Skip to main content
Fachgebiete
Automobil + Motoren Bauwesen + Immobilien Business IT + Informatik Elektrotechnik + Elektronik Energie + Nachhaltigkeit Finance + Banking Management + Führung Marketing + Vertrieb Maschinenbau + Werkstoffe Versicherung + Risiko
DE
EN
Bücher
Zeitschriften
Themenseiten
Organisationspsychologie Projektmanagement Marketing Smart Manufacturing
Weitere Formate
Podcasts Webinare Technik Webinare Wirtschaft Kongresse Veranstaltungskalender Awards
Jetzt Einzelzugang starten
Zugang für Unternehmen
Referenzkunden
SLX-Digitalkonferenz: Zukunftswerkstatt 2024

Mehr Umsatz mit Top-Kontakten

Am 7. Mai erfahren Sie, wie Vertriebsteams Leadgenerierung, Leadnurturing und Leadstrategien effizient steuern können.
Erweiterte Suche
Anmelden
nach oben

2010 | Buch

Digital Evidence Composition in Fraud Detection Kapitel lesen Erstes Kapitel lesen

Digital Forensics and Cyber Crime

First International ICST Conference, ICDF2C 2009, Albany, NY, USA, September 30-October 2, 2009, Revised Selected Papers

herausgegeben von: Sanjay Goel

Verlag: Springer Berlin Heidelberg

Buchreihe : Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

Enthalten in: Springer Professional "Wirtschaft+Technik" , Springer Professional "Technik" , Springer Professional "Wirtschaft"

Einloggen, um Zugang zu erhalten
insite
SUCHEN

Über dieses Buch

The First International Conference on Digital Forensics and Cyber Crime (ICDF2C) was held in Albany from September 30 to October 2, 2009. The field of digital for- sics is growing rapidly with implications for several fields including law enforcement, network security, disaster recovery and accounting. This is a multidisciplinary area that requires expertise in several areas including, law, computer science, finance, networking, data mining, and criminal justice. This conference brought together pr- titioners and researchers from diverse fields providing opportunities for business and intellectual engagement among attendees. All the conference sessions were very well attended with vigorous discussions and strong audience interest. The conference featured an excellent program comprising high-quality paper pr- entations and invited speakers from all around the world. The first day featured a plenary session including George Philip, President of University at Albany, Harry Corbit, Suprintendent of New York State Police, and William Pelgrin, Director of New York State Office of Cyber Security and Critical Infrastructure Coordination. An outstanding keynote was provided by Miklos Vasarhelyi on continuous auditing. This was followed by two parallel sessions on accounting fraud /financial crime, and m- timedia and handheld forensics. The second day of the conference featured a mesm- izing keynote talk by Nitesh Dhanjani from Ernst and Young that focused on psyc- logical profiling based on open source intelligence from social network analysis. The third day of the conference featured both basic and advanced tutorials on open source forensics.

Inhaltsverzeichnis

Frontmatter

Full and Short Papers

Accounting & Fraud

Digital Evidence Composition in Fraud Detection
Abstract
In recent times, digital evidence has found its way into several digital devices. The storage capacity in these devices is also growing exponentially. When investigators come across such devices during a digital investigation, it may take several man-hours to completely analyze the contents. To date, there has been little achieved in the zone that attempts to bring together different evidence sources and attempt to correlate the events they record. In this paper, we present an evidence composition model based on the time of occurrence of such events. The time interval between events promises to reveal many key associations across events, especially when on multiple sources. The time interval is then used as a parameter to a correlation function which determines quantitatively the extent of correlation between the events. The approach has been demonstrated on a network capture sequence involving phishing of a bank website. The model is scalable to an arbitrary set of evidence sources and preliminary results indicate that the approach has tremendous potential in determining correlations on vast repositories of case data.
Sriram Raghavan, S. V. Raghavan

