Lens ID,Title,Date Published,Publication Year,Publication Type,Source Title,ISSNs,Publisher,Source Country,Author/s,Abstract,Volume,Issue Number,Start Page,End Page,Fields of Study,Keywords,MeSH Terms,Chemicals,Funding,Source URLs,External URL,PMID,DOI,Microsoft Academic ID,PMCID,Citing Patents Count,References,Citing Works Count,Is Open Access,Open Access License,Open Access Colour
000-557-324-827-169,Digital Evidence: Challenging the Presumption of Reliability,,2006,journal article,Journal of Digital Forensic Practice,15567281; 15567346,Informa UK Limited,United States,Eric Van Buskirk; Vincent T. Liu,"Abstract There is a general tendency among courts to presume that forensic software reliably yields accurate digital evidence. As a judicial construct, this presumption is unjustified in that it is not tailored to separate accurate results from inaccurate ones. The authors illustrate this unfortunate truth by the presentation of two currently uncorrected weaknesses in popular computer forensic tools, methods, and assumptions. Some percentage of these forensic software errors (and ones like them) will necessarily have negative effects on parties, whether in terms of faulty criminal convictions or improper civil judgments. The authors argue that the collective value of these negative effects among parties is far larger than the costs of research and development required to prevent such negative effects. Under a purely rational economic approach to the law, this dynamic constitutes an inefficiency to be corrected through the proper application of rules. The authors advance two approaches to cure current defe...",1,1,19,26,Software quality; Construct (philosophy); Law and economics; Value (ethics); Inefficiency; Federal Rules of Evidence; Presumption; Digital evidence; Computer security; Computer science; Computer forensics,,,,,https://dblp.uni-trier.de/db/journals/jdfp/jdfp1.html#BuskirkL06 https://doi.org/10.1080/15567280500541421 https://www.tandfonline.com/doi/full/10.1080/15567280500541421,http://dx.doi.org/10.1080/15567280500541421,,10.1080/15567280500541421,2067550567,,0,,29,false,,
001-161-687-871-519,Analysis of update delays in signature-based network intrusion detection systems,,2011,journal article,Computers & Security,01674048,Elsevier BV,United Kingdom,Hugo Gascon; Agustin Orfila; Jorge Blasco,"Network Intrusion Detection Systems (NIDS) play a fundamental role on security policy deployment and help organizations in protecting their assets from network attacks. Signature-based NIDS rely on a set of known patterns to match malicious traffic. Accordingly, they are unable to detect a specific attack until a specific signature for the corresponding vulnerability is created, tested, released and deployed. Although vital, the delay in the updating process of these systems has not been studied in depth. This paper presents a comprehensive statistical analysis of this delay in relation to the vulnerability disclosure time, the updates of vulnerability detection systems (VDS), the software patching releases and the publication of exploits. The widely deployed NIDS Snort and its detection signatures release dates have been used. Results show that signature updates are typically available later than software patching releases. Moreover, Snort rules are generally released within the first 100 days from the vulnerability disclosure and most of the times exploits and the corresponding NIDS rules are published with little difference. Implications of these results are drawn in the context of security policy definition. This study can be easily kept up to date due to the methodology used.",30,8,613,624,Software deployment; Anomaly-based intrusion detection system; Security policy; Exploit; Vulnerability; Relation (database); Intrusion prevention system; Context (language use); Intrusion detection system; Computer security; Computer science; Vulnerability (computing),,,,,https://doi.org/10.1016/j.cose.2011.08.010 https://dblp.uni-trier.de/db/journals/compsec/compsec30.html#GasconOA11 https://www.sciencedirect.com/science/article/pii/S0167404811001106 https://core.ac.uk/download/30044499.pdf,http://dx.doi.org/10.1016/j.cose.2011.08.010,,10.1016/j.cose.2011.08.010,2078846165,,0,008-735-958-111-306; 018-015-057-679-284; 019-894-691-912-151; 020-885-011-437-897; 029-452-209-812-975; 033-820-436-580-458; 036-496-886-989-477; 036-570-139-292-046; 045-104-320-140-926; 045-494-422-820-099; 083-293-117-604-32X; 084-300-895-894-385; 094-130-112-371-363; 100-428-983-751-22X; 107-976-551-516-025; 126-980-102-017-272; 131-746-009-933-474; 133-916-487-800-053; 135-540-879-625-645; 145-841-489-671-314; 152-313-879-966-702; 152-937-620-267-692; 178-384-582-247-290; 191-190-602-403-170,23,true,,green
001-614-355-880-733,A machine learning approach to keystroke dynamics based user authentication,,2007,journal article,International Journal of Electronic Security and Digital Forensics,1751911x; 17519128,Inderscience Publishers,United Kingdom,Kenneth Revett; Florin Gorunescu; Marina Gorunescu; M. Ene; Sérgio Tenreiro de Magalhães; Henrique Santos,"The majority of computer systems employ a login ID and password as the principal method for access security. In stand-alone situations, this level of security may be adequate, but when computers are connected to the internet, the vulnerability to a security breach is increased. In order to reduce vulnerability to attack, biometric solutions have been employed. In this paper, we investigate the use of a behavioural biometric based on keystroke dynamics. Although there are several implementations of keystroke dynamics available, their effectiveness is variable and dependent on the data sample and its acquisition methodology. The results from this study indicate that the Equal Error Rate (EER) is significantly influenced by the attribute selection process and to a lesser extent on the authentication algorithm employed. Our results also provide evidence that a Probabilistic Neural Network (PNN) can be superior in terms of reduced training time and classification accuracy when compared with a typical MLFN back-propagation trained neural network.",1,1,55,70,Password; Login; Machine learning; Data mining; Probabilistic neural network; Principal (computer security); Artificial intelligence; Authentication; Computer science; Access control; Keystroke dynamics; Vulnerability (computing),,,,,https://repositorium.sdum.uminho.pt/bitstream/1822/6388/1/f191031146728125.pdf https://dl.acm.org/doi/10.1504/IJESDF.2007.013592 https://dblp.uni-trier.de/db/journals/ijesdf/ijesdf1.html#RevettGGEMS07 https://repositorium.sdum.uminho.pt/handle/1822/6388 https://westminsterresearch.westminster.ac.uk/item/91q5y/a-machine-learning-approach-to-keystroke-dynamics-based-user-authentication http://westminsterresearch.wmin.ac.uk/4577/ http://www.inderscience.com/link.php?id=13592 https://www.inderscienceonline.com/doi/abs/10.1504/IJESDF.2007.013592 https://core.ac.uk/download/55607502.pdf,http://dx.doi.org/10.1504/ijesdf.2007.013592,,10.1504/ijesdf.2007.013592,2099798707,,0,002-130-000-391-856; 002-478-729-440-015; 005-970-562-277-546; 016-893-857-817-303; 017-783-378-199-463; 021-993-038-171-851; 041-807-606-186-765; 044-409-429-855-539; 049-634-925-566-835; 056-473-007-165-53X; 058-520-281-681-205; 062-137-901-037-123; 068-840-950-252-033; 074-357-902-678-475; 076-247-293-040-497; 096-458-703-017-878; 104-218-645-087-717; 109-425-159-458-598; 114-101-015-588-713; 131-407-302-730-792; 136-722-461-221-778; 144-593-556-282-786; 166-221-444-705-861; 178-045-081-284-521; 191-006-721-492-011,58,true,,green
003-126-053-087-131,Automated Windows event log forensics,,2007,journal article,Digital Investigation,17422876,Elsevier BV,Netherlands,Rich Murphey,"This paper proposes methods to automate recovery and analysis of Windows NT5 (XP and 2003) event logs for computer forensics. Requirements are formulated and methods are evaluated with respect to motivation and process models. A new, freely available tool is presented that, based on these requirements, automates the repair of a common type of corruption often observed in data carved NT5 event logs. This tool automates repair of multiple event logs in a single step without user intervention. The tool was initially developed to meet immediate needs of computer forensic engagements. Automating recovery, repair, and correlation of multiple logs make these methods more feasible for consideration in both a wider range of cases and earlier phases of cases, and hopefully, in turn, standard procedures. The tool was developed to fill a gap between capabilities of certain other freely available tools that may recover and correlate large volumes of log events, and consequently permit correlation with various other kinds of Windows artifacts. The methods are examined in the context of an example digital forensic service request intended to illustrate the kinds of civil cases that motivated this work.",4,,92,100,Automation; Software engineering; Data mining; Range (mathematics); Context (language use); Service (systems architecture); Computer science; Event (computing); Computer forensics; Process modeling; Digital forensics,,,,,https://dblp.uni-trier.de/db/journals/di/di4.html#Murphey07 https://www.sciencedirect.com/science/article/pii/S174228760700045X http://www.sciencedirect.com/science/article/pii/S174228760700045X https://doi.org/10.1016/j.diin.2007.06.012 https://dl.acm.org/doi/10.1016/j.diin.2007.06.012 https://dfrws.org/2007/proceedings/p92-murphey.pdf,http://dx.doi.org/10.1016/j.diin.2007.06.012,,10.1016/j.diin.2007.06.012,2104841399,,0,005-859-821-142-158; 007-648-632-822-878; 009-817-335-436-96X; 017-840-378-634-021; 023-341-419-324-638; 026-595-961-209-188; 032-697-093-668-898; 074-503-617-334-537; 135-717-892-795-412; 159-884-546-424-570; 162-201-727-094-331; 166-884-286-061-649; 191-734-947-037-017,16,true,cc-by-nc-nd,hybrid
004-330-943-405-028,Parsing ambiguities in authentication and key establishment protocols,,2010,journal article,International Journal of Electronic Security and Digital Forensics,1751911x; 17519128,Inderscience Publishers,United Kingdom,Liqun Chen; Chris J. Mitchell,"A new class of attacks against authentication and authenticated key establishment protocols is described, which we call parsing ambiguity attacks. If appropriate precautions are not deployed, these attacks apply to a very wide range of such protocols, including those specified in a number of international standards. Three example attacks are described in detail, and possible generalisations are also outlined. Finally, possible countermeasures are given, as are recommendations for modifications to the relevant standards.",3,1,82,94,Authentication; Parsing; Ambiguity; Key establishment; Electronic security; Cryptographic protocol; Computer security; Computer science,,,,,https://pure.royalholloway.ac.uk/portal/services/downloadRegister/1247085/paiaak.pdf https://dl.acm.org/citation.cfm?id=1753732 https://repository.royalholloway.ac.uk/items/6226ee0e-2734-bf23-ed7a-6854410b1d05/10/paiaak.pdf https://www.chrismitchell.net/Papers/paiaak.pdf http://www.inderscience.com/link.php?id=32333 https://dl.acm.org/doi/10.1504/IJESDF.2010.032333 https://www.inderscienceonline.com/doi/abs/10.1504/IJESDF.2010.032333 https://dblp.uni-trier.de/db/journals/ijesdf/ijesdf3.html#ChenM10 https://doi.org/10.1504/IJESDF.2010.032333 https://core.ac.uk/download/28892658.pdf,http://dx.doi.org/10.1504/ijesdf.2010.032333,,10.1504/ijesdf.2010.032333,2098539586,,0,009-498-739-814-124; 013-379-713-661-417; 028-502-864-816-303; 032-626-020-092-930; 036-481-605-764-895; 040-656-320-316-913; 052-177-010-424-617; 053-048-871-294-231; 084-663-906-958-616; 098-892-902-051-803; 117-340-521-107-596; 133-161-746-680-541; 166-258-370-966-610,8,true,,
005-985-034-255-396,"Exploiting error control in network traffic for robust, high rate covert channels",,2007,journal article,International Journal of Electronic Security and Digital Forensics,1751911x; 17519128,Inderscience Publishers,United Kingdom,William Karl Geissler; John McEachen,"Current means of steganography within network traffic are limited in terms of throughput and robustness. We present a novel concept for establishing reliable two-way covert channels that exchange information at a significantly higher rate compared to previous methods. This concept exploits the difficulty in differentiating between erroneous data and unauthorised data. As a proof-of-concept, we examine how the manipulation of Transmission Control Protocol (TCP) error handling may be used for global covert information transfer. Specifically, a new TCP routing application was developed to embed hidden information into cover media and to retrieve the information at the receiving end. A flexible testing architecture was designed and implemented that may also be used to test other steganographic techniques. Error handling techniques for the hidden information were identified for the steganographic protocol, to increase the robustness of the hidden information. Finally, steganalytic techniques and tools have been identified to counter the use of this technique by unfriendly forces.",1,2,180,193,Error detection and correction; Steganography; Information exchange; Information assurance; Covert channel; Computer network; Transmission Control Protocol; Computer science; Information transfer; Robustness (computer science),,,,,https://www.inderscienceonline.com/doi/abs/10.1504/IJESDF.2007.016867 https://dblp.uni-trier.de/db/journals/ijesdf/ijesdf1.html#GeisslerM07,http://dx.doi.org/10.1504/ijesdf.2007.016867,,10.1504/ijesdf.2007.016867,2131512225,,0,009-620-813-233-034; 016-089-118-521-309; 021-237-372-495-823; 028-038-085-809-431; 056-018-006-333-365; 117-340-162-973-985; 156-624-120-310-971,2,false,,
009-198-262-320-615,Heuristic Security-Testing Methods,,2006,journal article,Journal of Digital Forensic Practice,15567281; 15567346,Informa UK Limited,United States,John E. Kerivan,"ABSTRACT This is the first of two papers that deal with the development of running state requirements for functional testing of security software and hardware systems. It outlines the need to adopt paradigms that reflect typical usage patterns, prevalent infection methods, and proper security tool use and configurations that are grounded in real-world scenarios. This paper outlines a practical set of such test tools based on attack infection techniques designed to evaluate the efficacy and utility of signature as well as knowledge-based security systems, including those found in forensic toolkits. Signature-based testing of security solutions is complicated by the continuing increase in the number of attack signatures. Likewise, realistic behavioral testing methods for the same suffer from the increasing numbers of combinations and permutations for attack infection methods that quickly become outdated as new attack categories emerge. However, the usage patterns and base attack infection techniques have re...",1,1,27,36,Signature (logic); Heuristic; Set (abstract data type); Security testing; Test (assessment); Security software; Computer security; Computer science; State (computer science); Functional testing,,,,,https://www.tandfonline.com/doi/full/10.1080/15567280500541439 https://dblp.uni-trier.de/db/journals/jdfp/jdfp1.html#Kerivan06,http://dx.doi.org/10.1080/15567280500541439,,10.1080/15567280500541439,1979228063,,1,,0,false,,
012-723-051-030-715,The Admissibility of Electronic Evidence in Court (A.E.E.C.): Fighting against High-Tech Crime—Results of a European Study,2007-06-22,2007,journal article,Journal of Digital Forensic Practice,15567281; 15567346,Informa UK Limited,United States,Fredesvinda Insa,"ABSTRACT Electronic evidence has been used in most states in Europe for several years, although the obtaining, seizure, analysis, and presentation of electronic evidence before an adjudicator is carried out in different ways in each member state. In November 2005, a group of European multidisciplinary experts started to set out the different methods by which electronic evidence is adduced in the courts of sixteen member states 1 under the Admissibility of the Electronic Evidence (A.E.E.C.) project. Previous research on the electronic evidence in Europe is not well known and very fragmentary in nature because none were comparative studies. And none dealt with the topic “admissibility.” The A.E.E.C. project has been designed to provide a response to the current situation since the lack of knowledge in this field is hindering procedures to incriminate the offenders of cyber crime. The study has been financially supported by the European Commission in the Framework Program AGIS. The main objectives of the ini...",1,4,285,289,Political science; High tech; Law; Multidisciplinary approach; Presentation; Member state; Adjudicator; Cyber crime; Lack of knowledge; Member states; Computer security,,,,,https://dblp.uni-trier.de/db/journals/jdfp/jdfp1.html#Insa06 https://www.tandfonline.com/doi/full/10.1080/15567280701418049,http://dx.doi.org/10.1080/15567280701418049,,10.1080/15567280701418049,2072295589,,0,,21,true,,bronze
