Cloud computing is becoming the developing trend in the information field.It causes many transforms in the related fields.In order to adapt such changes,computer forensics is bound to improve and integrate into the ne...Cloud computing is becoming the developing trend in the information field.It causes many transforms in the related fields.In order to adapt such changes,computer forensics is bound to improve and integrate into the new environment.This paper stands on this point,suggests a computer forensic service framework which is based on security architecture of cloud computing and requirements needed by cloud computing environment.The framework introduces honey farm technique,and pays more attention on active forensics,which can improve case handling efficiency and reduce the cost.展开更多
Computer forensics is the science of obtaining,preserving,and documenting evidence from computers,mobile devices as well as other digital electronic storage devices.All must be done in a manner designed to preserve th...Computer forensics is the science of obtaining,preserving,and documenting evidence from computers,mobile devices as well as other digital electronic storage devices.All must be done in a manner designed to preserve the probative value of the evidence and to assure its admissibility in a legal proceeding.However,computer forensics is continually evolving as existing technologies progress and new technologies are introduced.For example,digital investigators are required to investigate content on mobile device or data stored at the cloud servers.With the popularity of computers in everyday life as well as the acceleration of cybercrime rates in recent years,computer forensics is becoming an essential element of modern IT security.This paper will cover the development of computer forensics in law enforcement and discuss the development in the latest live forensics skillsets.A number of interested areas of computer forensics will be also highlighted to explain how it can support IT security and civil / criminal investigation.展开更多
Cloud computing is an emerging technology that is being widely adopted throughout the world due to its ease-of-use. Organizations of all types can use it without pre-requisites such as IT infra-structure, technical sk...Cloud computing is an emerging technology that is being widely adopted throughout the world due to its ease-of-use. Organizations of all types can use it without pre-requisites such as IT infra-structure, technical skills, managerial overload, storage capacity, processing power, and data recovery or privacy setup. It can be availed by all clients as per their needs, expectations and budget. However, cloud computing introduces new kinds of security vulnerabilities that need to be ad-dressed. Traditional “Computer Forensics” deals with detection, preemption and prevention of IT triggered frauds and crimes but it lacks the ability to deal with cybercrimes pertaining to cloud computing environment. In this paper, we focus on forensics issues in cloud computing, assess limitations of forensic team and present the obstacles faced during investigation.展开更多
Memory analysis is one of the key techniques in computer live forensics. Especially,the analysis of a Mac OS X operating system's memory image file plays an important role in identifying the running status of an a...Memory analysis is one of the key techniques in computer live forensics. Especially,the analysis of a Mac OS X operating system's memory image file plays an important role in identifying the running status of an apple computer. However,how to analyze the image file without using extra"mach-kernel"file is one of the unsolved difficulties. In this paper,we firstly compare several approaches for physical memory acquisition and analyze the effects of each approach on physical memory. Then,we discuss the traditional methods for the physical memory file analysis of Mac OS X. A novel physical memory image file analysis approach without using extra"mach-kernel"file is proposed base on the discussion. We verify the performance of the new approach on Mac OS X 10. 8. 2. The experimental results show that the proposed approach is simpler and more practical than previous ones.展开更多
Internet security problems remain a major challenge with many security concerns such as Internet worms, spam, and phishing attacks. Botnets, well-organized distributed network attacks, consist of a large number of bot...Internet security problems remain a major challenge with many security concerns such as Internet worms, spam, and phishing attacks. Botnets, well-organized distributed network attacks, consist of a large number of bots that generate huge volumes of spam or launch Distributed Denial of Service (DDoS) attacks on victim hosts. New emerging botnet attacks degrade the status of Internet security further. To address these problems, a practical collaborative network security management system is proposed with an effective collaborative Unified Threat Management (UTM) and traffic probers. A distributed security overlay network with a centralized security center leverages a peer-to-peer communication protocol used in the UTMs collaborative module and connects them virtually to exchange network events and security rules. Security functions for the UTM are retrofitted to share security rules. In this paper, we propose a design and implementation of a cloud-based security center for network security forensic analysis. We propose using cloud storage to keep collected traffic data and then processing it with cloud computing platforms to find the malicious attacks. As a practical example, phishing attack forensic analysis is presented and the required computing and storage resources are evaluated based on real trace data. The cloud- based security center can instruct each collaborative UTM and prober to collect events and raw traffic, send them back for deep analysis, and generate new security rules. These new security rules are enforced by collaborative UTM and the feedback events of such rules are returned to the security center. By this type of close-loop control, the collaborative network security management system can identify and address new distributed attacks more quickly and effectively.展开更多
基金Sponsored by the National Social Science Found of China(Grant No.13CFX054)the Project of Humanities and Social Science of Chinese Ministry of Education(Grant No.11YJCZH175)
文摘Cloud computing is becoming the developing trend in the information field.It causes many transforms in the related fields.In order to adapt such changes,computer forensics is bound to improve and integrate into the new environment.This paper stands on this point,suggests a computer forensic service framework which is based on security architecture of cloud computing and requirements needed by cloud computing environment.The framework introduces honey farm technique,and pays more attention on active forensics,which can improve case handling efficiency and reduce the cost.
