Zaiton Muda

Windows Instant Messaging App Forensics: Facebook and Skype as Case Studies

Instant messaging (IM) has changed the way people communicate with each other. However, the interactive and instant nature of these applications (apps) made them an attractive choice for malicious cyber activities such as phishing. The forensic examination of IM apps for modern Windows 8.1 (or later) has been largely unexplored, as the platform is relatively new. In this paper, we seek to determine the data remnants from the use of two popular Windows Store application software for instant messaging, namely Facebook and Skype on a Windows 8.1 client machine. This research contributes to an in-depth understanding of the types of terrestrial artefacts that are likely to remain after the use of instant messaging services and application software on a contemporary Windows operating system. Potential artefacts detected during the research include data relating to the installation or uninstallation of the instant messaging application software, log-in and log-off information, contact lists, conversations, and transferred files.

Forensic Investigation of P2P Cloud Storage: BitTorrent Sync as a Case Study

Forensic investigation of P2P cloud storage services and backbone for IoT networks.Industrial Internet of things forensics.Peer-to-peer and BitTorrent forensics.Forensically sound investigation methodology for BitTorrent Sync investigations. Cloud computing can be generally regarded as the technology enabler for Internet of Things (IoT). To ensure the most effective collection of evidence from cloud-enabled IoT infrastructure, it is vital for forensic practitioners to possess a contemporary understanding of the artefacts from different cloud services and applications. In this paper, we seek to determine the data remnants from the use of the newer BitTorrent Sync applications (version 2.x). Findings from our research using mobile and computer devices running Windows, Mac OS, Ubuntu, iOS, and Android devices suggested that artefacts relating to the installation, uninstallation, log-in, log-off, and file synchronisation could be recovered, which are potential sources of IoT forensics. We also extend the cloud forensics framework of Martini and Choo to provide a forensically sound investigation methodology for the newer BitTorrent Sync applications. Display Omitted

Greening Cloud-Enabled Big Data Storage Forensics: Syncany as a Case Study

The pervasive nature of cloud-enabled big data storage solutions introduces new challenges in the identification, collection, analysis, preservation, and archiving of digital evidences. Investigation of such complex platforms to locate and recover traces of criminal activities is a time-consuming process. Hence, cyber forensics researchers are moving towards streamlining the investigation process by locating and documenting residual artefacts (evidences) of forensic value of users’ activities on cloud-enabled big data platforms in order to reduce the investigation time and resources involved in a real-world investigation. In this paper, we seek to determine the data remnants of forensic value from Syncany private cloud storage service, a popular storage engine for big data platforms. We demonstrate the types and the locations of the artifacts that can be forensically recovered. Findings from this research contribute to an in-depth understanding of cloud-enabled big data storage forensics, which can result in reduced time and resources spent in real-world investigations involving Syncany-based cloud platforms.

The new approach of Rijndael key schedule

The key schedule function in Rijndael block cipher did not receive the same amount of attention during design as the cipher components. Based on our research, there are several properties in key schedule that seemed to violate the design criteria, which was published by NIST, and this has lead to many types of attack performed on Rijndael block cipher. The aim of this research is to produce a new key schedule algorithm, an enhancement from the Rijndael key scheduling, which follows the principle of secure cipher by Shannon, where the new key schedule must satisfy the bit confusion and diffusion properties for security purpose. After both keys from schedule algorithms (Rijndael and the proposed approach) have been analyzed, the results show that the proposed approach satisfies the requirement that set by Shannon in achieving both of the properties.

Packet Header Anomaly Detection Using Statistical Analysis

The disclosure of network packets to recurrent cyber intrusion has upraised the essential for modelling various statistical-based anomaly detection methods lately. Theoretically, the statistical-based anomaly detection method fascinates researcher’s attentiveness, but technologically, the fewer intrusion detection rates persist as vulnerable disputes. Thus, a Host-based Packet Header Anomaly Detection (HbPHAD) model that is proficient in pinpoint suspicious packet header behaviour based on statistical analysis is proposed in this paper. We perform scoring mechanism using Relative Percentage Ratio (RPR) in scheming normal scores, desegregate Linear Regression Analysis (LRA) to distinguish the degree of packets behaviour (i.e. fit to be suspicious or not suspicious) and Cohen’s-d (effect size) dimension to pre-define the finest threshold. HbPHAD is an effectual resolution for statistical-based anomaly detection method in pinpoint suspicious behaviour precisely. The experiment validate that HbPHAD is effectively in correctly detecting suspicious packet at above 90% as an intrusion detection rate for both ISCX 2012 and is capable to detect 40 attack types from DARPA 1999 benchmark dataset.

Refined garbage collection for open distributed systems with multicapabilities

Capabilities can provide information not only on a particular object, but also on which methods of the object an agent is permitted to invoke. Specific information about an agent‘s ‘knowledge’ is potentially very useful and can be manipulated in a variety of ways. This paper focuses on the LINDA coordination model of open distributed systems. One limited resource is memory, and garbage collection has already been proposed for the standard LINDA with multiple tuple-spaces (TSs) to avoid memory exhaustion. The implementation, however, was restricted to garbage collection of TSs. Taking into account the need for garbage collection not only for TSs, but also for tuples, this paper demonstrates how the garbage collection mechanism can be extended to handle unusable tuples, with the introduction of multicapabilities, which generalise capabilities to collections of objects.

A Closer Look at Syncany Windows and Ubuntu Clients’ Residual Artefacts

In this paper, we seek to determine the residual artefacts of forensic value on Windows and Ubuntu client machines of using Syncany private cloud storage service. We demonstrate the types and the locations of the artefacts that can be forensically recovered (e.g. artefacts associated with the installation, uninstallation, log-in, log-off, and file synchronisation actions). Findings from this research contribute to an in-depth understanding of cloud-enabled big data storage forensics related to the collection of big data artefacts from a private cloud storage service, which have real-world implications and impacts (e.g. in criminal investigations and civil litigations). Echoing the observations of Ab Rahman et al. (2006), we reiterated the importance of forensic-by-design in future cloud-enabled big data storage solutions.

Investigating America Online Instant Messaging Application

Instant messaging applications (apps) are one potential source of evidence in a criminal investigation or a civil litigation. To ensure the most effective collection of evidence, it is vital for forensic practitioners to possess an up-to-date knowledge about artefacts of forensic interest from various instant messaging apps. Hence, in this chapter, we study America Online Instant Messenger (version this http URL) with the aims of contributing to an in-depth understanding of the types of terrestrial artefacts that are likely to remain after the use of instant messaging services and app on Windows 8.1 devices. Potential artefacts identified during the research include data relating to the installation or uninstallation, log-in and log-off information, contact lists, conversations, and transferred files.

Clustering Network Traffic Utilization

Classification of network traffic using distinctive characteristic application is not ideal for P2P and HTTP protocols. This is for the case when a user intercepts the application from other proxy or dynamic port, then the bytes utilization can be manipulated. In this paper, we present a clustering approach for network traffic classification using information from one particular port. The clustering experiments were conducted using three different clustering algorithms, which are K-Means, DBScan and AutoClass. The analysis discussed on the quality of resulting clusters from all the algorithms.