Advances in Digital Forensics XVII: 17th IFIP WG 11.9 International Conference, Virtual Event, February 1–2, 2021, Revised Selected Papers (IFIP ... and Communication Technology, 612)
معرفی کتاب «Advances in Digital Forensics XVII: 17th IFIP WG 11.9 International Conference, Virtual Event, February 1–2, 2021, Revised Selected Papers (IFIP ... and Communication Technology, 612)» نوشتهٔ Gilbert Peterson (editor), Sujeet Shenoi (editor)، منتشرشده توسط نشر Springer International Publishing : Imprint: Springer در سال 2021. این کتاب در فرمت pdf، زبان انگلیسی ارائه شده است.
Digital forensics deals with the acquisition, preservation, examination, analysis and presentation of electronic evidence. Computer networks, cloud computing, smartphones, embedded devices and the Internet of Things have expanded the role of digital forensics beyond traditional computer crime investigations. Practically every crime now involves some aspect of digital evidence; digital forensics provides the techniques and tools to articulate this evidence in legal proceedings. Digital forensics also has myriad intelligence applications; furthermore, it has a vital role in cyber security -- investigations of security breaches yield valuable information that can be used to design more secure and resilient systems. Advances in Digital Forensics XVII describes original research results and innovative applications in the discipline of digital forensics. In addition, it highlights some of the major technical and legal issues related to digital evidence and electronic crime investigations. The areas of coverage include: themes and issues, forensic techniques, filesystem forensics, cloud forensics, social media forensics, multimedia forensics, and novel applications. This book is the seventeenth volume in the annual series produced by the International Federation for Information Processing (IFIP) Working Group 11.9 on Digital Forensics, an international community of scientists, engineers and practitioners dedicated to advancing the state of the art of research and practice in digital forensics. The book contains a selection of thirteen edited papers from the Seventeenth Annual IFIP WG 11.9 International Conference on Digital Forensics, held virtually in the winter of 2021. Advances in Digital Forensics XVII is an important resource for researchers, faculty members and graduate students, as well as for practitioners and individuals engaged in research and development efforts for the law enforcement and intelligence communities. Contents 6 Contributing Authors 8 Preface 14 I THEMES AND ISSUES 16 Chapter 1 DIGITAL FORENSIC ACQUISITION KILL CHAIN – ANALYSIS AND DEMONSTRATION 17 1. Introduction 17 2. Related Work 19 3. Digital Forensic Acquisition Kill Chain 20 3.1 Background 20 3.2 Kill Chain Overview 21 3.3 Kill Chain Phases 24 4. Case-Motivated Kill Chain Example 27 5. Conclusions 30 Acknowledgement 31 References 31 Chapter 2 ENHANCING INDUSTRIAL CONTROL SYSTEM FORENSICS USING REPLICATION-BASED DIGITAL TWINS 34 1. Introduction 34 2. Background 35 2.1 Digital Twin 35 2.2 Digital Twin Security 36 2.3 Digital Forensics 36 3. Related Work 37 4. Replication Using Digital Twins 39 4.1 Replication and Replay Theorems 39 4.2 Conceptual Framework 41 5. Implementation and Evaluation 43 5.1 Implementation and Experimental Setup 43 5.2 Results and Evaluation 45 6. Discussion 47 7. Conclusions 48 Acknowledgement 48 References 48 Chapter 3 COMPARISON OF CYBER ATTACKS ON SERVICES IN THE CLEARNET AND DARKNET 52 1. Introduction 52 2. Background 53 3. Common Targets and Attacks 54 4. Related Work 56 5. Honeypot Deployment 57 5.1 Security Considerations 57 5.2 Deployment Process 57 6. Implementation Details 58 6.1 Virtual Machine Architectures 58 6.2 Honeypot Services 58 7. Experiments and Results 61 7.1 Service Deployments 