013-223-937-343-687,A meta-process for information security risk management,,2008,journal article,International Journal of Electronic Security and Digital Forensics,1751911x; 17519128,Inderscience Publishers,United Kingdom,Katerina Papadaki; Despina Polemi,"Information security risk management (ISRM) is a major concern of organisations worldwide. Although the number of existing ISRM methodologies is enormous, in practice several resources are invested by organisations in creating new ISRM methodologies in order to capture more accurately the risks of their complex information systems. This is a crucial knowledge-intensive process for organisations, but in most cases it is addressed in an ad hoc manner. The existence of a systematic approach for the development of new or improved ISRM methodologies would enhance the effectiveness of the process. In this paper, we propose a systematic meta-process for developing new, or improved ISRM methods. We also present the specifications for a collaboration and knowledge-sharing platform supporting a virtual intra-organisational cross-disciplinary team, which aims at improving its ISRM methodologies by adopting the proposed meta-process.",1,4,336,343,Risk analysis (engineering); Information system; Order (exchange); Knowledge sharing; Virtual community; Information security risk management; Risk management; Computer science; Process (engineering); Information security; Knowledge management,,,,,https://dblp.uni-trier.de/db/journals/ijesdf/ijesdf1.html#0002P08 https://link.springer.com/chapter/10.1007/978-3-540-69403-8_30 https://ui.adsabs.harvard.edu/abs/2008ges..conf..257P/abstract https://rd.springer.com/chapter/10.1007/978-3-540-69403-8_30 https://www.inderscienceonline.com/doi/abs/10.1504/IJESDF.2008.021451,http://dx.doi.org/10.1504/ijesdf.2008.021451,,10.1504/ijesdf.2008.021451,2134085935; 2996897070,,0,001-856-317-038-31X; 005-698-012-833-552; 008-845-070-905-362; 009-511-307-100-711; 012-081-188-873-877; 025-303-293-514-983; 035-722-084-983-707; 035-798-611-700-926; 037-813-655-903-413; 045-119-187-307-855; 046-942-356-376-50X; 048-599-998-350-202; 050-405-450-488-904; 051-323-584-879-043; 060-612-311-945-751; 064-007-880-224-428; 065-355-780-107-176; 068-124-021-413-894; 081-024-840-470-561; 081-066-397-399-961; 083-616-439-857-403; 103-603-280-682-947; 117-382-751-606-775; 142-156-855-140-050; 173-963-629-852-581; 188-181-795-136-079,1,false,,
014-403-336-708-18X,Describing and Categorizing Disk-Avoiding Anti-Forensics Tools,2007-06-22,2007,journal article,Journal of Digital Forensic Practice,15567281; 15567346,Informa UK Limited,United States,Aaron D. Smith,"ABSTRACT Disk-avoiding anti-forensics tools are now being used to prevent current forensics tools from detecting their activities. These new tools must be described and categorized in order for forensics investigators to be aware of and therefore able to detect the tools and collect the information they produce. This article builds upon existing categories used to classify anti-forensics methods, such as evidence source elimination and data contraception, and provides useful information for understanding the current and anticipated trends in anti-forensics.",1,4,309,313,Data science; Order (business); Computer science,,,,,https://dblp.uni-trier.de/db/journals/jdfp/jdfp1.html#Smith06 https://www.tandfonline.com/doi/full/10.1080/15567280701418155,http://dx.doi.org/10.1080/15567280701418155,,10.1080/15567280701418155,2056851541,,0,063-257-284-816-393; 078-598-867-814-365; 097-567-011-227-46X; 106-166-309-388-976,4,true,,bronze
014-510-444-730-433,A comparison of forensic evidence recovery techniques for a windows mobile smart phone,,2011,journal article,Digital Investigation,17422876,Elsevier BV,Netherlands,George Grispos; Tim Storer; William Bradley Glisson,"Acquisition, decoding and presentation of information from mobile devices is complex and challenging. Device memory is usually integrated into the device, making isolation prior to recovery difficult. In addition, manufacturers have adopted a variety of file systems and formats complicating decoding and presentation. A variety of tools and methods have been developed (both commercially and in the open source community) to assist mobile forensics investigators. However, it is unclear to what extent these tools can present a complete view of the information held on a mobile device, or the extent the results produced by different tools are consistent. This paper investigates what information held on a Windows Mobile smart phone can be recovered using several different approaches to acquisition and decoding. The paper demonstrates that no one technique recovers all information of potential forensic interest from a Windows Mobile device; and that in some cases the information recovered is conflicting.",8,1,23,36,Mobile database; Mobile computing; Embedded system; Mobile device; Mobile station; Mobile search; Computer science; Multimedia; Mobile Web; Mobile technology; Mobile device forensics,,,,,https://digitalcommons.unomaha.edu/cgi/viewcontent.cgi?article=1044&context=interdiscipinformaticsfacpub http://www.sciencedirect.com/science/article/pii/S1742287611000417 https://dx.doi.org/10.1016/j.diin.2011.05.016 https://experts.nebraska.edu/en/publications/a-comparison-of-forensic-evidence-recovery-techniques-for-a-windo https://digitalcommons.unomaha.edu/interdiscipinformaticsfacpub/45/ https://www.sciencedirect.com/science/article/abs/pii/S1742287611000417 https://works.bepress.com/george-grispos/1/download/ http://eprints.gla.ac.uk/54769/1/ID54769.pdf http://dx.doi.org/10.1016/j.diin.2011.05.016 https://dblp.uni-trier.de/db/journals/di/di8.html#GrisposSG11 https://works.bepress.com/george-grispos/1/ http://eprints.gla.ac.uk/54769/ http://www.dcs.gla.ac.uk/~grisposg/Papers/windowsmobile.pdf https://core.ac.uk/download/pdf/296105162.pdf,http://dx.doi.org/10.1016/j.diin.2011.05.016,,10.1016/j.diin.2011.05.016,2016917250,,0,001-187-036-977-606; 005-204-756-049-67X; 010-707-379-000-138; 010-837-337-430-717; 013-246-076-655-612; 013-701-867-210-611; 023-341-419-324-638; 024-385-303-080-230; 030-121-862-351-330; 031-982-129-275-33X; 033-059-274-408-956; 048-141-687-795-752; 052-164-838-212-603; 065-081-141-831-71X; 073-910-371-295-970; 074-933-143-629-826; 093-202-006-367-348; 096-987-095-416-990; 097-761-044-556-015; 124-590-497-029-991; 142-657-351-097-509,60,true,,green
017-616-094-974-749,An Introduction to Computer Forensics,,2006,journal article,"Medicine, science, and the law",00258024; 20421818,SAGE Publications Ltd,United Kingdom,Nick Furneaux,"This paper provides an introduction to the discipline of Computer Forensics. With computers being involved in an increasing number, and type, of crimes the trace data left on electronic media can play a vital part in the legal process. To ensure acceptance by the courts, accepted processes and procedures have to be adopted and demonstrated which are not dissimilar to the issues surrounding traditional forensic investigations. This paper provides a straightforward overview of the three steps involved in the examination of digital media: Acquisition of data. Investigation of evidence. Reporting and presentation of evidence. Although many of the traditional readers of Medicine, Science and the Law are those involved in the biological aspects of forensics, I believe that both disciplines can learn from each other, with electronic evidence being more readily sought and considered by the legal community and the long, tried and tested scientific methods of the forensic community being shared and adopted by the computer forensic world.",46,3,213,218,Internet privacy; Electronic media; Digital media; Presentation; Legal process; Computer science; Engineering ethics; Computer forensics; Accreditation; TRACE (psycholinguistics); Digital forensics,,Accreditation; Computers; Forensic Sciences; Humans,,,https://www.ncbi.nlm.nih.gov/pubmed/16909643 https://pubmed.ncbi.nlm.nih.gov/16909643/ https://europepmc.org/article/MED/16909643 https://core.ac.uk/display/74390811 https://journals.sagepub.com/doi/abs/10.1258/rsmmsl.46.3.213,http://dx.doi.org/10.1258/rsmmsl.46.3.213,16909643,10.1258/rsmmsl.46.3.213,1982756929,,0,,5,false,,
018-155-042-578-215,Biometric technologies and their perception by the common citizen,,2012,journal article,International Journal of Electronic Security and Digital Forensics,1751911x; 17519128,Inderscience Publishers,United Kingdom,Vítor J. Sá; Daniela Borges; Sérgio Tenreiro de Magalhães; Henrique Santos,"This article presents the biometric technology and its perception by the common citizen in Portugal. The results of a systematic inquiry about the perception of the Portuguese on the biometric technology are presented, which involved 606 citizens. Through the article, we present the principal biometrics, subdivided in stealth and collaborative, and the main concepts on its evaluation. Following a simple method consisting in a survey by questionnaire, the most relevant conclusions are presented.",4,2,187,200,Principal (computer security); Biometrics; Data science; Perception; Simple (abstract algebra); Portuguese; Computer science; Multimedia,,,,,https://dx.doi.org/10.1504/IJESDF.2012.048418 https://www.inderscienceonline.com/doi/full/10.1504/IJESDF.2012.048418 http://www.inderscience.com/link.php?id=48418 http://dx.doi.org/10.1504/IJESDF.2012.048418 https://dblp.uni-trier.de/db/journals/ijesdf/ijesdf4.html#SaBMS12,http://dx.doi.org/10.1504/ijesdf.2012.048418,,10.1504/ijesdf.2012.048418,2169399797,,0,,1,false,,
018-620-335-450-996,Teaching Digital Forensics to Undergraduate Students,,2008,journal article,IEEE Security & Privacy Magazine,15407993; 15584046,Institute of Electrical and Electronics Engineers (IEEE),United States,Lynn Batten; Lei Pan,"Digital forensics isn't commonly a part of an undergraduate university degree, but Deakin University in Australia recently introduced the subject as part of an IT security course. As instructors, we've found that digital forensics complements our other security offerings because it affords insights into why and how security fails. A basic part of this course is an ethics agreement signed by students and submitted to the unit instructor. This agreement, approved by Deakin University's legal office and consistent with Barbara Endicott-Popovsky's approach, requires students to maintain a professional and ethical attitude to the subject matter and its applications. Assignments regularly cast students in the role of forensic professional. Our teaching team emphasizes throughout the course that professional conduct establishes credibility with employers and customers as well as colleagues, and is required to perform the job effectively. This article describes our experiences with this course.",6,3,54,56,Forensic science; Subject (documents); Professional conduct; Credibility; Subject matter; Computer science; Multimedia; Medical education; Digital forensics,,,,,http://yadda.icm.edu.pl/yadda/element/bwmeta1.element.ieee-000004530400 http://dx.doi.org/10.1109/MSP.2008.74 http://dro.deakin.edu.au/view/DU:30017610 https://ieeexplore.ieee.org/abstract/document/4530400 https://www.infona.pl/resource/bwmeta1.element.ieee-art-000004530400 http://dro.deakin.edu.au/eserv/DU:30017610/batten-teachingdigitalforensics-2008.pdf https://dx.doi.org/10.1109/MSP.2008.74 https://dblp.uni-trier.de/db/journals/ieeesp/ieeesp6.html#BattenP08 http://hdl.handle.net/10536/DRO/DU:30017610,http://dx.doi.org/10.1109/msp.2008.74,,10.1109/msp.2008.74,1976562900,,0,017-131-297-757-546,12,true,,green
020-048-521-593-63X,Report examining the weaknesses in the fight against cyber-crime from within,,2007,journal article,International Journal of Electronic Security and Digital Forensics,1751911x; 17519128,Inderscience Publishers,United Kingdom,Aminata Taal,"This report examines the weaknesses in some of the computer forensic methods used by law enforcement in the fight against computer crime (e-crime) and the work that needs to be done from the perspective of someone who works in the field, observed from within and now looking in from the outside. The computer forensic tools and technology that are heavily relied upon without proper research and evaluation, the lack of procedures in place to assess computer forensic experts in the private sector used by law enforcement agencies, insufficient training and the lack of funding for in-house research and development are all contributory to the problem.",1,2,125,130,Private sector; Government; Work (electrical); Expert witness; Law enforcement; Field (computer science); Computer security; Public relations; Computer science; Computer forensics; Digital forensics,,,,,https://dl.acm.org/doi/abs/10.1504/IJESDF.2007.016862 https://www.inderscienceonline.com/doi/abs/10.1504/IJESDF.2007.016862 https://dblp.uni-trier.de/db/journals/ijesdf/ijesdf1.html#Taal07,http://dx.doi.org/10.1504/ijesdf.2007.016862,,10.1504/ijesdf.2007.016862,2139281544,,0,,1,false,,
022-938-117-223-909,Design and implementation of a block-based lossless watermarking scheme,,2010,journal article,International Journal of Electronic Security and Digital Forensics,1751911x; 17519128,Inderscience Publishers,United Kingdom,Fawzy Ibrahim; M. Zaki,"High capacity reversible watermarking method based on block difference expansion is presented. The proposed scheme relies upon redundancy analysis for image authentication and tamper localisation. The performance of such scheme is compared with that of Tian. While Tian's algorithm is a pixel-based embedding scheme, the proposed method is a block-based embedding technique. Thus, it can be used with the following advantages: (1) possibility of providing more capacity for authentication data (2) no compression is needed (as in case of Tian's scheme) and (3) low time cost because of its reasonable complexity. To find out the embedding capacity both information and redundancy are examined for the underlying image. In addition a corresponding difference image is defined, its histogram is determined and its entropy and redundancy are computed. The proposed scheme creates an extra space for the authentication payload by making use of block difference expansion.",3,2,164,185,Algorithm; Digital watermarking; Pixel; Tian; Lossless watermarking; Time cost; Computer science; Embedding; Histogram; Entropy (information theory),,,,,https://www.inderscienceonline.com/doi/10.1504/IJESDF.2010.033784 https://dblp.uni-trier.de/db/journals/ijesdf/ijesdf3.html#IbrahimZ10,http://dx.doi.org/10.1504/ijesdf.2010.033784,,10.1504/ijesdf.2010.033784,2096003968,,0,010-423-042-177-734; 013-254-182-755-449; 013-959-215-137-824; 016-530-437-620-157; 028-129-947-206-102; 042-769-956-829-507; 043-472-929-547-554; 057-760-744-411-233; 058-722-723-786-764; 070-566-110-940-864; 086-755-606-681-222; 127-453-137-030-102; 169-738-837-701-58X; 178-957-848-232-033; 180-108-399-963-521; 183-373-469-194-34X,0,false,,
023-597-121-798-223,Forensic Extraction of EFS-Encrypted Files in Live System Investigation,2008-03-17,2008,journal article,Journal of Digital Forensic Practice,15567281; 15567346,Informa UK Limited,United States,Ewa Huebner; Derek Bem,"Encrypted files captured by acquiring a bit-by-bit image in the process of conventional forensic investigation are practically impossible to decrypt without knowing the key and the method of encryption. The Windows operating system provides the option to encrypt files using an encryption driver bundled with the New Technology File System (NTFS) file system, the so-called encrypting file system (EFS). EFS files can be manipulated transparently by the owner and the system administrator as long as they reside in an NTFS file system. In this article we demonstrate the methodology of extracting EFS-decrypted files from a live system. The method of extraction is built around a software utility, Robocopy, which does not modify any metadata of the file system during extraction. The hash value for the encrypted data calculated before and after the extraction is identical, so this approach can be considered to be forensically sound. We present a scenario that shows that live system investigation is indispensable in obtaining complete information about the system being examined. This information would be lost if conventional methods were applied, even when supplemented by the capture and analysis of physical memory.",2,1,1,12,File Control Block; Filesystem-level encryption; Unix file types; File system fragmentation; File system; Computer security; Computer science; Virtual file system; Database; Self-certifying File System; Computer file,,,,,https://dl.acm.org/doi/10.1080/15567280701721905 https://dblp.uni-trier.de/db/journals/jdfp/jdfp2.html#HuebnerB08 http://dblp.uni-trier.de/db/journals/jdfp/jdfp2.html#HuebnerB08 https://www.tandfonline.com/doi/full/10.1080/15567280701721905 https://dl.acm.org/citation.cfm?id=1451839.1451840,http://dx.doi.org/10.1080/15567280701721905,,10.1080/15567280701721905,2093344556,,0,020-059-232-319-347; 061-139-633-577-862; 080-351-281-760-491; 153-153-144-072-106; 155-310-759-030-139; 172-214-329-616-03X,5,false,,
