With the development of Internet and information technology, the digital crimes are also on the rise. Computer forensics is an emerging research area that applies computer investigation and analysis techniques to help...With the development of Internet and information technology, the digital crimes are also on the rise. Computer forensics is an emerging research area that applies computer investigation and analysis techniques to help detection of these crimes and gathering of digital evidence suitable for presentation in courts. This paper provides foundational concept of computer forensics, outlines various principles of computer forensics, discusses the model of computer forensics and presents a proposed model.展开更多
In case handling, electronic evidence becomes more and more popular. In order to reduce the burden of judges' task to determine the integrity of chain of custody, even no technique experts on the spot, this paper sug...In case handling, electronic evidence becomes more and more popular. In order to reduce the burden of judges' task to determine the integrity of chain of custody, even no technique experts on the spot, this paper suggests a solution to solve this kind of problem.展开更多
Cloud computing is becoming the developing trend in the information field.It causes many transforms in the related fields.In order to adapt such changes,computer forensics is bound to improve and integrate into the ne...Cloud computing is becoming the developing trend in the information field.It causes many transforms in the related fields.In order to adapt such changes,computer forensics is bound to improve and integrate into the new environment.This paper stands on this point,suggests a computer forensic service framework which is based on security architecture of cloud computing and requirements needed by cloud computing environment.The framework introduces honey farm technique,and pays more attention on active forensics,which can improve case handling efficiency and reduce the cost.展开更多
Computer forensics is the science of obtaining,preserving,and documenting evidence from computers,mobile devices as well as other digital electronic storage devices.All must be done in a manner designed to preserve th...Computer forensics is the science of obtaining,preserving,and documenting evidence from computers,mobile devices as well as other digital electronic storage devices.All must be done in a manner designed to preserve the probative value of the evidence and to assure its admissibility in a legal proceeding.However,computer forensics is continually evolving as existing technologies progress and new technologies are introduced.For example,digital investigators are required to investigate content on mobile device or data stored at the cloud servers.With the popularity of computers in everyday life as well as the acceleration of cybercrime rates in recent years,computer forensics is becoming an essential element of modern IT security.This paper will cover the development of computer forensics in law enforcement and discuss the development in the latest live forensics skillsets.A number of interested areas of computer forensics will be also highlighted to explain how it can support IT security and civil / criminal investigation.展开更多
Verifying the integrity of a hard disk is an important concern in computer forensics,as the law enforcement party needs to confirm that the data inside the hard disk have not been modified during the investigation.A t...Verifying the integrity of a hard disk is an important concern in computer forensics,as the law enforcement party needs to confirm that the data inside the hard disk have not been modified during the investigation.A typical approach is to compute a single chained hash value of all sectors in a specific order.However,this technique loses the integrity of all other sectors even if only one of the sectors becomes a bad sector occasionally or is modified intentionally.In this paper we propose a k-dimensional hashing scheme,kD for short,to distribute sectors into a kD space,and to calculate multiple hash values for sectors in k dimensions as integrity evidence.Since the integrity of the sectors can be verified depending on any hash value calculated using the sectors,the probability to verify the integrity of unchanged sectors can be high even with bad/modified sectors in the hard disk.We show how to efficiently implement this kD hashing scheme such that the storage of hash values can be reduced while increasing the chance of an unaffected sector to be verified successfully.Experimental results of a 3D scheme show that both the time for computing the hash values and the storage for the hash values are reasonable.展开更多
Cloud computing is an emerging technology that is being widely adopted throughout the world due to its ease-of-use. Organizations of all types can use it without pre-requisites such as IT infra-structure, technical sk...Cloud computing is an emerging technology that is being widely adopted throughout the world due to its ease-of-use. Organizations of all types can use it without pre-requisites such as IT infra-structure, technical skills, managerial overload, storage capacity, processing power, and data recovery or privacy setup. It can be availed by all clients as per their needs, expectations and budget. However, cloud computing introduces new kinds of security vulnerabilities that need to be ad-dressed. Traditional “Computer Forensics” deals with detection, preemption and prevention of IT triggered frauds and crimes but it lacks the ability to deal with cybercrimes pertaining to cloud computing environment. In this paper, we focus on forensics issues in cloud computing, assess limitations of forensic team and present the obstacles faced during investigation.展开更多
Memory analysis gains a weight in the area of computer live forensics.How to get network connection information is one of the challenges in memory analysis and plays an important role in identifying sources of malicio...Memory analysis gains a weight in the area of computer live forensics.How to get network connection information is one of the challenges in memory analysis and plays an important role in identifying sources of malicious cyber attack. It is more difficult to fred the drivers and get network connections information from a 64-bit windows 7 memory image file than from a 32-bit operating system memory image f'de. In this paper, an approach to fred drivers and get network connection information from 64-bit windows 7 memory images is given. The method is verified on 64-bit windows 7 version 6.1.7600 and proved reliable and efficient.展开更多
