Difference between revisions of "Main Page"

From ForensicsWiki
Jump to: navigation, search
m
m
(21 intermediate revisions by 3 users not shown)
Line 2: Line 2:
 
This is the '''Forensics Wiki''', a [http://creativecommons.org/licenses/by-sa/2.5/ Creative Commons]-licensed [http://en.wikipedia.org/wiki/Wiki wiki] devoted to information about [[digital forensics]] (also known as computer forensics). We currently list a total of [[Special:Allpages|{{NUMBEROFARTICLES}}]] pages.
 
This is the '''Forensics Wiki''', a [http://creativecommons.org/licenses/by-sa/2.5/ Creative Commons]-licensed [http://en.wikipedia.org/wiki/Wiki wiki] devoted to information about [[digital forensics]] (also known as computer forensics). We currently list a total of [[Special:Allpages|{{NUMBEROFARTICLES}}]] pages.
 
    
 
    
Much of [[computer forensics]] is focused on the [[tools]] and [[techniques]] used by [[investigator]]s, but there are also a number of important [[papers]], [[people]], and [[organizations]] involved. Many of those organizations sponsor [[conferences]] throughout the year and around the world. You may also wish to examine the popular [[journals]] and some special [[reports]].
+
Much of [[computer forensics]] is focused on the [[tools]] and [[techniques]] used by [[investigator]]s, but there are also a number of important [[papers]], [[people]], and [[organizations]] involved. Many of those organizations sponsor [[Upcoming_events|conferences]] throughout the year and around the world. You may also wish to examine the popular [[journals]] and some special [[reports]].
 
</div>   
 
</div>   
  
<b>WIKI MAINTENANCE NOTE: We have re-installed mediawiki. New anti-spam measures and account re-confirmation software is in effect. Please let us know if you have problems on the [[Contact Form]]</b>
 
  
 +
==WIKI NEWS==
 +
2013-05-15: You can now subscribe to Forensics Wiki Recent Changes with the [[ForensicsWiki FeedBurner Feed]]
  
 
{| width="100%"
 
{| width="100%"
Line 15: Line 16:
 
<h2 style="margin:0; background-color:#ffff33; font-size:120%; font-weight:bold; border:1px solid #afa3bf; text-align:left; color:#000; padding-left:0.4em; padding-top:0.2em; padding-bottom:0.2em;"> Featured Forensic Research </h2>
 
<h2 style="margin:0; background-color:#ffff33; font-size:120%; font-weight:bold; border:1px solid #afa3bf; text-align:left; color:#000; padding-left:0.4em; padding-top:0.2em; padding-bottom:0.2em;"> Featured Forensic Research </h2>
  