025-413-390-011-47X,How to find exculpatory and inculpatory evidence using a circular digital forensics process model,,2009,journal article,International Journal of Electronic Security and Digital Forensics,1751911x; 17519128,Inderscience Publishers,United Kingdom,Marjan Khatir; Seyed Mahmood Hejazi,"With raising the number of cyber crimes, the need of having a proper digital forensic process also increases. Although digital forensics is practiced in recent years, there is still a big gap between previously suggested digital forensics processes and what is really needed to be done in real cases. Some problems with current processes are lack of flexible transition between phases, not having a clear method or a complete scenario for addressing reliable evidence, and not paying enough attention to management aspects and team roles. This article provides a process model by paying special attention to the team roles and management aspects as well as both exculpatory and inculpatory evidence.",2,1,68,76,Teamwork; Digital forensic process; Exculpatory evidence; Digital evidence; Computer security; Computer science; Process (engineering); Team Role Inventories; Computer forensics; Digital forensics,,,,,https://ui.adsabs.harvard.edu/abs/2008ges..conf...10K/abstract https://link.springer.com/content/pdf/10.1007%2F978-3-540-69403-8_2.pdf https://rd.springer.com/chapter/10.1007%2F978-3-540-69403-8_2 https://www.inderscienceonline.com/doi/abs/10.1504/IJESDF.2009.023877 https://dblp.uni-trier.de/db/journals/ijesdf/ijesdf2.html#KhatirH09 http://www.diva-portal.org/smash/record.jsf?pid=diva2:436813 https://www.inderscience.com/link.php?id=23877 https://link.springer.com/chapter/10.1007/978-3-540-69403-8_2,http://dx.doi.org/10.1504/ijesdf.2009.023877,,10.1504/ijesdf.2009.023877,2041229035,,0,001-009-008-665-240; 032-697-093-668-898; 034-916-306-834-918; 035-223-520-491-228; 056-590-277-527-716; 111-741-773-111-021; 184-948-841-629-735; 199-745-676-923-766,1,false,,
026-490-926-488-299,BioVault: biometrically based encryption,,2009,journal article,International Journal of Electronic Security and Digital Forensics,1751911x; 17519128,Inderscience Publishers,United Kingdom,B. L. Tait; S. H. Von Solms,"Biometric-based token authentication is an asymmetric (von Solms and Tait, 2005) authentication technology. This means that the reference token generated during the enrolment process and stored in the biometric database, will never match any freshly offered biometric token exactly (100%). This is commonly accepted due to the nature of the biometric algorithm (Wayman et al., 2004) central to the biometric environment. A password or pin on the other hand, is a symmetric authentication mechanism. This means that an exact match is expected, and if the offered password deviates ever so slightly from the password stored in the password database file, authenticity is rejected. Encryption technologies rely on symmetric authentication to function, as the password or pin is often used as the seed for a random number that will assist in the generation of the cipher. If the password used to encrypt the cipher is not 100% the same as the password supplied to decrypt, the cipher will not unlock. The asymmetric nature of biometrics traditionally renders biometric tokens unfit to be used as the secret key for an encryption algorithm. This article introduces a system that allows biometric tokens to be used as the secret key in an encryption algorithm. This method relies on the BioVault infrastructure. For this reason, BioVault will briefly be discussed, followed by a discussion of biometrically based encryption.",2,3,269,279,Password; Syskey; Zero-knowledge password proof; Cognitive password; Computer security; Computer science; S/KEY; Password strength; One-time password; Password policy,,,,,https://rd.springer.com/chapter/10.1007/978-3-642-04280-5_4 https://link.springer.com/chapter/10.1007/978-3-642-04280-5_4 https://www.inderscienceonline.com/doi/abs/10.1504/IJESDF.2009.027522 https://dblp.uni-trier.de/db/journals/ijesdf/ijesdf2.html#TaitS09 https://link.springer.com/content/pdf/10.1007%2F978-3-642-04280-5_4.pdf https://www.inderscience.com/link.php?id=27522,http://dx.doi.org/10.1504/ijesdf.2009.027522,,10.1504/ijesdf.2009.027522,2091401974,,0,033-175-991-415-698; 073-146-778-270-854; 113-114-063-444-526,0,false,,
026-794-402-013-471,Computer Printouts as Legal Evidence,2010-12-15,2010,journal article,Journal of Digital Forensic Practice,15567281; 15567346,Informa UK Limited,United States,Edward H. Freeman,ABSTRACT This article discusses computer--based information and its uses as evidence in legal proceedings. It explains the rules of evidence and their effect on an organization's management of its databases and describes methods of handling requests for production of computerized data.,3,2-4,98,105,Admissible evidence; Law and economics; Production (economics); Rules of evidence; Hearsay; Privilege (computing); Legal evidence; Computer security; Computer science; Best evidence rule,,,,,https://www.tandfonline.com/doi/full/10.1080/15567281.2010.536730 https://dblp.uni-trier.de/db/journals/jdfp/jdfp3.html#Freeman10,http://dx.doi.org/10.1080/15567281.2010.536730,,10.1080/15567281.2010.536730,1991139163,,0,,0,false,,
027-570-776-652-466,A Study of Current Trends in Database Forensics,2010-12-15,2010,journal article,Journal of Digital Forensic Practice,15567281; 15567346,Informa UK Limited,United States,Lawrence Suffern,"ABSTRACT The growth of databases as a means of storing critical data has made them an inviting target for criminal activity, which in turn has brought about the emerging area of database forensics. However, research in this area is just beginning, and few methods and tools designed for database forensic analysis exist at this time. Following a database security incident, it is essential to learn what data was exposed or damaged so that steps can be taken to mitigate the situation. The data cache, Structured Query Language (SQL) cache, and transaction log may contain important database forensic information. Research into database forensics has resulted in the development of some practical methods, as well as opened up potential areas for future database design. The future of database forensics lies not just in development of methods and tools but also in developing a thorough knowledge of database processes in order to advance the developing area of database forensics.",3,2-4,67,73,World Wide Web; Database design; Intelligent database; Database security; Database forensics; Database schema; Computer science; Network forensics; View; Database testing,,,,,https://dblp.uni-trier.de/db/journals/jdfp/jdfp3.html#Suffern10 https://www.tandfonline.com/doi/abs/10.1080/15567281.2010.500646,http://dx.doi.org/10.1080/15567281.2010.500646,,10.1080/15567281.2010.500646,2024984056,,0,000-853-465-742-472; 001-255-768-346-633; 010-715-519-043-632; 050-308-742-156-878; 065-210-303-569-91X; 085-214-277-668-01X; 106-865-640-867-523,3,false,,
032-192-641-675-455,Detecting file fragmentation point using sequential hypothesis testing,,2008,journal article,Digital Investigation,17422876,Elsevier BV,Netherlands,Anandabrata Pal; Husrev T. Sencar; Nasir Memon,"File carving is a technique whereby data files are extracted from a digital device without the assistance of file tables or other disk meta-data. One of the primary challenges in file carving can be found in attempting to recover files that are fragmented. In this paper, we show how detecting the point of fragmentation of a file can benefit fragmented file recovery. We then present a sequential hypothesis testing procedure to identify the fragmentation point of a file by sequentially comparing adjacent pairs of blocks from the starting block of a file until the fragmentation point is reached. By utilizing serial analysis we are able to minimize the errors in detecting the fragmentation points. The performance results obtained from the fragmented test-sets of DFRWS 2006 and 2007 show that the method can be effectively used in recovery of fragmented files.",5,,S2,S13,Data mining; Data file; Parallel computing; Fragmentation (computing); File system fragmentation; File carving; Digital device; Computer science; Data recovery; Sequential analysis; Statistical hypothesis testing,,,,,https://dblp.uni-trier.de/db/journals/di/di5.html#PalSM08 https://www.sciencedirect.com/science/article/pii/S174228760800039X https://nyuscholars.nyu.edu/en/publications/detecting-file-fragmentation-point-using-sequential-hypothesis-te-2 https://doi.org/10.1016/j.diin.2008.05.015 https://dl.acm.org/doi/10.1016/j.diin.2008.05.015 https://www.dfrws.org/2008/proceedings/p2-pal.pdf http://www.sciencedirect.com/science/article/pii/S174228760800039X,http://dx.doi.org/10.1016/j.diin.2008.05.015,,10.1016/j.diin.2008.05.015,2143757321,,4,007-901-016-367-02X; 020-569-163-258-930; 023-341-419-324-638; 023-539-140-993-037; 043-093-846-816-675; 078-303-134-163-197; 082-440-435-702-102; 085-214-277-668-01X; 088-996-750-795-806; 132-246-550-138-466; 148-400-423-300-612,83,true,cc-by-nc-nd,hybrid
035-414-084-362-623,Honey Tokens and Web Bugs: Developing Reactive Techniques for Investigating Phishing Scams,,2006,journal article,Journal of Digital Forensic Practice,15567281; 15567346,Informa UK Limited,United States,Craig M. McRae; Robert Wesley McGrew; Rayford B. Vaughn,"ABSTRACT This article presents a technique for investigating phishing scams. While most anti-phishing efforts focus on preventative measures, or reactive investigation techniques that are not specific to the domain of phishing, this technique applies the concepts of honeytokens and web bugs in a way that may reveal previously unknown information about the phisher. The objective of this work is to develop new ways of addressing phishing scams by exploiting vulnerabilities in the tools and methods used by the phishers. A review of phishing and current anti-phishing techniques is included, along with an introduction to honeytokens and web bugs. The technique is presented with preliminary data to demonstrate promise of the concept.",1,3,193,199,World Wide Web; Domain (software engineering); Computer security; Computer science; Phishing,,,,,https://dblp.uni-trier.de/db/journals/jdfp/jdfp1.html#McRaeMV06 https://www.tandfonline.com/doi/full/10.1080/15567280600995857,http://dx.doi.org/10.1080/15567280600995857,,10.1080/15567280600995857,1983125774,,0,,2,false,,
041-277-806-049-882,The persistence of memory: Forensic identification and extraction of cryptographic keys,,2009,journal article,Digital Investigation,17422876,Elsevier BV,Netherlands,Carsten Maartmann-Moe; Steffen E. Thorkildsen; André íRnes,"The increasing popularity of cryptography poses a great challenge in the field of digital forensics. Digital evidence protected by strong encryption may be impossible to decrypt without the correct key. We propose novel methods for cryptographic key identification and present a new proof of concept tool named Interrogate that searches through volatile memory and recovers cryptographic keys used by the ciphers AES, Serpent and Twofish. By using the tool in a virtual digital crime scene, we simulate and examine the different states of systems where well known and popular cryptosystems are installed. Our experiments show that the chances of uncovering cryptographic keys are high when the digital crime scene are in certain well-defined states. Finally, we argue that the consequence of this and other recent results regarding memory acquisition require that the current practices of digital forensics should be guided towards a more forensically sound way of handling live analysis in a digital crime scene.",6,,S132,S140,Encryption; Cryptographic primitive; Crime scene; Key management; Key (cryptography); Cryptographic protocol; Computer security; Computer science; Symmetric-key algorithm; Digital forensics,,,,,http://www.sciencedirect.com/science/article/pii/S1742287609000486 https://www.sciencedirect.com/science/article/abs/pii/S1742287609000486 https://doi.org/10.1016/j.diin.2009.06.002 https://dblp.uni-trier.de/db/journals/di/di6.html#Maartmann-MoeTA09 https://www.sciencedirect.com/science/article/pii/S1742287609000486 https://www.dfrws.org/2009/proceedings/p132-moe.pdf,http://dx.doi.org/10.1016/j.diin.2009.06.002,,10.1016/j.diin.2009.06.002,2136331433,,5,001-304-351-638-313; 020-753-903-845-023; 023-377-728-027-754; 030-121-862-351-330; 032-949-282-040-096; 037-282-902-853-127; 041-030-338-346-880; 042-793-944-798-15X; 058-506-167-305-248; 063-084-969-285-764; 064-388-382-052-645; 080-351-281-760-491; 102-056-552-754-419; 107-374-225-170-104; 141-445-106-549-822; 149-010-267-691-537; 155-302-434-131-038; 159-160-746-436-214; 184-948-841-629-735; 193-083-472-536-950; 197-159-965-693-448,48,true,cc-by-nc-nd,hybrid
042-450-851-467-680,Detecting false captioning using common-sense reasoning,,2006,journal article,Digital Investigation,17422876,Elsevier BV,Netherlands,Sangwon Lee; David A. Shamma; Bruce Gooch,"Detecting manipulated images has become an important problem in many domains (including medical imaging, forensics, journalism and scientific publication) largely due to the recent success of image synthesis techniques and the accessibility of image editing software. Many previous signal-processing techniques are concerned about finding forgery through simple transformation (e.g. resizing, rotating, or scaling), yet little attention is given to examining the semantic content of an image, which is the main issue in recent image forgeries. Here, we present a complete workflow for finding the anomalies within images by combining the methods known in computer graphics and artificial intelligence. We first find perceptually meaningful regions using an image segmentation technique and classify these regions based on image statistics. We then use AI common-sense reasoning techniques to find ambiguities and anomalies within an image as well as perform reasoning across a corpus of images to identify a semantically based candidate list of potential fraudulent images. Our method introduces a novel framework for forensic reasoning, which allows detection of image tampering, even with nearly flawless mathematical techniques.",3,,65,70,Digital image processing; Image segmentation; Feature detection (computer vision); Artificial intelligence; Image retrieval; Commonsense reasoning; Automatic image annotation; Information retrieval; Computer vision; Computer science; Computer graphics; Image processing,,,,,http://www.sciencedirect.com/science/article/pii/S1742287606000685 https://www.sciencedirect.com/science/article/pii/S1742287606000685 https://yonsei.pure.elsevier.com/en/publications/detecting-false-captioning-using-common-sense-reasoning https://doi.org/10.1016/j.diin.2006.06.006 https://dblp.uni-trier.de/db/journals/di/di3.html#LeeSG06 https://dl.acm.org/doi/10.1016/j.diin.2006.06.006,http://dx.doi.org/10.1016/j.diin.2006.06.006,,10.1016/j.diin.2006.06.006,2004711539,,0,006-033-598-743-983; 006-378-581-929-072; 008-633-799-741-257; 013-392-527-828-857; 015-851-827-476-104; 016-617-865-487-243; 019-649-904-231-79X; 031-075-146-866-220; 039-124-264-708-45X; 039-297-839-221-366; 045-568-616-540-617; 045-719-147-837-607; 045-981-655-378-439; 050-007-274-906-738; 051-388-541-746-459; 054-244-556-469-825; 062-480-042-724-512; 062-935-940-297-784; 069-528-465-236-961; 070-701-052-977-077; 075-286-905-404-93X; 076-198-255-092-415; 076-704-896-134-67X; 085-655-932-183-312; 088-324-350-683-491; 094-668-206-694-512; 095-657-818-735-736; 096-717-380-007-985; 098-786-697-583-552; 108-896-114-392-841; 115-858-345-941-648; 117-882-401-522-695; 125-162-036-005-386; 135-262-782-091-897; 138-113-346-753-33X; 173-881-114-277-726; 180-552-666-228-97X,19,true,cc-by-nc-nd,hybrid
043-705-762-299-193,Vision-based technique for secure recognition of voice-less commands,,2008,journal article,International Journal of Electronic Security and Digital Forensics,1751911x; 17519128,Inderscience Publishers,United Kingdom,Wai Chee Yau; Dinesh Kumar; Hans Weghorn,"This article presents a secure method for identification of voice-less commands using mouth images, without evaluating sound signals. The main limitation in voice recognition technologies for internet applications is that the commands will be audible to other people in the vicinity. The proposed technique identifies the unspoken utterances using support vector machines. The proposed system is based on temporal integration of the video data to generate spatiotemporal templates (STT). Sixty-four Zernike Moments are extracted from each STT. The experimental results demonstrate that the proposed system yields promising in recognising English phonemes. The proposed technique is demonstrated to be invariant to global variations of illumination level. Such a system could be invaluable when it is important to communicate without making a sound, such as giving passwords and internet applications on mobile devices.",1,4,323,335,Password; The Internet; Support vector machine; Artificial intelligence; Mobile device; Speech recognition; Vision based; Computer vision; Computer science; Invariant (mathematics); Zernike polynomials,,,,,https://www.inderscienceonline.com/doi/abs/10.1504/IJESDF.2008.02145 https://dblp.uni-trier.de/db/journals/ijesdf/ijesdf1.html#YauKW08 https://www.inderscience.com/link.php?id=21450,http://dx.doi.org/10.1504/ijesdf.2008.021450,,10.1504/ijesdf.2008.021450,2049781730,,0,015-522-377-591-609; 018-834-555-462-191; 018-835-513-079-324; 019-456-633-464-151; 032-281-086-102-256; 033-526-710-233-663; 037-317-510-227-546; 038-967-361-681-315; 060-350-535-366-137; 072-253-529-023-163; 085-543-975-386-420; 128-142-333-725-487; 135-913-430-618-313; 144-828-987-966-083; 149-575-175-018-239; 153-140-332-340-726; 157-838-172-895-801; 187-488-585-098-860,0,false,,
