Konstantinos Xynos

Presenting DEViSE: Data Exchange for Visualizing Security Events

Discusses DEViSE, a fully customizable system that provides a framework for developing a richer, fuller picture of network traffic. This not only helps locate past, present, and ongoing security attacks but also graphically identifies areas where organizations can implement stricter policies to lower the risk of data loss.

An empirical methodology derived from the analysis of information remaining on second hand hard disks

In this paper we present the findings of an analysis of approximately 260 second hand disks that was conducted in 2006. A third party organisation bought the disks from the second hand market providing a degree of anonymity. This paper will demonstrate the quantitative outcomes of the analysis and the overall experiences. It will look at how analysts can expand their tools and techniques in order to achieve faster results, how one can organise the analysis based on the way information is found and finally a holistic picture of the case should be generated following the proposed methodology.

Online ID theft techniques, investigation and response

ID theft, especially in its online form, is currently one of the most prevalent types of computer crime. The limited end-user awareness as well as the retention and business processing of large amounts of personal data in a manner that does not meet security and regulatory requirements provide plenty of opportunities to fraudsters. A number of organisations have produced guidelines of good practice targeted to individuals and organisations; however the matter is still on the rise. In this paper, we review computer-based techniques employed by fraudsters in order to steal IDs and refer to published guidelines and the documented good practice against those. We discuss the issues related to the investigation of such incidents and provide the grounds for the development of a framework to assist in their forensic examination.

A Forensic Methodology for Analyzing Nintendo 3DS Devices

Handheld video game consoles have evolved much like their desktop counterparts over the years. The most recent eighth generation of game consoles are now defined not by their ability to interact online using a web browser, but by the social media facilities they now provide. This chapter describes a forensic methodology for analyzing Nintendo 3DS handheld video game consoles, demonstrating their potential for misuse and highlighting areas where evidence may reside. Empirical research has led to the formulation of a detailed methodology that can assist forensic examiners in maximizing evidence extraction while minimizing, if not preventing, the destruction of information.

Locking Out the Investigator: The Need to Circumvent Security in Embedded Systems

ABSTRACT Embedded devices are becoming ubiquitous in both domestic and commercial environments. Although smartphones, tablets, and video game consoles are all labeled by their primary function, most of these devices offer additional features and are capable of additional interactivity. Given the proprietary nature of such devices in terms of hardware and software and the protection mechanisms incorporated into these systems, it is and will continue to be extremely difficult to use “traditional digital forensics” methodologies to access storage media and acquire data for analysis. This paper examines how consumer law may be stifling research that the forensic community could ultimately depend upon to examine devices.

On the Development of Automated Forensic Analysis Methods for Mobile Devices

We live in a connected world where mobile devices are used by humans as valuable tools. The use of mobile devices leaves traces that can be treasured assets for a forensic analyst. Our aim is to investigate methods and exercise techniques that will merge all these valuable information in a way that will be efficient for a forensic analyst, producing graphical representations of the underlying data structures. We are using a framework able to collect and merge data from various sources and employ algorithms from a wide range of interdisciplinary areas to automate post-incident forensic analysis on mobile devices.

Welcome pwn: Almond smart home hub forensics

Abstract Many home interactive sensors and networked devices are being branded as “Internet of Things” or IoT devices. Such disparate gadgets often have little in common other than that they all communicate using similar protocols. The emergence of devices known as “smart home hubs” allow for such hardware to be controlled by non-technical users providing inexpensive home security and other home automation functions. To the cyber analyst, these smart environments can be a boon to digital forensics; information such as interactions with the devices, sensors registering motion, temperature or moisture levels in different rooms, all tend to be collected in one central location rather than separate ones. This paper presents the research work conducted on one such smart home hub environment, the Securifi Almond+, and provides guidance for forensic data acquisition and analysis of artefacts pertaining to user interaction across the hub, the iPhone/Android companion applications and the local & cloud-based web interfaces.

The Impact of Changing Technology on International Cybersecurity Curricula

Cyber Security degree programs vary in scope; from those that are constructed around traditional computer science degrees with some additional security content, to those that are strongly focused on the need to develop a dedicated cyber security professional. The latter programs typically include a grounding in computer science concepts such as programming, operating systems and networks to specialised security content covering such disparate areas as digital forensics, information assurance, penetration testing and cryptography. The cyber security discipline as a whole faces new challenges as technology continues to evolve, and therefore significant changes are being faced by educators trying to incorporate the latest technological concepts into courses. This presents cybersecurity educators with a number of related challenges to ensure that changes to degree programs reflect not only the educational needs of students, but of the needs of industry and government. The evolving use of technology therefore presents both opportunities and problems, in how these changes are demonstrated in the curriculum. This paper highlights the accreditation, standards and guidelines (from three of the countries where the authors of this paper have sought accreditation) that shape the way educators are encouraged to develop and structure degree courses and considers these in lieu of factors relating to incorporating new technology in cybersecurity curriculum, particularly in the presentation of technical exercises to students.

An Extensible Platform for the Forensic Analysis of Social Media Data

Visualising data is an important part of the forensic analysis process. Many cell phone forensic tools have specialised visualisation components, but are as of yet able to tackle questions concerning the broad spectrum of social media communication sources. Visualisation tools tend to be stove-piped, it is difficult to take information seen in one visualisation tool and obtain a different perspective in another tool. If an interesting relationship is observed, needing to be explored in more depth, the process has to be reiterated by manually generating a subset of the data, converting it into the correct format, and invoking the new application. This paper describes a cloud-based data storage architecture and a set of interactive visualisation tools developed to allow for a more straightforward exploratory analysis. This approach developed in this tool suite is demonstrated using a case study consisting of social media data extracted from two mobile devices.

The Geneva Conventions and Cyber-Warfare: A Technical Approach

Considerable scholarly effort has been invested in interpreting the existing international legal instruments and diplomatic conventions that apply to kinetic warfare in relation to the field of cyber-warfare. The Tallinn Manual and other documents argue that current humanitarian laws are applicable in cyber-conflict. This includes the concept that particular religious and medical entities should be granted special, protected status along with sites of cultural and religious significance and those containing ‘dangerous forces’. In a kinetic-warfare environment, these sites and non-combatants are identifiable by the use of international symbols such as the Red Cross, Red Crystal and Red Crescent emblems, or other specific signs. Here, Sutherland, Xynos, Jones and Blyth suggest that a simple digital marker could ensure that systems and traffic can be identified as protected in cyber-conflict under the Geneva Conventions.