Digital Forensonomics the Economics of Digital Forensics
|
|
- Adam Hunt
- 7 years ago
- Views:
Transcription
1 Digital Forensonomics the Economics of Digital Forensics Richard E Overill Department of Informatics, King s College London, Strand, London WC2R 2LS, UK richard.overill@kcl.ac.uk Abstract. This paper introduces the economics of digital forensics (EDF) and describes the use of template patterns based on Bayesian network architectures for producing cost effective digital forensic investigations, making use of econometric quantities such as return on investment or cost benefit ratio to prioritise the recovery of digital evidential traces. A case study involving an actual distributed denial of service (DDoS) prosecution.is presented exemplifying the practical application of these ideas. Keywords: economics; digital forensics; cost-effectiveness metrics, return on investment, cost benefit ratio 1 Introduction and Background The economics of information security (EIS) has become a well-established research area [1], as evidenced by the continuing annual series of WEIS workshops beginning in 2002 [2]. EIS has provided many valuable insights for understanding the economic forces driving trends in both cybercrime and information security strategies. The economics of digital forensics (EDF) can be developed in a somewhat similar manner, in order to assist digital forensic investigators in prioritising and scheduling investigations so as to optimise their cost-effectiveness. In the resource constrained, investigation overloaded environment of a present day digital forensics laboratory (DFL), such an approach can lead to both early abandonment of unpromising investigations and also to gaining quick wins of low-hanging fruit in other investigations. The approach makes use of the fact that while no two digital forensics investigations are identical, a relatively large proportion of investigations can be categorised as belonging to one of a relatively small number of templates, each of which can be represented as a pattern. This is a consequence of the empirical observation that cyber-crime, and hence its forensic investigation, generally follows a Pareto distribution, also known informally as an 80:20 law. For example, in the Hong Kong Special Administrative Region of the People s Republic of China, it was recently estimated that 80% of all digital crimes investigated by law enforcement can be categorised as one of just five basic e-crime templates [3]. This is probably due to the ready availa-
2 bility of exploit kits, which tends to result in a preponderance of lookalike cybercrimes. In order to exploit this observation, it is necessary to develop cost-effective template patterns for the forensic investigation of these frequently occurring cybercrimes (FOCs). Such templates are constructed by defining, for each FOC, the anticipated digital evidential traces that would need to be recovered in order to make a criminal case with a realistic chance of securing a conviction at trial. For each evidential trace the associated resource implications for its recovery, analysis and interpretation, measured in terms of investigator-hours and specialised equipment utilisation (where appropriate), are itemised, together with an estimate of its probative value (or evidential weight) to the case. In general, by no means all evidential traces contribute the same probative value to a case. For example, the evidence that the seized computer was connected to the internet at the material time, whilst essential to enable the launch of a DDoS attack, would not of itself be of high probative value since virtually all computers are internet-connected most of the time. On the other hand, evidence that computer contained DDoS command and control (C&C) launch software at the material time would be of high probative value if the forensic investigation concerned a suspected DDoS attack. 2 Theory and Methodology The essence of this approach is to prioritise the evidence recovery schedule so that the high probative value, low resource consuming evidential traces (the low-hanging fruit ) are recovered first, while low probative value, high resource intensive evidential traces (which are subject to the Law of Diminishing Returns) are deferred until it is clear whether they are actually required for the probable success of the case. There are a number of economics related metrics that can be employed to prioritise the recovery of the evidential traces, most notably return-on-investment (RoI) and costbenefit ratio (CBR) [4]. Alternatively, one can assign costs and weights to each evidential trace, and then schedule them in order of increasing cost within decreasing probative value [5]. The monetised cost of recovering a specific expected digital evidence trace is evaluated as the estimated (typically average) number of examiner hours required multiplied by the estimated (typically average) hourly cost (including overheads) of an examiner plus the hourly cost of using any specialist equipment. The weights or probative values of the expected evidential traces are agreed and assigned by experienced expert examiners and normalised to sum to unity. Then, for the recovery of expected evidential trace E i, (RoI) i = (CBR) i -1 = (probative-value) i / [(#examiner-hours) i (hourly-cost)] (1) The template pattern generated for each category of frequently occurring cybercrime investigation is conveniently represented by a Bayesian network (BN) architecture [6]. A BN is a directed acyclic graph (DAG) in which the leaf nodes represent the expected evidential traces E i and the interior nodes represent the sub-hypotheses H j which in turn combine to form the root hypothesis H for the digital forensic investiga-
