Emails are the most common service on the Internet for communication and sending documents. Email is used not only from computers but also from many other electronic devices such as tablets; smartphones, etc. Emails can also be used for criminal activities. Email forensic refers to the study of email detail and content as evidence to identify the actual sender and recipient of a message, date/time of transmission, detailed record of email transaction, intent of the sender, etc. Email forensics involves investigation of metadata, keyword, searching, port scanning and generating report based on investigators need. Many tools are available for any investigation that involves email forensics. Investigators should be very careful of not violating user’s privacy. To this end, investigators should run keyword searches to reveal only the relevant emails. Therefore, knowledge of the features of the tool and the search features is necessary for the tool selection. In this research, we experimentally compare the performance of several email forensics tools. Our aim is to help the investigators with the tool selection task. We evaluate the tools in terms of their keyword search, report generation, and other features such as, email format, size of the file accepted, whether they work online or offline, format of the reports, etc. We use Enron email dataset for our experiment.
Live forensics of tools on android devices for email forensicsTELKOMNIKA JOURNAL
Email is one communication technology that can be used to exchange information, data, and etc. The development of email technology not only can be opened using a computer but can be opened using an smartphone. The most widely used smartphone in Indonesian society is Android. Within a row, the development technology of higher cybercrime such as email fraud catching cybercrime offenders need evidence to be submitted to a court, for obtain evidence can use tools like Wireshark and Networkminer to analyzing network traffic on live networks. Opportunity, we will do a comparison of the forensic tools it to acquire digital evidence. The subject of this research focused on Android-based email service to get as much digital evidence as possible on both tools. This process uses National Institute of Standards and Technology method. The results of this research that networkminer managed to get the receiving port, while in Wireshark not found.
The Detection of Suspicious Email Based on Decision Tree ...IRJET Journal
This document summarizes a research paper that proposes a method for detecting suspicious emails using decision trees. The method extracts keywords and indicators from emails to classify them as suspicious, not suspicious, or possibly suspicious. An ID3 decision tree algorithm is used to analyze patterns in a training set of pre-classified emails and generate rules to classify new emails. The tree is built by recursively partitioning attributes based on their information gain. The resulting decision tree and rules can then be used to detect suspicious emails, which could help identify potential criminal activities or security threats.
A Heuristic Approach for Network Data Clusteringidescitation
In this growing world of technology there are lots of security threats received by
each and every area of computer networks. Most of the time the network security threats
produce high false positive and negative ratios, this creates an obstacle for any security
system to work improperly. The overwhelming threats make it challenging to understand
and manage the network data.
To address this problem we present a novel approach which eventually understand the
network data by clustering them without background knowledge of any threats according to
various parameters like source IP, Destination IP etc. And this approach saves
administrator’s time and energy in processing of large amount threats.
This document discusses a system for detecting suspicious emails using machine learning algorithms. It presents a model that filters emails containing images and PDFs to improve performance over existing text-based spam filtering systems. The model uses data collection, preprocessing, machine learning classification algorithms like Naive Bayes, Support Vector Machines, and Decision Trees. It aims to achieve acceptable recall and precision values. The document also reviews related work on email spam detection using machine learning and discusses the future scope of applying the algorithm to embedded images/PDFs and larger datasets.
This document summarizes a research paper that proposes a new email spam detection framework using feature selection and similarity coefficients. The framework first applies feature selection to identify the most important features for distinguishing spam and non-spam emails. It then calculates similarity coefficients between email pairs to quantify their similarity based on the selected features. The researchers claim this approach improves spam detection accuracy and rate by removing irrelevant and redundant features before classification. They test their framework on a standard email dataset and find that detection performance is better after applying feature selection compared to using all original features.
This document proposes an Ensemble Deep Learning based Web Attack Detection System (EDL-WADS) to detect web attacks in IoT networks. It first analyzes URL requests using two feature representation methods to transform them into vectors. It then uses three deep learning models - MRN, LSTM, and CNN - to classify the requests separately. Finally, an ensemble classifier combines the results from the three models to make the final detection decision. The proposed system was evaluated on public and real-world datasets and showed accurate detection of web attacks with low false positive and negative rates compared to other approaches.
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology
A multi classifier prediction model for phishing detectioneSAT Journals
Abstract Phishing is the technique of stealing personal and sensitive information from an email client by sending emails that impersonates like the ones from some trustworthy organizations. Phishing mails are a specific type of spam mails; however the effects of them are much more terrible than alternate sorts. Mostly the phishing attackers aim the clients of the financial organizations, so its detection needs high priority. Lots of research activities are done to detect the phished emails, in the proposed methodology a multi-classifier prediction model is introduced for detecting phished emails. Our contention is that solitary classifier prediction might not be satisfactory to urge the clearest picture of the phishing email; multi-classifier prediction has accuracy 99.8% with an FP rate of 0.8%. Keywords: Phishing email detection, Machine learning techniques, Multi-classifier prediction model, Majority voting
Live forensics of tools on android devices for email forensicsTELKOMNIKA JOURNAL
Email is one communication technology that can be used to exchange information, data, and etc. The development of email technology not only can be opened using a computer but can be opened using an smartphone. The most widely used smartphone in Indonesian society is Android. Within a row, the development technology of higher cybercrime such as email fraud catching cybercrime offenders need evidence to be submitted to a court, for obtain evidence can use tools like Wireshark and Networkminer to analyzing network traffic on live networks. Opportunity, we will do a comparison of the forensic tools it to acquire digital evidence. The subject of this research focused on Android-based email service to get as much digital evidence as possible on both tools. This process uses National Institute of Standards and Technology method. The results of this research that networkminer managed to get the receiving port, while in Wireshark not found.
The Detection of Suspicious Email Based on Decision Tree ...IRJET Journal
This document summarizes a research paper that proposes a method for detecting suspicious emails using decision trees. The method extracts keywords and indicators from emails to classify them as suspicious, not suspicious, or possibly suspicious. An ID3 decision tree algorithm is used to analyze patterns in a training set of pre-classified emails and generate rules to classify new emails. The tree is built by recursively partitioning attributes based on their information gain. The resulting decision tree and rules can then be used to detect suspicious emails, which could help identify potential criminal activities or security threats.
A Heuristic Approach for Network Data Clusteringidescitation
In this growing world of technology there are lots of security threats received by
each and every area of computer networks. Most of the time the network security threats
produce high false positive and negative ratios, this creates an obstacle for any security
system to work improperly. The overwhelming threats make it challenging to understand
and manage the network data.
To address this problem we present a novel approach which eventually understand the
network data by clustering them without background knowledge of any threats according to
various parameters like source IP, Destination IP etc. And this approach saves
administrator’s time and energy in processing of large amount threats.
This document discusses a system for detecting suspicious emails using machine learning algorithms. It presents a model that filters emails containing images and PDFs to improve performance over existing text-based spam filtering systems. The model uses data collection, preprocessing, machine learning classification algorithms like Naive Bayes, Support Vector Machines, and Decision Trees. It aims to achieve acceptable recall and precision values. The document also reviews related work on email spam detection using machine learning and discusses the future scope of applying the algorithm to embedded images/PDFs and larger datasets.
This document summarizes a research paper that proposes a new email spam detection framework using feature selection and similarity coefficients. The framework first applies feature selection to identify the most important features for distinguishing spam and non-spam emails. It then calculates similarity coefficients between email pairs to quantify their similarity based on the selected features. The researchers claim this approach improves spam detection accuracy and rate by removing irrelevant and redundant features before classification. They test their framework on a standard email dataset and find that detection performance is better after applying feature selection compared to using all original features.
This document proposes an Ensemble Deep Learning based Web Attack Detection System (EDL-WADS) to detect web attacks in IoT networks. It first analyzes URL requests using two feature representation methods to transform them into vectors. It then uses three deep learning models - MRN, LSTM, and CNN - to classify the requests separately. Finally, an ensemble classifier combines the results from the three models to make the final detection decision. The proposed system was evaluated on public and real-world datasets and showed accurate detection of web attacks with low false positive and negative rates compared to other approaches.
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology
A multi classifier prediction model for phishing detectioneSAT Journals
Abstract Phishing is the technique of stealing personal and sensitive information from an email client by sending emails that impersonates like the ones from some trustworthy organizations. Phishing mails are a specific type of spam mails; however the effects of them are much more terrible than alternate sorts. Mostly the phishing attackers aim the clients of the financial organizations, so its detection needs high priority. Lots of research activities are done to detect the phished emails, in the proposed methodology a multi-classifier prediction model is introduced for detecting phished emails. Our contention is that solitary classifier prediction might not be satisfactory to urge the clearest picture of the phishing email; multi-classifier prediction has accuracy 99.8% with an FP rate of 0.8%. Keywords: Phishing email detection, Machine learning techniques, Multi-classifier prediction model, Majority voting
IRJET-Impact of Manual VS Automatic Transfer Switching on Reliability of Powe...IRJET Journal
The document describes a proposed e-learning system that uses cryptography and data mining techniques to provide security and personalized recommendations. Elliptic curve cryptography is used to authenticate users and encrypt data for security. A decision tree algorithm classifies learner information and course content to recommend additional courses tailored to each learner's interests and behavior. The system aims to address security and privacy issues in e-learning while enhancing the learning experience through targeted content filtering and recommendations.
