The Experts below are selected from a list of 24 Experts worldwide ranked by ideXlab platform
Ibrahim Baggili - One of the best experts on this subject based on the ideXlab platform.
-
deleting collected digital evidence by exploiting a widely adopted Hardware Write Blocker
Digital Investigation, 2016Co-Authors: Christopher S Meffert, Ibrahim Baggili, Frank BreitingerAbstract:In this primary work we call for the importance of integrating security testing into the process of testing digital forensic tools. We postulate that digital forensic tools are increasing in features (such as network imaging), becoming networkable, and are being proposed as forensic cloud services. This raises the need for testing the security of these tools, especially since digital evidence integrity is of paramount importance. At the time of conducting this work, little to no published anti-forensic research had focused on attacks against the forensic tools/process. We used the TD3, a popular, validated, touch screen disk duplicator and Hardware Write Blocker with networking capabilities and designed an attack that corrupted the integrity of the destination drive (drive with the duplicated evidence) without the user's knowledge. By also modifying and repackaging the firmware update, we illustrated that a potential adversary is capable of leveraging a phishing attack scenario in order to fake digital forensic practitioners into updating the device with a malicious operating system. The same attack scenario may also be practiced by a disgruntled insider. The results also raise the question of whether security standards should be drafted and adopted by digital forensic tool makers.
-
Testing the forensic soundness of forensic examination environments on bootable media
Digital Investigation, 2014Co-Authors: Ahmed Fathy Abdul Latif Mohamed, Andrew Marrington, Farkhund Iqbal, Ibrahim BaggiliAbstract:In this work we experimentally examine the forensic soundness of the use of forensic bootable CD/DVDs as forensic examination environments. Several Linux distributions with bootable CD/DVDs which are marketed as forensic examination environments are used to perform a forensic analysis of a captured computer system. Before and after the bootable CD/DVD examination, the computer system's hard disk is removed and a forensic image acquired by a second system using a Hardware Write Blocker. The images acquired before and after the bootable CD/DVD examination are hashed and the hash values compared. Where the hash values are inconsistent, a differential analysis is performed on the image files. The differential analysis allows us to quantify and explain the alterations made to the image files by the bootable CD/DVD examination. Our approach can be used to experimentally validate new bootable CD/DVD distributions as forensically sound.
-
Testing the forensic soundness of forensic examination environments on bootable media
Digital Investigation, 2014Co-Authors: Ahmed Fathy Abdul Latif Mohamed, Andrew Marrington, Farkhund Iqbal, Ibrahim BaggiliAbstract:In this work we experimentally examine the forensic soundness of the use of forensic bootable CD/DVDs as forensic examination environments. Several Linux distributions with bootable CD/DVDs which are marketed as forensic examination environments are used to perform a forensic analysis of a captured computer system. Before and after the bootable CD/DVD examination, the computer system's hard disk is removed and a forensic image acquired by a second system using a Hardware Write Blocker. The images acquired before and after the bootable CD/DVD examination are hashed and the hash values compared. Where the hash values are inconsistent, a differential analysis is performed on the image files. The differential analysis allows us to quantify and explain the alterations made to the image files by the bootable CD/DVD examination. Our approach can be used to experimentally validate new bootable CD/DVD distributions as forensically sound. 2014 Digital Forensics ResearchWorkshop. Published by Elsevier Ltd. All rights reserved.
Kristina N. Lavenia - One of the best experts on this subject based on the ideXlab platform.
-
Experience of Incorporating NIST Standards in a Digital Forensics Curricula*
2019 7th International Symposium on Digital Forensics and Security (ISDFS), 2019Co-Authors: Yan Wu, Kristina N. LaveniaAbstract:Recently, Bowling Green State University (BGSU) has started to offer a Digital Forensics specialization program for Computer Science undergraduate students. We (the authors of this paper) actively took part in developing and evaluating the curricula for this program. The overarching goal of the specialization program is to build a digital forensics workforce for the state and the nation. Realizing the importance of standards of digital forensics tools in real-life forensic examinations, we made an effort to incorporate lessons on standardization in the curricula. In particular, so far we incorporated National Institute of Standards and Technology (NIST) standards for three digital forensics topics (Hardware Write Blocker, Deleted File Recovery, and Mobile Forensics) in the curricula. We faced many challenges over the journey but also attained some success. In this paper we share our experience to the community. We believe this account may be helpful to others who are about to begin such a journey.
-
ISDFS - Experience of Incorporating NIST Standards in a Digital Forensics Curricula
2019 7th International Symposium on Digital Forensics and Security (ISDFS), 2019Co-Authors: Yan Wu, Kristina N. LaveniaAbstract:Recently, Bowling Green State University (BGSU) has started to offer a Digital Forensics specialization program for Computer Science undergraduate students. We (the authors of this paper) actively took part in developing and evaluating the curricula for this program. The overarching goal of the specialization program is to build a digital forensics workforce for the state and the nation. Realizing the importance of standards of digital forensics tools in real-life forensic examinations, we made an effort to incorporate lessons on standardization in the curricula. In particular, so far we incorporated National Institute of Standards and Technology (NIST) standards for three digital forensics topics (Hardware Write Blocker, Deleted File Recovery, and Mobile Forensics) in the curricula. We faced many challenges over the journey but also attained some success. In this paper we share our experience to the community. We believe this account may be helpful to others who are about to begin such a journey.
