Global ETD Search

11	Ανάλυση μεθόδων και ανάπτυξη εργαλείου για αυτοματοποίηση διαδικασιών ανάλυσης αποδεικτικών στοιχείων υπολογιστών Σερέτης, Δημήτριος 07 April 2011 (has links) H τεράστια ανάπτυξη του διαδικτύου οδηγεί καθημερινά στην μετατροπή των δεδομένων του φυσικού κόσμου σε ψηφιακή - ηλεκτρονική μορφή. Καθώς σχεδόν οποιαδήποτε υπηρεσία ή οργανισμός, ιδρύματα, εταιρείες και ιδιώτες χρησιμοποιούν υπολογιστές με πρόσβαση στο διαδίκτυο τις περισσότερες φορές για την διαχείριση των δεδομένων τους, η αξία της πληροφορίας που συγκεντρώνεται στο διαδίκτυο αποκτά τεράστιες διαστάσεις και γίνεται ένα θέμα που ολοένα και περισσότερο συζητιέται. Σε πολλές περιπτώσεις μάλιστα, ολόκληρη η πληροφορία είναι αποθηκευμένη σε ψηφιακά μέσα, χωρίς να υπάρχει σε έντυπη ή αναλογική μορφή. Ο πληθυσμός του Internet αν και έχει ακουστά πολλές περιπτώσεις παραβίασης της ασφάλειας συστημάτων και κλοπής δεδομένων, δεν έχει δεχτεί μια ολοκληρωμένη εκπαίδευση σε θέματα που αφορούν την δικτυακή ασφάλεια. Οι περισσότεροι χρήστες βρίσκονται σε σύγχυση όσον αφορά την ασφάλεια των δεδομένων τους, μην γνωρίζοντας τους κινδύνους και τις απειλές που αντιμετωπίζουν, ενώ οι εταιρείες παροχής υπηρεσιών -είτε πρόκειται για email, είτε για υποβολή φορολογικών δηλώσεων και web banking- εθίζουν τους χρήστες σε πρακτικές χαμηλής ασφάλειας και παρέχουν μια αίσθηση ότι ασχολούνται αποτελεσματικά με την ασφάλεια των δεδομένων τους. Στην διπλωματική αυτή εργασία προσπαθήσαμε να κατανοήσουμε τα προβλήματα ασφαλείας που υπάρχουν και τις επιπτώσεις τους. Λαμβάνουμε υπόψη θέματα ασφαλείας που σχετίζονται με το TCP/IP και περιγράφουμε το μοντέλο OSI. Αναλύουμε την εξέλιξη των επιθέσεων και τα τρωτά σημεία που εκμεταλλεύονται συνήθως οι εισβολείς. Περιγράφουμε την μεθοδολογία με την οποία δρα ένας εισβολέας καθώς και εργαλεία που χρησιμοποιεί. Στην συνέχεια επικεντρωνόμαστε στις δυνατότητες που έχουν οι διαχειριστές συστημάτων για την προστασία των σταθμών εργασίας, των εξυπηρετητών και στην προστασία του δικτύου στο σύνολό του. Δώσαμε έμφαση στην διαδικασία παραβίασης ενός εξυπηρετητή του διαδικτύου και προτείναμε τρόπους θωράκισης. Αναφέραμε επίσης συστήματα ανίχνευσης εισβολών που υπάρχουν και τα κατηγοριοποιήσαμε. Τέλος αναπτύξαμε μια σειρά από εργαλεία που χρησιμοποιούνται στις εγκληματολογικές έρευνες, για συλλογή και ανάλυση των δεδομένων που υπήρξαν σε κάποιο συμβάν. Συνοψίζοντας, η διπλωματική εργασία έχει ως κύριο στόχο να ενημερώσει για θέματα ασφάλειας που απασχολούν τόσο έναν διαχειριστή ενός υπολογιστικού συστήματος, όσο και τον απλό χρήστη που αναζητά προστασία στον κόσμο της πληροφορίας και της δικτύωσης. / - 005.8 Computer forensics
12	Validação de dados através de hashes criptográficos: uma avaliação na perícia forense computacional brasileira LIMA, José Paulo da Silva 31 August 2015 (has links) Submitted by Fabio Sobreira Campos da Costa (fabio.sobreira@ufpe.br) on 2016-03-15T14:10:33Z No. of bitstreams: 2 license_rdf: 1232 bytes, checksum: 66e71c371cc565284e70f40736c94386 (MD5) Mestrado - CIn-UFPE - José Paulo.pdf: 1469540 bytes, checksum: ce7369f282093630fb39f482f5e6b4f9 (MD5) / Made available in DSpace on 2016-03-15T14:10:33Z (GMT). No. of bitstreams: 2 license_rdf: 1232 bytes, checksum: 66e71c371cc565284e70f40736c94386 (MD5) Mestrado - CIn-UFPE - José Paulo.pdf: 1469540 bytes, checksum: ce7369f282093630fb39f482f5e6b4f9 (MD5) Previous issue date: 2015-08-31 / A criptografia tem três princípios básicos: garantir a confidencialidade das mensagens, que elas não sejam alteradas