045-257-563-698-921,Perceptible watermarking: a promising application,,2010,journal article,International Journal of Electronic Security and Digital Forensics,1751911x; 17519128,Inderscience Publishers,United Kingdom,Malay Kishore Dutta,"This paper proposes an unusual method for perceptible watermarking algorithm based on the commercial requirements. An audio file is hosted in the website for commercial purpose with a removable watermarking on a portion of it. The objective of this watermark is contrary to that of conventional watermarking. The watermark degrades the quality of the audio file such that it becomes annoyingly perceptible to human auditory system. Chaos theory is used to generate millions of audibly similar but numerically different versions of the watermarked signal. On the removal of this perceptible watermark, a new imperceptible watermark is inserted in the audio as per the conventional requirements. This perceptible method of watermarking is termed as ink marking, and it provides a novel method for digital right management control. The subjective quality tests and robustness tests indicate that the audio quality is excellent. The algorithm is also robust to signal processing attacks.",3,4,363,375,Signal processing; Signal; Digital watermarking; Artificial intelligence; Watermark; Sound quality; Quality (business); Computer vision; Computer science; Multimedia; Digital rights management; Robustness (computer science),,,,,https://dl.acm.org/doi/abs/10.1504/IJESDF.2010.038614 https://www.inderscience.com/link.php?id=38614 https://dblp.uni-trier.de/db/journals/ijesdf/ijesdf3.html#Dutta10 https://www.inderscienceonline.com/doi/abs/10.1504/IJESDF.2010.038614,http://dx.doi.org/10.1504/ijesdf.2010.038614,,10.1504/ijesdf.2010.038614,2112730791,,0,001-306-724-293-960; 005-531-300-735-581; 009-791-745-094-55X; 030-972-927-246-239; 039-799-150-083-979; 041-437-373-580-036; 047-460-524-314-469; 048-867-353-164-312; 056-012-264-606-429; 101-416-923-138-632; 103-112-984-408-130; 186-280-888-196-303,0,false,,
045-545-834-607-021,Evaluation of cyber legislations: trading in the global cyber village,,2007,journal article,International Journal of Electronic Security and Digital Forensics,1751911x; 17519128,Inderscience Publishers,United Kingdom,Hamid Jahankhani,"The menace of organised crime and terrorist activity grows ever more sophisticated as the ability to enter, control and destroy our electronic and security systems grows at an equivalent rate. Cyber-crime (organised criminal acts using microchip and software manipulation) is the world's biggest growth industry and is now costing an estimated $220 billion loss to organisations and individuals, every year. There are serious threats to nations, governments, corporations and the most vulnerable group of all, individuals. Cyber-crime combines the same methods of traditional crime identifying targets, using surveillance and psychological profiling but has added-in levels of duplicity in that the perpetrator need never actually be at the scene of the crime. Indeed the traditional idea of a criminal gang is meaningless in that the unit may exist but each member resides on a different continent and never needs to physically meet. The types of attack individuals face include confidence-trick telephone calls or actual encounters calculated to extract bank or personal details, computer spyware that opens on accessing the internet, enticing users with offers of non-existent free gifts while copying confidential files and programmes that can infiltrate networks, operating within them undetected, ultimately causing them to crash. Information and services provided on the internet which can be utilised by any person(s) with access bring to fore the concept of legislations. Thus cyber laws and legislations refers to those guidelines and regulations put in place to ensure that information and services so displayed and acquired on the internet meet a standard within the e-society. This paper aims to review these legislations and showcasing their impact and relevance to the society for which they are formulated. Finally, the question whether the current internet legislation is adequate to protect society is also raised.",1,1,1,11,The Internet; Profiling (information science); Organised crime; Legislation; Copying; Computer security; Computer science; Online advertising; Confidentiality; Hacker,,,,,https://dblp.uni-trier.de/db/journals/ijesdf/ijesdf1.html#Jahankhani07 https://repository.uel.ac.uk/item/866q6 https://www.inderscienceonline.com/doi/abs/10.1504/IJESDF.2007.013588 https://www.inderscience.com/link.php?id=13588,http://dx.doi.org/10.1504/ijesdf.2007.013588,,10.1504/ijesdf.2007.013588,2166531541,,0,010-913-318-627-137; 027-323-011-044-348; 033-067-103-429-752; 056-927-979-798-650; 152-450-875-308-13X,4,true,cc0,green
046-973-884-620-547,Treasure and tragedy in kmem_cache mining for live forensics investigation,,2010,journal article,Digital Investigation,17422876,Elsevier BV,Netherlands,Andrew Case; Lodovico Marziale; Cris Neckar; Golden G. Richard,"This paper presents the first deep investigation of the kmem_cache facility in Linux from a forensics perspective. The kmem_cache is used by the Linux kernel to quickly allocate and deallocate kernel structures associated with processes, files, and the network stack. Our focus is on deallocated information that remains in the cache and the major contribution of this paper is to illustrate what forensically relevant information can be retrieved from the kmem_cache and what information is definitively not retrievable. We show that the kmem_cache contains a wealth of digital evidence, much of which was either previously unavailable or difficult to obtain, requiring ad hoc methods for extraction. Previously executed processes, memory mappings, sent and received network packets, NAT translations, accessed file system inodes, and more can all be recovered through examination of the kmem_cache contents. We also discuss portable methods for erasing this information, to ensure that private data is no longer recoverable.",7,,S41,S47,Operating system; Cache pollution; Cache; Cache coloring; Cache invalidation; Page cache; Cache algorithms; Computer science; Bus sniffing; Linux kernel; Database,,,,,http://www.sciencedirect.com/science/article/pii/S1742287610000332 https://dblp.uni-trier.de/db/journals/di/di7.html#CaseMNR10 https://www.sciencedirect.com/science/article/pii/S1742287610000332 https://dl.acm.org/doi/10.1016/j.diin.2010.05.006,http://dx.doi.org/10.1016/j.diin.2010.05.006,,10.1016/j.diin.2010.05.006,2103956577,,0,001-304-351-638-313; 011-569-292-128-546; 017-152-528-840-957; 019-661-085-144-255; 036-662-510-200-483; 058-448-820-778-759; 080-351-281-760-491; 141-445-106-549-822; 149-010-267-691-537; 150-249-549-372-358; 159-459-723-637-730,15,true,cc-by-nc-nd,hybrid
048-120-908-827-402,A new methodology for data coding and embedding for high-capacity transmitting,,2010,journal article,International Journal of Electronic Security and Digital Forensics,1751911x; 17519128,Inderscience Publishers,United Kingdom,Rajesh Kumar Tiwari; Gadadhar Sahoo,"The rapid development of internet opened up unlimited opportunities in the field of computing. However, it brought about a plethora of new issues and concerns, chief among them is the security of information that to be exchanged. Developing information hiding techniques have been seriously taken by many researchers, steganography, the science of embedding secret information into carrier image file is one of the main concern. In the current digital era, the steganographic methods may participate in the field of ultra wideband wireless communication, but the major hurdles is the pre-existing carrier with low embedding capacity. If we create the carrier file based on the transmitting message that will help us in two aspects, first it saves the bandwidth and second it maintains the utmost security as well. Unlike the other steganographic efforts, where data embedding in carrier file works in the principle of pre-existing carrier file, we propose here a method that works on the principle of creating its own carrier file based on the transmitting message. The major advantage of this approach is that there is never a mother carrier file created or exits in order to give a chance to other concerned to suspect the hiding of any secret file and at the same time, we utilise the minimum bandwidth with maximum security protection.",3,1,27,40,Steganography; The Internet; Bandwidth (computing); Information hiding; Computer security; Computer science; Embedding; Information security; Wireless; Image file formats,,,,,https://www.inderscienceonline.com/doi/abs/10.1504/IJESDF.2010.032329 https://dblp.uni-trier.de/db/journals/ijesdf/ijesdf3.html#TiwariS10 https://doi.org/10.1504/IJESDF.2010.032329 https://www.inderscience.com/link.php?id=32329,http://dx.doi.org/10.1504/ijesdf.2010.032329,,10.1504/ijesdf.2010.032329,2039920998,,0,002-192-823-632-773; 011-903-574-685-595; 028-038-085-809-431; 044-991-381-861-898; 045-964-724-948-542; 056-052-039-403-330; 059-263-073-614-763; 079-176-207-287-930; 084-935-739-580-981; 089-336-351-701-588; 113-683-759-006-946; 140-531-994-627-167; 142-506-417-981-965; 162-699-394-973-944; 172-727-660-265-210,4,false,,
049-313-374-093-607,The Acquisition and Analysis of Random Access Memory,2007-06-22,2007,journal article,Journal of Digital Forensic Practice,15567281; 15567346,Informa UK Limited,United States,Timothy Vidas,"ABSTRACT Mainstream operating systems (and the hardware they run on) fail to purge the contents of portions of volatile memory when that portion is no longer required for operation. Similar to how many file systems simply mark a file as deleted instead of actually purging the space that the file occupies on disk, random access memory (RAM) is commonly littered with old information in unallocated space waiting to be reused. Additionally, RAM contains constructs and caching regions that include a wealth of state-related information. The availability of this information, along with techniques to recover it, provides new methods for investigation. This article discusses the benefits and drawbacks of traditional incident response methods compared to an augmented model that includes the capture and subsequent analysis of a suspect system's memory, provides a foundation for analyzing captured memory, and provides suggestions for related work in an effort to encourage forward progress in this relatively new area ...",1,4,315,323,Memory-mapped file; Extended memory; Memory management; Computer science; Volatile memory; Interleaved memory; Memory map; Database; Computer memory; Registered memory,,,,,https://dblp.uni-trier.de/db/journals/jdfp/jdfp1.html#Vidas06 https://www.tandfonline.com/doi/full/10.1080/15567280701418171,http://dx.doi.org/10.1080/15567280701418171,,10.1080/15567280701418171,2048168101,,0,001-304-351-638-313; 003-919-715-432-564; 026-595-961-209-188; 057-143-267-854-504; 101-378-937-900-179; 105-427-271-392-801; 154-025-503-611-66X; 159-876-071-419-312,33,false,,
050-104-121-852-323,Exploring Investigative Methods for Identifying and Profiling Serial Bots,,2006,journal article,Journal of Digital Forensic Practice,15567281; 15567346,Informa UK Limited,United States,Robert Lyda; James Hamrock,"ABSTRACT Bots are malicious software programs surreptitiously installed on compromised computers accessible to the Internet. Supporting robust remote control and command capabilities for committing cyber fraud and crimes, bots have emerged in alarming numbers in recent years as one of the most prevalent malicious code threats on the internet. Despite their explosive growth, most bots are variations of a handful of popular bot families, which share a common architectural design and functional capabilities. We posit that many of the same bot authors are contributing to the growth of variants by continuously developing, modifying, and re-deploying the same bot programs. We refer to such bots as serial bots. This article investigates the bot phenomena by exploring methods to identify and profile serial bots. In the course of this examination, we discuss guidelines that digital forensics practitioners can apply to evaluate evidence residing in bots to support their criminal prosecutions and meet evidentiary re...",1,3,165,177,Internet privacy; The Internet; Profiling (computer programming); Architectural design; String analysis; Computer security; Computer science; Malware; Digital forensics,,,,,https://dblp.uni-trier.de/db/journals/jdfp/jdfp1.html#LydaH06 https://www.tandfonline.com/doi/full/10.1080/15567280600995782,http://dx.doi.org/10.1080/15567280600995782,,10.1080/15567280600995782,2017557624,,0,,1,false,,
050-526-626-953-699,A pragmatic approach to temporary payment card numbers,,2009,journal article,International Journal of Electronic Security and Digital Forensics,1751911x; 17519128,Inderscience Publishers,United Kingdom,David J. Boyd,"With the push towards electronic payments that use a smart card and authenticate the cardholder by his or her personal identification number, much fraud has switched to the residual payment methods that just rely on knowing the card number: card-not-present transactions. There are various countermeasures; notably some issuers allocate temporary card numbers (TCNs). The snag is that this is an online solution that requires the cardholder to be identified and authenticated over a separate and direct link between the cardholder and card issuer each time a number is allocated. Some off-line mechanisms have been proposed but those TCNs do not act as the cardholder's identifier. This paper examines a sample of online and off-line TCN mechanisms and then proposes an off-line mechanism that gives a comparable service to the online mechanisms. The cardholder's privacy is protected whilst still allowing proof of payment.",2,3,253,268,Internet privacy; Smart card; Payment; Card security code; Payment service provider; Issuing bank; Payment card; Personal identification number; Computer security; Computer science; Charge card,,,,,https://dblp.uni-trier.de/db/journals/ijesdf/ijesdf2.html#Boyd09 https://www.inderscienceonline.com/doi/abs/10.1504/IJESDF.2009.027521 https://dl.acm.org/doi/10.1504/IJESDF.2009.027521,http://dx.doi.org/10.1504/ijesdf.2009.027521,,10.1504/ijesdf.2009.027521,2107616962,,0,028-717-710-228-443; 050-987-791-936-43X; 055-096-678-428-196; 084-279-304-997-283; 084-750-275-122-93X; 187-704-820-243-807,1,false,,
053-515-652-296-042,Tracking online trails,,2008,journal article,International Journal of Electronic Security and Digital Forensics,1751911x; 17519128,Inderscience Publishers,United Kingdom,Man Qi; Denis Edgar-Nevill; Y. Wang; Rongsheng Xu,"Traceability is a key to the investigation of the internet criminal and a cornerstone of internet research. It is impossible to prevent all internet misuse but may be possible to identify and trace the users, and then take appropriate action. This article presents the value of traceability within the e-mail/news posting utilities, current online tracking methods, technologies being used to hide identities, difficulties involved in locating the traceable data and the challenges in tracking online trails. Due to the technological nature of cybercrimes, some unique challenges are involved in tracking sources. Anonymity and falsification are the two key ones. The offenders can take advantage of new advanced technologies to make the tracking more difficult and the investigation more challengeable. People even do not have to be technical to commit cybercrimes with easily mastered tools. Apart from technical solutions, international collaboration and law enforcement are very important to track online trails.",1,4,353,361,Internet privacy; The Internet; Internet research; Commit; Traceability; Anonymity; Key (cryptography); Law enforcement; Cornerstone; Computer security; Computer science,,,,,https://ui.adsabs.harvard.edu/abs/2008ges..conf...48Q/abstract https://www.inderscienceonline.com/doi/abs/10.1504/IJESDF.2008.021453 https://link.springer.com/chapter/10.1007%2F978-3-540-69403-8_6 https://rd.springer.com/chapter/10.1007/978-3-540-69403-8_6 https://dblp.uni-trier.de/db/journals/ijesdf/ijesdf1.html#QiEWX08 https://repository.canterbury.ac.uk/item/84vqy/tracking-online-trails,http://dx.doi.org/10.1504/ijesdf.2008.021453,,10.1504/ijesdf.2008.021453,2121869675,,0,006-509-337-267-158; 006-828-660-980-525; 009-238-360-936-521; 047-350-675-938-618; 095-159-338-945-679; 140-821-103-436-654; 150-674-582-613-771; 175-480-582-509-028; 191-109-327-411-836,0,false,,
055-915-511-599-512,An introduction to investigating IPv6 networks,,2007,journal article,Digital Investigation,17422876,Elsevier BV,Netherlands,Bruce J. Nikkel,"This practitioner paper provides an introduction to investigating IPv6 networks and systems. IPv6 addressing, packet structure, and supporting protocols are explained. Collecting information from IPv6 registries and databases such as WHOIS and DNS is demonstrated. Basic concepts and methods relevant for digital forensic investigators are highlighted, including the forensic analysis of IPv6 enabled systems. The enabling of IPv6 capability in a forensics lab is shown, including IPv6 connectivity and the use of IPv6 compatible tools. Collection and analysis of live network evidence from IPv6 networks is discussed, including investigation of remote IPv6 nodes, and promiscuous capture of IPv6 traffic.",4,2,59,67,World Wide Web; Network packet; Structure (mathematical logic); IPv6 address; Computer science; Network forensics; Digital forensics; IPv6,,,,,https://dx.doi.org/10.1016/j.diin.2007.06.001 http://dx.doi.org/10.1016/j.diin.2007.06.001 https://dl.acm.org/doi/10.1016/j.diin.2007.06.001 https://dblp.uni-trier.de/db/journals/di/di4.html#Nikkel07 http://digitalforensics.ch/nikkel07.pdf https://www.sciencedirect.com/science/article/pii/S1742287607000345 https://core.ac.uk/display/23515744,http://dx.doi.org/10.1016/j.diin.2007.06.001,,10.1016/j.diin.2007.06.001,2134992366,,2,015-079-087-627-921; 017-795-503-616-712; 018-467-941-961-210; 032-073-329-966-037; 038-334-024-979-831; 051-364-861-508-410; 068-696-163-691-172; 072-197-472-594-999; 074-781-752-797-737; 080-370-220-950-412; 084-059-496-309-03X; 085-543-239-834-977; 093-445-452-722-748; 100-790-333-753-76X; 103-497-774-754-449; 109-986-916-187-271; 115-592-458-673-939; 115-632-735-404-82X; 119-032-757-533-83X; 120-545-671-006-35X; 129-348-824-646-601; 129-817-022-298-624; 141-893-692-858-327; 150-297-426-194-199; 160-304-884-092-881; 175-588-227-385-360; 186-250-658-254-101; 188-247-906-501-307,20,true,,green
