Forensics in Telecommunications, Information and Multimedia
Third International ICST Conference, e-Forensics 2010, Shanghai, China, November 11-12, 2010, Revised Selected Papers
Published on 19. October 2011
XIII, 314 pages
978-3-642-23602-0 (ISBN)
Description
This book constitutes the thoroughly refereed post-conference proceedings of the Third International ICST Conference on Forensic Applications and Techniques in Telecommunications, Information and Multimedia, E-Forensics 2010, held in Shanghai, China, in November 2010. The 32 revised full papers presented were carefully reviewed and selected from 42 submissions in total. These, along with 5 papers from a collocated workshop of E-Forensics Law, cover a wide range of topics including digital evidence handling, data carving, records tracing, device forensics, data tamper identification, and mobile device locating.
More details
Series
Language
English
Place of publication
Berlin
Germany
Publishing group
Springer Berlin
Target group
Professional and scholarly
Illustrations
XIII, 314 p. 116 illus., 49 illus. in color.
File size
5,92 MB
ISBN-13
978-3-642-23602-0 (9783642236020)
DOI
10.1007/978-3-642-23602-0
Schweitzer Classification
Other editions
Additional editions
Xuejia Lai | Dawu Gu | Bo Jin
Forensics in Telecommunications, Information and Multimedia
Third International ICST Conference, e-Forensics 2010, Shanghai, China, November 11-12, 2010, Revised Selected Papers
Book
09/2011
Springer
€53.49
Shipment within 7-9 days
Content
- Title
- Preface
- Organization
- Table of Contents
- On Achieving Encrypted File Recovery
- Introduction
- Preliminaries and Objective
- File System and File Fragmentation
- Problem Statement and Objective
- File Encryption/Decryption
- Encrypted-File Carving Mechanism
- Recovering Files Encrypted with CBC Mode
- Recovering Files Encrypted with PCBC Mode
- Cipher Mode and Encryption Algorithm Recognition
- Theoretical Analysis
- Conclusions and Future Work
- References
- Behavior Clustering for Anomaly Detection
- Introduction
- Behavior Representation
- Video Segmentation
- Behavior Representation
- Behavior Clustering
- Hidden Markov Model with Latent Dirichlet Allocation (HMM-LDA)
- Learning the Behavior Models
- Model Selection
- Online Anomaly Detection and Normal Behavior Recognition
- Experiments
- Dataset and Feature Extraction
- Behavior Clustering
- Anomaly Detection
- Normal Behavior Recognition
- Result Analysis and Discussion
- Conclusions
- References
- A Novel Inequality-Based Fragmented File Carving Technique
- Introduction
- Statement of Problem
- Related Work
- Inequality-Based File Carving Technique
- Best Path Search Algorithm
- Analysis of Best Path Search Algorithm
- High Fragmentation Path Search Algorithm
- Analysis of High Fragmentation Path Algorithm
- Results and Evaluations
- Conclusions
- References
- Using Relationship-Building in Event Profiling for Digital Forensic Investigations
- Introduction
- Background and Motivation
- Relational Theory
- Case Study
- Analysis
- Conclusions
- References
- A Novel Forensics Analysis Method for Evidence Extraction from Unallocated Space
- Introduction
- Preliminaries
- Bloom filter and Fingerprint Hash Table
- File System
- Proposed Scheme
- Proposed Data Structure
- Group Testing Query Based on the Storage Characteristics
- Description of Algorithm
- Discussions
- False Positive in Alert Database
- Unbalanced Hash Tree
- Slack Space Trimming
- Missing File Fragments
- Complexity Analysis
- Conclusion and Future Work
- References
- An Efficient Searchable Encryption Scheme and Its Application in Network Forensics
- Introduction
- Related Work
- Definition and Security Model
- Notations
- Definition and Security Model of Searchable Encryption
- Bilinear Pairing and Complexity Assumptions
- New Searchable Encryption Scheme
- Description of The Proposed Scheme
- Security Proof
- Efficiency
- Application in Network Forensics
- Conclusions
- References
- Attacks on BitTorrent - An Experimental Study
- Introduction
- BitTorrent Background and Attack Schemes
- The Torrent Seed
- Acquiring Torrent Files
