When most people go to the trouble of getting erasure tools to remove data from their hard drives... more When most people go to the trouble of getting erasure tools to remove data from their hard drives they expect the job is done correctly. Using erasure tools is a step to protect privacy by assuming the applied tools erase data rather than simply delete data that may be recovered using forensic tools. In this research we tested the performance of the delete function on three web browsers against the performance of eight erasure tools with alarming results. It was found that the erasure tools had almost the same capability to delete data as the web browsers delete function; and that no tool actually erased data. The implications for people using these tools to protect sensitive data are profound. People and organisations as they retire, sell or dispose of their hardware containing information assets require assurance they will not be impacted by the adverse effects of unintended disclosure of sensitive information. Better software solutions are required and better software certification measures require implementation.
Network forensics concerns the identification and preservation of evidence from an event that has... more Network forensics concerns the identification and preservation of evidence from an event that has occurred or is likely to occur. The scope of network forensics encompasses the networks, systems and devices associated with the physical and human networks. In this paper we are assessing the forensic potential of a router in investigations. A single router is taken as a case study and analysed to determine its forensic value from both static and live investigation perspectives. In the live investigation, tests using steps from two to seven routers were used to establish benchmark expectations for network variations. We find that the router has many attributes that make it a repository and a site for evidence collection. The implications of this research are for investigators and the inclusion of routers in network forensic investigations.
Steganography is an ancient art that has received a mega boost in the digital age. Electronic com... more Steganography is an ancient art that has received a mega boost in the digital age. Electronic communications are easily accessible by most people and have a wide range of opportunities to embed secret messages in a diverse range of cover objects. Our research questions were: What can an investigator do to check for hidden messages in social media? And, how much searching is enough? The testing was conducted in replicated social networking sites and digital images were selected as the cover objects. The research findings showed that steganography is as easy as sending an email and not much more difficult than downloading and using one of the many steganographic tools available online. Our advice is that investigators do check for hidden messaging in digital media and that the best practice guide developed be used as a minimal baseline.
The convergence of services in Smart Technologies such as iPhones, Androids and multiple tablet w... more The convergence of services in Smart Technologies such as iPhones, Androids and multiple tablet work surfaces challenges the scope of any forensic investigation to include cloud environments, devices and service media. The analysis of current investigation guidelines suggests that each element in an investigation requires an independent procedure to assure the preservation of evidence. However we dispute this view and review the possibility of consolidating current investigation guidelines into a unified best practice guideline. This exploratory research proposes to fill a gap in digital forensic investigation knowledge for smart technologies used in business environments and to propose a better way to approach smart technology investigations.
Part of the Accounting Commons, Forensic Science and Technology Commons, and the Information Secu... more Part of the Accounting Commons, Forensic Science and Technology Commons, and the Information Security Commons Recommended Citation Recommended Citation Cusack, B., & Ahokov, T. (2016). Improving forensic software tool performance in detecting fraud for financial statements.
The two versions of Internet Protocol (IP) rely on mechanisms that will convert one protocol to t... more The two versions of Internet Protocol (IP) rely on mechanisms that will convert one protocol to the other and vice versa. Version 4 is still prevalent in the Internet backbone and version 6 in most private networks. In this research we focus on the automatic tunnelling mechanism that provides the encapsulation at one end of the transition tunnel and the de-encapsulation at the other end dependant on the direction of transition. In our research we asked: How secure is the automatic tunnelling mechanism? It is a simple question but important given the number of times transition may occur in any communication and the potential for vulnerabilities. To test the capability of the software instance we launched attacks on the inside and the outside of the tunnel; recorded performance variations and noted opportunities for information sniffing. In all instances the results show weaknesses that can be exploited and the potential for an outsider to not only launch for example DoS attacks but to also disrupt the information being managed in the tunnel. How secure is the automatic tunnelling mechanism?