<small>Dec 2011</small>
+
<small>June 2013</small>
 
+
 
<bibtex>
 
<bibtex>
@INPROCEEDINGS{5931110,  
+
@INPROCEEDINGS{6503202,  
author={Baier, H. and Breitinger, F.},  
+
author={Gessiou, E. and Volanis, S. and Athanasopoulos, E. and Markatos, E.P. and Ioannidis, S.},  
booktitle={IT Security Incident Management and IT Forensics (IMF), 2011 Sixth International Conference on},  
+
booktitle={Global Communications Conference (GLOBECOM), 2012 IEEE},  
title={Security Aspects of Piecewise Hashing in Computer Forensics},  
+
title={Digging up social structures from documents on the web},  
year={2011},  
+
year={2012},  
month={may},  
+
pages={744-750},  
volume={},  
+
abstract={We collected more than ten million Microsoft Office documents from public websites, analyzed the metadata stored in each document and extracted information related to social activities. Our analysis revealed the existence of exactly identified cliques of users that edit, revise and collaborate on industrial and military content. We also examined cliques in documents downloaded from Fortune-500 company websites. We constructed their graphs and measured their properties. The graphs contained many connected components and presented social properties. The a priori knowledge of a company's social graph may significantly assist an adversary to launch targeted attacks, such as targeted advertisements and phishing emails. Our study demonstrates the privacy risks associated with metadata by cross-correlating all members identified in a clique with users of Twitter. We show that it is possible to match authors collaborating in the creation of a document with Twitter accounts. To the best of our knowledge, this study is the first to identify individuals and create social cliques solely based on information derived from document metadata. Our study raises major concerns about the risks involved in privacy leakage due to document metadata.},  
number={},  
+
keywords={data privacy;document handling;graph theory;meta data;social networking (online);Fortune-500 company Websites;Microsoft Office documents;Twitter accounts;company social graph;document metadata;information extraction;metadata analysis;phishing emails;privacy leakage;privacy risks;public Websites;social activities;social cliques;social properties;social structures;targeted advertisements},  
pages={21 -36},  
+
doi={10.1109/GLOCOM.2012.6503202},  
keywords={MD5 hash function;SHA-1 hash function;computer forensics;cryptographic hash function;piecewise hashing security aspect;pseudorandom number generator;security analysis;computer forensics;cryptography;random number generation;},  
+
ISSN={1930-529X},}
doi={10.1109/IMF.2011.16},  
+
abstract="Although hash functions are a well-known method in computer science to map arbitrary large data to bit strings of a fixed length, their use in computer forensics is currently very limited. As of today, in a pre-step process hash values of files are generated and stored in a database, typically a cryptographic hash function like MD5 or SHA-1 is used. Later the investigator computes hash values of files, which he finds on a storage medium, and performs look ups in his database. This approach has several drawbacks, which have been sketched in the community, and some alternative approaches have been proposed. The most popular one is due to Jesse Kornblum, who transferred ideas from spam detection to computer forensics in order to identify similar files. However, his proposal lacks a thorough security analysis. It is therefore one aim of the paper at hand to present some possible attack vectors of an active adversary to bypass Kornblum's approach. Furthermore, we present a pseudo random number generator being both more efficient and more random compared to Kornblum's pseudo random number generator."
+
ISSN={},}
+
 
</bibtex>
 
</bibtex>
Although hash functions are a well-known method in computer science to map arbitrary large data to bit strings of a fixed length, their use in computer forensics is currently very limited. As of today, in a pre-step process hash values of files are generated and stored in a database, typically a cryptographic hash function like MD5 or SHA-1 is used. Later the investigator computes hash values of files, which he finds on a storage medium, and performs look ups in his database. This approach has several drawbacks, which have been sketched in the community, and some alternative approaches have been proposed. The most popular one is due to Jesse Kornblum, who transferred ideas from spam detection to computer forensics in order to identify similar files. However, his proposal lacks a thorough security analysis. It is therefore one aim of the paper at hand to present some possible attack vectors of an active adversary to bypass Kornblum's approach. Furthermore, we present a pseudo random number generator being both more efficient and more random compared to Kornblum's pseudo random number generator.
+
We collected more than ten million Microsoft Office documents from public websites, analyzed the metadata stored in each document and extracted information related to social activities. Our analysis revealed the existence of exactly identified cliques of users that edit, revise and collaborate on industrial and military content. We also examined cliques in documents downloaded from Fortune-500 company websites. We constructed their graphs and measured their properties. The graphs contained many connected components and presented social properties. The a priori knowledge of a company's social graph may significantly assist an adversary to launch targeted attacks, such as targeted advertisements and phishing emails. Our study demonstrates the privacy risks associated with metadata by cross-correlating all members identified in a clique with users of Twitter. We show that it is possible to match authors collaborating in the creation of a document with Twitter accounts. To the best of our knowledge, this study is the first to identify individuals and create social cliques solely based on information derived from document metadata. Our study raises major concerns about the risks involved in privacy leakage due to document metadata.
 +
http://cis.poly.edu/~gessiou/reports/metadata.pdf
  
 
(See also [[Past Selected Articles]])
 
(See also [[Past Selected Articles]])
Line 91: Line 89:
 
* '''[[Tools#Disk_Analysis_Tools|Disk Analysis]]''': [[EnCase]], [[SMART]], [[Sleuthkit]], [[foremost]], [[Scalpel]], [[frag_find]]...
 
* '''[[Tools#Disk_Analysis_Tools|Disk Analysis]]''': [[EnCase]], [[SMART]], [[Sleuthkit]], [[foremost]], [[Scalpel]], [[frag_find]]...
 