- The Centralized Trackers
- Joining the Swarm
- Peer Attacks on the Swarm
- Experiment Design and Implementation
- Experiment Results
- Results
- Discussion
- Conclusions
- References
- Network Connections Information Extraction of 64-Bit Windows 7 Memory Images
- Introduction
- Related Work
- A Method of Network Connections Information Extraction from Windows 7 Physical Memory Images
- The Structure of TcpEndpointPool
- The Structure of TCB
- Algorithms
- Conclusion
- References
- RICB: Integer Overflow Vulnerability Dynamic Analysis via Buffer Overflow
- Introduction
- Integer Overflow Problem Statement
- Signed Integer and Unsigned Integer Overflow
- Relationship between Integer Overflow and Other Overflow
- Dynamic Analysis via Buffer Overflow
- Format String Overflow Exploitation Caused by Integer Overflow
- Stack Overflow Exploitation Caused by Integer Overflow
- Heap Overflow Exploitation Caused by Integer Overflow
- Evaluation
- Effectiveness
- Efficiency
- Conclusions
- References
- Investigating the Implications of Virtualization for Digital Forensics
- Introduction
- Overview of Virtualization
- Virtual Machines as Suspect Targets
- Looking for the Traces of Virtual Machines
- Acquiring the Evidence
- Examining the Virtual Machine
- Virtual Machines as Forensic Tools
- Forensic Image Booting
- Virtual Machine Introspection
- Conclusion
- References
- Acquisition of Network Connection Status Information from Physical Memory on Windows Vista Operating System
- Introduction
- Related Work
- Acquisition of Network Connection Status Information from Physical Memory on Windows Vista Operating System
- The Structure of TcpEndpointPool
- Searching for TcpEndpointPool
- TcpEndpoint and TCB
- Algorithm
- The Overall Algorithm of Extracting Network Connection Information
- Conclusion
- References
- A Stream Pattern Matching Method for Traffic Analysis
- Introduction
- The Design and Definition of the Stream Pattern
- The Construction of the Parse Tree
- The Generation of S-CG-NFA
- Experimental Evaluation
- Conclusion and Future Work
- References
- Fast in-Place File Carving for Digital Forensics
- Introduction
- In-Place Carving Using Scalpel 1.6
- Multipattern Boyer-Moore Algorithm
- Aho-Corasick Algorithm
- Multicore Searching
- Asynchronous Read
- Multicore in-Place Carving
- Experimental Results
- Run Time of Scalpel 1.6
- Buffer Size
- Multipattern Matching
- Multicore Searching
- Asynchronous Read
- Multicore in-Place Carving
- Scalpel 1.6 vs. FastScalpel
- Conclusions
- References
- Live Memory Acquisition through FireWire
- Introduction
- Live Memory Acquisition, Methods and Available Tools
- Software-Based Acquisition
- Hardware-Based Acquisition
- Methodologies and an Implementation of FireWire-Based Memory Acquisition
- Future Work
- Conclusion
- References
- Digital Forensic Analysis on Runtime Instruction Flow
- Introduction
- Background
- Characteristics of the Instruction Flow
- Instruction Flow as Digital Evidence
- Forensic Analysis on Runtime Instruction Flow
- Instruction Flow Generating
- Analysis of the Instruction Flow
- Evidence from the Instruction Flow
- Implementation
- Evaluation
- Related Work
- Conclusion
- References
- Enhance Information Flow Tracking with Function Recognition
- Introduction
- Motivation
- Key Technique
- Challenges
- Steps
- Enhanced Information Flow Tracking
- Experimental Results
- Accuracy
- Behavior Graph
- Performance
- Conclusion
- References
- A Privilege Separation Method for Security Commercial Transactions
- Introduction
- Review of the Model
- Formal Description
- Mechanism Analysis
- Communicating Sequential Processes
- Privilege Separation
- Communication
- Cooperate Functioning
- Security Analysis and Implement
- Discussion
- References
- Data Recovery Based on Intelligent Pattern Matching
- Introduction
- Data Recovery
- Specific File Structure and Feature Pattern Library
- Specific File Structure
- The Definition of Feature Pattern Library
- Pattern Library Generation
- Cluster Analysis of Pattern
- Recovery Process
- Recovery Process
- Solving Data Conflict
