ebook img

Advances in Digital Forensics XV: 15th IFIP WG 11.9 International Conference, Orlando, FL, USA, January 28–29, 2019, Revised Selected Papers PDF

280 Pages·2019·5.634 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Advances in Digital Forensics XV: 15th IFIP WG 11.9 International Conference, Orlando, FL, USA, January 28–29, 2019, Revised Selected Papers

IFIP AICT 569 Gilbert Peterson Sujeet Shenoi (Eds.) Advances in Digital Forensics XV 123 IFIP Advances in Information and Communication Technology 569 Editor-in-Chief Kai Rannenberg, Goethe University Frankfurt, Germany Editorial Board Members TC 1 – Foundations of Computer Science Jacques Sakarovitch, Télécom ParisTech, France TC 2 – Software: Theory and Practice Michael Goedicke, University of Duisburg-Essen, Germany TC 3 – Education Arthur Tatnall, Victoria University, Melbourne, Australia TC 5 – Information Technology Applications Erich J. Neuhold, University of Vienna, Austria TC 6 – Communication Systems Aiko Pras, University of Twente, Enschede, The Netherlands TC 7 – System Modeling and Optimization Fredi Tröltzsch, TU Berlin, Germany TC 8 – Information Systems Jan Pries-Heje, Roskilde University, Denmark TC 9 – ICT and Society David Kreps, University of Salford, Greater Manchester, UK TC 10 – Computer Systems Technology Ricardo Reis, Federal University of Rio Grande do Sul, Porto Alegre, Brazil TC 11 – Security and Privacy Protection in Information Processing Systems Steven Furnell, Plymouth University, UK TC 12 – Artificial Intelligence Ulrich Furbach, University of Koblenz-Landau, Germany TC 13 – Human-Computer Interaction Marco Winckler, University of Nice Sophia Antipolis, France TC 14 – Entertainment Computing Rainer Malaka, University of Bremen, Germany IFIP – The International Federation for Information Processing IFIP was founded in 1960 under the auspices of UNESCO, following the first World ComputerCongressheldinParisthepreviousyear.Afederationforsocietiesworking in information processing, IFIP’s aim is two-fold: to support information processing in the countries of its members and to encourage technology transfer to developing na- tions.Asitsmissionstatementclearlystates: IFIP is the global non-profit federation of societies of ICT professionals that aims at achieving a worldwide professional and socially responsible development and applicationofinformationandcommunicationtechnologies. IFIP is a non-profit-making organization, run almost solely by 2500 volunteers. It operates through a number of technical committees and working groups, which organize events and publications. IFIP’s events range from large international open conferences toworkingconferencesandlocalseminars. The flagship event is the IFIP World Computer Congress, at which both invited and contributed papers are presented. Contributed papers are rigorously refereed and the rejectionrateishigh. As with the Congress, participation in the open conferences is open to all and papers maybeinvitedorsubmitted.Again,submittedpapersarestringentlyrefereed. The working conferences are structured differently. They are usually run by a work- ing group and attendance is generally smaller and occasionally by invitation only. Their purpose is to create an atmosphere conducive to innovation and development. Referee- ingisalsorigorousandpapersaresubjectedtoextensivegroupdiscussion. Publications arising from IFIP events vary. The papers presented at the IFIP World Computer Congress and at open conferences are published as conference proceedings, while the results of the working conferences are often published as collections of se- lectedandeditedpapers. IFIP distinguishes three types of institutional membership: Country Representative Members, Members at Large, and Associate Members. The type of organization that can apply for membership is a wide variety and includes national or international so- cieties of individual computer scientists/ICT professionals, associations or federations of such