The development of computer technology now have an impact on the increasing cases of cybercrime crime that occurred either directly or indirectly. Cases of cybercrime now are able to steal digital information is sensitive and confidential. Such information may include email, user_id, and password. In addition to browser cookies stored on your computer or laptop hard drive, user_id, email, and password are also stored in random access memory (RAM). Random access memory (RAM) is volatile so that in doing the analysis required an appropriate and effective method. Digital data acquisition method in random access memory can be done live forensics or when the system is running. This is done because if the device or laptop computer is dead or shutdown then the information stored in random access memory will be lost. In this study has successfully carried out its acquisition of random access memory (RAM) for information access rights and password login form user_id on your websites such as Facebook, PayPal, internet banking, and bitcoin. Tools used to perform data acquisition, namely Linux Memory Extractor (LiME) and FTK Imager.
At SearchInform we help businesses to monitor the movement of sensitive data and prevent data loss and leakage, be it a result of deliberate or negligent action, as well as prevent harmful activities by the insiders, like espionage, terrorist recruitment, drug and alcohol abuse, gambling, bullying, sexual harassment and more. We empower businesses to control all data channels in the stealth mode, thus securing their information perimeter, including web and corporate e-mail, popular instant messengers, voice and text via the likes of Skype and Viber, posts on forums, blogs and websites, info transferred to external devices, info sent to print, workstation monitors and microphones, as well as potentially harmful activities related to changes in Active Directory, software and hardware equipment.
This slide will cover details of evidence collection in cyber forensic which will be more useful for CSE & IT department students studying in engineering colleges.
06 Computer Image Verification and Authentication - NotesKranthi
The document discusses digital image verification and authentication protocols used in computer forensics investigations. It describes how investigators can copy all information from a suspect computer system without altering the original. The copy must be authenticated to prove it has not been modified. This involves generating a cryptographic hash of the copy and storing it in a "safe box". All safe boxes for a case are grouped in a "vault" with a hash to verify integrity. Keys and procedures are described for verifying that a copy was properly authenticated and can be traced to a specific computer at a given time. The goal is to allow investigators to securely collect digital evidence while respecting the rights of innocent parties.
Recently, modern technologies have made a positive contribution to most institutions of the society. However, they have generated serious issues with regard to the data security. For example, in the educational sector, most educational institutions have huge amounts of various types of data, which require rigorous protection ways to ensure their security and integrity. This study aims at reviewing the most recent data security methods, particularly the existing common encryption algorithms as well as designing an electronic system based on efficient and trusted ones to protect academic and nonacademic digital data in educational institutions. The study applies the satisfaction questionnaire as instrument to evaluate the proposed system efficiency. The questionnaire has been presented to the evaluation team whose members are divided into two groups: experts and end users. The results of the evaluation process have indicated that, the satisfaction ratio of the proposed system is encouraging. The overall satisfaction percentage is 96.25%, which demonstrates that the proposed system is an acceptable and suitable choice for various security applications.
This document summarizes a training program on cyber security that took place from November 19th to December 2nd 2018. It covered topics such as computer forensics and its tools, traditional computer crimes, identity theft and fraud, computer forensics techniques, cyber crimes and how to reduce risks of identity theft. The training discussed investigating computer systems for evidence of crimes and recovering deleted files through data acquisition and forensic analysis.
Online data processing functions to Loginworks software has reduced costs, increased profitability and delivered greater core value and operational excellence to our customers. We help you capture, extract and digitize and process data from various sources. We are equipped with over a decade of experience in delivering outstanding data process outsourcing services to global customers at such affordable rates. Our Online Data Processing services are valid for all kinds of textual data capturing which includes printed text and manuscripts scanned images.
https://www.loginworks.com/data-processing/
04 Evidence Collection and Data Seizure - NotesKranthi
The document discusses guidelines for properly collecting and analyzing digital evidence from compromised systems. It emphasizes the importance of preserving evidence in its original state, establishing a clear chain of custody, and thoroughly documenting all procedures to ensure the evidence is admissible in court. The general procedure involves identifying relevant evidence, analyzing it to reconstruct the incident, and presenting findings in an understandable way. Volatile data like memory contents should be captured before non-volatile data from disks. Contamination must be avoided by only examining copies of original data.
This document discusses several areas of computer ethics including information accuracy, green computing, codes of conduct, information privacy, and intellectual property. It defines computer ethics as the moral guidelines that govern computer and information system use. Each area of computer ethics is then defined in more detail. Information accuracy concerns ensuring information online is correct. Green computing aims to reduce environmental waste from computer use. Codes of conduct establish guidelines for determining ethical computer actions. Information privacy relates to individuals' right to restrict data collection and use about them. Intellectual property involves unique creative works and associated ownership rights.
At SearchInform we help businesses to monitor the movement of sensitive data and prevent data loss and leakage, be it a result of deliberate or negligent action, as well as prevent harmful activities by the insiders, like espionage, terrorist recruitment, drug and alcohol abuse, gambling, bullying, sexual harassment and more. We empower businesses to control all data channels in the stealth mode, thus securing their information perimeter, including web and corporate e-mail, popular instant messengers, voice and text via the likes of Skype and Viber, posts on forums, blogs and websites, info transferred to external devices, info sent to print, workstation monitors and microphones, as well as potentially harmful activities related to changes in Active Directory, software and hardware equipment.
This slide will cover details of evidence collection in cyber forensic which will be more useful for CSE & IT department students studying in engineering colleges.
06 Computer Image Verification and Authentication - NotesKranthi
The document discusses digital image verification and authentication protocols used in computer forensics investigations. It describes how investigators can copy all information from a suspect computer system without altering the original. The copy must be authenticated to prove it has not been modified. This involves generating a cryptographic hash of the copy and storing it in a "safe box". All safe boxes for a case are grouped in a "vault" with a hash to verify integrity. Keys and procedures are described for verifying that a copy was properly authenticated and can be traced to a specific computer at a given time. The goal is to allow investigators to securely collect digital evidence while respecting the rights of innocent parties.
Recently, modern technologies have made a positive contribution to most institutions of the society. However, they have generated serious issues with regard to the data security. For example, in the educational sector, most educational institutions have huge amounts of various types of data, which require rigorous protection ways to ensure their security and integrity. This study aims at reviewing the most recent data security methods, particularly the existing common encryption algorithms as well as designing an electronic system based on efficient and trusted ones to protect academic and nonacademic digital data in educational institutions. The study applies the satisfaction questionnaire as instrument to evaluate the proposed system efficiency. The questionnaire has been presented to the evaluation team whose members are divided into two groups: experts and end users. The results of the evaluation process have indicated that, the satisfaction ratio of the proposed system is encouraging. The overall satisfaction percentage is 96.25%, which demonstrates that the proposed system is an acceptable and suitable choice for various security applications.
This document summarizes a training program on cyber security that took place from November 19th to December 2nd 2018. It covered topics such as computer forensics and its tools, traditional computer crimes, identity theft and fraud, computer forensics techniques, cyber crimes and how to reduce risks of identity theft. The training discussed investigating computer systems for evidence of crimes and recovering deleted files through data acquisition and forensic analysis.
Online data processing functions to Loginworks software has reduced costs, increased profitability and delivered greater core value and operational excellence to our customers. We help you capture, extract and digitize and process data from various sources. We are equipped with over a decade of experience in delivering outstanding data process outsourcing services to global customers at such affordable rates. Our Online Data Processing services are valid for all kinds of textual data capturing which includes printed text and manuscripts scanned images.
https://www.loginworks.com/data-processing/
04 Evidence Collection and Data Seizure - NotesKranthi
The document discusses guidelines for properly collecting and analyzing digital evidence from compromised systems. It emphasizes the importance of preserving evidence in its original state, establishing a clear chain of custody, and thoroughly documenting all procedures to ensure the evidence is admissible in court. The general procedure involves identifying relevant evidence, analyzing it to reconstruct the incident, and presenting findings in an understandable way. Volatile data like memory contents should be captured before non-volatile data from disks. Contamination must be avoided by only examining copies of original data.
This document discusses several areas of computer ethics including information accuracy, green computing, codes of conduct, information privacy, and intellectual property. It defines computer ethics as the moral guidelines that govern computer and information system use. Each area of computer ethics is then defined in more detail. Information accuracy concerns ensuring information online is correct. Green computing aims to reduce environmental waste from computer use. Codes of conduct establish guidelines for determining ethical computer actions. Information privacy relates to individuals' right to restrict data collection and use about them. Intellectual property involves unique creative works and associated ownership rights.
