SHANG Shi-ze,KONG Xiang-wei,YOU Xin-gang

DOI: https://doi.org/10.3969/j.issn.1671-1122.2015.04.011

2015-01-01

Abstract:The examination of forged and altered document is an important part in judicial expertise. The traditional examination methods need professional testers and devices, the disadvantages include high cost, long testing time, damage on the documents, etc. In recent years, the digital passive lossless forensics on forged and altered document has been developed which only uses scanner and computer. In this paper, we first introduce the life-cycle of document and its forging and altering methods. Then, we summarize the passive lossless forensics on forged and altered document, and describe the technologies on device identiifcation, copy paper identiifcation and authenticity detection, respectively. We give a detailed description on the characteristics introduced by devices and altering methods, and their forensics methods. Finally, we describe the questions and challenges on digital passive lossless forensics on documents.

Natarajan Meghanathan,Sumanth Reddy Allam,Loretta A. Moore

DOI: https://doi.org/10.48550/arXiv.1004.0570

2010-04-05

Abstract:Network forensics deals with the capture, recording and analysis of network events in order to discover evidential information about the source of security attacks in a court of law. This paper discusses the different tools and techniques available to conduct network forensics. Some of the tools discussed include: eMailTrackerPro to identify the physical location of an email sender; Web Historian to find the duration of each visit and the files uploaded and downloaded from the visited website; packet sniffers like Etherea to capture and analyze the data exchanged among the different computers in the network. The second half of the paper presents a survey of different IP traceback techniques like packet marking that help a forensic investigator to identify the true sources of the attacking IP packets. We also discuss the use of Honeypots and Honeynets that gather intelligence about the enemy and the tools and tactics of network intruders.

Networking and Internet Architecture

Wei TIAN,Xiao-hu YANG,Xiao-yao XIE

1999-01-01

Abstract:In this article,we present research work which is focused on the Electronic Taxation System and its network security on Internet.Through analysis of the procedures of taxation and considerations of some of the characteristics of the current pragmatic network security technologies,we proposed a security model of ETS with reference to the system on Internet.

Fahad M Ghabban,Ibrahim Alfadli,Omair Ameerbakhsh,Amer Nizar AbuAli,Arafat Al-Dhaqm,Mahmoud Ahmad Al-Khasawneh

DOI: https://doi.org/10.48550/arXiv.2108.05579

2021-08-12

Abstract:Network Forensics (NFs) is a branch of digital forensics which used to detect and capture potential digital crimes over computer networked environments crime. Network Forensic Tools (NFTs) and Network Forensic Processes (NFPs) have abilities to examine networks, collect all normal and abnormal traffic/data, help in network incident analysis, and assist in creating an appropriate incident detection and reaction and also create a forensic hypothesis that can be used in a court of law. Also, it assists in examining the internal incidents and exploitation of assets, attack goals, executes threat evaluation, also by evaluating network performance. According to existing literature, there exist quite a number of NFTs and NTPs that are used for identification, collection, reconstruction, and analysing the chain of incidents that happen on networks. However, they were vary and differ in their roles and functionalities. The main objective of this paper, therefore, is to assess and see the distinction that exist between Network Forensic Tools (NFTs) and Network Forensic Processes (NFPs). Precisely, this paper focuses on comparing among four famous NFTs: Xplico, OmniPeek, NetDetector, and NetIetercept. The outputs of this paper show that the Xplico tool has abilities to identify, collect, reconstruct, and analyse the chain of incidents that happen on networks than other NF tools.

Cryptography and Security

JI Yu-chen,FU Xiao,SHI Jin,LUO Bin,ZHAO Zhi-hong

DOI: https://doi.org/10.3969/j.issn.1000-3428.2014.01.068

2014-01-01

Abstract:According to characteristics of computer intrusion forensic evidence, such as easy revise, easy loss, numerous sources, multifarious content, this paper discusses the current developing states about intrusion event reconstruction, analyzes intrusion event reconstruction source from the system layer object/event and the operate system layer object/event, and introduces the main intrusion event reconstruction tools. It reviews the existing methods for intrusion event reconstruction, including log analysis based on timestamp, semantic integrity checking, tracking technologies based on operate system layer object, event reconstruction models based on finite state machine and so on, evaluates their performance in terms of several metrics, such as reconstruction efficiency, false positives rate, credibility of evidence, authenticity of evidence, reconstruction environment, and summarizes the pros and cons of each method. Some important future research directions in the field of intrusion event reconstruction of computer intrusion forensic are discussed.

