Nurul Azma Abdullah

Cluster size determination using JPEG files

File can be recovered by simply using traditional recovery means. However, a technique is required to distinguish one file to another when dealing with hard disk with corrupted filesystem metadata. As in a computer file system, a cluster is the smallest allocation of disk space to hold a file, information about the cluster size can help in determining the start of file which can be used to distinguish one file to another. This paper introduces a method for acquiring the cluster size by using data sets from DFRWS 2006 and DFRWS 2007. A tool called PredClus is developed to automatically display the predicted cluster size according to probabilistic percentage. By using PredClus, the cluster size used in both DFRWS 2006 and DFRWS 2007 can be determined. Thus, JPEG images that are not located at the starting address of any cluster are most probably thumbnails or embedded files.

Carving Linearly JPEG Images Using Unique Hex Patterns (UHP)

Many studies have been conducted in addressing problem of fragmented JPEG. However, there are many scenarios in fragmentation yet to be solved. This paper is discussing of using pattern matching to identify single linear fragmented JPEG images. The main contribution of this paper is introducing Unique Hex Patterns (UHP) to carve single linear fragmented JPEG images.

Acquiring RFID Tag Asymmetric Key from IOT Cyber Physical Environment

Radio Frequency Identification (RFID) is the example of current technology that enable the IoT environment to identify and locate objects and record metadata. RFID is the typical, important technology that first creates the term of IoT and most recent technology discussed. Since the close relationship of the evolution between technology and crime, the need of understanding RFID data is inevitable. There is some researcher discussed of IoT forensic but there is no specific work related to the RFID data acquisition standard procedure in IOT environment. Therefore, this research is to propose a methodology for acquisition of RFID tag asymmetric key for IoT forensic purpose. Acquisition is the initial step in IoT forensic to acquire digital evidence from IoT cyberphysical environment. Later, the key acquired will be used to extract useful information from RFID tag memory for further investigation.

Preserving anonymity in e-voting system using voter non-repudiation oriented scheme

The voting system has been developed from traditional paper ballot to electronic voting (e-voting). The e-voting system has high potential to be widely used in election event. However, the e-voting system still does not meet the most important security properties which are voter’s authenticity and non-repudiation. This is because voters can simply vote again by entering other people’s identification number. In this project, an electronic voting using voter non-repudiation oriented scheme will be developed. This system contains ten modules which are log in, vote session, voter, candidate, open session, voting results, user account, initial score, logs and reset vote count. In order to ensure there would be no non-repudiation issue, a voter non-repudiation oriented scheme concept will be adapted and implemented in the system. This system will be built using Microsoft Visual Studio 2013 which only can be accessed using personal computers at the voting center. This project will be beneficial for future use in order to overcome non-repudiation issue.The voting system has been developed from traditional paper ballot to electronic voting (e-voting). The e-voting system has high potential to be widely used in election event. However, the e-voting system still does not meet the most important security properties which are voter’s authenticity and non-repudiation. This is because voters can simply vote again by entering other people’s identification number. In this project, an electronic voting using voter non-repudiation oriented scheme will be developed. This system contains ten modules which are log in, vote session, voter, candidate, open session, voting results, user account, initial score, logs and reset vote count. In order to ensure there would be no non-repudiation issue, a voter non-repudiation oriented scheme concept will be adapted and implemented in the system. This system will be built using Microsoft Visual Studio 2013 which only can be accessed using personal computers at the voting center. This project will be beneficial for future use in...

Email authentication using symmetric and asymmetric key algorithm encryption

Protection of sensitive or classified data from unauthorized access, hackers and other personals is virtue. Storage of data is done in devices such as USB, external hard disk, laptops, I-Pad or at cloud. Cloud computing presents with both ups and downs. However, storing information elsewhere increases risk of being attacked by hackers. Besides, the risk of losing the device or being stolen is increased in case of storage in portable devices. There are array of mediums of communications and even emails used to send data or information but these technologies come along with severe weaknesses such as absence of confidentiality where the message sent can be altered and sent to the recipient. No proofs are shown to the recipient that the message received is altered. The recipient would not find out unless he or she checks with the sender. Without encrypted of data or message, sniffing tools and software can be used to hack and read the information since it is in plaintext. Therefore, an electronic mail authent...

Face recognition for criminal identification: An implementation of principal component analysis for face recognition

In practice, identification of criminal in Malaysia is done through thumbprint identification. However, this type of identification is constrained as most of criminal nowadays getting cleverer not to leave their thumbprint on the scene. With the advent of security technology, cameras especially CCTV have been installed in many public and private areas to provide surveillance activities. The footage of the CCTV can be used to identify suspects on scene. However, because of limited software developed to automatically detect the similarity between photo in the footage and recorded photo of criminals, the law enforce thumbprint identification. In this paper, an automated facial recognition system for criminal database was proposed using known Principal Component Analysis approach. This system will be able to detect face and recognize face automatically. This will help the law enforcements to detect or recognize suspect of the case if no thumbprint present on the scene. The results show that about 80% of input photo can be matched with the template data.In practice, identification of criminal in Malaysia is done through thumbprint identification. However, this type of identification is constrained as most of criminal nowadays getting cleverer not to leave their thumbprint on the scene. With the advent of security technology, cameras especially CCTV have been installed in many public and private areas to provide surveillance activities. The footage of the CCTV can be used to identify suspects on scene. However, because of limited software developed to automatically detect the similarity between photo in the footage and recorded photo of criminals, the law enforce thumbprint identification. In this paper, an automated facial recognition system for criminal database was proposed using known Principal Component Analysis approach. This system will be able to detect face and recognize face automatically. This will help the law enforcements to detect or recognize suspect of the case if no thumbprint present on the scene. The results show that about 80% of input...