3 tion [7]. After populating the interior nodes with conditional probabilities (likelihoods) and assigning prior probabilities to the root node, the BN will then propagate these probabilities using Bayesian inference to produce a posterior probability for the root hypothesis. However, it is the architecture of the BN together with the definition of each sub-hypothesis and its associated evidential traces, which define the template pattern characterising the specific investigation category. See Figure 1 and Table 1 for an example of such a BN based template pattern from an actual Hong Kong police investigation of a suspected extortion-based DDoS attack launched from a seized computer [8]. 3 Implementation and Results A prototype implementation of the scheme described above has been made in Java at King s College London under the auspices of an ICUK-funded Proof of Concept award, and subsequently licenced to Intellas UK for further commercial development [9]. It should be noted that such template patterns may be employed during each phase of a digital forensic investigation, namely, the triage, preliminary inspection and indepth examination stages [10]. A more detailed consideration of the role of costeffective prioritisation and scheduling during the triage stage of digital forensic examinations has been given in [11]. As an actual example, we take the DDoS case alluded to above and detailed in Table 1 and Figure 1. Note that Table 1 also contains the unordered RoI values calculated by Equation (1) using a notional cost metric. After ordering the RoI values into descending order we obtain: {E 3, E 13, E 15 }, {E 1, E 2, E 4, E 5, E 6, E 7 }, {E 8, E 9, E 10, E 11, E 12, E 14 } where the braces enclose sets of evidential traces possessing equal RoI values. However, as it stands the above scheme does not take account of the absence of exonerating evidential traces, which we term collectively anti-evidence, Ē. In the present DDoS example, we noted above that there is at least one piece of (low probative value) evidence, which, if it were absent, would immediately cause the case to fail; namely, that the seized computer was connected to the internet at the material time. If we label this anti-evidential trace Ē 1 and continue enumerating the set Ē, then the Ē i should be recovered first (in order of increasing likelihood if this can be inferred). If any Ē i is absent then the investigation should immediately be abandoned. The modified scheme: {Ē 1 }, {E 3, E 13, E 15 }, {E 1, E 2, E 4, E 5, E 6, E 7 }, {E 8, E 9, E 10, E 11, E 12, E 14 }
4 represents a cost-effective prioritisation strategy for the recovery and analysis of the E i in the absence of any other overriding considerations (see below). In particular, if one or more evidential traces of highest probative value are not recovered, it may be possible to abandon the investigation at that point since the minimum requisite probative value for building a case with a realistic chance of securing a conviction at trial may now be unattainable. Equally, it may be possible to terminate the investigation without the expenditure of resources associated with recovering the last few evidential traces of lowest probative value provided that any notional probative value threshold for securing a conviction beyond a reasonable doubt has already been comfortably exceeded. In either case, scarce investigative resources are thereby conserved for use in other digital forensic investigations. Although the posterior output of the BN itself is not of direct relevance to the prioritization strategy described here, recent studies have demonstrated that the BN posterior output is rather insensitive to the exact choice of BN conditional probability values (likelihoods) [12, 13]. However, it has been shown to be much more strongly dependent on whether or not one or more evidential traces are unrecoverable [14]. 4 Caveats and Conclusions A number of caveats regarding the use of cost-effective prioritisation schemes such as that de-scribed here are in order. In circumstances where there may be imminent danger to human life or safety (for example, in a suspected child abduction case) it is clearly inappropriate to employ cost-effectiveness as a criterion. Additionally, where outsourced requests for information from other agencies may involve lag times of days or even weeks (for example, MLAT requests to law enforcement organisations in other countries), it will be necessary to hyper-prioritise such requests in order that the delay in response does not hold up the progress of the entire investigation; such Critical Path phenomena can be handled in a straightforward manner provided that the estimated (typically average) delay is known [11]. In conclusion, it may be stated that BN architectures provide useful template patterns for characterising digital FOCs. Given the empirical evidence that the occurrence of digital crimes follows a Pareto distribution, and that DFL resources are overloaded with investigative work, a cost-effective strategy for the forensic investigation of such crimes involves recovering each anticipated evidential trace in order of decreasing RoI (or increasing CBR), thereby enabling unpromising investigations to be terminated early on while already successful investigations may not need to run their full course. Acknowledgements. The author acknowledges Dr Frank Y W Law (Inspector, Hong Kong Police Department) for supplying the DDoS BN architecture (Figure 1) and the associated evidential weights and costs (Table 1). A helpful discussion with Dr David