INTRODUCTION TO COMPUTER FORENSICS
Introduction to Traditional Computer Crime, Traditional problems associated with Computer Crime. Introduction to Identity Theft & Identity Fraud. Types of CF techniques – Incident and incident response methodology – Forensic duplication and investigation. Preparation for IR: Creating response tool kit and IR team. – Forensics Technology and Systems – Understanding Computer Investigation – Data Acquisition.
Computer forensics is the scientific process of preserving, identifying, extracting, and interpreting data from computer systems, networks, wireless communications, and storage devices in a way that is legally admissible. It involves using special tools to conduct a forensic examination of devices, networks, internet activities, and images in order to discover potential digital evidence. Common computer forensic tools are used to recover deleted files, analyze financial and communications records, and investigate crimes like fraud, identity theft, and child pornography.
Lisa Jarrett is a student completing her final year degree project on developing a case study for use in computer forensics training. Her project objectives are to investigate current educational resources used by universities and training resources used by accredited companies, gain an understanding of students' capabilities with forensic software tools, and propose a competency framework for computer forensic investigation training. Her deliverables will include a literature review of available training resources and a report on students' skills and knowledge gaps. The project will focus on designing a case study scenario involving a murder investigation that can be used to provide students hands-on experience and demonstrate their skills to potential employers.
05 Duplication and Preservation of Digital evidence - NotesKranthi
The document discusses best practices for preserving digital evidence from a crime scene, including:
1) Making bit-stream backups of storage devices before processing to avoid altering the original data.
2) Transporting the computer system securely to a forensics lab for further analysis.
3) Maintaining a detailed evidence notebook and chain of custody to document all evidence handling procedures.
Computer forensics is expected to face significant changes over the next 5-50 years:
- Within 5 years, storage capacity and processing speeds will increase dramatically, resulting in exponentially more data to analyze per case. Automated tools will help speed up initial processing but full analyses may still take similar time.
- By 10 years, computers may be much smarter and interfaces more advanced, changing the examiner's role. Experts will need deeper knowledge of human-computer interactions. Malware threats will likely escalate as well.
- Predicting 50 years is difficult but storage capacities may reach zettabytes, fit in dental fillings. Computers may surpass human intelligence. The legal system may remain
Smartphone's usage and their applications become
popular in our society, nowadays. One of the most influential
applications in our social life is the instant messaging application.
LINE messenger is one of the popular instant messaging
applications around Asian country. LINE has about 60 – 70
percent active users per month from 144 million accounts in
Japan, Taiwan, Thailand, and Indonesia. Like most other instant
messengers, LINE services are able to keep their user's personal
files such as text chats, pictures or photos, and video. These files
have the valuables and specific information about the user. In the
law enforcement, this kind of information can be an authentic
evidence to solve crime cases. In this paper will show the ability
of a forensic tool in acquisition digital evidence on Android
device. The work is separated into two tests, the application
analysis acquisition, and full content acquisition. The digital
evidence also has been identified, such as text chats, pictures, the
name of the sender and the recipient, and the chat time
(timestamp).
This document provides information about data, information systems, and their components. It defines data as raw unorganized material that has little value on its own. Information is organized data that is meaningful to users. An information system is a set of related components that collects data, processes it, and provides information. The key components of an information system are data, hardware, software, people, and procedures. Together these components work to input data, process it, and output useful information to meet users' needs.
This document discusses cyber forensics and investigating large scale data breaches. It begins by defining cyber forensics as an electronic discovery technique used to determine and reveal technical criminal evidence, often involving extracting electronic data for legal purposes. It then discusses challenges in investigating corporate networks due to different operating systems, file systems, and administrative access used. When investigating large data breaches, security exploits and employee devices are common entry points, while pace of growth and lack of evidence erasure complicate progress. The Yahoo breach example turned tides by providing data to investigators that aided geopolitical understanding. Immediate actions include response and isolation, while tools like COFEE, SIFT, and ProDiscover aid forensic analysis at different levels.
CYBER FORENSICS AND AUDITING
Topics Covered: Introduction to Cyber Forensics, Computer Equipment and associated storage, media Role of forensics Investigator, Forensics Investigation Process, Collecting Network based Evidence Writing, Computer Forensics Reports, Auditing, Plan an audit against a set of audit criteria, Information Security Management, System Management. Introduction to ISO 27001:2013
Digital forensics involves the scientific analysis of digital evidence extracted from devices such as computers, laptops, mobiles, and storage devices. It aims to properly extract, analyze and document digital evidence for use in court. There are different stages including identifying purpose and resources, analyzing data using tools, interpreting results, documenting conclusions, and securing data for future use as evidence. Various branches of digital forensics examine different sources of digital evidence, such as network traffic and logs, firewall logs, databases, mobile devices, and email servers and accounts. Specialized tools are used to extract valuable information from these sources and assist with investigations.
A more in-depth analysis of cyber forensics; but explained eloquently for the beginner, by Chaitanya Dhareshwar - Cyber Crime Investigator, Technocrat and Entrepreneur.
Learn what cyber forensics is all about and how you can begin using the basic tools of forensics in your day to day life. Not only does it make the world a safer place, your data remains significantly more secure.
Every step you take towards cyber security in this lawless internet allows you to achieve greater knowledge unhindered.
Current Forensic tools: evaluating computer forensic tool needs, computer forensics software tools, computer forensics hardware tools, validating and testing forensics software E-Mail Investigations: Exploring the role of e-mail in investigation, exploring the roles of the client and server in e-mail, investigating e-mail crimes and violations, understanding e-mail servers, using specialized e-mail forensic tools. Cell phone and mobile device forensics: Understanding mobile device forensics, understanding acquisition procedures for cell phones and mobile devices
Computer forensic investigation analyzes data from computer devices to gather evidence for legal cases in a forensically-sound manner. The process involves making a digital copy of a device's storage media to examine while leaving the original untouched. Computer forensic specialists are trained to use tools and software to conduct a thorough examination of digital media, analyzing items like the Windows registry, passwords, files, emails and pictures to determine exactly what occurred on a device and who was involved. Computer forensic professionals in Miami are legally trained to follow standard methodology to properly collect, analyze and document digital evidence for use in court.
Document privacy is very important with communication technology in an innovative era of globalization. However, when the document changes hands or the document is sent, there is still a risk of data damage and the document can be changed by an unrelated party so that document security is necessary. If the confidentiality and authenticity of documents are damaged by irresponsible parties, the information is no longer useful. For this reason, a text encryption application was created using the SEAL, Blowfish and IDEA algorithms. A combination of these three algorithms will create better algorithm security for the company. The IDEA algorithm is a symmetric cryptography with high security which is not based on the confidentiality of the algorithm but emphasizes the security or confidentiality of the key used. The goal is to produce stronger and more secure data security, a combination of the SEAL algorithm for data encryption and the IDEA algorithm is used to maintain data confidentiality and security by going through the description process, as well as the Blowfish algorithm to maintain the confidentiality of user login data, so that only the person concerned can read the information. The important files that the researcher will secure are Emboss files in the form of credit card data and customer data with a Microsoft Office extension (.doc, .docx, xlx, .xlsx) and with text extension. The results of testing the SEAL, Blowfish and IDEA Algorithms are the time obtained to encode and decode is directly proportional to the size of the file being processed (the smaller the file size is processed, the faster the encode and decode process, the larger the file size, the longer it takes. encode and decode process).
02 Types of Computer Forensics Technology - NotesKranthi
The document discusses various types of computer forensics technology used by law enforcement, military, and businesses. It describes the Computer Forensics Experiment 2000 (CFX-2000) which tested an integrated forensic analysis framework to determine motives and identity of cyber criminals. It also discusses specific computer forensics software tools like SafeBack for creating evidence backups and Text Search Plus for quickly searching storage media for keywords. The document provides details on different types of computer forensics technology used for remote monitoring, creating trackable documents, and theft recovery.