Sms base file search & automatic contact saving technique using gsm 38521EditorIJAERD
This document proposes and describes an SMS-based application that allows users to search for files on a remote desktop computer and receive them via email. It discusses existing file search systems and their limitations. The proposed system would allow a user to send an SMS with the file name, optional location, and their email address. The receiving desktop computer would then search for and email the requested file, while also updating the user's contact list. The system aims to provide a simple, cost-effective way to remotely access files without needing computer expertise or an internet connection on the requesting device.
Digital Forensics is a technique used to search for evidence of events that have occurred. This quest aims to reveal the hidden truth. The existence of digital forensic activities due to the occurrence of crimes both in the field of computers or other. Legal treatment in digital forensic field makes this area of science a compulsory device to dismantle crimes involving the computer world. In general, the cyber crime leaves a digital footprint, so it is necessary for a computer forensics expert to secure digital evidence. Computer forensics necessarily requires a standard operational procedure in taking digital evidence so as not to be contaminated or modified when the data is analyzed. The application of digital forensic is beneficial to the legal process going well and correctly.
Application of genetic algorithm in intrusion detection systemAlexander Decker
This document discusses the application of genetic algorithms in intrusion detection systems. It begins with an introduction to intrusion detection systems and their components. It then provides an overview of genetic algorithms, including their components like the fitness function, population size, encoding, selection mechanisms, variation operators, and survivor selection. The document proposes using a genetic algorithm approach for intrusion detection and describes an experiment applying genetic algorithms with different population sizes, fitness functions, and iterations to evaluate the approach. The results show that fewer initial chromosomes require fewer iterations to generate new reliable chromosomes, while more initial chromosomes require more iterations. Additionally, fewer iterations lead to fewer new reliable chromosomes as the initial chromosome length increases, while more iterations reduce this effect.
Proposed efficient algorithm to filter spam using machine learning techniques
Ali Shafigh Aski a, *, Navid Khalilzadeh Sourati b
a Department of Computer Engineering, Islamic Azad University, Sari Branch, Islamic Republic of Iran
b Islamic Azad University of Amol, Ayatollah Amoli Branch, Islamic Republic of Iran
Literature Review: The Role of Signal Processing in Meeting Privacy Challenge...Kato Mivule
The document summarizes literature on the role of signal processing in addressing privacy challenges. It discusses how personal data is easily available due to technology growth, raising privacy concerns, and outlines approaches to balancing data privacy and utility, including k-anonymity and differential privacy. It also categorizes privacy applications like statistical, competitive, and consumer privacy and describes how signal processing could help optimize the privacy-utility tradeoff and filter noise during data perturbation.
IT infrastructure and network technologies by Mark John Lado Mark John Lado, MIT
Information technology infrastructure is defined as set of information technology (IT) components that are the foundation of an IT service; typically components (computer and networking hardware and facilities), but also various software and network components.
Network technology is any technology by which two or more computer systems are connected and communicate information between them.
This document summarizes a research article that proposes using a convolutional neural network (CNN) to detect malware in PDF files. The researchers collected benign and malicious PDF files, extracted byte sequences, and manually labeled the data. They designed a CNN model to interpret patterns in the byte sequence data and predict whether a file contains malware. Their experimental results showed that the proposed CNN model outperformed other machine learning models in malware detection of PDF files.
Obfuscated computer virus detection using machine learning algorithmjournalBEEI
Nowadays, computer virus attacks are getting very advanced. New obfuscated computer virus created by computer virus writers will generate a new shape of computer virus automatically for every single iteration and download. This constantly evolving computer virus has caused significant threat to information security of computer users, organizations and even government. However, signature based detection technique which is used by the conventional anti-computer virus software in the market fails to identify it as signatures are unavailable. This research proposed an alternative approach to the traditional signature based detection method and investigated the use of machine learning technique for obfuscated computer virus detection. In this work, text strings are used and have been extracted from virus program codes as the features to generate a suitable classifier model that can correctly classify obfuscated virus files. Text string feature is used as it is informative and potentially only use small amount of memory space. Results show that unknown files can be correctly classified with 99.5% accuracy using SMO classifier model. Thus, it is believed that current computer virus defense can be strengthening through machine learning approach.
Analysis of an image spam in email based on content analysisijnlc
Researchers initially have addressed the problem of spam detection as a text classification or
categorization problem. However, as spammers’ continue to develop new techniques and the type of email
content becomes more disparate, text-based anti-spam approaches alone are not sufficiently enough in
preventing spam. In an attempt to defeat the anti-spam development technologies, spammers have recently
adopted the image spam trick to make the scrutiny of emails’ body text inefficient. The main idea behind
this project is to design a spam detection system. The system will be enabled to analyze the content of
emails, in particular the artificially generated image sent as attachment in an email. The system will
analyze the image content and classify the embedded image as spam or legitimate hence classify the email
accordingly.
IJERA (International journal of Engineering Research and Applications) is International online, ... peer reviewed journal. For more detail or submit your article, please visit www.ijera.com
Processing obtained email data by using naïve bayes learning algorithmijcsit
This paper gives a basic idea how various machine learning techniques may be applied towards processing
the data from DEA services to find out whether people use these services for legitimate or non-legitimate
purposes.
A Deep Learning Model For Crime Surveillance In Phone Calls.vivatechijri
Public surveillance Systems are creating ground-breaking impact to secure lives, ensuring public safety with the interventions that will curb crime and improve well-being of communities, law enforcement agencies are employing and deploying tools like CCTV for video surveillance in banks, residential societies shopping malls,markets,roads almost everywhere to detect where and who was responsible for events like robbery, rough driving, insolence, murder etc. Other surveillance system tools like phone tapping is used to plot an event to catch a suspected person who is threatening an innocent or conspiring a violent activity over a phone call which is being done voluntarily by authorities . Now analyzing both the scenarios in the case of CCTV the crime(robbery,murder) has already occured and in the case of phone tapping there must be information in advance about the suspected person who is going to commit a crime, Now to overcome this issue a system is proposed to know in advance who is suspected and what conspiracy is being done over phone calls as well to detect it automatically and report it to law enforcemet authorities.
IRJET- Analysis and Detection of E-Mail Phishing using PysparkIRJET Journal
This document proposes a method to analyze and detect phishing emails using PySpark. It involves using text analysis and link analysis techniques such as applying a Naive Bayes classifier to email text and checking links using the VirusTotal API. The method aims to provide more accurate phishing detection compared to existing approaches. It discusses related work on phishing email detection using machine learning and analyzes the proposed system's design and implementation steps, which include data preprocessing, feature extraction, classification using Naive Bayes, and link analysis.
MEMORY EFFICIENT FREQUENT PATTERN MINING USING TRANSPOSITION OF DATABASEIAEME Publication
Frequent pattern can be extract from any dataset by using Apriori algorithm. Apriori algorithm is first choice of all researchers to find frequently occurs pattern from any binary dataset. Dataset contain record of user purchase item as transaction record. This paper improves existing apriori algorithm performance by extract frequent patterns from binary transaction data. New approach is applied for dataset implementation in form of transposed database of user’s record for fast data access. New work has done to mine frequent patterns using transposition of dataset, if database is large and contains thousands of attributes but having only some objects.
Identification of Spam Emails from Valid Emails by Using VotingEditor IJCATR
In recent years, the increasing use of e-mails has led to the emergence and increase of problems caused by mass unwanted
messages which are commonly known as spam. In this study, by using decision trees, support vector machine, Naïve Bayes theorem
and voting algorithm, a new version for identifying and classifying spams is provided. In order to verify the proposed method, a set of
a mails are chosen to get tested. First three algorithms try to detect spams, and then by using voting method, spams are identified. The
advantage of this method is utilizing a combination of three algorithms at the same time: decision tree, support vector machine and
Naïve Bayes method. During the evaluation of this method, a data set is analyzed by Weka software. Charts prepared in spam
detection indicate improved accuracy compared to the previous methods.
The document discusses an improved method for storing feature vectors to detect Android malware. It proposes using a compressed row storage format to efficiently store the statistical features that represent malware families. This involves storing only the non-zero elements of sparse feature matrices in three vectors, which reduces storage needs by 79% compared to conventional methods. This improved storage technique leads to reduced processing time for feature vector generation and malware detection overall. The proposed method aims to enhance Android malware analysis by making feature vector searches and classification faster.
This document presents a methodology for using natural language processing and machine learning techniques for mobile device forensics. It discusses extracting text messages from a mobile device, creating a text message corpus, using feature extraction like bag-of-words and bigrams, and applying supervised machine learning algorithms like Naive Bayes classification to determine if text messages are drug-related or neutral. The methodology aims to address issues with existing approaches like limited training data and provide a framework for automated text message analysis to help with law enforcement investigations.
This document presents a system for extracting named entities and their relationships from unstructured text data using n-gram features with hidden Markov models and conditional random fields. The system first extracts n-gram, part-of-speech, and lexicon features from documents, then trains a hidden Markov model to classify entities and a conditional random field with kernel approach to detect relationships between entities. Evaluation shows the proposed system achieves 98.03% accuracy, 88.80% precision, and 87.50% recall for entity detection, outperforming a support vector machine baseline. For relationship extraction, it achieves 87.46% accuracy, 84.46% precision, and 82.46% recall, again outperforming the SVM baseline.
TOOLS AND TECHNIQUES FOR NETWORK FORENSICSIJNSA Journal
This document discusses tools and techniques for network forensics. It describes email forensics tools like eMailTrackerPro and SmartWhoIs that can identify the physical location of an email sender. It also discusses web forensics tools like Web Historian and Index.dat Analyzer that reveal browsing history and files uploaded/downloaded. Packet sniffers like Ethereal are also covered, which capture and analyze network data. The document then surveys IP traceback techniques for identifying the source of attacking packets, and the use of honeypots and honeynets for gathering intelligence on network intruders.
