Options
Le-Khac, Nhien-An
Preferred name
Le-Khac, Nhien-An
Official Name
Le-Khac, Nhien-An
Research Output
Now showing 1 - 10 of 20
- PublicationForensic analysis of Exfat Artefacts(University College Dublin, 2018-05-23)
; ; ; Although keeping some basic concepts inherited from FAT32, the exFAT file system introduces many differences, such as the new mapping scheme of directory entries. The combination of exFAT mapping scheme with the allocation of bitmap files and the use of FAT leads to new forensic possibilities. The recovery of deleted files, including fragmented ones and carving becomes more accurate compared with former forensic processes. Nowadays, the accurate and sound forensic analysis is more than ever needed, as there is a high risk of erroneous interpretation. Indeed, most of the related work in the literature on exFAT structure and forensics, is mainly based on reverse engineering research, and only few of them cover the forensic interpretation. In this paper, we propose a new methodology using of exFAT file systems features to improve the interpretation of inactive entries by using bitmap file analysis and recover the file system metadata information for carved files. Experimental results show how our approach improves the forensic interpretation accuracy.224 - PublicationSecurity Threats of URL Shortening: A User's PerspectiveShort URLs have been used on the Internet for several years now and as time goes by new security threats are discovered in relation to their use (e.g. malware, phishing, spam). However, although current research in literature has compiled addressing the security threats when utilizing such types of URLs, no study approached the assessment of user confidence and user awareness regarding short URLs. Thus the aim of this paper is to cover the existing knowledge gap and to compile a baseline assessment on the frequency of use, user confidence and user awareness when utilizing short URLs. To do so, we have developed questionnaire connected to the previously mentioned aspects and which was applied to one hundred persons of various nationalities from within the European Union with various user experiences when it comes to the Internet and short URLs. The analysis of the replies received from the participants to the survey has revealed a general awareness that there are security risks associated with short URLs, a tendency of propagation of short URLs to other Internet services and platforms.
1585 - PublicationEMvidence: A Framework for Digital Evidence Acquisition from IoT Devices through Electromagnetic Side-Channel AnalysisEM side-channel analysis (EM-SCA) is a branch in information security where the unintentional electromagnetic (EM) emissions from computing devices. This has been used for various purposes including software behaviour detection, software modification detection, malicious software identification, and data extraction. The possibility of applying EM-SCA in digital forensic investigation scenarios involving IoT devices has been proposed recently. When it is difficult or impossible to acquire forensic evidence from an IoT device, observing EM emissions of the device can provide valuable information to an investigator. This work addresses the challenge of making EM-SCA a practical reality to digital forensic investigators by introducing a software framework called EMvidence. The framework is designed to facilitate extensibility through an EM plug-in model.
17 - PublicationPrivate Web Browser Forensics: A Case Study on Epic Privacy BrowserOrganized crime, as well as individual criminals, are benefiting from the protection of private browsers to carry out illegal activity, such as money laundering, drug trafficking, the online exchange of child abuse material, etc. Epic Privacy Browser is one common example. It is currently in use in approximately 180 countries worldwide. In this paper, we outline the location and type of evidence available through live and post-mortem state analysis of the Epic Privacy Browser. This analysis identifies how the browser functions during use and where evidence can be recovered after use, the tools, and effective presentation of the recovered material.
708 - PublicationSecurity Threats of URL Shortening: A Users PerspectiveShort URLs have been used on the Internet for several years now and as time goes by new security threats are discovered in relation to their use (e.g. malware, phishing, spam). However, although current research in literature has compiled addressing the security threats when utilizing such types of URLs, no study approached the assessment of user confidence and user awareness regarding short URLs. Thus the aim of this paper is to cover the existing knowledge gap and to compile a baseline assessment on the frequency of use, user confidence and user awareness when utilizing short URLs. To do so, we have developed questionnaire connected to the previously mentioned aspects and which was applied to one hundred persons of various nationalities from within the European Union with various user experiences when it comes to the Internet and short URLs. The analysis of the replies received from the participants to the survey has revealed a general awareness that there are security risks associated with short URLs, a tendency of propagation of short URLs to other Internet services and platforms.