文摘Computer forensics is the science of obtaining,preserving,and documenting evidence from computers,mobile devices as well as other digital electronic storage devices.All must be done in a manner designed to preserve the probative value of the evidence and to assure its admissibility in a legal proceeding.However,computer forensics is continually evolving as existing technologies progress and new technologies are introduced.For example,digital investigators are required to investigate content on mobile device or data stored at the cloud servers.With the popularity of computers in everyday life as well as the acceleration of cybercrime rates in recent years,computer forensics is becoming an essential element of modern IT security.This paper will cover the development of computer forensics in law enforcement and discuss the development in the latest live forensics skillsets.A number of interested areas of computer forensics will be also highlighted to explain how it can support IT security and civil / criminal investigation.
文摘Cloud computing is an emerging technology that is being widely adopted throughout the world due to its ease-of-use. Organizations of all types can use it without pre-requisites such as IT infra-structure, technical skills, managerial overload, storage capacity, processing power, and data recovery or privacy setup. It can be availed by all clients as per their needs, expectations and budget. However, cloud computing introduces new kinds of security vulnerabilities that need to be ad-dressed. Traditional “Computer Forensics” deals with detection, preemption and prevention of IT triggered frauds and crimes but it lacks the ability to deal with cybercrimes pertaining to cloud computing environment. In this paper, we focus on forensics issues in cloud computing, assess limitations of forensic team and present the obstacles faced during investigation.
基金Sponsored by the National Natural Science Foundation of China (Grant No.61303199)Natural Science Foundation of Shandong Province (Grant No.ZR2013FQ001 and ZR2011FQ030)+1 种基金Outstanding Research Award Fund for Young Scientists of Shandong Province (Grant No.BS2013DX010)Academy of Sciences Youth Fund Project of Shandong Province (Grant No.2013QN007)
文摘Memory analysis is one of the key techniques in computer live forensics. Especially,the analysis of a Mac OS X operating system's memory image file plays an important role in identifying the running status of an apple computer. However,how to analyze the image file without using extra"mach-kernel"file is one of the unsolved difficulties. In this paper,we firstly compare several approaches for physical memory acquisition and analyze the effects of each approach on physical memory. Then,we discuss the traditional methods for the physical memory file analysis of Mac OS X. A novel physical memory image file analysis approach without using extra"mach-kernel"file is proposed base on the discussion. We verify the performance of the new approach on Mac OS X 10. 8. 2. The experimental results show that the proposed approach is simpler and more practical than previous ones.
基金supported by the National Key Basic Research and Development (973) Program of China(Nos.2011CB302805,2011CB302505,2012CB315801,and2013CB228206)the National Natural Science Foundation of China(No.61233016)supported by Intel Research Councils UPO program with the title of Security Vulnerability Analysis Based on Cloud Platform
文摘Internet security problems remain a major challenge with many security concerns such as Internet worms, spam, and phishing attacks. Botnets, well-organized distributed network attacks, consist of a large number of bots that generate huge volumes of spam or launch Distributed Denial of Service (DDoS) attacks on victim hosts. New emerging botnet attacks degrade the status of Internet security further. To address these problems, a practical collaborative network security management system is proposed with an effective collaborative Unified Threat Management (UTM) and traffic probers. A distributed security overlay network with a centralized security center leverages a peer-to-peer communication protocol used in the UTMs collaborative module and connects them virtually to exchange network events and security rules. Security functions for the UTM are retrofitted to share security rules. In this paper, we propose a design and implementation of a cloud-based security center for network security forensic analysis. We propose using cloud storage to keep collected traffic data and then processing it with cloud computing platforms to find the malicious attacks. As a practical example, phishing attack forensic analysis is presented and the required computing and storage resources are evaluated based on real trace data. The cloud- based security center can instruct each collaborative UTM and prober to collect events and raw traffic, send them back for deep analysis, and generate new security rules. These new security rules are enforced by collaborative UTM and the feedback events of such rules are returned to the security center. By this type of close-loop control, the collaborative network security management system can identify and address new distributed attacks more quickly and effectively.