* '''[[Tools#Forensics_Live_CDs|Live CDs]]''': [[DEFT Linux]], [[Helix]] ([[Helix3 Pro|Pro]]), [[FCCU Gnu/Linux Boot CD]], [[Knoppix STD]], ...
 
* '''[[Tools#Forensics_Live_CDs|Live CDs]]''': [[DEFT Linux]], [[Helix]] ([[Helix3 Pro|Pro]]), [[FCCU Gnu/Linux Boot CD]], [[Knoppix STD]], ...
* '''[[Tools:Document Metadata Extraction|Metadata Extraction]]''': [[wvWare]], [[jhead]], [[Hachoir | hachoir-metadata]], ...
+
* '''[[Tools:Document Metadata Extraction|Metadata Extraction]]''': [[wvWare]], [[jhead]], [[Hachoir | hachoir-metadata]], [[Photo Investigator]]...
 
* '''[[Tools:File Analysis|File Analysis]]''': [[file]], [[ldd]], [[ltrace]], [[strace]], [[strings]], ...
 
* '''[[Tools:File Analysis|File Analysis]]''': [[file]], [[ldd]], [[ltrace]], [[strace]], [[strings]], ...
 
* '''[[Tools:Network_Forensics|Network Forensics]]''': [[Snort]],  [[Wireshark]], [[Kismet]],  [[NetworkMiner]]...
 
* '''[[Tools:Network_Forensics|Network Forensics]]''': [[Snort]],  [[Wireshark]], [[Kismet]],  [[NetworkMiner]]...

Revision as of 13:38, 9 October 2013

This is the Forensics Wiki, a Creative Commons-licensed wiki devoted to information about digital forensics (also known as computer forensics). We currently list a total of 741 pages.

Much of computer forensics is focused on the tools and techniques used by investigators, but there are also a number of important papers, people, and organizations involved. Many of those organizations sponsor conferences throughout the year and around the world. You may also wish to examine the popular journals and some special reports.


WIKI NEWS

2013-05-15: You can now subscribe to Forensics Wiki Recent Changes with the ForensicsWiki FeedBurner Feed

Featured Forensic Research

June 2013

Gessiou, E., Volanis, S., Athanasopoulos, E., Markatos, E.P., Ioannidis, S. - Digging up social structures from documents on the web
Global Communications Conference (GLOBECOM), 2012 IEEE pp. 744-750,2012
Bibtex
Author : Gessiou, E., Volanis, S., Athanasopoulos, E., Markatos, E.P., Ioannidis, S.
Title : Digging up social structures from documents on the web
In : Global Communications Conference (GLOBECOM), 2012 IEEE -
Address :
Date : 2012

We collected more than ten million Microsoft Office documents from public websites, analyzed the metadata stored in each document and extracted information related to social activities. Our analysis revealed the existence of exactly identified cliques of users that edit, revise and collaborate on industrial and military content. We also examined cliques in documents downloaded from Fortune-500 company websites. We constructed their graphs and measured their properties. The graphs contained many connected components and presented social properties. The a priori knowledge of a company's social graph may significantly assist an adversary to launch targeted attacks, such as targeted advertisements and phishing emails. Our study demonstrates the privacy risks associated with metadata by cross-correlating all members identified in a clique with users of Twitter. We show that it is possible to match authors collaborating in the creation of a document with Twitter accounts. To the best of our knowledge, this study is the first to identify individuals and create social cliques solely based on information derived from document metadata. Our study raises major concerns about the risks involved in privacy leakage due to document metadata. http://cis.poly.edu/~gessiou/reports/metadata.pdf

(See also Past Selected Articles)

Featured Article

Forensic Linux Live CD issues
Forensic Linux Live CD distributions are widely used during computer forensic investigations. Currently, many vendors of such Live CD distributions state that their Linux do not modify the contents of hard drives or employ "write protection." Testing indicates that this may not always be the case. Read More...


Topics



You can help! We have a list of articles that need to be expanded. If you know anything about any of these topics, please feel free to chip in.