Types of Computer Forensics Technology, Types of Military Computer Forensic Technology, Types of Law Enforcement, Computer Forensic Technology, Types of Business Computer Forensic Technology, Specialized Forensics Techniques, Hidden Data and How to Find It, Spyware and Adware, Encryption Methods and Vulnerabilities, Protecting Data from Being Compromised Internet Tracing Methods, Security and Wireless Technologies, Avoiding Pitfalls with Firewalls Biometric Security Systems
This document provides an overview of computer forensics, including its history, definitions, types of cyber crimes, and the role of computer forensics in investigations. It discusses how computer forensics has evolved from early uses in law enforcement to become a more standardized field. The document also outlines the stages of a forensic investigation and rules that investigators follow to preserve evidence.
This document defines and describes basic concepts related to information and communication technologies (ICT). It discusses the main components of a personal computer including hardware such as processors, memory, input/output/storage devices, and software including operating systems, applications, and licensing. It provides examples and definitions of key terms used to describe digital devices, computer components, and units of data storage such as bits, bytes, kilobytes, megabytes, and more.
Computer forensics is the process of examining computer systems, storage devices, and digital evidence to recover data for legal cases. It involves collecting, preserving, analyzing and presenting computer-related evidence without altering it. Computer evidence can be useful in criminal, civil and employment cases. Computer forensics experts follow strict methodologies to carefully handle systems and extract potential evidence while maintaining data integrity and chain of custody. Their goal is to discover all relevant files, including deleted files, and analyze artifacts to understand attempts to hide, delete or encrypt information.
Experimental Analysis of Web Browser Sessions Using Live Forensics Method IJECEIAES
In today's digital era almost every aspect of life requires the internet, one way to access the internet is through a web browser. For security reasons, one developed is private mode. Unfortunately, some users using this feature do it for cybercrime. The use of this feature is to minimize the discovery of digital evidence. The standard investigative techniques of NIST need to be developed to uncover an ever-varied cybercrime. Live Forensics is an investigative development model for obtaining evidence of computer usage. This research provides a solution in forensic investigation effectively and efficiently by using live forensics. This paper proposes a framework for web browser analysis. Live Forensics allows investigators to obtain data from RAM that contains computer usage sessions.
Study on Live analysis of Windows Physical MemoryIOSR Journals
Abstract: Memory forensics and data carving methods are usually used during volatile investigation and is
nowadays a big area of interest. Volatile memory dump is used for offline analysis of live data. Live analysis of
the running system gives the information of which events are going on. Volatile memory analysis can give the
sensitive information such as User Ids, Passwords, Hidden Processes, Root kits, Sockets etc. which are not
stored on the physical drive. This Paper represents various approaches and tools used to capture and analyse
data from computer memory.
Keywords: Memory forensics, RAM, sensitive information.
INTRODUCTION TO COMPUTER FORENSICS
Introduction to Traditional Computer Crime, Traditional problems associated with Computer Crime. Introduction to Identity Theft & Identity Fraud. Types of CF techniques – Incident and incident response methodology – Forensic duplication and investigation. Preparation for IR: Creating response tool kit and IR team. – Forensics Technology and Systems – Understanding Computer Investigation – Data Acquisition.
Computer forensics is the scientific process of preserving, identifying, extracting, and interpreting data from computer systems, networks, wireless communications, and storage devices in a way that is legally admissible. It involves using special tools to conduct a forensic examination of devices, networks, internet activities, and images in order to discover potential digital evidence. Common computer forensic tools are used to recover deleted files, analyze financial and communications records, and investigate crimes like fraud, identity theft, and child pornography.
Lisa Jarrett is a student completing her final year degree project on developing a case study for use in computer forensics training. Her project objectives are to investigate current educational resources used by universities and training resources used by accredited companies, gain an understanding of students' capabilities with forensic software tools, and propose a competency framework for computer forensic investigation training. Her deliverables will include a literature review of available training resources and a report on students' skills and knowledge gaps. The project will focus on designing a case study scenario involving a murder investigation that can be used to provide students hands-on experience and demonstrate their skills to potential employers.
05 Duplication and Preservation of Digital evidence - NotesKranthi
The document discusses best practices for preserving digital evidence from a crime scene, including:
1) Making bit-stream backups of storage devices before processing to avoid altering the original data.
2) Transporting the computer system securely to a forensics lab for further analysis.
3) Maintaining a detailed evidence notebook and chain of custody to document all evidence handling procedures.
Computer forensics is expected to face significant changes over the next 5-50 years:
- Within 5 years, storage capacity and processing speeds will increase dramatically, resulting in exponentially more data to analyze per case. Automated tools will help speed up initial processing but full analyses may still take similar time.
- By 10 years, computers may be much smarter and interfaces more advanced, changing the examiner's role. Experts will need deeper knowledge of human-computer interactions. Malware threats will likely escalate as well.
- Predicting 50 years is difficult but storage capacities may reach zettabytes, fit in dental fillings. Computers may surpass human intelligence. The legal system may remain
Smartphone's usage and their applications become
popular in our society, nowadays. One of the most influential
applications in our social life is the instant messaging application.
LINE messenger is one of the popular instant messaging
applications around Asian country. LINE has about 60 – 70
percent active users per month from 144 million accounts in
Japan, Taiwan, Thailand, and Indonesia. Like most other instant
messengers, LINE services are able to keep their user's personal
files such as text chats, pictures or photos, and video. These files
have the valuables and specific information about the user. In the
law enforcement, this kind of information can be an authentic
evidence to solve crime cases. In this paper will show the ability
of a forensic tool in acquisition digital evidence on Android
device. The work is separated into two tests, the application
analysis acquisition, and full content acquisition. The digital
evidence also has been identified, such as text chats, pictures, the
name of the sender and the recipient, and the chat time
(timestamp).
This document provides information about data, information systems, and their components. It defines data as raw unorganized material that has little value on its own. Information is organized data that is meaningful to users. An information system is a set of related components that collects data, processes it, and provides information. The key components of an information system are data, hardware, software, people, and procedures. Together these components work to input data, process it, and output useful information to meet users' needs.
This document discusses cyber forensics and investigating large scale data breaches. It begins by defining cyber forensics as an electronic discovery technique used to determine and reveal technical criminal evidence, often involving extracting electronic data for legal purposes. It then discusses challenges in investigating corporate networks due to different operating systems, file systems, and administrative access used. When investigating large data breaches, security exploits and employee devices are common entry points, while pace of growth and lack of evidence erasure complicate progress. The Yahoo breach example turned tides by providing data to investigators that aided geopolitical understanding. Immediate actions include response and isolation, while tools like COFEE, SIFT, and ProDiscover aid forensic analysis at different levels.
CYBER FORENSICS AND AUDITING
Topics Covered: Introduction to Cyber Forensics, Computer Equipment and associated storage, media Role of forensics Investigator, Forensics Investigation Process, Collecting Network based Evidence Writing, Computer Forensics Reports, Auditing, Plan an audit against a set of audit criteria, Information Security Management, System Management. Introduction to ISO 27001:2013
Digital forensics involves the scientific analysis of digital evidence extracted from devices such as computers, laptops, mobiles, and storage devices. It aims to properly extract, analyze and document digital evidence for use in court. There are different stages including identifying purpose and resources, analyzing data using tools, interpreting results, documenting conclusions, and securing data for future use as evidence. Various branches of digital forensics examine different sources of digital evidence, such as network traffic and logs, firewall logs, databases, mobile devices, and email servers and accounts. Specialized tools are used to extract valuable information from these sources and assist with investigations.
A more in-depth analysis of cyber forensics; but explained eloquently for the beginner, by Chaitanya Dhareshwar - Cyber Crime Investigator, Technocrat and Entrepreneur.
Learn what cyber forensics is all about and how you can begin using the basic tools of forensics in your day to day life. Not only does it make the world a safer place, your data remains significantly more secure.
Every step you take towards cyber security in this lawless internet allows you to achieve greater knowledge unhindered.
Current Forensic tools: evaluating computer forensic tool needs, computer forensics software tools, computer forensics hardware tools, validating and testing forensics software E-Mail Investigations: Exploring the role of e-mail in investigation, exploring the roles of the client and server in e-mail, investigating e-mail crimes and violations, understanding e-mail servers, using specialized e-mail forensic tools. Cell phone and mobile device forensics: Understanding mobile device forensics, understanding acquisition procedures for cell phones and mobile devices
Computer forensic investigation analyzes data from computer devices to gather evidence for legal cases in a forensically-sound manner. The process involves making a digital copy of a device's storage media to examine while leaving the original untouched. Computer forensic specialists are trained to use tools and software to conduct a thorough examination of digital media, analyzing items like the Windows registry, passwords, files, emails and pictures to determine exactly what occurred on a device and who was involved. Computer forensic professionals in Miami are legally trained to follow standard methodology to properly collect, analyze and document digital evidence for use in court.