A CCTV system with SMS alert (CMDSA): An implementation of pixel processing algorithm for motion detection

Closed-Circuit TV (CCTV) system is one of the technologies in surveillance field to solve the problem of detection and monitoring by providing extra features such as email alert or motion detection. However, detecting and alerting the admin on CCTV system may complicate due to the complexity to integrate the main program with an external Application Programming Interface (API). In this study, pixel processing algorithm is applied due to its efficiency and SMS alert is added as an alternative solution for users who opted out email alert system or have no Internet connection. A CCTV system with SMS alert (CMDSA) was developed using evolutionary prototyping methodology. The system interface was implemented using Microsoft Visual Studio while the backend components, which are database and coding, were implemented on SQLite database and C# programming language, respectively. The main modules of CMDSA are motion detection, capturing and saving video, image processing and Short Message Service (SMS) alert functions. Subsequently, the system is able to reduce the processing time making the detection process become faster, reduce the space and memory used to run the program and alerting the system admin instantly.Closed-Circuit TV (CCTV) system is one of the technologies in surveillance field to solve the problem of detection and monitoring by providing extra features such as email alert or motion detection. However, detecting and alerting the admin on CCTV system may complicate due to the complexity to integrate the main program with an external Application Programming Interface (API). In this study, pixel processing algorithm is applied due to its efficiency and SMS alert is added as an alternative solution for users who opted out email alert system or have no Internet connection. A CCTV system with SMS alert (CMDSA) was developed using evolutionary prototyping methodology. The system interface was implemented using Microsoft Visual Studio while the backend components, which are database and coding, were implemented on SQLite database and C# programming language, respectively. The main modules of CMDSA are motion detection, capturing and saving video, image processing and Short Message Service (SMS) alert functi...

Android Malware Classification Using K-Means Clustering Algorithm

Malware was designed to gain access or damage a computer system without user notice. Besides, attacker exploits malware to commit crime or fraud. This paper proposed Android malware classification approach based on K-Means clustering algorithm. We evaluate the proposed model in terms of accuracy using machine learning algorithms. Two datasets were selected to demonstrate the practicing of K-Means clustering algorithms that are Virus Total and Malgenome dataset. We classify the Android malware into three clusters which are ransomware, scareware and goodware. Nine features were considered for each types of dataset such as Lock Detected, Text Detected, Text Score, Encryption Detected, Threat, Porn, Law, Copyright and Moneypak. We used IBM SPSS Statistic software for data classification and WEKA tools to evaluate the built cluster. The proposed K-Means clustering algorithm shows promising result with high accuracy when tested using Random Forest algorithm.

Image Size Variation Influence on Corrupted and Non-viewable BMP Image

Image is one of the evidence component seek in digital forensics. Joint Photographic Experts Group (JPEG) format is most popular used in the Internet because JPEG files are very lossy and easy to compress that can speed up Internet transmitting processes. However, corrupted JPEG images are hard to recover due to the complexities of determining corruption point. Nowadays Bitmap (BMP) images are preferred in image processing compared to another formats because BMP image contain all the image information in a simple format. Therefore, in order to investigate the corruption point in JPEG, the file is required to be converted into BMP format. Nevertheless, there are many things that can influence the corrupting of BMP image such as the changes of image size that make the file non-viewable. In this paper, the experiment indicates that the size of BMP file influences the changes in the image itself through three conditions, deleting, replacing and insertion. From the experiment, we learnt by correcting the file size, it can able to produce a viewable file though partially. Then, it can be investigated further to identify the corruption point.

X_myKarve: Non-Contiguous JPEG File Carver

Many studies have been conducted in addressing problem of fragmented JPEG. However, carving fragmented JPEG files are not easy to solve due to the complexity of determining the fragmentation point. In this article, X_myKarvee framework is introduced to address the fragmentation issues that occur in JPEG images. X_myKarve introduce a new technique, deletion by binary search to detect fragmentation point which is used to separate a file into several individual fragments. These fragments are then reassembled with the correct pairs which form a complete and correct image. X_myKarve is tested using various datasets namely DFRWS 2006 and DFRWS 2007. The result shows that X_myKarve is capable of carving over 20% more than myKarve and RevIt for DFRWS 2006 datasets where X_myKarve can carve intertwined fragmented JPEG images completely compared to myKarve and RevIt. X_myKarve is a good alternative for carving fragmented JPEG files intertwined with each other.