每周報告



2015-11-24_LINCS Towards building a trustworthy litigation hold enabled

張貼者:2016年1月12日 下午8:25Jimmy Hsu

Litigation holds are inevitable parts of modern civil lawsuits that mandate an organization
to preserve all forms of documents related to a lawsuit. In current data storage models, this
includes documents stored in clouds. However, due to the fundamental natures of today's
clouds, incorporating a trustworthy litigation hold management system is very challenging.
To make the situation more complicated, defendants or plaintiffs may collude with the
cloud service provider (CSP) to manipulate the documents under the hold. Serious conse-
quences can follow if a litigant party fails to comply with the litigation hold for evidence
stored in the cloud, resulting in legal sanctions for spoliation. This will not only harm the
reputation of an organization but also levy of sanctions, such as fines, penalties, etc.
In this paper, we define a model of trustworthy litigation hold management for cloud-
based storage systems and identify the key security properties. Based on the model, we
propose a trustworthy LIitigation hold eNabled Cloud Storage (LINCS) system. We show
that LINCS can provide the required security properties in a strong adversarial scenario,
where a plaintiff or defendant colludes with a malicious CSP. Our prototype imple-
mentation reveals that the performance overhead of using LINCS is very low (average 1.4%
for the user), which suggests that such litigation hold enabled storage system can be in-
tegrated with real clouds.

2015-08-26_Overcast_Developing Digital Forensic Tool in Cloud Computing Environment

張貼者:2016年1月12日 下午8:20Jimmy Hsu   [ 已更新 2016年1月12日 下午8:23 ]

Abstract- Nowadays, preservation of digital data is moving
toward cloud computing, which is a lot of infrastructure provides
data warehousing for systems and individuals. Thus, From the
demand of cloud users for the use of Forensic Investigation;
digital forensics tool using cloud computing is a new field of
study related to the increasing use of information processing
systems, networks and digital memory devices in numerous
criminal actions. This paper reviews the brief idea need of digital
forensics in cloud computing, digital forensic analysis process
and investigation steps. We have also mentioned the literature on
some challenges in implementing the phases of digital forensics
in cloud computing

2015-11-03-CW-Live memory forensics of mobile phones

張貼者:2016年1月11日 下午6:29莊志偉   [ 已更新 2016年1月13日 上午9:17 ]

In this paper, we proposed an automated system to perform a live memory forensic
analysis for mobile phones. We investigated the dynamic behavior of the mobile phone’s
volatile memory, and the analysis is useful in real-time evidence acquisition analysis of
communication based applications. Different communication scenarios with varying
parameters were investigated. Our experimental results showed that outgoing messages
(from the phone) have a higher persistency than the incoming messages. In our experiments,
we consistently achieved a 100% evidence acquisition rate with the outgoing
messages. For the incoming messages, the acquisition rates ranged from 75.6% to 100%,
considering a wide range of varying parameters in different scenarios. Hence, in a more
realistic scenario where the parties may occasionally take turns to send messages and
consecutively send a few messages, our acquisition can capture most of the data to
facilitate further detailed forensic investigation.

2015-12-08-CW-Watch what you wear preliminary forensic analysis of smart watches

張貼者:2016年1月11日 上午7:45莊志偉   [ 已更新 2016年1月13日 上午9:18 ]

This work presents preliminary forensic analysis
of two popular smart watches, the Samsung Gear 2 Neo and
LG G. These wearable computing devices have the form
factor of watches and sync with smart phones to display
notifications, track footsteps and record voice messages. We
posit that as smart watches are adopted by more users, the
potential for them becoming a haven for digital evidence will
increase thus providing utility for this preliminary work. In
our work, we examined the forensic artifacts that are left on
a Samsung Galaxy S4 Active phone that was used to sync
with the Samsung Gear 2 Neo watch and the LG G watch.
We further outline a methodology for physically acquiring
data from the watches after gaining root access to them. Our
results show that we can recover a swath of digital evidence
directly form the watches when compared to the data on
the phone that is synced with the watches. Furthermore,
to root the LG G watch, the watch has to be reset to its
factory settings which is alarming because the process may
delete data of forensic relevance. Although this method is
forensically intrusive, it may be used for acquiring data from
already rooted LG watches. It is our observation that the
data at the core of the functionality of at least the two tested
smart watches, messages, health and fitness data, e-mails,
contacts, events and notifications are accessible directly from
the acquired images of the watches, which affirms our claim
that the forensic value of evidence from smart watches is
worthy of further study and should be investigated both at
a high level and with greater specificity and granularity.

2016-01-11-CW-Smartphone Forensic Analysis A Case Study for Obtaining Root Access of an Android Samsung S3 Device and Analyse the Image without an Expensive Commercial Tool

張貼者:2016年1月11日 上午7:05莊志偉   [ 已更新 2016年1月13日 上午9:19 ]

Smartphone is a very useful and compact device that fits in person’s pocket, but at the same time it
can be used as a tool for criminal activities. In this day and age, people increasingly rely on smart
phones rather than desktop computers or laptops to exchange messages, share videos and audio
messages. A smartphone is almost equivalent in its application to a PC, hence there are security
risks associated with its use such as carrying out a digital crime or becoming a victim of one. Criminals
can use smartphones for a number of activities. Namely, committing a fraud over e-mail,
harassment via text messages, drug trafficking, child pornography, communications related to narcotics,
etc. It is a great challenge for forensic experts to extract data from a smartphone for forensic
purposes that can be used as evidence in the court of law. In this case study, I show how to obtain the
root access of Samsung S3 phone, how to create DD image and then how to examine DD image via
commercial tool like UFED physical analyzer trial version which doesn’t support Android devices? I
will extract the messages for Viber on trial version of UFED Physical analyzer.

