With the development of Internet and information technology, the digital crimes are also on the rise. Computer forensics is an emerging research area that applies computer investigation and analysis techniques to help...With the development of Internet and information technology, the digital crimes are also on the rise. Computer forensics is an emerging research area that applies computer investigation and analysis techniques to help detection of these crimes and gathering of digital evidence suitable for presentation in courts. This paper provides foundational concept of computer forensics, outlines various principles of computer forensics, discusses the model of computer forensics and presents a proposed model.展开更多
In case handling, electronic evidence becomes more and more popular. In order to reduce the burden of judges' task to determine the integrity of chain of custody, even no technique experts on the spot, this paper sug...In case handling, electronic evidence becomes more and more popular. In order to reduce the burden of judges' task to determine the integrity of chain of custody, even no technique experts on the spot, this paper suggests a solution to solve this kind of problem.展开更多
Cloud computing is becoming the developing trend in the information field.It causes many transforms in the related fields.In order to adapt such changes,computer forensics is bound to improve and integrate into the ne...Cloud computing is becoming the developing trend in the information field.It causes many transforms in the related fields.In order to adapt such changes,computer forensics is bound to improve and integrate into the new environment.This paper stands on this point,suggests a computer forensic service framework which is based on security architecture of cloud computing and requirements needed by cloud computing environment.The framework introduces honey farm technique,and pays more attention on active forensics,which can improve case handling efficiency and reduce the cost.展开更多
Computer forensics is the science of obtaining,preserving,and documenting evidence from computers,mobile devices as well as other digital electronic storage devices.All must be done in a manner designed to preserve th...Computer forensics is the science of obtaining,preserving,and documenting evidence from computers,mobile devices as well as other digital electronic storage devices.All must be done in a manner designed to preserve the probative value of the evidence and to assure its admissibility in a legal proceeding.However,computer forensics is continually evolving as existing technologies progress and new technologies are introduced.For example,digital investigators are required to investigate content on mobile device or data stored at the cloud servers.With the popularity of computers in everyday life as well as the acceleration of cybercrime rates in recent years,computer forensics is becoming an essential element of modern IT security.This paper will cover the development of computer forensics in law enforcement and discuss the development in the latest live forensics skillsets.A number of interested areas of computer forensics will be also highlighted to explain how it can support IT security and civil / criminal investigation.展开更多
Purpose-Gathering,analyzing and securing electronic data from various digital devices for use in legal or investigative procedures is the key process of computer forensics.Information retrieved from servers,hard drive...Purpose-Gathering,analyzing and securing electronic data from various digital devices for use in legal or investigative procedures is the key process of computer forensics.Information retrieved from servers,hard drives,cellphones,tablets and other devices is all included in this.This article tackles the challenging problem of how to prioritize different kinds of computer forensics and figure out which kind is most useful in cases of cybercrime,fraud,theft of intellectual property,harassment and espionage.Design/methodology/approach-Therefore,we first introduce enhanced versions of Hamacher power aggregation operators(AOs)within the framework of bipolar complex fuzzy(BCF)sets.These include BCF Hamacher power averaging(BCFHPA),BCF Hamacher power-weighted averaging(BCFHPWA),BCF Hamacher power-ordered weighted averaging(BCFHPOWA),BCF Hamacher power geometric(BCFHPG),BCF Hamacher power-weighted geometric(BCFHPWG)and BCF Hamacher power-ordered-weighted geometric(BCFHPOWG)operators.Employing the devised AOs,we devise a technique of decision-making(DM)for dealing with DM dilemmas with the BCF set(BCFS).Findings-We prioritize different types of computer forensic by taking artificial data in a numerical example and getting the finest computer forensic.Further,by this example,we reveal the applicability of the proposed theory.This work provides a more elaborate and versatile procedure for classifying computer forensics with dual aspects of criteria and extra fuzzy information.It allows for better and less biased DM in the more intricate digital investigations,which may lead to better DM and time-saving in real-life forensic scenarios.To demonstrate the significance and impression of the devised operators and techniques of DM,they are compared with existing ones.Originality/value-This research is the first to combine Hamacher and power AOs in BCFS for computer forensics DM.It presents new operators and a DM approach that is not encountered in the existing literature and is specifically designed to deal with the challenges and risks associated with the classification of computer forensics.The framework’s capacity to accommodate bipolar criteria and extra fuzzy information is a major development in the field of digital forensics and decision science.展开更多
Verifying the integrity of a hard disk is an important concern in computer forensics,as the law enforcement party needs to confirm that the data inside the hard disk have not been modified during the investigation.A t...Verifying the integrity of a hard disk is an important concern in computer forensics,as the law enforcement party needs to confirm that the data inside the hard disk have not been modified during the investigation.A typical approach is to compute a single chained hash value of all sectors in a specific order.However,this technique loses the integrity of all other sectors even if only one of the sectors becomes a bad sector occasionally or is modified intentionally.In this paper we propose a k-dimensional hashing scheme,kD for short,to distribute sectors into a kD space,and to calculate multiple hash values for sectors in k dimensions as integrity evidence.Since the integrity of the sectors can be verified depending on any hash value calculated using the sectors,the probability to verify the integrity of unchanged sectors can be high even with bad/modified sectors in the hard disk.We show how to efficiently implement this kD hashing scheme such that the storage of hash values can be reduced while increasing the chance of an unaffected sector to be verified successfully.Experimental results of a 3D scheme show that both the time for computing the hash values and the storage for the hash values are reasonable.展开更多
