| 1. |
- Dosis, Spyridon, et al.
(författare)
-
Semantic Representation and Integration of Digital Evidence
- 2013
-
Ingår i: Procedia Computer Science. - : Elsevier BV. - 1877-0509. ; 22, s. 1266-1275
-
Tidskriftsartikel (refereegranskat)abstract
- The ever-increasing complexity and sophistication of computer and network attacks challenge society's dependability on digital infrastructure. Digital investigations recover and reconstruct the digital trails of such events and may employ practices from various subfields (computer, network forensics), each with its own set of techniques and tools. Integration of evidence from heterogeneous sources of data (e.g. disk images, network packet captures, logs) is often a manual and time- consuming process relying significantly on the investigator's expertise. In this paper, we propose and develop an approach, based on the Semantic Web framework, for ontologically representing and integrating digital evidence. The presented approach enhances existing forensic analysis techniques by providing partial and eventually full automation of the investigative process.
|
|
| 2. |
- Homem, Irvin, et al.
(författare)
-
Information-Entropy-Based DNS Tunnel Prediction
- 2018
-
Ingår i: Advances in Digital Forensics XIV. - Cham : Springer. - 9783319992761 - 9783319992778 ; , s. 127-140
-
Konferensbidrag (refereegranskat)abstract
- DNS tunneling techniques are often used for malicious purposes. Network security mechanisms have struggled to detect DNS tunneling. Network forensic analysis has been proposed as a solution, but it is slow, invasive and tedious as network forensic analysis tools struggle to deal with undocumented and new network tunneling techniques.This chapter presents a method for supporting forensic analysis by automating the inference of tunneled protocols. The internal packet structure of DNS tunneling techniques is analyzed and the information entropy of various network protocols and their DNS tunneled equivalents are characterized. This provides the basis for a protocol prediction method that uses entropy distribution averaging. Experiments demonstrate that the method has a prediction accuracy of 75%. The method also preserves privacy because it only computes the information entropy and does not parse the actual tunneled content.
|
|
| 3. |
- Homem, Irvin, et al.
(författare)
-
LEIA: The Live Evidence Information Aggregator : Towards Efficient Cyber-Law Enforcement
- 2013
-
Ingår i: World Congress on Internet Security (WorldCIS). - : IEEE Computer Society. - 9781908320223 ; , s. 156-161
-
Konferensbidrag (refereegranskat)abstract
- Given the complexity and velocity of the interactions among vastly heterogeneous elements on the Internet; the colossal amounts of information generated and exchanged, coupled with the increasingly evasive nature of new forms of electronic crimes, as well as the relative immaturity of current Digital Forensics tools, Law Enforcement Agencies are easily outpaced and overwhelmed with the types of electronic crimes experienced today. In this paper, we describe the architecture of a comprehensive automated Digital Investigation platform termed as the Live Evidence Information Aggregator (LEIA). It makes use of the strong points of hypervisor technologies, large scale distributed file systems, the resource description framework (RDF), peer-to-peer networks, and innovative collaborative mechanisms in order to introduce a level of speed, accuracy and efficiency to match up with the imminent age of massively distributed cybercrime in the context of Internet of Things.
|
|
| 4. |
- Homem, Irvin, et al.
(författare)
-
On the Network Performance of Digital Evidence Acquisition of Small Scale Devices over Public Networks
- 2015
-
Ingår i: The Journal of Digital Forensics, Security and Law. - Daytona Beach Florida : ERAU Hunt Library - DIGITAL COMMONS JOURNALS. - 1558-7215 .- 1558-7223. ; 10:3, s. 59-86, s. 105-122
-
Tidskriftsartikel (refereegranskat)abstract
- While cybercrime proliferates – becoming more complex and surreptitious on the Internet – the tools and techniques used in performing digital investigations are still largely lagging behind, effectively slowing down law enforcement agencies at large. Real-time remote acquisition of digital evidence over the Internet is still an elusive ideal in the combat against cybercrime. In this paper we briefly describe the architecture of a comprehensive proactive digital investigation system that is termed as the Live Evidence Information Aggregator (LEIA). This system aims at collecting digital evidence from potentially any device in real time over the Internet. Particular focus is made on the importance of the efficiency of the network communication in the evidence acquisition phase, in order to retrieve potentially evidentiary information remotely and with immediacy. Through a proof of concept implementation, we demonstrate the live, remote evidence capturing capabilities of such a system on small scale devices, highlighting the necessity for better throughput and availability envisioned through the use of Peer-to-Peer overlays.
|
|