por intrusos e que a mensagem flua entre o remetente e destinatário sem que haja a interrupção desta comunicação. Visto resumidamente as metas de um esquema criptográfico, podemos observar o quão importante a criptografia é nos dias atuais. Funções hash são usadas comumente para garantir a integridade de dados, ou seja, garantir que os dados não foram mudados. Os hashes acabam sendo usados em diversas áreas, especialmente na perícia computacional onde o perito prova que não alterou os dados que ele coletou. Porém, seria necessário que houvesse um maior cuidado com a utilização de hashes, afinal existem muitos deles que são considerados inseguros e podem continuar a ser usados indevidamente. Visto isso, este trabalho tenta analisar o cenário atual dentro da perícia forense computacional e da legislação de alguns países, com o objetivo de apontar melhorias para que despertem uma preocupação quanto a confiança na utilização dos hashes criptográficos. / The cryptography has three basic principles: ensure the confidentiality of messages, don’t be changed by intruders and the message flow between the sender and the recipient without any interruption in communication. Considering the goals of a cryptographic scheme, we can realise how important encryption is today. Hash functions are commonly used to ensure data integrity, that is, ensure that the data haven’t changed. Hashes are used in various fields, especially in computer forensics where the specialist proves that he didn’t manipulate the data he collected. However, it would be necessary a greater concern with the use of hashes, after all there are many of them who are considered unsafe and can to continue to be used incorrectly. Considering it, this paper attempts to analyze the current situation within the computer forensic expertise and the legislation of some countries, in order to point out improvements to awaken a concern with the confidence in the use of cryptographic hashes. Criptografia Funções Hash Forense Computacional Cryptography Hash Functions Computer Forensics
13	Trusted memory acquisition using UEFI Markanovic, Michel, Persson, Simeon January 2014 (has links) Context. For computer forensic investigations, the necessity of unmodified data content is of vital essence. The solution presented in this paper is based on a trusted chain of execution, that ensures that only authorized software can run. In the study, the proposed application operates in an UEFI environment where it has a direct access to physical memory, which can be extracted and stored on a secondary storage medium for further analysis. Objectives. The aim is to perform this task while being sheltered from influence from a potentially contaminated operating system. Methods. By identifying key components and establishing the foundation for a trusted environment where the memory imaging tool can, unhindered, operate and produce a reliable result Results. Three distinct states where trust can be determined has been identified and a method for entering and traversing them is presented. Conclusions. Tools that does not follow the trusted model might be subjected to subversion, thus they might be considered inadequate when performing memory extraction for forensic purposes. UEFI Secure Boot trust computer forensics Computer Sciences Datavetenskap (datalogi)
14	The Comprehensive Digital Forensic Investigation Process Model (CDFIPM) for digital forensic practice Montasari, Reza January 2016 (has links) No description available.