OPTIMIZING HYPERPARAMETERS FOR ENHANCED EMAIL CLASSIFICATION AND FORENSIC ANA...IJNSA Journal
Electronic mail, commonly known as email, is a crucial technology that enables streamlined operations and communications in corporate environments. Empowering swift and dependable transactions, email is a driving force behind heightened productivity and organizational effectiveness. However, its versatility also renders it susceptible to misuse by cybercriminals engaging in activities such as hacking, spoofing, phishing, email bombing, whaling, and spamming. As a result, effective and efficient data analysis is important in avoiding and detecting cyber-attacks and crime on times. To overcome the above challenges, a novel approach named Aquila Optimization (AO) is used in this paper to find the best set of hyperparameters of the Stacked Auto Encoder (SAE) classifier. The purpose of increasing the hyperparameters of the SAE using the AO is to obtain a higher text classification accuracy. Then the optimized SAE classifies the selected features into different classes. The experimental results showed that the proposed AO-SAE model outperforms the existing models such as Logistic Regression (LR) and Long Short-Term Model based Gated Current Unit (LSTM based GRU) in terms of Accuracy.
The document discusses email forensics and analyzing emails for criminal investigations. It describes the components of an email system, including sending and receiving servers, as well as protocols like SMTP and DNS. It outlines common email threats like phishing, spoofing, and spamming. It discusses investigating email headers, servers, and networks to extract information for cases. Finally, it provides an overview of several email forensics tools that can aid investigations, such as MailXaminer, EMailTrackerPro, AccessData FTK, and EmailTrace.
IRJET-Impact of Manual VS Automatic Transfer Switching on Reliability of Powe...IRJET Journal
The document describes a proposed e-learning system that uses cryptography and data mining techniques to provide security and personalized recommendations. Elliptic curve cryptography is used to authenticate users and encrypt data for security. A decision tree algorithm classifies learner information and course content to recommend additional courses tailored to each learner's interests and behavior. The system aims to address security and privacy issues in e-learning while enhancing the learning experience through targeted content filtering and recommendations.
Sms base file search & automatic contact saving technique using gsm 38521EditorIJAERD
This document proposes and describes an SMS-based application that allows users to search for files on a remote desktop computer and receive them via email. It discusses existing file search systems and their limitations. The proposed system would allow a user to send an SMS with the file name, optional location, and their email address. The receiving desktop computer would then search for and email the requested file, while also updating the user's contact list. The system aims to provide a simple, cost-effective way to remotely access files without needing computer expertise or an internet connection on the requesting device.
Digital Forensics is a technique used to search for evidence of events that have occurred. This quest aims to reveal the hidden truth. The existence of digital forensic activities due to the occurrence of crimes both in the field of computers or other. Legal treatment in digital forensic field makes this area of science a compulsory device to dismantle crimes involving the computer world. In general, the cyber crime leaves a digital footprint, so it is necessary for a computer forensics expert to secure digital evidence. Computer forensics necessarily requires a standard operational procedure in taking digital evidence so as not to be contaminated or modified when the data is analyzed. The application of digital forensic is beneficial to the legal process going well and correctly.
Application of genetic algorithm in intrusion detection systemAlexander Decker
This document discusses the application of genetic algorithms in intrusion detection systems. It begins with an introduction to intrusion detection systems and their components. It then provides an overview of genetic algorithms, including their components like the fitness function, population size, encoding, selection mechanisms, variation operators, and survivor selection. The document proposes using a genetic algorithm approach for intrusion detection and describes an experiment applying genetic algorithms with different population sizes, fitness functions, and iterations to evaluate the approach. The results show that fewer initial chromosomes require fewer iterations to generate new reliable chromosomes, while more initial chromosomes require more iterations. Additionally, fewer iterations lead to fewer new reliable chromosomes as the initial chromosome length increases, while more iterations reduce this effect.
Proposed efficient algorithm to filter spam using machine learning techniques
Ali Shafigh Aski a, *, Navid Khalilzadeh Sourati b
a Department of Computer Engineering, Islamic Azad University, Sari Branch, Islamic Republic of Iran
b Islamic Azad University of Amol, Ayatollah Amoli Branch, Islamic Republic of Iran
Literature Review: The Role of Signal Processing in Meeting Privacy Challenge...Kato Mivule
The document summarizes literature on the role of signal processing in addressing privacy challenges. It discusses how personal data is easily available due to technology growth, raising privacy concerns, and outlines approaches to balancing data privacy and utility, including k-anonymity and differential privacy. It also categorizes privacy applications like statistical, competitive, and consumer privacy and describes how signal processing could help optimize the privacy-utility tradeoff and filter noise during data perturbation.
IT infrastructure and network technologies by Mark John Lado Mark John Lado, MIT
Information technology infrastructure is defined as set of information technology (IT) components that are the foundation of an IT service; typically components (computer and networking hardware and facilities), but also various software and network components.
Network technology is any technology by which two or more computer systems are connected and communicate information between them.
This document summarizes a research article that proposes using a convolutional neural network (CNN) to detect malware in PDF files. The researchers collected benign and malicious PDF files, extracted byte sequences, and manually labeled the data. They designed a CNN model to interpret patterns in the byte sequence data and predict whether a file contains malware. Their experimental results showed that the proposed CNN model outperformed other machine learning models in malware detection of PDF files.
Obfuscated computer virus detection using machine learning algorithmjournalBEEI
Nowadays, computer virus attacks are getting very advanced. New obfuscated computer virus created by computer virus writers will generate a new shape of computer virus automatically for every single iteration and download. This constantly evolving computer virus has caused significant threat to information security of computer users, organizations and even government. However, signature based detection technique which is used by the conventional anti-computer virus software in the market fails to identify it as signatures are unavailable. This research proposed an alternative approach to the traditional signature based detection method and investigated the use of machine learning technique for obfuscated computer virus detection. In this work, text strings are used and have been extracted from virus program codes as the features to generate a suitable classifier model that can correctly classify obfuscated virus files. Text string feature is used as it is informative and potentially only use small amount of memory space. Results show that unknown files can be correctly classified with 99.5% accuracy using SMO classifier model. Thus, it is believed that current computer virus defense can be strengthening through machine learning approach.
Analysis of an image spam in email based on content analysisijnlc
Researchers initially have addressed the problem of spam detection as a text classification or
categorization problem. However, as spammers’ continue to develop new techniques and the type of email
content becomes more disparate, text-based anti-spam approaches alone are not sufficiently enough in
preventing spam. In an attempt to defeat the anti-spam development technologies, spammers have recently
adopted the image spam trick to make the scrutiny of emails’ body text inefficient. The main idea behind
this project is to design a spam detection system. The system will be enabled to analyze the content of
emails, in particular the artificially generated image sent as attachment in an email. The system will
analyze the image content and classify the embedded image as spam or legitimate hence classify the email
accordingly.
IJERA (International journal of Engineering Research and Applications) is International online, ... peer reviewed journal. For more detail or submit your article, please visit www.ijera.com
Processing obtained email data by using naïve bayes learning algorithmijcsit
This paper gives a basic idea how various machine learning techniques may be applied towards processing
the data from DEA services to find out whether people use these services for legitimate or non-legitimate
purposes.
A Deep Learning Model For Crime Surveillance In Phone Calls.vivatechijri
Public surveillance Systems are creating ground-breaking impact to secure lives, ensuring public safety with the interventions that will curb crime and improve well-being of communities, law enforcement agencies are employing and deploying tools like CCTV for video surveillance in banks, residential societies shopping malls,markets,roads almost everywhere to detect where and who was responsible for events like robbery, rough driving, insolence, murder etc. Other surveillance system tools like phone tapping is used to plot an event to catch a suspected person who is threatening an innocent or conspiring a violent activity over a phone call which is being done voluntarily by authorities . Now analyzing both the scenarios in the case of CCTV the crime(robbery,murder) has already occured and in the case of phone tapping there must be information in advance about the suspected person who is going to commit a crime, Now to overcome this issue a system is proposed to know in advance who is suspected and what conspiracy is being done over phone calls as well to detect it automatically and report it to law enforcemet authorities.
IRJET- Analysis and Detection of E-Mail Phishing using PysparkIRJET Journal
This document proposes a method to analyze and detect phishing emails using PySpark. It involves using text analysis and link analysis techniques such as applying a Naive Bayes classifier to email text and checking links using the VirusTotal API. The method aims to provide more accurate phishing detection compared to existing approaches. It discusses related work on phishing email detection using machine learning and analyzes the proposed system's design and implementation steps, which include data preprocessing, feature extraction, classification using Naive Bayes, and link analysis.
MEMORY EFFICIENT FREQUENT PATTERN MINING USING TRANSPOSITION OF DATABASEIAEME Publication
Frequent pattern can be extract from any dataset by using Apriori algorithm. Apriori algorithm is first choice of all researchers to find frequently occurs pattern from any binary dataset. Dataset contain record of user purchase item as transaction record. This paper improves existing apriori algorithm performance by extract frequent patterns from binary transaction data. New approach is applied for dataset implementation in form of transposed database of user’s record for fast data access. New work has done to mine frequent patterns using transposition of dataset, if database is large and contains thousands of attributes but having only some objects.
