Da-Yu Kao

Internet forensics on the basis of evidence gathering with Peep attacks

The Peep attack is a variant application of a Botnet. This paper proposes a forensic procedure to analyze the attack behavior and explains how to carry out a computer crime investigation. We also discuss the well-known Botnets engaged in the execution of a Peep attack. In our paper, we describe a Peep attack on the Internet as the paradigm of how a cyber-investigator needs to act in the case of a Cybercrime. When cyber detectives prepare to investigate a break in cyber security, there are some issues they must keep in mind and face up to. It is crucial to swiftly preserve digital evidence and conduct forensic analysis that any useful evidence is seized soon after the cybercrime has been committed. Furthermore, there are two phases of digital forensic analysis to retrieve useful evidence when facing a cybercrime attack in our scheme. One phase observes the Internet attack action, and the other one introduces how to investigate each case in on-line analysis of sniffing packets and off-line examination of abnormal files. We believe that this analysis model is workable for any other form of Botnets presently being used.

The IP address and time in cyber‐crime investigation

Purpose – Cyber technology is an extremely complicated field and the internet is being increasingly used as a place to commit crimes using personal computers, as well as network‐based computers. Although cyber investigation is still in the early stages of its development, the burgeoning use of the internet has increased the necessity for digital investigations. The purpose of this paper is to increase awareness of the latest in digital comparison for cyber‐crime investigation with the studies of IP‐address and time in computer systems.Design/methodology/approach – The approach to improving a cyber‐crime investigation is proposed in three stages: independent verification of digital clues, corresponding information from different sources, and preparation of a valid argument.Findings – If the police and other authorities do not stay on top of this problem, they may lose the battle to control this cyber‐crime explosion. The paper discusses how Taiwanese police investigate cyber‐crime and the experience is abl...

Privacy Concealments: Detective Strategies Unveiling Cyberstalking on Internet

Cyber world is developing with substantial advancement to enter into glorious future, but cybercrime has always been a disaster to this dream. Recent advancement in internet technologies has lead stalking to become cyber. Cyberstalking offenses have become diversified and technological advance. It creates social and mental disorders among victims. In order to improve the privacy of internet users against cyberstalking, a novel examination of action research is evaluated from a former event. With the guidance of this case study, we can discriminate normal social networking friends from the possible offenders. The initial results show that our approach is highly helpful. Curbing cyberstalking is a baffling task because of its newness and technological furtherance. It is believed that this study will clarify the obscure technological and social aspects of cyberstalking. In this paper, the proposed solutions can prohibit users from the risk of getting hurts, facilitate to cut down its roots and remove its foundation.

Procedure guidance for Internet forensics coping with copyright arguments of client-server-based P2P models

Digital technology for transferring and controlling data has made substantial advances in recent years. It is important to protect innovations and to curb the copyright infringements in computer-based systems. Copyright is a legal framework of basic rights, allowing the owner to control or permit someone else to reproduce copyrighted works with commercial value. In recent decades, copyright violations have been moving into the criminal realm. This paper focuses on the procedure guidance of a fictitious P2P model, and discusses whether it contributes to the crime of copyright infringement in dealing with the distribution of digital content. From the perspective of internet forensics, the action research and the whole control mechanism, it is shown that a commercial server has full control over the P2P model.

A Case-Oriented Model of Digital Forensics on Infected Zombie Computers

As everything has its pros and cons, so does the technology enhancement. The advent in internet technology has witnessed a steep rise in infected zombie computers. Those computers can be used to conduct cyber attack, which refers to the orchestrated flooding of target websites by armies of malicious programs. This paper discusses the digital forensic processing of a zombie computer from three challenges: Little Time, Actionable Intelligence and Examination Tools. The case study shows that the proposed procedure of case-oriented model is efficient in figuring out the criminal behind cyber attack. The initial results show that the action research cycle approach is helpful in the clarifying cyber-crime abuse from digital forensics viewpoints.

Dataset Analysis of Proxy Logs Detecting to Curb Propagations in Network Attacks

The exponential growth of Internet has brought a monolithic change in the level of malicious attacks, leading to the emergence proxy servers, which indeed have proven to apotheosis hiding place for the Internet intruders. The collected logs of these proxy servers contain portentous information, and its dissection can help in analyzing the deviation of abnormal activities form the normal ones. How to figure out their network of networks, identify possible offenders, and strike the heartland of their safe haven has become an upcoming challenge for universal law enforcement agents. This paper considers exactly what kind of elements should be explored once an offensive behavior has been noticed in proxy logs. It scrutinizes (i) the Time Stamp gap of sequential records (ii) the parameters of digital action (iii) the appearance of special parameters (iv) the patterns in the log files.

Differentiating the Investigation Response Process of Cyber Security Incident for LEAs

The number of cybercrime involving digital evidence will continue to increase as Internet become more intertwined in society. As criminals deny committing crime, Law Enforcement Agencies (LEAs) are hindered by the limited processing capabilities of human analysis. This paper presents a practical digital forensics framework of exploring ISO/IEC 27043: 2015 activities to lessen the caseload burden. It provides a suggestion for applying the Helix3 function to meet the need of incident investigation processes at scene or lab. While live investigative response at scene puts emphasis on finding actionable intelligence immediately, dead forensic analysis at lab pays great attention to reconstructing the case and conducting cross–examination to find the truth. Both are critical in the investigation response of cyber security incident.

The Cyberbullying Assessment of Capable Guardianship in Routine Activity Theory

Cyber world is undergoing constant and boundless development when cybercrime has always hindered its progress. The advantages of digitalization has inevitably enabled crime to expand its unhindered impact by physical limitations. As the Internet becomes accessible, cyberbullying inflicts social and mental wounds upon the victims. As the presence of cyberbullying becomes more prominent, awareness must be raised among Internet users of its insidious nature. If an individual is exposed to a criminally infested environment in his everyday lifestyle, there is a high possibility for him/her to conform to criminal behaviors and activities. Implications for Routine Activity Theory (RAT) are discussed in Taiwan cyberbullying incident. It is believed that the proposed capable guardianship strategy can protect Internet users from being victimized by cyberbullying, facilitate to cut down its circuit, and fight against it.

Protecting individuals from the suitable target of cyberbullying

The growth of digital technology has radically surged into the virtual life of general individuals. Enormous opportunities have brought to Internet users to exchange ideas, interact with people, and participate in the development of virtual societies. Cyberbullying is one of the great serious incidents on Facebook where become havens for perpetrators to victimize girls or women. In order to remind the online users of cyberbullying threats, this paper aims to observe it from the viewpoint of Lifestyle Exposure Theory (LET). The cyberbullying case was explored from an incident in Taiwan. A protective strategy is proposed to prohibit Internet users from the risk of cyberbullying victimization.

Exploring the cybercrime investigation framework of ATM Heist from ISO/IEC 27043:2015

Cybercriminals increasingly use sophisticated tools and advanced methods to attack bank systems. This study intends to highlight the cybercrime investigation of ATM heist in Taiwan. A cybercrime investigation framework of bank ATM heist from ISO/IEC 27043:2015 processes class is proposed to address the issue and to help investigators explore the truth. It describes a prototype framework that is current under development, and demonstrates how ISO/IEC 27043:2015 processes class can provide investigators with great abilities to interpret data generated by cyber forensics tools.