5 Llewellyn-Jones (Liverpool John Moores University) at Cyberpatterns 2013 is also gratefully acknowledged. References [1] Anderson R & Moore T, The economics of information security, Science (27 October 2006), Vol. 314 no pp [2] WEIS, see for links to previous WEIS workshops. [3] Kwan M & Law F, personal communication (2010) [4] Cohen F, Two models of digital forensic investigation, Proceedings of the 4th IEEE workshop on systematic approaches to digital forensic engineering (SADFE), Berkeley, CA, USA; May pp [5] Overill R E, Kwan Y K, Chow K P, Lai K Y & Law Y W, A Cost-Effective Digital Forensics Investigation Model, Advances in Digital Forensics V, Ch.15, pp , Springer (2009). [6] Pearl J, Fusion, propagation and structuring in belief networks, Artificial Intelligence, Vol. 29, pp , [7] Kwan M, Chow K-P, Law F & Lai P. Reasoning about evidence using Bayesian network, Advances in Digital Forensics IV, Ch. 22, pp , Springer (2008) [8] Law F, personal communication (2010). [9] Digital Forensic Advisor, ICUK KCL-021 Proof of Concept award (2010). [10] Casey E, Ferraro M & Nguyen L. Investigation delayed is justice denied: proposals for expediting forensic examinations of digital evidence. Journal of Forensic Sciences 54(6) (2009) [11] Overill, R E, Silomon, J A M & Roscoe, K A, Triage Template Pipelines in Digital Forensic Investigations, Digital Investigation, 10 (2013) in press. DOI: [12] Overill R E, Silomon J A M, Kwan Y K, Chow K P, Law Y W & Lai K Y, Sensitivity Analysis of a Bayesian Network for Reasoning about Digital Forensic Evidence, 4th International Workshop on Forensics for Future Generation Communication Environments (F2GC-2010), in Proc. HumanCom-2010: 3rd International Conference on Human-Centric Computing, Cebu, Philippines, August 2010, IEEE Press, pp [13] Kwan M, Overill R, Chow K-P, Tse H, Law F & Lai P, Sensitivity Analysis of Digital Forensic Reasoning in Bayesian Network Mod-els, Advances in Digital Forensics VII, pp , Springer (2011), Proc. 7th Annual IFIP WG 11.9 International Conference on Digital Forensics, Orlando, Florida, USA, 30 January - 2 February [14] Overill, R E and Silomon, J A M, Six Simple Schemata for Approximating Bayesian Belief Networks, in Cyberforensics: Issues and Perspectives, Proc. 1st International Conference on Cybercrime, Security and Digital Forensics (ed. GRS Weir), Glasgow, UK, June 2011, pp
6 Table 1. BN template data for forensic investigation of a suspected DDoS attack Key Description Weight Cost RoI H The seized computer was used to launch a DDoS attack against a target computer. H1 The seized computer was used to access the target computer H2 The seized computer was used to launch a DDoS attack E1 IP address of target computer was found on seized 1/15 1 1/15 computer E2 URL of target computer was found on seized computer 1/15 1 1/15 E3 IP address of target computer matched the accessed 2/15 1 2/15 IP address logged by the ISP E4 Log file records on seized computer indicate target 1/15 1 1/15 computer was accessed E5 Extortion messages to the victim were found on 1/15 1 1/15 seized computer E6 Seized computer s IP address matched attacking IP 1/15 1 1/15 address logged by the ISP E7 DDoS tools were found on seized computer 1/15 1 1/15 E8 Log file records show seized computer was used to 1/30 1 1/30 search for online DDoS tools E9 Log file records show seized computer was used to 1/30 1 1/30 download online DDoS tools E10 A BotNet C&C program was found on the seized 1/30 1 1/30 computer E11 Log file records show seized computer was used to 1/30 1 1/30 search for online BotNet tools E12 Log file records show seized computer was used to 1/30 1 1/30 download online BotNet tools E13 Log file records show seized computer was used to 2/15 1 2/15 launch DDoS attack on target E14 Log file records show the seized computer was connected 1/30 1 1/30 to a BotNet E15 IP address of seized computer matched that of Bot- Net C&C program 2/15 1 2/15
7 E1 E2 H1 E3 E4 E5 H E6 E7 E8 E9 H2 E10 E11 E12 E13 E14 E15 Fig. 1. BN template pattern for forensic investigation of a suspected DDoS attack
Digital Meta-Forensics: Quantifying the Investigation. Richard E Overill and Jantje A M Silomon
Digital Meta-Forensics: Quantifying the Investigation Richard E Overill and Jantje A M Silomon Department of Computer Science, King's College London, Strand, London WC2R 2LS, UK {richard.overill jantje.a.silomon}(at)kcl.ac.uk
More informationCONCEPT MAPPING FOR DIGITAL FORENSIC INVESTIGATIONS
Chapter 22 CONCEPT MAPPING FOR DIGITAL FORENSIC INVESTIGATIONS April Tanner and David Dampier Abstract Research in digital forensics has yet to focus on modeling case domain information involved in investigations.
More informationManaging and removing foreign national offenders
Report by the Comptroller and Auditor General Home Office, Ministry of Justice and Foreign & Commonwealth Office Managing and removing foreign national offenders HC 441 SESSION 2014-15 22 OCTOBER 2014
More informationChapter 14 Managing Operational Risks with Bayesian Networks
Chapter 14 Managing Operational Risks with Bayesian Networks Carol Alexander This chapter introduces Bayesian belief and decision networks as quantitative management tools for operational risks. Bayesian
More informationPiecing Digital Evidence Together. Service Information
Piecing Digital Evidence Together Service Information Services Overview Mobile and Tablet Forensics Mobile Phone Forensics is the legally tested and approved systematic examination of mobile phones, SIM
More informationCRIMINAL JUSTICE RESPONSES TO TRAFFICKING IN PERSONS: ASEAN PRACTITIONER GUIDELINES
CRIMINAL JUSTICE RESPONSES TO TRAFFICKING IN PERSONS: ASEAN PRACTITIONER GUIDELINES [As finalized by the ASEAN Ad-Hoc Working Group on Trafficking in Persons, 25 June 2007, Vientiane, Lao PDR; and endorsed
More informationBOR 6432 Cybersecurity and the Constitution. Course Bibliography and Required Readings:
BOR 6432 Cybersecurity and the Constitution Course Description This course examines the scope of cybercrime and its impact on today s system of criminal justice. Topics to be studied include: cybercrime
More informationThis innovative project (FIIP) will provide invaluable tools for investigators to prioritise targets in the area of child sexual exploitation.
