Global ETD Search

81	Digital evidence : representation and assurance Schatz, Bradley Lawrence January 2007 (has links) The field of digital forensics is concerned with finding and presenting evidence sourced from digital devices, such as computers and mobile phones. The complexity of such digital evidence is constantly increasing, as is the volume of data which might contain evidence. Current approaches to interpreting and assuring digital evidence rely implicitly on the use of tools and representations made by experts in addressing the concerns of juries and courts. Current forensics tools are best characterised as not easily verifiable, lacking in ease of interoperability, and burdensome on human process. The tool-centric focus of current digital forensics practise impedes access to and transparency of the information represented within digital evidence as much as it assists, by nature of the tight binding between a particular tool and the information that it conveys. We hypothesise that a general and formal representational approach will benefit digital forensics by enabling higher degrees of machine interpretation, facilitating improvements in tool interoperability and validation. Additionally, such an approach will increase human readability. This dissertation summarises research which examines at a fundamental level the nature of digital evidence and digital investigation, in order that improved techniques which address investigation efficiency and assurance of evidence might be identified. The work follows three themes related to this: representation, analysis techniques, and information assurance. The first set of results describes the application of a general purpose representational formalism towards representing diverse information implicit in event based evidence, as well as domain knowledge, and investigator hypotheses. This representational approach is used as the foundation of a novel analysis technique which uses a knowledge based approach to correlate related events into higher level events, which correspond to situations of forensic interest. The second set of results explores how digital forensic acquisition tools scale and interoperate, while assuring evidence quality. An improved architecture is proposed for storing digital evidence, analysis results and investigation documentation in a manner that supports arbitrary composition into a larger corpus of evidence. The final set of results focus on assuring the reliability of evidence. In particular, these results focus on assuring that timestamps, which are pervasive in digital evidence, can be reliably interpreted to a real world time. Empirical results are presented which demonstrate how simple assumptions cannot be made about computer clock behaviour. A novel analysis technique for inferring the temporal behaviour of a computer clock is proposed and evaluated. digital evidence computer based electronic evidence digital forensics computer forensics forensic computing evidence provenance evidence representation knowledge representation
82	Anti-Forensik : Anti-forensiska metoder på mobila enheter Bade, Hans, Hedlund, Oscar January 2018 (has links) Mobiltelefoner har blivit grundläggande för extrahering av digitala artefakter i fo-rensiska utredningar. Androids Linuxbaserade operativsystem medför större möj-ligheter för anti-forensiska metoder, detta gör att kunskap om anti-forensik äressentiell för dagens IT-forensiska utredare. I denna studie belyses effekten avanti-forensik i Androidbaserade mobila enheter samt så upplyses det om dagensanti-forensiska attack metoder mot forensiska verktyg. Genom experiment så vi-sas det hur man kan förhindra ett forensisk verktyg från att extrahera data medanvändning av ett simpelt script. / Mobile phones have become essential for the extraction of digital artifacts in foren-sic investigations. Android’s Linux-based operating systems bring greater potentialfor anti-forensic methods, which means that knowledge of anti-forensics is essen-tial to today’s IT forensic investigators. In this study, the effect of anti-forensicson Android-based mobile devices is highlighted, as well as revealing today’s anti-forensic attack methods against forensic tools. By experiment, it is shown how toprevent a forensic tool from extracting data by using a simple script. Anti-Forensics Forensics mobile forensics Digital Forensics Anti-forensik forensik mobil forensik mobil anti-forensik Digital forensik Computer Engineering Datorteknik
83	Cluster-Slack Retention Characteristics: A Study of the NTFS Filesystem Blacher, Zak January 2010 (has links) This paper explores the statistical properties of microfragment recovery techniques used on NTFS filesystems in the use of digital forensics. A microfragment is the remnant file-data existing in the cluster slack after this file has been overwritten. The total amount of cluster slack is related to the size distribution of the overwriting files as well as to the size of cluster. Experiments have been performed by varying the size distributions of the overwriting files as well as the cluster sizes of the partition. These results are then compared with existing analytical models. / FIVES NTFS Fragment Microfragment Cluster Cluster Slack Slack FIVES Digital Forensics Partition Cylinder Head Sector Information Systems
84	Sběr indikátorů kompromitace z operačních systémů / Collecting Indicators of Compromise from Operating Systems Procházka, Jiří January 2019 (has links) Focus of this thesis is on the design and implementation of an application for gathering indicators of compromise from the systems. In the thesis, there is an introduction to the term indicator of compromise and description of commonly used categories. Next, there is a summary of existing tools with a similar focus. In the thesis, there is a list of some existing formats for sharing of indicators of compromise and selection of format which resulting application uses. After the implementation, application was tested both locally and on infrastructure of cyber exercise.