Journal of Computer Information Systems, Apr 2, 2019
ABSTRACT Cloud identity is critical in the adoption of cloud computing. Identity providers provid... more ABSTRACT Cloud identity is critical in the adoption of cloud computing. Identity providers provide identity as a service for the cloud customers to facilitate the access to resources, but often provide no informed choice of the supply arrangements. The cloud customer requires a say in the elements of service that impact their expectations and quality of service – particularly in relation to the security and privacy of information. In this paper, we provide a novel software solution for addressing the problem. It allows for selecting a most trustable provider, in terms of security, privacy, risk, and standards. The application architecture uses a trust evaluation model as a third-party agency for informing the service user of evidence for and against a choice. A case study and application build demonstrate the feasibility and usefulness of the proposed method in a real cloud environment.
In this paper a cyber-forensic framework with a detailed guideline for protecting control systems... more In this paper a cyber-forensic framework with a detailed guideline for protecting control systems is developed to improve the forensic capability for big data in critical infrastructures. The main objective of creating a cyberforensic plan is to cover the essentials of monitoring, troubleshooting, data reconstruction, recovery, and the safety of classified information. The problem to be addressed in control rooms is the diversity and quantity of data, and for investigators, bringing together the different skill groups for managing data and device diversity. This research embraces establishing of a new digital forensic model for critical infrastructures that supports digital forensic investigators with the necessary information for conducting an advanced forensic investigation in Critical Infrastructures. The framework for investigation is presented here and elaborated. The extended work applies the framework to industry case studies and is not reported here.
The research was designed to study IoT security vulnerabilities and how to better protect IoT com... more The research was designed to study IoT security vulnerabilities and how to better protect IoT communications. By researching the system a Fitbit uses for communications, this research analyzes and reveals security defects in the IoT architecture. The research first uses a man-in the middle (MITM) attack to intercept and analyze the Fitbit system traffic to identify security weakness. Then uses a replay attack to further validate these flaws. Finally, countermeasures against these security threats are proposed. The research findings show the Fitbit's IoT communication architecture has serious information security risks. Firstly, the Fitbit tested does not encrypt the raw data between the mobile app and Fitbit servers. It uses HTTPS to secure communication between the mobile phone and the Fitbit servers. Once HTTPS is broken, all raw data can be read and tampered with. Secondly, Fitbit uses Base64 credentials to associate the Fitbit tracker, and Fitbit app with the Fitbit user account. Base64 can be easily broken on the Internet or using other tools. Attackers can generate fake Base64 credentials to hack a user account. According to the experimental results from the study, the IoT should secure every node in its architecture. It is also necessary to encrypt the raw data and not just rely on HTTPS. It is recommended to replace the Base64 algorithm with AES and hashing.
The easy access and common usage of GNSS systems has provided a wealth of evidential information ... more The easy access and common usage of GNSS systems has provided a wealth of evidential information that may be accessed by a digital forensic investigator. Google Earth is commonly used on all manner of devices for geolocation services and consequently has a wide range of tools that will relate real time and stored GNSS data to maps. As an aid to investigation Google Earth forensics is available for use. An investigator can use it by downloading geolocation data from devices and placing it on Google Earth maps, place geolocation data on historical archival maps, or by direct usage of the application in a device. In this paper we review the Google Earth forensics tool and use a simplistic scenario to demonstrate the power of the application for courtroom walk-throughs. The entry-level tool is free and can be used effectively to enhance the presentation of geolocation data.
The Pacific Islands are seriously challenged by the growth in wealth and the expansion of interna... more The Pacific Islands are seriously challenged by the growth in wealth and the expansion of international material possessions. On the roads traffic has grown dramatically and the types of vehicles now using Island roads has greatly changed. With the importation of cheap second hand vehicles designed for freeway speeds serious safety issues have grown proportionally with the increasing numbers. In this research we consider the prohibitive costs of traditional traffic controls to economy and propose a light weight highly mobile aerial surveillance system that integrates with ground policing capability. Our research question was: How can road safety and security be enhanced with economical technologies? In addition to collecting and processing live data we have also designed a forensically ready system, and an information system to process the large amounts of data generated by the addition of these technologies into the traffic surveillance processes.
Medical systems are designed for a range of end users from different professional skill groups an... more Medical systems are designed for a range of end users from different professional skill groups and people who carry the devices in and on their bodies. Open, accurate, and efficient communication is the priority for medical systems and consequently strong protection costs are traded against the utility benefits for open systems. In this paper we assess the vulnerabilities created by the professional and end user expectations, and theorise ways to mitigate wireless security vulnerabilities. The benefits of wireless medical services are great in terms of efficiencies, mobility, and information management. These benefits may be realised by treating the vulnerabilities and reducing the cost of adverse events. The purpose of this paper is to raise and to discuss key issues so that others may be motivated to treat the problems and to better optimise the trade-off for design improvement.
