ebook img

Digital Forensics and Cyber Crime: 9th International Conference, ICDF2C 2017, Prague, Czech Republic, October 9-11, 2017, Proceedings PDF

235 Pages·2018·18.032 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Digital Forensics and Cyber Crime: 9th International Conference, ICDF2C 2017, Prague, Czech Republic, October 9-11, 2017, Proceedings

Petr Matoušek Martin Schmiedecker (Eds.) 216 Digital Forensics and Cyber Crime 9th International Conference, ICDF2C 2017 Prague, Czech Republic, October 9–11, 2017 Proceedings 123 Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 216 Editorial Board Ozgur Akan Middle East Technical University, Ankara, Turkey Paolo Bellavista University of Bologna, Bologna, Italy Jiannong Cao Hong Kong Polytechnic University, Hong Kong, Hong Kong Geoffrey Coulson Lancaster University, Lancaster, UK Falko Dressler University of Erlangen, Erlangen, Germany Domenico Ferrari Università Cattolica Piacenza, Piacenza, Italy Mario Gerla UCLA, Los Angeles, USA Hisashi Kobayashi Princeton University, Princeton, USA Sergio Palazzo University of Catania, Catania, Italy Sartaj Sahni University of Florida, Florida, USA Xuemin Sherman Shen University of Waterloo, Waterloo, Canada Mircea Stan University of Virginia, Charlottesville, USA Jia Xiaohua City University of Hong Kong, Kowloon, Hong Kong Albert Y. Zomaya University of Sydney, Sydney, Australia More information about this series at http://www.springer.com/series/8197 š Petr Matou ek Martin Schmiedecker (Eds.) (cid:129) Digital Forensics and Cyber Crime 9th International Conference, ICDF2C 2017 – Prague, Czech Republic, October 9 11, 2017 Proceedings 123 Editors Petr Matoušek Martin Schmiedecker BrnoUniversity ofTechnology SBAResearch Vienna Brno Vienna Czech Republic Austria ISSN 1867-8211 ISSN 1867-822X (electronic) Lecture Notesof the Institute for Computer Sciences, Social Informatics andTelecommunications Engineering ISBN 978-3-319-73696-9 ISBN978-3-319-73697-6 (eBook) https://doi.org/10.1007/978-3-319-73697-6 LibraryofCongressControlNumber:2017963758 ©ICSTInstituteforComputerSciences,SocialInformaticsandTelecommunicationsEngineering2018 Thisworkissubjecttocopyright.AllrightsarereservedbythePublisher,whetherthewholeorpartofthe material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation, broadcasting, reproduction on microfilms or in any other physical way, and transmission or information storageandretrieval,electronicadaptation,computersoftware,orbysimilarordissimilarmethodologynow knownorhereafterdeveloped. Theuseofgeneraldescriptivenames,registerednames,trademarks,servicemarks,etc.inthispublication doesnotimply,evenintheabsenceofaspecificstatement,thatsuchnamesareexemptfromtherelevant protectivelawsandregulationsandthereforefreeforgeneraluse. Thepublisher,theauthorsandtheeditorsaresafetoassumethattheadviceandinformationinthisbookare believedtobetrueandaccurateatthedateofpublication.Neitherthepublishernortheauthorsortheeditors give a warranty, express or implied, with respect to the material contained herein or for any errors or omissionsthatmayhavebeenmade.Thepublisherremainsneutralwithregardtojurisdictionalclaimsin publishedmapsandinstitutionalaffiliations. Printedonacid-freepaper ThisSpringerimprintispublishedbySpringerNature TheregisteredcompanyisSpringerInternationalPublishingAG Theregisteredcompanyaddressis:Gewerbestrasse11,6330Cham,Switzerland Preface Itisourpleasuretointroducetheproceedingsofthe9thEAIInternationalConference on Digital Forensics and Cyber Crime (ICDF2C) 2017. Since its start in 2009, the ICDF2C conference each year brings together leading researchers, practitioners, and educatorsfromaroundtheworldtoadvancethestateoftheartindigitalforensicsand cybercrime investigation. After nine years of existence, the conference has received worldwide recognition. Scores of researches and experts of digital forensics and cybercrime come