Yan Wu - One of the best experts on this subject based on the ideXlab platform.
-
Experience of Incorporating NIST Standards in a Digital Forensics Curricula*
2019 7th International Symposium on Digital Forensics and Security (ISDFS), 2019Co-Authors: Yan Wu, Kristina N. LaveniaAbstract:Recently, Bowling Green State University (BGSU) has started to offer a Digital Forensics specialization program for Computer Science undergraduate students. We (the authors of this paper) actively took part in developing and evaluating the curricula for this program. The overarching goal of the specialization program is to build a digital forensics workforce for the state and the nation. Realizing the importance of standards of digital forensics tools in real-life forensic examinations, we made an effort to incorporate lessons on standardization in the curricula. In particular, so far we incorporated National Institute of Standards and Technology (NIST) standards for three digital forensics topics (Hardware Write Blocker, Deleted File Recovery, and Mobile Forensics) in the curricula. We faced many challenges over the journey but also attained some success. In this paper we share our experience to the community. We believe this account may be helpful to others who are about to begin such a journey.
-
ISDFS - Experience of Incorporating NIST Standards in a Digital Forensics Curricula
2019 7th International Symposium on Digital Forensics and Security (ISDFS), 2019Co-Authors: Yan Wu, Kristina N. LaveniaAbstract:Recently, Bowling Green State University (BGSU) has started to offer a Digital Forensics specialization program for Computer Science undergraduate students. We (the authors of this paper) actively took part in developing and evaluating the curricula for this program. The overarching goal of the specialization program is to build a digital forensics workforce for the state and the nation. Realizing the importance of standards of digital forensics tools in real-life forensic examinations, we made an effort to incorporate lessons on standardization in the curricula. In particular, so far we incorporated National Institute of Standards and Technology (NIST) standards for three digital forensics topics (Hardware Write Blocker, Deleted File Recovery, and Mobile Forensics) in the curricula. We faced many challenges over the journey but also attained some success. In this paper we share our experience to the community. We believe this account may be helpful to others who are about to begin such a journey.
Frank Breitinger - One of the best experts on this subject based on the ideXlab platform.
-
deleting collected digital evidence by exploiting a widely adopted Hardware Write Blocker
Digital Investigation, 2016Co-Authors: Christopher S Meffert, Ibrahim Baggili, Frank BreitingerAbstract:In this primary work we call for the importance of integrating security testing into the process of testing digital forensic tools. We postulate that digital forensic tools are increasing in features (such as network imaging), becoming networkable, and are being proposed as forensic cloud services. This raises the need for testing the security of these tools, especially since digital evidence integrity is of paramount importance. At the time of conducting this work, little to no published anti-forensic research had focused on attacks against the forensic tools/process. We used the TD3, a popular, validated, touch screen disk duplicator and Hardware Write Blocker with networking capabilities and designed an attack that corrupted the integrity of the destination drive (drive with the duplicated evidence) without the user's knowledge. By also modifying and repackaging the firmware update, we illustrated that a potential adversary is capable of leveraging a phishing attack scenario in order to fake digital forensic practitioners into updating the device with a malicious operating system. The same attack scenario may also be practiced by a disgruntled insider. The results also raise the question of whether security standards should be drafted and adopted by digital forensic tool makers.
Ahmed Fathy Abdul Latif Mohamed - One of the best experts on this subject based on the ideXlab platform.
-
Testing the forensic soundness of forensic examination environments on bootable media
Digital Investigation, 2014Co-Authors: Ahmed Fathy Abdul Latif Mohamed, Andrew Marrington, Farkhund Iqbal, Ibrahim BaggiliAbstract:In this work we experimentally examine the forensic soundness of the use of forensic bootable CD/DVDs as forensic examination environments. Several Linux distributions with bootable CD/DVDs which are marketed as forensic examination environments are used to perform a forensic analysis of a captured computer system. Before and after the bootable CD/DVD examination, the computer system's hard disk is removed and a forensic image acquired by a second system using a Hardware Write Blocker. The images acquired before and after the bootable CD/DVD examination are hashed and the hash values compared. Where the hash values are inconsistent, a differential analysis is performed on the image files. The differential analysis allows us to quantify and explain the alterations made to the image files by the bootable CD/DVD examination. Our approach can be used to experimentally validate new bootable CD/DVD distributions as forensically sound.
-
Testing the forensic soundness of forensic examination environments on bootable media
Digital Investigation, 2014Co-Authors: Ahmed Fathy Abdul Latif Mohamed, Andrew Marrington, Farkhund Iqbal, Ibrahim BaggiliAbstract:In this work we experimentally examine the forensic soundness of the use of forensic bootable CD/DVDs as forensic examination environments. Several Linux distributions with bootable CD/DVDs which are marketed as forensic examination environments are used to perform a forensic analysis of a captured computer system. Before and after the bootable CD/DVD examination, the computer system's hard disk is removed and a forensic image acquired by a second system using a Hardware Write Blocker. The images acquired before and after the bootable CD/DVD examination are hashed and the hash values compared. Where the hash values are inconsistent, a differential analysis is performed on the image files. The differential analysis allows us to quantify and explain the alterations made to the image files by the bootable CD/DVD examination. Our approach can be used to experimentally validate new bootable CD/DVD distributions as forensically sound. 2014 Digital Forensics ResearchWorkshop. Published by Elsevier Ltd. All rights reserved.