057-773-672-099-692,An Introduction to How Criminal Profiling Could Be Used as a Support for Computer Hacking Investigations,2009-09-09,2009,journal article,Journal of Digital Forensic Practice,15567281; 15567346,Informa UK Limited,United States,Lucas Donato,"ABSTRACT This article presents a review and a critical analysis of the literature and can be considered the initial stage of a study that attempts to improve computer forensics and cybercrime investigation when using criminal profiling. This research is based on the premise that the motivations behind any sort of crimes—and it is no different with cybercrimes, and more specifically in this article with computer hacking crimes—are a product of human society and, even when they present new methods and tools, its human nature that leads criminals to, sooner or later, commit mistakes. Therefore, the objective of this article is to link criminal profiling to computer hacking, identifying expressions of human psychological traits and adding new elements to digital investigation.",2,4,183,195,Internet privacy; Product (category theory); Commit; Premise; Cybercrime; Computer science; Offender profiling; Computer forensics; Hacker; sort,,,,,https://www.tandfonline.com/doi/full/10.1080/15567280903140946 https://dblp.uni-trier.de/db/journals/jdfp/jdfp2.html#Donato08 http://dblp.uni-trier.de/db/journals/jdfp/jdfp2.html#Donato08 https://doi.org/10.1080/15567280903140946,http://dx.doi.org/10.1080/15567280903140946,,10.1080/15567280903140946,1858205575,,0,009-325-162-025-802; 015-804-446-233-457; 023-016-686-736-152; 035-349-413-879-941; 038-241-822-624-717; 070-429-471-311-739; 126-300-324-509-916; 128-301-609-429-087; 140-730-540-277-926; 145-062-913-009-934; 196-931-134-971-149; 197-860-668-008-411,3,false,,
058-233-865-055-863,Verification of the Parameterization Methods in the Context of Automatic Recognition of Sounds Related to Danger,2010-03-18,2010,journal article,Journal of Digital Forensic Practice,15567281; 15567346,Informa UK Limited,United States,Pawel Zwan; Andrrzej Czyzewski,"Digital signal processing of sound is a domain with numerous applications in the telecommunications and informatics. These well-developed algorithms of the analysis of sound can be also applied in the field of security systems, where traditional monitoring is still based mainly on video cameras. The commonly used monitoring cameras can be equipped with additional microphones and the audio content can be analyzed by a monitoring program running on a dedicated hardware. This application can automatically detect in the audio stream events like a broken window, gunshot, explosion, or scream. One of the main parts of this system is a parameterization block. In this article two parameterization methods are proposed for this purpose. The first is based on the frequency analysis of the examples of the sound events. The second is based on using a standardized set of audio MPEG-7 and cepstral descriptors. The feature vectors calculated by these two methods have been used for the training of two intelligent classifiers: a support vector machines classifier (SVM) and a neural networks perceptron (NNP). The classifiers have been verified using of the cross-validation method. The results have been compared and conclusions derived. The application of the results in a system working in real conditions is presented and discussed at the end of the article. The work has been done in the frame of the international project “INDECT” (Intelligent Information System Supporting Observation, Searching and Detection for Security of Citizens in Urban Environment).",3,1,33,45,Support vector machine; Data mining; Monitoring program; Computer science; Artificial neural network; Perceptron; Feature vector; Digital signal processing; Cepstrum; Classifier (UML),,,,,https://dblp.uni-trier.de/db/journals/jdfp/jdfp3.html#ZwanC10 https://www.tandfonline.com/doi/full/10.1080/15567280903493881 https://doi.org/10.1080/15567280903493881,http://dx.doi.org/10.1080/15567280903493881,,10.1080/15567280903493881,2082300639,,0,002-979-636-221-791; 003-978-064-785-082; 007-141-734-571-464; 008-165-518-918-577; 020-616-459-451-632; 025-104-304-145-57X; 037-515-569-371-662; 038-730-677-443-019; 046-361-628-402-594; 053-704-982-016-78X; 070-769-908-889-658; 089-128-870-296-485; 093-789-981-387-147; 094-336-360-386-20X; 101-186-433-128-510; 102-376-433-879-959; 102-774-489-477-83X; 103-781-224-853-520; 104-853-579-778-896; 118-890-868-713-328; 123-743-830-835-216; 149-807-967-082-765,5,false,,
059-473-744-320-279,Structured Forensics Examination Planning with Domain Modeling: A Report of Three Experiment Trials,2010-03-18,2010,journal article,Journal of Digital Forensic Practice,15567281; 15567346,Informa UK Limited,United States,Alfred Christopher Bogen; David A. Dampier; Rayford B. Vaughn; Donna S. Reese; Edward B. Allen; Jeffrey C. Carver,"In any forensic investigation, planning and analysis activities are required in order to determine what digital media will be seized, what types of information will be sought in the examination, and how the examination will be conducted. Existing literature and suggested practices indicate that such planning should occur, but few tools provide support for such activities. Planning an examination may be an essential activity when investigators and technicians are faced with unfamiliar case types or unusually complex, large-scale cases. This article reports the results of empirical studies that evaluate two planning methods for planning computer forensics examinations: an experimental methodology that includes domain modeling and a typical planning method that does not include domain modeling. These studies were conducted to evaluate two research questions: Will the domain modeling of a computer forensics case during the planning phase result in an increased amount of evidence found in a digital forensics examination? Will an experimental “case domain modeling” methodology require a significant amount of additional effort when compared to a typical approach? Three experiment trials were conducted to evaluate the effectiveness of case domain modeling on simulated case scenarios. Analysis of the experiments indicates that case domain modeling in forensics planning requires an additional time investment and it can result in more evidence found during an examination and more effective keyword searches. Additionally, experimental data indicates that case domain modeling is most useful when the evidence disk has a relatively high occurrence of text-based documents and when vivid case background details are available.",3,1,23,32,Empirical research; Domain analysis; Digital media; Data science; Planning method; Computer science; Experimental data; Computer forensics; Digital forensics; Domain model,,,,,https://dblp.uni-trier.de/db/journals/jdfp/jdfp3.html#BogenDVRAC10 https://doi.org/10.1080/15567280903376896 https://www.tandfonline.com/doi/abs/10.1080/15567280903376896,http://dx.doi.org/10.1080/15567280903376896,,10.1080/15567280903376896,1978153659,,0,022-797-221-610-777; 033-419-371-275-223; 062-217-186-853-075; 071-269-562-942-065; 079-298-788-238-808; 103-314-900-915-828; 116-012-834-677-312; 118-095-530-189-407; 120-697-354-224-33X; 179-703-555-795-891; 194-615-309-709-20X,1,false,,
061-326-248-978-030,A correlation method for establishing provenance of timestamps in digital evidence,,2006,journal article,Digital Investigation,17422876,Elsevier BV,Netherlands,Bradley Schatz; George M. Mohay; Andrew Clark,"Establishing the time at which a particular event happened is a fundamental concern when relating cause and effect in any forensic investigation. Reliance on computer generated timestamps for correlating events is complicated by uncertainty as to clock skew and drift, environmental factors such as location and local time zone offsets, as well as human factors such as clock tampering. Establishing that a particular computer's temporal behaviour was consistent during its operation remains a challenge. The contributions of this paper are both a description of assumptions commonly made regarding the behaviour of clocks in computers, and empirical results demonstrating that real world behaviour diverges from the idealised or assumed behaviour. We present an approach for inferring the temporal behaviour of a particular computer over a range of time by correlating commonly available local machine timestamps with another source of timestamps. We show that a general characterisation of the passage of time may be inferred from an analysis of commonly available browser records.",3,,98,107,Timestamp; Data mining; Range (mathematics); Reverse engineering; Digital evidence; Computer science; Event (computing); Clock skew; Event correlation; Real-time computing; Digital forensics,,,,,https://www.sciencedirect.com/science/article/abs/pii/S1742287606000715 https://core.ac.uk/display/10887632 https://www.sciencedirect.com/science/article/pii/S1742287606000715 https://eprints.qut.edu.au/20576/ https://doi.org/10.1016/j.diin.2006.06.009 https://dblp.uni-trier.de/db/journals/di/di3.html#SchatzMC06 https://core.ac.uk/download/10887632.pdf,http://dx.doi.org/10.1016/j.diin.2006.06.009,,10.1016/j.diin.2006.06.009,1976107019,,2,000-537-535-465-34X; 006-710-976-927-25X; 007-714-095-251-936; 014-595-195-942-667; 046-505-599-865-150; 071-095-858-265-422; 088-676-229-893-621; 159-876-071-419-312,37,true,cc-by-nc-nd,hybrid
061-529-672-595-522,Forensic data recovery from the Windows Search Database,,2011,journal article,Digital Investigation,17422876,Elsevier BV,Netherlands,Howard Chivers; Christopher Hargreaves,"Windows Search maintains a single database of the files, emails, programmes and Internet history of all the users of a personal computer, providing a potentially valuable source of information for a forensic investigator, especially since some information within the database is persistent, even if the underlying data are not available to the system (e.g. removable or encrypted drives). However, when files are deleted from the system their record is also deleted from the database. Existing tools to extract information from Windows Search use a programmatic interface to the underlying database, but this approach is unable to recover deleted records that may remain in unused space within the database or in other parts of the file system. This paper explores when unavailable files are indexed, and therefore available to an investigator via the search database, and how this is modified by the indexer scope and by attributes that control the indexing of encrypted content. Obtaining data via the programmatic interface is contrasted with a record carving approach using a new database record carver (wdsCarve); the strengths and weaknesses of the two approaches are reviewed, and the paper identifies several different strategies that may be productive in recovering deleted database records.",7,3,114,126,Database tuning; Hierarchical database model; Database design; Intelligent database; Desktop search; Database schema; Computer science; View; Database; Database testing,,,,,https://www.sciencedirect.com/science/article/abs/pii/S1742287611000028 https://dl.acm.org/doi/10.1016/j.diin.2011.01.001 https://eprints.whiterose.ac.uk/75046/1/Forensic_Data_Recovery_From_The_Windows_Search_Database_preprint_DIIN328.pdf https://core.ac.uk/download/pdf/13505082.pdf https://core.ac.uk/display/13505082 https://doi.org/10.1016/j.diin.2011.01.001 https://dx.doi.org/10.1016/j.diin.2011.01.001 https://www.infona.pl/resource/bwmeta1.element.elsevier-65c9331d-2988-3343-b752-bfc69c8c4cf0 http://eprints.whiterose.ac.uk/75046/1/Forensic_Data_Recovery_From_The_Windows_Search_Database_preprint_DIIN328.pdf https://dl.acm.org/citation.cfm?id=2296265 https://dblp.uni-trier.de/db/journals/di/di7.html#ChiversH11 http://www.sciencedirect.com/science/article/pii/S1742287611000028 http://dx.doi.org/10.1016/j.diin.2011.01.001 https://core.ac.uk/download/13505082.pdf,http://dx.doi.org/10.1016/j.diin.2011.01.001,,10.1016/j.diin.2011.01.001,2102573472,,3,040-092-459-357-823,18,true,,green
062-883-928-100-414,Discovering Hidden Evidence,,2006,journal article,Journal of Digital Forensic Practice,15567281; 15567346,Informa UK Limited,United States,Chet Hosmer,"ABSTRACT Over the past decade, the advancement of a myriad of methods, techniques and technologies to conceal digital evidence and covertly communicate have increased at an alarming rate. In addition, new information suggests that the download of an arsenal of software tools that perform these functions further suggests greater interest and usage of such cyber weapons. Steganography is here, and combined with the Internet and peer to peer networking, it provides criminals, gangs and terrorists with a viable and covert method of communication with guaranteed evidence concealment. This article discusses, in detail, the state-of-the-art in the most advanced Steganography tools and techniques available to perpetrators today. We include statistics regarding Steganography expansion, growth and usage, and discuss the specific digital forensic artifacts that help lead to discovery and extraction. All of the image files used to develop this article are available for free download from the publisher's online editio...",1,1,47,56,Steganalysis; Steganography; The Internet; Steganography tools; Covert; Digital evidence; Computer security; Computer science; Peer-to-peer; Digital forensics,,,,,https://www.tandfonline.com/doi/abs/10.1080/15567280500541447 https://dblp.uni-trier.de/db/journals/jdfp/jdfp1.html#Hosmer06,http://dx.doi.org/10.1080/15567280500541447,,10.1080/15567280500541447,2069422663,,0,,22,false,,
064-351-581-797-616,Auditing Hash Sets: Lessons Learned from Jurassic Park,2008-12-09,2008,journal article,Journal of Digital Forensic Practice,15567281; 15567346,Informa UK Limited,United States,Jesse D. Kornblum,"Auditing a set of cryptographic hashes allows a forensic examiner to determine the state of a target directory as compared to those hashes. Unlike traditional hash comparison methods, an audit takes into account all of the files in the target directory and their relative paths. Not taking these data into account can impair examinations and tool certifications. An audit examines each file in the target directory, computes its hash, and compares it to a file containing the known hash values. Any file not in the set of known hashes is flagged as being inserted. When all of the files in the target directory have been examined, any known hashes that have not been matched are flagged as being missing. The result is a complete picture comparing the set of known hashes and the target directory.",2,3,108,112,Hash chain; Hash list; Set (abstract data type); SHA-2; Merkle tree; Hash tree; Directory; Computer science; Database; Hash function,,,,,https://www.tandfonline.com/doi/full/10.1080/15567280802385477 https://dblp.uni-trier.de/db/journals/jdfp/jdfp2.html#Kornblum08 http://dblp.uni-trier.de/db/journals/jdfp/jdfp2.html#Kornblum08 http://dx.doi.org/10.1080/15567280802385477 https://dl.acm.org/doi/10.1080/15567280802385477 https://dx.doi.org/10.1080/15567280802385477,http://dx.doi.org/10.1080/15567280802385477,,10.1080/15567280802385477,2049487832,,0,023-597-121-798-223; 058-205-117-706-853,2,false,,
064-608-732-369-725,Encryption safe harbours and data breach notification laws,,2010,journal article,Computer Law & Security Review,02673649,Elsevier BV,United Kingdom,Mark Burdon; Jason Reid; Rouhshi Low,"Data breach notification laws require organisations to notify affected persons or regulatory authorities when an unauthorised acquisition of personal data occurs. Most laws provide a safe harbour to this obligation if acquired data has been encrypted. There are three types of safe harbour: an exemption; a rebuttable presumption and factor-based analysis. We demonstrate, using three condition-based scenarios, that the broad formulation of most encryption safe harbours is based on the flawed assumption that encryption is the silver bullet for personal information protection. We then contend that reliance upon an encryption safe harbour should be dependent upon a rigorous and competent risk-based review that is required on a case-by-case basis. Finally, we recommend the use of both an encryption safe harbour and a notification trigger as our preferred choice for a data breach notification regulatory framework.",26,5,520,534,Business; Encryption; Information security management; Data breach; Personally identifiable information; Law; Silver bullet; Obligation; Rebuttable presumption; Data Protection Act 1998,,,,,https://eprints.qut.edu.au/37693/ https://www.sciencedirect.com/science/article/pii/S0267364910001056 https://dblp.uni-trier.de/db/journals/clsr/clsr26.html#BurdonRL10 https://espace.library.uq.edu.au/view/UQ:239168 http://www.sciencedirect.com/science/article/pii/S0267364910001056 https://core.ac.uk/download/10900776.pdf,http://dx.doi.org/10.1016/j.clsr.2010.07.002,,10.1016/j.clsr.2010.07.002,3124985924,,3,,4,true,,