15	Automated Data Type Identification And Localization Using Statistical Analysis Data Identification Moody, Sarah Jean 01 December 2008 (has links) This research presents a new and unique technique called SÁDI, statistical analysis data identification, for identifying the type of data on a digital device and its storage format based on data type, specifically the values of the bytes representing the data being examined. This research incorporates the automation required for specialized data identification tools to be useful and applicable in real-world applications. The SÁDI technique utilizes the byte values of the data stored on a digital storage device in such a way that the accuracy of the technique does not rely solely on the potentially misleading metadata information but rather on the values of the data itself. SÁDI provides the capability to identify what digitally stored data actually represents. The identification of the relevancy of data is often dependent upon the identification of the type of data being examined. Typical file type identification is based upon file extensions or magic keys. These typical techniques fail in many typical forensic analysis scenarios, such as needing to deal with embedded data, as in the case of Microsoft Word files or file fragments. These typical techniques for file identification can also be easily circumvented, and individuals with nefarious purposes often do so. statistical analysis computer security computer forensics data type identification SADI statistical analysis data identification Computer Sciences
16	Analysing E-mail Text Authorship for Forensic Purposes Corney, Malcolm W. January 2003 (has links) E-mail has become the most popular Internet application and with its rise in use has come an inevitable increase in the use of e-mail for criminal purposes. It is possible for an e-mail message to be sent anonymously or through spoofed servers. Computer forensics analysts need a tool that can be used to identify the author of such e-mail messages. This thesis describes the development of such a tool using techniques from the fields of stylometry and machine learning. An author's style can be reduced to a pattern by making measurements of various stylometric features from the text. E-mail messages also contain macro-structural features that can be measured. These features together can be used with the Support Vector Machine learning algorithm to classify or attribute authorship of e-mail messages to an author providing a suitable sample of messages is available for comparison. In an investigation, the set of authors may need to be reduced from an initial large list of possible suspects. This research has trialled authorship characterisation based on sociolinguistic cohorts, such as gender and language background, as a technique for profiling the anonymous message so that the suspect list can be reduced. E-Mail Computer Forensics Authorship Attribution Authorship Characterisation Stylistics Support Vector Machine
17	Hash Comparison Module for OCFA Axelsson, Therese, Melani, Daniel January 2010 (has links) Child abuse content on the Internet is today an increasing problem and difficult to dealwith. The techniques used by paedophiles are getting more sophisticated which means ittakes more effort of the law enforcement to locate this content. To help solving this issue, a EU-funded project named FIVES is developing a set oftools to help investigations involving large amounts of image and video material. One ofthese tools aims to help identifying potentially illegal files by hash signatures derived fromusing classification information from another project. / FIVES Algorithms database hash OCFA FIVES Computer Forensics Computer Sciences Datavetenskap (datalogi)
18	Considerations towards the development of a forensic evidence management system Arthur, Kweku Kwakye 23 July 2010 (has links) The decentralized nature of the Internet forms its very foundation, yet it is this very nature that has opened networks and individual machines to a host of threats and attacks from malicious agents. Consequently, forensic specialists - tasked with the investigation of crimes commissioned through the use of computer systems, where evidence is digital in nature - are often unable to adequately reach convincing conclusions pertaining to their investigations. Some of the challenges within reliable forensic investigations include the lack of a global view of the investigation landscape and the complexity and obfuscated nature of the digital world. A perpetual challenge within the evidence analysis process is the reliability and integrity associated with digital evidence, particularly from disparate sources. Given the ease with which digital evidence (such as metadata) can be created, altered, or destroyed, the integrity attributed to digital evidence is of paramount importance. This dissertation focuses on the challenges relating to the integrity of digital evidence within reliable forensic investigations. These challenges are addressed through the proposal of a model for the construction of a Forensic Evidence Management System (FEMS) to preserve the integrity of digital evidence within forensic