The purpose of FIIP The FIIP Project is a partnership of European law enforcements child protection teams and university academics with expertise in this field. The partnership is working together, developing
More informationComputer Forensics using Bayesian Network: A Case Study
Computer Forensics using Bayesian Network: A Case Study Michael Y.K. Kwan, K.P. Chow, Frank Y.W. Law, Pierre K.Y. Lai {ykkwan,chow,ywlaw,kylai}@cs.hku.hk The University of ong Kong Abstract Like the traditional
More informationTHE G8 24/7 NETWORK OF CONTACT POINTS Protocol Statement
How the G8 24/7 Network Operates THE G8 24/7 NETWORK OF CONTACT POINTS Protocol Statement The G8 24/7 points of contact are provided for investigations involving electronic evidence that require urgent
More informationHow To Become A Forensic Technician
PERSON SPECIFICATION Area: EMSOU Job Title: Digital Forensic Technician Weekly Hours: Section: CCU Scale: SO2 Version: V1 Post No: HP083 Status: Substantive Version Date: 37 January 2014 Please describe,
More informationFault Localization in a Software Project using Back- Tracking Principles of Matrix Dependency
Fault Localization in a Software Project using Back- Tracking Principles of Matrix Dependency ABSTRACT Fault identification and testing has always been the most specific concern in the field of software
More informationThreat Intelligence UPDATE: Cymru EIS Report. www.team- cymru.com
Threat Intelligence Group UPDATE UPDATE: SOHO Pharming A Team Cymru EIS Report Powered Page by T1eam Threat Intelligence Group of 5 C ymru s This is an update on the SOHO Pharming case we published a little
More informationA Study of Detecting Credit Card Delinquencies with Data Mining using Decision Tree Model
A Study of Detecting Credit Card Delinquencies with Data Mining using Decision Tree Model ABSTRACT Mrs. Arpana Bharani* Mrs. Mohini Rao** Consumer credit is one of the necessary processes but lending bears
More informationInvestigations Support
Investigations Support for Fraud and Financial Crimes This document explains how CIFAS information can: support your investigations into any crime type - not just fraud disrupt Organised Criminal Groups
More informationThe Impact of Cybercrime on Business
The Impact of Cybercrime on Business Studies of IT practitioners in the United States, United Kingdom, Germany, Hong Kong and Brazil Sponsored by Check Point Software Technologies Independently conducted
More informationVirtual Enterprise Transactions: A Cost Model
Virtual Enterprise Transactions: A Cost Model A. D Atri 1 and A. Motro 2 Abstract A transaction is a bilateral exchange between two parties in which goods are delivered in return for payment. In virtual
More informationActive Internet Traffic Filtering to Denial of Service Attacks from Flash Crowds
Active Internet Traffic Filtering to Denial of Service Attacks from Flash Crowds S.Saranya Devi 1, K.Kanimozhi 2 1 Assistant professor, Department of Computer Science and Engineering, Vivekanandha Institute
More information1. This report outlines the Force s current position in relation to the Policing of Cyber Crime.
Agenda Item No. 5 COMMUNITY OUTCOMES MEETING SUBJECT: CYBER CRIME 4 August 2015 Report of the Chief Constable PURPOSE OF THE REPORT 1. This report outlines the Force s current position in relation to the
More informationCEOP Relationship Management Strategy
Making every child child matter matter... everywhere... everywhere CEOP Relationship Management Strategy Breaking down the barriers to understanding child sexual exploitation Child Exploitation and Online
More informationCRIME SCENE INVESTIGATION THROUGH DNA TRACES USING BAYESIAN NETWORKS
CRIME SCENE INVESTIGATION THROUGH DNA TRACES USING BAYESIAN NETWORKS ANDRADE Marina, (PT), FERREIRA Manuel Alberto M., (PT) Abstract. The use of biological information in crime scene identification problems
More informationUnderstanding organised crime: estimating the scale and the social and economic costs Research Report 73. Hannah Mills, Sara Skodbo and Peter Blyth
Understanding organised crime: estimating the scale and the social and economic costs Research Report 73 Hannah Mills, Sara Skodbo and Peter Blyth October 2013 Understanding organised crime: Estimating
More informationPlanning to Fail - Reliability Needs to Be Considered a Priori in Multirobot Task Allocation
Planning to Fail - Reliability Needs to Be Considered a Priori in Multirobot Task Allocation Stephen B. Stancliff, John Dolan The Robotics Institute Carnegie Mellon University Pittsburgh, PA, USA {sbs,jmd}@cmu.edu
More informationWhite Paper. Intelligent DDoS Protection Use cases for applying DDoS Intelligence to improve preparation, detection and mitigation
White Paper Intelligent DDoS Protection Use cases for applying DDoS Intelligence to improve preparation, detection and mitigation Table of Contents Introduction... 3 Common DDoS Mitigation Measures...
