Difference between revisions of "Main Page"

From ForensicsWiki
Jump to: navigation, search
m
m
 
(7 intermediate revisions by 2 users not shown)
Line 7: Line 7:
  
 
==WIKI NEWS==
 
==WIKI NEWS==
 +
2014-06-14: The Wiki has been migrated to the most up-to-date MediaWiki and moved from HostGator to Pair. The previous bugs with the AccountCreation problem should be fixed. Please let us know if there are any problems.
 +
* 2014-06-16 - It seems that the transfer and upgrade has resulted in some content being lost. The content appears to be on the old site and we may need some help in migrating it. Please see [[Content Lost in Migration]] for a list of the lost content.
 +
 
2013-05-15: You can now subscribe to Forensics Wiki Recent Changes with the [[ForensicsWiki FeedBurner Feed]]
 
2013-05-15: You can now subscribe to Forensics Wiki Recent Changes with the [[ForensicsWiki FeedBurner Feed]]
  
Line 16: Line 19:
 
<h2 style="margin:0; background-color:#ffff33; font-size:120%; font-weight:bold; border:1px solid #afa3bf; text-align:left; color:#000; padding-left:0.4em; padding-top:0.2em; padding-bottom:0.2em;"> Featured Forensic Research </h2>
 
<h2 style="margin:0; background-color:#ffff33; font-size:120%; font-weight:bold; border:1px solid #afa3bf; text-align:left; color:#000; padding-left:0.4em; padding-top:0.2em; padding-bottom:0.2em;"> Featured Forensic Research </h2>
  
<small>June 2013</small>
+
<small>May 2014</small>
 
<bibtex>
 
<bibtex>
@INPROCEEDINGS{6503202,  
+
@inproceedings{Hurley:2013:MAC:2488388.2488444,
author={Gessiou, E. and Volanis, S. and Athanasopoulos, E. and Markatos, E.P. and Ioannidis, S.},
+
author = {Sven Ka ̈lber, Andreas Dewald, Steffen Idler},
booktitle={Global Communications Conference (GLOBECOM), 2012 IEEE},  
+
title = {Forensic Zero-Knowledge Event Reconstruction on Filesystem Metadata},
title={Digging up social structures from documents on the web},  
+
booktitle = {Lecture Notes in Informatics},
year={2012},  
+
volume="P-228",
pages={744-750},  
+
year=2014,
abstract={We collected more than ten million Microsoft Office documents from public websites, analyzed the metadata stored in each document and extracted information related to social activities. Our analysis revealed the existence of exactly identified cliques of users that edit, revise and collaborate on industrial and military content. We also examined cliques in documents downloaded from Fortune-500 company websites. We constructed their graphs and measured their properties. The graphs contained many connected components and presented social properties. The a priori knowledge of a company's social graph may significantly assist an adversary to launch targeted attacks, such as targeted advertisements and phishing emails. Our study demonstrates the privacy risks associated with metadata by cross-correlating all members identified in a clique with users of Twitter. We show that it is possible to match authors collaborating in the creation of a document with Twitter accounts. To the best of our knowledge, this study is the first to identify individuals and create social cliques solely based on information derived from document metadata. Our study raises major concerns about the risks involved in privacy leakage due to document metadata.},  
+
url = {http://subs.emis.de/LNI/Proceedings/Proceedings228/331.pdf},
keywords={data privacy;document handling;graph theory;meta data;social networking (online);Fortune-500 company Websites;Microsoft Office documents;Twitter accounts;company social graph;document metadata;information extraction;metadata analysis;phishing emails;privacy leakage;privacy risks;public Websites;social activities;social cliques;social properties;social structures;targeted advertisements},
+
}  
doi={10.1109/GLOCOM.2012.6503202},  
+
ISSN={1930-529X},}
+
 