Document privacy is very important with communication technology in an innovative era of globalization. However, when the document changes hands or the document is sent, there is still a risk of data damage and the document can be changed by an unrelated party so that document security is necessary. If the confidentiality and authenticity of documents are damaged by irresponsible parties, the information is no longer useful. For this reason, a text encryption application was created using the SEAL, Blowfish and IDEA algorithms. A combination of these three algorithms will create better algorithm security for the company. The IDEA algorithm is a symmetric cryptography with high security which is not based on the confidentiality of the algorithm but emphasizes the security or confidentiality of the key used. The goal is to produce stronger and more secure data security, a combination of the SEAL algorithm for data encryption and the IDEA algorithm is used to maintain data confidentiality and security by going through the description process, as well as the Blowfish algorithm to maintain the confidentiality of user login data, so that only the person concerned can read the information. The important files that the researcher will secure are Emboss files in the form of credit card data and customer data with a Microsoft Office extension (.doc, .docx, xlx, .xlsx) and with text extension. The results of testing the SEAL, Blowfish and IDEA Algorithms are the time obtained to encode and decode is directly proportional to the size of the file being processed (the smaller the file size is processed, the faster the encode and decode process, the larger the file size, the longer it takes. encode and decode process).
02 Types of Computer Forensics Technology - NotesKranthi
The document discusses various types of computer forensics technology used by law enforcement, military, and businesses. It describes the Computer Forensics Experiment 2000 (CFX-2000) which tested an integrated forensic analysis framework to determine motives and identity of cyber criminals. It also discusses specific computer forensics software tools like SafeBack for creating evidence backups and Text Search Plus for quickly searching storage media for keywords. The document provides details on different types of computer forensics technology used for remote monitoring, creating trackable documents, and theft recovery.
Types of Computer Forensics Technology, Types of Military Computer Forensic Technology, Types of Law Enforcement, Computer Forensic Technology, Types of Business Computer Forensic Technology, Specialized Forensics Techniques, Hidden Data and How to Find It, Spyware and Adware, Encryption Methods and Vulnerabilities, Protecting Data from Being Compromised Internet Tracing Methods, Security and Wireless Technologies, Avoiding Pitfalls with Firewalls Biometric Security Systems
This document provides an overview of computer forensics, including its history, definitions, types of cyber crimes, and the role of computer forensics in investigations. It discusses how computer forensics has evolved from early uses in law enforcement to become a more standardized field. The document also outlines the stages of a forensic investigation and rules that investigators follow to preserve evidence.
This document defines and describes basic concepts related to information and communication technologies (ICT). It discusses the main components of a personal computer including hardware such as processors, memory, input/output/storage devices, and software including operating systems, applications, and licensing. It provides examples and definitions of key terms used to describe digital devices, computer components, and units of data storage such as bits, bytes, kilobytes, megabytes, and more.
Computer forensics is the process of examining computer systems, storage devices, and digital evidence to recover data for legal cases. It involves collecting, preserving, analyzing and presenting computer-related evidence without altering it. Computer evidence can be useful in criminal, civil and employment cases. Computer forensics experts follow strict methodologies to carefully handle systems and extract potential evidence while maintaining data integrity and chain of custody. Their goal is to discover all relevant files, including deleted files, and analyze artifacts to understand attempts to hide, delete or encrypt information.
Experimental Analysis of Web Browser Sessions Using Live Forensics Method IJECEIAES
In today's digital era almost every aspect of life requires the internet, one way to access the internet is through a web browser. For security reasons, one developed is private mode. Unfortunately, some users using this feature do it for cybercrime. The use of this feature is to minimize the discovery of digital evidence. The standard investigative techniques of NIST need to be developed to uncover an ever-varied cybercrime. Live Forensics is an investigative development model for obtaining evidence of computer usage. This research provides a solution in forensic investigation effectively and efficiently by using live forensics. This paper proposes a framework for web browser analysis. Live Forensics allows investigators to obtain data from RAM that contains computer usage sessions.
Study on Live analysis of Windows Physical MemoryIOSR Journals
Abstract: Memory forensics and data carving methods are usually used during volatile investigation and is
nowadays a big area of interest. Volatile memory dump is used for offline analysis of live data. Live analysis of
the running system gives the information of which events are going on. Volatile memory analysis can give the
sensitive information such as User Ids, Passwords, Hidden Processes, Root kits, Sockets etc. which are not
stored on the physical drive. This Paper represents various approaches and tools used to capture and analyse
data from computer memory.
Keywords: Memory forensics, RAM, sensitive information.
A Literature Review On Cyber Forensic And Its Analysis ToolsSamantha Vargas
This document discusses cyber forensics and analysis tools. It begins with an abstract that outlines how digital forensics is used to investigate cyber attacks and acquire electronic evidence in a way that is admissible in court. It then provides details on common digital forensics procedures like isolating devices, making copies of storage media, and using recovery software to examine copies searching for deleted, encrypted, or damaged files. The document also summarizes several research papers on topics like recovering encryption keys from memory dumps, decrypting encrypted drives, analyzing computer usage policies and violations, collecting evidence from attacker and victim machines, using clustering algorithms to analyze unstructured text in investigations, and analyzing encrypted volumes and memory to obtain digital evidence.
The document provides an overview of cyber forensics. It discusses how cyber forensics has become important for investigations due to increasing internet crimes. It outlines the typical phases of cyber forensics investigations - identification, acquisition, analysis, and reporting. The identification phase deals with identifying evidence and preserving the chain of custody. The acquisition phase involves creating copies of digital evidence like hard disk images. The analysis phase examines the acquired evidence to find relevant pieces. Finally, the reporting phase documents the findings and conclusions. A variety of cyber forensics tools are also mentioned.
Virtual machine has been the most one of virtualization technology used today for working and saving
hardware resources, besides as a tool conduct research on
malware, network installations etc. The wide use of
virtualization technology is becoming a new challenge for
digital forensics experts to carry out further research on the
recovery of evidence of deleted virtual machine image. This
research tries to find out whether there is evidence of
generated activity in the destroyed virtual vachine and how to
find the potential of digital evidence by using the Virtual
Machine Forensic Analysis and Recovery method. The result
showed, the virtual machine which was removed from the
VirtualBox library could be recovered and analyzed by using
autopsy tools and FTK with analytical method, 4 deleted files
in the VMDK file could be recovered and analyzed against the
digital evidence after checking the hash and metadata in
accordance with the original. However, Virtual machine image
with Windows-based and Linux-based operating systems which
was deleted using the destroy method on VirtualBox could not
be recovered by using autopsy and FTK, even though
VirtualBox log analysis, deleted filesystem analysis, and
registry analysis to recover backbox.vmdk and windows
7.vmdk does not work, due to the deletion was done using a
high-level removal method, almost similar to the method of
wipe removal of data on the hard drive.
Digital Forensics is a technique used to search for evidence of events that have occurred. This quest aims to reveal the hidden truth. The existence of digital forensic activities due to the occurrence of crimes both in the field of computers or other. Legal treatment in digital forensic field makes this area of science a compulsory device to dismantle crimes involving the computer world. In general, the cyber crime leaves a digital footprint, so it is necessary for a computer forensics expert to secure digital evidence. Computer forensics necessarily requires a standard operational procedure in taking digital evidence so as not to be contaminated or modified when the data is analyzed. The application of digital forensic is beneficial to the legal process going well and correctly.
The document provides an overview of a training on practical demonstrations of digital forensic tools. It introduces the instructor and their qualifications. The agenda includes an introduction to digital forensics, computer forensic processes, and demonstrations of forensic tools like FTK Imager and EnCase. Key points covered are the forensic investigation process of acquiring, analyzing, and reporting evidence from a computer, and types of data like active, latent, and archival that can be extracted.
The document discusses digital forensic methodologies for investigating a case where an employee downloaded sensitive company data. It proposes using live forensic analysis to gather real-time data from the compromised system. This allows investigators to analyze processes, memory dumps, and network connections to track the data theft. The methodology uses hashing to verify the authenticity and integrity of collected evidence. Computer, network, and database forensics are also discussed as ways to analyze password-protected files, emails, and database entries to identify the stolen data and recover what was lost.