Cloud computing is an emerging technology that is being widely adopted throughout the world due to its ease-of-use. Organizations of all types can use it without pre-requisites such as IT infra-structure, technical sk...Cloud computing is an emerging technology that is being widely adopted throughout the world due to its ease-of-use. Organizations of all types can use it without pre-requisites such as IT infra-structure, technical skills, managerial overload, storage capacity, processing power, and data recovery or privacy setup. It can be availed by all clients as per their needs, expectations and budget. However, cloud computing introduces new kinds of security vulnerabilities that need to be ad-dressed. Traditional “Computer Forensics” deals with detection, preemption and prevention of IT triggered frauds and crimes but it lacks the ability to deal with cybercrimes pertaining to cloud computing environment. In this paper, we focus on forensics issues in cloud computing, assess limitations of forensic team and present the obstacles faced during investigation.展开更多
Memory analysis gains a weight in the area of computer live forensics.How to get network connection information is one of the challenges in memory analysis and plays an important role in identifying sources of malicio...Memory analysis gains a weight in the area of computer live forensics.How to get network connection information is one of the challenges in memory analysis and plays an important role in identifying sources of malicious cyber attack. It is more difficult to fred the drivers and get network connections information from a 64-bit windows 7 memory image file than from a 32-bit operating system memory image f'de. In this paper, an approach to fred drivers and get network connection information from 64-bit windows 7 memory images is given. The method is verified on 64-bit windows 7 version 6.1.7600 and proved reliable and efficient.展开更多
This paper addresses the issue of face and lip tracking via chromatic detector, CCL algorithm and canny edge detector. It aims to track face and lip region from static color images including frames read from videos, w...This paper addresses the issue of face and lip tracking via chromatic detector, CCL algorithm and canny edge detector. It aims to track face and lip region from static color images including frames read from videos, which is exPected to be an important part of the robust and reliable person identification in the field of computer forensics. We use the M2VTS face database and pictures took from my colleagues as the test resource. This project is based on the concept of image processing and computer version.展开更多
Memory analysis is one of the key techniques in computer live forensics. Especially,the analysis of a Mac OS X operating system's memory image file plays an important role in identifying the running status of an a...Memory analysis is one of the key techniques in computer live forensics. Especially,the analysis of a Mac OS X operating system's memory image file plays an important role in identifying the running status of an apple computer. However,how to analyze the image file without using extra"mach-kernel"file is one of the unsolved difficulties. In this paper,we firstly compare several approaches for physical memory acquisition and analyze the effects of each approach on physical memory. Then,we discuss the traditional methods for the physical memory file analysis of Mac OS X. A novel physical memory image file analysis approach without using extra"mach-kernel"file is proposed base on the discussion. We verify the performance of the new approach on Mac OS X 10. 8. 2. The experimental results show that the proposed approach is simpler and more practical than previous ones.展开更多
Internet security problems remain a major challenge with many security concerns such as Internet worms, spam, and phishing attacks. Botnets, well-organized distributed network attacks, consist of a large number of bot...Internet security problems remain a major challenge with many security concerns such as Internet worms, spam, and phishing attacks. Botnets, well-organized distributed network attacks, consist of a large number of bots that generate huge volumes of spam or launch Distributed Denial of Service (DDoS) attacks on victim hosts. New emerging botnet attacks degrade the status of Internet security further. To address these problems, a practical collaborative network security management system is proposed with an effective collaborative Unified Threat Management (UTM) and traffic probers. A distributed security overlay network with a centralized security center leverages a peer-to-peer communication protocol used in the UTMs collaborative module and connects them virtually to exchange network events and security rules. Security functions for the UTM are retrofitted to share security rules. In this paper, we propose a design and implementation of a cloud-based security center for network security forensic analysis. We propose using cloud storage to keep collected traffic data and then processing it with cloud computing platforms to find the malicious attacks. As a practical example, phishing attack forensic analysis is presented and the required computing and storage resources are evaluated based on real trace data. The cloud- based security center can instruct each collaborative UTM and prober to collect events and raw traffic, send them back for deep analysis, and generate new security rules. These new security rules are enforced by collaborative UTM and the feedback events of such rules are returned to the security center. By this type of close-loop control, the collaborative network security management system can identify and address new distributed attacks more quickly and effectively.展开更多
文摘With the development of Internet and information technology, the digital crimes are also on the rise. Computer forensics is an emerging research area that applies computer investigation and analysis techniques to help detection of these crimes and gathering of digital evidence suitable for presentation in courts. This paper provides foundational concept of computer forensics, outlines various principles of computer forensics, discusses the model of computer forensics and presents a proposed model.