More informationDDOS WALL: AN INTERNET SERVICE PROVIDER PROTECTOR
Journal homepage: www.mjret.in DDOS WALL: AN INTERNET SERVICE PROVIDER PROTECTOR Maharudra V. Phalke, Atul D. Khude,Ganesh T. Bodkhe, Sudam A. Chole Information Technology, PVPIT Bhavdhan Pune,India maharudra90@gmail.com,
More informationNemea: Searching for Botnet Footprints
Nemea: Searching for Botnet Footprints Tomas Cejka 1, Radoslav Bodó 1, Hana Kubatova 2 1 CESNET, a.l.e. 2 FIT, CTU in Prague Zikova 4, 160 00 Prague 6 Thakurova 9, 160 00 Prague 6 Czech Republic Czech
More informationSalary Range: Hours Per Week: 37 Flexi Monday to Friday Reference No: S136-15 Closing Date: 4.00pm on Friday 19 June 2015
Job Title: Salary Range: Location: Department: Permanent / Temporary: Police Forensic Specialist 18,933 to 34,098 per annum (LC5-9) Progression arrangements apply Lancashire Constabulary Headquarters Scientific
More informationAdvanced TTCN-3 Test Suite validation with Titan
Proceedings of the 9 th International Conference on Applied Informatics Eger, Hungary, January 29 February 1, 2014. Vol. 2. pp. 273 281 doi: 10.14794/ICAI.9.2014.2.273 Advanced TTCN-3 Test Suite validation
More informationOverview TECHIS60441. Carry out security testing activities
Overview Information, services and systems can be attacked in various ways. Understanding the technical and social perspectives, how attacks work, the technologies and approaches used are key to being
More informationPlaying Our Part in Responding to National Threats
Agenda Item 7 Report of: The Secretary of the Police and Crime Panel Date: 1 February 2016 1. Purpose of Report Playing Our Part in Responding to National Threats 1.1 This report provides Members with
More informationStrategic Priorities for the Cooperation against Cybercrime in the Eastern Partnership Region
CyberCrime@EAP EU/COE Eastern Partnership Council of Europe Facility: Cooperation against Cybercrime Strategic Priorities for the Cooperation against Cybercrime in the Eastern Partnership Region Adopted
More informationBIG DATA TRIAGE & DIGITAL FORENSICS
BIG DATA TRIAGE & DIGITAL FORENSICS Lead by Professor John Walker FRSA FBCS CITP ITPC CRISC MFSoc INTERGRAL SECURITY XSSURANCE LTD WHAT IS DATA TRIAGE & DIGITAL FORENSICS? Triage is a process used to assess
More informationEstablishing a State Cyber Crimes Unit White Paper
Establishing a State Cyber Crimes Unit White Paper Utah Department of Public Safety Commissioner Keith Squires Deputy Commissioner Jeff Carr Major Brian Redd Utah Statewide Information & Analysis Center
More informationCYBER SECURITY TRAINING SAFE AND SECURE
CYBER SECURITY TRAINING KEEPING YOU SAFE AND SECURE Experts in Cyber Security training. Hardly a day goes by without a cyber attack being reported. With this ever-increasing threat there is a growing need
More informationCRIMINAL JOURNEY MAPPING
The Quarterly Magazine for Digital Forensics Practitioners Issue 23 May 2015 Digital ForensicS / magazine WIN! an ipod Nano CRIMINAL JOURNEY MAPPING How to use Cyber Criminal Journeys to support forensics
More informationGOOD PRACTICE GUIDELINES FOR INSURANCE INVESTIGATION
GOOD PRACTICE GUIDELINES FOR INSURANCE INVESTIGATION 28.6.2012 1 GOOD PRACTICE GUIDELINES FOR INSURANCE INVESTIGATION Table of contents 1 Purpose of insurance investigation... 2 2 Investigating staff...
More informationIBM Technology in Public Safety
IBM Technology in Public Safety October 2012 Ron Fellows FIC, CMC Global SME, Public Safety IBM Global Business Services 1 Public Safety continues to face more and more pressure 44x Digital data growth
More informationResponse to the Mayor s Office for Policing and Crime and Metropolitan Police Service consultation paper
Response to the Mayor s Office for Policing and Crime and Metropolitan Police Service consultation paper MOPAC business crime strategy: protecting jobs and growth in London February 2014 Fraud Advisory
More informationSecurity Business Review
Security Business Review Security Business Review Q4: 2014 2 By Bitdefender Labs Security Business Review Botnet Anonymization Raises New Security Concerns Executive Overview While botnets, which are large
More informationUp/Down Analysis of Stock Index by Using Bayesian Network
Engineering Management Research; Vol. 1, No. 2; 2012 ISSN 1927-7318 E-ISSN 1927-7326 Published by Canadian Center of Science and Education Up/Down Analysis of Stock Index by Using Bayesian Network Yi Zuo
More informationA Case for Dynamic Selection of Replication and Caching Strategies
A Case for Dynamic Selection of Replication and Caching Strategies Swaminathan Sivasubramanian Guillaume Pierre Maarten van Steen Dept. of Mathematics and Computer Science Vrije Universiteit, Amsterdam,
More informationKaspersky Lab. Contents
KASPERSKY DDOS INTELLIGENCE REPORT Q3 2015 Contents Contents... 1 Q3 events... 2 Attacks on financial organizations... 2 Unusual attack scenario... 2 XOR DDoS bot activity... 2 DDoS availability... 3 Statistics
More information11. Analysis of Case-control Studies Logistic Regression
Research methods II 113 11. Analysis of Case-control Studies Logistic Regression This chapter builds upon and further develops the concepts and strategies described in Ch.6 of Mother and Child Health:
More informationComparison of internet connection records in the Investigatory Powers Bill with Danish Internet Session Logging legislation
Comparison of internet connection records in the Investigatory Powers Bill with Danish Internet Session Logging legislation We consider that, on balance, there is a case for Internet Connection Records
More informationThe Enhanced Digital Investigation Process Model
The Enhanced Digital Investigation Process Model Venansius Baryamureeba and Florence Tushabe barya@ics.mak.ac.ug, tushabe@ics.mak.ac.ug Institute of Computer Science, Makerere University P.O.Box 7062,
More information2-7 The Mathematics Models and an Actual Proof Experiment for IP Traceback System
2-7 The Mathematics Models and an Actual Proof Experiment for IP Traceback System SUZUKI Ayako, OHMORI Keisuke, MATSUSHIMA Ryu, KAWABATA Mariko, OHMURO Manabu, KAI Toshifumi, and NISHIYAMA Shigeru IP traceback
More informationA Model For Revelation Of Data Leakage In Data Distribution
A Model For Revelation Of Data Leakage In Data Distribution Saranya.R Assistant Professor, Department Of Computer Science and Engineering Lord Jegannath college of Engineering and Technology Nagercoil,
More informationKeynote. Professor Russ Davis Chairperson IC4MF & Work Shop Coordinator for Coordinator for Technology, Innovation and Exploitation.
