Cyber Forensics - Science topic

Hello! Discovering data destruction technologies like microwave radiation, thermal analysis, chemical destruction, and software-based approaches is exciting. Recommended publications and resources cover these subjects. The following references should help you start your investigation, while niche-specific titles may be scarce:

1. Microwave Radiation in Data Destruction: - "Microwave-Assisted Destruction of Data Storage Devices" in "Journal of Microwave Power and Electromagnetic Energy." Microwaves can destroy electronic data storage devices.

2. Thermal Resistance of Data Carriers: - "Thermal Degradation of Electronic Components and Data Storage Devices" in "IEEE Transactions on Components, Packaging, and Manufacturing Technology." It measures thermal resistance and degradation of electronics, especially data storage devices.

3. Cure Temperature for Hard Drive Magnetic Layers: - "Materials Science of Data Storage" by Bhushan and Luo. Data storage magnetic materials are discussed in this book, including Curie temperatures and thermal stability.

4. Chemical Data Carriers Destruction: - "Chemical Methods for the Destruction of Electronic Data Carriers" in "Journal of Applied Chemistry." This article discusses chemical data carrier degradation methods.

5. Software-Based Data Destruction: "Secure Data Deletion" by Joel Reardon. This book extensively addresses software-based secure data destruction, including overwriting.

6. "Exploring Unconventional Data Destruction Techniques" in the "International Journal of Information Security." This paper may address novel data destruction methods.

The newest information security and data management conference proceedings or technical studies may provide more detailed information, especially on cutting-edge methods. University libraries, specialised databases, and cybersecurity organisations typically have these resources.

Data destruction is constantly evolving with technological advances, therefore staying up to speed on research and publications is essential to understanding existing and upcoming methods.

Below I briefly described the issues related to cybercrime and cybersecurity, which I researched and described in scientific publications that are available on the Research Gate portal. Over the past few years, the scale of cybercrime attacks on the IT systems of various institutions, including government institutions, on the databases of social media portals, on the ICT systems of banks, on electronic banking systems has been growing. Cybercriminals are increasingly attacking mobile online banking systems made available to Internet users and bank customers through mobile devices, mainly via smartphones. Research shows that the scale of cybercrime attacks on the IT systems of banks, institutions, etc. using social engineering combined with perfidiously created malicious software such as ransomware, i.e. encrypting access to data on disks or redirecting users to fake websites of banks and institutions on the Internet to phishing personal data, access passwords to electronic banking accounts and, as a result, to steal money. For several years, many mailbox users have appeared strange emails of unknown origin, which are sent as spam from private other email accounts or others with false information. Attachments containing false information are attached to many of these suspicious emails, usually sent by cybercriminals and hackers. Attachments are usually of the WORD * .doc document type, the Acrobat Reader * .pdf format, image files or other formats, and often contain Ransomware-type viruses. These are very dangerous viruses that encrypt access to a computer's disk. In addition, cyber criminals are increasingly using mailboxes set up on the e-mail portal to send infected e-mails to subsequent Internet users by generating fake emails so that they look like a specific user of the mailbox would send e-mails prepared by cybercriminals to their friends. These types of cybercrime techniques are becoming more common. Why are Internet technology companies that dominate the market and offer e-mail services do not improve the security of e-mail communication systems using e-mail boxes to significantly reduce cybercriminals' activity harmful to citizens? This question is still valid. On the other hand, internet banks and technology internet companies, technology fintechs are constantly improving cyber security techniques. The development of Business Intelligence business intelligence, Blockchain technology, data analysis in Big Data database systems, artificial intelligence to track movements and attacks made by cybercriminals, for prognostic analyzes, etc. can be helpful in the process of improving IT systems risk management. Therefore, the skilful and efficient use of data science technology can be helpful in combating cybercrime, but it all depends on how these technologies will be used and, as a consequence, who will win in the following years in this IT, information "arms race". I conduct research in this area. Conclusions from the research I published in scientific publications that are available on the Research Gate website. I invite you to scientific cooperation.

Greetings,

Dariusz Prokopowicz

Yes, due to the high dynamics of development of cyber crime, cyber threats, cyber risk, information security on the Internet, cyber crime risk management, information management transferred in cyberspace, hacking techniques in online and mobile banking etc. it happens that some synonymous terms are used interchangeably. This can cause interpertional dissonance. In this connection, an important issue is the permanent updating of the language of the problem in the field of cyber crime and cyber security and the semantic classification of individual concepts and relationships between them.

Regards,

Dariusz Prokopowicz

Dear Itrit Waqas

Thanks for your answer

refer this link to some useful security datasets

https://goo.gl/UCGhGS

I have downloaded the android malicious apps from drebin. But where to download the android benign apps. i need at least around 8000 benign apps from different categories

Dear @Arturo Geigel

Thanks for your valuable comments

Cryptography involves password and a common channel... say for example gmail or yahoo. By the rules of the government ( for example Indian IT Act Section 69 ) the key disclosure is mandatory (mandatory decryption)  if the government agency asks the network provides or the user. Moreover all these passwords are encrypted by cryptographic  protocols well known to agencies. All these protocols are well researched and experimented and probably cracked also (similar to TOR Browser which was thought to be anonymous but the silkroute smugglers were tracked and nabbed by American sleuths. Also encryption based system may not leak the message but atleast proves the existence of message as well as existence of sender and the receiver. Comparing this with steganography (particularly Image or Video) the information is hidden in images or video frames. There are billions of images and videos in the network and each image is 3 matrix of pixels positions and RGB values. So steganalysing is quite difficult. In addition to covert communication steganography is also used for dead-dropping by spies, canary trapping the moles (plz google dead-dropping and canary trapping).