together each year to meet at this event. TheTechnicalProgramCommittee(PC)ofICDF2Creceivedabout50submissions that were carefully evaluated by the team of international reviewers. After the review, 18paperswereinvitedfororalpresentationatICDF2C2017.Theauthorsofthepapers come from 11 countries over the world: UK, China, Czech Republic, Germany, Austria, Switzerland, USA, Portugal, Sweden, Ireland, Australia, and South Korea. Traditionally,theprogramofICDF2Cfeatureskeynotespeeches.Thisyearwehad the privilege to welcome Joshua I. James, a professor and researcher from Hallym University, South Korea, whose research focuses on event reconstruction in post-mortem digital investigations. The second keynote speaker was Felix Freiling from Friedrich-Alexander-Universität in Erlangen-Nürnberg, Germany, who is an expert on safety and security. For the third keynote, Domingo Montanaro and Cyllas Eliapresentedtheirresultsofatwo-yearlonginvestigationofcybercriminalsinBrazil. The program also accommodated three tutorials given to the ICDF2C audience: Bitcoin analysis by experts from the cybersecurity lab Neutrino, Switzerland; an application of NetFlow data for network forensics given by Flowmon Networks Ltd., Czech Republic; and an introduction to the GRR Rapid Response framework for remote live forensics, given by Google. We would like to thank everyone who offered their help and support during the conferenceorganization.Weappreciatethethoroughworkandflexibleapproachofall PCmembersduringthereviewingprocess.Also,wewouldliketoexpressoursincere thanks to all members of the Organizing Committee for their hard work in the real- ization of the conference. The conference could not have been organized without the support of the European Alliance for Innovation (EAI) and Flowmon Networks Ltd., Czech Republic. December 2017 Petr Matousek Martin Schmiedecker Organization Steering Committee Sanjay Goel University at Albany, State University of New York, USA Imrich Chlamtac EAI, CREATE-NET Pavel Gladyshev University College, Dublin, Ireland Marcus Rogers Purdue University, USA Ibrahim Baggili University of New Haven, USA Joshua I. James DFIRE Labs, Hallym University, South Korea Frank Breitinger University of New Haven, USA Organizing Committee General Co-chairs Petr Matoušek Brno University of Technology, Czech Republic Martin Schmiedecker SBA Research, Vienna, Austria Technical Program Committee Chair Sebastian Schinzel University of Applied Sciences, Münster, Germany Workshop Chair Marc Scanlon University College Dublin, Ireland Publicity and Web Chair Sebastian Neuner SBA Research, Vienna, Austria Publications Chair Ondřej Ryšavý Faculty of Information Technology, Brno, Czech Republic Local Chair Matěj Grégr Brno University of Technology, Brno, Czech Republic Conference Coordinator Alzbeta Mackova EAI VIII Organization Technical Program Committee Harald Baier University of Applied Sciences Darmstadt, Germany Spiridon Bakiras Hamad Bin Khalifa University, Qatar Nicole Beebe University of Texas at San Antonio, USA Frank Breitinger University of New Haven, USA Mohamed Chawki University of Lyon III, France Kim-Kwang Raymond University of South Australia, Australia Choo David Dampier Mississippi State University, USA Virginia Franqueira University of Derby, UK Pavel Gladyshev University College Dublin, Ireland Joshua I. James DigitalFIRE Labs, Hallym University, South Korea Ping Ji City University of New York, USA Umit Karabiyik Sam Houston State University, USA Nhien An Le Khac UCD School of Computer Science, Ireland Michael Losavio University of Louisville, USA Stig Mjolsnes Norwegian University of Science and Technology NTNU, Norway Alex Nelson NIST, USA Sebastian Neuner SBA Research, Austria Bruce Nikkel UBS AG, Switzerland Richard E. Overill King’s College London, UK Gilbert Peterson Air Force Institute of Technology, USA Golden G Richard III Louisiana State