Comparative Analysis of Digital Forensic Extraction Toolsijtsrd
Computer forensics Process collecting and examining information present in digital format in civil, criminal, or administrative proceedings for use as evidence. It is also a from data recovery, which involves the recovery of data from a system that has been erased by error or lost during a server crash. Tools are designed to extract evidence from the computer and it is the role of the investigator to check whether the crime or policy violation has been committed by the suspect. Investigators use various kinds of tools based on the area or the kind of information which is lost such as digital data, network compromise, cyber breach, web data, email and many more. Varun H M | Dr. Uma Rani Chellapandy | Srividya B G "Comparative Analysis of Digital Forensic Extraction Tools" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-5 | Issue-1 , December 2020, URL: https://www.ijtsrd.com/papers/ijtsrd37980.pdf Paper URL : https://www.ijtsrd.com/computer-science/computer-security/37980/comparative-analysis-of-digital-forensic-extraction-tools/varun-h-m
An Analyzing of different Techniques and Tools to Recover Data from Volatile ...ijsrd.com
Computer forensics has recently gained significant popularity with many local law enforcement agencies. It is currently employed in fraud, theft, drug enforcement and almost every other enforcement activity. There are many relatively new tools available that have been developed in order to recover and dissect the information that can be gleaned from data storage area like hard-disk, pen drive, etc. it's all like a volatile memory, but because this is a relatively new and fast-growing field many forensic analysts do not know or take advantage of these assets. Memory like Volatile memory may contain many pieces of information relevant to a forensic investigation, such as passwords, cryptographic keys, and other data. Having the knowledge which type of method use and tools needed to recover that data is essential, and this capability is becoming increasingly more relevant as hard drive encryption and other security mechanisms make traditional hard disk forensics more challenging. This research will cover the theory behind volatile memory analysis, including why it is important, what kinds of data can be recovered, and the potential pitfalls of this type of analysis, as well as techniques for recovering and analyzing volatile data and currently available toolkits that have been developed for this purpose.
This document provides an overview of computer forensics. It defines computer forensics as involving the preservation, identification, extraction, documentation and interpretation of computer data for legal evidence. The history of computer forensics is then summarized, noting its origins in the 1970s with early computer crimes and the realization that computer evidence was needed. An overview of who utilizes computer forensics and the basic methodology involving preparation, collection, examination, analysis and reporting is also provided.
The document discusses information technology law (also called cyber law) and cyber forensics. It explains that cyber law concerns the legal aspects of computing and the internet, including intellectual property, contracts, privacy, and jurisdiction. Cyber forensics involves examining digital evidence from computers and storage devices in a forensically sound manner to identify, preserve, recover, analyze and present digital information in a legal context.
A Novel Methodology for Offline Forensics Triage in Windows SystemsIRJET Journal
This document presents a novel methodology for offline cyber forensics triage of Windows systems. The methodology analyzes key artifacts like prefetch files, registry files, $USNJrnl files, browser files, and event logs to retrieve crucial evidence. This evidence includes lists of recently deleted/modified/accessed files, suspicious programs used, network information, timestomped files, web browser activity, and user account activity. Analyzing select artifacts can guide investigators and prioritize files to analyze, aiding more efficient investigations. The methodology was tested through experiments that could detect recent deleted activities and traces left by anti-forensics tools.
The document discusses the capabilities and issues related to computing technology and storage devices. It outlines five key capabilities of computing as speed, accuracy, storage capacity, logical operations, and multimedia handling. The use of storage devices raises privacy, ownership, control, and security issues. This has triggered IT policy decisions around data disclosure, login details, network scanning, and portable storage device usage to protect against damages from unauthorized access to stored data and information.
Business Intelligence (BI) Tools For Computer ForensicDhiren Gala
The presentation contains: Concept of Forensic, Need & Purpose of Forensic
Computer Forensic, Role of IT for Forensic, Data Collection / Mining Tools, Data Analysis & Reporting, Fraud Detection & Auditing
Lecture 09 - Memory Forensics.pdfL E C T U R E 9 B Y .docxsmile790243
Lecture 09 - Memory Forensics.pdf
L E C T U R E 9
B Y : D R . I B R A H I M B A G G I L I
Memory Forensic Analysis
P A R T 1
RAM overview
Volatility overview
http://www.bsatroop780.org/skills/images/ComputerMemory.gif
Understanding RAM
• Two main types of RAM
– Static
• Not refreshed
• Is still volatile
– Dynamic
• Modern computers
• Made up of a collection of cells
• Each cell contains a transistor and a capacitor
• Capacitors charge and discharge (1 and zeros)
• Periodically refreshed
RAM logical organization
• Programs run on computers
• Programs are made up of processes
– Processes are a set of resources used when executing an
instance of a program
– Processes do not generally access the physical memory directly
– Each process has a �virtual memory space�
• Allows operating system to stay in control of allocating memory
– Virtual memory space is made up of
• Pages (default size 4K)
• References (used to map virtual address to physical address)
• May also have a reference to data on the disk (Page file) – used to
free up RAM memory
RAM logical organization
! Each process is represented by an EPROCESS Block:
Normal memory
• Each process is represented by an _EPROCESS block.
• Contained within each _EPROCESS block is both a pointer to the next process
(fLink – Forward Link) and a pointer to the previous process (bLink – Back Link).
• When OS is operating, the _EPROCESS blocks and their pointers come
together to resemble a chain, which is known as a doubly-linked list.
• Chain is stored in kernel memory and is updated every time a process is
launched or terminated.
• Windows API walks this list from head to tail when enumerating processes via
Task Manager, for example.
Not so normal
• Hides processes from windows API
• Known as Direct Kernel Object Manipulation (DKOM)
• Involves manipulating the list of _EPROCESS blocks to �unlink� a
given process from the list
• By changing the forward link of process 1 to point to the third process,
and changing the �bLink� of process 3 to point to process 1, the
attacker�s process is no longer part of the list of _EPROCESS blocks.
• Since the Windows API uses this list to enumerate processes, the
malicious process will be hidden from the user but still able to operate
normally.
P A R T 2
Introduction to Memory
forensics
Before & Now
! Traditionally
! We have always been told to �pull the plug� on a live system
! This is done so that the reliability of the digital evidence is not
questioned
! Now
! People are considering live memory forensics
" Data relevant to the investigation may lie in memory
" Whole Disk Encryption….
Challenges in traditional method
• High volume of data (Aldestein, 2006)
– Increases the time in an investigation
– Increases storage capacity needed for forensic images
– Number of machines that could be included in th ...
Computer forensics involves the preservation, identification, extraction, documentation, and interpretation of computer media for root cause analysis. It is a branch of digital forensic science that applies techniques of computer investigation and analysis. The goal is the discovery, collection, and analysis of digital evidence found on computers and networks to identify the source of security attacks or crimes.
This document summarizes a study on digital forensics. It discusses the tools used in digital forensics including DriveSpy and Forensic Tool Kit (FTK). It outlines the digital evidence collection process as: 1) Identify systems involved and likely relevant evidence, 2) Collect, observe and preserve evidence following order of volatility, 3) Analyze, identify and rebuild evidence while verifying results. Common reasons for needing digital forensics are discussed like unauthorized access, denial of service attacks, and virus/worm/Trojan attacks. Strategies for computer forensics include preserving evidence without altering it, authenticating recovered evidence, and analyzing without modification. Tools like EnCase are also summarized that perform functions like data acquisition
Computer Forensics-An Introduction of New Face to the Digital Worldrahulmonikasharma
This document provides an introduction to computer forensics. It discusses what computer forensics is, where and when it is used, how it works, and why it is important. Computer forensics is the process of preserving, identifying, extracting and documenting digital evidence from computer systems, networks and digital storage devices so that it can be presented in a court of law. It is used in cases involving intellectual property theft, fraud investigations, and inappropriate computer use. The process involves collecting evidence from computer systems without altering the original data. This allows reconstruction of computer activities, which is important for criminal investigations.