.

maybe this ?

(but it's only malware calls ...)

.

Hello Victor,

In addition to NTP,you shall also make the systems to sync the date with google servers.This is also applicable if your application is distributed in different geographical locations.

You probably want to check out large network databases at Stanford (see link below).  These data sets include data from social networks like facebook (anonymized), google plus, and twitter, along with some others.

This is from South Africa

In addition to above , there are plenty of good papers available on applied threat intelligence on securosis 

On a website the last-modified information should appear when you make a HEAD http request on the resource. In linux you can do

Type (replacing both "grussell.org" with the name of the server and "/" with the file details):

(then type 2 returns)

HTTP/1.1 200 OK

...

Last-Modified: Fri, 13 Jan 2012 10:36:12 GMT

ETag: "a5f-4b6666eff7f00"

Content-Length: 2655

The last-modified data should reflect the last modified of the file. Additionally if the file changes the ETag should change along with the length of the file. Sometimes some of the information may not be present, but at least the content-length is almost always there and will likely change, and usually the last-modified is present in a well-written system.

Simple enough to write a little program to do that.

I hope that helps.

Gordon.

Could you shade more light on what you mean by "Real time issues of privacy..."? I am assuming you are taking about Privacy in Temporal Information Retrieval. If that is the case, there is a good beginning resource that lists a number of research articles on the subject -http://en.wikipedia.org/wiki/Temporal_information_retrieval 

The challenge would be incorporating various privacy algorithms in temporal information retrieval systems.

I found the following paper which automates detection of sensitive information from databases based on confidential and identifying attributes.

du Mouza, C.; Métais, E.; Lammari, N.; Akoka, J.; Aubonnet, T.; Comyn-Wattiau, I.; Fadili, H.; Cherfi, S.S., "Towards an Automatic Detection of Sensitive Information in a Database," Advances in Databases Knowledge and Data Applications (DBKDA), 2010 Second International Conference on , vol., no., pp.247,252, 11-16 April 2010

doi: 10.1109/DBKDA.2010.17

It is common practice to disable ping (ICMP echo response) in servers and hosts, so that would imply the threat exists.

Penetration testing tools are used to automate several tasks in order to improve testing performance and identify those security issues, which are harder to discover with manual testing analysis approaches. There are two general types of penetration testing tools: static and dynamic analysis. These both kind of tools are used with veracode to determine security susceptibilities. In addition, veracode’s binary scanning methodology is more accurate and result oriented that controls the false positive. The veracode can help small to large types of organization for handling the security risk. The penetration testing should be set in such a way to control the weak and vulnerable points of environment within the organization. The goal of incorporating penetration testing is the only way to secure the cyber-attacks and hacking.

So, the appropriate option is to make suitable change with Firewall and incorporate the penetration test features that can automate the testing process for security enhancement. The second option for automation of penetration testing is to employ with intrusion detection system (IDS) for handling the false positive. But I think Veracode-Platform does this function automatically.

Smart devices are complex devices for forensic investigations. Different Operating System, Various Hardware combinations, No standard tools which support whole smart device base. So Mobile Forensic is a big challenge to us. Technically said each phone separate investigation tool is needed. No standard procedure to follow for evidence analysis.

I am assuming that your question is directed at dead system forensic analysis and will answer based on this assumption.

I have used:

*EnCase (~197699.95 INR)https://www.encase.com/products/Pages/encase-forensic/overview.aspx

*FTK (do not know current price, but when I bought it was about the same as Encase) http://www.accessdata.com/products/digital-forensics/ftk

*X-ways forensics(~94313.11)http://www.x-ways.net/order.html

These are costly to maintain and if you can sit down for a while and read the code you can in principle testify on the validity of open source tools such as:

* dd, md5sum, sha512sum, Autopsy and the Sleuthkit which are already available to install on most Linux distributions. Another alternative is that you can download Backtrack or its more recent incarnation of Kali (which I have not personally used but is the rewrite of Backtrack) which already comes with the software to use on external media.

An additional benefit from Linux distribution in external media is that the applications will not run using your computer hard drive and that is a plus in case it is requested as evidence.

Note: Most of the investigations I have carried out I do first on open source tools and validate with commercial ones.

hope this helps

In short:

Must: 1. Some Degree in Computers or Electronics

2. Excellent Admin Skills on Windows and Linux

3. Attitude towards unleashing hidden facts

Desirable: Programming or scripting language

contents:

1. Acquistion

2. Malware analysis

3. Memory analysis

4. Mobile Forensics

5. Analyzing PCAP and rewrite what happened!