85	Enhancing Supply Chain Cybersecurity with Blockchain Hämäläinen, Ari, Nadesan, Rekha January 2022 (has links) Supply chains have become targets for hostile cyber actors. Motivations for cyber crimes include intellectual property theft, customer data theft and industrial espionage. The cyber threat landscape in which businesses operate is constantly evolving. The consequences of a successful cyber attack can be devastating for a business. Increasing the resilience of the supply chain in the digital environment is a complex task because the supply chain consists of different organisations with varying levels of cybersecurity defence capability. Orchestrating cybersecurity improvement in a supply chain requires visibility into the security posture of each participating organisation and this is generally lacking. This thesis studies the potential use of blockchain for enhancing the cybersecurity of the supply chain. The study simulates a permissioned blockchain among supply chain members to monitor digital assets important for cybersecurity. The blockchain is analysed to extract insights from the perspective of a supply chain cybersecurity oversight role. The study finds that a blockchain can provide visibility by sharing cybersecurity-related information among supply chain members. It can also provide a digital forensic record for incident response and forensic investigations. Cybersecurity blockchain supply chain digital forensics informationssäkerhet säkerhet cybersäkerhet totalförsvaret Other Computer and Information Science Annan data- och informationsvetenskap
86	Comparative Analysis & Study of Android/iOS MobileForensics Tools / Komparativ Analys & Studie av Android/iOS Forensik Verktyg för Mobiltelefoner Shakir, Amer, Hammad, Muhammad, Kamran, Muhammad January 2021 (has links) This report aims to draw a comparison between two commercial mobile forensics and recovery tools, Magnet AXIOM and MOBILedit. A thorough look at previously done studies was helpful to know what aspects of the data extractions must be compared and which areas are the most important ones to focus upon. This work focuses on how the data extracted from one tool compares with another and provides comprehensive extraction based on different scenarios, circumstances, and aspects. Performances of both tools are compared based on various benchmarks and criteria. This study has helped establish that MOBILedit has been able to outperform Magnet AXIOM on more data extraction and recovery aspects. It is a comparatively better tool to get your hands on. Mobile forensics recovery tools Magnet AXIOM MOBILedit data extractions comparison forensic tools digital forensics mobile forensic tools Computer Systems Datorsystem
87	Integritet av IT-forensiska verktyg för automatisk analys / Integrity of IT-forensic tools regarding automated analysis Canovas Thorsell, Roberto January 2021 (has links) IT-relaterad brottslighet ökar lavinartat och Polismyndigheten står inför nya utmaningar i att identifiera gärningsmän. Allt mer mjukvaror och tjänster blir automatiserade och det gäller även mjukvarorna som Polismyndigheten använder sig av. En av utmaningarna är den oerhörda mängd data som måste processas och analyseras i undersökningar och då förutsätts det att verktygen presenterar data med bibehållen integritet. Verktygen som används är nästan alltid tredjepartsmjukvara och då är det viktigt att rätt data plockas ut och att datan är korrekt. Denna studie har som mål att jämföra två mjukvaror i hur de identifierar och presenterar data. Studien görs i samverkan med Polismyndigheten vid Regionalt IT-brottscentrum Väst – Skövde och hoppas inbringa nya insikter och kunskaper i de verktyg som jämförelsen grundas på och med hjälp av kunskaperna kunna värdesätta integriteten hos verktygen. Resultatet som framträder i studien är att verktygen presenterar data med bibehållen integritet. / Cybercrime is on the rise in society and the Swedish Police is facing new challenges in identifying criminals. More tools and services are becoming automated, and this also applies to the tools that the Swedish Police uses. One of the challenges is the enormous amount of data that must be processed and analyzed during investigations. The tools used are always third-party programs and IT-forensics needs to rely on the organization that makes the software. This study aims to evaluate two different tools in how they identify and present artifacts. The study is conducted in collaboration with the Police Authority at the Regional IT Crime Center West - Skövde and hopes to bring new insights and knowledge into the tools on which the comparison is based on and with the help of the knowledge be able to value the integrity of the tools. The result that the study presents is that the tools are presenting data with preserved integrity. Digital forensics automated analysis Autopsy Magnet Axiom IT-forensik automatisk analys Autopsy Magnet Axiom Information Systems