文摘In case handling, electronic evidence becomes more and more popular. In order to reduce the burden of judges' task to determine the integrity of chain of custody, even no technique experts on the spot, this paper suggests a solution to solve this kind of problem.
基金Sponsored by the National Social Science Found of China(Grant No.13CFX054)the Project of Humanities and Social Science of Chinese Ministry of Education(Grant No.11YJCZH175)
文摘Cloud computing is becoming the developing trend in the information field.It causes many transforms in the related fields.In order to adapt such changes,computer forensics is bound to improve and integrate into the new environment.This paper stands on this point,suggests a computer forensic service framework which is based on security architecture of cloud computing and requirements needed by cloud computing environment.The framework introduces honey farm technique,and pays more attention on active forensics,which can improve case handling efficiency and reduce the cost.
文摘Computer forensics is the science of obtaining,preserving,and documenting evidence from computers,mobile devices as well as other digital electronic storage devices.All must be done in a manner designed to preserve the probative value of the evidence and to assure its admissibility in a legal proceeding.However,computer forensics is continually evolving as existing technologies progress and new technologies are introduced.For example,digital investigators are required to investigate content on mobile device or data stored at the cloud servers.With the popularity of computers in everyday life as well as the acceleration of cybercrime rates in recent years,computer forensics is becoming an essential element of modern IT security.This paper will cover the development of computer forensics in law enforcement and discuss the development in the latest live forensics skillsets.A number of interested areas of computer forensics will be also highlighted to explain how it can support IT security and civil / criminal investigation.
基金funded by the Ningbo Natural Science Foundation(No:2023J101).
文摘Purpose-Gathering,analyzing and securing electronic data from various digital devices for use in legal or investigative procedures is the key process of computer forensics.Information retrieved from servers,hard drives,cellphones,tablets and other devices is all included in this.This article tackles the challenging problem of how to prioritize different kinds of computer forensics and figure out which kind is most useful in cases of cybercrime,fraud,theft of intellectual property,harassment and espionage.Design/methodology/approach-Therefore,we first introduce enhanced versions of Hamacher power aggregation operators(AOs)within the framework of bipolar complex fuzzy(BCF)sets.These include BCF Hamacher power averaging(BCFHPA),BCF Hamacher power-weighted averaging(BCFHPWA),BCF Hamacher power-ordered weighted averaging(BCFHPOWA),BCF Hamacher power geometric(BCFHPG),BCF Hamacher power-weighted geometric(BCFHPWG)and BCF Hamacher power-ordered-weighted geometric(BCFHPOWG)operators.Employing the devised AOs,we devise a technique of decision-making(DM)for dealing with DM dilemmas with the BCF set(BCFS).Findings-We prioritize different types of computer forensic by taking artificial data in a numerical example and getting the finest computer forensic.Further,by this example,we reveal the applicability of the proposed theory.This work provides a more elaborate and versatile procedure for classifying computer forensics with dual aspects of criteria and extra fuzzy information.It allows for better and less biased DM in the more intricate digital investigations,which may lead to better DM and time-saving in real-life forensic scenarios.To demonstrate the significance and impression of the devised operators and techniques of DM,they are compared with existing ones.Originality/value-This research is the first to combine Hamacher and power AOs in BCFS for computer forensics DM.It presents new operators and a DM approach that is not encountered in the existing literature and is specifically designed to deal with the challenges and risks associated with the classification of computer forensics.The framework’s capacity to accommodate bipolar criteria and extra fuzzy information is a major development in the field of digital forensics and decision science.
基金Project supported by the Research Grants Council of Hong Kong SAR,China (No. RGC GRF HKU 713009E)the NSFC/RGC Joint Research Scheme (No. N_HKU 722/09)HKU Seed Fundings for Basic Research (Nos. 200811159155 and 200911159149)
文摘Verifying the integrity of a hard disk is an important concern in computer forensics,as the law enforcement party needs to confirm that the data inside the hard disk have not been modified during the investigation.A typical approach is to compute a single chained hash value of all sectors in a specific order.However,this technique loses the integrity of all other sectors even if only one of the sectors becomes a bad sector occasionally or is modified intentionally.In this paper we propose a k-dimensional hashing scheme,kD for short,to distribute sectors into a kD space,and to calculate multiple hash values for sectors in k dimensions as integrity evidence.Since the integrity of the sectors can be verified depending on any hash value calculated using the sectors,the probability to verify the integrity of unchanged sectors can be high even with bad/modified sectors in the hard disk.We show how to efficiently implement this kD hashing scheme such that the storage of hash values can be reduced while increasing the chance of an unaffected sector to be verified successfully.Experimental results of a 3D scheme show that both the time for computing the hash values and the storage for the hash values are reasonable.