61 7.2 Announcements 62 7.3 Observed Web Requests 62 7.4 Observed SSH and Telnet Access 67 7.5 Observed SMTP Requests 69 7.6 Observed FTP Requests 70 7.7 Discussion 71 8. Conclusions 71 Acknowledgement 72 References 72 II APPROXIMATE MATCHING TECHNIQUES 75 Chapter 4 USING PARALLEL DISTRIBUTED PROCESSING TO REDUCE THE COMPUTATIONAL TIME OF DIGITAL MEDIA SIMILARITY MEASURES 76 1. Introduction 76 2. Previous Work 78 3. Jaccard Indexes of Similarity 82 3.1 Jaccard Index 82 3.2 Jaccard Index with Normalized Frequency 82 4. Jaccard Index with Split Files 86 5. Results and Validation 93 6. Conclusions 95 References 96 Chapter 5 EVALUATION OF NETWORK TRAFFIC ANALYSIS USING APPROXIMATE MATCHING ALGORITHMS 99 1. Introduction 99 2. Foundations and Related Work 102 2.1 Current State of Approximate Matching 104 2.2 Approximate Matching Algorithms 104 3. Controlled Study 106 3.1 All vs. All Evaluation 108 3.2 Evaluation Methodology 108 4. Experimental Results and Optimizations 112 5. Conclusions 114 Acknowledgement 115 References 115 III ADVANCED FORENSIC TECHNIQUES 119 Chapter 6 LEVERAGING USB POWER DELIVERY IMPLEMENTATIONS FOR DIGITAL FORENSIC ACQUISITION 120 1. Introduction 120 2. USB Power Delivery Protocol 123 3. Research Methodology 125 4. Results 129 4.1 Information Gathering 129 4.2 Passive Monitoring 129 4.3 Firmware Files 130 4.4 Firmware Reverse Engineering 134 4.5 Apple Vendor-Defined Protocol 135 4.6 Firmware Modification and Rollback 137 5. Conclusions 139 Acknowledgements 139 References 140 Chapter 7 DETECTING MALICIOUS PDF DOCUMENTS USING SEMI-SUPERVISED MACHINE LEARNING 143 1. Introduction 143 2. Background and Related Work 145 2.1 PDF Document Structure 145 2.2 Document Entropy 146 2.3 Malicious PDF Document Detection 147 3. Malicious PDF Document Detection Method 147 3.1 Structural Features 148 3.2 Entropy-Based Statistical Features 150 3.3 Classification 153 4. Experiments and Results. 153 4.1 Dataset Creation and Experimental Setup 154 4.2 Evaluation Metrics 155 4.3 Feature Set Analysis 155 4.4 Classifier Analysis 156 4.5 Detection Method Comparison 159 5. Conclusions 160 Acknowledgement 161 References 161 Chapter 8 MALICIOUS LOGIN DETECTION USING LONG SHORT-TERM MEMORY WITH AN ATTENTION MECHANISM 164 1. Introduction 164 2. Related Work 166 3. Preliminaries 167 3.1 Detection Method Overview 167 3.2 Threat Model 168 4. Proposed Method 168 4.1 Host Vector Learning 168 4.2 Feature Extraction 169 4.3 Attention Mechanism 171 4.4 Classification Model Optimization 172 5. Experimental Evaluation 172 5.1 Dataset Description 172 5.2 Experimental Setup 173 5.3 Evaluated Models 174 5.4 Evaluation Results 175 5.5 Optimization and Learning Rate 176 6. Conclusions 177 References 178 IV NOVEL APPLICATIONS 181 Chapter 9 PREDICTING THE LOCATIONS OF UNREST USING SOCIAL MEDIA 182 1. Introduction 182 2. Related Work 184 3. Location Extraction from Web Forum Data 185 3.1 Web Forum Dataset 185 3.2 Dictionary-Based Semi-Supervised Learning 186 3.3 BiLSTM-CRF Model 187 3.4 n-Gram-ARM Algorithm 189 4. Experiments and Results 192 5. Conclusions 194 References 195 Chapter 10 EXTRACTING THREAT INTELLIGENCE RELATIONS USING DISTANT SUPERVISION AND NEURAL NETWORKS 197 1. Introduction 197 2. Related Work 198 2.1 Threat Intelligence Datasets 198 2.2 Threat Intelligence Information Extraction 199 3. Proposed Framework 200 3.1 Overview 200 3.2 Problem Specification 200 3.3 Dataset 201 3.4 Neural Network Model 204 4. Experiments and Results 206 4.1 Experiment Details 206 4.2 Comparison with Baseline Models 208 4.3 Extraction Results 211 5. Conclusions 212 Acknowledgement 212 References 213 Chapter 11 SECURITY AUDITING OF INTERNET OF THINGS DEVICES IN A SMART HOME 216 1. Introduction 216 2. Preliminaries 218 2.1 Security Standards and Best Practices 218 2.2 Security Auditing Challenges 