International Journal of Cyber Forensics and Advanced Threat Investigations
Not a member yet
13 research outputs found
Sort by
Making the Invisible Visible – Techniques for Recovering Deleted SQLite Data Records
Full text linkForensic analysis and evidence collection for web browser activity is a recurring problem in digital investigation. It is not unusual for a suspect to cover his traces. Accordingly, the recovery of previously deleted data such as web cookies and browser history are important. Fortunately, many browsers and thousands of apps used the same database system to store their data: SQLite. Reason enough to take a closer look at this product. In this article, we follow the question of how deleted content can be made visible again in an SQLite-database. For this purpose, the technical background of the problem will be examined first. Techniques are presented with which it is possible to carve and recover deleted data records from a database on a binary level. A novel software solution called FQLite is presented that implements the proposed algorithms. The search quality, as well as the performance of the program, is tested using the standard forensic corpus. The results of a performance study are discussed, as well. The article ends with a summary and identifies further research questions
The Importance of the Three P's in the Investigation
Full text linkThis article introduces the importance of process during the investigation and the acquisition phases of logical/physical artifacts which may be required during the course of such professional engagement. The article then focuses on the necessity to have a robust supportive framework in a state of preparedness to facilitate the First Responders and CSIRT (Computer Security Incident Response Team) with the necessary underpin to support such investigative engagements – considering effective and pragmatic Policies, Case Management, operational Security Protocols (Run-Books) and all other necessary attributes to underpin a professional, prepared posture from which a team may effectively, and robustly engage an investigation/incident. To elaborate on the importance of such an approach, we outline a number of real-world cases where ineffective processes and controls were applied. Finally, we review the essential elements of securely managing case-related data, and the absolute need to apply security mechanisms such as Certified Standards of FIPS-140-2 encryption to secure sensitive case related assets to assure they are robustly protected at all stages of their life cycle when they are in physical transit, or when they are at rest, associated with a desk-bound PC. The end objective to the entire article is to stress an absolute need to apply process to, as far as is practicable, to achieve positive conclusions from any investigation or incident which has been engaged
The Cybersecurity Aspects of New Entities Need a Cybernetic, Holistic Perspective
Full text linkoai:conceptechint.conceptechint.net:article/36In our connected world security and proof (evidence constituted in Verifiable Credentials (VC, W3C)) is distributed over what an individual can attest, what my objects tell about me (that is why AI = inferences from that data, is so important), and my behavior: “apply shaving foam” is a number in coelition.org. It is clear that we can no longer isolate the notion of security as in securing devices or securing infrastructure. In this brief article which is the background to a number of workshops that the authors and the Journal will host together, we sketch what we believe to be the end of a paradigm of a government model that has outsourced capabilities to the market. It is in the process of privatizing its last public capability: identity management. This is causing tremendous stress in systems, services, organizational procedures, and individuals. We propose a holistic perspective, distributing security at two points: at the device level and a moral movement at a societal level. As a time out to create room to discuss this broadly, we propose a particular model of SSI and disposable identities