughout a module.
153 - PublicationLeveraging Decentralisation to Extend the Digital Evidence Acquisition Window: Case Study on BitTorrent Sync(2014-09-20)
; ; ; File synchronization services such as Dropbox, Google Drive, Microsoft OneDrive, Apple iCloud, etc., are becoming increasingly popular in today’s always-connected world. A popular alternative to the aforementioned services is BitTorrent Sync. This is a decentralized/cloudless file synchronization service and is gaining significant popularity among Internet users with privacy concerns over where their data is stored and who has the ability to access it. The focus of this paper is the remote recovery of digital evidence pertaining to files identified as being accessed or stored on a suspect’s computer or mobile device. A methodology for the identification, investigation, recovery and verification of such remote digital evidence is outlined. Finally, a proof-of-concept remote evidence recovery from BitTorrent Sync shared folder highlighting a number of potential scenarios for the recovery and verification of such evidence.91