50 research outputs found

    A study of application level information from the volatile memory of Windows computer systems

    Full text link
    The purpose of this research work was to investigate into the seven most commonly used applications in order to uncover information that may have been hidden from forensic investigators by extracting the application level information from volatile memory of a Windows system and performing analysis of that volatile memory. The aim of this research was to formulate how the extracted application level information can be reconstructed to describe what user activities had taken place on the application under investigation. After reviewing the relevant literature on volatile memory analysis and forensically relevant data from Windows applications, this thesis confines its research to a study of the application level information and the volatile memory analysis of Windows applications. Quantitative and qualitative results were produced in this study. The quantitative assessment consists of four metrics and that were used to investigate the quantity of user input on the applications while the qualitative measures were formulated to infer what the user is doing on the application, what they have been doing and what they are using the applications for. The reconstruction of user input activities was carried out by using some commonly used English words to search for user input and pattern matching techniques for when the user input is known in the investigation. The analysis of user input was discussed based on four scenarios developed for this research. The result shows that different amounts of user input can be recovered from various applications. The result in scenario 1, indicates that user input can be recovered easily from Word, PowerPoint, Outlook Email and Internet Explorer 7.0 and that little user input can be found on Excel, MS Access and Adobe Reader 8.0. In scenario 2, a significant amount of user input was recovered in the memory allocated to all the applications except MS Access where little user input was found. In scenario3, only Outlook Email and Internet Explorer 7.0 resulted in a large amount of user input being recovered. The rest of the applications retain little user input in memory. In scenario 4, a greatly reduced amount of information was found for all the applications. But some user input was found from Outlook Email and Internet Explorer 7.0 which shows that user input can be retained for some time in the memory. After the analysis of user input, the importance of volatile memory of the application level information was discussed. A procedure has been formulised for the extraction and analysis of application level information and these have been discussed with respect to their use in the court of law based on the five Daubert tests of scientific method of gathering digital evidence. As presented, three out of the Daubert tests have been completed while the two others forms the unique contribution of the research project to digital forensic community. The author recommends that the research theory of application level information should be extended to other operating systems using the scenarios formulated in this research project.EThOS - Electronic Theses Online ServiceGBUnited Kingdo

    Fraud Mitigation in Attendance Monitoring Systems using Dynamic QR Code, Geofencing and IMEI Technologies

    Full text link
    Attendance monitoring is a vital activity in several organizations. Due to its importance, many attendance monitoring systems have been developed to automate this process. Despite several advancements in automated attendance management solutions, attendance fraud remains an issue as some end users can manipulate known vulnerabilities, such as proxy attendance, buddy-punching, early departure, and so on. In this paper, a fraud-resistant attendance management solution is developed by harnessing technologies such as geofencing, dynamic QR code and IMEI Checking. The proposed solution is comprised of a single-page web application where QR code can be enabled for attendance registration, and a mobile application, where endusers can scan generated QR code to register their attendance. Attendance cheating via QR code sharing is prevented by encoding the polygonal coordinates of the event venue in the QR code to determine if the user is within the venue. The proposed system solves the problem of proxy attendance by registering and verifying the end user’s device IMEI number. Results obtained from testing indicate that attempts at committing a variety of attendance frauds are effectively mitigated

    Optimizing the performance of the advanced encryption standard techniques for secured data transmission

    Full text link
    Information security has emerged as a critical concern in data communications. The use of cryptographic methods is one approach for ensuring data security. A cryptography implementation often consists of complex algorithms that are used to secure the data. Several security techniques, including the Data Encryption Standard (DES), Triple Data Encryption Standard (3DES), Twofish, Rivest-Shamir-Adleman (RSA), Elliptic curve cryptography, and many others, have been created and are used in the data encryption process. However, the Advanced Encryption Standard (Rijndael) has received a lot of attention recently due to its effectiveness and level of security. To increase the scope of AES's numerous uses, it is crucial to develop high-performance AES. To enhance the processing time of AES methods, the research provided solution performance of the AES algorithm. This includes additional layers of encoding, decoding, shrinking and expansion techniques of the analysis that was performed. Data findings are produced for further actions based on the outcome
    corecore