Similar to Live Forensics Analysis Method for Random Access Memory on Laptop Devices (20)
GraphRAG for Life Science to increase LLM accuracyTomaz Bratanic
GraphRAG for life science domain, where you retriever information from biomedical knowledge graphs using LLMs to increase the accuracy and performance of generated answers
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfMalak Abu Hammad
Discover how MongoDB Atlas and vector search technology can revolutionize your application's search capabilities. This comprehensive presentation covers:
* What is Vector Search?
* Importance and benefits of vector search
* Practical use cases across various industries
* Step-by-step implementation guide
* Live demos with code snippets
* Enhancing LLM capabilities with vector search
* Best practices and optimization strategies
Perfect for developers, AI enthusiasts, and tech leaders. Learn how to leverage MongoDB Atlas to deliver highly relevant, context-aware search results, transforming your data retrieval process. Stay ahead in tech innovation and maximize the potential of your applications.
#MongoDB #VectorSearch #AI #SemanticSearch #TechInnovation #DataScience #LLM #MachineLearning #SearchTechnology
Ocean lotus Threat actors project by John Sitima 2024 (1).pptxSitimaJohn
Ocean Lotus cyber threat actors represent a sophisticated, persistent, and politically motivated group that poses a significant risk to organizations and individuals in the Southeast Asian region. Their continuous evolution and adaptability underscore the need for robust cybersecurity measures and international cooperation to identify and mitigate the threats posed by such advanced persistent threat groups.
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceIndexBug
Imagine a world where machines not only perform tasks but also learn, adapt, and make decisions. This is the promise of Artificial Intelligence (AI), a technology that's not just enhancing our lives but revolutionizing entire industries.
Fueling AI with Great Data with Airbyte WebinarZilliz
This talk will focus on how to collect data from a variety of sources, leveraging this data for RAG and other GenAI use cases, and finally charting your course to productionalization.
Introduction of Cybersecurity with OSS at Code Europe 2024Hiroshi SHIBATA
I develop the Ruby programming language, RubyGems, and Bundler, which are package managers for Ruby. Today, I will introduce how to enhance the security of your application using open-source software (OSS) examples from Ruby and RubyGems.
The first topic is CVE (Common Vulnerabilities and Exposures). I have published CVEs many times. But what exactly is a CVE? I'll provide a basic understanding of CVEs and explain how to detect and handle vulnerabilities in OSS.
Next, let's discuss package managers. Package managers play a critical role in the OSS ecosystem. I'll explain how to manage library dependencies in your application.
I'll share insights into how the Ruby and RubyGems core team works to keep our ecosystem safe. By the end of this talk, you'll have a better understanding of how to safeguard your code.
Ivanti’s Patch Tuesday breakdown goes beyond patching your applications and brings you the intelligence and guidance needed to prioritize where to focus your attention first. Catch early analysis on our Ivanti blog, then join industry expert Chris Goettl for the Patch Tuesday Webinar Event. There we’ll do a deep dive into each of the bulletins and give guidance on the risks associated with the newly-identified vulnerabilities.
Best 20 SEO Techniques To Improve Website Visibility In SERPPixlogix Infotech
Boost your website's visibility with proven SEO techniques! Our latest blog dives into essential strategies to enhance your online presence, increase traffic, and rank higher on search engines. From keyword optimization to quality content creation, learn how to make your site stand out in the crowded digital landscape. Discover actionable tips and expert insights to elevate your SEO game.
Webinar: Designing a schema for a Data WarehouseFederico Razzoli
Are you new to data warehouses (DWH)? Do you need to check whether your data warehouse follows the best practices for a good design? In both cases, this webinar is for you.
A data warehouse is a central relational database that contains all measurements about a business or an organisation. This data comes from a variety of heterogeneous data sources, which includes databases of any type that back the applications used by the company, data files exported by some applications, or APIs provided by internal or external services.
But designing a data warehouse correctly is a hard task, which requires gathering information about the business processes that need to be analysed in the first place. These processes must be translated into so-called star schemas, which means, denormalised databases where each table represents a dimension or facts.
We will discuss these topics:
- How to gather information about a business;
- Understanding dictionaries and how to identify business entities;
- Dimensions and facts;
- Setting a table granularity;
- Types of facts;
- Types of dimensions;
- Snowflakes and how to avoid them;
- Expanding existing dimensions and facts.
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
Digital Marketing Trends in 2024 | Guide for Staying AheadWask
https://www.wask.co/ebooks/digital-marketing-trends-in-2024
Feeling lost in the digital marketing whirlwind of 2024? Technology is changing, consumer habits are evolving, and staying ahead of the curve feels like a never-ending pursuit. This e-book is your compass. Dive into actionable insights to handle the complexities of modern marketing. From hyper-personalization to the power of user-generated content, learn how to build long-term relationships with your audience and unlock the secrets to success in the ever-shifting digital landscape.
Programming Foundation Models with DSPy - Meetup SlidesZilliz
Prompting language models is hard, while programming language models is easy. In this talk, I will discuss the state-of-the-art framework DSPy for programming foundation models with its powerful optimizers and runtime constraint system.
Monitoring and Managing Anomaly Detection on OpenShift.pdfTosin Akinosho
Monitoring and Managing Anomaly Detection on OpenShift
Overview
Dive into the world of anomaly detection on edge devices with our comprehensive hands-on tutorial. This SlideShare presentation will guide you through the entire process, from data collection and model training to edge deployment and real-time monitoring. Perfect for those looking to implement robust anomaly detection systems on resource-constrained IoT/edge devices.
Key Topics Covered
1. Introduction to Anomaly Detection
- Understand the fundamentals of anomaly detection and its importance in identifying unusual behavior or failures in systems.
2. Understanding Edge (IoT)
- Learn about edge computing and IoT, and how they enable real-time data processing and decision-making at the source.
3. What is ArgoCD?
- Discover ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes, and its role in deploying applications on edge devices.
4. Deployment Using ArgoCD for Edge Devices
- Step-by-step guide on deploying anomaly detection models on edge devices using ArgoCD.
5. Introduction to Apache Kafka and S3
- Explore Apache Kafka for real-time data streaming and Amazon S3 for scalable storage solutions.
6. Viewing Kafka Messages in the Data Lake
- Learn how to view and analyze Kafka messages stored in a data lake for better insights.
7. What is Prometheus?
- Get to know Prometheus, an open-source monitoring and alerting toolkit, and its application in monitoring edge devices.
8. Monitoring Application Metrics with Prometheus
- Detailed instructions on setting up Prometheus to monitor the performance and health of your anomaly detection system.
9. What is Camel K?
- Introduction to Camel K, a lightweight integration framework built on Apache Camel, designed for Kubernetes.
10. Configuring Camel K Integrations for Data Pipelines
- Learn how to configure Camel K for seamless data pipeline integrations in your anomaly detection workflow.
11. What is a Jupyter Notebook?
- Overview of Jupyter Notebooks, an open-source web application for creating and sharing documents with live code, equations, visualizations, and narrative text.
12. Jupyter Notebooks with Code Examples
- Hands-on examples and code snippets in Jupyter Notebooks to help you implement and test anomaly detection models.
Generating privacy-protected synthetic data using Secludy and MilvusZilliz
During this demo, the founders of Secludy will demonstrate how their system utilizes Milvus to store and manipulate embeddings for generating privacy-protected synthetic data. Their approach not only maintains the confidentiality of the original data but also enhances the utility and scalability of LLMs under privacy constraints. Attendees, including machine learning engineers, data scientists, and data managers, will witness first-hand how Secludy's integration with Milvus empowers organizations to harness the power of LLMs securely and efficiently.
Driving Business Innovation: Latest Generative AI Advancements & Success StorySafe Software
Are you ready to revolutionize how you handle data? Join us for a webinar where we’ll bring you up to speed with the latest advancements in Generative AI technology and discover how leveraging FME with tools from giants like Google Gemini, Amazon, and Microsoft OpenAI can supercharge your workflow efficiency.
During the hour, we’ll take you through:
Guest Speaker Segment with Hannah Barrington: Dive into the world of dynamic real estate marketing with Hannah, the Marketing Manager at Workspace Group. Hear firsthand how their team generates engaging descriptions for thousands of office units by integrating diverse data sources—from PDF floorplans to web pages—using FME transformers, like OpenAIVisionConnector and AnthropicVisionConnector. This use case will show you how GenAI can streamline content creation for marketing across the board.