066-533-656-318-326,Children and geotagged images: quantitative analysis for security risk assessment,,2012,journal article,International Journal of Electronic Security and Digital Forensics,1751911x; 17519128,Inderscience Publishers,United Kingdom,Joanne Kuzma,"This paper investigates the levels of geocoding images with children pictures and discusses privacy and safety issues that may affect children. This study analysed the number of geocoded images of children's pictures on Flickr, a popular image-sharing site. For 50 of the top most expensive residential zip codes in the USA, the number of images that had geolocation tags was counted. Results showed significant number of images with children's faces that had geotagged information. The location information could possibly be used to locate a child's home or other location based on information publicly available on Flickr. Publishing geolocation data raises concerns about privacy and security of children when such personalised information is available to internet users who may have dubious reasons for accessing this data. People should understand the implications of this technology and post only appropriate data to protect themselves and their children.",4,1,54,64,Internet privacy; Risk assessment; World Wide Web; Publishing; Geolocation; Quantitative analysis (finance); Zip code; Internet users; Computer science; Geocoding; Geotagging,,,,,https://eprints.worc.ac.uk/1547/ https://dblp.uni-trier.de/db/journals/ijesdf/ijesdf4.html#Kuzma12 http://www.inderscience.com/link.php?id=45390 https://www.inderscienceonline.com/doi/abs/10.1504/IJESDF.2012.045390 https://eprints.worc.ac.uk/1547/2/geocodenov2011ijesdf.pdf https://core.ac.uk/download/1915186.pdf,http://dx.doi.org/10.1504/ijesdf.2012.045390,,10.1504/ijesdf.2012.045390,2019957373,,0,008-606-469-426-189; 011-549-614-417-394; 015-369-189-468-277; 015-434-933-841-825; 016-127-926-558-745; 043-770-460-496-301; 051-668-591-619-606; 052-017-342-524-873; 077-977-456-868-338; 091-031-581-667-113; 188-117-754-943-206,4,true,cc0,green
070-054-261-247-654,Analyzing Spoofed E-mail Headers,,2006,journal article,Journal of Digital Forensic Practice,15567281; 15567346,Informa UK Limited,United States,Bob Radvanovsky,"ABSTRACT This document hopes to provide a fundamental understanding about how to read and interpret electronic mail headers, and what tools and methods may be utilized to interpret if they are legitimate or artificial. Some of the examples used within this document were taken from real-life electronic mail messages received by the author, and were felt to be authentic enough for inclusion for this topic. The document begins with a single example, and presents analysis, from start to finish, drawing any possible conclusion as to how to decipher the analysis.",1,3,231,243,World Wide Web; Inclusion (education); DECIPHER; Spoofing attack; Electronic mail; Computer science,,,,,https://dblp.uni-trier.de/db/journals/jdfp/jdfp1.html#Radvanovsky06 https://doi.org/10.1080/15567280601142178 https://www.tandfonline.com/doi/abs/10.1080/15567280601142178,http://dx.doi.org/10.1080/15567280601142178,,10.1080/15567280601142178,2057450754,,0,135-342-148-906-091,6,false,,
071-070-563-268-81X,PhishScope: Tracking Phish Server Clusters,,2006,journal article,Journal of Digital Forensic Practice,15567281; 15567346,Informa UK Limited,United States,John S. Quarterman,"ABSTRACT Phishing often seems an intractable problem, because phishers go to such lengths to hide their tracks by staging attacks through multiple countries and legal regimes. Targets of phishing and law enforcement thus have few levers to use against phishing. This article demonstrates one such lever: a method (PhishScope) for pinpointing a cluster of active phishing servers that are all connected to the same part of the same Internet service provider (ISP) and are thus located in the same legal regime. Targets of phishing can use information about phishing server clusters to encourage ISPs to take appropriate action such as taking down rogue servers. An ISP infested by a phishing cluster may be unaware of its presence, so the receipt of such information may be all it takes to persuade an ISP to take action. Law enforcement agencies (LEAs) may not want to expend any effort on a single phishing report, but a cluster of phishing servers, especially one that involves multiple targets of phishing, may be wor...",1,2,103,114,Internet privacy; Exploit; Botnet; Receipt; Law enforcement; Computer security; Computer science; Spoofed URL; Phishing; Server; Vulnerability (computing),,,,,https://dblp.uni-trier.de/db/journals/jdfp/jdfp1.html#Quarterman06,http://dx.doi.org/10.1080/15567280600995808,,10.1080/15567280600995808,2027063184,,0,,4,false,,
071-834-390-116-996,Supporting security against SYN flooding attacks in distributed denial-of-service via measuring internet protocol flow information export-based traffic,,2009,journal article,International Journal of Electronic Security and Digital Forensics,1751911x; 17519128,Inderscience Publishers,United Kingdom,H. Alipour; M. Esmaeili; Kashefi Kia,"Distributed denial-of-service (DDoS) attacks on public servers after 2000 have became a serious problem. In the DDoS attacks often seen recently, multiple distributed nodes concurrently attack a single server. To assure that essential network services will not be interrupted, faster and more effective defence mechanisms are needed to protect against malicious traffics, especially SYN floods. One of the problems in detecting SYN flood traffics is that server nodes or firewalls cannot distinguish the SYN packets of normal TCP connections from those of a SYN flood attack. Our method, FDFIX, relies on the use of monitoring and measurement techniques to evaluate the impact of denial-of-service (DoS) attacks. It uses flow-based measurements. Capturing flow information is very important for detecting DoS and other kinds of attacks. Flow monitoring allows detecting suspicious traffics, and in the next step can analyse attacking flows and the results can be used for defence methods. Our method provides required information for many mechanisms that use traffic measurement as its input.",2,1,49,57,SYN flood; Network packet; IP Flow Information Export; Flow monitoring; Computer network; Internet Protocol; Flow (mathematics); Computer security; Denial-of-service attack; Computer science; Server,,,,,https://www.inderscience.com/link.php?id=23875 https://www.inderscienceonline.com/doi/abs/10.1504/IJESDF.2009.023875 https://dblp.uni-trier.de/db/journals/ijesdf/ijesdf2.html#AlipourEK09,http://dx.doi.org/10.1504/ijesdf.2009.023875,,10.1504/ijesdf.2009.023875,2036321923,,0,000-714-572-360-752; 004-854-649-797-398; 030-970-826-117-48X; 045-166-622-882-339; 055-552-112-151-921; 055-649-885-312-572; 057-084-364-633-175; 061-203-150-269-869; 083-902-287-420-92X; 113-759-186-080-61X; 128-208-113-384-341; 146-364-198-604-813; 152-366-033-629-234; 152-422-722-505-804; 161-828-727-465-510; 162-598-911-610-12X; 164-100-855-943-668; 165-512-916-414-493,1,false,,
072-734-762-754-349,Radio frequency fingerprinting commercial communication devices to enhance electronic security,,2008,journal article,International Journal of Electronic Security and Digital Forensics,1751911x; 17519128,Inderscience Publishers,United Kingdom,William Suski; Michael A. Temple; Michael J. Mendenhall; Robert F. Mills,"There is a current shift toward protecting against unauthorised network access at the open systems interconnection physical layer by exploiting radio frequency characteristics that are difficult to mimic. This work addresses the use of RF 'fingerprints' to uniquely identify emissions from commercial devices. The goal is to exploit inherent signal features using a four step process that includes: 1. feature generation, 2. transient detection, 3. fingerprint extraction and 4. classification. Reliable transient detection is perhaps the most important step and is addressed here using a variance trajectory approach. Following transient detection, two fingerprinting and classification methods are considered, including 1. power spectral density (PSD) fingerprints with spectral correlation and 2. statistical fingerprints with multiple discriminant analysis-maximum likelihood (MDA-ML) classification. Each of these methods is evaluated using the 802.11a orthogonal frequency-division multiplexing (OFDM) signal. For minimal transient detection error, results show that amplitude-based detection is most effective for 802.11a OFDM signals. It is shown that MDA-ML classification provides approximately 8.5-9.0% better classification performance than spectral correlation over a range of analysis signal-to-noise ratios (SNRA) using three hardware devices from two manufacturers. Overall, greater than 80% classification accuracy is achieved for spectral correlation at SNRA > 6 dB and for MDA-ML classification at SNRA > -3 dB.",1,3,301,322,Artificial intelligence; Spectral density; Pattern recognition; Physical layer; Multiplexing; Fingerprint (computing); Transient (oscillation); Computer security; Orthogonal frequency-division multiplexing; Computer science; Multiple discriminant analysis; Radio frequency,,,,,https://www.inderscience.com/link.php?id=20946 https://dblp.uni-trier.de/db/journals/ijesdf/ijesdf1.html#SuskiTMM08 https://dl.acm.org/doi/10.1504/IJESDF.2008.020946 https://www.inderscienceonline.com/doi/abs/10.1504/IJESDF.2008.020946 https://dl.acm.org/citation.cfm?id=1454749,http://dx.doi.org/10.1504/ijesdf.2008.020946,,10.1504/ijesdf.2008.020946,2112338171,,0,007-141-734-571-464; 017-668-647-489-677; 022-090-881-787-210; 026-439-192-253-875; 041-813-551-001-233; 043-302-311-711-648; 052-879-573-132-964; 056-424-577-469-112; 064-340-074-573-948; 066-472-065-950-737; 085-391-765-861-326; 092-793-180-974-822; 106-142-719-531-708; 109-911-470-516-07X; 116-372-807-748-09X; 142-472-382-550-977; 143-935-087-533-984; 185-006-664-998-296; 193-966-320-077-213,59,false,,
073-695-675-203-95X,REGAP: A Tool for Unicode-Based Web Identity Fraud Detection,,2006,journal article,Journal of Digital Forensic Practice,15567281; 15567346,Informa UK Limited,United States,Anthony Y. Fu; Xiaotie Deng; Liu Wenyin,"ABSTRACT We anticipate the widespread usage of an internationalized resource identifier (IRI) 1 or internationalized domain name (IDN) 2 on the web as complement to universal resource identifier (URI). IRI/IDN is composed of characters in a subset of Unicode, such that a Unicode attack 3 to IRI/IDN could happen. Hence, visually or semantically, certain phishing IRI/IDNs may show high similarity to the real ones. The potential phishing attacks based on this strategy are very likely to happen in the near future with the boosting utilization of IRI/IDN. We invented a method to detect such phishing attack. We constructed a unicode character similarity list (UC-SimList) based on char-char visual and semantic similarities and use a nondeterministic finite automaton (NFA) 4 to identify the potential IRI/IDN-based phishing patterns. We implemented a phishing IRI/IDN pattern generation tool, REGAP, by which phishing IRI/IDN patterns can be generated into regular expressions (RE) for phishing IRI/IDN detection. We ...",1,2,83,97,Regular expression; World Wide Web; Nondeterministic finite automaton; Information retrieval; Identity fraud; Internationalized Resource Identifier; Uniform resource identifier; Pattern generation; Computer science; Unicode; Phishing,,,,,https://dx.doi.org/10.1080/15567280600995501 http://dx.doi.org/10.1080/15567280600995501 https://doi.org/10.1080/15567280600995501 https://dblp.uni-trier.de/db/journals/jdfp/jdfp1.html#FuDW06 https://www.tandfonline.com/doi/abs/10.1080/15567280600995501,http://dx.doi.org/10.1080/15567280600995501,,10.1080/15567280600995501,2072123701,,0,,11,false,,
074-807-554-462-816,Real time DDoS detection using fuzzy estimators,,2012,journal article,Computers & Security,01674048,Elsevier BV,United Kingdom,Stavros Shiaeles; Vasilios Katos; Alexandros Karakos; Basil K. Papadopoulos,"We propose a method for DDoS detection by constructing a fuzzy estimator on the mean packet inter arrival times. We divided the problem into two challenges, the first being the actual detection of the DDoS event taking place and the second being the identification of the offending IP addresses. We have imposed strict real time constraints for the first challenge and more relaxed constraints for the identification of addresses. Through empirical evaluation we confirmed that the detection can be completed within improved real time limits and that by using fuzzy estimators instead of crisp statistical descriptors we can avoid the shortcomings posed by assumptions on the model distribution of the traffic. In addition we managed to obtain results under a 3 sec detection window.",31,6,782,790,Data mining; Network packet; Estimator; Event (probability theory); Denial-of-service attack; Computer science; Fuzzy logic; Identification (information),,,,,https://pearl.plymouth.ac.uk/bitstream/10026.1/12691/1/1-s2.0-S0167404812000922-main.pdf http://sphinx.vtrip.net/wp-content/uploads/2013/pdf/publications/SPHINX_Paper_1.3_COSE.pdf http://dx.doi.org/10.1016/j.cose.2012.06.002 https://www.researchgate.net/profile/Stavros_Shiaeles/publication/235926911_Real_time_DDoS_detection_using_fuzzy_estimators/links/0c9605154e469183c3000000.pdf https://dblp.uni-trier.de/db/journals/compsec/compsec31.html#ShiaelesKKP12 http://www.sciencedirect.com/science/article/pii/S0167404812000922 https://puredev.port.ac.uk/en/publications/real-time-ddos-detection-using-fuzzy-estimators https://www.sciencedirect.com/science/article/pii/S0167404812000922 https://pearl.plymouth.ac.uk/handle/10026.1/12691 https://dx.doi.org/10.1016/j.cose.2012.06.002 https://core.ac.uk/download/161509134.pdf,http://dx.doi.org/10.1016/j.cose.2012.06.002,,10.1016/j.cose.2012.06.002,2037515642,,2,004-958-418-263-168; 007-570-930-783-996; 010-077-540-414-916; 012-676-277-376-007; 016-069-293-695-818; 017-251-546-879-162; 018-852-890-761-008; 022-539-133-857-655; 024-997-981-512-466; 035-031-752-285-232; 037-666-847-172-232; 041-715-189-572-148; 044-207-303-448-297; 048-307-990-352-820; 055-649-885-312-572; 057-973-382-980-410; 058-251-506-273-681; 058-488-795-152-493; 061-217-786-470-362; 062-381-889-734-86X; 062-545-984-689-970; 063-919-540-397-600; 065-954-726-530-728; 067-619-029-405-889; 069-369-641-479-431; 070-772-931-001-802; 077-041-992-329-604; 111-153-330-938-483; 111-390-107-410-466; 116-581-228-904-79X; 120-325-088-511-397; 121-925-707-429-807; 122-892-275-693-708; 124-161-928-981-963; 132-961-812-650-738; 143-585-663-061-202; 145-448-398-515-665; 148-998-524-403-839; 167-376-785-292-308; 172-755-574-664-088; 189-367-665-347-996; 193-431-185-074-798,68,true,cc-by-nc,green
085-343-554-667-033,High-speed search using Tarari content processor in digital forensics,,2008,journal article,Digital Investigation,17422876,Elsevier BV,Netherlands,Jooyoung Lee; Sung-Kyong Un; Dowon Hong,"Recently, ''Speed'' is one of the hot issues in digital forensics. Thanks to a recent advanced technology, today we can get bigger hard drive disks at a lower price than previously. But unfortunately, it means for forensic investigators that they need tremendous time and effort in the sequence of process of creating forensic images, searching into them and analyzing them. In order to solve this problem, some methods have been proposed to improve performance of forensic tools. One of them getting attention is a hardware-based approach. However, such a way is limited in the field of evidence cloning or password cracking while it is rarely used in searching and analysis of the digital evidence. In this paper, we design and implement a high-speed search engine using a Tarari content processor. Furthermore, we show feasibility of our approach by comparing its performance and features to those of a popular forensic tool currently on the market.",5,,S91,S95,Cloning (programming); World Wide Web; Order (exchange); Content processor; Digital evidence; Field (computer science); Password cracking; Computer science; Process (engineering); Multimedia; Digital forensics,,,,,https://www.sciencedirect.com/science/article/pii/S1742287608000388 https://www.dfrws.org/2008/proceedings/p91-lee_pres.pdf https://dl.acm.org/doi/10.1016/j.diin.2008.05.006 http://www.sciencedirect.com/science/article/pii/S1742287608000388 https://dblp.uni-trier.de/db/journals/di/di5.html#LeeUH08 https://doi.org/10.1016/j.diin.2008.05.006,http://dx.doi.org/10.1016/j.diin.2008.05.006,,10.1016/j.diin.2008.05.006,1990797171,,0,052-665-370-203-554; 102-602-192-826-532; 113-264-745-950-390; 196-787-983-201-436,14,true,cc-by-nc-nd,hybrid
