Now showing 1 - 10 of 63
  • Publication
    Forensic analysis of Exfat Artefacts
    (University College Dublin, 2018-05-23) ; ; ;
    Although keeping some basic concepts inherited from FAT32, the exFAT file system introduces many differences, such as the new mapping scheme of directory entries. The combination of exFAT mapping scheme with the allocation of bitmap files and the use of FAT leads to new forensic possibilities. The recovery of deleted files, including fragmented ones and carving becomes more accurate compared with former forensic processes. Nowadays, the accurate and sound forensic analysis is more than ever needed, as there is a high risk of erroneous interpretation. Indeed, most of the related work in the literature on exFAT structure and forensics, is mainly based on reverse engineering research, and only few of them cover the forensic interpretation. In this paper, we propose a new methodology using of exFAT file systems features to improve the interpretation of inactive entries by using bitmap file analysis and recover the file system metadata information for carved files. Experimental results show how our approach improves the forensic interpretation accuracy.
      222
  • Publication
    ADMIRE framework: Distributed Data Mining on Data Grid platforms
    In this paper, we present the ADMIRE architecture; a new framework for developing novel and innovative data mining techniques to deal with very large and distributed heterogeneous datasets in both commercial and academic applications. The main ADMIRE components are detailed as well as its interfaces allowing the user to efficiently develop and implement their data mining applications techniques on a Grid platform such as Globus ToolKit, DGET, etc.
      278
  • Publication
    Evaluation of Digital Forensic Process Models with Respect to Digital Forensics as a Service
    (Academic Conferences And Publishing International Limited, 2017-06-12) ; ;
    Digital forensic science is very much still in its infancy, but is becoming increasingly invaluable to investigators. A popular area for research is seeking a standard methodology to make the digital forensic process accurate, robust, and efficient. The first digital forensic process model proposed contains four steps: Acquisition, Identification, Evaluation and Admission. Since then, numerous process models have been proposed to explain the steps of identifying, acquiring, analysing, storage, and reporting on the evidence obtained from various digital devices. In recent years, an increasing number of more sophisticated process models have been proposed. These models attempt to speed up the entire investigative process or solve various of problems commonly encountered in the forensic investigation. In the last decade, cloud computing has emerged as a disruptive technological concept, and most leading enterprises such as IBM, Amazon, Google, and Microsoft have set up their own cloud-based services. In the field of digital forensic investigation, moving to a cloudbased evidence processing model would be extremely beneficial and preliminary attempts have been made in its implementation. Moving towards a Digital Forensics as a Service model would not only expedite the investigative process, but can also result in significant cost savings - freeing up digital forensic experts and law enforcement personnel to progress their caseload. This paper aims to evaluate the applicability of existing digital forensic process models and analyse how each of these might apply to a cloud-based evidence processing paradigm.
      21
  • Publication
    Distributed Knowledge Map for Mining Data on Grid Platforms
    Recently, huge datasets representing different applications domains are produced and stored on distributed platforms. These datasets are, generally, owned by different organizations. As a consequence, The scale and distribution nature of these datasets have created the problem of efficient mining and management on these platforms. Most of the existing knowledge management approaches are mainly for centralized data mining. Few of them propose solutions for mining and handling knowledge on Grid. However, the new knowledge is stored and managed as any other kinds of resources.
      173
  • Publication
    IPv6 security and forensics
    IPv4 is the historical addressing protocol used for all devices connected worldwide. It has survived for over 30 years and has been an integral part of the Internet revolution. However, due to its limitation, IPv4 is being replacing by IPv6. Today, IPv6 is more and more widely used on the Internet. On the other hand, criminals are also well aware of the introduction of IPv6. They are continuously seeking new methods to make profit, hiding their activities, infiltrate or exfiltrate important data from companies. The introduction of this new protocol may provide savvy cybercriminals more opportunities to discover new system vulnerabilities and exploit them. To date, there is little research on IPv6 security and forensics in the literature. In this paper, we look at different types of IPv6 attacks and we present a new approach to investigate IPv6 network attack with case studies.
    Scopus© Citations 5  22
  • Publication
    Data Reduction in Very Large Spatio-Temporal Data Sets
    Today, huge amounts of data are being collected with spatial and temporal components from sources such as metrological, satellite imagery etc.. Efficient visualisation as well as discovery of useful knowledge from these datasets is therefore very challenging and becoming a massive economic need. Data Mining has emerged as the technology to discover hidden knowledge from very large size of data. Furthermore, data mining techniques could be applied to decrease the large size of raw data by retrieving its useful knowledge as representatives. As a consequence, instead of dealing with a large size of raw data, we can use these representatives to visualise or to analyse without losing important information. This paper presents a data reduction technique based on clustering to help analyse very large spatio-temporal data. We also present and discuss preliminary results of this approach.
