Linked e-resources
Details
Table of Contents
Intro
Contents
Contributing Authors
Preface
I THEMES AND ISSUES
Chapter 1 DIGITAL FORENSIC ACQUISITION KILL CHAIN
ANALYSIS AND DEMONSTRATION
1. Introduction
2. Related Work
3. Digital Forensic Acquisition Kill Chain
3.1 Background
3.2 Kill Chain Overview
3.3 Kill Chain Phases
4. Case-Motivated Kill Chain Example
5. Conclusions
Acknowledgement
References
Chapter 2 ENHANCING INDUSTRIAL CONTROL SYSTEM FORENSICS USING REPLICATION-BASED DIGITAL TWINS
1. Introduction
2. Background
2.1 Digital Twin
2.2 Digital Twin Security
2.3 Digital Forensics
3. Related Work
4. Replication Using Digital Twins
4.1 Replication and Replay Theorems
4.2 Conceptual Framework
5. Implementation and Evaluation
5.1 Implementation and Experimental Setup
5.2 Results and Evaluation
6. Discussion
7. Conclusions
Acknowledgement
References
Chapter 3 COMPARISON OF CYBER ATTACKS ON SERVICES IN THE CLEARNET AND DARKNET
1. Introduction
2. Background
3. Common Targets and Attacks
4. Related Work
5. Honeypot Deployment
5.1 Security Considerations
5.2 Deployment Process
6. Implementation Details
6.1 Virtual Machine Architectures
6.2 Honeypot Services
7. Experiments and Results
7.1 Service Deployments
7.2 Announcements
7.3 Observed Web Requests
7.4 Observed SSH and Telnet Access
7.5 Observed SMTP Requests
7.6 Observed FTP Requests
7.7 Discussion
8. Conclusions
Acknowledgement
References
II APPROXIMATE MATCHING TECHNIQUES
Chapter 4 USING PARALLEL DISTRIBUTED PROCESSING TO REDUCE THE COMPUTATIONAL TIME OF DIGITAL MEDIA SIMILARITY MEASURES
1. Introduction
2. Previous Work
3. Jaccard Indexes of Similarity
3.1 Jaccard Index
3.2 Jaccard Index with Normalized Frequency
4. Jaccard Index with Split Files
5. Results and Validation
6. Conclusions
References
Chapter 5 EVALUATION OF NETWORK TRAFFIC ANALYSIS USING APPROXIMATE MATCHING ALGORITHMS
1. Introduction
2. Foundations and Related Work
2.1 Current State of Approximate Matching
2.2 Approximate Matching Algorithms
3. Controlled Study
3.1 All vs. All Evaluation
3.2 Evaluation Methodology
4. Experimental Results and Optimizations
5. Conclusions
Acknowledgement
References
III ADVANCED FORENSIC TECHNIQUES
Chapter 6 LEVERAGING USB POWER DELIVERY IMPLEMENTATIONS FOR DIGITAL FORENSIC ACQUISITION
1. Introduction
2. USB Power Delivery Protocol
3. Research Methodology
4. Results
4.1 Information Gathering
4.2 Passive Monitoring
4.3 Firmware Files
4.4 Firmware Reverse Engineering
4.5 Apple Vendor-Defined Protocol
4.6 Firmware Modification and Rollback
5. Conclusions
Acknowledgements
References
Chapter 7 DETECTING MALICIOUS PDF DOCUMENTS USING SEMI-SUPERVISED MACHINE LEARNING
1. Introduction
2. Background and Related Work
Contents
Contributing Authors
Preface
I THEMES AND ISSUES
Chapter 1 DIGITAL FORENSIC ACQUISITION KILL CHAIN
ANALYSIS AND DEMONSTRATION
1. Introduction
2. Related Work
3. Digital Forensic Acquisition Kill Chain
3.1 Background
3.2 Kill Chain Overview
3.3 Kill Chain Phases
4. Case-Motivated Kill Chain Example
5. Conclusions
Acknowledgement
References
Chapter 2 ENHANCING INDUSTRIAL CONTROL SYSTEM FORENSICS USING REPLICATION-BASED DIGITAL TWINS
1. Introduction
2. Background
2.1 Digital Twin
2.2 Digital Twin Security
2.3 Digital Forensics
3. Related Work
4. Replication Using Digital Twins
4.1 Replication and Replay Theorems
4.2 Conceptual Framework
5. Implementation and Evaluation
5.1 Implementation and Experimental Setup
5.2 Results and Evaluation
6. Discussion
7. Conclusions
Acknowledgement
References
Chapter 3 COMPARISON OF CYBER ATTACKS ON SERVICES IN THE CLEARNET AND DARKNET
1. Introduction
2. Background
3. Common Targets and Attacks
4. Related Work
5. Honeypot Deployment
5.1 Security Considerations
5.2 Deployment Process
6. Implementation Details
6.1 Virtual Machine Architectures
6.2 Honeypot Services
7. Experiments and Results
7.1 Service Deployments
7.2 Announcements
7.3 Observed Web Requests
7.4 Observed SSH and Telnet Access
7.5 Observed SMTP Requests
7.6 Observed FTP Requests
7.7 Discussion
8. Conclusions
Acknowledgement
References
II APPROXIMATE MATCHING TECHNIQUES
Chapter 4 USING PARALLEL DISTRIBUTED PROCESSING TO REDUCE THE COMPUTATIONAL TIME OF DIGITAL MEDIA SIMILARITY MEASURES
1. Introduction
2. Previous Work
3. Jaccard Indexes of Similarity
3.1 Jaccard Index
3.2 Jaccard Index with Normalized Frequency
4. Jaccard Index with Split Files
5. Results and Validation
6. Conclusions
References
Chapter 5 EVALUATION OF NETWORK TRAFFIC ANALYSIS USING APPROXIMATE MATCHING ALGORITHMS
1. Introduction
2. Foundations and Related Work
2.1 Current State of Approximate Matching
2.2 Approximate Matching Algorithms
3. Controlled Study
3.1 All vs. All Evaluation
3.2 Evaluation Methodology
4. Experimental Results and Optimizations
5. Conclusions
Acknowledgement
References
III ADVANCED FORENSIC TECHNIQUES
Chapter 6 LEVERAGING USB POWER DELIVERY IMPLEMENTATIONS FOR DIGITAL FORENSIC ACQUISITION
1. Introduction
2. USB Power Delivery Protocol
3. Research Methodology
4. Results
4.1 Information Gathering
4.2 Passive Monitoring
4.3 Firmware Files
4.4 Firmware Reverse Engineering
4.5 Apple Vendor-Defined Protocol
4.6 Firmware Modification and Rollback
5. Conclusions
Acknowledgements
References
Chapter 7 DETECTING MALICIOUS PDF DOCUMENTS USING SEMI-SUPERVISED MACHINE LEARNING
1. Introduction
2. Background and Related Work