219 2.3 Threat Model 220 3. Security Auditing Methodology 220 3.1 Step 1: Build a Knowledge Base 221 3.2 Step 2: Translate to Security Rules 222 3.3 Step 3: Audit IoT Device Security 222 4. Auditing Smart Home Security 223 4.1 Security Rule Definition 223 4.2 Data Collection 223 4.3 Formal Language Translation 225 4.4 Verification 226 4.5 Evidence Extraction 226 5. Security Auditing Framework 227 6. Experiments and Results 228 6.1 Experimental Setup 228 6.2 Experimental Results 229 7. Discussion 231 8. Related Work 231 9. Conclusions 232 References 233 V IMAGE FORENSICS 238 Chapter 12 INDIAN CURRENCY DATABASE FOR FORENSIC RESEARCH 239 1. Introduction 239 2. Related Work 241 3. Indian Currency Security Features 242 4. Indian Currency Database 244 4.1 Sample Collection 244 4.2 Security Feature Identification 244 4.3 Database Creation 245 5. Conclusions 253 References 253 Chapter 13 SECURITY AND PRIVACY ISSUES RELATED TO QUICK RESPONSE CODES 256 1. Introduction 256 2. QR Code Structure 258 3. QR Code Evolution 259 4. Key Issues 260 4.1 Authentication with QR Codes 260 4.2 Attacks Using QR Codes 261 4.3 Security and Privacy of QR Codes 262 5. Innovative Applications 263 5.1 Self-Authenticating Documents 263 5.2 Color QR Codes 263 5.3 Anti-Counterfeiting QR Codes 264 6. Conclusions 264 References 264 ADVANCES IN DIGITAL FORENSICS XVII Edited by: Gilbert Peterson and Sujeet Shenoi Digital forensics deals with the acquisition, preservation, examination, analysis and presentation of electronic evidence. Computer networks, cloud computing, smartphones, embedded devices and the Internet of Things have expanded the role of digital forensics beyond traditional computer crime investigations. Practically every crime now involves some aspect of digital evidence; digital forensics provides the techniques and tools to articulate this evidence in legal proceedings. Digital forensics also has myriad intelligence applications; furthermore, it has a vital role in cyber security -- investigations of security breaches yield valuable information that can be used to design more secure and resilient systems. Advances in Digital Forensics XVII describes original research results and innovative applications in the discipline of digital forensics. In addition, it highlights some of the major technical and legal issues related to digital evidence and electronic crime investigations. The areas of coverage include: ̈ Themes and Issues ̈ Approximate Matching Techniques ̈ Advanced Forensic Techniques ̈ Novel Applications ̈ Image Forensics This book is the seventeenth volume in the annual series produced by the International Federation for Information Processing (IFIP) Working Group 11.9 on Digital Forensics, an international community of scientists, engineers and practitioners dedicated to advancing the state of the art of research and practice in digital forensics. The book contains a selection of thirteen edited papers from the Seventeenth Annual IFIP WG 11.9 International Conference on Digital Forensics, a fully-remote event held in the winter of 2021. Advances in Digital Forensics XVII is an important resource for researchers, faculty members and graduate students, as well as for practitioners and individuals engaged in research and development efforts for the law enforcement and intelligence communities. Gilbert Peterson is a Professor of Computer Engineering at the Air Force Institute of Technology, Wright-Patterson Air Force Base, Ohio, USA. Sujeet Shenoi is the F.P. Walter Professor of Computer Science and a Professor of Chemical Engineering at the University of Tulsa, Tulsa, Oklahoma, USA
دانلود کتاب Advances in Digital Forensics XVII: 17th IFIP WG 11.9 International Conference, Virtual Event, February 1–2, 2021, Revised Selected Papers (IFIP ... and Communication Technology, 612)