Rahul Chandran,Wei Q. Yan

DOI: https://doi.org/10.4018/ijdcf.2014010103

2014-01-01

International Journal of Digital Crime and Forensics

Abstract:The development of technology in computer networks has boosted the percentage of cyber-attacks today. Hackers are now able to penetrate even the strongest IDS and firewalls. With the help of anti-forensic techniques, attackers defend themselves, from being tracked by destroying and distorting evidences. To detect and prevent network attacks, the main modus of operandi in network forensics is the successful implementation and analysis of attack graph from gathered evidences. This paper conveys the main concepts of attack graphs, requirements for modeling and implementation of graphs. It also contributes the aspect of incorporation of anti-forensic techniques in attack graph which will help in analysis of the diverse possibilities of attack path deviations and thus aids in recommendation of various defense strategies for better security. To the best of our knowledge, this is the first time network anti-forensics has been fully discussed and the attack graphs are employed to analyze the network attacks. The experimental analysis of anti-forensic techniques using attack graphs were conducted in the proposed test-bed which helped to evaluate the model proposed and suggests preventive measures for the improvement of security of the networks.

Nikita Rana,Gunjan Sansanwal,Kiran Khatter,Sukhdev Singh

DOI: https://doi.org/10.48550/arXiv.1709.06529

2017-08-17

Abstract:In today's world of computers, any kind of information can be made available within few clicks for different endeavors. The information may be tampered by changing the statistical properties and can be further used for criminal activities. These days, Cyber crimes are happening at a very large scale, and possess big threats to the security of an individual, firm, industry and even to developed countries. To combat such crimes, law enforcement agencies and investment institutions are incorporating supportive examination policies, procedures and protocols to address the complete investigation process. The paper entails a detailed review of several cyber crimes followed by various digital forensics processes involved in the cyber crime investigation. Further various digital forensics tools with detail explanation are discussed with their advantages, disadvantages, challenges, and drawbacks. A comparison among all the selected tools is also presented. Finally the paper recommends the need of training programs for the first res ponder and judgement of signature based image authentication.

Computers and Society,Cryptography and Security

Iman S. Alansari

DOI: https://doi.org/10.48084/etasr.6316

2023-10-13

Abstract:Investigation in the field of network forensics involves examining network traffic to identify, capture, preserve, reconstruct, analyze, and document network crimes. Although there are different perspectives on the practical and technical aspects of network forensics, there is still a lack of fundamental guidelines. This paper proposes a new detection and investigation model for capturing and analyzing network crimes, using design science research. The proposed model involves six processes: identification, verification, gathering, preservation, examination, analysis, and documentation. Each process is associated with several activities that provide the investigation team with a clear picture of exactly what needs to be performed. In addition, the proposed model has a unique activity, namely reporting. As a result, this model represents a comprehensive approach to network forensics investigations. It is designed to work in conjunction with established forensic techniques to ensure that forensic evidence from the network is collected and analyzed efficiently and effectively following accepted forensic procedures. The proposed model was compared with existing models in terms of completeness, showing that it is complete and can be adapted to any type of network and legal framework.

Tala Tafazzoli,Elham Salahi,Hossein Gharaee

DOI: https://doi.org/10.48550/arXiv.1508.01890

2015-08-08

Cryptography and Security

Abstract:Cybercrime is increasing at a faster pace and sometimes causes billions of dollars of business- losses so investigating attackers after commitment is of utmost importance and become one of the main concerns of network managers. Network forensics as the process of Collecting, identifying, extracting and analyzing data and systematically monitoring traffic of network is one of the main requirements in detection and tracking of criminals. In this paper, we propose an architecture for network forensic system. Our proposed architecture consists of five main components: collection and indexing, database management, analysis component, SOC communication component and the database. The main difference between our proposed architecture and other systems is in analysis component. This component is composed of four parts: Analysis and investigation subsystem, Reporting subsystem, Alert and visualization subsystem and the malware analysis subsystem. The most important differentiating factors of the proposed system with existing systems are: clustering and ranking of malware, dynamic analysis of malware, collecting and analysis of network flows and anomalous behaviour analysis.

Khairunnisak Khairunnisak,Wahyu Widodo

DOI: https://doi.org/10.31598/jurnalresistor.v6i1.1266

2023-04-30

Jurnal RESISTOR (Rekayasa Sistem Komputer)

Abstract:The development of information security issues in many sectors makes the skill of mastering digital forensic highly needed. Digital forensic is recently used not only to support legal proceedings but also to investigate many incidents like digital data manipulation, site hacking, and terrorism. In mastering the skill of digital forensic, investigators should have knowledge about the techniques and tools that will be used. This research is proposed to help investigators in enhancing and developing their skills in revealing the content of digital evidence with the result reviews from each area in the forensic field. The review in this study is based on the focus of the forensic area by giving detailed information about the functions, limitations, and advantages as well as the specific techniques of forensics that leads to the techniques of live forensic or static forensic. This research also discusses the non-technical things that affect the performance of forensic investigation including operational activities, investigated activities, and legal elements. Thus, the result of this research is expected to be beneficial for helping investigators in determining the appropriate tools to investigate the digital evidence. The further research can develop the activities of anti-forensics that can hinder the investigation processes.

