Biblio

Generally, methods of authentication and identification utilized in asserting users' credentials directly affect security of offered services. In a federated environment, service owners must trust external credentials and make access control decisions based on Assurance Information received from remote Identity Providers (IdPs). Communities (e.g. NIST, IETF and etc.) have tried to provide a coherent and justifiable architecture in order to evaluate Assurance Information and define Assurance Levels (AL). Expensive deployment, limited service owners' authority to define their own requirements and lack of compatibility between heterogeneous existing standards can be considered as some of the unsolved concerns that hinder developers to openly accept published works. By assessing the advantages and disadvantages of well-known models, a comprehensive, flexible and compatible solution is proposed to value and deploy assurance levels through a central entity called Proxy.

Subscriber Identity Module (SIM) is the backbone of modern mobile communication. SIM can be used to store a number of user sensitive information such as user contacts, SMS, banking information (some banking applications store user credentials on the SIM) etc. Unfortunately, the current SIM model has a major weakness. When the mobile device is lost, an adversary can simply steal a user's SIM and use it. He/she can then extract the user's sensitive information stored on the SIM. Moreover, The adversary can then pose as the user and communicate with the contacts stored on the SIM. This opens up the avenue to a large number of social engineering techniques. Additionally, if the user has provided his/her number as a recovery option for some accounts, the adversary can get access to them. The current methodology to deal with a stolen SIM is to contact your particular service provider and report a theft. The service provider then blocks the services on your SIM, but the adversary still has access to the data which is stored on the SIM. Therefore, a secure scheme is required to ensure that only legal users are able to access and utilize their SIM.

Nowadays, Memory Forensics is more acceptable in Cyber Forensics Investigation because malware authors and attackers choose RAM or physical memory for storing critical information instead of hard disk. The volatile physical memory contains forensically relevant artifacts such as user credentials, chats, messages, running processes and its details like used dlls, files, command and network connections etc. Memory Forensics involves acquiring the memory dump from the Suspect's machine and analyzing the acquired dump to find out crucial evidence with the help of windows pre-defined kernel data structures. While retrieving different artifacts from these data structures, finding the network connections from Windows 7 system's memory dump is a very challenging task. This is because the data structures that store network connections in earlier versions of Windows are not present in Windows 7. In this paper, a methodology is described for efficiently retrieving details of network related activities from Windows 7 x64 memory dump. This includes remote and local IP addresses and associated port information corresponding to each of the running processes. This can provide crucial information in cyber crime investigation.