2696 - PublicationLeveraging Decentralisation to Extend the Digital Evidence Acquisition Window: Case Study on BitTorrent Sync(Association of Digital Forensics, Security and Law, 2014)
; ; ; File synchronization services such as Dropbox, Google Drive, Microsoft OneDrive, Apple iCloud, etc., are becoming increasingly popular in today's always-connected world. A popular alternative to the aforementioned services is BitTorrent Sync. This is a decentralized/cloudless file synchronization service and is gaining significant popularity among Internet users with privacy concerns over where their data is stored and who has the ability to access it. The focus of this paper is the remote recovery of digital evidence pertaining to files identified as being accessed or stored on a suspect's computer or mobile device. A methodology for the identification, investigation, recovery and verification of such remote digital evidence is outlined. Finally, a proof-of-concept remote evidence recovery from BitTorrent Sync shared folder highlighting a number of potential scenarios for the recovery and verification of such evidence.159 - PublicationCutting Through the Emissions: Feature Selection from Electromagnetic Side-Channel Data for Activity Detection(Elsevier, 2020-04)
; ; ; Electromagnetic side-channel analysis (EM-SCA) has been used as a window to eavesdrop on computing devices for information security purposes. It has recently been proposed to use as a digital evidence acquisition method in forensic investigation scenarios as well. The massive amount of data produced by EM signal acquisition devices makes it difficult to process in real-time making on-site EM-SCA infeasible. Uncertainty surrounds the precise information leaking frequency channel demanding the acquisition of signals over a wide bandwidth. As a consequence, investigators are left with a large number of potential frequency channels to be inspected; with many not containing any useful information leakages. The identification of a small subset of frequency channels that leak a sufficient amount of information can significantly boost the performance enabling real-time analysis. This work presents a systematic methodology to identify information leaking frequency channels from high dimensional EM data with the help of multiple filtering techniques and machine learning algorithms. The evaluations show that it is possible to narrow down the number of frequency channels from over 20,000 to less than a hundred (81 channels). The experiments presented show an accuracy of 0.9315 when all the 20,000 channels are used, an accuracy of 0.9395 with the highest 500 channels after calculating the variance between the average value of each class, and an accuracy of 0.9047 when the best 81 channels according to Recursive Feature Elimination are considered.25Scopus© Citations 8 - PublicationForensics in Industrial Control system: A Case StudyIndustrial Control Systems (ICS) are used worldwide in critical infrastructures. An ICS system can be a single embedded system working stand-alone for controlling a simple process or ICS can also be a very complex Distributed Control System (DCS) connected to Supervisory Control And Data Acquisition (SCADA) system(s) in a nuclear power plant. Although ICS are widely used today, there are very little research on the forensic acquisition and analyze ICS’s artefacts. In this paper we present a case study of forensics in ICS where we describe a method of safeguarding important volatile artefacts from an embedded industrial control system and several other sources.
766Scopus© Citations 16 - PublicationForensics Acquisition Of Imvu: A Case Study(Association of Digital Forensics, Security and Law, 2015-11)
; ; There are many applications available for personal computers and mobile devices that facilitate users in meeting potential partners. There is, however, a risk associated with the level of anonymity on using instant message applications, because there exists the potential for predators to attract and lure vulnerable users. Today Instant Messaging within a Virtual Universe (IMVU) combines custom avatars, chat or instant message (IM), community, content creation, commerce, and anonymity. IMVU is also being exploited by criminals to commit a wide variety of offenses. However, there are very few researches on digital forensic acquisition of IMVU applications. In this paper, we discuss first of all on challenges of IMVU forensics. We present a forensic acquisition of an IMVU 3D application as a case study. We also describe and analyse our experiments with this application.839 - PublicationDesigning and implementing data warehouse for agricultural big dataIn recent years, precision agriculture that uses modern information and communication technologies is becoming very popular. Raw and semi-processed agricultural data are usually collected through various sources, such as: Internet of Thing (IoT), sensors, satellites, weather stations, robots, farm equipment, farmers and agribusinesses, etc. Besides, agricultural datasets are very large, complex, unstructured, heterogeneous, non-standardized, and inconsistent. Hence, the agricultural data mining is considered as Big Data application in terms of volume, variety, velocity and veracity. It is a key foundation to establishing a crop intelligence platform, which will enable resource efficient agronomy decision making and recommendations. In this paper, we designed and implemented a continental level agricultural data warehouse by combining Hive, MongoDB and Cassandra. Our data warehouse capabilities: (1) flexible schema; (2) data integration from real agricultural multi datasets; (3) data science and business intelligent support; (4) high performance; (5) high storage; (6) security; (7) governance and monitoring; (8) consistency, availability and partition tolerant; (9) distributed and cloud deployment. We also evaluate the performance of our data warehouse.
459Scopus© Citations 23