文摘Cloud computing is an emerging technology that is being widely adopted throughout the world due to its ease-of-use. Organizations of all types can use it without pre-requisites such as IT infra-structure, technical skills, managerial overload, storage capacity, processing power, and data recovery or privacy setup. It can be availed by all clients as per their needs, expectations and budget. However, cloud computing introduces new kinds of security vulnerabilities that need to be ad-dressed. Traditional “Computer Forensics” deals with detection, preemption and prevention of IT triggered frauds and crimes but it lacks the ability to deal with cybercrimes pertaining to cloud computing environment. In this paper, we focus on forensics issues in cloud computing, assess limitations of forensic team and present the obstacles faced during investigation.
基金This work is supported by the National Natural Science Foundation of China(61070163) and Shandong Natural Science Foundation (Y2008G35).
文摘Memory analysis gains a weight in the area of computer live forensics.How to get network connection information is one of the challenges in memory analysis and plays an important role in identifying sources of malicious cyber attack. It is more difficult to fred the drivers and get network connections information from a 64-bit windows 7 memory image file than from a 32-bit operating system memory image f'de. In this paper, an approach to fred drivers and get network connection information from 64-bit windows 7 memory images is given. The method is verified on 64-bit windows 7 version 6.1.7600 and proved reliable and efficient.
文摘This paper addresses the issue of face and lip tracking via chromatic detector, CCL algorithm and canny edge detector. It aims to track face and lip region from static color images including frames read from videos, which is exPected to be an important part of the robust and reliable person identification in the field of computer forensics. We use the M2VTS face database and pictures took from my colleagues as the test resource. This project is based on the concept of image processing and computer version.
基金Sponsored by the National Natural Science Foundation of China (Grant No.61303199)Natural Science Foundation of Shandong Province (Grant No.ZR2013FQ001 and ZR2011FQ030)+1 种基金Outstanding Research Award Fund for Young Scientists of Shandong Province (Grant No.BS2013DX010)Academy of Sciences Youth Fund Project of Shandong Province (Grant No.2013QN007)
文摘Memory analysis is one of the key techniques in computer live forensics. Especially,the analysis of a Mac OS X operating system's memory image file plays an important role in identifying the running status of an apple computer. However,how to analyze the image file without using extra"mach-kernel"file is one of the unsolved difficulties. In this paper,we firstly compare several approaches for physical memory acquisition and analyze the effects of each approach on physical memory. Then,we discuss the traditional methods for the physical memory file analysis of Mac OS X. A novel physical memory image file analysis approach without using extra"mach-kernel"file is proposed base on the discussion. We verify the performance of the new approach on Mac OS X 10. 8. 2. The experimental results show that the proposed approach is simpler and more practical than previous ones.
基金supported by the National Key Basic Research and Development (973) Program of China(Nos.2011CB302805,2011CB302505,2012CB315801,and2013CB228206)the National Natural Science Foundation of China(No.61233016)supported by Intel Research Councils UPO program with the title of Security Vulnerability Analysis Based on Cloud Platform
文摘Internet security problems remain a major challenge with many security concerns such as Internet worms, spam, and phishing attacks. Botnets, well-organized distributed network attacks, consist of a large number of bots that generate huge volumes of spam or launch Distributed Denial of Service (DDoS) attacks on victim hosts. New emerging botnet attacks degrade the status of Internet security further. To address these problems, a practical collaborative network security management system is proposed with an effective collaborative Unified Threat Management (UTM) and traffic probers. A distributed security overlay network with a centralized security center leverages a peer-to-peer communication protocol used in the UTMs collaborative module and connects them virtually to exchange network events and security rules. Security functions for the UTM are retrofitted to share security rules. In this paper, we propose a design and implementation of a cloud-based security center for network security forensic analysis. We propose using cloud storage to keep collected traffic data and then processing it with cloud computing platforms to find the malicious attacks. As a practical example, phishing attack forensic analysis is presented and the required computing and storage resources are evaluated based on real trace data. The cloud- based security center can instruct each collaborative UTM and prober to collect events and raw traffic, send them back for deep analysis, and generate new security rules. These new security rules are enforced by collaborative UTM and the feedback events of such rules are returned to the security center. By this type of close-loop control, the collaborative network security management system can identify and address new distributed attacks more quickly and effectively.