Multimedia & Handheld Device Forensics

iForensics: Forensic Analysis of Instant Messaging on Smart Phones
Abstract
Smart phones with Internet capability are growing in popularity, due to many of their useful capabilities. Among other handy features of smart phones, Instant Messaging (IM) is very popular due to the level of convenience it provides in interpersonal communications. As the usage of IM on smart phone is increasing rapidly, it is important to take measures in advance from forensic standpoint forecasting the potential use of it in cyber crimes such as the cyber stalking and cyber bullying. Although, current IM applications for smart phones are in most cases a downsized version of the one used on traditional computers, diverse structure of file systems and storage device on different smart phones pose unique challenges to forensic examiners for recovering digital evidences of a conversation under investigation. In this work, we study and report the forensic analysis of three different IMs: AIM, Yahoo! Messenger and Google Talk, (both client based and web based version) on Apple iPhone. Our results show that the forensic analysis of IMs on smart phones has significant value and needs further attention.
Mohammad Iftekhar Husain, Ramalingam Sridhar
A Survey of Forensic Localization and Tracking Mechanisms in Short-Range and Cellular Networks
Abstract
Localization and tracking are critical tools in criminal and, increasingly, forensic investigations, which we show to be greatly aided by the proliferation of mobile phone and other wireless devices even if such devices are not suitable for communication and hence interception. In this paper we therefore provide a survey and taxonomy of both established and novel techniques for tracking the whereabouts of individuals and devices for different environments and platforms as well as the underlying assumptions and limitations in each case. In particular, we describe cellular, wireless, and personal area networks in infrastructure and ad-hoc environments. As individual localization and tracking methods do not always yield the required precision and accuracy, may require collaboration, or will exhibit gaps in densely built-up or highly active radio frequency environments, we additionally discuss selected approaches derived from multisensor data fusion and tracking applications for enhancing performance and assurance. This paper also briefly discusses possible attacks against a localization/tracking process and how trustworthy the measurement estimations are, an aspect that has been evidently less investigated so far.
Saif Al-Kuwari, Stephen D. Wolthusen
SMIRK: SMS Management and Information Retrieval Kit
Abstract
There has been tremendous growth in the information environment since the advent of the Internet and wireless networks. Just as e-mail has been the mainstay of the web in its use for personal and commercial communication, one can say that text messaging or Short Message Service (SMS) has become synonymous with communication on mobile networks. With the increased use of text messaging over the years, the amount of mobile evidence has increased as well. This has resulted in the growth of mobile forensics. A key function of digital forensics is efficient and comprehensive evidence analysis which includes authorship attribution. Significant work on mobile forensics has focused on data acquisition from devices and little attention has been given to the analysis of SMS. Consequentially, we propose a software application called: SMS Management and Information Retrieval Kit (SMIRK). SMIRK aims to deliver a fast and efficient solution for investigators and researchers to generate reports and graphs on text messaging. It also allows investigators to analyze the authorship of SMS messages.
Ibrahim Baggili, Ashwin Mohan, Marcus Rogers
Localization and Detection of Vector Logo Image Plagiarism
Abstract
One of the main research issues in forensic computing is to protect intellectual properties. Logo images, one type of intellectual properties, are posted in the Internet and widely available. Logo image plagiarism and theft are not unusual. Detection and localization of logo image plagiarism are crucial to protect logo intellectual property. In recent years, logo images that are written in Scalable Vector Graphics format are able to be rendered efficiently in the web browser and accessed easily. In this paper, after introducing logo images edited and rendered from scalable vector graphics, we classify all possible types of logo image plagiarism, localize a possible set of logo images being infringed using distance functions, and detect and verify logo plagiarism using reversible transformation. We believe our work is valuable to businesses involving logo creation and development.
Jong P. Yoon, Zhixiong Chen
Analysis of Free Download Manager for Forensic Artefacts
Abstract
Free Download Manager (FDM) is one of the most popular download managers due to its free availability, high download speed and versatility. It contains a lot of information that is of potential evidentiary value even if a user deletes web browser history, cookies and temporary internet files. This software records download activities across multiple files saved with .SAV extensions in the User Profile. This paper analyzes: 1) the windows registry entries particularly concerned to configuration and user settings, 2) the log files (with .SAV extension) created by FDM to trace download activities, and 3) RAM and swap files from a forensic perspective. This research work describes a number of traces left behind after the use of FDM such as install location, default download path, downloaded files, and menu extensions to name a few, thus enabling digital investigators to search for and interpret download activities. The widespread use of FDM makes this research work an attractive option for forensic investigators, ranging from law enforcement agencies to employers monitoring personnel.
Muhammad Yasin, Muhammad Arif Wahla, Firdous Kausar
On the Reliability of Cell Phone Camera Fingerprint Recognition
Abstract
Multiple multimedia forensic algorithms have been introduced allowing tracing back media copies back to its source by matching artifacts to fingerprint databases. While this offers new possibilities for investigating crimes, important questions arise: How reliable are these algorithms? Can a judge trust their results? How easy are they to manipulate? It has been shown that forensic fingerprints of digital cameras can be copied from one image to the next. Our aim is to develop new concepts for increasing the security of theses algorithms. In this work, we describe the state of our research work regarding attacks against forensics and provide an outlook on future approaches to increase their reliability.
Martin Steinebach, Mohamed El Ouariachi, Huajian Liu, Stefan Katzenbeisser