086-938-632-051-111,A novel time-memory trade-off method for password recovery,,2009,journal article,Digital Investigation,17422876,Elsevier BV,Netherlands,Vrizlynn L. L. Thing; Hwei-Ming Ying,"As users become increasingly aware of the need to adopt strong password, it hinders the digital forensics investigations due to the password protection of potential evidence data. In this paper, we analyse and discuss existing password recovery methods, and identify the need for a more efficient and effective method to aid the digital forensics investigation process. We show that our new time-memory trade-off method is able to achieve up to a 50% reduction in terms of the storage requirement in comparison to the well-known rainbow table method while maintaining the same success rate. Even when taking into consideration the effect of collisions, we are able to demonstrate a significant increase (e.g. 13.28% to 19.14%, or up to 100% based on considering total plaintext-hash pairs generation) in terms of the success rate of recovery if the storage requirement and the computational complexity are to remain the same.",6,,S114,S120,Password; Computational complexity theory; Cryptanalysis; Computer security; Computer science; Rainbow table; Password strength; Digital forensics; Effective method; Reduction (complexity),,,,,https://www.sciencedirect.com/science/article/pii/S1742287609000462#! https://dl.acm.org/doi/10.1016/j.diin.2009.06.004 https://www.sciencedirect.com/science/article/pii/S1742287609000462 http://dfrws.org/2009/proceedings/p114-thing.pdf https://doi.org/10.1016/j.diin.2009.06.004 https://www.sciencedirect.com/science/article/abs/pii/S1742287609000462 https://isiarticles.com/bundles/Article/pre/pdf/23068.pdf https://dblp.uni-trier.de/db/journals/di/di6.html#ThingY09,http://dx.doi.org/10.1016/j.diin.2009.06.004,,10.1016/j.diin.2009.06.004,2108933516,,0,044-610-933-081-979; 047-765-581-706-060; 064-864-523-451-530; 067-293-008-185-082; 152-507-755-318-418; 157-968-198-734-606; 163-165-789-113-826; 163-705-108-545-565; 177-425-768-444-606,16,true,cc-by-nc-nd,hybrid
090-068-713-572-857,Forensic Twitter,2010-03-18,2010,journal article,Journal of Digital Forensic Practice,15567281; 15567346,Informa UK Limited,United States,Mark Pollitt,"One of the most interesting aspects of Web 2.0 technologies is how they have been adapted by users in ways not anticipated by the creators of the technology. We, as digital forensic practitioners, have to evolve our methods and approaches in response to both the technologies and their use. But that is “old hat” to us. After all, constant change and challenge are what attract most of us to this field.",3,1,1,3,Data science; Constant (mathematics); Field (Bourdieu); Digital evidence; Computer science; Digital forensics,,,,,http://dl.acm.org/citation.cfm?id=1805223.1805224,http://dx.doi.org/10.1080/15567280903171024,,10.1080/15567280903171024,2914274485,,0,,0,false,,
095-494-589-771-296,High capacity and secured methodologies for steganography,,2012,journal article,International Journal of Electronic Security and Digital Forensics,1751911x; 17519128,Inderscience Publishers,United Kingdom,Rajesh Kumar Tiwari,"In current digital era, people are using e-devices such as ipods, iphones and cell phones for capturing the static and dynamic images. However, these images have a compromised size and quality due to fixed memory dimension. But, in the multi-media messaging service (MMS) of cell phones and iphones, they may participate as a cover medium, strengthening the steganography communication. The different methods of steganography are mostly applied on image files to embed the data. In all these cases, the principle of replacing the entire or some parts of the chosen pixel may not be able to utilise all the available memory area of an image for the purpose of the secret data. This paper presents a new high capacity steganographic technique to hide information. Three different techniques out of which two are to embed the plain text and one is for all type of data to embed in image. Based on these methods, we have constructed secured MMS creator and short message service creator viewer in Microsoft platform for providing data embedding in new e-devices.",4,1,1,18,Steganography; Steganography tools; Pixel; Dimension (data warehouse); Cover (telecommunications); Computer security; Computer science; Plain text; Multimedia; Image file formats; Short Message Service,,,,,https://dblp.uni-trier.de/db/journals/ijesdf/ijesdf4.html#Tiwari12 https://www.inderscienceonline.com/doi/abs/10.1504/IJESDF.2012.045387 https://www.inderscience.com/link.php?id=45387,http://dx.doi.org/10.1504/ijesdf.2012.045387,,10.1504/ijesdf.2012.045387,2015470678,,0,011-903-574-685-595; 022-460-401-266-674; 028-038-085-809-431; 041-795-515-599-761; 044-991-381-861-898; 045-964-724-948-542; 048-120-908-827-402; 049-973-730-444-279; 056-052-039-403-330; 078-972-379-181-172; 079-176-207-287-930; 084-935-739-580-981; 089-336-351-701-588; 108-086-708-688-274; 113-683-759-006-946; 140-531-994-627-167; 172-727-660-265-210,1,false,,
098-857-083-857-534,Scientific underpinnings and background to standards and accreditation in digital forensics,,2011,journal article,Digital Investigation,17422876,Elsevier BV,Netherlands,Jason Beckett; Jill Slay,"Abstract With its use highlighted in many high profile court cases around the world, Digital forensics over the last decade has become an integral part of the modern legal system and corporate investigations. As the discipline grows and it use becomes widely accepted, there is a need to align it with traditional forensic sciences and move towards strengthening an accreditation regime for the discipline. This paper examines the origins of science and scientific method to form the core premises for establishing criteria to assess digital forensics as a science and hence justifying the basis for standards and accreditation.",8,2,114,121,Computer security; Computer science; Engineering ethics; Accreditation; Scientific method; Digital forensics,,,,,https://dblp.uni-trier.de/db/journals/di/di8.html#BeckettS11 https://www.sciencedirect.com/science/article/pii/S1742287611000661 https://dx.doi.org/10.1016/j.diin.2011.08.001 http://dx.doi.org/10.1016/j.diin.2011.08.001 http://www.sciencedirect.com/science/article/pii/S1742287611000661,http://dx.doi.org/10.1016/j.diin.2011.08.001,,10.1016/j.diin.2011.08.001,2077656476,,0,000-557-324-827-169; 002-702-684-301-487; 003-623-861-051-599; 008-201-414-319-938; 012-723-051-030-715; 018-804-658-663-933; 020-856-140-900-988; 024-066-562-741-584; 028-103-684-022-268; 029-160-529-912-567; 030-359-893-882-572; 038-668-970-194-854; 043-083-546-914-143; 046-015-348-618-436; 047-310-841-930-720; 055-846-648-067-457; 064-881-578-398-364; 067-938-325-014-282; 082-662-595-257-435; 085-379-403-609-164; 098-119-729-918-419; 099-260-308-235-782; 100-226-961-489-480; 101-440-319-450-443; 102-475-675-632-290; 103-327-744-686-658; 109-435-258-852-67X; 111-741-773-111-021; 114-791-371-428-899; 116-585-073-059-277; 122-988-175-691-701; 134-281-875-742-22X; 134-927-490-231-285; 138-927-365-940-299; 139-709-872-302-081; 145-743-906-992-348; 152-265-820-213-454; 159-021-500-439-319; 170-801-816-294-529; 172-214-329-616-03X; 189-598-793-297-549,11,true,,green
099-632-361-714-066,Tamper Detection in the EPC Network Using Digital Watermarking,,2011,journal article,IEEE Security & Privacy,15407993; 15584046,Institute of Electrical and Electronics Engineers (IEEE),United States,Shuihua Han; Chao-Hsien Chu; Zongwei Luo,One of the most relevant problems in radio frequency identification (RFID) technology is the lack of security measures in its wireless communication channel between the reader and tag. This article analyzes potential data tampering threats in the electronic product code (EPC) network and proposes solutions using fragile watermarking technologies.,9,5,62,69,Digital watermarking; Communication channel; Radio-frequency identification; Scheme (programming language); Electronic Product Code; Computer security; Computer science; Wireless; XML,,,,,http://yadda.icm.edu.pl/yadda/element/bwmeta1.element.ieee-000005871580 https://www.infona.pl/resource/bwmeta1.element.ieee-art-000005871580 https://ink.library.smu.edu.sg/cgi/viewcontent.cgi?article=2774&context=sis_research https://pennstate.pure.elsevier.com/en/publications/tamper-detection-in-the-epc-network-using-digital-watermarking https://ieeexplore.ieee.org/document/5871580 https://dblp.uni-trier.de/db/journals/ieeesp/ieeesp9.html#HanLL11 https://ink.library.smu.edu.sg/sis_research/1775/ https://www.computer.org/csdl/mags/sp/2011/05/msp2011050062.html https://core.ac.uk/download/13245915.pdf,http://dx.doi.org/10.1109/msp.2011.71,,10.1109/msp.2011.71,2087501598,,4,001-160-024-110-095; 022-116-838-060-975; 027-059-086-282-842; 028-889-804-792-820; 030-165-802-829-587; 035-900-423-047-059; 036-733-793-702-525; 044-197-634-350-810; 046-371-265-093-575; 072-719-429-027-302; 080-870-065-951-95X; 101-995-628-959-787; 106-645-775-472-612; 120-032-326-018-225; 132-832-215-469-200,4,true,cc-by-nc-nd,green
104-096-578-552-005,Leaving timing-channel fingerprints in hidden service log files,,2010,journal article,Digital Investigation,17422876,Elsevier BV,Netherlands,Bilal Shebaro; Fernando Pérez-González; Jedidiah R. Crandall,"Hidden services are anonymously hosted services that can be accessed over an anonymity network, such as Tor. While most hidden services are legitimate, some host illegal content. There has been a fair amount of research on locating hidden services, but an open problem is to develop a general method to prove that a physical machine, once confiscated, was in fact the machine that had been hosting the illegal content. In this paper we assume that the hidden service logs requests with some timestamp, and give experimental results for leaving an identifiable fingerprint in this log file as a timing channel that can be recovered from the timestamps. In 60 min, we are able to leave a 36-bit fingerprint that can be reliably recovered. The main challenges are the packet delays caused by the anonymity network that requests are sent over and the existing traffic in the log from the actual clients accessing the service. We give data to characterize these noise sources and then describe an implementation of timing-channel fingerprinting for an Apache web server based hidden service on the Tor network, where the fingerprint is an additive channel that is superencoded with a Reed-Solomon code for reliable recovery. Finally, we discuss the inherent tradeoffs and possible approaches to making the fingerprint more stealthy.",7,,S104,S113,Web server; Timestamp; Network packet; Anonymity; Host (network); Fingerprint (computing); Service (business); Computer security; Computer science; Channel (programming),,,,National Science Foundation; Xunta de Galicia; Spanish Ministry of Science and Innovation,http://www.comonsens.org/documents/conferences/144_ShebaroPerezCrandallDFRWS10.pdf https://doi.org/10.1016/j.diin.2010.05.013 http://www.sciencedirect.com/science/article/pii/S174228761000040X https://www.cs.unm.edu/~treport/tr/10-03/paper-2010-07.pdf https://core.ac.uk/display/21298566 http://www.cs.unm.edu/~treport/tr/10-03/paper-2010-07.pdf https://asu.pure.elsevier.com/en/publications/leaving-timing-channel-fingerprints-in-hidden-service-log-files https://dl.acm.org/doi/10.1016/j.diin.2010.05.013 https://www.sciencedirect.com/science/article/pii/S174228761000040X https://dblp.uni-trier.de/db/journals/di/di7.html#ShebaroPC10,http://dx.doi.org/10.1016/j.diin.2010.05.013,,10.1016/j.diin.2010.05.013,2058833769,,0,000-843-681-726-566; 002-829-051-910-424; 004-059-240-572-860; 006-975-372-306-771; 012-366-618-716-37X; 016-294-225-270-667; 019-479-220-584-720; 022-044-509-953-211; 026-462-639-811-374; 027-118-763-097-706; 027-876-079-722-23X; 042-526-085-995-238; 043-932-637-044-685; 069-914-656-150-082; 070-621-820-806-968; 072-568-774-701-411; 117-489-517-385-484; 122-825-872-738-871; 131-202-833-260-858; 146-858-886-380-913; 166-401-695-821-726,14,true,cc-by-nc-nd,hybrid
112-091-654-781-49X,Flash vulnerabilities analysis of US educational websites,,2010,journal article,International Journal of Electronic Security and Digital Forensics,1751911x; 17519128,Inderscience Publishers,United Kingdom,Joanne Kuzma; Colin Price; Richard Henson,"With the increase in online and web learning, schools are building the number of web-based applications using media like Flash. However, sites that use Flash and other types of media encounter problems with security. Issues are raised with how to protect personal data that are entered via these sites. The purpose of this study is to determine if Flash-based web application at US educational institutions protect the personal data of their consumers, and what levels of security vulnerability are shown. The research also shows the main types of security problems that are shown in the schools sites. To mitigate these vulnerabilities and provide a higher level of security during development, technical, procedural and managerial recommendations are presented.",3,2,95,107,Web application; Higher education; E-learning (theory); Flash (photography); Web learning; Online learning; Computer security; Computer science; Web application security; Data Protection Act 1998,,,,,https://eprints.worc.ac.uk/912/ https://dblp.uni-trier.de/db/journals/ijesdf/ijesdf3.html#KuzmaPH10 https://www.inderscienceonline.com/doi/abs/10.1504/IJESDF.2010.033779 https://dl.acm.org/doi/10.1504/IJESDF.2010.033779 https://eprints.worc.ac.uk/912/1/01_Kuzma.pdf https://core.ac.uk/download/1914692.pdf,http://dx.doi.org/10.1504/ijesdf.2010.033779,,10.1504/ijesdf.2010.033779,2151339826,,0,042-822-027-898-815; 070-891-748-532-391; 120-330-517-409-742; 133-142-617-519-31X; 154-577-824-024-066; 184-876-532-625-511,1,true,,green
116-136-918-261-896,The Cyber Threat to National Critical Infrastructures: Beyond Theory,2010-12-15,2010,journal article,Journal of Digital Forensic Practice,15567281; 15567346,Informa UK Limited,United States,Kenneth Geers,"ABSTRACT Adversary threats to critical infrastructures have always existed during times of conflict, but threat scenarios now include peacetime attacks from anonymous computer hackers. Current events, including examples from Israel and Estonia, prove that a certain level of real-world disorder can be achieved from hostile data packets alone. The astonishing achievements of cyber crime and cyber espionage – to which law enforcement and counterintelligence have found little answer – hint that more serious cyber attacks on critical infrastructures are only a matter of time. Still, national security planners should address all threats with method and objectivity. As dependence on IT and the Internet grow, governments should make proportional investments in network security, incident response, technical training, and international collaboration.",3,2-4,124,130,Internet privacy; Network security policy; Business; Counterintelligence; Law enforcement; Security service; Computer security; Adversary; Critical security studies; National security; Security studies,,,,,https://www.tandfonline.com/doi/full/10.1080/15567281.2010.536735 https://dblp.uni-trier.de/db/journals/jdfp/jdfp3.html#Geers10 https://doi.org/10.1080/15567281.2010.536735,http://dx.doi.org/10.1080/15567281.2010.536735,,10.1080/15567281.2010.536735,2162118087,,0,,5,false,,
116-191-444-772-142,Automated Windows Memory File Extraction for Cyber Forensics Investigation,2008-12-09,2008,journal article,Journal of Digital Forensic Practice,15567281; 15567346,Informa UK Limited,United States,Seyed Mahmood Hejazi; Mourad Debbabi; Chamseddine Talhi,"In digital forensics, the first step to conducting an investigation is to acquire evidence that is most related to the case. Containing most recently accessed data and information about the status of a system, physical memory is a valuable source of digital evidence. When a process runs or accesses a file, all or some parts of the process's executable or accessed data file are mapped into the physical memory. In this article, we propose various methods to find files and extract them from memory in order to rebuild executable and data files that existed in physical memory at the time of incident. We developed a memory analysis plug-in that uses this automated memory file extraction. Using this tool, we have been able to extract a wide range of data file types, including text, PDF, Java Archives (JAR), various logs, EVT (system event-log files, used by the system event viewer), HTML and many more. Investigators can use the result of this research in order to (1) compare the files found on disk with those extracted from memory to find possible tampering or (2) reconstruct those files that no longer exist on the disk. In addition, they can find the last file modifications that have not been mapped out to the corresponding files on the disk. Memory extracted files can be used for the purpose of correlation analysis along with other sources of evidence such as application or network log files, E-mail files, and data files found on disks.",2,3,117,131,Memory-mapped file; Data file; File Control Block; File synchronization; Unix file types; File system fragmentation; Flash file system; Computer science; Database; Computer file,,,,,https://dblp.uni-trier.de/db/journals/jdfp/jdfp2.html#HejaziDT08 https://espace2.etsmtl.ca/id/eprint/13707/ https://doi.org/10.1080/15567280802552829 https://www.tandfonline.com/doi/full/10.1080/15567280802552829 http://dblp.uni-trier.de/db/journals/jdfp/jdfp2.html#HejaziDT08 https://dl.acm.org/doi/10.1080/15567280802552829,http://dx.doi.org/10.1080/15567280802552829,,10.1080/15567280802552829,2016650184,,1,003-412-732-826-511; 017-152-528-840-957; 024-314-616-027-58X; 030-121-862-351-330; 043-416-692-708-842; 069-231-379-706-894; 075-060-008-987-440; 102-822-532-339-461; 105-427-271-392-801; 127-444-480-388-473; 135-682-482-440-347; 142-816-347-811-541; 149-010-267-691-537,1,false,,