Dr. Oghene Augustine Onome,

DOI: https://doi.org/10.35940/ijese.g2552.0611723

2023-06-30

International Journal of Emerging Science and Engineering

Abstract:The field of computer forensics emerged in response to the substantial increase in computer-related crimes occurring annually. This rise in criminal activity can be attributed to the rapid expansion of the internet, which has provided perpetrators with increased opportunities for illicit actions. When a computer system is compromised and an intrusion is detected, it becomes crucial for a specialized forensics team to investigate the incident with the objective of identifying and tracing the responsible party. The outcome of such forensic efforts often leads to legal action being taken against those accountable for the wrongdoing. The methodology employed in computer forensics continually evolves alongside advancements in crime approaches, particularly as attackers leverage emerging technologies. To ensure the accuracy of forensic investigations, it is imperative that the scientific knowledge underlying the forensic process be complemented by the integration of technological tools. A plethora of hardware and software options are available to facilitate the analysis and interpretation of forensic data, thereby enhancing the efficiency and effectiveness of investigations. While the fundamental objectives of computer forensics primarily involve the seamless preservation, identification, extraction, documentation, and analysis of data, the widespread adoption of this discipline is contingent upon the law enforcement community's ability to keep pace with advancements in computing technology. Furthermore, the prevalence of diverse computer devices resulting from the emergence of microcomputer technology also plays a crucial role in shaping the field of computer forensics. This research paper aims to provide a comprehensive overview of computer forensics, encompassing advanced methodologies and detailing various technology tools that facilitate the forensic process. Specific areas of focus include the analysis of encrypted drives, disk analysis techniques, analysis toolkits, investigations involving volatile memory, and the examination of captured network packets. By exploring these aspects, this paper aims to contribute to the existing body of knowledge in the field of computer forensics and support practitioners in their pursuit of effective investigative techniques.

Yun Gao,Xiao Fu,Bin Luo

DOI: https://doi.org/10.3969/j.issn.1001-3695.2016.01.001

2016-01-01

Abstract:Cloud users can get a lot of computer resources and storage space at low cost.However,the security risks,such as the spreading of illegal information,sensitive data leakage,data tampering,are still crucial problem in cloud computing envi-ronment.Hence,the forensics of cloud computing crime becomes particular important.Firstly,this paper introduced the con-cept of cloud forensics and listed the technical and legal challenges in could forensics.Then it introduced researches by now in cloud forensics and presented analysis summary on current researches.Finally,it put forward opportunities of cloud forensics.

Liu Wu,Ren Ping,Sun Donghong,Yawei Zhao,Wu Jian-ping

DOI: https://doi.org/10.1109/wicom.2012.6478625

2012-01-01

Abstract:Although IPv6 protocol has considered and implemented many security mechanisms compared with IPv4, there are still many security threatens in IPv6 Networks. In this paper, we has designed and implemented a network forensics prototype 6Foren in IPv6 environment based on the protocol analysis technology, its functions include packet capture, data reconstruct and messages replay etc. the 6Foren can be used as the online digital forensics which support the online forensic of HTTP, FTP, SMTP and POP3 protocols.

Steve Kim,Anubhav Nagpal.,R. Ian,Anthony Glover,Marilyn H. Silva

Abstract:The usage of Social Network Sites has increased rapidly in recent years. The area of Social Networking currently has many security issues. Since the success of a Social Network Site depends on the number of users it attracts, there is pressure on providers of Social Network sites to design systems that encourage behavior which increases both the number of users and their connections. However, like any fast-growing technology, security has not been a high priority in the development of Social Network Sites. As a result, along with the benefits of Social Network Sites, significant security risks have resulted. Providing Social Network Site users with tools which will help protect them is ideal. Making tools available to users which can provide the ability to retrieve other online user information via chat, website, along other tools which can be installed on the user’s computer will be ideal in helping to tackle such issues. These will be the tools addressed in the paper.

