Now showing 1 - 10 of 103
  • Publication
    A Cloud Forensic Readiness Model for Service Level Agreements Management
    (Academic Conferences and Publishing International Limited, 2015-07-03) ; ;
    Cloud computing is increasingly becoming a target of cyber-criminal attacks. Often the committedcrimes violate the Service Level Agreement (SLA) contracts, which must be respected by all the involvedparties. Cloud Forensics is a branch of Digital Forensic discipline dealing with crimes involving the Cloud. Amanner for leveraging some of the attacks is the provisioning of a Forensic Readiness capability, by performingsome activities before the crimes happen. In this paper we introduce a model aimed to represent themanagement of SLAs through a cloud system.
      395
  • Publication
    Virtual Machine Forensics by means of Introspection and Kernel Code Injection
    Virtual Machine Introspection offers the ability to access a virtual machine remotely and extract informationfrom it. Virtual machine introspection allows all processes, local data, and network traffic to be tracked andmade available to the investigation process. These properties offer the possibility to monitor a suspect virtualmachine (VM). Moreover, the access to a VM data is far from being trivial; there are various complex tasks tobe dealt with. For instance the returned data is in a raw format, and it is necessary to remap into a userfriendly representation (canonical representation). In this paper we propose a method of bridging thissemantic gap, and provide a graphical reconstruction of events. This proposal is essentially, the recreation ofa virtual machine at a remote location and the subsequent recreation of all processes, data, network traffic ina virtual machine as they occur in the original. This should be achieved in real-time, which will give anopportunity to quickly make decisions based on the evidence as we collect them in real-time. Our approachinvolves recreating a virtual machine and injecting into it all code and data within the original virtual machine,presenting an identical copy for examination. The approach proposed also has another advantage byallowing all data to be saved for further analysis and verification.
      548
  • Publication
    Forensic analysis of Exfat Artefacts
    (University College Dublin, 2018-05-23) ; ; ;
    Although keeping some basic concepts inherited from FAT32, the exFAT file system introduces many differences, such as the new mapping scheme of directory entries. The combination of exFAT mapping scheme with the allocation of bitmap files and the use of FAT leads to new forensic possibilities. The recovery of deleted files, including fragmented ones and carving becomes more accurate compared with former forensic processes. Nowadays, the accurate and sound forensic analysis is more than ever needed, as there is a high risk of erroneous interpretation. Indeed, most of the related work in the literature on exFAT structure and forensics, is mainly based on reverse engineering research, and only few of them cover the forensic interpretation. In this paper, we propose a new methodology using of exFAT file systems features to improve the interpretation of inactive entries by using bitmap file analysis and recover the file system metadata information for carved files. Experimental results show how our approach improves the forensic interpretation accuracy.
      219
  • Publication
    Investigating Cybercrimes that Occur on Documented P2P Networks
    The popularity of Peer-to-Peer (P2P) Internet communication technologies being exploited to aid cybercrime is ever increasing. P2P systems can be used or exploited to aid in the execution of a large number of online criminal activities, e.g., copyright infringement, fraud, malware and virus distribution, botnet creation, and control. P2P technology is perhaps most famous for the unauthorised distribution of copyrighted materials since the late 1990’s, with the popularity of file-sharing programs such as Napster. In 2004, P2P traffic accounted for 80% of all Internet traffic and in 2005, specifically BitTorrent traffic accounted for over 60% of the world’s P2P bandwidth usage. This paper outlines a methodology for investigating a documented P2P network, BitTorrent, using a sample investigation for reference throughout. The sample investigation outlined was conducted on the top 100 most popular BitTorrent swarms over the course of a one week period.
      10
  • Publication
    Finding the polygon hull in wireless sensor networks
    Finding the border of a wireless sensor network (WSN) is one of the most important issues today. This border can be used, for example, to monitor a frontier or a secured place of sensitive sites of a country. One of the methods that can be useful for this kind of problems is Jarvis algorithm which has to be adapted to take account of connected nodes in a Euclidean graph. For this kind of networks, the complexity is reduced from O(nh) to O(kh2), where n is the number of sensors, k is the maximum number of neighbors of a sensor in the network and h is the number of sensors of the envelope. The application of this algorithm to WSNs allows in each iteration to determine the next boundary neighbor of the current node. The advantage of this procedure is that each node knows its neighbor in a single operation. Then, each boundary node will periodically send a message to its neighbor, which should respond. If a response is not received, a situation of failure or intrusion will be triggered and network restructuring will be launched to find a new border. In this work, we have shown that the application of this algorithm in the presence of sub-absorbent graphs can lead to an infinite loop situation. We have also shown how to overcome this situation and how the algorithm can be applied to the case of WSNs.