Financial Crimes

Towards a New Data Mining-Based Approach for Anti-Money Laundering in an International Investment Bank
Abstract
Today, money laundering (ML) poses a serious threat not only to financial institutions but also to the nation. This criminal activity is becoming more and more sophisticated and seems to have moved from the cliché of drug trafficking to financing terrorism and surely not forgetting personal gain. Most international financial institutions have been implementing anti-money laundering solutions (AML) to fight investment fraud. However, traditional investigative techniques consume numerous man-hours. Recently, data mining approaches have been developed and are considered as well-suited techniques for detecting ML activities. Within the scope of a collaboration project for the purpose of developing a new solution for the AML Units in an international investment bank based in Ireland, we propose a new data mining-based approach for AML. In this paper, we present this approach and some preliminary results associated with this method when applied to transaction datasets.
Nhien-An Le-Khac, Sammer Markos, Mohand-Tahar Kechadi

Cyber Crime Investigations

Analysis of Evidence Using Formal Event Reconstruction
Abstract
This paper expands upon the finite state machine approach for the formal analysis of digital evidence. The proposed method may be used to support the feasibility of a given statement by testing it against a relevant system model. To achieve this, a novel method for modeling the system and evidential statements is given. The method is then examined in a case study example.
Joshua James, Pavel Gladyshev, Mohd Taufik Abdullah, Yuandong Zhu
Data Mining Instant Messaging Communications to Perform Author Identification for Cybercrime Investigations
Abstract
Instant messaging is a form of computer-mediated communication (CMC) with unique characteristics that reflect a realistic presentation of an author’s online stylistic characteristics. Instant messaging communications use virtual identities, which hinder social accountability and facilitate IM-related cybercrimes. Criminals often use virtual identities to hide their true identity and may also supply false information on their virtual identities. This paper presents an IM authorship analysis framework and feature set taxonomy for use in cyber forensics and cybercrime investigations. We explore authorship identification of IM messages to discover the parameters with the highest accuracy for determining the identity of a cyber criminal.
Angela Orebaugh, Dr. Jeremy Allnutt
Digital Evidence Retrieval and Forensic Analysis on Gambling Machine
Abstract
Hardware forensic analysis involves the process of analyzing digital evidence derived from digital sources. The analysis is done to facilitate and prove either the device is used to commit crime, whether it contains evidence of a crime or is the target of a crime. Gambling machines serve as the main source by which illegal games are conducted. This paper presents a method for retrieving information from a seized gaming machine, along with an analysis of the interpreted information to prove that the gaming machine was used illegally. The proposed procedures for the gambling machine forensic process will be important for forensic investigators (e.g., the police or private investigators), as they will assist these individuals in the digital forensic evidence analysis necessary to produce evidence relevant to illegal gambling.
Pritheega Magalingam, Azizah Abdul Manaf, Rabiah Ahmad, Zuraimi Yahya