Computer Science,Engineering

Wei Wang,Thomas E. Daniels

2005-01-01

Abstract:We develop a prototype network forensics analysis tool that integrates presentation, manipulation and automated reasoning of intrusion evidence. We propose the evidence graph as a novel graph model to facilitate the presentation and manipulation of intrusion evidence. For automated evidence analysis, we develop a hierarchical reasoning framework that includes local reasoning and global reasoning. In local reasoning, we apply Rule-based Fuzzy Cognitive Maps (RBFCM) to model the state evolution of suspicious hosts. In global reasoning, we aim to identify group of strongly correlated hosts in the attack and derive their relationships in the attack scenario. Our analysis mechanism effectively integrates analyst feedbacks into the automated reasoning process. Experimental results demonstrate the potential of our proposed techniques.

W Wang,TE Daniels

DOI: https://doi.org/10.1109/csac.2005.14

2005-01-01

Abstract:In this paper, we present techniques for a network forensics analysis mechanism that includes effective evidence presentation, manipulation and automated reasoning. We propose the evidence graph as a novel graph model to facilitate the presentation and manipulation of intrusion evidence. For automated evidence analysis, we develop a hierarchical reasoning framework that includes local reasoning and global reasoning. Local reasoning aims to infer the roles of suspicious hosts from local observations. Global reasoning aims to identify group of strongly correlated hosts in the attack and derive their relationships. By using the evidence graph model, we effectively integrate analyst feedback into the automated reasoning process. Experimental results demonstrate the potential and effectiveness of our proposed approaches.

xue yong wan,liang zhang,wei xu,hong hui gong

DOI: https://doi.org/10.4028/www.scientific.net/AMM.599-601.1457

2014-01-01

Abstract:the computer network is widely applied to people's attention,computer network security is very important,we must take effective measures to ensure the security of computer network.This paper analyzes the implications of computer network security system and its security mechanism,and for the current network security should be involved in some of the elements is introduced.

XIAO Zheng-hong,YIN Hao

DOI: https://doi.org/10.3969/j.issn.1000-7180.2006.05.023

2006-01-01

Abstract:At first this paper introduces the development process of intrusion detection, then it describes the detection. Secondly, intrusion detection techniques for statistics analysis based on network traffic are thoroughly discussed in this paper, and it also points the future research aspects. Finally we document some remaining problems and challenges, and give the possible solution.

X. Fu,X. Du,B. Luo

DOI: https://doi.org/10.1002/sec.1337

IF: 1.968

2015-01-01

Security and Communication Networks

Abstract:Memory forensics is an important technique for protecting network security and fighting against computer crimes. It has developed greatly in the past decade, because memory can provide more reliable information that other evidence sources do not contain. However, nowadays, when investigating network criminal cases, the Gigabyte GB and even Terabyte TB level memory and many such dumps have made memory analysis a difficult task. And investigators usually have to deal with complex operating system OS data structures, which they have little knowledge of. So how to analyze memory evidence automatically so as to find the hidden criminal behavior and reconstruct the scenario in an understandable way has become an important problem. This paper presents an automatic memory analysis methodology based on data correlation. Through analyzing key OS data structures and utilizing a clustering algorithm, this methodology can discover the relationships among processes, files, users, Dynamic-link library DLLs, and network connections. By describing these relationships as correlation graphs, our methods can reorganize these independent memory evidences and disclose their meanings in a high semantic level. Experiments have proved that these correlation graphs can help investigators find hidden criminal behavior and reconstruct the criminal scenarios. And as we know, now, little work is in this field. Copyright © 2015 John Wiley & Sons, Ltd.

Chao Wang,Tianyu Ren,Qun Li,Xiaohu Wang,Guangxin Guo,Jiahan Dong

DOI: https://doi.org/10.1088/1757-899x/750/1/012155

2020-02-01

IOP Conference Series: Materials Science and Engineering

Abstract:Abstract With the development of computer technology and communication technology, computer network will increasingly become an important means of information exchange, and permeate into every field of social life. However, the network has the potential threat and the reality existence each kind of security question, therefore we must take the strong security policy to ensure the network security. The purpose of this paper is to study the network computer security hidden trouble and vulnerability mining technology. In this paper, the types of security hidden dangers are analyzed, and the vulnerability detection technology Fuzzing technology is deeply studied. Then, the inspection and test time is analyzed for the existing vulnerability detection tools. The experimental results prove that vulnerability detection technology can protect network security with high efficiency of vulnerability detection. In this paper, three vulnerability detection tools WS Fuzzer, Web Fuzz and Webvul Scan were used to analyze the detection time of open source system, personal blog, shopping mall and forum. The average detection time was 1.9s, 8.7s, 20.5s and 59.7s, respectively. It can be seen that the vulnerability mining technology has a certain practical role.