120-462-880-448-150,Live Analysis: Progress and Challenges,,2009,journal article,IEEE Security & Privacy Magazine,15407993; 15584046,Institute of Electrical and Electronics Engineers (IEEE),United States,Brian Hay; Kara Nance; Matt Bishop,"As computer technologies become increasingly ubiquitous, so must supporting digital forensics tools and techniques for efficiently and effectively analyzing associated systems' behavior. Live analysis is a logical and challenging step forward in this area and a method that has recently received increased R&D focus. This article describes some live analysis approaches as well as tools and techniques for live analysis on real and virtual machines. The discussion includes research challenges and open problems.",7,2,30,37,World Wide Web; Forensic science; Cryptography; Data science; Virtual machine; Live analysis; Focus (computing); Computer science; Digital forensics,,,,,https://dblp.uni-trier.de/db/journals/ieeesp/ieeesp7.html#HayBN09 http://dx.doi.org/10.1109/MSP.2009.43 http://yadda.icm.edu.pl/yadda/element/bwmeta1.element.ieee-000004812154 https://doi.org/10.1109/MSP.2009.43 https://www.infona.pl/resource/bwmeta1.element.ieee-art-000004812154 http://ieeexplore.ieee.org/xpl/freeabs_all.jsp?arnumber=4812154 https://www.computer.org/csdl/magazine/sp/2009/02/msp2009020030/13rRUxbCbrJ https://ieeexplore.ieee.org/document/4812154/ https://dx.doi.org/10.1109/MSP.2009.43,http://dx.doi.org/10.1109/msp.2009.43,,10.1109/msp.2009.43,1979319057,,0,002-495-833-326-831; 010-241-132-069-684; 014-821-022-292-339; 026-810-683-474-561; 038-914-873-897-532; 043-416-692-708-842; 054-507-171-824-189; 099-717-679-430-808; 105-427-271-392-801; 141-445-106-549-822,59,false,,
135-846-709-699-328,Mining Criminal Networks from Unstructured Text Documents,,2012,journal article,Digital Investigation,17422876,Elsevier BV,Netherlands,Rabeah Al-Zaidy; Benjamin C. M. Fung; Amr M. Youssef; Francis Fortin,"Digital data collected for forensics analysis often contain valuable information about the suspects’ social networks. However, most collected records are in the form of unstructured textual data, such as e-mails, chat messages, and text documents. An investigator often has to manually extract the useful information from the text and then enter the important pieces into a structured database for further investigation by using various criminal network analysis tools. Obviously, this information extraction process is tedious and errorprone. Moreover, the quality of the analysis varies by the experience and expertise of the investigator. In this paper, we propose a systematic method to discover criminal networks from a collection of text documents obtained from a suspect’s machine, extract useful information for investigation, and then visualize the suspect’s criminal network. Furthermore, we present a hypothesis generation approach to identify potential indirect relationships among the members in the identified networks. We evaluated the effectiveness and performance of the method on a real-life cybercrimine case and some other datasets. The proposed method, together with the implemented software tool, has received positive feedback from the digital forensics team of a law enforcement unit in Canada.",8,3,147,160,Information extraction; Data science; Suspect; Digital data; Quality (business); Enforcement; Network analysis; Computer science; Process (engineering); Digital forensics,,,,,http://dmas.lab.mcgill.ca/fung/pub/AFYF12diin.pdf https://core.ac.uk/display/11081272 https://spectrum.library.concordia.ca/974920/1/mining_criminal_networks.pdf https://www.sciencedirect.com/science/article/abs/pii/S1742287612000023 https://dblp.uni-trier.de/db/journals/di/di8.html#Al-ZaidyFYF12,http://dx.doi.org/10.1016/j.diin.2011.12.001,,10.1016/j.diin.2011.12.001,2149260931,,1,001-381-793-304-07X; 001-978-314-030-895; 010-918-932-001-620; 012-350-773-697-360; 014-761-788-507-645; 021-352-326-159-603; 021-401-271-433-019; 037-038-397-047-452; 037-927-986-476-095; 072-391-331-317-989; 103-391-142-802-697; 113-317-142-937-273; 119-224-149-775-874; 126-424-116-981-962; 127-767-955-792-282,55,true,,green
140-705-226-428-031,A new spread spectrum watermarking method using two levels DCT,,2010,journal article,International Journal of Electronic Security and Digital Forensics,1751911x; 17519128,Inderscience Publishers,United Kingdom,Amir Hossein Taherinia; Mansour Jamzad,,3,1,1,1,Computer science; Digital watermarking; Discrete cosine transform; Computer security; Spread spectrum; Spectrum (functional analysis); Computer vision; Artificial intelligence; Algorithm; Telecommunications; Image (mathematics); Channel (broadcasting); Physics; Quantum mechanics,,,,,,http://dx.doi.org/10.1504/ijesdf.2010.032328,,10.1504/ijesdf.2010.032328,,,0,,1,false,,
151-061-311-529-230,A framework for attack patterns' discovery in honeynet data,,2008,journal article,Digital Investigation,17422876,Elsevier BV,Netherlands,Olivier Thonnard; Marc Dacier,"Collecting data related to Internet threats has now become a relatively common task for security researchers and network operators. However, the huge amount of raw data can rapidly overwhelm people in charge of analyzing such data sets. Systematic analysis procedures are thus needed to extract useful information from large traffic data sets in order to assist the analyst's investigations. This work describes an analysis framework specifically developed to gain insights into honeynet data. Our forensics procedure aims at finding, within an attack data set, groups of network traces sharing various kinds of similar patterns. In our exploratory data analysis, we seek to design a flexible clustering tool that can be applied in a systematic way on different feature vectors characterizing the attacks. In this paper, we illustrate the application of our method by analyzing one specific aspect of the honeynet data, i.e. the time series of the attacks. We show that clustering attack patterns with an appropriate similarity measure provides very good candidates for further in-depth investigation, which can help us to discover the plausible root causes of the underlying phenomena. The results of our clustering on time series analysis enable us to identify the activities of several worms and botnets in the collected traffic.",5,,S128,S139,Knowledge extraction; Exploratory data analysis; Data mining; Raw data; Honeypot; Botnet; Attack patterns; Traffic analysis; Computer science; Cluster analysis,,,,,http://www.eurecom.fr/en/publication/2574 https://dblp.uni-trier.de/db/journals/di/di5.html#ThonnardD08 https://www.sciencedirect.com/science/article/pii/S1742287608000431 https://www.sciencedirect.com/science/article/abs/pii/S1742287608000431 https://www.eurecom.fr/en/publication/2574/download/ce-thonol-080612.pdf,http://dx.doi.org/10.1016/j.diin.2008.05.012,,10.1016/j.diin.2008.05.012,2150142104,,2,005-731-357-809-621; 007-260-783-794-308; 010-912-328-171-01X; 017-711-734-592-577; 018-948-184-541-960; 019-618-174-825-497; 025-187-611-382-07X; 033-354-890-852-411; 035-653-329-222-636; 037-001-023-279-866; 040-998-758-107-489; 054-939-016-070-814; 062-375-745-567-299; 062-972-456-275-842; 067-362-108-057-578; 081-976-760-675-020; 103-708-212-759-464; 108-755-120-697-343; 114-115-555-079-976; 146-975-888-739-515; 168-493-303-499-04X; 168-868-239-824-634; 193-350-189-986-335; 193-533-346-018-867; 197-496-754-063-355,83,true,cc-by-nc-nd,hybrid
153-311-765-915-285,Image encryption using HC-128 and HC-256 stream ciphers,,2012,journal article,International Journal of Electronic Security and Digital Forensics,1751911x; 17519128,Inderscience Publishers,United Kingdom,Alireza Jolfaei; Ahmadreza Vizandan; Abdolrasoul Mirghadri,"In this paper, we surveyed HC-128 and HC-256 as methods for protecting the distribution of digital images in an efficient and secure way. We proposed the Hongjun Cipher (HC) image encryption algorithm based on column-wise raster scanning of the plain image. Then, we performed a series of tests and some comparisons to justify the efficiency of surveyed algorithms for image encryption. These tests included key space analysis, visual test and histogram analysis, randomness analysis, information entropy, encryption quality, correlation analysis, differential analysis, sensitivity analysis and performance analysis. Based on all analysis and experimental results, it can be concluded that the two variants of HC scheme are efficient, feasible and trustworthy to be adopted for image encryption.",4,1,19,42,Key space; Algorithm; Disk encryption theory; Encryption; Cipher; HC-256; Computer science; Digital image; Deterministic encryption; Theoretical computer science; Stream cipher,,,,,https://researchers.mq.edu.au/en/publications/image-encryption-using-hc-128-and-hc-256-stream-ciphers http://www.inderscience.com/link.php?id=45388 https://dblp.uni-trier.de/db/journals/ijesdf/ijesdf4.html#JolfaeiVM12 https://www.inderscienceonline.com/doi/abs/10.1504/IJESDF.2012.045388,http://dx.doi.org/10.1504/ijesdf.2012.045388,,10.1504/ijesdf.2012.045388,2150544065,,0,000-779-529-267-883; 002-264-541-100-082; 006-247-595-060-531; 010-423-042-177-734; 018-470-140-612-237; 020-059-232-319-347; 030-341-379-300-730; 035-388-915-226-942; 047-123-462-306-158; 051-335-018-195-77X; 061-881-749-976-837; 062-950-078-832-455; 063-540-073-611-21X; 073-265-669-526-55X; 074-273-848-019-787; 086-122-528-303-321; 086-360-523-286-132; 108-866-156-781-418; 113-319-769-711-103; 124-923-667-201-479; 125-974-340-625-516; 131-078-473-399-307; 137-388-877-442-991; 152-943-382-263-119; 153-462-002-045-339; 158-261-575-945-749; 164-572-426-685-58X,10,false,,
154-517-106-328-503,An automated timeline reconstruction approach for digital forensic investigations,,2012,journal article,Digital Investigation,17422876,Elsevier BV,Netherlands,Christopher Hargreaves; Jonathan Patterson,"Existing work on digital forensics timeline generation focuses on extracting times from a disk image into a timeline. Such an approach can produce several million ‘low-level’ events (e.g. a file modification or a Registry key update) for a single disk. This paper proposes a technique that can automatically reconstruct high-level events (e.g. connection of a USB stick) from this set of low-level events. The paper describes a framework that extracts low-level events to a SQLite backing store which is automatically analysed for patterns. The provenance of any high-level events is also preserved, meaning that from a high-level event it is possible to determine the low-level events that caused its inference, and from those, the raw data that caused the low-level event to be initially created can also be viewed. The paper also shows how such high-level events can be visualised using existing tools.",9,,S69,S79,Timestamp; Automation; Data mining; Set (abstract data type); Event reconstruction; Visualization; Computer science; Timeline; Event (computing); Digital forensics,,,,,https://dblp.uni-trier.de/db/journals/di/di9.html#HargreavesP12 http://dspace.lib.cranfield.ac.uk/bitstream/1826/8103/1/DFRWS_2012_RC5c.pdf https://www.sciencedirect.com/science/article/pii/S174228761200031X https://www.sciencedirect.com/science/article/abs/pii/S174228761200031X https://dspace.lib.cranfield.ac.uk/handle/1826/8103 https://core.ac.uk/display/19542424 https://dspace.lib.cranfield.ac.uk/bitstream/1826/8103/1/DFRWS_2012_RC5c.pdf,http://dx.doi.org/10.1016/j.diin.2012.05.006,,10.1016/j.diin.2012.05.006,2009229022,,0,000-537-535-465-34X; 012-649-691-693-493; 024-503-401-931-849; 054-507-171-824-189; 060-650-561-577-338; 064-170-716-528-26X; 087-690-831-820-163; 162-201-727-094-331; 177-965-894-694-179,95,true,cc-by-nc-nd,hybrid
158-180-006-109-965,Integrating security and usability into the requirements and design process,,2007,journal article,International Journal of Electronic Security and Digital Forensics,1751911x; 17519128,Inderscience Publishers,United Kingdom,Ivan Flechais; Cecilia Mascolo; M. Angela Sasse,"According to Ross Anderson, 'Many systems fail because their designers protect the wrong things or protect the right things in the wrong way'. Surveys also show that security incidents in industry are rising, which highlights the difficulty of designing good security. Some recent approaches have targeted security from the technological perspective, others from the human computer interaction angle, offering better User Interfaces (UIs) for improved usability of security mechanisms. However, usability issues also extend beyond the user interface and should be considered during system requirements and design. In this paper, we describe Appropriate and Effective Guidance for Information Security (AEGIS), a methodology for the development of secure and usable systems. AEGIS defines a development process and a UML meta-model of the definition and the reasoning over the system's assets. AEGIS has been applied to case studies in the area of Grid computing and we report on one of these.",1,1,12,26,Security through obscurity; Computer security model; Usability; Cloud computing security; Security testing; Security service; Computer security; Computer science; Information security; Human-computer interaction in information security,,,,,https://www.cs.ox.ac.uk/publications/publication2325-abstract.html https://www.researchgate.net/profile/Angela_Sasse/publication/228748337_Integrating_security_and_usability_into_the_requirements_and_design_process/links/0912f50be96992e57b000000.pdf?disableCoverPage=true https://dx.doi.org/10.1504/IJESDF.2007.013589 https://dl.acm.org/doi/10.1504/IJESDF.2007.013589 https://discovery.ucl.ac.uk/20264/1/20264.pdf https://www.inderscienceonline.com/doi/abs/10.1504/IJESDF.2007.013589 http://www.inderscience.com/link.php?id=13589 http://discovery.ucl.ac.uk/id/eprint/20264/ https://dl.acm.org/citation.cfm?id=1359299 https://www.cl.cam.ac.uk/~cm542/papers/icges.pdf http://dx.doi.org/10.1504/IJESDF.2007.013589 https://discovery.ucl.ac.uk/id/eprint/20264/ https://doi.org/10.1504/IJESDF.2007.013589 https://dblp.uni-trier.de/db/journals/ijesdf/ijesdf1.html#FlechaisMS07 https://core.ac.uk/download/pdf/1688780.pdf,http://dx.doi.org/10.1504/ijesdf.2007.013589,,10.1504/ijesdf.2007.013589,2106798436,,0,005-766-603-760-836; 010-545-910-576-280; 015-556-494-609-324; 023-377-728-027-754; 027-573-087-958-471; 029-998-604-573-710; 036-283-357-098-856; 038-395-829-222-050; 039-587-992-216-489; 046-761-971-051-974; 071-057-675-287-939; 074-675-142-857-668; 081-940-633-390-327; 106-376-117-430-442; 109-932-529-571-755; 129-306-358-088-685; 130-471-532-794-599; 135-667-336-473-575; 168-673-379-743-852,88,true,,green
160-920-692-704-627,A robust spread spectrum watermarking method using two levels DCT,,2009,journal article,International Journal of Electronic Security and Digital Forensics,1751911x; 17519128,Inderscience Publishers,United Kingdom,Amir Hossein Taherinia; Mansour Jamzad,,2,3,280,,,,,,,,http://dx.doi.org/10.1504/ijesdf.2009.027523,,10.1504/ijesdf.2009.027523,,,0,,5,false,,
177-032-114-032-832,A robust spread spectrum watermarking method using two levels DCT,2009-07-01,2009,journal article,International Journal of Electronic Security and Digital Forensics,1751911x; 17519128,Inderscience Enterprises Ltd.,United Kingdom,Amir Hossein Taherinia; Mansour Jamzad,"In this paper, a discrete cosine transform (DCT) based blind watermarking scheme based on spread spectrum communications is proposed. We perform block-based DCT (BDCT) on the host image; then using the DC coefficients of each block, we construct a low-resolution approximation image. We apply BDCT on this approximation image, then watermark is embedded by adding a pseudo random noise sequence into its high frequencies. In detection stage, we extract the approximation image from the watermarked image, then the same pseudo random noise sequence is generated, and its correlation is computed with high frequencies of the watermarked approximation image. In our method, higher robustness is obtained because of embedding the watermark in low frequencies. In addition, higher imperceptibility is gained by scattering the watermark's bit in different blocks. Compared with related works, our method proved to be highly resistant in cases of many common attacks, while preserving high peak signal to noise ratio for the watermarked images.",2,1,280,305,Spread spectrum; Algorithm; Digital watermarking; Pseudorandom noise; Block (data storage); Watermark; Discrete cosine transform; Computer science; Signal-to-noise ratio; Theoretical computer science; Robustness (computer science),,,,,https://www.inderscience.com/link.php?id=32328 https://dblp.uni-trier.de/db/journals/ijesdf/ijesdf3.html#TaheriniaJ10 https://dblp.uni-trier.de/db/journals/ijesdf/ijesdf2.html#TaheriniaJ09 https://www.inderscienceonline.com/doi/abs/10.1504/IJESDF.2010.032328,https://www.inderscience.com/link.php?id=32328,,,2018530450,,0,001-281-186-149-612; 003-185-713-494-438; 007-139-665-375-888; 019-104-252-306-759; 022-029-330-458-020; 039-153-412-687-64X; 039-164-713-508-477; 041-928-975-226-09X; 057-263-797-627-84X; 058-344-830-088-51X; 059-424-418-237-292; 059-768-301-400-796; 077-080-603-747-004; 081-233-076-740-677; 081-689-624-355-119; 086-036-670-149-74X; 092-639-699-909-482; 092-653-735-289-542; 098-710-797-991-050; 102-478-462-148-538; 106-190-018-166-388; 115-844-893-847-68X; 130-064-368-166-25X; 137-685-737-469-763,10,false,,