      354Scopus© Citations 10
  • Publication
    Efficient Large Scale Clustering based on Data Partitioning
    Clustering techniques are very attractive for extracting and identifying patterns in datasets. However, their application to very large spatial datasets presents numerous challenges such as high-dimensionality data, heterogeneity, and high complexity of some algorithms. For instance, some algorithms may have linear complexity but they require the domain knowledge in order to determine their input parameters. Distributed clustering techniques constitute a very good alternative to the big data challenges (e.g.,Volume, Variety, Veracity, and Velocity). Usually these techniques consist of two phases. The first phase generates local models or patterns and the second one tends to aggregate the local results to obtain global models. While the first phase can be executed in parallel on each site and, therefore, efficient, the aggregation phase is complex, time consuming and may produce incorrect and ambiguous global clusters and therefore incorrect models. In this paper we propose a new distributed clustering approach to deal efficiently with both phases; generation of local results and generation of global models by aggregation. For the first phase, our approach is capable of analysing the datasets located in each site using different clustering techniques. The aggregation phase is designed in such a way that the final clusters are compact and accurate while the overall process is efficient in time and memory allocation. For the evaluation, we use two well-known clustering algorithms; K-Means and DBSCAN. One of the key outputs of this distributed clustering technique is that the number of global clusters is dynamic; no need to be fixed in advance. Experimental results show that the approach is scalable and produces high quality results.
      535
  • Publication
    Cutting Through the Emissions: Feature Selection from Electromagnetic Side-Channel Data for Activity Detection
    Electromagnetic side-channel analysis (EM-SCA) has been used as a window to eavesdrop on computing devices for information security purposes. It has recently been proposed to use as a digital evidence acquisition method in forensic investigation scenarios as well. The massive amount of data produced by EM signal acquisition devices makes it difficult to process in real-time making on-site EM-SCA infeasible. Uncertainty surrounds the precise information leaking frequency channel demanding the acquisition of signals over a wide bandwidth. As a consequence, investigators are left with a large number of potential frequency channels to be inspected; with many not containing any useful information leakages. The identification of a small subset of frequency channels that leak a sufficient amount of information can significantly boost the performance enabling real-time analysis. This work presents a systematic methodology to identify information leaking frequency channels from high dimensional EM data with the help of multiple filtering techniques and machine learning algorithms. The evaluations show that it is possible to narrow down the number of frequency channels from over 20,000 to less than a hundred (81 channels). The experiments presented show an accuracy of 0.9315 when all the 20,000 channels are used, an accuracy of 0.9395 with the highest 500 channels after calculating the variance between the average value of each class, and an accuracy of 0.9047 when the best 81 channels according to Recursive Feature Elimination are considered.
    Scopus© Citations 7  25
  • Publication
    Digital forensic investigation of two-way radio communication equipment and services
    Historically, radio-equipment has solely been used as a two-way analogue communication device. Today, the use of radio communication equipment is increasing by numerous organisations and businesses. The functionality of these traditionally short-range devices have expanded to include private call, address book, call-logs, text messages, lone worker, telemetry, data communication, and GPS. Many of these devices also integrate with smartphones, which delivers Push-To-Talk services that make it possible to setup connections between users using a two-way radio and a smartphone. In fact, these devices can be used to connect users only using smartphones. To date, there is little research on the digital traces in modern radio communication equipment. In fact, increasing the knowledge base about these radio communication devices and services can be valuable to law enforcement in a police investigation. In this paper, we investigate what kind of radio communication equipment and services law enforcement digital investigators can encounter at a crime scene or in an investigation. Subsequent to seizure of this radio communication equipment we explore the traces, which may have a forensic interest and how these traces can be acquired. Finally, we test our approach on sample radio communication equipment and services.
    Scopus© Citations 3  10
  • Publication
    Performance Evaluation of a Natural Language Processing approach applied in White Collar crime investigation
    In today's world we are confronted with increasing amounts of information every day coming from a large variety of sources. People and corporations are producing data on a large scale, and since the rise of the internet, e-mail and social media the amount of produced data has grown exponentially. From a law enforcement perspective we have to deal with these huge amounts of data when a criminal investigation is launched against an individual or company. Relevant questions need to be answered like who committed the crime, who were involved, what happened and on what time,who were communicating and about what? Not only the amount of available data to investigate has increased enormously, but also the complexity of this data has increased. When these communication patterns need to be combined with for instance a seized financial administration or corporate document shares a complex investigation problem arises. Recently, criminal investigators face a huge challenge when evidence of a crime needs to be found in the Big Data environment where they have to deal with large and complex datasets especially in financial and fraud investigations. To tackle this problem, a financial and fraud investigation unit of a European country has developed a new tool named LES that uses Natural Language Processing (NLP) techniques to help criminal investigators handle large amounts of textual information in a more efficient and faster way. In this paper, we present briefly this tool and we focus on the evaluation its performance in terms of the requirements of forensic investigation: speed, smarter and easier for investigators. In order to evaluate this LES tool, we use different performance metrics. We also show experimental results of our evaluation with large and complex datasets from real-world application.
    Scopus© Citations 13  1238