</bibtex>
 
</bibtex>
We collected more than ten million Microsoft Office documents from public websites, analyzed the metadata stored in each document and extracted information related to social activities. Our analysis revealed the existence of exactly identified cliques of users that edit, revise and collaborate on industrial and military content. We also examined cliques in documents downloaded from Fortune-500 company websites. We constructed their graphs and measured their properties. The graphs contained many connected components and presented social properties. The a priori knowledge of a company's social graph may significantly assist an adversary to launch targeted attacks, such as targeted advertisements and phishing emails. Our study demonstrates the privacy risks associated with metadata by cross-correlating all members identified in a clique with users of Twitter. We show that it is possible to match authors collaborating in the creation of a document with Twitter accounts. To the best of our knowledge, this study is the first to identify individuals and create social cliques solely based on information derived from document metadata. Our study raises major concerns about the risks involved in privacy leakage due to document metadata.
+
 
http://cis.poly.edu/~gessiou/reports/metadata.pdf
+
Abstract: Criminal investigations today can hardly be imagined without the forensic analysis of digital devices, regardless of whether it is a desktop computer, a mobile phone, or a navigation system. This not only holds true for cases of cybercrime, but also for traditional delicts such as murder or blackmail, and also private corporate investigations rely on digital forensics. This leads to an increasing number of cases with an ever-growing amount of data, that exceeds the capacity of the forensic experts. To support investigators to work more efficiently, we introduce a novel approach to automatically reconstruct events that previously occurred on the examined system and to provide a quick overview to the investigator as a starting point for further investigation. In contrast to the few existing approaches, our solution does not rely on any previously profiled system behavior or knowledge about specific applications, log files, or file formats. We further present a prototype implementation of our so-called zero knowledge event reconstruction approach, that solely tries to make sense of characteristic structures in file system metadata such as file- and folder-names and timestamps.
  
 
(See also [[Past Selected Articles]])
 
(See also [[Past Selected Articles]])

Latest revision as of 04:51, 16 June 2014

This is the Forensics Wiki, a Creative Commons-licensed wiki devoted to information about digital forensics (also known as computer forensics). We currently list a total of 706 pages.

Much of computer forensics is focused on the tools and techniques used by investigators, but there are also a number of important papers, people, and organizations involved. Many of those organizations sponsor conferences throughout the year and around the world. You may also wish to examine the popular journals and some special reports.


WIKI NEWS

2014-06-14: The Wiki has been migrated to the most up-to-date MediaWiki and moved from HostGator to Pair. The previous bugs with the AccountCreation problem should be fixed. Please let us know if there are any problems.

  • 2014-06-16 - It seems that the transfer and upgrade has resulted in some content being lost. The content appears to be on the old site and we may need some help in migrating it. Please see Content Lost in Migration for a list of the lost content.

2013-05-15: You can now subscribe to Forensics Wiki Recent Changes with the ForensicsWiki FeedBurner Feed

Featured Forensic Research

May 2014

Sven Ka ̈lber, Andreas Dewald, Steffen Idler - Forensic Zero-Knowledge Event Reconstruction on Filesystem Metadata
Lecture Notes in Informatics P-228,2014
http://subs.emis.de/LNI/Proceedings/Proceedings228/331.pdf
Bibtex
Author : Sven Ka ̈lber, Andreas Dewald, Steffen Idler
Title : Forensic Zero-Knowledge Event Reconstruction on Filesystem Metadata
In : Lecture Notes in Informatics -
Address :
Date : 2014

Abstract: Criminal investigations today can hardly be imagined without the forensic analysis of digital devices, regardless of whether it is a desktop computer, a mobile phone, or a navigation system. This not only holds true for cases of cybercrime, but also for traditional delicts such as murder or blackmail, and also private corporate investigations rely on digital forensics. This leads to an increasing number of cases with an ever-growing amount of data, that exceeds the capacity of the forensic experts. To support investigators to work more efficiently, we introduce a novel approach to automatically reconstruct events that previously occurred on the examined system and to provide a quick overview to the investigator as a starting point for further investigation. In contrast to the few existing approaches, our solution does not rely on any previously profiled system behavior or knowledge about specific applications, log files, or file formats. We further present a prototype implementation of our so-called zero knowledge event reconstruction approach, that solely tries to make sense of characteristic structures in file system metadata such as file- and folder-names and timestamps.

(See also Past Selected Articles)

Featured Article

Forensic Linux Live CD issues
Forensic Linux Live CD distributions are widely used during computer forensic investigations. Currently, many vendors of such Live CD distributions state that their Linux do not modify the contents of hard drives or employ "write protection." Testing indicates that this may not always be the case. Read More...


Topics



You can help! We have a list of articles that need to be expanded. If you know anything about any of these topics, please feel free to chip in.