This paper addresses the issue of face and lip tracking via chromatic detector, CCL algorithm and canny edge detector. It aims to track face and lip region from static color images including frames read from videos, w...This paper addresses the issue of face and lip tracking via chromatic detector, CCL algorithm and canny edge detector. It aims to track face and lip region from static color images including frames read from videos, which is exPected to be an important part of the robust and reliable person identification in the field of computer forensics. We use the M2VTS face database and pictures took from my colleagues as the test resource. This project is based on the concept of image processing and computer version.展开更多
Memory analysis is one of the key techniques in computer live forensics. Especially,the analysis of a Mac OS X operating system's memory image file plays an important role in identifying the running status of an a...Memory analysis is one of the key techniques in computer live forensics. Especially,the analysis of a Mac OS X operating system's memory image file plays an important role in identifying the running status of an apple computer. However,how to analyze the image file without using extra"mach-kernel"file is one of the unsolved difficulties. In this paper,we firstly compare several approaches for physical memory acquisition and analyze the effects of each approach on physical memory. Then,we discuss the traditional methods for the physical memory file analysis of Mac OS X. A novel physical memory image file analysis approach without using extra"mach-kernel"file is proposed base on the discussion. We verify the performance of the new approach on Mac OS X 10. 8. 2. The experimental results show that the proposed approach is simpler and more practical than previous ones.展开更多
Internet security problems remain a major challenge with many security concerns such as Internet worms, spam, and phishing attacks. Botnets, well-organized distributed network attacks, consist of a large number of bot...Internet security problems remain a major challenge with many security concerns such as Internet worms, spam, and phishing attacks. Botnets, well-organized distributed network attacks, consist of a large number of bots that generate huge volumes of spam or launch Distributed Denial of Service (DDoS) attacks on victim hosts. New emerging botnet attacks degrade the status of Internet security further. To address these problems, a practical collaborative network security management system is proposed with an effective collaborative Unified Threat Management (UTM) and traffic probers. A distributed security overlay network with a centralized security center leverages a peer-to-peer communication protocol used in the UTMs collaborative module and connects them virtually to exchange network events and security rules. Security functions for the UTM are retrofitted to share security rules. In this paper, we propose a design and implementation of a cloud-based security center for network security forensic analysis. We propose using cloud storage to keep collected traffic data and then processing it with cloud computing platforms to find the malicious attacks. As a practical example, phishing attack forensic analysis is presented and the required computing and storage resources are evaluated based on real trace data. The cloud- based security center can instruct each collaborative UTM and prober to collect events and raw traffic, send them back for deep analysis, and generate new security rules. These new security rules are enforced by collaborative UTM and the feedback events of such rules are returned to the security center. By this type of close-loop control, the collaborative network security management system can identify and address new distributed attacks more quickly and effectively.展开更多
文摘With the development of Internet and information technology, the digital crimes are also on the rise. Computer forensics is an emerging research area that applies computer investigation and analysis techniques to help detection of these crimes and gathering of digital evidence suitable for presentation in courts. This paper provides foundational concept of computer forensics, outlines various principles of computer forensics, discusses the model of computer forensics and presents a proposed model.
文摘In case handling, electronic evidence becomes more and more popular. In order to reduce the burden of judges' task to determine the integrity of chain of custody, even no technique experts on the spot, this paper suggests a solution to solve this kind of problem.
基金Sponsored by the National Social Science Found of China(Grant No.13CFX054)the Project of Humanities and Social Science of Chinese Ministry of Education(Grant No.11YJCZH175)
文摘Cloud computing is becoming the developing trend in the information field.It causes many transforms in the related fields.In order to adapt such changes,computer forensics is bound to improve and integrate into the new environment.This paper stands on this point,suggests a computer forensic service framework which is based on security architecture of cloud computing and requirements needed by cloud computing environment.The framework introduces honey farm technique,and pays more attention on active forensics,which can improve case handling efficiency and reduce the cost.
文摘Computer forensics is the science of obtaining,preserving,and documenting evidence from computers,mobile devices as well as other digital electronic storage devices.All must be done in a manner designed to preserve the probative value of the evidence and to assure its admissibility in a legal proceeding.However,computer forensics is continually evolving as existing technologies progress and new technologies are introduced.For example,digital investigators are required to investigate content on mobile device or data stored at the cloud servers.With the popularity of computers in everyday life as well as the acceleration of cybercrime rates in recent years,computer forensics is becoming an essential element of modern IT security.This paper will cover the development of computer forensics in law enforcement and discuss the development in the latest live forensics skillsets.A number of interested areas of computer forensics will be also highlighted to explain how it can support IT security and civil / criminal investigation.