- Experimental Result and Analysis
- Conclusion
- References
- Study on Supervision of Integrity of Chain of Custody in Computer Forensics
- Introduction
- Analysis of Forensic Process
- Interface Data and Supervision
- Interface Data
- Supervision
- Conclusions
- References
- On the Feasibility of Carrying Out Live Real-Time Forensics for Modern Intelligent Vehicles
- Introduction
- Related Work
- Intelligent Vehicles Technology
- Automotive Functional Domains
- Automotive Networks and Bus Systems
- Automotive Sensors
- Advanced Automotive Applications
- Live Forensics
- Hardware-Based Live Forensics
- Software-Based Live Forensics
- Sensor Fusion
- Discussion and Conclusion
- References
- Research and Review on Computer Forensics
- Introduction
- Definition of Computer Forensics
- Definition of Forensics and Forensic Science
- Definition of Computer Forensics
- Principles of Computer Forensics
- Rules of Evidence
- Guidelines for Evidence Handling
- Proposed Principles
- Models of Computer Forensics
- Kruse and Heiser Model
- Forensics Process Model
- Yale University Model
- DFRW Model
- Proposed Model
- Conclusion
- References
- Text Content Filtering Based on Chinese Character Reconstruction from Radicals
- Introduction
- Principles for Chinese Character Decomposing
- Keyword Filtering Based on Chinese Character Reconstruction
- Chinese Character Reconstruction
- Keyword Filtering
- Experiments
- Conclusions
- References
- Disguisable Symmetric Encryption Schemes for an Anti-forensics Purpose
- Introduction
- Our Result
- Our Technique
- Outline of This Paper
- Preliminaries
- Basic Notions
- Point Functions, Multi-bit Point and Set-Membership Functions
- Obfuscation
- Symmetric Encryption
- Our Result
- Disguisable Symmetric Encryption
- Construction of the Encryption Schemes
- Management of the Keys
- Conclusions
- References
- Digital Signatures for e-Government - A Long-Term Security Architecture
- Introduction
- Our Contribution
- Building Blocks
- RSA Signatures and Message Encoding Functions
- Deterministic Signatures Based on Discrete Logarithm
- Signatures Based on Hash Functions
- Overview of System Architecture
- Nested Signatures
- Floating Exponents
- Forensic Analysis
- Implementation Recommendations
- Resources and Logistics
- References
- SQL Injection Defense Mechanisms for IIS+ASP+MSSQL Web Applications
- Introduction
- The Principle of SQL Injection
- Finding Vulnerable Pages
- SQL Injection Detection
- SQL Injection Attacks Execution
- SQL Injection Defense
- Secure Coding within the Web Application
- Proper Database Configuration
- Deployment of IIS (Internet Information Services)
- Other Security Techniques
- Conclusion
- References
- On Different Categories of Cybercrime in China
- Introduction
- Offences against the Order of Network Management
- Offences against the Computer Information System
- Offences against Computer Assets
- Misuse of Network
- Conclusion
- References
- Face and Lip Tracking for Person Identification
- Introduction
- Algorithms and Implementation
- Face Region Segmentation
- Lip Tracking
- Analysis of Results
- Complexity of Algorithm
- Veracity of Result
- Deficiencies
- Future Application
- References
- An Anonymity Scheme Based on Pseudonym in P2P Networks
- Introduction
- The Proposed Anonymity Scheme
- Overview
- Review of the RuP Protocol
- Our Proposed Anonymity Scheme
- The Macro Value
- Anonymity Analysis
- Conclusions
- References
- Research on the Application Security Isolation Model
- Introduction
- Related Work
- Application Security Isolation Model
- An Overview of NASI
- Formal Description of NASI
- Security Analysis
- Implementation of NASI
- Conclusion and Future Work
- References
- Analysis of Telephone Call Detail Records Based on Fuzzy Decision Tree
- Introduction
- Related Work
- Telephone Forensics
- Fuzzy Decision Tree
- Introduction of TRFS
- Proposed FDT Algorithm
- Data Preprocessing
- Generation of Fuzzy Decision Tree
- Pruning Fuzzy Decision Tree
- FDT Inference
- Experiment and Analysis
- Conclusions and Future Works
- References
- Author Index