University, USA Vassil Roussev University of New Orleans, USA Neil Rowe U.S. Naval Postgraduate School, USA Ondřej Ryšavý Brno University of Technology, Czech Republic Mark Scanlon University College Dublin, Ireland Bradley Schatz Queensland University of Technology, Australia Michael Spreitzenbarth Siemens CERT, Germany Krzysztof Szczypiorski Warsaw University of Technology, Poland Vladimír Veselý Brno University of Technology, Czech Republic Timothy Vidas Carnegie Mellon University, USA Christian Winter Fraunhofer Gesellschaft, Germany Contents Malware and Botnet FindEvasion: An Effective Environment-Sensitive Malware Detection System for the Cloud. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 Xiaoqi Jia, Guangzhe Zhou, Qingjia Huang, Weijuan Zhang, and Donghai Tian Real-Time Forensics Through Endpoint Visibility. . . . . . . . . . . . . . . . . . . . 18 Peter Kieseberg, Sebastian Neuner, Sebastian Schrittwieser, Martin Schmiedecker, and Edgar Weippl On Locky Ransomware, Al Capone and Brexit. . . . . . . . . . . . . . . . . . . . . . 33 John MacRae and Virginia N. L. Franqueira Deanonymization Finding and Rating Personal Names on Drives for Forensic Needs . . . . . . . . 49 Neil C. Rowe A Web-Based Mouse Dynamics Visualization Tool for User Attribution in Digital Forensic Readiness. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64 Dominik Ernsberger, R. Adeyemi Ikuesan, S. Hein Venter, and Alf Zugenmaier Digital Forensics Tools I Open Source Forensics for a Multi-platform Drone System . . . . . . . . . . . . . 83 Thomas Edward Allen Barton and M. A. Hannan Bin Azhar A Novel File Carving Algorithm for EVTX Logs. . . . . . . . . . . . . . . . . . . . 97 Ming Xu, Jinkai Sun, Ning Zheng, Tong Qiao, Yiming Wu, Kai Shi, Haidong Ge, and Tao Yang Fuzzy System-Based Suspicious Pattern Detection in Mobile Forensic Evidence. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106 Konstantia Barmpatsalou, Tiago Cruz, Edmundo Monteiro, and Paulo Simoes X Contents Cyber Crime Investigation and Digital Forensics Triage DigitalForensicReadinessinCriticalInfrastructures:ACaseofSubstation Automation in the Power Sector . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117 Asif Iqbal, Mathias Ekstedt, and Hanan Alobaidli A Visualization Scheme for Network Forensics Based on Attribute Oriented Induction Based Frequent Item Mining and Hyper Graph . . . . . . . . 130 Jianguo Jiang, Jiuming Chen, Kim-Kwang Raymond Choo, Chao Liu, Kunying Liu, and Min Yu Expediting MRSH-v2 Approximate Matching with Hierarchical Bloom Filter Trees . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144 David Lillis, Frank Breitinger, and Mark Scanlon Approxis: A Fast, Robust, Lightweight and Approximate Disassembler Considered in the Field of Memory Forensics. . . . . . . . . . . . . 158 Lorenz Liebler and Harald Baier Digital Forensics Tools Testing and Validation Memory Forensics and the Macintosh OS X Operating System. . . . . . . . . . . 175 Charles B. Leopard, Neil C. Rowe, and Michael R. McCarrin Sketch-Based Modeling and Immersive Display Techniques for Indoor Crime Scene Presentation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181 Pu Ren, Mingquan Zhou, Jin Liu, Yachun Fan, Wenshuo Zhao, and Wuyang Shui An Overview of the Usage of Default Passwords . . . . . . . . . . . . . . . . . . . . 195 Brandon Knieriem, Xiaolu Zhang, Philip Levine, Frank Breitinger, and Ibrahim Baggili Hacking Automation of MitM Attack on Wi-Fi Networks. . . . . . . . . . . . . . . . . . . . . 207 Martin Vondráček, Jan Pluskal, and Ondřej Ryšavý SeEagle: Semantic-Enhanced Anomaly Detection for Securing Eagle. . . . . . . 221 Wu Xin, Qingni Shen, Yahui Yang, and Zhonghai Wu Coriander: A Toolset for Generating Realistic Android Digital Evidence Datasets. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228 Irvin Homem Author Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.