1,723,433 research outputs found
An open architecture for digital evidence integration
No full textRecently the need for “digital evidence bags” – a common storage format for digital evidence – has been identified as a key requirement for enabling inter-organisational sharing of digital evidence, and interoperability between forensic analysis tools. Recent work has described an ontology based approach to correlation of event log based evidence, using semantic web technologies for describing and representing event log based digital evidence. In this paper we apply the representational approach to the integration of metadata related to digital evidence, and propose a globally unique identification scheme for digital evidence and related metadata. We relate the representational approach to the digital evidence bags concept identifying a number of shortcomings. We propose an alternative architecture for digital evidence bags, which we call the sealed digital evidence bags architecture. This approach treats bags as immutable objects, and facilitates the building of a corpus of digital evidence by composition and referencing between evidence bags. This architecture facilitates modular forensic tool development and interoperability between forensics tools
Photograph of Janet Clark, Andrew Inglis Clark's sister
No full textPhotograph of Janet Clark, Andrew Inglis Clark's siste
Detecting network-based obfuscated code injection attacks using sandboxing
No full textIntrusion detection systems (IDSs) are widely recognised as the last line of defence often used to enable incident response when intrusion prevention mechanisms are ineffective, or have been compromised. A signature based network IDS (NIDS) which operates by comparing network traffic to a database of suspicious activity patterns (known as signatures) is a popular solution due to its ease of deployment and relatively low false positive (incorrect alert) rate. Lately, attack developers have focused on developing stealthy attacks designed to evade NIDS. One technique used to accomplish this is to obfuscate the shellcode (the executable component of an attack) so that it does not resemble the signatures the IDS uses to identify the attacks but is still logically equivalent to the clear-text attacks when executed. We present an approach to detect obfuscated code injection attacks, an approach which compensates for efforts to evade IDSs. This is achieved by executing those network traffic segments that are judged potentially to contain executable code and monitoring the execution to detect operating system calls which are a necessary component of any such code. This detection method is based not on how the injected code is represented but rather on the actions it performs. Correct configuration of the IDS at deployment time is crucial for correct operation when this approach is taken, in particular, the examined executable code must be executed in an environment identical to the execution environment of the host the IDS is monitoring with regards to both operating system and architecture. We have implemented a prototype detector that is capable of detecting obfuscated shellcodes in a Linux environment, and demonstrate how it can be used to detect new or previously unseen code injection attacks and obfuscated attacks as well as well known attacks
Passive techniques for detecting session hijacking attacks in IEEE 802.11 wireless networks
No full textWireless networking technologies based on IEEE 802.11 series of standards are evolving to address many of the security issues that plagued earlier wireless standards. Unfortunately the current standards fail to authenticate management frames and network card addresses, and rely on loosely coupled state machines. This results in serious vulnerabilities that may lead to denial of service, session hijacking, and address masquerading attacks. Until the standards are updated to redress these problems, wireless network deployments must be supported by wireless intrusion detection systems–a challenging and under researched area. This paper presents techniques for improving detection of session hijacking attacks that are passive, computationally inexpensive, reliable, and have minimal impact on network performance. Experimental results are presented to give confidence in the utility of the techniques
L'utilité est-elle relative ? Analyse à l'aide de données sur les ménages
No full textClark Andrew. L'utilité est-elle relative ? Analyse à l'aide de données sur les ménages . In: Économie & prévision, n°121, 1995-5. Comportements des ménages, sous la direction de François Gardes et Alain Trognon. pp. 151-164
Replication Data for: A Natural Experiment on Job Insecurity and Fertility in France
No full textClark, Andrew E., and Lepinteur, Anthony, (2022) “A Natural Experiment on Job Insecurity and Fertility in France.” Review of Economics and Statistics 104:2, 386–398
- …