Keynote Professor Russ Davis Chairperson IC4MF & Work Shop Coordinator for Coordinator for Technology, Innovation and Exploitation 6 & 7 Nov 2013 So many of us now don t just work online but live part
More informationCouncil Tax Reduction Anti-Fraud Policy
Council Tax Reduction Anti-Fraud Policy Richard Davies Head of Revenues and Benefits, Torfaen Head of Benefits, Monmouthshire April 2015 1 Contents Section 1. 3 Background 3 Legislation and Governance
More informationFighting Cyber Crime in the Telecommunications Industry. Sachi Chakrabarty
Fighting Cyber Crime in the Telecommunications Industry Sachi Chakrabarty Agenda Cyber Crime What s all the fuss about CyberCrime? DoS Attacks Telco Solutions Cybercrime? Cybercrime Definition All criminal
More informationStrategies to Protect Against Distributed Denial of Service (DDoS) Attacks
Strategies to Protect Against Distributed Denial of Service (DDoS) Attacks Document ID: 13634 Contents Introduction Understanding the Basics of DDoS Attacks Characteristics of Common Programs Used to Facilitate
More informationEvaluating Online Payment Transaction Reliability using Rules Set Technique and Graph Model
Evaluating Online Payment Transaction Reliability using Rules Set Technique and Graph Model Trung Le 1, Ba Quy Tran 2, Hanh Dang Thi My 3, Thanh Hung Ngo 4 1 GSR, Information System Lab., University of
More informationSecrecy Maintaining Public Inspecting For Secure Cloud Storage
Secrecy Maintaining Public Inspecting For Secure Cloud Storage K.Sangamithra 1, S.Tamilselvan 2 M.E, M.P.Nachimuthu.M.Jaganathan Engineering College, Tamilnadu, India 1 Asst. Professor, M.P.Nachimuthu.M.Jaganathan
More informationMOPAC C:? Programme for 2014/15 for the re-building of the MPS cyber capability to deliver a transformational
Title: Funding Application 2014/15 Cyber Crime Unit JEQUE5T FOR DMPC DECISION - DMPCD 2014 41 DMPCDv3 June 2012 1 F / Signature Date The aboyçjçest has my approval. Authority. Any such interests are recorded
More informationSecuring safe, clean drinking water for all
Securing safe, clean drinking water for all Enforcement policy Introduction The Drinking Water Inspectorate (DWI) is the independent regulator of drinking water in England and Wales set up in 1990 by Parliament
More informationUML MODELLING OF DIGITAL FORENSIC PROCESS MODELS (DFPMs)
UML MODELLING OF DIGITAL FORENSIC PROCESS MODELS (DFPMs) Michael Köhn 1, J.H.P. Eloff 2, MS Olivier 3 1,2,3 Information and Computer Security Architectures (ICSA) Research Group Department of Computer
More informationNot Protectively marked
Policy: Removal, Storage & Disposal of Vehicles Policy Approved date: Version 1-07/07/09 Version 2 (Review) 24/04/12 Version 3 Update 12/08/12 Owner: Ch Superintendent, Territorial Policing For release
More informationData quality in Accounting Information Systems
Data quality in Accounting Information Systems Comparing Several Data Mining Techniques Erjon Zoto Department of Statistics and Applied Informatics Faculty of Economy, University of Tirana Tirana, Albania
More informationCouncil of Europe Project on Cybercrime in Georgia Report by Virgil Spiridon and Nigel Jones. Tbilisi 28-29, September 2009
Council of Europe Project on Cybercrime in Georgia Report by Virgil Spiridon and Nigel Jones Tbilisi 28-29, September 2009 Presentation Contents An assessment of the Georgian view of cybercrime and current
More informationImproved Event Logging for Security and Forensics: developing audit management infrastructure requirements
Improved Event Logging for Security and Forensics: developing audit management infrastructure requirements Atif Ahmad & Anthonie Ruighaver University of Melbourne, Australia Abstract The design and implementation
More informationObject Request Reduction in Home Nodes and Load Balancing of Object Request in Hybrid Decentralized Web Caching
2012 2 nd International Conference on Information Communication and Management (ICICM 2012) IPCSIT vol. 55 (2012) (2012) IACSIT Press, Singapore DOI: 10.7763/IPCSIT.2012.V55.5 Object Request Reduction
More informationEffectiveness and Cost Efficiency of DNA Evidence in Volume Crime Denver Colorado Site Summary
Effectiveness and Cost Efficiency of DNA Evidence in Volume Crime Denver Colorado Site Summary Simon Ashikhmin 1, Susan G. Berdine 2, Mitchell R. Morrissey 1, and Greggory S. LaBerge 2 1 Denver District
More informationA TASTE OF HTTP BOTNETS
Botnets come in many flavors. As one might expect, these flavors all taste different. A lot of Internet users have had their taste of IRC, P2P and HTTP based botnets as their computers were infected with
More informationThe Code. for Crown Prosecutors
The Code for Crown Prosecutors January 2013 Table of Contents Introduction... 2 General Principles... 3 The Decision Whether to Prosecute... 4 The Full Code Test... 6 The Evidential Stage... 6 The Public
More informationPrepared by David Willson, OCIO in consultation with Marc Buchalter, Procurement Please send comments to David Willson at dwillson@berkeley.
