Biblio

The rise of malware attack and data leakage is putting the Internet at a higher risk. Digital forensic examiners responsible for cyber security incident need to continually update their processes, knowledge and tools due to changing technology. These attack activities can be investigated by means of Digital Triage Forensics (DTF) methodologies. DTF is a procedural model for the crime scene investigation of digital forensic applications. It takes place as a way of gathering quick intelligence, and presents methods of conducting pre/post-blast investigations. A DTF framework of Window malware forensic toolkit is further proposed. It is also based on ISO/IEC 27037: 2012 - guidelines for specific activities in the handling of digital evidence. The argument is made for a careful use of digital forensic investigations to improve the overall quality of expert examiners. This solution may improve the speed and quality of pre/post-blast investigations. By considering how triage solutions are being implemented into digital investigations, this study presents a critical analysis of malware forensics. The analysis serves as feedback for integrating digital forensic considerations, and specifies directions for further standardization efforts.

The modern malware poses serious security threats because of its evolved capability of using staged and persistent attack while remaining undetected over a long period of time to perform a number of malicious activities. The challenge for malicious actors is to gain initial control of the victim's machine by bypassing all the security controls. The most favored bait often used by attackers is to deceive users through a trusting or interesting email containing a malicious attachment or a malicious link. To make the email credible and interesting the cybercriminals often perform reconnaissance activities to find background information on the potential target. To this end, the value of information found on the discarded or stolen storage devices is often underestimated or ignored. In this paper, we present the partial results of analysis of one such hard disk that was purchased from the open market. The data found on the disk contained highly sensitive personal and organizational data. The results from the case study will be useful in not only understanding the involved risk but also creating awareness of related threats.

Up-to-date studies and surveys regarding IT security show, that companies of every size and branch nowadays are faced with the growing risk of cyber crime. Many tools, standards and best practices are in place to support enterprise IT security experts in dealing with the upcoming risks, whereas meanwhile especially small and medium sized enterprises(SMEs) feel helpless struggling with the growing threats. This article describes an approach, how SMEs can attain high quality assurance whether they are a victim of cyber crime, what kind of damage resulted from a certain attack and in what way remediation can be done. The focus on all steps of the analysis lies in the economic feasibility and the typical environment of SMEs.
 

Artificial monitoring is no longer able to match the rapid growth of cybercrime, it is in great need to develop a new spatial analysis technology which allows emergency events to get rapidly and accurately locked in real environment, furthermore, to establish correlative analysis model for cybercrime prevention strategy. On the other hand, Geography information system has been changed virtually in data structure, coordinate system and analysis model due to the “uncertainty and hyper-dimension” characteristics of network object and behavior. In this paper, the spatial rules of typical cybercrime are explored on base of GIS with Internet searching and IP tracking technology: (1) Setup spatial database through IP searching based on criminal evidence. (2)Extend GIS data-structure and spatial models, add network dimension and virtual attribution to realize dynamic connection between cyber and real space. (3)Design cybercrime monitoring and prevention system to discover the cyberspace logics based on spatial analysis.