societies, government institutions/government related organizations, national or international research institutes or consortia, universities, academies of sciences, com- panies,nationalorinternationalassociationsorfederationsofcompanies. Moreinformationaboutthisseriesathttp://www.springer.com/series/6102 Gilbert Peterson Sujeet Shenoi (Eds.) (cid:129) Advances in Digital Forensics XV 15th IFIP WG 11.9 International Conference – Orlando, FL, USA, January 28 29, 2019 Revised Selected Papers 123 Editors Gilbert Peterson Sujeet Shenoi Department ofElectrical andComputer Tandy Schoolof Computer Science Engineering University of Tulsa AirForce Institute of Technology Tulsa, OK,USA Wright-Patterson AFB, OH,USA ISSN 1868-4238 ISSN 1868-422X (electronic) IFIPAdvances in Information andCommunication Technology ISBN 978-3-030-28751-1 ISBN978-3-030-28752-8 (eBook) https://doi.org/10.1007/978-3-030-28752-8 ©IFIPInternationalFederationforInformationProcessing2019 Thisworkissubjecttocopyright.AllrightsarereservedbythePublisher,whetherthewholeorpartofthe material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation, broadcasting, reproduction on microfilms or in any other physical way, and transmission or information storageandretrieval,electronicadaptation,computersoftware,orbysimilarordissimilarmethodologynow knownorhereafterdeveloped. Theuseofgeneraldescriptivenames,registerednames,trademarks,servicemarks,etc.inthispublication doesnotimply,evenintheabsenceofaspecificstatement,thatsuchnamesareexemptfromtherelevant protectivelawsandregulationsandthereforefreeforgeneraluse. Thepublisher,theauthorsandtheeditorsaresafetoassumethattheadviceandinformationinthisbookare believedtobetrueandaccurateatthedateofpublication.Neitherthepublishernortheauthorsortheeditors give a warranty, expressed or implied, with respect to the material contained herein or for any errors or omissionsthatmayhavebeenmade.Thepublisherremainsneutralwithregardtojurisdictionalclaimsin publishedmapsandinstitutionalaffiliations. ThisSpringerimprintispublishedbytheregisteredcompanySpringerNatureSwitzerlandAG Theregisteredcompanyaddressis:Gewerbestrasse11,6330Cham,Switzerland Contents Contributing Authors ix Preface xvii PART I FORENSIC MODELS 1 A Holistic Forensic Model for the Internet of Things 3 Lakshminarayana Sadineni, Emmanuel Pilli and Ramesh Babu Battula 2 Implementing the Harmonized Model for Digital Evidence 19 Admissibility Assessment Albert Antwi-Boasiako and Hein Venter PART II MOBILE AND EMBEDDED DEVICE FORENSICS 3 Classifying the Authenticity of Evaluated Smartphone Data 39 Heloise Pieterse, Martin Olivier and Renier van Heerden 4 Retrofitting Mobile Devices for Capturing Memory-Resident 59 Malware Based on System Side-Effects Zachary Grimmett, Jason Staggs and Sujeet Shenoi 5 A Targeted Data Extraction System for Mobile Devices 73 SudhirAggarwal, GokilaDorai, UmitKarabiyik, TathagataMukherjee, Nicholas Guerra, Manuel Hernandez, James Parsons, Khushboo Rathi, Hongmei Chi, Temilola Aderibigbe and Rodney Wilson vi ADVANCES IN DIGITAL FORENSICS XV 6 Exploiting Vendor-Defined Messages in the USB Power Delivery 101 Protocol Gunnar Alendal, Stefan Axelsson and Geir Olav Dyrkolbotn 7 Detecting Anomalies in Programmable Logic Controllers Using 119 Unsupervised Machine Learning Chun-Fai Chan, Kam-Pui Chow, Cesar Mak and Raymond Chan PART III FILESYSTEM FORENSICS 8 Creating a Map of User Data in NTFS to Improve File Carving 133 Martin Karresand, Asalena Warnqvist, David Lindahl, Stefan Axelsson and Geir Olav Dyrkolbotn 9 Analyzing Windows Subsystem for Linux Metadata to Detect 159 Timestamp Forgery Bhupendra Singh and Gaurav Gupta PART IV IMAGE FORENSICS 10 Quick Response Encoding of Human Facial Images for Identity 185 Fraud Detection Shweta Singh, Saheb Chhabra, Garima Gupta, Monika Gupta and Gaurav Gupta 11 Using Neural Networks for Fake Colorized Image Detection 201 Yuze Li, Yaping Zhang, Liangfu Lu, Yongheng Jia and Jingcheng Liu PART V FORENSIC TECHNIQUES 12 Digital Forensic