88	Completing the Picture : Fragments and Back Again Karresand, Martin January 2008 (has links) Better methods and tools are needed in the fight against child pornography. This thesis presents a method for file type categorisation of unknown data fragments, a method for reassembly of JPEG fragments, and the requirements put on an artificial JPEG header for viewing reassembled images. To enable empirical evaluation of the methods a number of tools based on the methods have been implemented. The file type categorisation method identifies JPEG fragments with a detection rate of 100% and a false positives rate of 0.1%. The method uses three algorithms, Byte Frequency Distribution (BFD), Rate of Change (RoC), and 2-grams. The algorithms are designed for different situations, depending on the requirements at hand. The reconnection method correctly reconnects 97% of a Restart (RST) marker enabled JPEG image, fragmented into 4 KiB large pieces. When dealing with fragments from several images at once, the method is able to correctly connect 70% of the fragments at the first iteration. Two parameters in a JPEG header are crucial to the quality of the image; the size of the image and the sampling factor (actually factors) of the image. The size can be found using brute force and the sampling factors only take on three different values. Hence it is possible to use an artificial JPEG header to view full of parts of an image. The only requirement is that the fragments contain RST markers. The results of the evaluations of the methods show that it is possible to find, reassemble, and view JPEG image fragments with high certainty. Computer security computer forensics digital forensics file carving data recovery fragment reassembly file type categorisation Computer Sciences Datavetenskap (datalogi)
89	Forensic Analysis of GroupMe on Android and iOS Smartphones Tanvi Milind Gandhi (11205891) 30 July 2021 (has links) The growing popularity of instant messaging has led to the conception of several new applications over the span of the past decade. This has opened up an attack surface for cybercriminals to target susceptible app users. GroupMe is a free IM app widely used by students and so far, no comprehensive forensic analysis has been performed to aid forensic practitioners in recovering evidence from GroupMe on smartphones. This research performs a detailed analysis of the digital artifacts left by the app on Android and iOS devices. This was achieved by installing the app on two mobile phones (Samsung Galaxy S7 Edge and iPhone 6), and identifying each artifact created by performing a series of actions in the app ranging from sending texts, to sharing images and documents, along with their location. Using Cellebrite UFED and Magnet AXIOM, a significant number of artifacts were accurately recovered mainly from the “GroupMe.sqlite” and “GroupMe.sqlite-wal” databases. Out of the 335 artifacts populated on the iPhone, 317 were correctly recovered by both UFED and AXIOM, resulting in an accuracy of 94.62%. No GroupMe related artifacts could be recovered from the Android device. This was due to several physical imaging and rooting limitations imposed by the Samsung SM-935A model, which was used during the study. Uncategorized Digital Forensics Cyber Forensics Mobile Forensics Forensic Analysis GroupMe Android Forensics iOS Forensics UFED Cellebrite Magnet AXIOM
90	Uncovering Signal : Simplifying Forensic Investigations of the Signal Application / Signals Svaghet : Underlättande av forensiska undersökningar av chatapplikationen Signal Liljekvist, Erika, Hedlund, Oscar January 2021 (has links) The increasing availability of easy-to-use end-to-end encrypted messaging applications has made it possible for more people to conduct their conversations privately. This is something that criminals have taken advantage of and it has proven to make digital forensic investigations more difficult as methods of decrypting the data are needed. In this thesis, data from iOS and Windows devices is extracted and analysed, with focus on the application Signal. Even though other operating systems are compatible with the Signal application, such as Android, it is outside the scope of this thesis. The results of this thesis provide access to data stored in the encrypted application Signalwithout the need for expensive analysis tools. This is done by developing and publishing the first open-source script for decryption and parsing of the Signal database. The script is available for anyone at https://github.com/decryptSignal/decryptSignal. Signal Encryption Digital forensics Database analysis Decryption SQLCipher Jailbreak Objection FRIDA Open-source Digital forensic tool Computer Systems Datorsystem

Search results