Technology RFX Customer Guide Introduction This guide is intended for those that have identified a need to solicit bids from suppliers but may unclear on the different types of documents, the roles various
More informationTHE IMPACT OF INHERITANCE ON SECURITY IN OBJECT-ORIENTED DATABASE SYSTEMS
THE IMPACT OF INHERITANCE ON SECURITY IN OBJECT-ORIENTED DATABASE SYSTEMS David L. Spooner Computer Science Department Rensselaer Polytechnic Institute Troy, New York 12180 The object-oriented programming
More informationHow To Monitor Attackers On A Network On A Computer Or Network On An Uniden Computer (For Free) (For A Limited Time) (Czechian) (Cybercrime) (Uk) (Cek) (Kolomot
Recent development of tools to monitor attackers Daniel Kouril, Jan Vykopal lastname @ics.muni.cz 43 rd TF-CSIRT meeting 18 September, 2014, Rome, Italy About C4e project Single point of contact in Czech
More informationFREEDOM OF INFORMATION REQUEST
FREEDOM OF INFORMATION REQUEST Request Number: F-2009-00345 Keyword: Crime Subject: COMPUTER FORENSIC INVESTIGATION Request and Answer: I am writing to confirm that the Police Service of Northern Ireland
More information# # % &# # ( # ) + #, # #./0 /1 & 2 % 3 4 2 5 3 6 6 7 & 6 4 & 4 # 6 76 /0 / 6 7 & 6 4 & 4 # // 8 / 5 & /0 /# 6222 # /90 8 /9: ; & 0 0 6 76 /0 /!<!
! # # % &# # ( # ) + #, # #./0 /1 & 2 % 3 4 2 5 3 6 6 7 & 6 4 & 4 # 6 76 /0 / 6 7 & 6 4 & 4 # // 8 / 5 & /0 /# 6222 # /90 8 /9: ; & 0 0 6 76 /0 /!
More informationHow Economics and Information Security Affects Cyber Crime and What This Means in the Context of a Global Recession. Turbo Talk BH 2009 Peter Guerra
How Economics and Information Security Affects Cyber Crime and What This Means in the Context of a Global Recession Turbo Talk BH 2009 Peter Guerra Full Disclosure My opinions only not of my University,
More informationSecurity Intelligence Blacklisting
The following topics provide an overview of Security Intelligence, including use for blacklisting and whitelisting traffic and basic configuration. Security Intelligence Basics, page 1 Security Intelligence
More informationaurora Complex billing made simple billing software solutions www.aurora-billing.co.uk info@aurora-billing.co.uk 01634 673800
aurora billing software solutions Complex billing made simple www.aurora-billing.co.uk info@aurora-billing.co.uk 01634 673800 welcome a Aurora Kendrick James Limited (Aurora) provides Billing Software
More informationIntegrating Cyber-Forensics into a Forensic Science Masters Programme
Integrating Cyber-Forensics into a Forensic Science Masters Programme Richard E Overill Department of Computer Science, King s College London, Strand, London WC2R 2LS, U.K. richard.overill@kcl.ac.uk Abstract
More informationEvaluating Travelers Response to Social Media Using Facets-based ROI Metrics
University of Massachusetts - Amherst ScholarWorks@UMass Amherst Tourism Travel and Research Association: Advancing Tourism Research Globally Turning Insights Into Actions ~ the Crucial Role of Tourism
More informationEastbourne Borough Council Environmental Health Division Food Safety Enforcement Policy
Eastbourne Borough Council Environmental Health Division Food Safety Enforcement Policy INTRODUCTION The Council's approach to the enforcement of Food Safety reflects the responsibilities placed upon it
More informationDigital Forensic. A newsletter for IT Professionals. I. Background of Digital Forensic. Definition of Digital Forensic
I Digital Forensic A newsletter for IT Professionals Education Sector Updates Issue 10 I. Background of Digital Forensic Definition of Digital Forensic Digital forensic involves the collection and analysis
More informationIntroduction to. Hypothesis Testing CHAPTER LEARNING OBJECTIVES. 1 Identify the four steps of hypothesis testing.