Atomic Force Microscopy of Semiconductor 219 Memory Arrays Struan Gray and Stefan Axelsson Contents vii 13 Timeline Visualization of Keywords 239 Wynand van Staden 14 Determining the Forensic Data Requirements for Investigating 253 Hypervisor Attacks Changwei Liu, Anoop Singhal, Ramaswamy Chandramouli and Duminda Wijesekera Contributing Authors Temilola Aderibigbe recently received his M.S. degree in Computer SciencefromFloridaA&MUniversity,Tallahassee,Florida. Hisresearch interests are in the area of digital forensics. Sudhir Aggarwal is a Professor of Computer Science at Florida State University, Tallahassee, Florida. His research interests include password cracking, mobile forensics, information security and building software systems for digital forensics. Gunnar Alendal is a Special Investigator with Kripos/NCIS Norway, Oslo, Norway; and a Ph.D. student in Computer Security at the Norwe- gianUniversityofScienceandTechnology,Gjovik,Norway. Hisresearch interests include digital forensics, reverse engineering, security vulnera- bilities, information security and cryptography. Albert Antwi-Boasiako is the National Cybersecurity Advisor, Re- publicofGhana,Ghana,Accra; andtheFounderofthee-CrimeBureau, Accra, Ghana. His research interests are in the area of digital forensics, with a focus on digital forensic process standardization. Stefan Axelsson is an Associate Professor of Digital Forensics at the Norwegian University of Science and Technology, Gjovik, Norway; and anAssociateProfessorofDigitalForensicsatHalmstadUniversity,Halm- stad, Sweden. His research interests include digital forensics, data anal- ysis and digital investigations. Ramesh Babu Battula is an Assistant Professor of Computer Science and Engineering at Malaviya National Institute of Technology, Jaipur, India. His research interests include secure communications, cyber se- curity, performance modeling and next generation networks. x ADVANCES IN DIGITAL FORENSICS XV Chun-Fai Chan is a Ph.D. student in Computer Science at the Uni- versity of Hong Kong, Hong Kong, China. His research interests include penetration testing, digital forensics and Internet of Things security. Raymond Chan is a Lecturer of Information and Communications Technology at the Singapore Institute of Technology, Singapore. His research interests include cyber security, digital forensics and critical infrastructure protection. Ramaswamy Chandramouli is a Senior Computer Scientist in the Computer Security Division at the National Institute of Standards and Technology, Gaithersburg, Maryland. His research interests include se- curity for virtualized infrastructures, and smart card interface specifica- tion and testing. Saheb ChhabraisaPh.D.studentinComputerScienceandEngineer- ing at Indraprastha Institute of Information Technology, New Delhi, In- dia. Hisresearchinterestsincludeimageprocessingandcomputervision, and their applications to document fraud detection. Hongmei Chi is an Associate Professor of Computer and Informa- tion Sciences at Florida A&M University, Tallahassee, Florida. Her research interests include information assurance, scientific computing, Monte Carlo and quasi Monte Carlo techniques, and data science. Kam-Pui Chow is an Associate Professor of Computer Science at the University of Hong Kong, Hong Kong, China. His research interests include information security, digital forensics, live system forensics and digital surveillance. Gokila Dorai is a Ph.D. student in Computer Science at Florida State University, Tallahassee, Florida. Her research interests include com- puter, mobile device and Internet of Things forensics. Geir Olav Dyrkolbotn is a Major in the Norwegian Armed Forces, Lillehammer, Norway; and an Associate Professor of Cyber Defense at the Norwegian University of Science and Technology, Gjovik, Norway. Hisresearchinterestincludecyberdefense, reverseengineering,malware analysis, side-channel attacks and machine learning.

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.