Identification of Spam Emails from Valid Emails by Using VotingEditor IJCATR
In recent years, the increasing use of e-mails has led to the emergence and increase of problems caused by mass unwanted
messages which are commonly known as spam. In this study, by using decision trees, support vector machine, Naïve Bayes theorem
and voting algorithm, a new version for identifying and classifying spams is provided. In order to verify the proposed method, a set of
a mails are chosen to get tested. First three algorithms try to detect spams, and then by using voting method, spams are identified. The
advantage of this method is utilizing a combination of three algorithms at the same time: decision tree, support vector machine and
Naïve Bayes method. During the evaluation of this method, a data set is analyzed by Weka software. Charts prepared in spam
detection indicate improved accuracy compared to the previous methods.
The document discusses an improved method for storing feature vectors to detect Android malware. It proposes using a compressed row storage format to efficiently store the statistical features that represent malware families. This involves storing only the non-zero elements of sparse feature matrices in three vectors, which reduces storage needs by 79% compared to conventional methods. This improved storage technique leads to reduced processing time for feature vector generation and malware detection overall. The proposed method aims to enhance Android malware analysis by making feature vector searches and classification faster.
This document presents a methodology for using natural language processing and machine learning techniques for mobile device forensics. It discusses extracting text messages from a mobile device, creating a text message corpus, using feature extraction like bag-of-words and bigrams, and applying supervised machine learning algorithms like Naive Bayes classification to determine if text messages are drug-related or neutral. The methodology aims to address issues with existing approaches like limited training data and provide a framework for automated text message analysis to help with law enforcement investigations.
This document presents a system for extracting named entities and their relationships from unstructured text data using n-gram features with hidden Markov models and conditional random fields. The system first extracts n-gram, part-of-speech, and lexicon features from documents, then trains a hidden Markov model to classify entities and a conditional random field with kernel approach to detect relationships between entities. Evaluation shows the proposed system achieves 98.03% accuracy, 88.80% precision, and 87.50% recall for entity detection, outperforming a support vector machine baseline. For relationship extraction, it achieves 87.46% accuracy, 84.46% precision, and 82.46% recall, again outperforming the SVM baseline.
TOOLS AND TECHNIQUES FOR NETWORK FORENSICSIJNSA Journal
This document discusses tools and techniques for network forensics. It describes email forensics tools like eMailTrackerPro and SmartWhoIs that can identify the physical location of an email sender. It also discusses web forensics tools like Web Historian and Index.dat Analyzer that reveal browsing history and files uploaded/downloaded. Packet sniffers like Ethereal are also covered, which capture and analyze network data. The document then surveys IP traceback techniques for identifying the source of attacking packets, and the use of honeypots and honeynets for gathering intelligence on network intruders.
OPTIMIZING HYPERPARAMETERS FOR ENHANCED EMAIL CLASSIFICATION AND FORENSIC ANA...IJNSA Journal
Electronic mail, commonly known as email, is a crucial technology that enables streamlined operations and communications in corporate environments. Empowering swift and dependable transactions, email is a driving force behind heightened productivity and organizational effectiveness. However, its versatility also renders it susceptible to misuse by cybercriminals engaging in activities such as hacking, spoofing, phishing, email bombing, whaling, and spamming. As a result, effective and efficient data analysis is important in avoiding and detecting cyber-attacks and crime on times. To overcome the above challenges, a novel approach named Aquila Optimization (AO) is used in this paper to find the best set of hyperparameters of the Stacked Auto Encoder (SAE) classifier. The purpose of increasing the hyperparameters of the SAE using the AO is to obtain a higher text classification accuracy. Then the optimized SAE classifies the selected features into different classes. The experimental results showed that the proposed AO-SAE model outperforms the existing models such as Logistic Regression (LR) and Long Short-Term Model based Gated Current Unit (LSTM based GRU) in terms of Accuracy.
The document discusses email forensics and analyzing emails for criminal investigations. It describes the components of an email system, including sending and receiving servers, as well as protocols like SMTP and DNS. It outlines common email threats like phishing, spoofing, and spamming. It discusses investigating email headers, servers, and networks to extract information for cases. Finally, it provides an overview of several email forensics tools that can aid investigations, such as MailXaminer, EMailTrackerPro, AccessData FTK, and EmailTrace.
Study of Various Techniques to Filter Spam EmailsIRJET Journal
This document discusses techniques for filtering spam emails. It begins with an introduction explaining the rise of spam emails due to increased internet and email usage. It then describes various techniques used to filter spam, including machine learning methods like Bayesian classification and non-machine learning methods like blacklists, whitelists, and header analysis. Next, it covers how data mining techniques like clustering, classification, and association rule mining can be applied to identify spam emails. Finally, it reviews several papers that have compared the performance of techniques like Naive Bayes, SVM, KNN, and neural networks for spam filtering.
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology
Elevating forensic investigation system for file clusteringeSAT Journals
Abstract In computer forensic investigation, thousands of files are usually surveyed. Much of the data in those files consists of formless manuscript, whose investigation by computer examiners is very tough to accomplish. Clustering is the unverified organization of designs that is data items, remarks, or feature vectors into groups (clusters). To find a noble clarification for this automated method of analysis are of great interest. In particular, algorithms such as K-means, K-medoids, Single Link, Complete Link and Average Link can simplify the detection of new and valuable information from the documents under investigation. This paper is going to present an tactic that applies text clustering algorithms to forensic examination of computers seized in police investigations using multithreading technique for data clustering. Keywords- Clustering, forensic computing, text mining, multithreading.
lectronic-mail is widely used most suitable method of transferring messages electronically from one
person to another, rising from and going to any part of the world. Main features of Electronic mail is its speed,
dependability, well-equipped storage options and a large number of added services make it highly well-liked
among people from all sectors of business and society. But being popular it also has negative side too. Electronics
mails are preferred media for a large number of attacks over the internet.. A number of the most popular attacks over
the internet include spams. Some methods are essentially in detection of spam related mails but they have higher false
positives. A number of filters such as Checksum-based filters, Bayesian filters, machine learning based and
memory-based filters are usually used in order to recognize spams. As spammers constantly try to find a way to
avoid existing filters, a new filters need to be developed to catch spam. This paper proposes to find an
resourceful spam mail filtering method using user profile base ontology. Ontologies permit for machineunderstandable
semantics of data. It is main to interchange information with each other for more efficient spam
filtering. Thus, it is essential to build ontology and a framework for capable email filtering. Using ontology that is
particularly designed to filter spam, bunch of useless bulk email could be filtered out on the system. We propose a
user profile-based spam filter that classifies email based on the likelihood that User profile within it have been
included in spam or valid email.
Integration of feature sets with machine learning techniquesiaemedu
This document summarizes a research paper that proposes a novel approach for spam filtering using selective feature sets combined with machine learning techniques. The paper presents an algorithm and system architecture that extracts feature sets from emails and uses machine learning to classify emails and generate rules to identify spam. Several metrics are identified to evaluate the efficiency of the feature sets, including false positive rate. An experiment is described that uses keyword lists as feature sets to train filters and compares the proposed approach to other spam filtering methods.
Overview of Anti-spam filtering TechniquesIRJET Journal
1) The document discusses various techniques for anti-spam filtering, including content-based filtering, machine learning algorithms like Naive Bayes, support vector machines, and neural networks.
2) It examines common spammer tricks for avoiding detection and outlines categories of anti-spam solutions like blacklists, whitelists, greylists, and filtering techniques.
3) The document focuses on content-based filtering and machine learning techniques, specifically discussing Naive Bayes algorithms and how user-preferred domain-specific training of filters can improve anti-spam effectiveness.
PHISHING MITIGATION TECHNIQUES: A LITERATURE SURVEYIJNSA Journal
Email is a channel of communication which is considered to be a confidential medium of communication for exchange of information among individuals and organisations. The confidentiality consideration about e-mail is no longer the case as attackers send malicious emails to users to deceive them into disclosing their private personal information such as username, password, and bank card details, etc. In search of a solution to combat phishing cybercrime attacks, different approaches have been developed. However, the traditional exiting solutions have been limited in assisting email users to identify phishing emails from legitimate ones. This paper reveals the different email and website phishing solutions in phishing attack detection. It first provides a literature analysis of different existing phishing mitigation approaches. It then provides a discussion on the limitations of the techniques, before concluding with an explorationin to how phishing detection can be improved.
An Approach for Malicious Spam Detection in Email with Comparison of Differen...IRJET Journal
This document summarizes a research paper that proposes a model to improve detection of malicious spam emails through feature selection. The model employs a novel dataset for feature selection to optimize classification parameters, prediction accuracy, and computation time. Feature selection is expected to improve training time and classification accuracy. The paper also compares various classifiers, including Naive Bayes and Support Vector Machine, on the selected feature subset. The goal is to automatically learn to detect malicious spam emails, which threaten privacy and security by spreading malware, phishing links, and sensitive data theft.
Forensic the word which indicate the detective work, which searches for and attempting to discover information. Mainly search is carried out for collecting evidence for investigation which is useful in criminal, civil or corporate investigations. Investigation is applicable in presence of some legal rules.
As criminals are getting smarter to perform crime that is, using data hiding techniques such as encryption and steganography, so forensic department has become alert has introduced a new concept called as Digital Forensic, which handles sensitive data which is responsible and confidential.