Forensics & Law

Online Acquisition of Digital Forensic Evidence
Abstract
Providing the ability to any law enforcement officer to remotely transfer an image from any suspect computer directly to a forensic laboratory for analysis, can only help to greatly reduce the time wasted by forensic investigators in conducting on-site collection of computer equipment. RAFT (Remote Acquisition Forensic Tool) is a system designed to facilitate forensic investigators by remotely gathering digital evidence. This is achieved through the implementation of a secure, verifiable client/server imaging architecture. The RAFT system is designed to be relatively easy to use, requiring minimal technical knowledge on behalf of the user. One of the key focuses of RAFT is to ensure that the evidence it gathers remotely is court admissible. This is achieved by ensuring that the image taken using RAFT is verified to be identical to the original evidence on a suspect computer.
Mark Scanlon, Mohand-Tahar Kechadi
Criminal Defense Challenges in Computer Forensics
Abstract
Computer forensic techniques may be unfairly applied in order to tip the scales of justice in the direction of prosecution. Particular areas that are known to be problematic for defense experts include: erroneous allegations of knowledgeable possession; misuse of time stamps and metadata; control and observation of the discovery process; authentication issues; deficiencies and the lack of verification for proprietary software tools; deliberate omission or obfuscation of exculpatory evidence; and inadvertent risks resulting from the use of legitimate services. Examples in the author’s caseload are used to illustrate these inequities in an effort to encourage reform.
Rebecca Mercuri

Cyber Security & Information Warfare

Detecting and Preventing the Electronic Transmission of Illicit Images and Its Network Performance
Abstract
Child exploitation through the use of the Internet as a delivery and exchange tool is a growing method of abuse towards children. It is shown that a Stochastic Learning Weak Estimator learning algorithm and a Maximum Likelihood Estimator learning algorithm can be applied against Linear Classifiers to identify and filter illicit pornographic images. In this paper, these two learning algorithms were combined with distance algorithms such as the Non-negative Vector Similarity Coefficient-based Distance algorithm, Euclidian Distance, and a Weighted Euclidian Distance algorithm. Experimental results showed that classification accuracies and the network overhead did have a significant effect on routing devices.
Amin Ibrahim, Miguel Vargas Martin
A Discretionary Access Control Method for Preventing Data Exfiltration (DE) via Removable Devices
Abstract
One of the major challenges facing the security community today is how to prevent DE. DE is the unauthorized release of information from a computer system or network of systems. Current methods attempt to address this issue by controlling the information that is released over the Internet. In this paper, we present a host-level discretionary access control method that focuses on exfiltration via removable devices (e.g. thumb drives or external hard drives). Using XML to store extended file attributes, we classify files based on user-defined distribution levels and the community of interest to which they belong. Files are classified with a distribution statement upon creation and re-classified (if necessary) when modified. By monitoring the access to all classified files present on a file system, we allow or prevent release of this information based on predefined policies. With this approach, we show that the unauthorized release of information can be prevented by using a system of accounting that is tied to access control policies. Users are given the authority to transfer files to a removable device according to their current access rights. As a proof of concept, our method demonstrates the value of using accounting as a means of preventing data loss or theft. Our approach can be applied to a variety of data types found on a file system including: executables, archived files, images, and even audio or video files.
Duane Wilson, Michael K. Lavine
A Host-Based Approach to BotNet Investigation?
Abstract
Robot Networks (BotNets) are one of the most serious threats faced by the online community today. Since their appearance in the late 1990’s, much effort has been expended in trying to thwart their unprecedented growth. However, with robust and advanced capabilities, it is very difficult for average users to avoid or prevent infection by BotNet malware. Moreover, whilst BotNets have increased in scale, scope and sophistication, the dearth of standardized and effective investigative procedures poses huge challenges to digital investigators in trying to probe such cases. In this paper we present a practical (and repeatable) host-based investigative methodology to the collection of evidentiary information from a Bot-infected machine. Our approach collects digital traces from both the network and physical memory of the infected local host, and correlates this information to identify the resident BotNet malware involved.
Frank Y. W. Law, K. P. Chow, Pierre K. Y. Lai, Hayson K. S. Tse
Backmatter
Metadaten
Titel
Digital Forensics and Cyber Crime
herausgegeben von
Sanjay Goel
Copyright-Jahr
2010
Verlag
Springer Berlin Heidelberg
Electronic ISBN
978-3-642-11534-9
Print ISBN
978-3-642-11533-2
DOI
https://doi.org/10.1007/978-3-642-11534-9

Premium Partner

    Bildnachweise