The Internet of Things vision: .Key features, applications and open issues

張貼者:2016年1月11日 上午6:47劉權漢

Abstract  
  In this paper we present the key features and the driver technologies of IoT.
  In addition to identifying the application scenarios and the correspondent potential applications, we focus on research challenges and open issues to be faced for the IoT realization in the real world.

Digital investigations for IPv6-based Wireless Sensor Networks

張貼者:2016年1月10日 下午8:27劉權漢

  Developments in the field of Wireless Sensor Networks (WSNs) and the Internet of Things (IoT) mean that sensor devices can now be uniquely identified using an IPv6 address and, if suitably connected, can be directly reached from the Internet. This has a series of advantages but also introduces new security vulnerabilities and exposes sensor deployments(部署) to attack.

  In this paper we critically(精密的) assess(評判) and analyse(分析) information retrieved from a device used for IoT networking, in order to identify the factors which may have contributed to a security breach().
     To achieve this, we present an approach for the extraction of RAM and flash contents from a sensor node. Subsequently, we analyse extracted network connectivity information and we investigate the possibility of correlating information gathered from multiple devices in order to reconstruct the network topology. 

2015-12-15-Low bit-rate information hiding method based on search-order-coding technique

張貼者:2016年1月10日 下午7:18吳嘉玲   [ 已更新 2016年1月10日 下午7:46 ]

Information hiding method with low bit rate is important in secure communications. To reduce bit rate we propose a new embedding method in this paper based on SOC (search-order coding) compression technique. Compared to Chang et al.’s scheme in 2004, our scheme completely avoids the transform from SOC coding to OIV (original index values) coding to significantly reduce bit rate. In order to further reduce bit rate, Chang et al. proposed a reversible data hiding scheme using hybrid encoding strategies by introducing the side-match vector quantization (SMVQ) in 2013. But it needed additional 1 bit indicator to distinguish the two statuses to determine OIV is belonged to G1 or G2. This overhead gave a large burden to compression rate and could not reduce the bit rate significantly. In contrast, our scheme completely avoids this indicator. The experimental results show that the proposed method can efficiently reduce the bit rate and have the same embedding capacity compared with Chang et al.’s scheme in 2004 and Chang et al.’s scheme in 2013. Moreover, our proposed scheme can also achieve a better performance in both the embedding capacity and bit rate than other related VQ-based information hiding schemes.

2015-12-29-Lily-Index compression for vector quantisation using modified coding tree assignment scheme

張貼者:2016年1月10日 下午7:16吳嘉玲

Recently, a lossless vector quantisation (VQ) index compression algorithm, called the coding tree assignment scheme with improved search-order coding (CTAS-ISOC) algorithm, has been proposed to enhance the coding efficiency of the original SOC by exploiting the correlations of the neighbouring blocks using the left-pair and upper-pair patterns in the index domain. This study proposes a modified coding tree assignment scheme (MCTAS) to further improve the coding performance of CTAS-ISOC by the dynamic index table coding (DITC). The DITC technique exploits the correlation of neighbouring index pairs not in the original vector-quantised index map, but in the temporarily constructed index table that has been classified and updated for each current index. The searching matched index in a previously qualified index table results in low-time complexity. In addition, the identical index table can be regenerated in the reconstruction process of the index map at the decoder end. Experimental results show the time complexity of MCTAS is more efficient than that of CTAS-ISOC. Moreover, the proposed MCTAS apparently reduces the bit rate in comparison with conventional VQ and some popular lossless index coding schemes, such as index searching algorithm with index associated list, adaptive index coding scheme, SOC and so on.

2015-12-29-bb-Investigating evidence of mobile phone usage by drivers in road traffic accidents

張貼者:2016年1月9日 上午8:17葉書廷

The United Kingdom is witnessing some of the highest volumes of motor vehicle traffic on its roads. In addition, a large number of motor vehicle traffic accidents are reported annually, of which it is estimated that a quarter involve the illegal use of a hand-held mobile device by the driver. Establishing whether mobile phone usage was a causal factor for an accident involves carrying out a forensic analysis of a mobile handset to ascertain a timeline of activity on the device, focussing on whether the handset was used immediately prior to, or during, an incident. Previously, this involved identifying whether SMS messages have been sent or received on the handset alongside an examination of the call logs. However, with advancements in smartphone and application design, there are now a number of ways a driver can interact with their mobile device resulting in less obvious forms of evidence which can be termed as ‘passive activity’. This article provides an analysis of iPhone's CurrentPowerlog.powerlogsystem file and Android device ‘buffer logs’, along with their associated residual data, both of which can potentially be used to establish mobile phone usage at the time of, or leading up to, a motor vehicle accident.

1-10 of 102