VTAC : virtual terrain assisted impact assessment for cyber attacks /

Argauer, Brian John.

January 2007

Thesis (M.S.)--Rochester Institute of Technology, 2007. / Typescript. Includes bibliographical references (leaves 96-98).

A comparison of open source and proprietary digital forensic software

Sonnekus, Michael Hendrik

January 2015

Scrutiny of the capabilities and accuracy of computer forensic tools is increasing as the number of incidents relying on digital evidence and the weight of that evidence increase. This thesis describes the capabilities of the leading proprietary and open source digital forensic tools. The capabilities of the tools were tested separately on digital media that had been formatted using Windows and Linux. Experiments were carried out with the intention of establishing whether the capabilities of open source computer forensics are similar to those of proprietary computer forensic tools, and whether these tools could complement one another. The tools were tested with regards to their capabilities to make and analyse digital forensic images in a forensically sound manner. The tests were carried out on each media type after deleting data from the media, and then repeated after formatting the media. The results of the experiments performed demonstrate that both proprietary and open source computer forensic tools have superior capabilities in different scenarios, and that the toolsets can be used to validate and complement one another. The implication of these findings is that investigators have an affordable means of validating their findings and are able to more effectively investigate digital media.

Computer crimes

Computer crimes -- Investigation

Electronic evidence

Open source software

Automating case reports for the analysis of digital evidence

Cassidy, Regis H. Friend

09 1900

The reporting process during computer analysis is critical in the practice of digital forensics. Case reports are used to review the process and results of an investigation and serve multiple purposes. The investigator may refer to these reports to monitor the progress of his analysis throughout the investigation. When acting as an expert witness, the investigator will refer to organized documentation to recall past analysis. A lot of time can elapse between the analysis and the actual testimony. Specific reports may also be used in court as visual aids. Not all cases make it to court, but corporate managers will still likely want to review a case report. Since digital forensics is a relatively new field and can have a high learning curve, reports may be used as a mechanism for sharing knowledge of digital forensic practices. Existing open source forensics tools are an inexpensive alternative to commercial products, but lack the functionality to generate case reports. Open source tools are more likely to be accepted by the professional forensics community with this added capability. This thesis adds case report features to the Sleuth Kit and Autopsy Forensic Browser suite of tools, the premiere open-source forensics analysis software currently available.

Computer science

Computer crimes

Investigation

Bloom Filters for Filesystem Forensics

Bourg, Rachel

15 December 2006

Digital forensics investigations become more time consuming as the amount of data to be investigated grows. Secular growth trends between hard drive and memory capacity just exacerbate the problem. Bloom filters are space-efficient, probabilistic data structures that can represent data sets with quantifiable false positive rates that have the potential to alleviate the problem by reducing space requirements. We provide a framework using Bloom filters to allow fine-grained content identification to detect similarity, instead of equality. We also provide a method to compare filters directly and a statistical means of interpreting the results. We developed a tool--md5bloom--that uses Bloom filters for standard queries and direct comparisons. We provide a performance comparison with a commonly used tool, md5deep, and achieved a 50% performance gain that only increases with larger hash sets. We compared filters generated from different versions of KNOPPIX and detected similarities and relationships between the versions.

Computer crimes investigation

Forensic sciences

Investigation models for emerging computer forensic challenges

Law, Yuet-wing., 羅越榮.

January 2011

published_or_final_version / Computer Science / Doctoral / Doctor of Philosophy

Computer crimes - Investigation.

Forensic sciences.

The research of using Bayesian inferential network in digital forensicanalysis

Kwan, Yuk-kwan., 關煜群.

January 2011

published_or_final_version / Computer Science / Doctoral / Doctor of Philosophy

Computer crimes - Investigation.

Computer security.

Cyber terrorism and its affects on the population of the United States of America

Holleman, Matthew S.

January 1900

Thesis (M.A. in Liberal Art) -- Siena Heights University, 2009. / Title from electronic submission form. Includes bibliographical references (p.27-29) and abstract.

Foresight Countering Malware through Cooperative Forensics Sharing

Zaffar, Muhammad Fareed,

January 2008

Thesis (Ph. D.)--Duke University, 2008.

The representation of the use of social media for committing cyber-crimes in selected South African newspapers

Hewana, Sandiswa

January 2013

This study aimed to provide insights into the manner in which the representation of social media usage in relation to cyber-related crimes within selected South African newspapers can potentially shape the ideas and perceptions that society may have towards social networking channels. Drawing on the literature from fields such as developmental studies, new media studies, identity formation and cyber-criminality, an analysis of the Price Water House Coopers Global Economic Survey (2011) was used to provide some insight into the issue of cyber-crime within South Africa. The survey which was conducted by Price Water House Coopers revealed that South Africa is ranked second in the world with the highest rate of reported fraud cases. According to them this rate is comparatively higher than the escalating percentage of cases reported in the United States and other nations. In order to correlate and illustrate some of the findings of the survey and that which was found through primary research, an in-depth content analysis applying limited designations analysis and detailed assertions analysis techniques (Du Plooy, 2007) has been performed on selected content from local print and online publications such as The Herald, Algoa Sun, The Weekend Post, The Sunday Times and News24, from the time period of January 2009 until January 2012. Herewith, a total of 125 articles were analysed in order to determine the tone and thematic nature of the communication within the respective platforms. Furthermore, the mass media has been argued as being the main platform of communication within society. Whereby, different communication techniques are used to communicate with different target audiences. On a theoretical level, the study explored whether or not social media perpetuates the prejudices of the modernisation theory or serves to challenge such prejudices. Furthermore, the study explored whether social media may potentially have an impact on the reported cyber-related crimes. Associated theory such as the representation theory, globalization, the privacy trust model, social contract theory, media richness theory, participatory theory, convergence, the digital divide, media-centricity, dependency and identity formation has been explored. It was found that social networking sites Facebook and Mxit have been represented as the most common platforms of cyber-related crime and women and teenagers are the most popular victims. The likelihood of individuals being exposed to cyber-crime within social networks is high due to the fact in order to develop online relationships, personal information needs to be shared. The Privacy Trust model was identified as being an important factor which shaped the findings of this study. This is due to the fact that a certain level of trust is held by social network subscribers to the Internet hosts who they entered into a social contract with and with their friends.

Computer crimes

Crime in mass media

Improved network security and disguising TCP/IP fingerprint through dynamic stack modification

Judd, Aaron C.

09 1900

"Each computer on a network has an OS Fingerprint that can be collected through various applications. Because of the complexity of network systems, vulnerabilities and exploitations of the same to gain access to systems will always be a problem. Those wishing to attack a system can use the OS Fingerprint to identify the types of vulnerabilities and software exploits that will be effective against the system. This paper discusses how system vulnerabilities become exploited and used by network attackers. Because OS Fingerprints are one of many tools network attackers will use to identify and attack a system, concealing a system's OS Fingerprint becomes an important part of securing that system. To demonstrate the capability of concealing the OS Fingerprint of a system, a prototype system was developed. This prototype changed the OS Fingerprint of a Linux system so that it matched a Windows NT system.

Fingerprints

Computers

Computer crimes

Software engineering