investigations. The Biba Integrity Model is utilized to maintain the integrity of digital evidence within the FEMS. Casey's Certainty Scale is then employed as the integrity classifcation scheme for assigning integrity labels to digital evidence within the system. The FEMS model consists of a client layer, a logic layer and a data layer, with eight system components distributed amongst these layers. In addition to describing the FEMS system components, a fnite state automata is utilized to describe the system component interactions. In so doing, we reason about the FEMS's behaviour and demonstrate how rules within the FEMS can be developed to recognize and pro le various cyber crimes. Furthermore, we design fundamental algorithms for processing of information by the FEMS's core system components; this provides further insight into the system component interdependencies and the input and output parameters for the system transitions and decision-points infuencing the value of inferences derived within the FEMS. Lastly, the completeness of the FEMS is assessed by comparing the constructs and operation of the FEMS against the published work of Brian D Carrier. This approach provides a mechanism for critically analyzing the FEMS model, to identify similarities or impactful considerations within the solution approach, and more importantly, to identify shortcomings within the model. Ultimately, the greatest value in the FEMS is in its ability to serve as a decision support or enhancement system for digital forensic investigators. Copyright / Dissertation (MSc)--University of Pretoria, 2010. / Computer Science / unrestricted Investigations Finite state automata Forensic evidence management system Computer forensics Digital forensics UCTD
19	Forensic Computing for Non-Profits: A Case Study for Consideration When Non-Profits Need to Determine if a Computer Forensic Investigation is Warranted. McCallister, Ronald F. 18 December 2004 (has links) (PDF) Non-profit organizations are faced with unique personnel and resource limitations. When their network systems are compromised, these organizations are faced with determining whether or not to invest the time and effort into a forensic investigation. With specific consideration given to the unique concerns of these non-profit organizations, the goal of this work is to define how the administrators of non-profit organizations can conduct forensic investigations. To advance this goal, a case study was created to highlight the tools and methodologies available to cost-conscious organizations. Of a major concern to these organizations is the learning curve required to properly implement an investigation; this work not only details which tools are suggested for use, but also describes how to use them. In the final evaluation, organizations balance the cost in manpower and resources against the benefits of prosecution and education. case study data recovery recovery forensics non-profit Computer Forensics Computer Sciences Physical Sciences and Mathematics
20	A concept mapping case domain modeling approach for digital forensic investigations Tanner, April L 10 December 2010 (has links) Over the decades, computer forensics has expanded from primarily examining computer evidence found on hard drives into the examination of digital devices with increasing storage capacity, to the identification of crimes and illegal activities involving the use of computers, to addressing standards and practices deficiencies, and to addressing the need to educate and train law enforcement, computer forensic technicians, and investigators. This dissertation presents the concept mapping case domain modeling approach to aid examiners/investigators in searching and identifying digital evidence and analyzing the case domain during the examination and analysis phase of the computer forensic investigation. The examination and analysis phases of a computer forensic process are two of the most important phases of the investigative process because the search for and identification of evidence data is crucial to a case; any data uncovered will help determine the guilt or innocence of a suspect. In addition, these phases can become very time consuming and cumbersome. Therefore, finding a method to reduce the amount of time spent searching and identifying potential evidence and analyzing the case domain would greatly enhance the efficiency of the computer forensic process. The hypothesis of this dissertation is that the concept mapping case domain modeling approach can serve as a method for organizing, examining, and analyzing digital forensic evidence and can enhance the quality of forensic examinations without increasing the time required to examine and analyze forensic evidence by more than 5%. Four experiments were conducted to evaluate the effectiveness of the concept mapping case domain modeling approach. Analysis of the experiments supports the hypothesis that the concept mapping case domain modeling approach can be used to organize, search, identify, and analyze digital evidence in an examination. digital forensic process digital forensic investigations case domain modeling computer forensics concept mapping

Search results