IRJET- Security from Threats of Computer SystemIRJET Journal
Governments are finding cyber security to be a major challenge as they store far more data than the private sector, often in older and more vulnerable systems, and are regularly targeted by hackers and sophisticated malware. The document discusses various threats to computer systems like malware, viruses, phishing, and zero-day attacks. It proposes solutions like usernames and passwords, firewalls, email encryption, updated anti-virus software, and regular backups to provide security from these threats. Analysis of existing security solutions can help determine weaknesses in data security.
Exercise 3You work as a forensic investigator. A recent inquiry .docxrhetttrevannion
Exercise 3
You work as a forensic investigator. A recent inquiry from a local company called TriGo has caught your attention. On a routine file audit of their servers, TriGo has found some files that appear to be “corrupt” because each file uses the .xde extension. When TriGo personnel try to access the files, they show as “garbage.” Search the Internet for this file extension and summarize your findings.
Write a one-page report detailing your results. Include at least one tool or best practice you would recommend to this client.
Case Study
1:
Forensic Tool Selection
Your supervisor has asked you to research current forensic acquisition tools and to compile a list of recommended tools for the new forensics lab. Using the Internet and the tools listed in Chapter 3 as a guideline, create the following:
1. Create an Excel spreadsheet or an open-source equivalent that specifies vendor name, name of acquisition tool, raw format, validation methods, and overall description of tool.
2. Create a report to accompany the spreadsheetthat recommends two tools based on your research. Justify your answer.
3. Use at least three (3) quality resources in this assignment.
Note:
Wikipedia and similar websites do not qualify as quality resources.
Your assignment must follow these formattingrequirements:
• Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must follow APA or school-specific format. Check with your professor for any additional instructions.
• Include a cover page containing the title of the assignment, the student’s name, the professor’s name, the course title, and the date. The cover page and the reference page are not included in the required assignment page length.
The specific course learning outcomes associated with this assignment are:
• Identify the computer forensics investigation process
.• Outline system forensics issues, laws, and skills.
• Use technology and information resources to research advanced issues in computer forensics.
• Write clearly and concisely about topics related to computer forensics planning using proper writing mechanics and technical style conventions.
Case Study
2:
POS Attacks
Suppose you are a security director for a consulting firm that implements, secures, investigates, and supports point-of-sale (POS) for small and medium businesses (SMBs) in the retail industry.
Read the article titled, “If you shopped at these 16 stores in the last year, your data might have been stolen” located at
https://www.businessinsider.com/data-breaches-2018-4
Choose 2 stores from the list and research the specific attack or breach.
Write a paper in which you:
1. Summarize the attacks, providing details on the effects of the breach.
2. Identify the common purpose of attacks on point-of-sale (POS) systems.
3. Assess why and how these POS systems have become a prime target for hacking groups.
4. Examine the forensics challenges .
A LITERATURE REVIEW ON PHISHING EMAIL DETECTION USING DATA MININGHeather Strinden
This document reviews literature on detecting phishing emails using data mining. It discusses how hybrid features that include both content and header information can be used to effectively classify emails as phishing or legitimate. Various techniques currently used for phishing email detection are examined, including network-level protections, authentication, client-side tools, user education, and server-side filters. Feature selection is important, as phishing emails often resemble legitimate emails, making detection complex. The review finds that server-side filters using machine learning classifiers on selected email features show promise as a solution.
(Icmia 2013) personalized community detection using collaborative similarity ...Waqas Nawaz
The document summarizes related work on analyzing email datasets to: 1) detect worm propagation by analyzing features to classify normal vs abnormal emails, 2) predict organizational structure by discovering important nodes, and 3) characterize email to identify communities of interest by measuring user flow and frequency. It also discusses applications like email prioritization, determining popularity within communities, detecting key users, and identifying hidden relationships. The proposed approach uses collaborative similarity measures and k-medoid clustering to group users with similar communication patterns from email metadata.
A Review on Recovering and Examining Computer Forensic EvidencesBRNSSPublicationHubI
This document discusses computer forensics and the process of recovering and examining digital evidence. It begins by defining computer forensics as the process of preserving, identifying, extracting, and documenting electronic evidence in a way that is admissible in a court of law. The goals of computer forensics are to identify intruders, prosecute criminals, and present digital evidence in court. Key methodologies used in computer forensics examinations include making bit-for-bit copies of storage devices, using forensic tools to recover deleted files and data, and examining log files and metadata.
Identifying Valid Email Spam Emails Using Decision TreeEditor IJCATR
The increasing use of e-mail and the growing trend of Internet users sending unsolicited bulk e-mail, the need for an antispam
filtering or have created, Filter large poster have been produced in this area, each with its own method and some parameters are
to recognize spam. The advantage of this method is the simultaneous use of two algorithms decision tree ID3 - Mamdani and Naive
Bayesian is fuzzy. The first two algorithms are then used to detect spam Bagging approach is to identify spam. In the evaluation of this
dataset contains a thousand letters have been analyzed by the software Weka charts provided in spam detection accuracy than previous
methods of improvement
Similar to AN EMPIRICAL ANALYSIS OF EMAIL FORENSICS TOOLS (20)
artificial intelligence and data science contents.pptxGauravCar
What is artificial intelligence? Artificial intelligence is the ability of a computer or computer-controlled robot to perform tasks that are commonly associated with the intellectual processes characteristic of humans, such as the ability to reason.
› ...
Artificial intelligence (AI) | Definitio
Design and optimization of ion propulsion dronebjmsejournal
Electric propulsion technology is widely used in many kinds of vehicles in recent years, and aircrafts are no exception. Technically, UAVs are electrically propelled but tend to produce a significant amount of noise and vibrations. Ion propulsion technology for drones is a potential solution to this problem. Ion propulsion technology is proven to be feasible in the earth’s atmosphere. The study presented in this article shows the design of EHD thrusters and power supply for ion propulsion drones along with performance optimization of high-voltage power supply for endurance in earth’s atmosphere.
Redefining brain tumor segmentation: a cutting-edge convolutional neural netw...IJECEIAES
Medical image analysis has witnessed significant advancements with deep learning techniques. In the domain of brain tumor segmentation, the ability to
precisely delineate tumor boundaries from magnetic resonance imaging (MRI)
scans holds profound implications for diagnosis. This study presents an ensemble convolutional neural network (CNN) with transfer learning, integrating
the state-of-the-art Deeplabv3+ architecture with the ResNet18 backbone. The
model is rigorously trained and evaluated, exhibiting remarkable performance
metrics, including an impressive global accuracy of 99.286%, a high-class accuracy of 82.191%, a mean intersection over union (IoU) of 79.900%, a weighted
IoU of 98.620%, and a Boundary F1 (BF) score of 83.303%. Notably, a detailed comparative analysis with existing methods showcases the superiority of
our proposed model. These findings underscore the model’s competence in precise brain tumor localization, underscoring its potential to revolutionize medical
image analysis and enhance healthcare outcomes. This research paves the way
for future exploration and optimization of advanced CNN models in medical
imaging, emphasizing addressing false positives and resource efficiency.
An improved modulation technique suitable for a three level flying capacitor ...IJECEIAES
This research paper introduces an innovative modulation technique for controlling a 3-level flying capacitor multilevel inverter (FCMLI), aiming to streamline the modulation process in contrast to conventional methods. The proposed
simplified modulation technique paves the way for more straightforward and
efficient control of multilevel inverters, enabling their widespread adoption and
integration into modern power electronic systems. Through the amalgamation of
sinusoidal pulse width modulation (SPWM) with a high-frequency square wave
pulse, this controlling technique attains energy equilibrium across the coupling
capacitor. The modulation scheme incorporates a simplified switching pattern
and a decreased count of voltage references, thereby simplifying the control
algorithm.
Discover the latest insights on Data Driven Maintenance with our comprehensive webinar presentation. Learn about traditional maintenance challenges, the right approach to utilizing data, and the benefits of adopting a Data Driven Maintenance strategy. Explore real-world examples, industry best practices, and innovative solutions like FMECA and the D3M model. This presentation, led by expert Jules Oudmans, is essential for asset owners looking to optimize their maintenance processes and leverage digital technologies for improved efficiency and performance. Download now to stay ahead in the evolving maintenance landscape.
1. International Journal of Network Security & Its Applications (IJNSA) Vol. 12, No.3, May 2020
DOI: 10.5121/ijnsa.2020.12303 39
AN EMPIRICAL ANALYSIS OF EMAIL
FORENSICS TOOLS
Ahmad Ghafarian, Ash Mady and Kyung Park
Department of Computer Science and Information Systems, Mike Cottrell College of
Business, University of North Georgia, Dahlonega, GA, USA
ABSTRACT
Emails are the most common service on the Internet for communication and sending documents. Email is
used not only from computers but also from many other electronic devices such as tablets; smartphones,
etc. Emails can also be used for criminal activities. Email forensic refers to the study of email detail and
content as evidence to identify the actual sender and recipient of a message, date/time of transmission,
detailed record of email transaction, intent of the sender, etc. Email forensics involves investigation of
metadata, keyword, searching, port scanning and generating report based on investigators need. Many
tools are available for any investigation that involves email forensics. Investigators should be very careful
of not violating user’s privacy. To this end, investigators should run keyword searches to reveal only the
relevant emails. Therefore, knowledge of the features of the tool and the search features is necessary for
the tool selection. In this research, we experimentally compare the performance of several email forensics
tools. Our aim is to help the investigators with the tool selection task. We evaluate the tools in terms of
their keyword search, report generation, and other features such as, email format, size of the file accepted,
whether they work online or offline, format of the reports, etc. We use Enron email dataset for our
experiment.
