Mohd Taufik Abdullah

VoIP evidence model: A new forensic method for investigating VoIP malicious attacks

Although the invention of Voice over Internet Protocol (VoIP) in communication technology created significant attractive services for its users, it also brings new security threats. Criminals exploit these security threats to perform illegal activities such as VoIP malicious attacks, this will require digital forensic investigators to detect and provide digital evidence. Finding digital evidence in VoIP malicious attacks is the most difficult task, due to its associated features with converged network. In this paper, a Model of investigating VoIP malicious attacks is proposed for forensic analysis. The model formalizes hypotheses through information gathering and adopt a Secure Temporal Logic of Action(S-TLA+) in the process of reconstructing potential attack scenario. Through this processes, investigators can uncover unknown attack scenario executed in the process of attack. Subsequently, it is expected that the findings of this paper will provide clear description of attacks as well as generation of more specified evidences.

Advances of mobile forensic procedures in Firefox OS

The advancement of smartphone technology has attracted many companies in developing mobile operating system (OS). Mozilla Corporation recently released Linux-based open source mobile OS, named Firefox OS. The emergence of Firefox OS has created new challenges, concentrations and opportunities for digital investigators. In general, Firefox OS is designed to allow smartphones to communicate directly with HTML5 applications using JavaScript and newly introduced WebAPI. However, the used of JavaScript in HTML5 applications and solely no OS restriction might lead to security issues and potential exploits. Therefore, forensic analysis for Firefox OS is urgently needed in order to investigate any criminal intentions. This paper will present an overview and methodology of mobile forensic procedures in forensically sound manner for Firefox OS.

Mobile forensic data acquisition in Firefox OS

Mozilla Corporation has recently released a Linux-based open source operating system, namely Firefox OS. The arrival of this Firefox OS has created new challenges, concentrations and opportunities for digital investigators. Currently, Firefox OS is still not fully supported by most of the existing mobile forensic tools. Even when the phone is detected as Android, only pictures from removable card was able to be captured. Furthermore, the internal data acquisition is still not working. Therefore, there are very huge opportunities to explore the Firefox OS on every stages of mobile forensic procedures. This paper will present an approach for mobile forensic data acquisition in a forensically sound manner from a Firefox OS running device. This approach will largely use the UNIX dd command to create a forensic image from the Firefox OS running device.

A Review of Bring Your Own Device on Security Issues

Mobile computing has supplanted internet computing because of the proliferation of cloud-based applications and mobile devices (such as smartphones, palmtops, and tablets). As a result of this, workers bring their mobile devices to the workplace and use them for enterprise work. The policy of allowing the employees to work with their own personal mobile devices is called Bring Your Own Devices (BYOD). In this article, we discuss BYOD’s background, prevalence, benefits, challenges, and possible security attacks. We then review contributions of academic researchers on BYOD. The Universiti Putra Malaysia online databases (such as IEEE Xplore digital library, Elsevier, Springer, ACM digital library) were used to search for peer-reviewed academic publications and other relevant publications on BYOD. The Google Scholar search engine was also used. Our thorough review shows that security issues comprise the most significant challenge confronting BYOD policy and that very little has been done to tackle this security challenge. It is our hope that this review will provide a theoretical background for future research and enable researchers to identify researchable areas of BYOD.

An approach for forensic investigation in Firefox OS

The advancement of smartphone technology has attracted many companies in developing mobile operating system. Mozilla Corporation recently released Linux-based open source operating system, named Firefox OS. The emergence of Firefox OS has created new challenges, concentrations and opportunities for digital investigators. In general, Firefox OS is designed to allow smartphones to communicate directly with HTML5 applications using JavaScript and newly introduced WebAPI. However, the used of JavaScript in HTML5 applications and solely no OS restriction might lead to security issues and potential exploits. Therefore, forensic analysis for Firefox OS is urgently needed in order to investigate any criminal intentions. This paper will present an approach and methodology in forensically sound manner for Firefox OS.