Ollama Use Case: Learn how Scenario Specialist Dmitri Bagh has utilized Ollama within FME to input data, create custom models, and enhance security protocols. This segment will include demos to illustrate the full capabilities of FME in AI-driven processes.
Custom AI Models: Discover how to leverage FME to build personalized AI models using your data. Whether it’s populating a model with local data for added security or integrating public AI tools, find out how FME facilitates a versatile and secure approach to AI.
We’ll wrap up with a live Q&A session where you can engage with our experts on your specific use cases, and learn more about optimizing your data workflows with AI.
This webinar is ideal for professionals seeking to harness the power of AI within their data management systems while ensuring high levels of customization and security. Whether you're a novice or an expert, gain actionable insights and strategies to elevate your data processes. Join us to see how FME and AI can revolutionize how you work with data!
Live Forensics Analysis Method for Random Access Memory on Laptop Devices
1. (IJCSIS) International Journal of Computer Science and Information Security,
Vol. 16, No. 4, April 2018
Abstract— The development of computer technology now have an
impact on the increasing cases of cybercrime crime that occurred
either directly or indirectly. Cases of cybercrime now are able to steal
digital information is sensitive and confidential. Such information
may include email, user_id, and password. In addition to browser
cookies stored on your computer or laptop hard drive, user_id, email,
and password are also stored in random access memory (RAM).
Random access memory (RAM) is volatile so that in doing the
analysis required an appropriate and effective method. Digital data
acquisition method in random access memory can be done live
forensics or when the system is running. This is done because if the
device or laptop computer is dead or shutdown then the information
stored in random access memory will be lost. In this study has
successfully carried out its acquisition of random access memory
(RAM) for information access rights and password login form
user_id on your websites such as Facebook, PayPal, internet banking,
and bitcoin. Tools used to perform data acquisition, namely Linux
Memory Extractor (LiME) and FTK Imager.
Keywords: Live forensics, RAM, laptop, devices.
I. INTRODUCTION
Along with the increasing use of computer crimes, then the
chance of cybercrime is also increasing. Cybercrime is not
only done to cripple a network server but also with steal
critical data from an individual, organization or business entity
[1]. Cases of cybercrime are happening now has already led to
the theft of user_id or username, email, and password which is
the nature of the personal information privacy for some
people. Such information includes concerns about the
facebook account, internet banking, PayPal, and bitcoin.
User_id and password could be abused by people not
responsible for how to steal other people's property and
accounts result can harm the legitimate owner of the account
[2]. In addition the result of theft and user_id password, could
only occur if the label is a social media account stolen,
whereas if the internet banking account is stolen then the
possible occurred the crime of theft money transfer via
internet banking to another account or by means of the
imposition of a fee to the owner of the legitimate account if
that account is used for illegal transactions with on behalf of
the owner of legitimate internet banking account, however the
address shipments addressed to the address of the thief [3].
Information in the form of email, user_id, and password in
addition to browser cookies stored on is also stored in random
access memory on a laptop device that we use to do the login
permissions. For it takes a proper method or technique, in
order to perform the analysis of the random access memory on
a laptop device. This is because the data in random access
memory is volatile in nature. Volatile data will be lost if the
computer is turned off or having to restart. Acquisition of
random access memory to get information of digital evidence
can only be done when the system is running or running [4].
Volatile data stored in random access memory describes the
whole activity is taking place on a computer system that is
being used. Handling data in random access memory has to be
careful because in addition to its data can be lost if the system
is turned off, the use of the tools will leave a footprint that can
potentially overwrite existing valuable evidence is in the
random access memory. It is, therefore, necessary the proper
method for monetizing digital evidence stored in random
access memory. The data acquisition method using the method
live forensics [5].
Live forensics methods aimed at handling incidents faster,
more assured data integrity, encrypted data can be opened and
allow the memory capacity is lower when compared to
traditional forensic methods. The stages are done in
performing data analysis on random access memory with the
live forensics method i.e., collect, examine, analyze and report
[6][7].
II. LITERATURE REVIEW
In research conducted by (Anand, 2016) explained that the
random access memory storing log-related information
activities carried out by the user and the system is running [8].
Previous research conducted by (Nisbet, 2016) data
acquisition device is done on a laptop is usually just for the
acquired data information that exists on the hard disk but this
time it could be done for the acquired data in random access
memory. The focus of this study is to acquire data in random
access memory to find files that are encrypted [9].
In research conducted by (Stüttgen, Vömel, & Denzel, 2015)
explained that results from acquisitions in the random access
memory we can see potential malware attacks. In addition, we
can recognize malicious programs that are already installed on
a computer operating system [10].
Live Forensics Analysis Method For Random
Access Memory On Laptop Devices
1
Danang Sri Yudhistira, 2
Imam Riadi, 3
Yudi Prayudi
1
Department of Informatics, Universitas Islam Indonesia
2
Department of Information System, Universitas Ahmad Dahlan
3
Department of Informatics, Universitas Islam Indonesia
Email: 1
danangsriyudhistira@gmail.com, 2
imam.riadi@is.uad.ac.id, 3
prayudi@uii.ac.id
188 https://sites.google.com/site/ijcsis/
ISSN 1947-5500
2. (IJCSIS) International Journal of Computer Science and Information Security,
Vol. 16, No. 4, April 2018
Research in methods of live forensics to analyze the random
access memory requires accuracy in finding existing digital
evidence. There is some hitch in the study of random access
memory. For ease of handling the method live forensics as
well as keeping the value of the integrity of the evidence, it
will be accessible with the python scripting language (Bharath
& R, 2015) [11].
Other research and development became the basis for the
research is research conducted by (Divyang Rahevar, 2013).
On the research tells us that hidden file-related information,
user_id, password, rootkits, and sockets are not only stored on
the hard disk but also stored in random access memory [12].
In research conducted by (Richard Carbone, 2012), conducted
2 tools namely LiME and Fmem comparison to get results in
the acquisition random access memory on the pc-based Linux
operating system by using the framework volatility memory
analysis [13].
Other research conducted by (Karayianni & Katos, 2012) and
investigations about data privacy regarding the information
which is personal data. The information in the form of
passwords stored in random access memory. Process analysis
of the random access memory when the computer is done in
conditions of operation or running because if the computers in
a dead condition then data stored in random access memory
will disappear [14].
III. CURRENT PRACTICES
A. Linux Memory Extractor (LiME)
Linux Memory Extractor (LiME) tapes loadable kernel
module that is can be used to perform the acquisition of
volatile memory on Linux based-powered device. To be able
to use the LiME needed privilege as root. LiME is the first
tools capable of capture random access memory as a whole
[15].
B. FTK Imager
FTK Imager or complete language is "Forensic Toolkit
Imager" is a stand-alone application for the hosts Access disk
imaging Data. Access to Data is a company engaged in the
field of digital forensics and provides solutions from a
classroom stand-alone to enterprise-class for digital
investigation process. FTK Imager tools are used to analyze
the results of the data acquisition of the laptop-based Linux
operating system [16].
IV. ACQUISITION OF RANDOM ACCESS MEMORY
The source of data used for digital evidence in this study
comes from the random access memory on the laptop-based
Linux operating system. In making acquisitions in the random
access memory there are several stages that are done as in
figure 1.
Figure 1. Flowchart Aquisition Of Random Access Memory
In Figure 1 that the first process begins with securing the
scene of things. If the laptop is turned on then it can be done
the next process, namely the acquisition of random access
memory. Do not ever take off the power cable so that the
laptop did not die when it conducted the process data
acquisition. Prior to the acquisition process begins, remove all
external storage that is stuck to the laptop. Create module
LiME (Linux Memory Extractor) and type the command
instead to begin the process of capture random access
memory. Proceeds from the sale to random access memory
will be stored automatically in the folder directory/home.
To create the LiME module (Linux Memory Extractor) first
we go to the directory/src on the LiME-master folder located
in folder Download by typing commands in accordance with
Figure 2.
Figure 2. Access of LiME On The Directory SRC
189 https://sites.google.com/site/ijcsis/
ISSN 1947-5500
3. (IJCSIS) International Journal of Computer Science and Information Security,
Vol. 16, No. 4, April 2018
Figure 2 describes the process to access the Linux Memory
module Extractor (LiME) on the Linux operating system-
based laptop. The process is done in a live forensics or laptop
in the condition turned on.