KEYWORDS
Email forensic, digital forensic, report generation, keyword search, tools, Enron, filtering.
1. INTRODUCTION
Digital forensics refers to the acquisition and analysis of data from the memory of an electronic
device such as laptop, smartphone, etc. [1]. A digital forensics investigation that involves
analysis of emails is referred to as email forensics. This process involves retrieving email details
including sender, receiver, content, date, time, and other details including the intention of the
email sender [2]. However, the examination of the suspect’s entire email transactions may violate
the privacy of the person being under investigation. To avoid this privacy violation, the
investigators use email forensics tools and perform keyword search for retrieving only those
emails that are related to the current case [3, 4]. To do that, the investigators need to have a good
knowledge of the email forensics tools including their keyword search and reporting capabilities.
There are many software tools, which may assist the forensics investigators. These tools provide
easy use browser format, automated key search reports, and other features. Current forensic tools
are designed to help examiners in finding specific pieces of evidence by tracing emails. Further,
these tools are created for solving crimes committed against people where the evidence resides
on the memory of a device. Selection of an email forensics tools that implements the visibility,
filtering, keyword search and report generation would be the first logical step in this direction.
Considering the existence of several email forensics tools, the selection process may not be
trivial. In an effort to address this gap and assist forensics experts in selecting an appropriate tool,
2. International Journal of Network Security & Its Applications (IJNSA) Vol. 12, No.3, May 2020
40
we empirically evaluate the search and report generation capabilities of several contemporary
email forensics tools. In the experiment, we use the Enron email dataset file that is maintained by
MIT [5] and is provided to researchers. We import the email files to these tools, run the tools,
and evaluate their keyword search filtering and the report generation features. We also evaluate
other features, such as, the supported email format, size of the file they accept, format of the
reports, and online or offline, etc.
The rest of this paper is organized as follows. Section 2 provides a literature review. Section 3
describes tools and technology. Section 4 covers the experiment methodology. Analysis of the
results is covered in section 5. Section 6 covers the conclusion where we report our findings as
well as the possible extension of this work for future research.
2. BACKGROUND
Email forensics is an integral part of many digital forensics investigations. Researchers and
practitioners have studied various aspects of email forensics such as tool development [3, 6],
technique [4], technologies [7], and methodologies [8] to assist forensics investigators. In this
section, we present most of the relevant research results in this field.
The paper by Banday [3] illustrates email architecture from a forensics perspective. The author
describes the roles and responsibilities of different email actors and components, itemizes
metadata contained in email headers, and lists protocols and ports used in it. In addition, the
author provides the details of various open source and proprietary email forensics tools and their
capabilities. The paper by Meghanathan, et al [7] provides a comprehensive survey of email and
network forensics tools as well as their specific features. Another paper by Paglierani, et al [8]
defines a general methodology for email forensics and show proof of concept with evidence
results. Other studies of the main characteristics of email forensics tools and techniques can be
found in [1, 2]. Cohen [4] presents an automated technique for bulk-email analysis and
presentation to aid in evidence interpretation. In another paper, Devendran, et al [9] theoretically
have examined a set of common features of four popular email forensic tools.
Hajidj, et al [6] developed a new email analysis software tool by integrating existing statistical
and machine learning techniques as well as data from social networking techniques. The authors
proposed a framework that offers different functionalities ranging from email storing, editing,
searching, and querying. However, we found no report on the widespread use of their framework.
Stolfo and Hershkp [10] have developed an email visualization tool, which helps the
investigators to visualize traces of emails. They have used data mining techniques in the
development of their tool. The tool supports many different email formats. The authors claim that
their tool may be leveraged in many applications. In similar research, Khan, et al [11] proposes a
framework that employs data mining techniques to perform statistical analysis, email
classification & clustering, author identification, and social network analysis. The researchers use
Enron email dataset to evaluate their implementation.
Another study of privacy of email investigation can be found in [12]. The authors introduced a
cryptographic scheme that allows encrypting the entire email set before handing them over for
investigation. The major feature of this approach is that one can run keyword searches on the
encrypted data. Once the tool identifies some emails as having the keyword search, then those
emails will be decrypted for further processing. In the next section, we discuss the experiment
process.
3. International Journal of Network Security & Its Applications (IJNSA) Vol. 12, No.3, May 2020
41
3. TOOLS AND TECHNOLOGY
The following subsections describe the email forensics tools, the technology and the environment
of our experiment.
3.1. Email Forensics Software Tools
In this experiment, we used the following email forensics tools. The justification for selecting
these tools are twofold. First, these are the most popular tools available in the market. Second,
they offer trial versions for research and evaluation purposes.
Aid4Mail v3.8 [13]
eMailTrackerPro V10 [14]
MailXamine V4 [15]
Paraben’s EMX V8.6.5277 [16]
Autopsy V4.13.0 [17]
OSForensics V7 [18]
3.2. Hardware
The experiment was performed on several laptops hosting Microsoft Windows 10 Ultimate 64
bits. The hardware specification includes Intel core 2Duo CPU, 2.5 GHz, 4GB RAM, and 320GB
HDD (two partitions). To prepare for the experiment, we first reimaged the laptops. This process
ensures that no applications exists on laptops and sound forensics process is followed. Then, we
installed an email forensics tool on each laptop, imported the Enron email dataset file to each of
the software tool ready for the experiment.
3.3. Email Dataset
To perform the experiment; we needed a set of email files for offline processing. We decided to
use the Enron email dataset, which is maintained by MIT and contains hundreds of thousands of
email files. Processing all those emails is time consuming and is beyond the scope and purpose
of this study. In addition, the email forensics tools under this study impose limitations on the
number of emails they can process for an input folder. Therefore, we selected three folders from
the email dataset. The selected folders contain all types of emails including sent emails, received
emails, deleted emails, etc. We made sure that the selected email folders are sufficient to
demonstrate the behavior of the tools. The format of the Enron email dataset is called Maildir
(See Figure 1). Some of the email forensics tools under this study do not accept this format.
Therefore, we had to convert this format to a different format, which is acceptable by the tool.
4. THE EXPERIMENT METHODOLOGY
The email forensics experiment consists of the following orderly steps.
Installed one email forensics tool on each laptop
Launched the email forensics tool and created a case
Imported email files from the selected dataset folders.
Ran keyword search on email files and within an email content
Generated reports
Analyzed the generated reports
4. International Journal of Network Security & Its Applications (IJNSA) Vol. 12, No.3, May 2020
42
Figure 1. Enron Maildir internal structure
4.1. Add4Mail
Add4Mail is a proprietary suite of email conversion tools including email migration, email
discovery, and email archiving. It allows users to process email data for various investigation
purposes. During the experiment we observed that Add4Mail:
Removes email-subjects from all reports and conversion process.
Supports several popular email extension formats from various mail client programs.
Can work on the email trash folder.
Process large email files.
Can search the machine for email file, folder name or identity name (this option not
available when using Maildir format).
Allows the investigator to select a folder and then search subfolders for specific email
files.
The tool has no dedicated search section or report section options. It converts an email
details to a file and the converted files treated as reports.
Can search all supported mail formats.
Capable of filtering the emails based on several features including text, date/time,
keywords, logical operators and regular expressions.
When you convert to specific file format, you can use some search and filter options before the
conversion process. We generated the following reports for our selected emails.
The name of the domain that emails are sent or received from them.
Timeline of the email exchange (day and month).
5. International Journal of Network Security & Its Applications (IJNSA) Vol. 12, No.3, May 2020
43
Pictures on these emails.
PDF files on these emails.
Email addresses that are typed in the body of the messages.
Export emails metadata in these formats, CSV, TSV and XML.
Converted email files to CSV and XML formats.
The report results for the domain name, day, and month are shown in Figure 2 a., b. and c.
respectively.
Figure 2. Report generated by Add4Mail
One of the useful functions of Aid4Mail is that we can use script or import new scripts into the
software and use this script for filtering reports. Some of these scripts are export only emails
from Gmail address, mails with JPG/MOV/AVI files, process deleted emails, skip duplicates on
export, etc. We used these filters for searching emails that were sent from 04/14/2000 until
4/20/2000. Figure 3 shows the filters we used.
Figure 3. Filtered page for emails between 4/14/2000 and 4/20/2000
During the experiment, we observed additional limitations of Add4Mail. First, the Graphical
User Interface (GUI) of the tool is very simple and offers no flexibility to the investigator.
Second, we need other applications like web browsers; PDF readers, or MS Excel for analyzing
and searching the results of the report. This is because these applications are not integrated into
the tool.
6. International Journal of Network Security & Its Applications (IJNSA) Vol. 12, No.3, May 2020
44
4.2. Paraben Email Examiner (EMX)
Paraben E3 EMX is proprietary and allows us to analyze message headers, bodies, and
attachments. It recovers email in the deleted folders. Paraben supports almost all major email
formats and can generate keyword search reports. Our experiment demonstrated that the tool has
the following major features.
Can search all email files or whole database folders and generates reports.
Has comprehensive keyword search features, bookmarking, advanced Boolean
searching, and searching within attachments.
Supports for various languages including Unicode.
Capable of examining email headers and bodies and provides details report of search
filters (including contents from attachments).
Accepts Maildir format and several other formats
Can show all the email files of a selected folder in a separate window.
Shows the results of analysis of the selected emails within the Paraben
Can convert Maildir email format to other formats like EML, EMX, MHT, PST. The
conversion process supports filtering (based on text, hex search, locate code page, etc.)
and the converted file represents a report. It has the option to define a scope for
converting the email including subject, body, headers, etc.
