Difference between revisions of "Main Page"

From Forensics Wiki
Jump to: navigation, search
m (WIKI NEWS)
m
Line 19: Line 19:
 
    
 
    
 
<bibtex>
 
<bibtex>
@inproceedings{Balasubramaniyan:2010:PUS:1866307.1866320,
+
@inproceedings{Walls:2011a,
author = {Balasubramaniyan, Vijay A. and Poonawalla, Aamir and Ahamad, Mustaque and Hunter, Michael T. and Traynor, Patrick},
+
Audio_Url = {http://prisms.cs.umass.edu/brian/pubs/Walls.hotsec.2011.mp3},
title = {PinDr0p: using single-ended audio features to determine call provenance},
+
Author = { Robert J. Walls and Brian Neil Levine and Marc Liberatore and Clay Shields},
booktitle = {Proceedings of the 17th ACM conference on Computer and communications security},
+
Booktitle = {Proc.\ USENIX Workshop on Hot Topics in Security (HotSec)},
series = {CCS '10},
+
Keywords = {forensics; security},
year = {2010},
+
Month = {August},
isbn = {978-1-4503-0245-6},
+
Slides_Url = {http://prisms.cs.umass.edu/brian/pubs/rjwalls.hotsec.2011.slides.pdf},
location = {Chicago, Illinois, USA},
+
Sponsors = {CNS-1018615, CNS-0905349, DUE-0830876, 2008-CE-CXK005},
pages = {109--120},
+
Title = {{Effective Digital Forensics Research is Investigator-Centric}},
numpages = {12},
+
Url = {http://prisms.cs.umass.edu/brian/pubs/Walls.hotsec.2011.pdf},
url = {http://doi.acm.org/10.1145/1866307.1866320},
+
Video_Url = {http://prisms.cs.umass.edu/brian/pubs/Walls.hotsec.2011.mp4},
doi = {http://doi.acm.org/10.1145/1866307.1866320},
+
Year = {2011},
acmid = {1866320},
+
Bdsk-Url-1 = {http://prisms.cs.umass.edu/brian/pubs/Walls.hotsec.2011.pdf}}
publisher = {ACM},
+
address = {New York, NY, USA},
+
keywords = {VoIP, call fingerprinting, provenance, telephony},
+
}
+
 
+
 
</bibtex>
 
</bibtex>
The recent diversification of telephony infrastructure allows users to communicate through landlines, mobile phones and VoIP phones. However, call metadata such as Caller-ID is either not transferred or transferred without verification across these networks, allowing attackers to maliciously alter it. In this paper, we develop PinDr0p, a mechanism to assist users in determining call provenance — the source and the path taken by a call. Our techniques detect and mea- sure single-ended audio features to identify all of the applied voice codecs, calculate packet loss and noise profiles, while remaining agnostic to characteristics of the speaker’s voice (as this may le- gitimately change when interacting with a large organization). In the absence of verifiable call metadata, these features in combina- tion with machine learning allow us to determine the traversal of a call through as many as three different providers (e.g., cellular, then VoIP, then PSTN and all combinations and subsets thereof) with 91.6% accuracy. Moreover, we show that once we identify and characterize the networks traversed, we can create detailed fin- gerprints for a call source. Using these fingerprints we show that we are able to distinguish between calls made using specific PSTN, cellular, Vonage, Skype and other hard and soft phones from loca- tions across the world with over 90% accuracy. In so doing, we provide a first step in accurately determining the provenance of a call.
+
Many technical mechanisms across computer security for attribution, identification, and classification are neither sufficient nor necessary for forensically valid digital investigations; yet they are often claimed as useful or necessary. Similarly, when forensic research is evaluated using the viewpoints held by computer security venues, the challenges, constraints, and usefulness of the work is often misjudged. In this paper, we point out many key aspects of digital forensics with the goal of ensuring that research seeking to advance the discipline will have the highest possible adoption rate by practitioners. We enumerate general legal and practical constraints placed on forensic investigators that set the field apart. We point out the assumptions, often limited or incorrect, made about forensics in past work, and discuss how these assumptions limit the impact of contributions.
 +
 
 +
* [https://www.usenix.org/conference/hotsec11/effective-digital-forensics-research-investigator-centric Usenix Presentation]
 +
* [http://prisms.cs.umass.edu/brian/pubs/rjwalls.hotsec.2011.slides.pdf Slides]
 +
* [http://prisms.cs.umass.edu/brian/pubs/Walls.hotsec.2011.pdf paper]
  
 
(See also [[Past Selected Articles]])
 
(See also [[Past Selected Articles]])

Revision as of 10:14, 19 March 2012

This is the Forensics Wiki, a Creative Commons-licensed wiki devoted to information about digital forensics (also known as computer forensics). We currently list a total of 686 pages.

Much of computer forensics is focused on the tools and techniques used by investigators, but there are also a number of important papers, people, and organizations involved. Many of those organizations sponsor conferences throughout the year and around the world. You may also wish to examine the popular journals and some special reports.


WIKI NEWS

2012-feb-25: We continue to have problems with our hosting provider and are in the process of identifying a new one. Thank you for your patience.

Featured Forensic Research

Mar 2012

Robert J. Walls, Brian Neil Levine, Marc Liberatore, Clay Shields - {Effective Digital Forensics Research is Investigator-Centric}
Proc.\ USENIX Workshop on Hot Topics in Security (HotSec) , August 2011
http://prisms.cs.umass.edu/brian/pubs/Walls.hotsec.2011.pdf
Bibtex
Author : Robert J. Walls, Brian Neil Levine, Marc Liberatore, Clay Shields
Title : {Effective Digital Forensics Research is Investigator-Centric}
In : Proc.\ USENIX Workshop on Hot Topics in Security (HotSec) -
Address :
Date : August 2011

Many technical mechanisms across computer security for attribution, identification, and classification are neither sufficient nor necessary for forensically valid digital investigations; yet they are often claimed as useful or necessary. Similarly, when forensic research is evaluated using the viewpoints held by computer security venues, the challenges, constraints, and usefulness of the work is often misjudged. In this paper, we point out many key aspects of digital forensics with the goal of ensuring that research seeking to advance the discipline will have the highest possible adoption rate by practitioners. We enumerate general legal and practical constraints placed on forensic investigators that set the field apart. We point out the assumptions, often limited or incorrect, made about forensics in past work, and discuss how these assumptions limit the impact of contributions.

(See also Past Selected Articles)

Featured Article

Forensic Linux Live CD issues
Forensic Linux Live CD distributions are widely used during computer forensic investigations. Currently, many vendors of such Live CD distributions state that their Linux do not modify the contents of hard drives or employ "write protection." Testing indicates that this may not always be the case. Read More...


Topics



You can help! We have a list of articles that need to be expanded. If you know anything about any of these topics, please feel free to chip in.