Introduction to Hypothesis Testing CHAPTER 8 LEARNING OBJECTIVES After reading this chapter, you should be able to: 1 Identify the four steps of hypothesis testing. 2 Define null hypothesis, alternative
More informationMalicious MPLS Policy Engine Reconnaissance
Malicious MPLS Policy Engine Reconnaissance A. Almutairi 1 and S. Wolthusen 1,2 1 Information Security Group Royal Holloway, University of London, UK and 2 Norwegian Information Security Laboratory Gjøvik
More informationBotnet Detection by Abnormal IRC Traffic Analysis
Botnet Detection by Abnormal IRC Traffic Analysis Gu-Hsin Lai 1, Chia-Mei Chen 1, and Ray-Yu Tzeng 2, Chi-Sung Laih 2, Christos Faloutsos 3 1 National Sun Yat-Sen University Kaohsiung 804, Taiwan 2 National
More informationOptimised Realistic Test Input Generation
Optimised Realistic Test Input Generation Mustafa Bozkurt and Mark Harman {m.bozkurt,m.harman}@cs.ucl.ac.uk CREST Centre, Department of Computer Science, University College London. Malet Place, London
More informationModel-based Synthesis. Tony O Hagan
Model-based Synthesis Tony O Hagan Stochastic models Synthesising evidence through a statistical model 2 Evidence Synthesis (Session 3), Helsinki, 28/10/11 Graphical modelling The kinds of models that
More informationEmergency Response Service. 2013 IBM Corporation
Emergency Response Service Who is our team The Cyber Security Intelligence and Response team is staffed with: Highly skilled forensic analysts and consultants dedicated to incident response. Resident malware
More informationThe changing face of global data network traffic
The changing face of global data network traffic Around the turn of the 21st century, MPLS very rapidly became the networking protocol of choice for large national and international institutions. This
More informationHelping the police to support people with vulnerabilities
Helping the police to support people with vulnerabilities Contents Foreword 1 Mental Health Crisis Care Concordat 3 Mental Health Street Triage 4 Liaison and Diversion 5 Multi Agency Working 6 Drugs 7
More informationSafeguarding Adults at Risk Policy
Freedom of Information Act Publication Scheme Protective Marking Not Protectively Marked Publication Scheme Y/N Yes Title Safeguarding Adults at Risk Version 1 Summary The policy establishes clear guidelines
More informationHow to Optimise Lead Transfer to Sales - and See Your Revenue Grow
How to Optimise Lead Transfer to Sales - and See Your Revenue Grow A whitepaper by It s the Age-Old Scenario Table of Contents It s the Age-Old Scenario So How to Bridge this Gap? Lead Handover in Practice
More informationGOOD PRACTICE GUIDELINES FOR INSURANCE INVESTIGATION
GOOD PRACTICE GUIDELINES FOR INSURANCE INVESTIGATION 6 March 2014 1 Good practice guidelines for insurance investigation Table of contents 1 Purpose of insurance investigation... 2 2 Investigating staff...
More informationMODEL DRIVEN DEVELOPMENT OF BUSINESS PROCESS MONITORING AND CONTROL SYSTEMS
MODEL DRIVEN DEVELOPMENT OF BUSINESS PROCESS MONITORING AND CONTROL SYSTEMS Tao Yu Department of Computer Science, University of California at Irvine, USA Email: tyu1@uci.edu Jun-Jang Jeng IBM T.J. Watson
More informationDDoS Overview and Incident Response Guide. July 2014
DDoS Overview and Incident Response Guide July 2014 Contents 1. Target Audience... 2 2. Introduction... 2 3. The Growing DDoS Problem... 2 4. DDoS Attack Categories... 4 5. DDoS Mitigation... 5 1 1. Target
More informationUsing Provenance to Improve Workflow Design
Using Provenance to Improve Workflow Design Frederico T. de Oliveira, Leonardo Murta, Claudia Werner, Marta Mattoso COPPE/ Computer Science Department Federal University of Rio de Janeiro (UFRJ) {ftoliveira,
More informationDigital Evidence Search Kit
Digital Evidence Search Kit K.P. Chow, C.F. Chong, K.Y. Lai, L.C.K. Hui, K. H. Pun, W.W. Tsang, H.W. Chan Center for Information Security and Cryptography Department of Computer Science The University
More informationImplementing a Security Management System: An Outline
Implementing a Security Management System: An Outline CAP 1273 Civil Aviation Authority 2015 All rights reserved. Copies of this publication may be reproduced for personal use, or for use within a company
More informationPEER-TO-PEER NETWORK
PEER-TO-PEER NETWORK February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without
More informationNOTTINGHAMSHIRE POLICE JOB DESCRIPTION. Volume Crime Scene Investigator. Divisional Bases
NOTTINGHAMSHIRE POLICE JOB DESCRIPTION Job title: Department/ Location: Responsible to: Responsible for: Volume Crime Scene Investigator Crime Scene Investigation Department, Divisional Bases Crime Scene
More informationHow To Read Memory Chips From A Cell Phone Or Memory Chip
Recovering data from mobile phones An easy, cost-effective service based on the NFI Memory Toolkit by the Netherlands Forensic Institute Mobile phones a rich source of valuable information Mobile phones
More informationReal Time Network Server Monitoring using Smartphone with Dynamic Load Balancing
www.ijcsi.org 227 Real Time Network Server Monitoring using Smartphone with Dynamic Load Balancing Dhuha Basheer Abdullah 1, Zeena Abdulgafar Thanoon 2, 1 Computer Science Department, Mosul University,
More informationComputer Facilitated Crimes Against Children International Law Enforcement Training
Computer Facilitated Crimes Against Children International Law Enforcement Training The Computer Facilitated Crimes Against Children training seminar was designed to provide law enforcement around the
More informationIMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE
IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE Solution Brief SUMMARY New security threats demand a new approach to security management. Security teams need a security analytics architecture that can handle
More informationEfficient Detection of Ddos Attacks by Entropy Variation
IOSR Journal of Computer Engineering (IOSRJCE) ISSN: 2278-0661, ISBN: 2278-8727 Volume 7, Issue 1 (Nov-Dec. 2012), PP 13-18 Efficient Detection of Ddos Attacks by Entropy Variation 1 V.Sus hma R eddy,
More information2 Computer Science and Information Systems Research Projects
2 Computer Science and Information Systems Research Projects This book outlines a general process for carrying out thesis projects, and it embraces the following components as fundamentally important:
More information