Allows selecting the information we want to be included in the reports. The output can
be filtered by time, date, etc. This feature helps the investigator to preserve privacy.
Since Paraben accepts Maildir format we did not have to do any conversion. Figure 4 shows the
result of report generation. The figure shows the email data and the header.
Figure 4. Search options in Paraben for emails dataset
In addition, we used several keyword searches and searched for the word “ENRON” in the three
email folders we used in this research. The result is shown in Figure 5.
7. International Journal of Network Security & Its Applications (IJNSA) Vol. 12, No.3, May 2020
45
Figure 5. Result of Search for Word “ENRON”
Another search for the word “weekend”. Generated the HTML report. EMX can generate reports
in various formats including HTML Investigative, simple Text, CSV Text, evidence, and HTML
email message. Figure 6 shows a CSV report created from the email database folder.
Figure 6. CSV Report Generated From Enron Emails
4.3. eMailTrackerPro
This proprietary tool can trace an email using the email header as well as filtering spam emails.
Our experiment has shown that the has the following features.
It is different from all the other tools in that there is no option for importing emails file,
folder or database.
It requires that we insert an email header manually, connect this software to your email
account, or suspect’s email account.
It allows us to connect multiple accounts to this tool simultaneously.
It requires connecting to a live email account, doing keyword filtering search, and
generating support.
For this experiment, we created a Yahoo email account, i.e. FUM_CF@YAHOO.COM and
incorporated this account to the tool (see Figure 9). If we want to trace an email that was
received to this account, we can select that email and then trace it. After performing this task, we
noticed that the results are shown in a separate popup windows and include information like
Whois (Network Domain), sender and receiver name, IP address hop for this email and email
header. For example, Figure 7 shows trace of an email origin by eMailTrackerPro. Similarly,
Figure 8 shows filtering emails sent by a specific sender.
8. International Journal of Network Security & Its Applications (IJNSA) Vol. 12, No.3, May 2020
46
Figure 7. Trace of an email in eMailTrackerPro
Figure 8. Filter email sent by a specific sender
We can filter by subject, sender’s email address, To address, DNS blacklist, sender IP address, IP
block, etc. For example, Figure 9 shows filtered Yahoo@communications.yahoo.com.
Figure 9. Filtering email with name "FUM TEST"
9. International Journal of Network Security & Its Applications (IJNSA) Vol. 12, No.3, May 2020
47
The tool also allows the investigator to send emails to blacklist or whitelist automatically.
However, it does not support comprehensive keyword search, which means the investigators can
only searches through the subject, from address, to address, and IP address of the sender (see
Figure 10).
Figure 10. Search result for email subject.
4.4. MailXaminer
MailXaminer is a proprietary digital forensic software that allows the examination of email
messages from both web and application-based email clients. The demo version allows fifty
emails to export, which was enough for this research. Below is the major observations.
Supports most email file formats (20+ file format, e.g. *.ost, *.pst *.olm ,EML/EMLX,
Maildir, Mbox, .mbx, .edb, etc.)
Facilitates both online and offline forensics (see Figure. 11).
Allows previewing the details of all emails including mail body, HEX format of the
email, properties, message header, MIME, email Hop, HTML format, RTF and
attachments.
Implements keyword search filtering and analysis as well as allowing us to insert a CSV
file containing keyword search.
To be consistent, we used the offline feature of this tool. Similar to what we did with the other
tools, we imported the file of the email into this tool and began the experiment. Figure 12 shows
an example of a message preview in MailXaminer.
Figure 11. Offline/online Email Support in MailXaminer
The search feature works based on a name, keyword, and date search. MailXaminer allows
searching of emails containing specific names or emails that have been exchanged between the
10. International Journal of Network Security & Its Applications (IJNSA) Vol. 12, No.3, May 2020
48
suspect and the other parties. Figure 13 shows the result of a search that we ran on our dataset for
the word “Enron”.
Figure 12. Email preview on MailXaminer
Figure 13. Search result of word "Enron" in our dataset.
Another feature of the MailXaminer is that it allows creating a date range for searching emails.
This feature will help the investigators to narrow the range of emails that need to be examined.
Fig. 14 shows the result of a search we performed for the name “bob” in the range of 1/21/2000
and 9/22/2000.
Figure 14. Search for emails that have word “bob” between 1/21/2000 and 9/22/2000.
This tool has a Predefined tab that can search for emails based on the Regular Expressions search
algorithm. This search option helps the investigator to detect email message patterns with the use
of category and subcategory searches such as phone numbers, URLs, addresses, postal code, and
11. International Journal of Network Security & Its Applications (IJNSA) Vol. 12, No.3, May 2020
49
country. In addition, the tool can bookmark a record of case related pieces of evidence. For
example, Figure 15 shows emails related to CAISO Corporation that we bookmarked emails
from that domain for further examination. See also [19] for similar results.
Figure 15. Bookmarked Emails under investigation.
During the investigation, we may find some important emails; we can export those emails to
various different formats for analysis by other tools or create a report. The formats that are
supported include Concordance ,CSV ,EML ,HTML ,HTML ,MSG ,PDF ,PRINT ,PST , TIFF.
In this option, there is no filter or search option and the entire email file is exported as a report.
Figure 16 shows the HTML report from emails that bookmarked in the previous step.
Figure 16. HTML report from bookmarked Emails
4.5. Autopsy
Autopsy is free general-purpose digital forensics software, which also has an email analysis
feature. This tool also supports offline email processing. During our experiment, we identified
the following properties.
Supports offline and online files.
The email file input does not require any specific extensions or email formats. This is
because the application imports the plaintext of the email content as well as email
attachments.
Allows comprehensive keyword search
Can generate reports of many application types such as PDF, CVS, XML, etc.
Allows visualization of indexed files as text.
12. International Journal of Network Security & Its Applications (IJNSA) Vol. 12, No.3, May 2020
50
Autopsy has multiple exporting functionalities for its indexed data. We searched for the keyword
“Enron” it returned 15932 results (see Figure 17). When you click on the returned files from the
result, you can see the indexed text of the files with the word “Enron.”
Figure 17. Keyword search results for “Enron”
Besides, a bulk search using a premade word list can be used to check for certain words in the
emails. This method of searching allows the user to use a preconfigured list of related words.
Figure 18 shows the application of premade word. The highlighted area shows the list of
keywords.
Figure 18. Example of keyword list
Autopsy allows configuration of a new list or importing preconfigured lists (xml or txt format),
such as the lists of banned sports drugs, websites, chemicals, etc. (see Figure 19).
13. International Journal of Network Security & Its Applications (IJNSA) Vol. 12, No.3, May 2020
51
Figure 19. The keyword list import function and the supported file extensions
We can also view the Indexed email file as text (see Figure 20) The contents can also be viewed
as Strings or Hex decimal (see Figure 21)
Figure 20. Text view of Autopsy index email file in Autopsy.
Figure 21. HEX view of indexed email file in Autopsy.
14. International Journal of Network Security & Its Applications (IJNSA) Vol. 12, No.3, May 2020
52
Moreover, we used the generate report function of Autopsy. Figure 22 shows the choice of a tab-
delimited or a comma delimited file, querying the dataset into a table for visibility. Figure 23
shows the tab-delimited generated report. Autopsy has multiple exporting functions for its
indexed data. Firstly, the user can save the table of the indexed metadata as a CSV file. Figure 24
shows the exported table, which includes metadata in CSV format for the “Enron” search.
Figure 22. Shows Autopsy’s save function saves table as CSV file
Figure 23. Shows Autopsy’s Generated report function and the various report modules.
Figure 24. Generated tab delimited text report of the indexed Enron dataset files.
4.6. OSForensics
OSForensics is a proprietary digital forensics software that also has an email forensics feature.
We used the free trial version. Below are the major email forensics features of this software.
15. International Journal of Network Security & Its Applications (IJNSA) Vol. 12, No.3, May 2020
53
It only supports offline email file processing.
The accepted file size and file count for indexing is restricted to the amount of available
memory.
The trial version of the product has a maximum index limit of 2500 files.
It supports various email file formats for indexing including, .pst, .ost, .eml, .dbx, .mbox,
.mbx, .eml, .msf, .msg (Mozilla, Thunderbird, Eudora, Unix mail).
It can process the attached files.
It has search and reporting capabilities.
We can search to filter indexed emails using the following fields: by term, from, fo/cc/bcc, date
(from/to). As can be seen in Figure 25, we searched for the term “money” it returned all email
results containing the word “money” in its content. In addition, we used a bulk search using a
premade word list. Figure 26 shows the result of premade search lists. Similar to Autopsy, the
example word lists included in the tool are a list of common words categorized by their topic,
such as a list of banned sports drugs, websites, chemicals, and more. We can create more custom
lists and add to the tool. The tool allows the user to sort the returned search results by score,
name, date, filename, extension, and tag for easier viewing of filtered emails. This feature is
extremely useful, as it saves investigator’s time.
Figure 25. The search index function of OSForensics
Figure. 26 The search list in OSForensics.
16. International Journal of Network Security & Its Applications (IJNSA) Vol. 12, No.3, May 2020
54
OSForensics allows viewing indexed emails as text in two ways, by double-clicking on search
Windows and by using an email-viewing tool. For example, Figure 27 shows the text view of the
indexed email file.
Figure 27. Text view of the indexed email file using email viewer tool.
