The Experts below are selected from a list of 1959 Experts worldwide ranked by ideXlab platform
Carvalho, Rodrigo Alves - One of the best experts on this subject based on the ideXlab platform.
-
Methodology for encrypted data interception applied in criminal investigations
2012Co-Authors: Carvalho, Rodrigo AlvesAbstract:A aplicação de técnicas criptográficas para proteger dados está sendo cada vez mais disseminada entre usuários de computador, tanto em nível doméstico, empresarial e governamental. E isto está impondo uma dificuldade cada vez maior para a recuperação de dados pelos peritos criminais da área de informática. Dados cruciais que podem incriminar ou inocentar determinada pessoa ou organização acerca do cometimento de algum crime tornam-se inúteis para a justiças e estiverem cifrados com algoritmo e senha fortes, pois sua recuperação torna-se inviável. Ainda,a legislação brasileira, ao afirmar que não se pode exigir que nenhum cidadão produza provas contra si mesmo, elimina a possibilidade de obrigar algum suspeito a fornecer a senha que decifre seus dados criptografados .Assim, este trabalho propõe uma metodologia que vise a recuperação destes dados antes de serem cifrados, durante uma interceptação telemática autorizada judicialmente. Para isso, além da metodologia, foi implementado um programa que, ao ser instalado no computador de um suspeito, captura informações inseridas por ele e as envia de maneira segura para um servidor remoto. Os testes realizados mostraram que foi possível obter dados como senhas e conteúdo debate-papo cifrado às claras,tornando esta metodologia uma alternativa viável, de baixo custo,exclusiva e adaptada para ser utilizada por órgãos de investigação brasileiros. ______________________________________________________________________________ ABSTRACTCryptographic techniques are increasingly being applied in systems, partitions and files By Computer users, whether they are home ,bussiness or government users. And this is Imposing a great difficulty for Computer forensics analysts to retrieve these data. After all, crucial data that can in criminate or make some one innocent about a crime commitment becomes useless if it is encrypted with Strong cryptographic algorithm and password, as it is innacessible. Moreover, Brazilian laws eliminate the possibility to force a Suspect to provide the password to decryp thi sencrypted data ,as it states that no citizen must produce evidence agains thimself. Thus,this work proposes a methodology aimed at there covery of the data before it gets encrypted, during a court authorized wiretap. Besides the methodology, it was implemented a program that, when installed on a Suspect Computer, capture information entered by him and sends it securely to a remote server.Tests showed that it was possible to obtain datasuch as passwords and plain contentes o fencrypted chats, turning this methodology into alow-costand viablealternative, exclusive and a dapted for use by Brazilian law enforce mentagencies
-
Methodology for encrypted data interception applied in criminal investigations
2012Co-Authors: Carvalho, Rodrigo AlvesAbstract:Dissertação (mestrado)—Universidade de Brasília, Faculdade de Tecnologia, Departamento de Engenharia Elétrica, 2012.A aplicação de técnicas criptográficas para proteger dados está sendo cada vez mais disseminada entre usuários de computador, tanto em nível doméstico, empresarial e governamental. E isto está impondo uma dificuldade cada vez maior para a recuperação de dados pelos peritos criminais da área de informática. Dados cruciais que podem incriminar ou inocentar determinada pessoa ou organização acerca do cometimento de algum crime tornam-se inúteis para a justiças e estiverem cifrados com algoritmo e senha fortes, pois sua recuperação torna-se inviável. Ainda,a legislação brasileira, ao afirmar que não se pode exigir que nenhum cidadão produza provas contra si mesmo, elimina a possibilidade de obrigar algum suspeito a fornecer a senha que decifre seus dados criptografados .Assim, este trabalho propõe uma metodologia que vise a recuperação destes dados antes de serem cifrados, durante uma interceptação telemática autorizada judicialmente. Para isso, além da metodologia, foi implementado um programa que, ao ser instalado no computador de um suspeito, captura informações inseridas por ele e as envia de maneira segura para um servidor remoto. Os testes realizados mostraram que foi possível obter dados como senhas e conteúdo debate-papo cifrado às claras,tornando esta metodologia uma alternativa viável, de baixo custo,exclusiva e adaptada para ser utilizada por órgãos de investigação brasileiros. ______________________________________________________________________________ ABSTRACTCryptographic techniques are increasingly being applied in systems, partitions and files By Computer users, whether they are home ,bussiness or government users. And this is Imposing a great difficulty for Computer forensics analysts to retrieve these data. After all, crucial data that can in criminate or make some one innocent about a crime commitment becomes useless if it is encrypted with Strong cryptographic algorithm and password, as it is innacessible. Moreover, Brazilian laws eliminate the possibility to force a Suspect to provide the password to decryp thi sencrypted data ,as it states that no citizen must produce evidence agains thimself. Thus,this work proposes a methodology aimed at there covery of the data before it gets encrypted, during a court authorized wiretap. Besides the methodology, it was implemented a program that, when installed on a Suspect Computer, capture information entered by him and sends it securely to a remote server.Tests showed that it was possible to obtain datasuch as passwords and plain contentes o fencrypted chats, turning this methodology into alow-costand viablealternative, exclusive and a dapted for use by Brazilian law enforce mentagencies
Mark Scanlon - One of the best experts on this subject based on the ideXlab platform.
