E-Book, Englisch, Band 31, 171 Seiten
Goel Digital Forensics and Cyber Crime
1. Auflage 2010
ISBN: 978-3-642-11534-9
Verlag: Springer
Format: PDF
Kopierschutz: 1 - PDF Watermark
First International ICST Conference, ICDF2C 2009, Albany, Ny, USA, September 30 - October 2, 2009, Revised Selected Papers
E-Book, Englisch, Band 31, 171 Seiten
ISBN: 978-3-642-11534-9
Verlag: Springer
Format: PDF
Kopierschutz: 1 - PDF Watermark
This book constitutes the thoroughly refereed post-conference proceedings of the First International ICST Conference, ICDF2C 2009, held September 30 - October 2, 2009, in Albany, NY, USA. Digital forensics and cyber crime is a multidisciplinary area that requires expertise in several areas including law, computer science, finance networking, data mining and criminal justice. The 16 papers present the whole gamut of multimedia and handheld device forensics, financial crimes, cyber crime investigations, forensics and law, cyber security and information warfare.
Autoren/Hrsg.
Weitere Infos & Material
1;Preface;5
2;Organization;7
3;Table of Contents;10
4;Accounting & Fraud;10
4.1;Digital Evidence Composition in Fraud Detection;12
4.1.1;Introduction;12
4.1.2;Recent Work;13
4.1.3;Evidence Composition Model;14
4.1.3.1;Search Problem;15
4.1.3.2;Complexity Analysis;15
4.1.4;Determining Correlated Events in a Fraud Detection Case;16
4.1.5;Implication of the Model to Correlation;18
4.1.6;Conclusions and Future Work;19
4.1.7;References;19
5;Multimedia & Handheld Device Forensics;10
5.1;iForensics: Forensic Analysis of Instant Messaging on Smart Phones;20
5.1.1;Introduction;20
5.1.2;Literature Review;22
5.1.2.1;IMs for iPhone;22
5.1.2.2;iPhone Internals;22
5.1.2.3;Prior Art on IM and iPhone Forensics;22
5.1.3;Methodology;23
5.1.3.1;Creation of Test Data;23
5.1.3.2;Data Acquisition from iPhone;23
5.1.4;Results;24
5.1.4.1;AIM;25
5.1.4.2;Yahoo! Messenger;26
5.1.4.3;Google Talk;26
5.1.5;Conclusion;27
5.1.6;References;27
5.2;A Survey of Forensic Localization and Tracking Mechanisms in Short-Range and Cellular Networks;30
5.2.1;Introduction;30
5.2.2;Related Work;31
5.2.3;Localization in Sensor Networks;31
5.2.3.1;Parameter Measurement;32
5.2.3.2;Geometric Location Estimation;33
5.2.4;Localization in Cellular Networks;35
5.2.5;Localization Fusion;37
5.2.5.1;Fusing Different Technologies;37
5.2.5.2;Fusing Different Parameters;37
5.2.6;Tracking in Sensor and Cellular Networks;38
5.2.7;Accuracy and Trustworthiness Issues;39
5.2.8;Conclusion;40
5.2.9;References;41
5.3;SMIRK: SMS Management and Information Retrieval Kit;44
5.3.1;Introduction;44
5.3.2;Related Work;45
5.3.3;Overview of Problems in SMS Evidence Analysis;45
5.3.3.1;Problem 1: Proprietary File Formats;46
5.3.3.2;Problem 2: Lack of Linguistic Tools for Investigative Purposes;46
5.3.3.3;Visualization and Reporting of SMS Analysis;47
5.3.4;Overview of SMIRK;47
5.3.5;SMIRK Modules;48
5.3.5.1;Importing;48
5.3.5.2;Reporting;48
5.3.5.3;Graphing;49
5.3.5.4;Dataset Conversion;50
5.3.5.5;Authorship Attribution;50
5.3.5.6;Noun/Verb Boundary Detection;51
5.3.6;Conclusions/Future Work;52
5.3.7;References;52
5.4;Localization and Detection of Vector Logo Image Plagiarism;54
5.4.1;Introduction;54
5.4.2;SVG Preliminaries;56
5.4.3;SVG Element Description;57
5.4.3.1;Angle Descriptor for Path Expression;57
5.4.3.2;Length Descriptor for Path Expression;60
5.4.3.3;Distance Function for Basic Shapes;61
5.4.4;Logo Plagiarism;61
5.4.4.1;Logo Plagiarism with Translation;63
5.4.4.2;Logo Plagiarism with Scaling;63
5.4.4.3;Logo Plagiarism with Rotation;64
5.4.4.4;Logo Plagiarism with Reflection;65
5.4.5;Detecting Logo Plagiarism;66
5.4.6;Conclusion;68
5.4.7;References;68
5.5;Analysis of Free Download Manager for Forensic Artefacts;70
5.5.1;Introduction;70
5.5.2;Windows Registry Analysis;71
5.5.3;Log Files Analysis;74
5.5.4;Forensic Examination of RAM and Swap Files;76
5.5.5;Conclusion;78
5.5.6;References;78
5.6;On the Reliability of Cell Phone Camera Fingerprint Recognition;80
5.6.1;Motivation;80
5.6.2;Camera Fingerprinting State-of-the-Art;81
5.6.3;Cell Phone Image Fingerprint Implementation;82
5.6.4;Attacking Cell Phone Image Fingerprints;83
5.6.5;Outlook: Forensics beyond Ballistics;86
5.6.6;Summary;86
5.6.7;References;87
6;Financial Crimes;10
6.1;Towards a New Data Mining-Based Approach for Anti-Money Laundering in an International Investment Bank;88
6.1.1;Introduction;88