The next process to capture the memory on a random access
memory by typing commands at the command line terminal
Linux fits in Figure 3
Figure 3. Order to Capture Of Random Access Memory
Figure 3 describes the process of capture random access
memory on Linux laptop device. Capture process starts with
access to the directory/SRC to find the kernel module lime-
4.4.0-31-generic. ko. Next, do the process of capture by typing
commands at the command line Linux terminal according to
Figure 3. Proceeds from the sale to random access memory on
the laptop-based Linux operating system will be stored in the
directory/home.
Proceeds from the sale to random access memory there is a
file with the extension *. lime. This file can be analyzed using
tools FTK Imager that runs the Windows operating system.
Analysis of the results obtained some information that can be
used as evidence. Such information concerns the user_id and
password that originates from the internet banking account,
PayPal, Bitcoin, and Facebook.
V. THE ANALYSIS OF RANDOM ACCESS MEMORY
Based on the results of the acquisition of the random access
memory on the laptop-based Linux operating system there is
some related information that can be used as evidence. The
information of which is information that is confidential or
privacy because it is a personal account belonging to someone
who used to do the login permissions an application on the
website.
In this research have successfully found evidence in the form
of digital information user_id and password used to access the
internet banking login, PayPal, Bitcoin and facebook. The
information clearly captured by tools Linux Memory Extractor
(LiME) and able to be analyzed using tools FTK Imager.
The first successful evidence obtained is the user_id and
password to access login to facebook website page. Proof of
this is in addition to stored in browser cookies are also stored
in random access memory devices. Evidence of the user_id
and password facebook listed in Figure 4.
Figure 4. Evidence Of The Facebook Account
Based on the analysis of the results of the acquisition of
random access memory that is listed in Figure 4, note that
proof of access logs in facebook using the email account
"danzyudhistira@rocketmail.com" and the password
"jogja123571". This evidence will still be stored in random
access memory and will not be lost as long as the laptop is not
turned off.
Other evidence that successfully obtained i.e. access login to
your website belongs to national banking. Access to internet
banking transaction. Evidence from access the login listed in
Figure 5.
Figure 5. Evidence Of The Internet Banking Account
Based on the analysis of the results of the acquisition of
random access memory that is listed in Figure 5, it is noted
that proof of access to the internet banking account login using
user _ id "danangsr1911" and the password "123571". The
account is stored in random access memory without
experiencing encryption. This proves that the internet banking
application belongs to the national banking still vulnerable to
acts of theft user_id and password by the person who is not
liable if it managed to get the account access login.
In addition, there is evidence of the access account login
bitcoin. Bitcoin is a cryptocurrency currency now is quite
popular to use for online transactions. Bitcoin account login
access evidence listed in Figure 6.
Figure 6. Evidence Of The Bitcoin Account
Based on the analysis of the results of the acquisition of the
random access memory on a laptop device as listed in Figure
6, note that the proof of the access account login using bitcoin
email "danangsriyudhistira@gmail.com" and the password
"Yogyakarta123571". Just as the internet banking account, the
account is also not experiencing bitcoin encryption.
190 https://sites.google.com/site/ijcsis/
ISSN 1947-5500
4. (IJCSIS) International Journal of Computer Science and Information Security,
Vol. 16, No. 4, April 2018
Other evidence of the successful results obtained from sale to
random access memory on the device operating system Linux-
based laptop that is PayPal account login access. A PayPal
account is also often used for payment transactions online.
PayPal applies internationally making it easy to use just about
any transaction. Paypal account login access evidence listed in
Figure 7.
Figure 7. Evidence Of The Paypal Account
Based on the analysis of the results of the acquisition of the
random access memory on a laptop device as listed in Figure
7, note that evidence access login your Paypal account using
the email "danangsriyudhistira@yahoo.com" and the password
"danzcreative123571". This evidence will still be stored in
random access memory for laptop device is not turned off. Just
as the internet banking accounts and user_id and password
bitcoin, PayPal account stored in random access memory is
also not experiencing the encryption
VI. CONCLUSION
After a series of research and analysis of random access
memory on the device, a laptop with Linux operating system
using the method live forensics can be drawn the conclusion
that random access memory capable of storing all the
information all the related activities performed by the user or
users. In this case, it is activities to access internet banking
login, PayPal, Bitcoin, and Facebook. Proof of access the
login i.e. user_id and password. Tools Linux Memory
Extractor (LiME) able to do capture memory thoroughly so
that the information obtained from random access memory
was able to complete and can be used as evidence in a digital
handling of crimes and involve evidence-based laptop Linux
operating systems. While the FTK Imager tools are able to
perform analysis of digital evidence properly because of
evidence that encrypted not encrypted are also capable opened
by these tools.
VII. FUTURE WORK
This research has managed to find a social media account
login access facebook, internet banking, bitcoin and PayPal
stored in random access memory on the device a laptop either
user_id or username and password. For the development of
further research is expected to find a credit card account that
was inputted when we conduct E-Commerce transactions to
shop online using a browser laptop. In addition to the credit
card account is saved in the browser's cookies will also be
stored in random access memory on a device that is used for
the transaction, in this case, using a laptop devices
REFERENCES
[1] Wahyudi, E., Indonesia, U. I., Riadi, I., Dahlan, U. A.,
Pray, Y., & Indonesia, U. I. (2018). Virtual Machine
Forensic Analysis And Recovery Method For Recovery
And Analysis Digital Evidence. International Journal of
Computer Science and Information Security (IJCSIS),
16(2), 1–7.
[2] Prayogo, A., Riadi, I., & Luthfi, A. (2017). Mobile
Forensics Development of Mobile Banking Application
using Static Forensic. International Journal of
Computer Applications, 160(1), 5–10.
[3] Riadi, I., & Umar, R. (2017). Identification Of Digital
Evidence On Android ’ s. International Journal of
Computer Science and Information Security, 15(5), 3–8.
[4] Dave, R., Mistry, N. R., & Dahiya, M. S. (2014).
Volatile Memory Based Forensic Artifacts & Analysis.
International Journal For Research In Applied Science
and Engineering Technology, 2(I), 120–124.
[5] Rochmadi, T., Riadi, I., & Prayudi, Y. (2017). Live
Forensics for Anti-Forensics Analysis on Private
Portable Web Browser. International Journal of
Computer Aplications (IJCA), 164(8), 31–37.
[6] Riadi, I., Eko, J., Ashari, A., & -, S. (2013). Internet
Forensics Framework Based-on Clustering.
International Journal of Advanced Computer Science
and Applications, 4(12), 115–123.
[7] Umar, R., Riadi, I., & Zamroni, G. maulana. (2017). A
Comparative Study of Forensic Tools for WhatsApp
Analysis using NIST Measurements. International
Journal of Advanced Computer Science and
Applications, 8(12), 69–75.
[8] Anand, V. N. (2016). Acquisition Of Volatile Data From
Linux System. International Journal of Advanced
Research Trends in Engineering and Technology, 3(5),
95–97.
[9] Nisbet, A. (2016). Memory forensic data recovery
utilising RAM cooling methods, 11–16.
[10] Stüttgen, J., Vömel, S., & Denzel, M. (2015).
Acquisition and analysis of compromised firmware
using memory forensics. DFRWS 2015 Europe, 12(S1),
S50–S60.
[11] Bharath, B., & R, N. M. A. (2015). Automated Live
Forensics Analysis for Volatile Data Acquisition. Int.
Journal of Engineering Research and Applications, 5(3),
81–84.
[12] Divyang Rahevar. (2013). Study on Live analysis of
Windows Physical Memory. IOSR Journal of Computer
191 https://sites.google.com/site/ijcsis/
ISSN 1947-5500
5. (IJCSIS) International Journal of Computer Science and Information Security,
Vol. 16, No. 4, April 2018
Engineering (IOSR-JCE) , 15(4), 76–80.
[13] Richard Carbone. (2012). The definitive guide to Linux-
based live memory acquisition tools. DRDC Valcartier
TM 2012-319.
[14] Karayianni, S., & Katos, V. (2012). Practical password
harvesting from volatile memory. Lecture Notes of the
Institute for Computer Sciences, Social-Informatics and
Telecommunications Engineering, 99 LNICST(May
2014), 17–22.
[15] LiME, https://github.com/504ensicsLabs/LiME, 2018
[16] FTK Imager, https://accessdata.com, 2018
192 https://sites.google.com/site/ijcsis/
ISSN 1947-5500