The tool can use the result of the search to a generate report. This report can be exported in
HTML or PDF format (see Figure. 28.) We should note that emails could be exported one by one
using the Email Viewer Tool. Email files loaded into the Email Viewer Tool has only one export
option: Base Name (ie.<base name>_index.html). As shown in Figure 29, this method of export
creates five files in the export directory inlcuding <filename>.txt, which exports the email into
text format. The other four files are the results of splitting the email into four different parts:
header.txt, index.html, menu.html, and print.html.
To avoid the four different parts from being exported with the email, a workaround option is to
export the file using the print functionality and save the file in PDF format, which creates just
one PDF file in the export directory.
Figure 28. The export report feature of the OSForensics.
17. International Journal of Network Security & Its Applications (IJNSA) Vol. 12, No.3, May 2020
55
Figure 29. The export of index emails to a PDF file.
5. EXPERIMENT RESULT ANALYSIS
Aid4Mail is a suite of eight tools and supports almost all email formats. Our experiment shows
that Aid4Mail can perform limited searches and can create reports based on those searches but
cannot analyze the generated email reports. This is because other applications such as PDF
reader; MS Word; CVS; etc. are not integrated into this tool. Moreover, the tool has a static and
inflexiblee Graphical User Interface (GUI) and has no dedicated search or report generation
option in the GUI.
Paraben accepts the Maildir format and has comprehensive keyword search features,
bookmarking, advanced Boolean searching, and searching within attachments. We were able to
analyze the search results within the tool and generate reports based on keyword search results.
This is because other applications such as PDF reader, MS Word, etc. are integrated into the tool.
It also has several search filters that help an investigator to find items of interests from the
emails. In addition, the tool can examine email headers and bodies, provide information based on
the search filter including contents from attachments. We found the GUI feature of this tool very
helpful and easy to use.
MailXaminer supports most email file formats (36 file type) like: *.ost, *.pst , *.olm
,EML/EMLX ,maildir , MBOX , *.mbx ,*.edb etc. The tool supports both online and
offline forensics. However, for consistency purpose we only used the offline feature of this tool.
Using MailXaminer, we were able to import email files and perform keyboard search for name,
email header, date, etc. Investigators can search for emails containing specific names or emails
that have been exchanged between the suspect and receivers. Generating reports based on
keyword search is relatively easy due applications, being integrated into the tool.
eMailTrackerPro is different from the above-mentioned tools in that it only supports live
investigation. Due to the use of different email format, this tool does not support importing email
files and folder. Therefore, we must connect the tool to the email accounts or import header of an
email manually to analyze that email. The only offline feature available in this tool is importing
email headers manually to the tool and trace the email path. It is a powerful tool for searching
within the emails file online and can create report based on search results. The GUI feature of the
tool is good but does not have all the features available in other tools.
Autopsy does not support Maildir format. However, we imported the Enron email files into the
Autopsy without an extension, using the logical files data source input. The logical file input
does not require specific extensions or email formats for the file input as the application imports
18. International Journal of Network Security & Its Applications (IJNSA) Vol. 12, No.3, May 2020
56
the plaintext of the file data. It has a comprehensive keyword search feature and wordlist for a
bulk word search. The keyword search feature returns the search result in a table, which can be
sued to generate reports. It has comprehensive features to process and analyze large sets of data
and a feature to handle and store multiple cases, The GUI in Autopsy is friendly.
OSForensics tool supports various email file formats for indexing. It is a powerful tool can
accept a large dataset of emails. The tool is capable of indexing. Its search function has
comprehensive features such as date range, email headers, and email body to filter the search
results. It can also utilize a preconfigure lists of words for filtering. However, a major weakness
of this tool is that it does not allow mass exporting the filtered emails, which is necessary in
processing large datasets of emails. Moreover, the tool lacks any report generation or analysis
features to handle the data based on the search results. This is because the tool is not a dedicated
email forensics tool.
6. CONCLUSION AND FUTURE WORK
In this research, we experimentally examined several email forensic tools and evaluated the
features such as, whether the tool supports online or offline files, filtering, search, report
generation, and thier graphical user interface. We used the Enron email dataset file as input to
each tool. We evaluated the above features of the tools. The results demonstrate that the selection
of a tool should be done with extreme care. This is because, although the tools have some
common features but they also may lack some of the desired features. Therefore, the investigator
should carefully examine the email forensics tools before they commit to a particular one. If
necessary, they may use two different tools with diverse features. In summary, the selection of a
tool depends on the needs of the investigators and the circumstances of the case under
investigation.
This research can be extended in several ways: 1) Repeat the same experiment with a Proprietry
version of the tools to examine full strength of the email forensics tools. 2) Use additional tools
such as EmailTracer, Adcomplain, Internet Evidence Finder (IEF), FINALeMAIL, etc. 3)
Compare the performance of the online features of the tools. 4) Use more email files from the
dataset and on machines with different operating systems.
REFERENCES
[1] G. Chabra, and Dilpreet Singh Bajwa (2015). “Review of E-mail System, Security Protocols and
Email Forensics.” International Journal of Computer Science and Communication Networks, Vol 5,
No. 3, pp. 201-211.
[2] P.P. Hatole, and Shobha K. Bawiskar (2017). “Literature Review of Email Forensics.” Imperial
Journal of Interdisciplinary Research (IJIR), Vol. 3, No. 4, pp. 1436-1439.
[3] M. T. Banday (2011). “Techniques and Tools for Forensics Investigation of Emails.” International
Journal of Network Security & Its Applications (IJNSA), Vol. 3, No. 6, pp. 227-241.
[4] F. Cohen (2009). “Bulk Email Forensics.” IFIP International Conference on Digital Forensics.
Springer, chapter 4, pp. 51-67.
[5] Enron Dataset. https://www.cs.cmu.edu/~enron/
[6] R. Hadjidj, Mourad Debbabi, Hakim Lounis, Farkhund Iqbal, Adam Szporer, and Djamel Benredjem
(2009). “Towards an integrated e-mail forensic analysis framework.” Digital Investigation Vol. 5, pp.
124-137.
[7] N. Meghanathan, Sumanth Reddy Allam and Loretta A. Moore (2009). “Tools and Techniques for
Network Forensics.” International Journal of Network Security & Its Applications (IJNSA), Vol, 1,
No. 1, pp. 14-25.
19. International Journal of Network Security & Its Applications (IJNSA) Vol. 12, No.3, May 2020
57
[8] J. Paglierani, Mike Mabey and Gail-Joon Ahn (2013). “Towards Comprehensive and Collaborative
Forensics on Email Evidence.”. 9th
IEEE International Conference on Collaborative Computing:
Networking, Applications and Worksharing. pp. 11-20.
[9] V. K. Devendran, Hossain Shahriar, Victor Clincy (2015). “A Comparative Study of Email Forensic
Tools.” Journal of Information Security. Vol. 6, No. 2, pp. 111-117.
[10] S. J. Stolfo, Shlomo Hershkop (2005). “Email Mining Toolkit Supporting Law Enforcement Forensic
Analyzes.” National Conference on Digital Government Research, Atlanta, Georgia, pp. 1-2.
[11] S. R. Khan, Smita M. Nirkhi, R. V. Dharaskar (2013). “E-mail Data Analysis for Application to
Cyber Forensic Investigation using Data Mining.” International Journal of Applied Information
Systems, pp. 1-4.
[12] F. Armknecht and Dewald, A. (2015). “Privacy Preserving Email Forensics.” Digital Investigation,
Vol. 4, pp. 127-136.
[13] Aid4Mail, Email Forensic. http://www.aid4mail.com/
[14] EMailTrackerPro. http://www.emailtrackerpro.com/
[15] MailXaminer. http://www.mailxaminer.com
[16] Paraben (Network) E-mail Examiner. http://www.paraben.com/email-examiner.html
[17] Autopsy. Open Source Digital Forensics. http://sleuthkit.org/index.php
[18] OSForensics. https://www.osforensics.com/
[19] A. Ghafarian (2019). “Capabilities of email forensics tools.” Proceedings of the Computing
Conference. London, UK, pp. 514-528.
AUTHORS
Ahmad Ghafarian is a Professor of Computer Science and cybersecurity at the
University of North Georgia. He received his Ph.D. and Msc. in computer science
from University of Glasgow and his B.sc. in Mathematics from Mashhad
University. He alos obtained a Postdoctoral fellowship in information security. His
teaching and research interests lie primarily in the area of cybersecurity, inlcuding,
various aspects of digital forensics, social media privacy and security, ransomware
analysis, security of connected cars and internet of things. He has over twenty five
years of teaching and research experience and about fourty peer reviewed
publications. He secured several rsearch grants and involves students in his
research activities.
Ash Mady, Ph.D., Department Head - Computer Science & Information Systems.
Mike Cottrell College of Business. University of North Georgia. Mady received his
Ph.D. degree in business administration with a research focus in information
security from Kennesaw State University. He also has degrees in Computer Science,
Physics, and Chemistry. His research interest and active projects are in the areas of
Cybersecurity, Artificial Intelligence, and Financial Technology or Fintech. He has
led several projects and awarded grants in work related to blockchain, technology
adoption, cybersecurity and artificial intelligence. He is a member of the Special
Interest Group on Information Security and Privacy. He has over twenty-five years
of professional experience in academia, management, and software engineering.
Kyung Park is an undergraduate research assistant majoring in computer science
with a concentration in Information Assurance and Security, and a minor in
mathematics at the University of North Georgia. He is interested in researching and
learning about all aspects of Cybersecurity.