6.1.2;Related Works;89
6.1.3;AML Framework;90
6.1.3.1;Customer Identification;90
6.1.3.2;Transaction Analysis;91
6.1.4;A New Approach for Transaction Analysis;92
6.1.4.1;Parameter Definition;92
6.1.4.2;Analysing Process;92
6.1.5;Performance Evaluation;93
6.1.6;Conclusion and Future Work;94
6.1.7;References;94
7;Cyber Crime Investigations;10
7.1;Analysis of Evidence Using Formal Event Reconstruction;96
7.1.1;Introduction;96
7.1.1.1;Formal Methods of Investigation;97
7.1.1.2;Contribution;97
7.1.1.3;Organization;98
7.1.2;Representing the System;98
7.1.2.1;Witness Statements;99
7.1.3;Constructing an Automata Representation of the System Model;99
7.1.3.1;Finite State Machine Model of the System;99
7.1.3.2;Automaton Model of the System;100
7.1.3.3;Algorithm for Constructing $M_{1}$;100
7.1.3.4;Witness Statements;101
7.1.4;Analysis of the Evidence;103
7.1.4.1;The Case (Adopted from [6]);103
7.1.4.2;Informal Analysis;103
7.1.4.3;Defining the Printer Model;104
7.1.4.4;Restriction of the Model;104
7.1.5;Conclusions;108
7.1.6;Applications and Future Work;108
7.1.7;References;109
7.2;Data Mining Instant Messaging Communications to Perform Author Identification for Cybercrime Investigations;110
7.2.1;Introduction;110
7.2.1.1;IM and Cybercrime;110
7.2.1.2;Authorship Analysis;111
7.2.1.3;IM Authorship Analysis and Cyber Forensics;112
7.2.1.4;Related Works;113
7.2.2;Research Methodology;113
7.2.2.1;Feature Set Taxonomy;114
7.2.3;Experiment Results and Analysis;115
7.2.4;Conclusions and Future Work;119
7.2.5;References;120
7.3;Digital Evidence Retrieval and Forensic Analysis on Gambling Machine;122
7.3.1;Introduction;122
7.3.2;Background Problem;123
7.3.3;Computer Forensic Research;123
7.3.3.1;Forensic Data Recovery from Flash Memory;124
7.3.3.2;Memory Acquisition Procedure for Digital Investigation;124
7.3.3.3;Xbox Forensics;124
7.3.3.4;Forensic Investigation of the Nintendo Wii;124
7.3.3.5;Preserving Computer Memory Using Expansion Card;125
7.3.3.6;A Methodology for Forensics Analysis of Embedded Systems;125
7.3.4;Forensic Analysis Design;125
7.3.5;Implementation and Results;126
7.3.5.1;Evidence Acquisition;126
7.3.5.2;Evidence Examination Procedure;127
7.3.6;Output Analysis;128
7.3.7;Solution to the Problem;128
7.3.8;Contribution;130
7.3.9;Conclusion;130
7.3.10;Future Work;131
7.3.11;References;131
8;Forensics & Law;11
8.1;Online Acquisition of Digital Forensic Evidence;133
8.1.1;Introduction;133
8.1.2;System Architecture;134
8.1.2.1;RAFT Client;135
8.1.2.2;RAFT Server;135
8.1.2.3;Forensic Integrity;135
8.1.3;Advantages;136
8.1.4;Potential Limitations;137
8.1.5;Results;139
8.1.6;Conclusion and Future Work;141
8.1.7;References;142
8.2;Criminal Defense Challenges in Computer Forensics;143
8.2.1;Background;143
8.2.2;Challenges;144
8.2.2.1;Possession Is 9/10 of the Law;144
8.2.2.2;Lack of Knowledge Is No Excuse;144
8.2.2.3;Confusing Time Stamps;145
8.2.2.4;Prosecution May Impede or Observe the Defense Discovery Process;145
8.2.2.5;Defense Is Unable to Authenticate Materials and Copies;146
8.2.2.6;Proprietary Software Tools and Problematic;146
8.2.2.7;Exculpatory Evidence May Be Uncollected, Withheld or Destroyed;148
8.2.2.8;Access to Legitimate Services Can Carry a High Degree of Risk;148
8.2.3;Conclusions;149
8.2.4;References;149
9;Cyber Security & Information Warfare;11
9.1;Detecting and Preventing the Electronic Transmission of Illicit Images and Its Network Performance;150
9.1.1;Introduction;150
9.1.2;Related Work;151
9.1.3;System Design and Implementation;153
9.1.3.1;Image Extraction;154
9.1.3.2;Training;154
9.1.3.3;Classification Distances;156
9.1.4;Experimental Results;157
9.1.4.1;Image Classification Performance;158
9.1.4.2;Network Performance;159
9.1.5;Conclusion and Recommendation;160
9.1.6;References;161
9.2;A Discretionary Access Control Method for Preventing Data Exfiltration (DE) via Removable Devices;162
9.2.1;Introduction;162
9.2.2;Related Work;164
9.2.3;Technical Design Overview;165
9.2.4;Research Results;169
9.2.5;Suggestions for Further Research;170
9.2.6;Conclusion;171
9.2.7;References;171
9.3;A Host-Based Approach to BotNet Investigation?;172
9.3.1;Introduction;172
9.3.2;Literature Review;173
9.3.3;The Methodology;174
9.3.3.1;Phase One – Collection of Digital Traces;175
9.3.3.2;Phase 2 – Reboot and Recapture;177
9.3.4;Case Analysis;178
9.3.5;Conclusions;179
9.3.6;References;180
10;Author Index;182