Greening Cloud-Enabled Big Data Storage Forensics: Syncany as a Case Study

The pervasive nature of cloud-enabled big data storage solutions introduces new challenges in the identification, collection, analysis, preservation, and archiving of digital evidences. Investigation of such complex platforms to locate and recover traces of criminal activities is a time-consuming process. Hence, cyber forensics researchers are moving towards streamlining the investigation process by locating and documenting residual artefacts (evidences) of forensic value of users’ activities on cloud-enabled big data platforms in order to reduce the investigation time and resources involved in a real-world investigation. In this paper, we seek to determine the data remnants of forensic value from Syncany private cloud storage service, a popular storage engine for big data platforms. We demonstrate the types and the locations of the artifacts that can be forensically recovered. Findings from this research contribute to an in-depth understanding of cloud-enabled big data storage forensics, which can result in reduced time and resources spent in real-world investigations involving Syncany-based cloud platforms.

An overview of attacks against digital watermarking and their respective countermeasures

The increased and widespread usage of digital multimedia has aroused great concerns regarding issues such as copyright protection, copy control and proof of ownership. Digital watermarking serves as a solution to these kinds of problems; however, digital watermarking techniques have demonstrated to possess vulnerabilities. Thus opening avenues for malicious attackers to abuse these security breaches. Therefore, maintaining the security of digital watermarked media i.e. text, image, audio and video has received considerable attention. This paper has conducted a comprehensive research with special emphasis on the classification of malicious attacks against digital watermarking. Subsequently, it reviews the current countermeasures available to mitigate the intentional attacks. In addition, it procures a foundation for the evaluation of various watermarking algorithms.

Packet Header Anomaly Detection Using Statistical Analysis

The disclosure of network packets to recurrent cyber intrusion has upraised the essential for modelling various statistical-based anomaly detection methods lately. Theoretically, the statistical-based anomaly detection method fascinates researcher’s attentiveness, but technologically, the fewer intrusion detection rates persist as vulnerable disputes. Thus, a Host-based Packet Header Anomaly Detection (HbPHAD) model that is proficient in pinpoint suspicious packet header behaviour based on statistical analysis is proposed in this paper. We perform scoring mechanism using Relative Percentage Ratio (RPR) in scheming normal scores, desegregate Linear Regression Analysis (LRA) to distinguish the degree of packets behaviour (i.e. fit to be suspicious or not suspicious) and Cohen’s-d (effect size) dimension to pre-define the finest threshold. HbPHAD is an effectual resolution for statistical-based anomaly detection method in pinpoint suspicious behaviour precisely. The experiment validate that HbPHAD is effectively in correctly detecting suspicious packet at above 90% as an intrusion detection rate for both ISCX 2012 and is capable to detect 40 attack types from DARPA 1999 benchmark dataset.

A survey of anomaly detection using data mining methods for hypertext transfer protocol web services

In contrast to traditional Intrusion Detection Systems (IDSs), data mining anomaly detection methods/techniques has been widely used in the domain of network traffic data for intrusion detection and cyber threat. Data mining is widely recognized as popular and important intelligent and automatic tools to assist humans in big data security analysis and anomaly detection over IDSs. In this study we discuss our review in data mining anomaly detection methods for HTTP web services. Today, many online careers and actions including online shopping and banking are running through web-services. Consequently, the role of Hypertext Transfer Protocol (HTTP) in web services is crucial, since it is the standard facilitator for communication protocol. Hence, among the intruders that bound attacks, HTTP is being considered as a vital middle objective. In the recent years, an effective system that has attracted the attention of the researchers is the anomaly detection which is based on data mining methods. We provided an overview on four general data mining techniques such as classification, clustering, semi-supervised and association rule mining. These data mining anomaly detection methods can be used to computing intelligent HTTP request data, which are necessary in describing user behavior. To meet the challenges of data mining techniques, we provide challenges and issues section for intrusion detection systems in HTTP web services.

A Closer Look at Syncany Windows and Ubuntu Clients’ Residual Artefacts

In this paper, we seek to determine the residual artefacts of forensic value on Windows and Ubuntu client machines of using Syncany private cloud storage service. We demonstrate the types and the locations of the artefacts that can be forensically recovered (e.g. artefacts associated with the installation, uninstallation, log-in, log-off, and file synchronisation actions). Findings from this research contribute to an in-depth understanding of cloud-enabled big data storage forensics related to the collection of big data artefacts from a private cloud storage service, which have real-world implications and impacts (e.g. in criminal investigations and civil litigations). Echoing the observations of Ab Rahman et al. (2006), we reiterated the importance of forensic-by-design in future cloud-enabled big data storage solutions.