      145
  • Publication
    Forensics Acquisition Of Imvu: A Case Study
    (Association of Digital Forensics, Security and Law, 2015-11) ; ;
    There are many applications available for personal computers and mobile devices that facilitate users in meeting potential partners. There is, however, a risk associated with the level of anonymity on using instant message applications, because there exists the potential for predators to attract and lure vulnerable users. Today Instant Messaging within a Virtual Universe (IMVU) combines custom avatars, chat or instant message (IM), community, content creation, commerce, and anonymity. IMVU is also being exploited by criminals to commit a wide variety of offenses. However, there are very few researches on digital forensic acquisition of IMVU applications. In this paper, we discuss first of all on challenges of IMVU forensics. We present a forensic acquisition of an IMVU 3D application as a case study. We also describe and analyse our experiments with this application.
      835
  • Publication
    Network Forensics Readiness and Security Awareness Framework
    The goal of reaching a high level of security in wirelessand wired communication networks is continuously provendifficult to achieve. The speed at which both keepers and violatorsof secure networks is evolving is relatively close. Nowadaysnetwork infrastructures contain a large number of event logscaptured by Firewalls and Domain Controllers (DCs). However,these logs are increasingly becoming an obstacle for networkadministrators in analyzing networks for malicious activities.Forensic investigators mission to detect malicious activities andreconstruct incident scenarios is very complex considering thenumber as well as the quality of these event logs. In this paper,we present the building blocks of a framework for automatednetwork readiness and awareness. The idea of this frameworkis to utilize the current network security outputs to constructforensically comprehensive evidence. In the proposed framework,we cover the three vital phases of the cybercrime managementchain, which are: 1) Forensics Readiness, 2) Active Forensics, and3) Forensics Awareness. Keywords: Network Forensics, ForensicsReadiness, Network Security,Active Forensics, Reactive Forensics,Forensics Awareness and Network Security Framework.
      414
  • Publication
    Abbreviation and Acronym Identification and Expansion Within Medical Health Records
    (IADIS, 2017-07-22) ;
    Recent years have seen the rapid increase in digitised medical information. In particular, the massive expansion of Electronic Health Records (EHRs), which are designed to document all information that is clinically relevant in a patient's use of a healthcare facility, has introduced unprecedented volumes of relatively unstructured data. This paper intends to determine the extent to which knowledge discovery in relation to both abbreviations and acronyms within heterogeneous data can be achieved. Heterogeneous data such as the narrative-based free-text notes found within patients' EHRs may use inconsistent ways to indicate contractions within the text and may use non-standard definitions for both abbreviations and acronyms. We approached this task through the retrieval and classification of contractions as well as using a novel method of combining multiple publically available repositories. In order to provide better coverage of abbreviations, and also to address the issue of neologisms in general, word embeddings were applied to find semantically similar lexemes.
      173
  • Publication
    Leveraging Decentralisation to Extend the Digital Evidence Acquisition Window: Case Study on BitTorrent Sync
    File synchronization services such as Dropbox, Google Drive, Microsoft OneDrive, Apple iCloud, etc., are becoming increasingly popular in today’s always-connected world. A popular alternative to the aforementioned services is BitTorrent Sync. This is a decentralized/cloudless file synchronization service and is gaining significant popularity among Internet users with privacy concerns over where their data is stored and who has the ability to access it. The focus of this paper is the remote recovery of digital evidence pertaining to files identified as being accessed or stored on a suspect’s computer or mobile device. A methodology for the identification, investigation, recovery and verification of such remote digital evidence is outlined. Finally, a proof-of-concept remote evidence recovery from BitTorrent Sync shared folder highlighting a number of potential scenarios for the recovery and verification of such evidence.
      134
  • Publication
    MPM Job Scheduling Problem: a bi-objective approach
    (United Kingdom Simulation Society, 2013-02) ; ;
    This paper presents a Recurrent Neural Network approach for the multi purpose machines Job Shop Scheduling Problem. This case of JSSP can be utilized for the modelling of project portfolio management besides the well known adoption in factory environment. Therefore, each project oriented organization develops a set of projects and it has to schedule them as a whole. In this work, we extended a bi-objective system model based on the JSSP modelling and formulate dit as a combination of two recurrent neural networks. In addition, we designed an example within its neural networks that are focused on the Make span and the Total Weighted Tardiness objectives. Moreover, we present the findings of our approach using a set of well known benchmark instances and the discussion about them and the singularity that arises
      178