-
enabling the remote acquisition of digital forensic evidence through secure data transmission and verification
arXiv: Cryptography and Security, 2017Co-Authors: Mark ScanlonAbstract:Providing the ability to any law enforcement officer to remotely transfer an image from any Suspect Computer directly to a forensic laboratory for analysis, can only help to greatly reduce the time wasted by forensic investigators in conducting on-site collection of Computer equipment. RAFT (Remote Acquisition Forensic Tool) is a system designed to facilitate forensic investigators by remotely gathering digital evidence. This is achieved through the implementation of a secure, verifiable client/server imaging architecture. The RAFT system is designed to be relatively easy to use, requiring minimal technical knowledge on behalf of the user. One of the key focuses of RAFT is to ensure that the evidence it gathers remotely is court admissible. This is achieved by ensuring that the image taken using RAFT is verified to be identical to the original evidence on a Suspect Computer.
-
online acquisition of digital forensic evidence
International Conference on Digital Forensics, 2009Co-Authors: Mark Scanlon, Mohand Tahar KechadiAbstract:Providing the ability to any law enforcement officer to remotely transfer an image from any Suspect Computer directly to a forensic laboratory for analysis, can only help to greatly reduce the time wasted by forensic investigators in conducting on-site collection of Computer equipment. RAFT (Remote Acquisition Forensic Tool) is a system designed to facilitate forensic investigators by remotely gathering digital evidence. This is achieved through the implementation of a secure, verifiable client/server imaging architecture. The RAFT system is designed to be relatively easy to use, requiring minimal technical knowledge on behalf of the user. One of the key focuses of RAFT is to ensure that the evidence it gathers remotely is court admissible. This is achieved by ensuring that the image taken using RAFT is verified to be identical to the original evidence on a Suspect Computer.
Mohand Tahar Kechadi - One of the best experts on this subject based on the ideXlab platform.
-
online acquisition of digital forensic evidence
International Conference on Digital Forensics, 2009Co-Authors: Mark Scanlon, Mohand Tahar KechadiAbstract:Providing the ability to any law enforcement officer to remotely transfer an image from any Suspect Computer directly to a forensic laboratory for analysis, can only help to greatly reduce the time wasted by forensic investigators in conducting on-site collection of Computer equipment. RAFT (Remote Acquisition Forensic Tool) is a system designed to facilitate forensic investigators by remotely gathering digital evidence. This is achieved through the implementation of a secure, verifiable client/server imaging architecture. The RAFT system is designed to be relatively easy to use, requiring minimal technical knowledge on behalf of the user. One of the key focuses of RAFT is to ensure that the evidence it gathers remotely is court admissible. This is achieved by ensuring that the image taken using RAFT is verified to be identical to the original evidence on a Suspect Computer.
Hash Functions - One of the best experts on this subject based on the ideXlab platform.
-
Bootable examination environment Bootable CD Bootable DVD
2015Co-Authors: Hash FunctionsAbstract:Differential analysis 1. Conducting a quick examination of the Suspect's ma-chine at the scene in a trusted operating system. eed to perform a n where the sus-d off and discon-cquired. live system from a some degradation nsic bootable CD/ problems which compromise their utility and potentially call the digital evidence they are used to collect into doubt (Forensicswiki.org, 2012). Chief amongst these problems is that the bootable live CD/DVD examination environments may alter the Suspect Computer system's hard disks during the examination process. Such an alteration calls into question the forensic soundness of the examination
Mutyethau, David Matingi - One of the best experts on this subject based on the ideXlab platform.
-
Developing an automated malware detection, analysis and reporting tool for MS-Windows
Strathmore University, 2019Co-Authors: Mutyethau, David MatingiAbstract:A thesis submitted in partial fulfilment of the requirements for the Degree of Master of Science in Information Systems Security (MSc.ISS) at Strathmore UniversityMemory and Computer forensics is a field that has witnessed a lot of advancements in the recent past. Memory forensics enables investigators acquire and investigate the content of a Computer’s RAM while Computer forensics enable the investigator to acquire information from the hard drive. While valuable artifacts can be extracted from Computers, the use of this technique presents several challenges, such as, data acquisition, searching for artifacts and data analysis of extracted information. The variants of malware families share typical behavioral patterns reflecting their origin and purpose. The behavioral patterns obtained either statically or dynamically can be exploited to detect and classify unknown malwares into their known families using machine learning techniques. This dissertation aims to create a malware detection, analysis and reporting tool that shall be open source, user friendly, intuitive and automated for MS Windows. The tool shall assist forensic investigators in discovering crucial information in the Suspect Computer such as malware present. The tool shall analyse content stored in the Computer’s hard drive and captured memory images. This shall include analysis of single files, folders, hard disk partitions and the entire hard disk. For live memory, the tool shall aim to determine processes and files that were open or present at time of live analysis
