Forensics

Analysis of Data Recovered from Computer Disks released for Resale by Organisations

ABSTRACT

Public and private sector organisations frequently use computer storage media to hold information relating to their business or services, their employees and customers. Private individuals make use of personal computers in their home and frequently store personal information relating to both themselves and their families.  This raises questions about privacy and the need to dispose of data thoroughly and securely. Most organisations and individuals are probably blissfully unaware of what actually happens to the storage media in the form of the hard disk drives that are fitted into the computers, after they have disposed of old equipment.

Analysis of Programmable Logic Controller Firmware for Threat Assessment and Forensic Investigation

ABSTRACT

Industrial Control Systems are developing into highly networked collections of
distributed devices. The next generation of threats is likely to focus on PLC firmware. Just as traditional computer malware evolved to hide itself using operating system-level rootkits, so will ICS attacks evolve to embed themselves in the PLC equivalent: the firmware. This paper discusses the techniques and procedures required to access, inspect, and manipulate the firmware of an Allen-Bradley PLC. A detailed analysis provides details about the capabilities and methods required by an attacker, and the effectiveness of recovering PLC firmware for forensic investigation of a potential attack.

To Catch a Thief in the Cloud: A Paradigm for Law Enforcement

ABSTRACT

Control over most of the world’s data including national security, criminal investigations, medical secrets, intellectual property, and a host of other important rights and responsibilities is governed by a paradigm that is conducted in the Internet ‘cloud’. Based on empirical research and an analysis of international and national legal regimes, case decisions, and forensic case analysis, this paper explores the challenges of reaching into the cloud and the proactive measures that will be necessary to improve legal certainty in the global electronic marketplace. The paper then considers the international and national frameworks necessary for control over the predators in the cloud, and the nature and type of evidentiary and jurisdictional issues that may arise in courts of law and tribunals around the globe.

Locating Zero-Day Exploits with Coarse-Grained Forensics

ABSTRACT

This paper describes a novel coarse-grained forensics capability for locating zero-day exploits by recording and correlating on-host actions with network packets, with no discernible impact on user experience. The technology builds upon the Bear micro-kernel, a clean-slate custom OS specifically designed with modern Intel security features and Multics style protections. The capability provides an alternative to fine-grained techniques, such as memory taint tracking, that are intractable approaches for high-volume Internet facing servers. Two associated network attack scenarios, modelled from typical website designs, are described in order to illustrate how the technique can be used, and the associated results are presented.

Fusion of Malware and Weapons Taxonomies for Analysis

ABSTRACT

This theoretical research uses forensic practices to support a likely resultant taxonomy for weaponized malware. Current malware taxonomies focus on behaviours, generations, and targets as part of their definitions. Naming and generational coding are often inherent in the taxonomical definition of a malware variant. In considering malware that may be weaponized, two core questions need to be answered. What makes a particular piece of malware a weapon, and is there such a thing? This research answers both questions and attempts to structure taxonomy. In this research, taxonomies of malware and weapons are considered for fusion in such a way as a taxonomical derivation will allow for discussion and evaluation of possible malware targets.

Journal of Information Warfare

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

Keywords

A

AI
APT

C

C2
C2S
CDX
CIA
CIP
CPS

D

DNS
DoD
DoS

I

IA
ICS

M

P

PDA

S

SOA

X

XRY

Quill Logo

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

SUBSCRIBE NOW

Get in touch

Registered Agent and Mailing Address

  • Journal of Information Warfare
  •  ArmisteadTEC
  • Dr Leigh Armistead, President
  • 1624 Wakefield Drive
  • Virginia Beach, VA 23455

 757.510.4574

 JIW@ArmisteadTec.com