The OSI and the TCP/IP models divide computing communications into specific groups of activities ... more The OSI and the TCP/IP models divide computing communications into specific groups of activities that facilitate networking and communication. The models represent a theoretical and a pragmatic representation respectively of the systems and both provide security schema for protecting the services. In this exploratory literature research we asked; What are the security requirements for protection at OSI Layer 2? The hypothesis is that low level vulnerability adversely affects higher Layer security. The OSI model is selected to theoretically test the hypothesis and to answer the research question. The research shows that the precautions advocated in the OSI model are helpful but developing forensic capability and obfuscation within Layer 2 further reduces the impact of unplanned events. A survey of attacks confirms previous literature that suggest Layer 2 has vulnerabilities and innovative solutions are required.
A strategic question for any business is: What value do control frameworks give? The question con... more A strategic question for any business is: What value do control frameworks give? The question concerns the costs associated with implementing and maintaining control frameworks compared with the benefits gained. Each control framework contains many controls that may or may not benefit a situation and this research is aimed at testing different selections and combinations of controls to forecast probable impacts on business outcomes. The scope of the research is limited to a representative set of security controls and the lesser question: What are the criteria for selecting the most effective and efficient security control configurations for best business value? We design a decision support tool (DSS), run a pilot study and begin to develop output sets as part of the exploratory research. The conclusion is that in controlled environments the security controls may be optimised to deliver the best business value and that the highest performing sets of controls can be forecasted once the interaction factors are known.
Efficient stock management in the commercial retail sector is being dominated by Radio Frequency ... more Efficient stock management in the commercial retail sector is being dominated by Radio Frequency Identification (RFID) tag implementations. Research reports of the security risk of RFID tags show that breaches are likely and that forensic readiness is a requirement. In this paper a RFID tag business simulation is reported that replicates previous research reports of security breaches with the purpose of identifying potential evidence after such attacks. A Read/Write Tag was cloned and used to replicate a SQL poisoning attack on a simulated Business System. A forensic investigation was then undertaken to identify potential locations for evidential recovery. This paper differentiates from the replicated studies in that the whole Business System is considered evidential. The scope of the inquiry includes the technical artefacts, the information artefacts and the human actors. The result of the investigation shows locations of evidence and the priority for investigations in RFID system architectures.
Digital image steganography is a method for hiding secret messages within everyday Internet commu... more Digital image steganography is a method for hiding secret messages within everyday Internet communication channels. Such covert communications provide protection for communications and exploit the opportunities available in digital media. Digital image steganography makes the nature and content of a message invisible to other users by taking ordinary internet artefacts and using them as cover objects for the messages. In this paper we demonstrate the capability with raster image files and discuss the challenges of detecting such covert communications. The contribution of the research is community awareness of covert communication capability in digital media and the motivation for including such checks in any investigatory analysis.
Many of the utility service problems for the Internet cannot be solved by technical solutions whe... more Many of the utility service problems for the Internet cannot be solved by technical solutions when the causes are outside of the scope of technical explanation. For example, the consequences of management policies, economic requirements, proprietary rights and Governmental intervention. The result is that endusers experience inconsistent access to the largest global information system and regular disruptions to information services. It is also debatable if many of the "technical" and "engineering" causes cited for service disruption relate to technical issues or rather unresolved abstract layer problems such as social, political, legal and ethical concerns. In this paper, we define the problem context, perform theoretical analysis, and discuss possible ways to enhance the scope of internet governance that might benefit better information system services. The research contribution is a philosophical discussion of a problem domain that influences the utility value of large information systems.
Part of the Computer Engineering Commons, and the Information Security Commons Recommended Citati... more Part of the Computer Engineering Commons, and the Information Security Commons Recommended Citation Recommended Citation Cusack, B., & Almutairi, S. (2014). Listening to botnet communication channels to protect information systems.
Uploads
Papers by Brian Cusack