基金Project supported by the Research Grants Council of Hong Kong SAR,China (No. RGC GRF HKU 713009E)the NSFC/RGC Joint Research Scheme (No. N_HKU 722/09)HKU Seed Fundings for Basic Research (Nos. 200811159155 and 200911159149)
文摘Verifying the integrity of a hard disk is an important concern in computer forensics,as the law enforcement party needs to confirm that the data inside the hard disk have not been modified during the investigation.A typical approach is to compute a single chained hash value of all sectors in a specific order.However,this technique loses the integrity of all other sectors even if only one of the sectors becomes a bad sector occasionally or is modified intentionally.In this paper we propose a k-dimensional hashing scheme,kD for short,to distribute sectors into a kD space,and to calculate multiple hash values for sectors in k dimensions as integrity evidence.Since the integrity of the sectors can be verified depending on any hash value calculated using the sectors,the probability to verify the integrity of unchanged sectors can be high even with bad/modified sectors in the hard disk.We show how to efficiently implement this kD hashing scheme such that the storage of hash values can be reduced while increasing the chance of an unaffected sector to be verified successfully.Experimental results of a 3D scheme show that both the time for computing the hash values and the storage for the hash values are reasonable.
文摘Cloud computing is an emerging technology that is being widely adopted throughout the world due to its ease-of-use. Organizations of all types can use it without pre-requisites such as IT infra-structure, technical skills, managerial overload, storage capacity, processing power, and data recovery or privacy setup. It can be availed by all clients as per their needs, expectations and budget. However, cloud computing introduces new kinds of security vulnerabilities that need to be ad-dressed. Traditional “Computer Forensics” deals with detection, preemption and prevention of IT triggered frauds and crimes but it lacks the ability to deal with cybercrimes pertaining to cloud computing environment. In this paper, we focus on forensics issues in cloud computing, assess limitations of forensic team and present the obstacles faced during investigation.
基金This work is supported by the National Natural Science Foundation of China(61070163) and Shandong Natural Science Foundation (Y2008G35).
文摘Memory analysis gains a weight in the area of computer live forensics.How to get network connection information is one of the challenges in memory analysis and plays an important role in identifying sources of malicious cyber attack. It is more difficult to fred the drivers and get network connections information from a 64-bit windows 7 memory image file than from a 32-bit operating system memory image f'de. In this paper, an approach to fred drivers and get network connection information from 64-bit windows 7 memory images is given. The method is verified on 64-bit windows 7 version 6.1.7600 and proved reliable and efficient.
文摘This paper addresses the issue of face and lip tracking via chromatic detector, CCL algorithm and canny edge detector. It aims to track face and lip region from static color images including frames read from videos, which is exPected to be an important part of the robust and reliable person identification in the field of computer forensics. We use the M2VTS face database and pictures took from my colleagues as the test resource. This project is based on the concept of image processing and computer version.
基金Sponsored by the National Natural Science Foundation of China (Grant No.61303199)Natural Science Foundation of Shandong Province (Grant No.ZR2013FQ001 and ZR2011FQ030)+1 种基金Outstanding Research Award Fund for Young Scientists of Shandong Province (Grant No.BS2013DX010)Academy of Sciences Youth Fund Project of Shandong Province (Grant No.2013QN007)
文摘Memory analysis is one of the key techniques in computer live forensics. Especially,the analysis of a Mac OS X operating system's memory image file plays an important role in identifying the running status of an apple computer. However,how to analyze the image file without using extra"mach-kernel"file is one of the unsolved difficulties. In this paper,we firstly compare several approaches for physical memory acquisition and analyze the effects of each approach on physical memory. Then,we discuss the traditional methods for the physical memory file analysis of Mac OS X. A novel physical memory image file analysis approach without using extra"mach-kernel"file is proposed base on the discussion. We verify the performance of the new approach on Mac OS X 10. 8. 2. The experimental results show that the proposed approach is simpler and more practical than previous ones.
基金supported by the National Key Basic Research and Development (973) Program of China(Nos.2011CB302805,2011CB302505,2012CB315801,and2013CB228206)the National Natural Science Foundation of China(No.61233016)supported by Intel Research Councils UPO program with the title of Security Vulnerability Analysis Based on Cloud Platform
文摘Internet security problems remain a major challenge with many security concerns such as Internet worms, spam, and phishing attacks. Botnets, well-organized distributed network attacks, consist of a large number of bots that generate huge volumes of spam or launch Distributed Denial of Service (DDoS) attacks on victim hosts. New emerging botnet attacks degrade the status of Internet security further. To address these problems, a practical collaborative network security management system is proposed with an effective collaborative Unified Threat Management (UTM) and traffic probers. A distributed security overlay network with a centralized security center leverages a peer-to-peer communication protocol used in the UTMs collaborative module and connects them virtually to exchange network events and security rules. Security functions for the UTM are retrofitted to share security rules. In this paper, we propose a design and implementation of a cloud-based security center for network security forensic analysis. We propose using cloud storage to keep collected traffic data and then processing it with cloud computing platforms to find the malicious attacks. As a practical example, phishing attack forensic analysis is presented and the required computing and storage resources are evaluated based on real trace data. The cloud- based security center can instruct each collaborative UTM and prober to collect events and raw traffic, send them back for deep analysis, and generate new security rules. These new security rules are enforced by collaborative UTM and the feedback events of such rules are returned to the security center. By this type of close-loop control, the collaborative network security management system can identify and address new distributed attacks more quickly and effectively.
